- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2848ff28d180bd63a95da8e5dcbcdd76c1beeb7b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090809-plaything-sash-1d57@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2848ff28d180 ("x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported") c33f0a81a2cf ("x86/fpu: Add fpu_state_config::legacy_features") d72c87018d00 ("x86/fpu/xstate: Move remaining xfeature helpers to core") eda32f4f93b4 ("x86/fpu: Rework restore_regs_from_fpstate()") daddee247319 ("x86/fpu: Mop up xfeatures_mask_uabi()") 1c253ff2287f ("x86/fpu: Move xstate feature masks to fpu_*_cfg") 2bd264bce238 ("x86/fpu: Move xstate size to fpu_*_cfg") cd9ae7617449 ("x86/fpu/xstate: Cleanup size calculations") 617473acdfe4 ("x86/fpu: Cleanup fpu__init_system_xstate_size_legacy()") 578971f4e228 ("x86/fpu: Provide struct fpu_config") 5509cc78080d ("x86/fpu/signal: Use fpstate for size and features") ad6ede407aae ("x86/fpu: Use fpstate in fpu_copy_kvm_uabi_to_fpstate()") be31dfdfd75b ("x86/fpu: Use fpstate::size") 248452ce21ae ("x86/fpu: Add size and mask information to fpstate") 2dd8eedc80b1 ("x86/process: Move arch_thread_struct_whitelist() out of line") c20942ce5128 ("x86/fpu/core: Convert to fpstate") 7e049e8b7459 ("x86/fpu/signal: Convert to fpstate") 087df48c298c ("x86/fpu: Replace KVMs xstate component clearing") 18b3fa1ad15f ("x86/fpu: Convert restore_fpregs_from_fpstate() to struct fpstate") f83ac56acdad ("x86/fpu: Convert fpstate_init() to struct fpstate") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2848ff28d180bd63a95da8e5dcbcdd76c1beeb7b Mon Sep 17 00:00:00 2001 From: Mitchell Levy <levymitchell0(a)gmail.com> Date: Mon, 12 Aug 2024 13:44:12 -0700 Subject: [PATCH] x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported There are two distinct CPU features related to the use of XSAVES and LBR: whether LBR is itself supported and whether XSAVES supports LBR. The LBR subsystem correctly checks both in intel_pmu_arch_lbr_init(), but the XSTATE subsystem does not. The LBR bit is only removed from xfeatures_mask_independent when LBR is not supported by the CPU, but there is no validation of XSTATE support. If XSAVES does not support LBR the write to IA32_XSS causes a #GP fault, leaving the state of IA32_XSS unchanged, i.e. zero. The fault is handled with a warning and the boot continues. Consequently the next XRSTORS which tries to restore supervisor state fails with #GP because the RFBM has zero for all supervisor features, which does not match the XCOMP_BV field. As XFEATURE_MASK_FPSTATE includes supervisor features setting up the FPU causes a #GP, which ends up in fpu_reset_from_exception_fixup(). That fails due to the same problem resulting in recursive #GPs until the kernel runs out of stack space and double faults. Prevent this by storing the supported independent features in fpu_kernel_cfg during XSTATE initialization and use that cached value for retrieving the independent feature bits to be written into IA32_XSS. [ tglx: Massaged change log ] Fixes: f0dccc9da4c0 ("x86/fpu/xstate: Support dynamic supervisor feature for LBR") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Mitchell Levy <levymitchell0(a)gmail.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240812-xsave-lbr-fix-v3-1-95bac1bf62f4@gmail.… diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h index eb17f31b06d2..de16862bf230 100644 --- a/arch/x86/include/asm/fpu/types.h +++ b/arch/x86/include/asm/fpu/types.h @@ -591,6 +591,13 @@ struct fpu_state_config { * even without XSAVE support, i.e. legacy features FP + SSE */ u64 legacy_features; + /* + * @independent_features: + * + * Features that are supported by XSAVES, but not managed as part of + * the FPU core, such as LBR + */ + u64 independent_features; }; /* FPU state configuration information */ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c5a026fee5e0..1339f8328db5 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -788,6 +788,9 @@ void __init fpu__init_system_xstate(unsigned int legacy_size) goto out_disable; } + fpu_kernel_cfg.independent_features = fpu_kernel_cfg.max_features & + XFEATURE_MASK_INDEPENDENT; + /* * Clear XSAVE features that are disabled in the normal CPUID. */ diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 2ee0b9c53dcc..afb404cd2059 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -62,9 +62,9 @@ static inline u64 xfeatures_mask_supervisor(void) static inline u64 xfeatures_mask_independent(void) { if (!cpu_feature_enabled(X86_FEATURE_ARCH_LBR)) - return XFEATURE_MASK_INDEPENDENT & ~XFEATURE_MASK_LBR; + return fpu_kernel_cfg.independent_features & ~XFEATURE_MASK_LBR; - return XFEATURE_MASK_INDEPENDENT; + return fpu_kernel_cfg.independent_features; } /* XSAVE/XRSTOR wrapper functions */

1 week, 2 days

3
2
0 0

[PATCH 6.6 000/386] 6.6.55-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.55 release. There are 386 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Oct 2024 11:55:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.55-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.55-rc1 Zhihao Cheng <chengzhihao1(a)huawei.com> Revert "ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path" Damien Le Moal <dlemoal(a)kernel.org> null_blk: Fix return value of nullb_device_power_store() Alex Hung <alex.hung(a)amd.com> drm/amd/display: enable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Namhyung Kim <namhyung(a)kernel.org> perf report: Fix segfault when 'sym' sort key is not used Gabe Teeger <Gabe.Teeger(a)amd.com> drm/amd/display: Revert Avoid overflow assignment Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx* - Select CRYPTO_AUTHENC Haoran Zhang <wh1sper(a)zju.edu.cn> vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() David Howells <dhowells(a)redhat.com> rxrpc: Fix a race between socket set up and I/O thread creation Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: move the EST lock to struct stmmac_priv Yu Kuai <yukuai3(a)huawei.com> null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> null_blk: Remove usage of the deprecated ida_simple_xx() API Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Fix password opcode ordering for workstations Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Mads Bligaard Nielsen <bli(a)bang-olufsen.dk> drm/bridge: adv7511: fix crash on irq during probe Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Fix protection fault in iommufd_test_syz_conv_iova Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: restore set elements when delete set fails Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix memleak in map from abort path Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path Jonathan Gray <jsg(a)jsg.id.au> Revert "drm/amd/display: Skip Recompute DSC Params if no Stream on Link" Val Packett <val(a)packett.cool> drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 Josef Bacik <josef(a)toxicpanda.com> btrfs: drop the backref cache during relocation if we commit David Sterba <dsterba(a)suse.com> btrfs: relocation: constify parameters where possible David Sterba <dsterba(a)suse.com> btrfs: relocation: return bool from btrfs_should_ignore_reloc_root Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Fix possible crash when unregistering a battery hook Armin Wolf <W_Armin(a)gmx.de> ACPI: battery: Simplify battery hook locking Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Add GPLL9 support Heiner Kallweit <hkallweit1(a)gmail.com> r8169: add tally counter fields added with RTL8125 Colin Ian King <colin.i.king(a)gmail.com> r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix waiting time for BMP3xx configuration Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Fix regmap for BMP280 device Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Use BME prefix for BME280 specifics Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: bmp280: Improve indentation and line wrapping Angel Iglesias <ang.iglesiasg(a)gmail.com> iio: pressure: bmp280: Allow multiple chips id per family of devices Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x Manivannan Sadhasivam <mani(a)kernel.org> dt-bindings: clock: qcom: Add missing UFS QREF clocks Udit Kumar <u-kumar1(a)ti.com> remoteproc: k3-r5: Delay notification of wakeup event Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Acquire mailbox handle during probe routine Umang Jain <umang.jain(a)ideasonboard.com> media: imx335: Fix reset-gpio handling Kieran Bingham <kieran.bingham(a)ideasonboard.com> media: i2c: imx335: Enable regulator supplies Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page table index based on hardware page size Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Add support for page sizes other than 4KB on ARM64 Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Enable MANA driver on ARM64 with 4K page size Johannes Weiner <hannes(a)cmpxchg.org> sched: psi: fix bogus pressure spikes from aggregation race Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: harden build ID parsing logic Alexey Dobriyan <adobriyan(a)gmail.com> build-id: require program headers to be right after ELF header Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` Yosry Ahmed <yosryahmed(a)google.com> mm: z3fold: deprecate CONFIG_Z3FOLD Oleg Nesterov <oleg(a)redhat.com> uprobes: fix kernel info leak via "[uprobes]" vma Jens Axboe <axboe(a)kernel.dk> io_uring/net: harden multishot termination case for recv Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround once more Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-N3 definitions Ard Biesheuvel <ardb(a)kernel.org> i2c: synquacer: Deal with optional PCLK correctly Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: synquacer: Remove a clk reference from struct synquacer_i2c Heiner Kallweit <hkallweit1(a)gmail.com> i2c: core: Lock address during client device instantiation Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: create debugfs entry per adapter Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Create a platform_device from module_init() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: fix buffer overflow in debug links Uwe Kleine-König <ukleinek(a)debian.org> cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix system hang while resume with TBT monitor Alex Hung <alex.hung(a)amd.com> drm/amd/display: Add HDR workaround for specific eDP Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/sched: Add locking to drm_sched_entity_modify_sched Jani Nikula <jani.nikula(a)intel.com> drm/i915/gem: fix bitwise and logical AND mixup Al Viro <viro(a)zeniv.linux.org.uk> close_range(): fix the logics in descriptor table trimming Eder Zulian <ezulian(a)redhat.com> rtla: Fix the help text in osnoise and timerlat top tools Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline Wei Li <liwei391(a)huawei.com> tracing/timerlat: Fix a race during cpuhp processing Wei Li <liwei391(a)huawei.com> tracing/timerlat: Drop interface_lock in stop_kthread() Wei Li <liwei391(a)huawei.com> tracing/hwlat: Fix a race during cpuhp processing Patrick Donnelly <pdonnell(a)redhat.com> ceph: fix cap ref leak via netfs init_request Jiawei Ye <jiawei.ye(a)foxmail.com> mac802154: Fix potential RCU dereference issue in mac802154_scan_worker Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE Jiawen Wu <jiawenwu(a)trustnetic.com> net: pcs: xpcs: fix the wrong register that was written back Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: davinci: fix lazy disable Miquel Sabaté Solà <mikisabate(a)gmail.com> cpufreq: Avoid a bad reference count on CPU node Filipe Manana <fdmanana(a)suse.com> btrfs: wait for fixup workers before stopping cleaner kthread during umount Filipe Manana <fdmanana(a)suse.com> btrfs: send: fix invalid clone operation for file that got its size decreased Qu Wenruo <wqu(a)suse.com> btrfs: fix a NULL pointer dereference when failed to start a new trasacntion Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] Baokun Li <libaokun1(a)huawei.com> cachefiles: fix dentry leak in cachefiles_open_file() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix adp5589_gpio_get_value() Nuno Sa <nuno.sa(a)analog.com> Input: adp5589-keys - fix NULL pointer dereference Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> rtc: at91sam9: fix OF node leak in probe() error path KhaiWenTan <khai.wen.tan(a)linux.intel.com> net: stmmac: Fix zero-division error when disabling tc cbs Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> tomoyo: fallback to realpath if symlink's pathname does not exist Willem de Bruijn <willemb(a)google.com> gso: fix udp gso fraglist segmentation after pull from frag_list Willem de Bruijn <willemb(a)google.com> vrf: revert "vrf: Remove unnecessary RCU-bh critical section" Barnabás Czémán <barnabas.czeman(a)mainlining.org> iio: magnetometer: ak8975: Fix reading for ak099xx sensors Steve French <stfrench(a)microsoft.com> smb3: fix incorrect mode displayed for read-only files wangrong <wangrong(a)uniontech.com> smb: client: use actual path when queryfs Ajit Pandey <quic_ajipan(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Fix ordering of pm_runtime_enable Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Remove use_count guard in stop_streaming Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable() Zheng Wang <zyytlz.wz(a)163.com> media: venus: fix use after free bug in venus_remove due to race condition Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src David Virag <virag.david003(a)gmail.com> clk: samsung: exynos7885: Update CLKS_NR_FSYS after bindings fix Mike Tipton <quic_mdtipton(a)quicinc.com> clk: qcom: clk-rpmh: Fix overflow in BCM vote Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags Manivannan Sadhasivam <mani(a)kernel.org> clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: sun4i_csi: Implement link validate for sun4i_csi subdev Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks Jan Kiszka <jan.kiszka(a)siemens.com> remoteproc: k3-r5: Fix error handling when power-up failed Sebastian Reichel <sebastian.reichel(a)collabora.com> clk: rockchip: fix error for unknown clocks Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: ov5675: Fix power on/off delay timings Chun-Yi Lee <joeyli.kernel(a)gmail.com> aoe: fix the potential use-after-free problem in more places Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix kernel stack size when KASAN is enabled Long Li <longli(a)microsoft.com> RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page Kaixin Wang <kxwang23(a)m.fudan.edu.cn> i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix NFSv4's PUTPUBFH operation Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: map the EBADMSG to nfserr_io to avoid warning NeilBrown <neilb(a)suse.de> nfsd: fix delegation_blocked() to block correctly for at least 30 seconds Matt Fleming <matt(a)readmodwrite.com> perf hist: Update hist symbol when updating maps Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Disable -Wno-cast-function-type-mismatch if present on clang Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix memory leak in exfat_load_bitmap() Jisheng Zhang <jszhang(a)kernel.org> riscv: define ILLEGAL_POINTER_VALUE for 64bit Easwar Hariharan <eahariha(a)linux.microsoft.com> arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 Mark Rutland <mark.rutland(a)arm.com> arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate Julian Sun <sunjunchao2870(a)gmail.com> ocfs2: fix null-ptr-deref when journal load failed. Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: remove unreasonable unlock in ocfs2_read_blocks Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: cancel dqi_sync_work before freeing oinfo Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> ocfs2: reserve space for inline xattr before attaching reflink tree Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: fix uninit-value in ocfs2_get_block() Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the la space leak when unmounting an ocfs2 volume Danilo Krummrich <dakr(a)kernel.org> mm: krealloc: consider spare memory for __GFP_ZERO Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit Baokun Li <libaokun1(a)huawei.com> jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error Huang Ying <ying.huang(a)intel.com> resource: fix region_intersects() vs add_memory_driver_managed() Ma Ke <make24(a)iscas.ac.cn> drm: omapdrm: Add missing check for alloc_ordered_workqueue Andrew Jones <ajones(a)ventanamicro.com> of/irq: Support #msi-cells=<0> in of_msi_get_domain Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> of: address: Report error on resource bounds overflow Val Packett <val(a)packett.cool> drm/rockchip: vop: clear DMA stop bit on RK3066 Helge Deller <deller(a)gmx.de> parisc: Fix stack start for ADDR_NO_RANDOMIZE personality Helge Deller <deller(a)kernel.org> parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards Helge Deller <deller(a)kernel.org> parisc: Fix 64-bit userspace syscall path Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: mark fc as ineligible using an handle in ext4_xattr_set() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: use handle to mark fc as ineligible in __track_dentry_update() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix fast commit inode enqueueing during a full journal commit Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() Baokun Li <libaokun1(a)huawei.com> ext4: update orig_path in ext4_find_extent() Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Baokun Li <libaokun1(a)huawei.com> ext4: fix double brelse() the buffer of the extents path Baokun Li <libaokun1(a)huawei.com> ext4: aovid use-after-free in ext4_ext_insert_extent() Baokun Li <libaokun1(a)huawei.com> ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() Zhihao Cheng <chengzhihao1(a)huawei.com> ext4: dax: fix overflowing extents beyond inode size when partially writing Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() Baokun Li <libaokun1(a)huawei.com> ext4: propagate errors from ext4_find_extent() in ext4_insert_range() Baokun Li <libaokun1(a)huawei.com> ext4: fix slab-use-after-free in ext4_split_extent_at() yao.ly <yao.ly(a)linux.alibaba.com> ext4: correct encrypted dentry name hash when not casefolded Edward Adam Davis <eadavis(a)qq.com> ext4: no need to continue when the number of entries is 1 Abhishek Tamboli <abhishektamboli9(a)gmail.com> ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 Ai Chao <aichao(a)kylinos.cn> ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 Hans P. Moller <hmoller(a)uc.cl> ALSA: line6: add hw monitor volume control to POD HD500X Jan Lalinsky <lalinsky(a)c4.cz> ALSA: usb-audio: Add native DSD support for Luxman D-08u Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET Jaroslav Kysela <perex(a)perex.cz> ALSA: core: add isascii() check to card ID generator Baojun Xu <baojun.xu(a)ti.com> ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop Thomas Zimmermann <tzimmermann(a)suse.de> drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS Javier Carrasco <javier.carrasco.cruz(a)gmail.com> drm/mediatek: ovl_adaptor: Add missing of_node_put() Helge Deller <deller(a)gmx.de> parisc: Fix itlb miss handler for 64-bit programs Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix small negative period being ignored Hans de Goede <hdegoede(a)redhat.com> power: supply: hwmon: Fix missing temp1_max_alarm attribute Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcm63xx: Fix module autoloading David Virag <virag.david003(a)gmail.com> dt-bindings: clock: exynos7885: Fix duplicated binding Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> memory: tegra186-emc: drop unused to_tegra186_emc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() Mike Baynton <mike(a)mbaynton.com> ovl: fail if trusted xattrs are needed but caller lacks permission Alice Ryhl <aliceryhl(a)google.com> rust: sync: require `T: Sync` for `LockedBy::access` Kimriver Liu <kimriver.liu(a)siengine.com> i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled Alexander Shiyan <eagle.alexander923(a)gmail.com> media: i2c: ar0521: Use cansleep version of gpiod_set_value() Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Wait for TX empty to avoid missed TX NAKs Jinjie Ruan <ruanjinjie(a)huawei.com> i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() Marek Vasut <marex(a)denx.de> i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume Zach Wade <zachwade.k(a)gmail.com> platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Takashi Iwai <tiwai(a)suse.de> Revert "ALSA: hda: Conditionally use snooping for AMD HDMI" Heiko Carstens <hca(a)linux.ibm.com> selftests: vDSO: fix vdso_config for s390 Jens Remus <jremus(a)linux.ibm.com> selftests: vDSO: fix ELF hash table entry size for s390x Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Fix VDSO data access when running in a non-root time namespace David Hildenbrand <david(a)redhat.com> selftests/mm: fix charge_reserved_hugetlb.sh test Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO symbols lookup for powerpc64 Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vdso_config for powerpc Christophe Leroy <christophe.leroy(a)csgroup.eu> selftests: vDSO: fix vDSO name for powerpc Namhyung Kim <namhyung(a)kernel.org> perf: Really fix event_function_call() locking Ian Rogers <irogers(a)google.com> perf callchain: Fix stitch LBR memory leaks Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add missing MODULE_DEVICE_TABLE Alexander F. Lent <lx(a)xanderlent.com> accel/ivpu: Add missing MODULE_FIRMWARE metadata Yifei Liu <yifei.l.liu(a)oracle.com> selftests: breakpoints: use remaining time to check if suspend succeed Ben Dooks <ben.dooks(a)codethink.co.uk> spi: s3c64xx: fix timeout counters in flush_fifo Yun Lu <luyun(a)kylinos.cn> selftest: hid: add missing run-hid-tools-tests.sh Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix missing spi_controller_is_target() check Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-cadence: Fix pm_runtime_set_suspended() with runtime pm enabled Li Zetao <lizetao1(a)huawei.com> spi: spi-cadence: Use helper function devm_clk_get_enabled() Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior in qsort(NULL, 0, ...) Christoph Hellwig <hch(a)lst.de> iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release Kuan-Wei Chiu <visitorckw(a)gmail.com> bpftool: Fix undefined behavior caused by shifting into the sign bit Artem Sadovnikov <ancowi69(a)gmail.com> ext4: fix i_data_sem unlock order in ext4_ind_migrate() Baokun Li <libaokun1(a)huawei.com> ext4: avoid use-after-free in ext4_ext_show_leaf() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: ext4_search_dir should return a proper error Juntong Deng <juntong.deng(a)outlook.com> bpf: Make the pointer returned by iter next method valid Jan Kara <jack(a)suse.cz> ext4: don't set SB_RDONLY after filesystem errors Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add refcnt to ksmbd_conn struct Gergo Koteles <soyer(a)irl.hu> platform/x86: lenovo-ymc: Ignore the 0x0 state Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: use rlc safe mode for soft recovery Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: use rlc safe mode for soft recovery Haren Myneni <haren(a)linux.ibm.com> powerpc/pseries: Use correct data types from pseries_hp_errorlog struct Geert Uytterhoeven <geert+renesas(a)glider.be> of/irq: Refer to actual buffer size in of_irq_parse_one() Tim Huang <tim.huang(a)amd.com> drm/amd/pm: ensure the fw_info is not null before using it Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: use rlc safe mode for soft recovery Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Block MMR_READ IOCTL in reset Geert Uytterhoeven <geert+renesas(a)glider.be> drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers Peter Zijlstra <peterz(a)infradead.org> perf: Fix event_function_call() locking Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix unchecked return value warning for amdgpu_gfx Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update PRLO handling in direct attached topology Kees Cook <kees(a)kernel.org> scsi: aacraid: Rearrange order of struct aac_srb_unit Andrii Nakryiko <andrii(a)kernel.org> perf,x86: avoid missing caller address in stack traces captured in uprobe Matthew Brost <matthew.brost(a)intel.com> drm/printer: Allow NULL data in devcoredump printer Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize get_bytes_per_element's default to 1 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Avoid overflow assignment in link_dp_cts Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 color transformation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in degamma hardware format translation Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_res->hpo_dp_link_enc before using it Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check stream before comparing them Yannick Fertre <yannick.fertre(a)foss.st.com> drm/stm: ltdc: reset plane transparency after plane disable Ckath <ckath(a)yandex.ru> platform/x86: touchscreen_dmi: add nanote-next quirk Vishnu Sankar <vishnuocv(a)gmail.com> HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio Jesse Zhang <jesse.zhang(a)amd.com> drm/amdkfd: Fix resource leak in criu restore queue Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: enable gfxoff quirk on HP 705G4 Peng Liu <liupeng01(a)kylinos.cn> drm/amdgpu: add raven1 gfxoff quirk Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> jfs: Fix uninit-value access of new_ea in ea_buffer Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs Mahesh Rajashekhara <mahesh.rajashekhara(a)microchip.com> scsi: smartpqi: correct stream detection Edward Adam Davis <eadavis(a)qq.com> jfs: check if leafidx greater than num leaves per dmap tree Edward Adam Davis <eadavis(a)qq.com> jfs: Fix uaf in dbFreeBits Remington Brasga <rbrasga(a)uci.edu> jfs: UBSAN: shift-out-of-bounds in dbFindBits Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check null pointers before using dc->clk_mgr Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' Hans de Goede <hdegoede(a)redhat.com> HID: Ignore battery for all ELAN I2C-HID devices Damien Le Moal <dlemoal(a)kernel.org> ata: sata_sil: Rename sil_blacklist to sil_quirks Damien Le Moal <dlemoal(a)kernel.org> ata: pata_serverworks: Do not use the term blacklist Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit Katya Orlova <e.orlova(a)ispras.ru> drm/stm: Avoid use-after-free issues with crtc and plane Michal Koutný <mkoutny(a)suse.com> cgroup: Disallow mounting v1 hierarchies without controller implementation Sanjay K Kumar <sanjay.k.kumar(a)intel.com> iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Always reserve a domain ID for identity setup Andrew Davis <afd(a)ti.com> power: reset: brcmstb: Do not go into infinite loop if reset fails Paul E. McKenney <paulmck(a)kernel.org> rcuscale: Provide clear error when async specified without primitives Kaixin Wang <kxwang23(a)m.fudan.edu.cn> fbdev: pxafb: Fix possible use after free in pxafb_task() Thomas Weißschuh <linux(a)weissschuh.net> fbdev: efifb: Register sysfs groups through driver core Denis Pauk <pauk.denis(a)gmail.com> hwmon: (nct6775) add G15CF to ASUS WMI monitoring list Kees Cook <kees(a)kernel.org> x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() Thomas Weißschuh <linux(a)weissschuh.net> selftests/nolibc: avoid passing NULL to printf("%s") Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: powerpc: limit stack-protector workaround to GCC Takashi Iwai <tiwai(a)suse.de> ALSA: hdsp: Break infinite MIDI input flush loop Takashi Iwai <tiwai(a)suse.de> ALSA: asihpi: Fix potential OOB array access Tao Liu <ltao(a)redhat.com> x86/kexec: Add EFI config table identity mapping for kexec kernel Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Restore altstack access in sigreturn() Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com> x86/pkeys: Add PKRU as a parameter in signal handling functions Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Protect against faulty "max subleaf" values Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Handle reading version failure Joshua Pius <joshuapius(a)chromium.org> ALSA: usb-audio: Add logitech Audio profile quirk Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Replace complex quirk lines with macros Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Define macros for quirk table entries Karol Kosik <k.kosik(a)outlook.com> ALSA: usb-audio: Support multiple control interfaces Thomas Gleixner <tglx(a)linutronix.de> x86/ioapic: Handle allocation failures gracefully Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add input value sanity checks for standard types Jinjie Ruan <ruanjinjie(a)huawei.com> nfp: Use IRQF_NO_AUTOEN flag in request_irq() Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation Stefan Mätje <stefan.maetje(a)esd.eu> can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode James Clark <james.clark(a)linaro.org> drivers/perf: arm_spe: Use perf_allow_kernel() for permissions Adrian Ratiu <adrian.ratiu(a)collabora.com> proc: add config & param to block forcing mem writes Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> ACPICA: iasl: handle empty connection_node Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix RCU list iterations Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use correct key iteration Jason Xing <kernelxing(a)tencent.com> tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process Breno Leitao <leitao(a)debian.org> netpoll: Ensure clean state on setup failures Herbert Xu <herbert(a)gondor.apana.org.au> crypto: simd - Do not call crypto_alloc_tfm during registration Simon Horman <horms(a)kernel.org> net: atlantic: Avoid warning about potential string truncation Ido Schimmel <idosch(a)nvidia.com> ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct base HT rate mask for firmware Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). Simon Horman <horms(a)kernel.org> bnxt_en: Extend maximum length of version string by 1 byte Simon Horman <horms(a)kernel.org> net: mvpp2: Increase size of queue_name buffer Simon Horman <horms(a)kernel.org> tipc: guard against string buffer overrun Pei Xiao <xiaopei01(a)kylinos.cn> ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: EC: Do not release locks during operation region accesses Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw88: select WANT_DEV_COREDUMP Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath11k: fix array out-of-bound access in SoC stats Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix array out-of-bound access in SoC stats Konstantin Ovsepian <ovs(a)ovs.to> blk_iocost: fix more out of bound shifts Mario Limonciello <mario.limonciello(a)amd.com> ACPI: CPPC: Add support for setting EPP register in FFH Hans de Goede <hdegoede(a)redhat.com> ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btrtl: Set msft ext address filter quirk for RTL8852B Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 Dmitry Antipov <dmantipov(a)yandex.ru> net: sched: consistently use rcu_replace_pointer() in taprio_change() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: avoid failing the system during pm_suspend Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_field() fails Armin Wolf <W_Armin(a)gmx.de> ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_mdio: fix OF node leak in probe() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> net: hisilicon: hip04: fix OF node leak in probe() Jeongjun Park <aha310510(a)gmail.com> net/xen-netback: prevent UAF in xenvif_flush_hash() Issam Hamdi <ih(a)simonwunderlich.de> wifi: cfg80211: Set correct chandef when starting CAC Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: drop wrong STA selection in TX Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix a race in scan abort flow Aleksandr Mishin <amishin(a)t-argos.ru> ice: Adjust over allocation of memory in ice_sched_add_root_node() and ice_sched_add_node() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx2 - Fix authenc setkey Herbert Xu <herbert(a)gondor.apana.org.au> crypto: octeontx - Fix authenc setkey Fangrui Song <maskray(a)google.com> crypto: x86/sha256 - Add parentheses around macros' single arguments Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to add interface to list twice when SER Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: gus: Fix some error handling paths related to get_bpos() usage Pali Rohár <pali(a)kernel.org> cifs: Do not convert delimiter when parsing NFS-style symlinks Pali Rohár <pali(a)kernel.org> cifs: Fix buffer overflow when parsing NFS reparse points Hui Wang <hui.wang(a)canonical.com> ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs Pali Rohár <pali(a)kernel.org> cifs: Remove intermediate object of failed create reparse call Oder Chiou <oder_chiou(a)realtek.com> ALSA: hda/realtek: Fix the push button function for the ALC257 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ALSA: mixer_oss: Remove some incorrect kfree_const() usages Andrei Simion <andrei.simion(a)microchip.com> ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not validating setsockopt user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix not validating setsockopt user input Benjamin Gaignard <benjamin.gaignard(a)collabora.com> media: usbtv: Remove useless locks in usbtv_video_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sock: Fix not validating setsockopt user input Christoph Hellwig <hch(a)lst.de> loop: don't set QUEUE_FLAG_NOMERGES Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Try re-initialization on bus busy timeout Marc Ferland <marc.ferland(a)sonatest.com> i2c: xiic: improve error message when transfer fails to start Xin Long <lucien.xin(a)gmail.com> sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start Ravikanth Tuniki <ravikanth.tuniki(a)amd.com> dt-bindings: net: xlnx,axi-ethernet: Add missing reg minItems Darrick J. Wong <djwong(a)kernel.org> iomap: constrain the file range passed to iomap_file_unshare Eric Dumazet <edumazet(a)google.com> ppp: do not assume bh is held in ppp_channel_bridge_input() Eric Dumazet <edumazet(a)google.com> net: test for not too small csum_start in virtio_net_hdr_to_skb() Anton Danilov <littlesmilingcloud(a)gmail.com> ipv4: ip_gre: Fix drops of small packets in ipgre_xmit Shenwei Wang <shenwei.wang(a)nxp.com> net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check Eric Dumazet <edumazet(a)google.com> net: add more sanity checks to qdisc_pkt_len_init() Eric Dumazet <edumazet(a)google.com> net: avoid potential underflow in qdisc_pkt_len_init() with UFO Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Reload PTP registers after link-state change Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Restart PPS after link state change Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix memory disclosure Daniel Borkmann <daniel(a)iogearbox.net> net: Fix gso_features_check to check for both dev->gso_{ipv4_,}max_size Daniel Borkmann <daniel(a)iogearbox.net> net: Add netif_get_gro_max_size helper for GRO Jinjie Ruan <ruanjinjie(a)huawei.com> Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix uaf in l2cap_connect Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible crash on mgmt_index_removed Eric Dumazet <edumazet(a)google.com> netfilter: nf_tables: prevent nf_skb_duplicated corruption Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Fix nft_audit.sh for newer nft binaries Jinjie Ruan <ruanjinjie(a)huawei.com> net: wwan: qcom_bam_dmux: Fix missing pm_runtime_disable() Jinjie Ruan <ruanjinjie(a)huawei.com> net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq() Phil Sutter <phil(a)nwl.cc> netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice Elena Salomatkina <esalomatkina(a)ispras.ru> net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() Mohamed Khalfella <mkhalfella(a)purestorage.com> net/mlx5: Added cond_resched() to crdump collection Gerd Bayer <gbayer(a)linux.ibm.com> net/mlx5: Fix error path in multi-packet WQE transmit Aakash Menon <aakash.r.menon(a)gmail.com> net: sparx5: Fix invalid timestamps Jinjie Ruan <ruanjinjie(a)huawei.com> ieee802154: Fix build error Xiubo Li <xiubli(a)redhat.com> ceph: remove the incorrect Fw reference check when dirtying pages Stefan Wahren <wahrenst(a)gmx.net> mailbox: bcm2835: Fix timeout during suspend mode Liao Chen <liaochen4(a)huawei.com> mailbox: rockchip: fix a typo in module autoloading Asad Kamal <asad.kamal(a)amd.com> drm/amdgpu: Fix get each xcp macro Daniel Wagner <dwagner(a)suse.de> scsi: pm8001: Do not overwrite PCI queue mapping Rafael Rocha <rrochavi(a)fnal.gov> scsi: st: Fix input/output error on empty drive reset Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix static_key_slow_dec() yet again Thomas Gleixner <tglx(a)linutronix.de> jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() Thomas Gleixner <tglx(a)linutronix.de> static_call: Replace pointless WARN_ON() in static_call_module_notify() Thomas Gleixner <tglx(a)linutronix.de> static_call: Handle module init failure correctly in static_call_del_module() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 10 + Documentation/arch/arm64/silicon-errata.rst | 6 + .../devicetree/bindings/net/xlnx,axi-ethernet.yaml | 3 +- Makefile | 4 +- arch/arm/crypto/aes-ce-glue.c | 2 +- arch/arm/crypto/aes-neonbs-glue.c | 2 +- arch/arm64/Kconfig | 7 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/kernel/cpu_errata.c | 3 + arch/loongarch/configs/loongson3_defconfig | 1 - arch/parisc/include/asm/mman.h | 14 + arch/parisc/kernel/entry.S | 6 +- arch/parisc/kernel/syscall.S | 14 +- arch/powerpc/configs/ppc64_defconfig | 1 - arch/powerpc/include/asm/vdso_datapage.h | 15 + arch/powerpc/kernel/asm-offsets.c | 2 + arch/powerpc/kernel/vdso/cacheflush.S | 2 +- arch/powerpc/kernel/vdso/datapage.S | 4 +- arch/powerpc/platforms/pseries/dlpar.c | 17 - arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 +- arch/powerpc/platforms/pseries/hotplug-memory.c | 16 +- arch/powerpc/platforms/pseries/pmem.c | 2 +- arch/riscv/Kconfig | 8 +- arch/riscv/include/asm/thread_info.h | 7 +- arch/x86/crypto/sha256-avx2-asm.S | 16 +- arch/x86/events/core.c | 63 + arch/x86/include/asm/fpu/signal.h | 2 +- arch/x86/include/asm/syscall.h | 7 +- arch/x86/kernel/apic/io_apic.c | 46 +- arch/x86/kernel/fpu/signal.c | 6 +- arch/x86/kernel/machine_kexec_64.c | 27 + arch/x86/kernel/signal.c | 3 +- arch/x86/kernel/signal_64.c | 6 +- block/blk-iocost.c | 8 +- crypto/simd.c | 76 +- drivers/accel/ivpu/ivpu_fw.c | 4 + drivers/acpi/acpi_pad.c | 6 +- drivers/acpi/acpica/dbconvert.c | 2 + drivers/acpi/acpica/exprep.c | 3 + drivers/acpi/acpica/psargs.c | 47 + drivers/acpi/battery.c | 28 +- drivers/acpi/cppc_acpi.c | 10 +- drivers/acpi/ec.c | 55 +- drivers/acpi/resource.c | 14 + drivers/acpi/video_detect.c | 8 + drivers/ata/pata_serverworks.c | 16 +- drivers/ata/sata_sil.c | 12 +- drivers/block/aoe/aoecmd.c | 13 +- drivers/block/loop.c | 15 +- drivers/block/null_blk/main.c | 45 +- drivers/bluetooth/btmrvl_sdio.c | 3 +- drivers/bluetooth/btrtl.c | 1 + drivers/bluetooth/btusb.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clk/qcom/clk-rpmh.c | 2 + drivers/clk/qcom/dispcc-sm8250.c | 3 + drivers/clk/qcom/gcc-sc8180x.c | 88 +- drivers/clk/qcom/gcc-sm8250.c | 6 +- drivers/clk/qcom/gcc-sm8450.c | 4 +- drivers/clk/rockchip/clk.c | 3 +- drivers/clk/samsung/clk-exynos7885.c | 2 +- drivers/cpufreq/intel_pstate.c | 20 +- drivers/crypto/marvell/Kconfig | 2 + drivers/crypto/marvell/octeontx/otx_cptvf_algs.c | 265 +-- drivers/crypto/marvell/octeontx2/otx2_cptvf_algs.c | 256 +-- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/tegra/bpmp.c | 6 - drivers/gpio/gpio-davinci.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 45 +- drivers/gpu/drm/amd/amdgpu/amdgpu_xcp.h | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 6 + drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 3 - .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 +- drivers/gpu/drm/amd/display/dc/dc_types.h | 1 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 2 + .../gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c | 4 + .../dc/dml/dcn20/display_rq_dlg_calc_20v2.c | 2 +- .../display/dc/dml/dcn21/display_rq_dlg_calc_21.c | 2 +- .../amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 + drivers/gpu/drm/amd/display/dc/link/link_factory.c | 2 +- .../drm/amd/pm/powerplay/hwmgr/processpptables.c | 2 + drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/drm_atomic_uapi.c | 2 +- drivers/gpu/drm/drm_print.c | 13 +- drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 4 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 1 + drivers/gpu/drm/msm/msm_gpu.c | 1 - drivers/gpu/drm/omapdrm/omap_drv.c | 5 + drivers/gpu/drm/radeon/r100.c | 70 +- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 + drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 2 + drivers/gpu/drm/scheduler/sched_entity.c | 2 + drivers/gpu/drm/stm/drv.c | 3 +- drivers/gpu/drm/stm/ltdc.c | 76 +- drivers/hid/hid-ids.h | 17 +- drivers/hid/hid-input.c | 37 +- drivers/hid/hid-multitouch.c | 6 + drivers/hwmon/nct6775-platform.c | 1 + drivers/i2c/busses/i2c-designware-common.c | 14 + drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 38 + drivers/i2c/busses/i2c-qcom-geni.c | 4 +- drivers/i2c/busses/i2c-stm32f7.c | 6 +- drivers/i2c/busses/i2c-synquacer.c | 12 +- drivers/i2c/busses/i2c-xiic.c | 69 +- drivers/i2c/i2c-core-base.c | 39 + drivers/i3c/master/svc-i3c-master.c | 1 + drivers/iio/magnetometer/ak8975.c | 32 +- drivers/iio/pressure/bmp280-core.c | 185 +- drivers/iio/pressure/bmp280-regmap.c | 47 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/iio/pressure/bmp280.h | 49 +- drivers/infiniband/hw/mana/main.c | 8 +- drivers/input/keyboard/adp5589-keys.c | 22 +- drivers/iommu/intel/dmar.c | 16 +- drivers/iommu/intel/iommu.c | 6 +- drivers/iommu/iommufd/selftest.c | 27 +- drivers/mailbox/bcm2835-mailbox.c | 3 +- drivers/mailbox/rockchip-mailbox.c | 2 +- drivers/media/i2c/ar0521.c | 5 +- drivers/media/i2c/imx335.c | 43 +- drivers/media/i2c/ov5675.c | 12 +- drivers/media/platform/qcom/camss/camss-video.c | 6 - drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/platform/qcom/venus/core.c | 1 + drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 + drivers/media/usb/usbtv/usbtv-video.c | 7 - drivers/memory/tegra/tegra186-emc.c | 5 - drivers/net/can/dev/netlink.c | 102 +- .../net/ethernet/aquantia/atlantic/aq_ethtool.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 2 +- drivers/net/ethernet/freescale/fec.h | 9 + drivers/net/ethernet/freescale/fec_main.c | 11 +- drivers/net/ethernet/freescale/fec_ptp.c | 50 + drivers/net/ethernet/hisilicon/hip04_eth.c | 1 + drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 1 + drivers/net/ethernet/hisilicon/hns_mdio.c | 1 + drivers/net/ethernet/intel/e1000e/netdev.c | 19 +- drivers/net/ethernet/intel/ice/ice_sched.c | 6 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/tir.c | 3 + .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 1 - .../net/ethernet/mellanox/mlx5/core/lib/pci_vsc.c | 10 + .../net/ethernet/microchip/sparx5/sparx5_packet.c | 6 +- drivers/net/ethernet/microsoft/Kconfig | 3 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 10 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 14 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 8 +- drivers/net/ethernet/microsoft/mana/shm_channel.c | 13 +- .../net/ethernet/netronome/nfp/nfp_net_common.c | 5 +- drivers/net/ethernet/realtek/r8169_main.c | 31 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 18 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 19 +- drivers/net/ieee802154/Kconfig | 1 + drivers/net/ieee802154/mcr20a.c | 5 +- drivers/net/pcs/pcs-xpcs-wx.c | 2 +- drivers/net/ppp/ppp_generic.c | 4 +- drivers/net/vrf.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 2 +- drivers/net/wireless/ath/ath9k/debug.c | 4 +- drivers/net/wireless/ath/ath9k/hif_usb.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/api/scan.h | 13 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 16 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 42 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/scan.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 1 + drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 10 +- drivers/net/wireless/realtek/rtw88/Kconfig | 1 + drivers/net/wireless/realtek/rtw89/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw89/phy.c | 4 +- drivers/net/wireless/realtek/rtw89/util.h | 18 + drivers/net/wwan/qcom_bam_dmux.c | 11 +- drivers/net/xen-netback/hash.c | 5 +- drivers/of/address.c | 5 + drivers/of/irq.c | 38 +- drivers/perf/arm_spe_pmu.c | 9 +- .../x86/intel/speed_select_if/isst_if_common.c | 4 +- drivers/platform/x86/lenovo-ymc.c | 2 + drivers/platform/x86/think-lmi.c | 16 +- drivers/platform/x86/touchscreen_dmi.c | 26 + drivers/platform/x86/x86-android-tablets/core.c | 57 +- drivers/power/reset/brcmstb-reboot.c | 3 - drivers/power/supply/power_supply_hwmon.c | 3 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 86 +- drivers/rtc/rtc-at91sam9.c | 1 + drivers/scsi/NCR5380.c | 4 + drivers/scsi/aacraid/aacraid.h | 2 +- drivers/scsi/lpfc/lpfc_els.c | 27 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 22 +- drivers/scsi/pm8001/pm8001_init.c | 6 +- drivers/scsi/smartpqi/smartpqi_init.c | 2 +- drivers/scsi/st.c | 5 +- drivers/spi/spi-bcm63xx.c | 9 +- drivers/spi/spi-cadence.c | 31 +- drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-rpc-if.c | 7 + drivers/spi/spi-s3c64xx.c | 4 +- drivers/vhost/scsi.c | 25 +- drivers/video/fbdev/efifb.c | 11 +- drivers/video/fbdev/pxafb.c | 1 + fs/btrfs/backref.c | 12 +- fs/btrfs/disk-io.c | 11 + fs/btrfs/relocation.c | 150 +- fs/btrfs/relocation.h | 9 +- fs/btrfs/send.c | 23 +- fs/cachefiles/namei.c | 7 +- fs/ceph/addr.c | 6 +- fs/dax.c | 6 +- fs/exec.c | 3 +- fs/exfat/balloc.c | 10 +- fs/ext4/dir.c | 14 +- fs/ext4/extents.c | 55 +- fs/ext4/fast_commit.c | 49 +- fs/ext4/file.c | 8 +- fs/ext4/inode.c | 11 +- fs/ext4/migrate.c | 2 +- fs/ext4/move_extent.c | 1 - fs/ext4/namei.c | 14 +- fs/ext4/super.c | 11 +- fs/ext4/xattr.c | 3 +- fs/file.c | 93 +- fs/iomap/buffered-io.c | 16 +- fs/jbd2/checkpoint.c | 21 +- fs/jbd2/journal.c | 4 +- fs/jfs/jfs_discard.c | 11 +- fs/jfs/jfs_dmap.c | 7 +- fs/jfs/xattr.c | 2 + fs/nfsd/nfs4state.c | 5 +- fs/nfsd/nfs4xdr.c | 10 +- fs/nfsd/vfs.c | 1 + fs/ocfs2/aops.c | 5 +- fs/ocfs2/buffer_head_io.c | 4 +- fs/ocfs2/journal.c | 7 +- fs/ocfs2/localalloc.c | 19 + fs/ocfs2/quota_local.c | 8 +- fs/ocfs2/refcounttree.c | 26 +- fs/ocfs2/xattr.c | 11 +- fs/overlayfs/params.c | 38 +- fs/proc/base.c | 61 +- fs/smb/client/cifsfs.c | 13 +- fs/smb/client/cifsglob.h | 2 +- fs/smb/client/inode.c | 19 +- fs/smb/client/reparse.c | 16 +- fs/smb/client/smb1ops.c | 2 +- fs/smb/client/smb2inode.c | 24 +- fs/smb/client/smb2ops.c | 19 +- fs/smb/server/connection.c | 4 +- fs/smb/server/connection.h | 1 + fs/smb/server/oplock.c | 55 +- fs/smb/server/vfs_cache.c | 3 + include/crypto/internal/simd.h | 12 +- include/drm/drm_print.h | 54 +- include/dt-bindings/clock/exynos7885.h | 2 +- include/dt-bindings/clock/qcom,gcc-sc8180x.h | 3 + include/linux/cpufreq.h | 6 +- include/linux/fdtable.h | 8 +- include/linux/i2c.h | 5 + include/linux/netdevice.h | 18 + include/linux/perf_event.h | 8 +- include/linux/stmmac.h | 1 - include/linux/uprobes.h | 2 + include/linux/virtio_net.h | 4 +- include/net/mana/gdma.h | 10 +- include/net/mana/mana.h | 3 +- include/uapi/linux/cec.h | 6 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- io_uring/net.c | 4 +- kernel/bpf/verifier.c | 26 +- kernel/cgroup/cgroup-v1.c | 12 +- kernel/events/core.c | 33 +- kernel/events/uprobes.c | 4 +- kernel/fork.c | 32 +- kernel/jump_label.c | 52 +- kernel/rcu/rcuscale.c | 4 +- kernel/resource.c | 58 +- kernel/sched/psi.c | 26 +- kernel/static_call_inline.c | 13 +- kernel/trace/trace_hwlat.c | 2 + kernel/trace/trace_osnoise.c | 22 +- lib/buildid.c | 88 +- mm/Kconfig | 25 +- mm/slab_common.c | 7 + net/bluetooth/hci_core.c | 2 + net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sock.c | 21 +- net/bluetooth/iso.c | 36 +- net/bluetooth/l2cap_core.c | 8 - net/bluetooth/l2cap_sock.c | 52 +- net/bluetooth/mgmt.c | 23 +- net/core/dev.c | 14 +- net/core/gro.c | 9 +- net/core/netpoll.c | 15 +- net/dsa/slave.c | 7 +- net/ipv4/devinet.c | 6 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/ip_gre.c | 6 +- net/ipv4/netfilter/nf_dup_ipv4.c | 7 +- net/ipv4/tcp_ipv4.c | 3 + net/ipv4/udp_offload.c | 22 +- net/ipv6/netfilter/nf_dup_ipv6.c | 7 +- net/mac80211/chan.c | 4 +- net/mac80211/mlme.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/util.c | 4 +- net/mac802154/scan.c | 4 +- net/netfilter/nf_tables_api.c | 57 +- net/netfilter/nft_set_bitmap.c | 4 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 5 +- net/netfilter/nft_set_rbtree.c | 4 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/io_thread.c | 10 +- net/rxrpc/local_object.c | 2 +- net/sched/sch_taprio.c | 4 +- net/sctp/socket.c | 4 +- net/tipc/bearer.c | 8 +- net/wireless/nl80211.c | 15 +- rust/kernel/sync/locked_by.rs | 18 +- scripts/kconfig/qconf.cc | 2 +- security/Kconfig | 32 + security/tomoyo/domain.c | 9 +- sound/core/init.c | 14 +- sound/core/oss/mixer_oss.c | 4 +- sound/isa/gus/gus_pcm.c | 4 +- sound/pci/asihpi/hpimsgx.c | 2 +- sound/pci/hda/hda_controller.h | 2 +- sound/pci/hda/hda_generic.c | 4 +- sound/pci/hda/hda_intel.c | 10 +- sound/pci/hda/patch_conexant.c | 24 +- sound/pci/hda/patch_realtek.c | 4 + sound/pci/rme9652/hdsp.c | 6 +- sound/pci/rme9652/hdspm.c | 6 +- sound/soc/atmel/mchp-pdmc.c | 3 + sound/soc/codecs/wsa883x.c | 16 +- sound/soc/fsl/imx-card.c | 1 + sound/usb/card.c | 8 + sound/usb/clock.c | 62 +- sound/usb/format.c | 6 +- sound/usb/helper.c | 34 + sound/usb/helper.h | 10 +- sound/usb/line6/podhd.c | 2 +- sound/usb/mixer.c | 37 +- sound/usb/mixer.h | 1 + sound/usb/mixer_quirks.c | 17 +- sound/usb/mixer_scarlett.c | 4 +- sound/usb/power.c | 3 +- sound/usb/power.h | 1 + sound/usb/quirks-table.h | 2283 ++++++-------------- sound/usb/quirks.c | 4 + sound/usb/stream.c | 21 +- sound/usb/usbaudio.h | 12 + tools/arch/x86/kcpuid/kcpuid.c | 12 +- tools/bpf/bpftool/net.c | 11 +- tools/include/nolibc/arch-powerpc.h | 2 +- tools/perf/util/hist.c | 7 +- tools/perf/util/machine.c | 17 +- tools/perf/util/setup.py | 2 + tools/perf/util/thread.c | 4 + tools/perf/util/thread.h | 1 + .../breakpoints/step_after_suspend_test.c | 5 +- tools/testing/selftests/hid/Makefile | 2 + .../selftests/mm/charge_reserved_hugetlb.sh | 2 +- tools/testing/selftests/mm/write_to_hugetlbfs.c | 23 +- tools/testing/selftests/netfilter/nft_audit.sh | 57 +- tools/testing/selftests/nolibc/nolibc-test.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 17 +- tools/testing/selftests/vDSO/vdso_config.h | 10 +- .../testing/selftests/vDSO/vdso_test_correctness.c | 6 + tools/tracing/rtla/src/osnoise_top.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 4 +- 398 files changed, 4268 insertions(+), 3904 deletions(-)

1 week, 2 days

16
407
0 0

[PATCH] platform/chrome: cross_ec_type: fix missing fwnode reference decrement

by Javier Carrasco

The device_for_each_child_node() macro requires explicit calls to fwnode_handle_put() upon early exits (return, break, goto) to decrement the fwnode's refcount, and avoid levaing a node reference behind. Add the missing fwnode_handle_put() after the common label for all error paths. Cc: stable(a)vger.kernel.org Fixes: fdc6b21e2444 ("platform/chrome: Add Type C connector class driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- I usually switch to the scoped variant of the macro to fix such issues, but given that the fix is relevant for stable kernels, I have provided the "classical" approach by adding the missing fwnode_handle_put(). If switching to the scoped variant is desired, please let me know. This driver and cross_typec_switch could be easily converted. By the way, I wonder why all error paths are redirected to the same label to unregister ports, even before registering them (which seems to be harmless because unregistered ports are ignored, but still). With this fix, that jump to the label is definitely required, but if the scoped variant is used, maybe some simple returns would be enough. --- drivers/platform/chrome/cros_ec_typec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/platform/chrome/cros_ec_typec.c b/drivers/platform/chrome/cros_ec_typec.c index c7781aea0b88..f1324466efac 100644 --- a/drivers/platform/chrome/cros_ec_typec.c +++ b/drivers/platform/chrome/cros_ec_typec.c @@ -409,6 +409,7 @@ static int cros_typec_init_ports(struct cros_typec_data *typec) return 0; unregister_ports: + fwnode_handle_put(fwnode); cros_unregister_ports(typec); return ret; } --- base-commit: b6270c3bca987530eafc6a15f9d54ecd0033e0e3 change-id: 20241009-cross_ec_typec_fwnode_handle_put-9f13b4bd467f Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 week, 2 days

2
2
0 0

[PATCHSET v5.0 3/9] xfs: metadata inode directory trees

by Darrick J. Wong

Hi all, This series delivers a new feature -- metadata inode directories. This is a separate directory tree (rooted in the superblock) that contains only inodes that contain filesystem metadata. Different metadata objects can be looked up with regular paths. Start by creating xfs_imeta{dir,file}* functions to mediate access to the metadata directory tree. By the end of this mega series, all existing metadata inodes (rt+quota) will use this directory tree instead of the superblock. Next, define the metadir on-disk format, which consists of marking inodes with a new iflag that says they're metadata. This prevents bulkstat and friends from ever getting their hands on fs metadata files. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=me… xfsprogs git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfsprogs-dev.git/log/?h… --- Commits in this patchset: * xfs: constify the xfs_sb predicates * xfs: constify the xfs_inode predicates * xfs: define the on-disk format for the metadir feature * xfs: undefine the sb_bad_features2 when metadir is enabled * xfs: iget for metadata inodes * xfs: load metadata directory root at mount time * xfs: enforce metadata inode flag * xfs: read and write metadata inode directory tree * xfs: disable the agi rotor for metadata inodes * xfs: hide metadata inodes from everyone because they are special * xfs: advertise metadata directory feature * xfs: allow bulkstat to return metadata directories * xfs: don't count metadata directory files to quota * xfs: mark quota inodes as metadata files * xfs: adjust xfs_bmap_add_attrfork for metadir * xfs: record health problems with the metadata directory * xfs: refactor directory tree root predicates * xfs: do not count metadata directory files when doing online quotacheck * xfs: don't fail repairs on metadata files with no attr fork * xfs: metadata files can have xattrs if metadir is enabled * xfs: adjust parent pointer scrubber for sb-rooted metadata files * xfs: fix di_metatype field of inodes that won't load * xfs: scrub metadata directories * xfs: check the metadata directory inumber in superblocks * xfs: move repair temporary files to the metadata directory tree * xfs: check metadata directory file path connectivity * xfs: confirm dotdot target before replacing it during a repair * xfs: repair metadata directory file path connectivity --- fs/xfs/Makefile | 5 fs/xfs/libxfs/xfs_attr.c | 5 fs/xfs/libxfs/xfs_bmap.c | 5 fs/xfs/libxfs/xfs_format.h | 176 ++++++++++--- fs/xfs/libxfs/xfs_fs.h | 25 ++ fs/xfs/libxfs/xfs_health.h | 6 fs/xfs/libxfs/xfs_ialloc.c | 58 +++- fs/xfs/libxfs/xfs_inode_buf.c | 83 ++++++ fs/xfs/libxfs/xfs_inode_buf.h | 3 fs/xfs/libxfs/xfs_inode_util.c | 2 fs/xfs/libxfs/xfs_log_format.h | 2 fs/xfs/libxfs/xfs_metadir.c | 481 ++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_metadir.h | 47 ++++ fs/xfs/libxfs/xfs_metafile.c | 52 ++++ fs/xfs/libxfs/xfs_metafile.h | 31 ++ fs/xfs/libxfs/xfs_ondisk.h | 2 fs/xfs/libxfs/xfs_sb.c | 33 ++ fs/xfs/scrub/agheader.c | 14 + fs/xfs/scrub/common.c | 65 ++++- fs/xfs/scrub/common.h | 5 fs/xfs/scrub/dir.c | 10 + fs/xfs/scrub/dir_repair.c | 20 + fs/xfs/scrub/dirtree.c | 32 ++ fs/xfs/scrub/dirtree.h | 12 - fs/xfs/scrub/findparent.c | 28 ++ fs/xfs/scrub/health.c | 1 fs/xfs/scrub/inode.c | 35 ++- fs/xfs/scrub/inode_repair.c | 34 ++- fs/xfs/scrub/metapath.c | 521 +++++++++++++++++++++++++++++++++++++++ fs/xfs/scrub/nlinks.c | 4 fs/xfs/scrub/nlinks_repair.c | 4 fs/xfs/scrub/orphanage.c | 4 fs/xfs/scrub/parent.c | 39 ++- fs/xfs/scrub/parent_repair.c | 37 ++- fs/xfs/scrub/quotacheck.c | 7 - fs/xfs/scrub/repair.c | 22 +- fs/xfs/scrub/repair.h | 3 fs/xfs/scrub/scrub.c | 9 + fs/xfs/scrub/scrub.h | 2 fs/xfs/scrub/stats.c | 1 fs/xfs/scrub/tempfile.c | 105 ++++++++ fs/xfs/scrub/tempfile.h | 3 fs/xfs/scrub/trace.c | 1 fs/xfs/scrub/trace.h | 42 +++ fs/xfs/xfs_dquot.c | 1 fs/xfs/xfs_health.c | 2 fs/xfs/xfs_icache.c | 73 +++++ fs/xfs/xfs_inode.c | 15 + fs/xfs/xfs_inode.h | 34 ++- fs/xfs/xfs_inode_item.c | 7 - fs/xfs/xfs_inode_item_recover.c | 5 fs/xfs/xfs_ioctl.c | 7 + fs/xfs/xfs_iops.c | 15 + fs/xfs/xfs_itable.c | 33 ++ fs/xfs/xfs_itable.h | 3 fs/xfs/xfs_mount.c | 31 ++ fs/xfs/xfs_mount.h | 3 fs/xfs/xfs_qm.c | 36 +++ fs/xfs/xfs_quota.h | 5 fs/xfs/xfs_rtalloc.c | 38 ++- fs/xfs/xfs_super.c | 4 fs/xfs/xfs_trace.c | 2 fs/xfs/xfs_trace.h | 102 ++++++++ fs/xfs/xfs_trans_dquot.c | 6 64 files changed, 2302 insertions(+), 196 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_metadir.c create mode 100644 fs/xfs/libxfs/xfs_metadir.h create mode 100644 fs/xfs/libxfs/xfs_metafile.c create mode 100644 fs/xfs/libxfs/xfs_metafile.h create mode 100644 fs/xfs/scrub/metapath.c

1 week, 2 days

1
1
0 0

[PATCH v2] usb: dwc3: core: Fix system suspend on TI AM62 platforms

by Roger Quadros

Since commit 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init"), system suspend is broken on AM62 TI platforms. Before that commit, both DWC3_GUSB3PIPECTL_SUSPHY and DWC3_GUSB2PHYCFG_SUSPHY bits (hence forth called 2 SUSPHY bits) were being set during core initialization and even during core re-initialization after a system suspend/resume. These bits are required to be set for system suspend/resume to work correctly on AM62 platforms. Since that commit, the 2 SUSPHY bits are not set for DEVICE/OTG mode if gadget driver is not loaded and started. For Host mode, the 2 SUSPHY bits are set before the first system suspend but get cleared at system resume during core re-init and are never set again. This patch resovles these two issues by ensuring the 2 SUSPHY bits are set before system suspend and restored to the original state during system resume. Cc: stable(a)vger.kernel.org # v6.9+ Fixes: 6d735722063a ("usb: dwc3: core: Prevent phy suspend during init") Link: https://lore.kernel.org/all/1519dbe7-73b6-4afc-bfe3-23f4f75d772f@kernel.org/ Signed-off-by: Roger Quadros <rogerq(a)kernel.org> --- Changes in v2: - Fix comment style - Use both USB3 and USB2 SUSPHY bits to determine susphy_state during system suspend/resume. - Restore SUSPHY bits at system resume regardless if it was set or cleared before system suspend. - Link to v1: https://lore.kernel.org/r/20241001-am62-lpm-usb-v1-1-9916b71165f7@kernel.org --- drivers/usb/dwc3/core.c | 21 +++++++++++++++++++++ drivers/usb/dwc3/core.h | 2 ++ 2 files changed, 23 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 9eb085f359ce..20209de2b295 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2336,6 +2336,11 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) u32 reg; int i; + dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) & + DWC3_GUSB2PHYCFG_SUSPHY) || + (dwc3_readl(dwc->regs, DWC3_GUSB3PIPECTL(0)) & + DWC3_GUSB3PIPECTL_SUSPHY); + switch (dwc->current_dr_role) { case DWC3_GCTL_PRTCAP_DEVICE: if (pm_runtime_suspended(dwc->dev)) @@ -2387,6 +2392,15 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg) break; } + if (!PMSG_IS_AUTO(msg)) { + /* + * TI AM62 platform requires SUSPHY to be + * enabled for system suspend to work. + */ + if (!dwc->susphy_state) + dwc3_enable_susphy(dwc, true); + } + return 0; } @@ -2454,6 +2468,13 @@ static int dwc3_resume_common(struct dwc3 *dwc, pm_message_t msg) break; } + if (!PMSG_IS_AUTO(msg)) { + /* + * restore SUSPHY state to that before system suspend. + */ + dwc3_enable_susphy(dwc, dwc->susphy_state); + } + return 0; } diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index c71240e8f7c7..b2ed5aba4c72 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1150,6 +1150,7 @@ struct dwc3_scratchpad_array { * @sys_wakeup: set if the device may do system wakeup. * @wakeup_configured: set if the device is configured for remote wakeup. * @suspended: set to track suspend event due to U3/L2. + * @susphy_state: state of DWC3_GUSB2PHYCFG_SUSPHY before PM suspend. * @imod_interval: set the interrupt moderation interval in 250ns * increments or 0 to disable. * @max_cfg_eps: current max number of IN eps used across all USB configs. @@ -1382,6 +1383,7 @@ struct dwc3 { unsigned sys_wakeup:1; unsigned wakeup_configured:1; unsigned suspended:1; + unsigned susphy_state:1; u16 imod_interval; --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20240923-am62-lpm-usb-f420917bd707 Best regards, -- Roger Quadros <rogerq(a)kernel.org>

1 week, 2 days

2
1
0 0

[PATCH v3 5/9] serial: qcom-geni: fix receiver enable

by Johan Hovold

The receiver is supposed to be enabled in the startup() callback and not in set_termios() which is called also during console setup. This specifically avoids accepting input before the port has been opened (and interrupts enabled), something which can also break the GENI firmware (cancel fails and after abort, the "stale" counter handling appears to be broken so that later input is not processed until twelve chars have been received). There also does not appear to be any need to keep the receiver disabled while updating the port settings. Since commit 6f3c3cafb115 ("serial: qcom-geni: disable interrupts during console writes") the calls to manipulate the secondary interrupts, which were done without holding the port lock, can also lead to the receiver being left disabled when set_termios() races with the console code (e.g. when init opens the tty during boot). This can manifest itself as a serial getty not accepting input. The calls to stop and start rx in set_termios() can similarly race with DMA completion and, for example, cause the DMA buffer to be unmapped twice or the mapping to be leaked. Fix this by only enabling the receiver during startup and while holding the port lock to avoid racing with the console code. Fixes: 6f3c3cafb115 ("serial: qcom-geni: disable interrupts during console writes") Fixes: 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index aaf24bd037a7..6c4349ea5720 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1197,6 +1197,11 @@ static int qcom_geni_serial_startup(struct uart_port *uport) if (ret) return ret; } + + uart_port_lock_irq(uport); + qcom_geni_serial_start_rx(uport); + uart_port_unlock_irq(uport); + enable_irq(uport->irq); return 0; @@ -1282,7 +1287,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned int avg_bw_core; unsigned long timeout; - qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); @@ -1298,7 +1302,7 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, dev_err(port->se.dev, "Couldn't find suitable clock rate for %u\n", baud * sampling_rate); - goto out_restart_rx; + return; } dev_dbg(port->se.dev, "desired_rate = %u, clk_rate = %lu, clk_div = %u\n", @@ -1389,8 +1393,6 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, writel(stop_bit_len, uport->membase + SE_UART_TX_STOP_BIT_LEN); writel(ser_clk_cfg, uport->membase + GENI_SER_M_CLK_CFG); writel(ser_clk_cfg, uport->membase + GENI_SER_S_CLK_CFG); -out_restart_rx: - qcom_geni_serial_start_rx(uport); } #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE -- 2.45.2

1 week, 2 days

2
1
0 0

[PATCH v3 1/9] serial: qcom-geni: fix polled console initialisation

by Johan Hovold

The polled console (KGDB/KDB) implementation must not call port setup unconditionally as the port may already be in use by the console or a getty. Only make sure that the receiver is enabled, but do not enable any device interrupts. Fixes: d8851a96ba25 ("tty: serial: qcom-geni-serial: Add a poll_init() function") Cc: stable(a)vger.kernel.org # 6.4 Cc: Douglas Anderson <dianders(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 6f0db310cf69..c237c9d107cd 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -147,6 +147,7 @@ static struct uart_driver qcom_geni_uart_driver; static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); +static int qcom_geni_serial_port_setup(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { @@ -395,6 +396,23 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, writel(c, uport->membase + SE_GENI_TX_FIFOn); qcom_geni_serial_poll_tx_done(uport); } + +static int qcom_geni_serial_poll_init(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + int ret; + + if (!port->setup) { + ret = qcom_geni_serial_port_setup(uport); + if (ret) + return ret; + } + + if (!qcom_geni_serial_secondary_active(uport)) + geni_se_setup_s_cmd(&port->se, UART_START_READ, 0); + + return 0; +} #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE @@ -1582,7 +1600,7 @@ static const struct uart_ops qcom_geni_console_pops = { #ifdef CONFIG_CONSOLE_POLL .poll_get_char = qcom_geni_serial_get_char, .poll_put_char = qcom_geni_serial_poll_put_char, - .poll_init = qcom_geni_serial_port_setup, + .poll_init = qcom_geni_serial_poll_init, #endif .pm = qcom_geni_serial_pm, }; -- 2.45.2

1 week, 2 days

2
1
0 0

[PATCH] clk: actions: prevent overflow in owl_pll_recalc_rate

by Anastasia Belova

In case of OWL S900 SoC clock driver there are cases where bfreq = 24000000, shift = 0. If value read from CMU_COREPLL or CMU_DDRPLL to val is big enough, an overflow may occur. Add explicit casting to prevent it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 2792c37e94c8 ("clk: actions: Add pll clock support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> --- drivers/clk/actions/owl-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/actions/owl-pll.c b/drivers/clk/actions/owl-pll.c index 155f313986b4..fa17567665ec 100644 --- a/drivers/clk/actions/owl-pll.c +++ b/drivers/clk/actions/owl-pll.c @@ -104,7 +104,7 @@ static unsigned long owl_pll_recalc_rate(struct clk_hw *hw, val = val >> pll_hw->shift; val &= mul_mask(pll_hw); - return pll_hw->bfreq * val; + return (unsigned long)pll_hw->bfreq * val; } static int owl_pll_is_enabled(struct clk_hw *hw) -- 2.30.2

1 week, 2 days

3
2
0 0

[PATCH v3] ext4: prevent data-race that occur when read/write ext4_group_desc structure members

by Jeongjun Park

Currently, data-race like [1] occur in fs/ext4/ialloc.c find_group_other() and find_group_orlov() read *_lo, *_hi with ext4_free_inodes_count without additional locking. This can cause data-race, but since the lock is held for most writes and free inodes value is generally not a problem even if it is incorrect, it is more appropriate to use READ_ONCE()/WRITE_ONCE() than to add locking. [1] ================================================================== BUG: KCSAN: data-race in ext4_free_inodes_count / ext4_free_inodes_set write to 0xffff88810404300e of 2 bytes by task 6254 on cpu 1: ext4_free_inodes_set+0x1f/0x80 fs/ext4/super.c:405 __ext4_new_inode+0x15ca/0x2200 fs/ext4/ialloc.c:1216 ext4_symlink+0x242/0x5a0 fs/ext4/namei.c:3391 vfs_symlink+0xca/0x1d0 fs/namei.c:4615 do_symlinkat+0xe3/0x340 fs/namei.c:4641 __do_sys_symlinkat fs/namei.c:4657 [inline] __se_sys_symlinkat fs/namei.c:4654 [inline] __x64_sys_symlinkat+0x5e/0x70 fs/namei.c:4654 x64_sys_call+0x1dda/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:267 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e read to 0xffff88810404300e of 2 bytes by task 6257 on cpu 0: ext4_free_inodes_count+0x1c/0x80 fs/ext4/super.c:349 find_group_other fs/ext4/ialloc.c:594 [inline] __ext4_new_inode+0x6ec/0x2200 fs/ext4/ialloc.c:1017 ext4_symlink+0x242/0x5a0 fs/ext4/namei.c:3391 vfs_symlink+0xca/0x1d0 fs/namei.c:4615 do_symlinkat+0xe3/0x340 fs/namei.c:4641 __do_sys_symlinkat fs/namei.c:4657 [inline] __se_sys_symlinkat fs/namei.c:4654 [inline] __x64_sys_symlinkat+0x5e/0x70 fs/namei.c:4654 x64_sys_call+0x1dda/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:267 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e value changed: 0x185c -> 0x185b Cc: <stable(a)vger.kernel.org> Fixes: ac27a0ec112a ("[PATCH] ext4: initial copy of files from ext3") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- fs/ext4/super.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 16a4ce704460..8337c4999f90 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -346,9 +346,9 @@ __u32 ext4_free_group_clusters(struct super_block *sb, __u32 ext4_free_inodes_count(struct super_block *sb, struct ext4_group_desc *bg) { - return le16_to_cpu(bg->bg_free_inodes_count_lo) | + return le16_to_cpu(READ_ONCE(bg->bg_free_inodes_count_lo)) | (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT ? - (__u32)le16_to_cpu(bg->bg_free_inodes_count_hi) << 16 : 0); + (__u32)le16_to_cpu(READ_ONCE(bg->bg_free_inodes_count_hi)) << 16 : 0); } __u32 ext4_used_dirs_count(struct super_block *sb, @@ -402,9 +402,9 @@ void ext4_free_group_clusters_set(struct super_block *sb, void ext4_free_inodes_set(struct super_block *sb, struct ext4_group_desc *bg, __u32 count) { - bg->bg_free_inodes_count_lo = cpu_to_le16((__u16)count); + WRITE_ONCE(bg->bg_free_inodes_count_lo, cpu_to_le16((__u16)count)); if (EXT4_DESC_SIZE(sb) >= EXT4_MIN_DESC_SIZE_64BIT) - bg->bg_free_inodes_count_hi = cpu_to_le16(count >> 16); + WRITE_ONCE(bg->bg_free_inodes_count_hi, cpu_to_le16(count >> 16)); } void ext4_used_dirs_set(struct super_block *sb, --

1 week, 2 days

2
1
0 0

[to-be-updated] mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: enforce a minimal stack gap even against inaccessible VMAs has been removed from the -mm tree. Its filename was mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Jann Horn <jannh(a)google.com> Subject: mm: enforce a minimal stack gap even against inaccessible VMAs Date: Tue, 08 Oct 2024 00:55:39 +0200 As explained in the comment block this change adds, we can't tell what userspace's intent is when the stack grows towards an inaccessible VMA. I have a (highly contrived) C testcase for 32-bit x86 userspace with glibc that mixes malloc(), pthread creation, and recursion in just the right way such that the main stack overflows into malloc() arena memory. I don't know of any specific scenario where this is actually exploitable, but it seems like it could be a security problem for sufficiently unlucky userspace. I believe we should ensure that, as long as code is compiled with something like -fstack-check, a stack overflow in it can never cause the main stack to overflow into adjacent heap memory. My fix effectively reverts the behavior for !vma_is_accessible() VMAs to the behavior before commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas"), so I think it should be a fairly safe change even in case A. [akpm(a)linux-foundation.org: s/prev/next/ in !CONFIG_STACK_GROWSUP section, per Lorenzo] Closes: https://lore.kernel.org/oe-kbuild-all/202410090632.brLG8w0b-lkp@intel.com/ Link: https://lkml.kernel.org/r/20241008-stack-gap-inaccessible-v1-1-848d4d891f21… Fixes: 561b5e0709e4 ("mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack") Signed-off-by: Jann Horn <jannh(a)google.com> Cc: Ben Hutchings <ben(a)decadent.org.uk> Cc: Helge Deller <deller(a)gmx.de> Cc: Hugh Dickins <hughd(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Rik van Riel <riel(a)redhat.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Willy Tarreau <w(a)1wt.eu> Cc: <stable(a)vger.kernel.org> Cc: kernel test robot <lkp(a)intel.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 53 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) --- a/mm/mmap.c~mm-enforce-a-minimal-stack-gap-even-against-inaccessible-vmas +++ a/mm/mmap.c @@ -1064,10 +1064,12 @@ static int expand_upwards(struct vm_area gap_addr = TASK_SIZE; next = find_vma_intersection(mm, vma->vm_end, gap_addr); - if (next && vma_is_accessible(next)) { - if (!(next->vm_flags & VM_GROWSUP)) + if (next && !(next->vm_flags & VM_GROWSUP)) { + /* see comments in expand_downwards() */ + if (vma_is_accessible(next)) + return -ENOMEM; + if (address == next->vm_start) return -ENOMEM; - /* Check that both stack segments have the same anon_vma? */ } if (next) @@ -1155,10 +1157,47 @@ int expand_downwards(struct vm_area_stru /* Enforce stack_guard_gap */ prev = vma_prev(&vmi); /* Check that both stack segments have the same anon_vma? */ - if (prev) { - if (!(prev->vm_flags & VM_GROWSDOWN) && - vma_is_accessible(prev) && - (address - prev->vm_end < stack_guard_gap)) + if (prev && !(prev->vm_flags & VM_GROWSDOWN) && + (address - prev->vm_end < stack_guard_gap)) { + /* + * If the previous VMA is accessible, this is the normal case + * where the main stack is growing down towards some unrelated + * VMA. Enforce the full stack guard gap. + */ + if (vma_is_accessible(prev)) + return -ENOMEM; + + /* + * If the previous VMA is not accessible, we have a problem: + * We can't tell what userspace's intent is. + * + * Case A: + * Maybe userspace wants to use the previous VMA as a + * "guard region" at the bottom of the main stack, in which case + * userspace wants us to grow the stack until it is adjacent to + * the guard region. Apparently some Java runtime environments + * and Rust do that? + * That is kind of ugly, and in that case userspace really ought + * to ensure that the stack is fully expanded immediately, but + * we have to handle this case. + * + * Case B: + * But maybe the previous VMA is entirely unrelated to the stack + * and is only *temporarily* PROT_NONE. For example, glibc + * malloc arenas create a big PROT_NONE region and then + * progressively mark parts of it as writable. + * In that case, we must not let the stack become adjacent to + * the previous VMA. Otherwise, after the region later becomes + * writable, a stack overflow will cause the stack to grow into + * the previous VMA, and we won't have any stack gap to protect + * against this. + * + * As an ugly tradeoff, enforce a single-page gap. + * A single page will hopefully be small enough to not be + * noticed in case A, while providing the same level of + * protection in case B that normal userspace threads get. + */ + if (address == prev->vm_end) return -ENOMEM; } _ Patches currently in -mm which might be from jannh(a)google.com are mm-mremap-fix-move_normal_pmd-retract_page_tables-race.patch

1 week, 2 days

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror