Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

305 participants
124187 discussions

Start a nNew thread

FAILED: patch "[PATCH] counter: interrupt-cnt: Drop IRQF_NO_THREAD flag" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

4 hours, 51 minutes

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011247-sharper-eel-d578@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

4 hours, 52 minutes

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011245-mummified-entree-046b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

4 hours, 52 minutes

FAILED: patch "[PATCH] btrfs: fix beyond-EOF write handling" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e9e3b22ddfa760762b696ac6417c8d6edd182e49 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011243-manor-perkiness-7a2a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e9e3b22ddfa760762b696ac6417c8d6edd182e49 Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Thu, 11 Dec 2025 12:45:17 +1030 Subject: [PATCH] btrfs: fix beyond-EOF write handling [BUG] For the following write sequence with 64K page size and 4K fs block size, it will lead to file extent items to be inserted without any data checksum: mkfs.btrfs -s 4k -f $dev > /dev/null mount $dev $mnt xfs_io -f -c "pwrite 0 16k" -c "pwrite 32k 4k" -c pwrite "60k 64K" \ -c "truncate 16k" $mnt/foobar umount $mnt This will result the following 2 file extent items to be inserted (extra trace point added to insert_ordered_extent_file_extent()): btrfs_finish_one_ordered: root=5 ino=257 file_off=61440 num_bytes=4096 csum_bytes=0 btrfs_finish_one_ordered: root=5 ino=257 file_off=0 num_bytes=16384 csum_bytes=16384 Note for file offset 60K, we're inserting a file extent without any data checksum. Also note that range [32K, 36K) didn't reach insert_ordered_extent_file_extent(), which is the correct behavior as that OE is fully truncated, should not result any file extent. Although file extent at 60K will be later dropped by btrfs_truncate(), if the transaction got committed after file extent inserted but before the file extent dropping, we will have a small window where we have a file extent beyond EOF and without any data checksum. That will cause "btrfs check" to report error. [CAUSE] The sequence happens like this: - Buffered write dirtied the page cache and updated isize Now the inode size is 64K, with the following page cache layout: 0 16K 32K 48K 64K |/////////////| |//| |//| - Truncate the inode to 16K Which will trigger writeback through: btrfs_setsize() |- truncate_setsize() | Now the inode size is set to 16K | |- btrfs_truncate() |- btrfs_wait_ordered_range() for [16K, u64(-1)] |- btrfs_fdatawrite_range() for [16K, u64(-1)} |- extent_writepage() for folio 0 |- writepage_delalloc() | Generated OE for [0, 16K), [32K, 36K] and [60K, 64K) | |- extent_writepage_io() Then inside extent_writepage_io(), the dirty fs blocks are handled differently: - Submit write for range [0, 16K) As they are still inside the inode size (16K). - Mark OE [32K, 36K) as truncated Since we only call btrfs_lookup_first_ordered_range() once, which returned the first OE after file offset 16K. - Mark all OEs inside range [16K, 64K) as finished Which will mark OE ranges [32K, 36K) and [60K, 64K) as finished. For OE [32K, 36K) since it's already marked as truncated, and its truncated length is 0, no file extent will be inserted. For OE [60K, 64K) it has never been submitted thus has no data checksum, and we insert the file extent as usual. This is the root cause of file extent at 60K to be inserted without any data checksum. - Clear dirty flags for range [16K, 64K) It is the function btrfs_folio_clear_dirty() which searches and clears any dirty blocks inside that range. [FIX] The bug itself was introduced a long time ago, way before subpage and large folio support. At that time, fs block size must match page size, thus the range [cur, end) is just one fs block. But later with subpage and large folios, the same range [cur, end) can have multiple blocks and ordered extents. Later commit 18de34daa7c6 ("btrfs: truncate ordered extent when skipping writeback past i_size") was fixing a bug related to subpage/large folios, but it's still utilizing the old range [cur, end), meaning only the first OE will be marked as truncated. The proper fix here is to make EOF handling block-by-block, not trying to handle the whole range to @end. By this we always locate and truncate the OE for every dirty block. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 2d32dfc34ae3..97748d0d54d9 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1728,7 +1728,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, struct btrfs_ordered_extent *ordered; ordered = btrfs_lookup_first_ordered_range(inode, cur, - folio_end - cur); + fs_info->sectorsize); /* * We have just run delalloc before getting here, so * there must be an ordered extent. @@ -1742,7 +1742,7 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, btrfs_put_ordered_extent(ordered); btrfs_mark_ordered_io_finished(inode, folio, cur, - end - cur, true); + fs_info->sectorsize, true); /* * This range is beyond i_size, thus we don't need to * bother writing back. @@ -1751,8 +1751,8 @@ static noinline_for_stack int extent_writepage_io(struct btrfs_inode *inode, * writeback the sectors with subpage dirty bits, * causing writeback without ordered extent. */ - btrfs_folio_clear_dirty(fs_info, folio, cur, end - cur); - break; + btrfs_folio_clear_dirty(fs_info, folio, cur, fs_info->sectorsize); + continue; } ret = submit_one_sector(inode, folio, cur, bio_ctrl, i_size); if (unlikely(ret < 0)) {

4 hours, 52 minutes

FAILED: patch "[PATCH] NFSD: Remove NFSERR_EAGAIN" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

4 hours, 53 minutes

FAILED: patch "[PATCH] nfsd: provide locking for v4_end_grace" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2857bd59feb63fcf40fe4baf55401baea6b4feb4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011224-thesaurus-unmixed-7797@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2857bd59feb63fcf40fe4baf55401baea6b4feb4 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Sat, 13 Dec 2025 13:41:59 -0500 Subject: [PATCH] nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. Reported-by: Li Lingfeng <lilingfeng3(a)huawei.com> Closes: https://lore.kernel.org/linux-nfs/20250623030015.2353515-1-neil@brown.name/… Fixes: 7f5ef2e900d9 ("nfsd: add a v4_end_grace file to /proc/fs/nfsd") Cc: stable(a)vger.kernel.org Signed-off-by: NeilBrown <neil(a)brown.name> Tested-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h index 3e2d0fde80a7..fe8338735e7c 100644 --- a/fs/nfsd/netns.h +++ b/fs/nfsd/netns.h @@ -66,6 +66,8 @@ struct nfsd_net { struct lock_manager nfsd4_manager; bool grace_ended; + bool grace_end_forced; + bool client_tracking_active; time64_t boot_time; struct dentry *nfsd_client_dir; diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 5b83cb33bf83..a1dccce8b99c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -84,7 +84,7 @@ static u64 current_sessionid = 1; /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); static void nfs4_free_ol_stateid(struct nfs4_stid *stid); -void nfsd4_end_grace(struct nfsd_net *nn); +static void nfsd4_end_grace(struct nfsd_net *nn); static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); static void nfsd4_file_hash_remove(struct nfs4_file *fi); static void deleg_reaper(struct nfsd_net *nn); @@ -6570,7 +6570,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, return nfs_ok; } -void +static void nfsd4_end_grace(struct nfsd_net *nn) { /* do nothing if grace period already ended */ @@ -6603,6 +6603,33 @@ nfsd4_end_grace(struct nfsd_net *nn) */ } +/** + * nfsd4_force_end_grace - forcibly end the NFSv4 grace period + * @nn: network namespace for the server instance to be updated + * + * Forces bypass of normal grace period completion, then schedules + * the laundromat to end the grace period immediately. Does not wait + * for the grace period to fully terminate before returning. + * + * Return values: + * %true: Grace termination schedule + * %false: No action was taken + */ +bool nfsd4_force_end_grace(struct nfsd_net *nn) +{ + if (!nn->client_tracking_ops) + return false; + spin_lock(&nn->client_lock); + if (nn->grace_ended || !nn->client_tracking_active) { + spin_unlock(&nn->client_lock); + return false; + } + WRITE_ONCE(nn->grace_end_forced, true); + mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); + spin_unlock(&nn->client_lock); + return true; +} + /* * If we've waited a lease period but there are still clients trying to * reclaim, wait a little longer to give them a chance to finish. @@ -6612,6 +6639,8 @@ static bool clients_still_reclaiming(struct nfsd_net *nn) time64_t double_grace_period_end = nn->boot_time + 2 * nn->nfsd4_lease; + if (READ_ONCE(nn->grace_end_forced)) + return false; if (nn->track_reclaim_completes && atomic_read(&nn->nr_reclaim_complete) == nn->reclaim_str_hashtbl_size) @@ -8931,6 +8960,8 @@ static int nfs4_state_create_net(struct net *net) nn->unconf_name_tree = RB_ROOT; nn->boot_time = ktime_get_real_seconds(); nn->grace_ended = false; + nn->grace_end_forced = false; + nn->client_tracking_active = false; nn->nfsd4_manager.block_opens = true; INIT_LIST_HEAD(&nn->nfsd4_manager.list); INIT_LIST_HEAD(&nn->client_lru); @@ -9011,6 +9042,10 @@ nfs4_state_start_net(struct net *net) return ret; locks_start_grace(net, &nn->nfsd4_manager); nfsd4_client_tracking_init(net); + /* safe for laundromat to run now */ + spin_lock(&nn->client_lock); + nn->client_tracking_active = true; + spin_unlock(&nn->client_lock); if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) goto skip_grace; printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", @@ -9059,6 +9094,9 @@ nfs4_state_shutdown_net(struct net *net) shrinker_free(nn->nfsd_client_shrinker); cancel_work_sync(&nn->nfsd_shrinker_work); + spin_lock(&nn->client_lock); + nn->client_tracking_active = false; + spin_unlock(&nn->client_lock); cancel_delayed_work_sync(&nn->laundromat_work); locks_end_grace(&nn->nfsd4_manager); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 2b79129703d5..36ce3ca97d97 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1082,10 +1082,9 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size) case 'Y': case 'y': case '1': - if (!nn->nfsd_serv) + if (!nfsd4_force_end_grace(nn)) return -EBUSY; trace_nfsd_end_grace(netns(file)); - nfsd4_end_grace(nn); break; default: return -EINVAL; diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 1e736f402426..50d2b2963390 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -849,7 +849,7 @@ static inline void nfsd4_revoke_states(struct net *net, struct super_block *sb) #endif /* grace period management */ -void nfsd4_end_grace(struct nfsd_net *nn); +bool nfsd4_force_end_grace(struct nfsd_net *nn); /* nfs4recover operations */ extern int nfsd4_client_tracking_init(struct net *net);

4 hours, 54 minutes

FAILED: patch "[PATCH] nfsd: provide locking for v4_end_grace" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2857bd59feb63fcf40fe4baf55401baea6b4feb4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011222-abdomen-balsamic-f41c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2857bd59feb63fcf40fe4baf55401baea6b4feb4 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Sat, 13 Dec 2025 13:41:59 -0500 Subject: [PATCH] nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. Reported-by: Li Lingfeng <lilingfeng3(a)huawei.com> Closes: https://lore.kernel.org/linux-nfs/20250623030015.2353515-1-neil@brown.name/… Fixes: 7f5ef2e900d9 ("nfsd: add a v4_end_grace file to /proc/fs/nfsd") Cc: stable(a)vger.kernel.org Signed-off-by: NeilBrown <neil(a)brown.name> Tested-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h index 3e2d0fde80a7..fe8338735e7c 100644 --- a/fs/nfsd/netns.h +++ b/fs/nfsd/netns.h @@ -66,6 +66,8 @@ struct nfsd_net { struct lock_manager nfsd4_manager; bool grace_ended; + bool grace_end_forced; + bool client_tracking_active; time64_t boot_time; struct dentry *nfsd_client_dir; diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 5b83cb33bf83..a1dccce8b99c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -84,7 +84,7 @@ static u64 current_sessionid = 1; /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); static void nfs4_free_ol_stateid(struct nfs4_stid *stid); -void nfsd4_end_grace(struct nfsd_net *nn); +static void nfsd4_end_grace(struct nfsd_net *nn); static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); static void nfsd4_file_hash_remove(struct nfs4_file *fi); static void deleg_reaper(struct nfsd_net *nn); @@ -6570,7 +6570,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, return nfs_ok; } -void +static void nfsd4_end_grace(struct nfsd_net *nn) { /* do nothing if grace period already ended */ @@ -6603,6 +6603,33 @@ nfsd4_end_grace(struct nfsd_net *nn) */ } +/** + * nfsd4_force_end_grace - forcibly end the NFSv4 grace period + * @nn: network namespace for the server instance to be updated + * + * Forces bypass of normal grace period completion, then schedules + * the laundromat to end the grace period immediately. Does not wait + * for the grace period to fully terminate before returning. + * + * Return values: + * %true: Grace termination schedule + * %false: No action was taken + */ +bool nfsd4_force_end_grace(struct nfsd_net *nn) +{ + if (!nn->client_tracking_ops) + return false; + spin_lock(&nn->client_lock); + if (nn->grace_ended || !nn->client_tracking_active) { + spin_unlock(&nn->client_lock); + return false; + } + WRITE_ONCE(nn->grace_end_forced, true); + mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); + spin_unlock(&nn->client_lock); + return true; +} + /* * If we've waited a lease period but there are still clients trying to * reclaim, wait a little longer to give them a chance to finish. @@ -6612,6 +6639,8 @@ static bool clients_still_reclaiming(struct nfsd_net *nn) time64_t double_grace_period_end = nn->boot_time + 2 * nn->nfsd4_lease; + if (READ_ONCE(nn->grace_end_forced)) + return false; if (nn->track_reclaim_completes && atomic_read(&nn->nr_reclaim_complete) == nn->reclaim_str_hashtbl_size) @@ -8931,6 +8960,8 @@ static int nfs4_state_create_net(struct net *net) nn->unconf_name_tree = RB_ROOT; nn->boot_time = ktime_get_real_seconds(); nn->grace_ended = false; + nn->grace_end_forced = false; + nn->client_tracking_active = false; nn->nfsd4_manager.block_opens = true; INIT_LIST_HEAD(&nn->nfsd4_manager.list); INIT_LIST_HEAD(&nn->client_lru); @@ -9011,6 +9042,10 @@ nfs4_state_start_net(struct net *net) return ret; locks_start_grace(net, &nn->nfsd4_manager); nfsd4_client_tracking_init(net); + /* safe for laundromat to run now */ + spin_lock(&nn->client_lock); + nn->client_tracking_active = true; + spin_unlock(&nn->client_lock); if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) goto skip_grace; printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", @@ -9059,6 +9094,9 @@ nfs4_state_shutdown_net(struct net *net) shrinker_free(nn->nfsd_client_shrinker); cancel_work_sync(&nn->nfsd_shrinker_work); + spin_lock(&nn->client_lock); + nn->client_tracking_active = false; + spin_unlock(&nn->client_lock); cancel_delayed_work_sync(&nn->laundromat_work); locks_end_grace(&nn->nfsd4_manager); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 2b79129703d5..36ce3ca97d97 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1082,10 +1082,9 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size) case 'Y': case 'y': case '1': - if (!nn->nfsd_serv) + if (!nfsd4_force_end_grace(nn)) return -EBUSY; trace_nfsd_end_grace(netns(file)); - nfsd4_end_grace(nn); break; default: return -EINVAL; diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 1e736f402426..50d2b2963390 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -849,7 +849,7 @@ static inline void nfsd4_revoke_states(struct net *net, struct super_block *sb) #endif /* grace period management */ -void nfsd4_end_grace(struct nfsd_net *nn); +bool nfsd4_force_end_grace(struct nfsd_net *nn); /* nfs4recover operations */ extern int nfsd4_client_tracking_init(struct net *net);

4 hours, 54 minutes

FAILED: patch "[PATCH] nfsd: provide locking for v4_end_grace" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2857bd59feb63fcf40fe4baf55401baea6b4feb4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026011223-account-preteen-f696@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2857bd59feb63fcf40fe4baf55401baea6b4feb4 Mon Sep 17 00:00:00 2001 From: NeilBrown <neil(a)brown.name> Date: Sat, 13 Dec 2025 13:41:59 -0500 Subject: [PATCH] nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed after it was freed - reclaim_str_hashtbl in particularly. We cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is held while client_tracking_op->init() is called and that can wait for an upcall to nfsdcltrack which can write to v4_end_grace, resulting in a deadlock. nfsd4_end_grace() is also called by the landromat work queue and this doesn't require locking as server shutdown will stop the work and wait for it before freeing anything that nfsd4_end_grace() might access. However, we must be sure that writing to v4_end_grace doesn't restart the work item after shutdown has already waited for it. For this we add a new flag protected with nn->client_lock. It is set only while it is safe to make client tracking calls, and v4_end_grace only schedules work while the flag is set with the spinlock held. So this patch adds a nfsd_net field "client_tracking_active" which is set as described. Another field "grace_end_forced", is set when v4_end_grace is written. After this is set, and providing client_tracking_active is set, the laundromat is scheduled. This "grace_end_forced" field bypasses other checks for whether the grace period has finished. This resolves a race which can result in use-after-free. Reported-by: Li Lingfeng <lilingfeng3(a)huawei.com> Closes: https://lore.kernel.org/linux-nfs/20250623030015.2353515-1-neil@brown.name/… Fixes: 7f5ef2e900d9 ("nfsd: add a v4_end_grace file to /proc/fs/nfsd") Cc: stable(a)vger.kernel.org Signed-off-by: NeilBrown <neil(a)brown.name> Tested-by: Li Lingfeng <lilingfeng3(a)huawei.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h index 3e2d0fde80a7..fe8338735e7c 100644 --- a/fs/nfsd/netns.h +++ b/fs/nfsd/netns.h @@ -66,6 +66,8 @@ struct nfsd_net { struct lock_manager nfsd4_manager; bool grace_ended; + bool grace_end_forced; + bool client_tracking_active; time64_t boot_time; struct dentry *nfsd_client_dir; diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 5b83cb33bf83..a1dccce8b99c 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -84,7 +84,7 @@ static u64 current_sessionid = 1; /* forward declarations */ static bool check_for_locks(struct nfs4_file *fp, struct nfs4_lockowner *lowner); static void nfs4_free_ol_stateid(struct nfs4_stid *stid); -void nfsd4_end_grace(struct nfsd_net *nn); +static void nfsd4_end_grace(struct nfsd_net *nn); static void _free_cpntf_state_locked(struct nfsd_net *nn, struct nfs4_cpntf_state *cps); static void nfsd4_file_hash_remove(struct nfs4_file *fi); static void deleg_reaper(struct nfsd_net *nn); @@ -6570,7 +6570,7 @@ nfsd4_renew(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, return nfs_ok; } -void +static void nfsd4_end_grace(struct nfsd_net *nn) { /* do nothing if grace period already ended */ @@ -6603,6 +6603,33 @@ nfsd4_end_grace(struct nfsd_net *nn) */ } +/** + * nfsd4_force_end_grace - forcibly end the NFSv4 grace period + * @nn: network namespace for the server instance to be updated + * + * Forces bypass of normal grace period completion, then schedules + * the laundromat to end the grace period immediately. Does not wait + * for the grace period to fully terminate before returning. + * + * Return values: + * %true: Grace termination schedule + * %false: No action was taken + */ +bool nfsd4_force_end_grace(struct nfsd_net *nn) +{ + if (!nn->client_tracking_ops) + return false; + spin_lock(&nn->client_lock); + if (nn->grace_ended || !nn->client_tracking_active) { + spin_unlock(&nn->client_lock); + return false; + } + WRITE_ONCE(nn->grace_end_forced, true); + mod_delayed_work(laundry_wq, &nn->laundromat_work, 0); + spin_unlock(&nn->client_lock); + return true; +} + /* * If we've waited a lease period but there are still clients trying to * reclaim, wait a little longer to give them a chance to finish. @@ -6612,6 +6639,8 @@ static bool clients_still_reclaiming(struct nfsd_net *nn) time64_t double_grace_period_end = nn->boot_time + 2 * nn->nfsd4_lease; + if (READ_ONCE(nn->grace_end_forced)) + return false; if (nn->track_reclaim_completes && atomic_read(&nn->nr_reclaim_complete) == nn->reclaim_str_hashtbl_size) @@ -8931,6 +8960,8 @@ static int nfs4_state_create_net(struct net *net) nn->unconf_name_tree = RB_ROOT; nn->boot_time = ktime_get_real_seconds(); nn->grace_ended = false; + nn->grace_end_forced = false; + nn->client_tracking_active = false; nn->nfsd4_manager.block_opens = true; INIT_LIST_HEAD(&nn->nfsd4_manager.list); INIT_LIST_HEAD(&nn->client_lru); @@ -9011,6 +9042,10 @@ nfs4_state_start_net(struct net *net) return ret; locks_start_grace(net, &nn->nfsd4_manager); nfsd4_client_tracking_init(net); + /* safe for laundromat to run now */ + spin_lock(&nn->client_lock); + nn->client_tracking_active = true; + spin_unlock(&nn->client_lock); if (nn->track_reclaim_completes && nn->reclaim_str_hashtbl_size == 0) goto skip_grace; printk(KERN_INFO "NFSD: starting %lld-second grace period (net %x)\n", @@ -9059,6 +9094,9 @@ nfs4_state_shutdown_net(struct net *net) shrinker_free(nn->nfsd_client_shrinker); cancel_work_sync(&nn->nfsd_shrinker_work); + spin_lock(&nn->client_lock); + nn->client_tracking_active = false; + spin_unlock(&nn->client_lock); cancel_delayed_work_sync(&nn->laundromat_work); locks_end_grace(&nn->nfsd4_manager); diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index 2b79129703d5..36ce3ca97d97 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1082,10 +1082,9 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size) case 'Y': case 'y': case '1': - if (!nn->nfsd_serv) + if (!nfsd4_force_end_grace(nn)) return -EBUSY; trace_nfsd_end_grace(netns(file)); - nfsd4_end_grace(nn); break; default: return -EINVAL; diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h index 1e736f402426..50d2b2963390 100644 --- a/fs/nfsd/state.h +++ b/fs/nfsd/state.h @@ -849,7 +849,7 @@ static inline void nfsd4_revoke_states(struct net *net, struct super_block *sb) #endif /* grace period management */ -void nfsd4_end_grace(struct nfsd_net *nn); +bool nfsd4_force_end_grace(struct nfsd_net *nn); /* nfs4recover operations */ extern int nfsd4_client_tracking_init(struct net *net);

4 hours, 54 minutes

[PATCH 6.1 000/634] 6.1.160-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.160 release. There are 634 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.160-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.160-rc1 Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: mac80211: fix switch count in EMA beacons Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: fix puncturing bitmap policy Petr Tesarik <petr(a)tesarici.cz> net: stmmac: protect updates of 64-bit statistics counters Petr Tesarik <petr(a)tesarici.cz> net: stmmac: fix ethtool per-queue statistics Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: fix incorrect rxq|txq_stats reference Johan Hovold <johan(a)kernel.org> usb: gadget: lpc32xx_udc: fix clock imbalance in error path David Hildenbrand <david(a)redhat.com> mm: (un)track_pfn_copy() fix + doc improvements David Hildenbrand <david(a)redhat.com> kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() Su Hui <suhui(a)nfschina.com> net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Amitai Gottlieb <amitaig(a)hailo.ai> firmware: arm_scmi: Fix unused notifier-block in unregister Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: fix tty_port_tty_*hangup() kernel-doc Ming Lei <ming.lei(a)redhat.com> blk-mq: setup queue ->tag_set before initializing hctx Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Gabriel Krisman Bertazi <krisman(a)suse.de> ext4: fix error message when rejecting the default hash Jason Yan <yanaijie(a)huawei.com> ext4: factor out ext4_hash_info_init() Lizhi Xu <lizhi.xu(a)windriver.com> ext4: filesystems without casefold feature cannot be mounted with siphash Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Apply the link chain quirk on NEC isoc endpoints Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: move link chain bit quirk checks into one helper function. Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix a null-ptr access in the cursor snooper Hugh Dickins <hughd(a)google.com> mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Peter Xu <peterx(a)redhat.com> mm/mprotect: use long for page accountings and retval David Hildenbrand <david(a)redhat.com> x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() Ma Wupeng <mawupeng1(a)huawei.com> x86/mm/pat: clear VM_PAT if copy_p4d_range failed Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Remove improper idxd_free Justin Stitt <justinstitt(a)google.com> KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows Johan Hovold <johan(a)kernel.org> iommu/qcom: fix device leak on of_xlate() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Index contexts by asid number to allow asid 0 AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> iommu/qcom: Use the asid read from device-tree if specified Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/arm-smmu: Convert to platform remove callback returning void Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/arm-smmu: Drop if with an always false condition Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 file creation neglects setting ACL Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbgtty: fix device unregister: fixup Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: introduce and use tty_port_tty_vhangup() helper Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: Make uart_remove_one_port() return void Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Thomas Zimmermann <tzimmermann(a)suse.de> drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Christian König <christian.koenig(a)amd.com> drm/amdgpu: cleanup scheduler job initialization v2 Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() NeilBrown <neil(a)brown.name> lockd: fix vfs_test_lock() calls Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection Wentao Liang <vulab(a)iscas.ac.cn> pmdomain: imx: Fix reference count leak in imx_gpc_probe() Rob Herring <robh(a)kernel.org> pmdomain: Use device_get_match_data() Haoxiang Li <haoxiang_li2024(a)163.com> media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Remove vpu_vb_is_codecconfig Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Make some vpu_v4l2 functions static Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Add a frame flush mode for decoder Dongli Zhang <dongli.zhang(a)oracle.com> KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() David Hildenbrand <david(a)redhat.com> mm/balloon_compaction: we cannot have isolated pages in the balloon list Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix disabling L0s capability Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix CPU stalls on G2 bus error Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix OF node leak on probe Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ASoC: stm: stm32_sai_sub: Convert to platform remove callback returning void Joanne Koong <joannelkoong(a)gmail.com> fuse: fix readahead reclaim deadlock Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix clk prepare imbalance on probe failure Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: stm32: sai: Use the devm_clk_get_optional() helper Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leaks on probe() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> iommu/mtk_iommu_v1: Convert to platform remove callback returning void Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix use-after-free on probe deferral Yong Wu <yong.wu(a)mediatek.com> iommu/mediatek: Improve safety for mediatek,smi property in larb nodes Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama7g5: fix uart fifo size to 32 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 Shivani Agarwal <shivani.agarwal(a)broadcom.com> crypto: af_alg - zero initialize memory allocated via sock_kmalloc Filipe Manana <fdmanana(a)suse.com> btrfs: don't log conflicting inode if it's a dir moved in the current transaction Joshua Rogers <linux(a)joshua.hu> SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap Chao Yu <chao(a)kernel.org> f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() Chao Yu <chao(a)kernel.org> f2fs: use global inline_xattr_slab instead of per-sb slab cache Chao Yu <chao(a)kernel.org> f2fs: fix to propagate error from f2fs_enable_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating compression context during writeback Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: drop inode from the donation list when the last file is closed Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: keep POSIX_FADV_NOREUSE ranges Chao Yu <chao(a)kernel.org> f2fs: remove unused GC_FAILURE_PIN Chao Yu <chao(a)kernel.org> f2fs: fix to avoid updating zero-sized extent in extent cache Seunghwan Baek <sh8267.baek(a)samsung.com> scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error Udipto Goswami <udipto.goswami(a)oss.qualcomm.com> usb: dwc3: keep susphy enabled during exit to avoid controller faults Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ignore unknown endpoint flags Johan Hovold <johan(a)kernel.org> usb: ohci-nxp: fix device leak on probe failure Zhang Zekun <zhangzekun11(a)huawei.com> usb: ohci-nxp: Use helper function devm_clk_get_enabled() Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid deadlock on fallback while reinjecting Fedor Pchelkin <pchelkin(a)ispras.ru> ext4: fix string copying in parse_apply_sb_mount_options() Ye Bin <yebin10(a)huawei.com> jbd2: fix the inconsistency between checksum and data in memory for journal sb Alexey Velichayshiy <a.velichayshiy(a)ispras.ru> gfs2: fix freeze error handling Josef Bacik <josef(a)toxicpanda.com> btrfs: don't rewrite ret from inode_permission Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de> wifi: mt76: Fix DTS power-limits on little endian systems Marc Kleine-Budde <mkl(a)pengutronix.de> can: gs_usb: gs_can_open(): fix error handling Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Fix integer overflow in sample size validation Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use standard print API Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Clear substream pointers on close Takashi Iwai <tiwai(a)suse.de> ALSA: wavefront: Use guard() for spin locks Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Kuniyuki Iwashima <kuniyu(a)google.com> mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). Omar Sandoval <osandov(a)fb.com> KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Use EMULTYPE flag to track write #PFs to shadow pages Dong Chenchen <dongchenchen2(a)huawei.com> page_pool: Fix use-after-free in page_pool_recycle_in_ring Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix out-of-bounds in parse_sec_desc() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Baokun Li <libaokun1(a)huawei.com> fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Martin Nybo Andersen <tweek(a)tweek.dk> kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory failure from damon_test_target() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() Hari Bathini <hbathini(a)linux.ibm.com> powerpc/64s/radix/kfence: map __kfence_pool at page granularity Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com> tpm: Cap the number of PCR banks Ming Lei <ming.lei(a)redhat.com> blk-mq: add helper for checking if one CPU is mapped to specified hctx Lyude Paul <lyude(a)redhat.com> drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Krzysztof Niemiec <krzysztof.niemiec(a)intel.com> drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer René Rebe <rene(a)exactco.de> drm/mgag200: Fix big-endian support Simon Richter <Simon.Richter(a)hogyros.de> drm/ttm: Avoid NULL pointer deref for evicted BOs Miaoqian Lin <linmq006(a)gmail.com> drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Xiaolei Wang <xiaolei.wang(a)windriver.com> net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Deepanshu Kartikey <kartikey406(a)gmail.com> net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Ethan Nelson-Moore <enelsonmoore(a)gmail.com> net: usb: sr9700: fix incorrect command used to write single register Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> nfsd: Drop the client reference in client_states_open() Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Zero-extend bpf_tail_call() index Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> fjes: Add missing iounmap in fjes_hw_init() Guangshuo Li <lgs201920130244(a)gmail.com> e1000: fix OOB in e1000_tbi_should_accept() Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/cm: Fix leaking the multicast GID table reference Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly Matthew Wilcox (Oracle) <willy(a)infradead.org> idr: fix idr_alloc() returning an ID out of range Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: refactor pcpu kasan vmalloc unpoison H. Peter Anvin <hpa(a)zytor.com> compiler_types.h: add "auto" as a macro for "__auto_type" WangYuli <wangyl5933(a)chinaunicom.cn> LoongArch: Use __pmd()/__pte() for swap entry conversions Qiang Ma <maqianga(a)uniontech.com> LoongArch: Correct the calculation logic of thread_count Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add new PCI ID for pci_fixup_vgadev() Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Cancel message work before releasing the VPU core Johan Hovold <johan(a)kernel.org> media: vpif_display: fix section mismatch Johan Hovold <johan(a)kernel.org> media: vpif_capture: fix section mismatch Haotian Zhang <vulab(a)iscas.ac.cn> media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Protect G2 HEVC decoder against invalid DPB index Duoming Zhou <duoming(a)zju.edu.cn> media: TDA1997x: Remove redundant cancel_delayed_work in probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: samsung: exynos4-is: fix potential ABBA deadlock on init Miaoqian Lin <linmq006(a)gmail.com> media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled Ivan Abramov <i.abramov(a)mt-integration.ru> media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Haotian Zhang <vulab(a)iscas.ac.cn> media: cec: Fix debugfs leak on bus_register() failure René Rebe <rene(a)exactco.de> fbdev: tcx.c fix mem_map to correct smem_start offset Thorsten Blum <thorsten.blum(a)linux.dev> fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Rene Rebe <rene(a)exactco.de> fbdev: gbefb: fix to use physical address instead of dma address Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: align write boundary on physical block size Uladzislau Rezki (Sony) <urezki(a)gmail.com> dm-ebs: Mark full buffer dirty even on partial write Mahesh Rao <mahesh.rao(a)altera.com> firmware: stratix10-svc: Add mutex in stratix10 memory management Ivan Abramov <i.abramov(a)mt-integration.ru> media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() David Hildenbrand <david(a)redhat.com> powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION Sven Schnelle <svens(a)stackframe.org> parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Sven Schnelle <svens(a)stackframe.org> parisc: entry.S: fix space adjustment on interruption for 64-bit userspace Haotian Zhang <vulab(a)iscas.ac.cn> media: rc: st_rc: Fix reset control resource leak Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77620: Fix potential IRQ chip conflict when probing two devices Johan Hovold <johan(a)kernel.org> mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Enable chip before any communication Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Allow LED 0 to be added to module bank Donet Tom <donettom(a)linux.ibm.com> powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dave Vasilevsky <dave(a)vasilevsky.ca> powerpc, mm: Fix mprotect on book3s 32-bit Lukas Wunner <lukas(a)wunner.de> PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Hans de Goede <johannes.goede(a)oss.qualcomm.com> HID: logitech-dj: Remove duplicate error logging Johan Hovold <johan(a)kernel.org> iommu/tegra: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/sun50i: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/omap: fix device leaks on probe_device() Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/ipmmu-vmsa: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/exynos: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/apple-dart: fix device leak on of_xlate() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6adm: the the copp device only during last instance Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6asm-dai: perform correct state check before closing Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix device leak on probe Matthew Wilcox (Oracle) <willy(a)infradead.org> ntfs: Do not overwrite uptodate pages Yipeng Zou <zouyipeng(a)huawei.com> selftests/ftrace: traceonoff_triggers: strip off names Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: skip CPU offline notify on unmapped hctx Ming Lei <ming.lei(a)redhat.com> blk-mq: don't schedule block kworker on isolated CPUs Frederic Weisbecker <frederic(a)kernel.org> sched/isolation: add cpu_is_isolated() API Thomas Fourier <fourier.thomas(a)gmail.com> RDMA/bnxt_re: fix dma_free_coherent() pointer Honggang LI <honggangli(a)163.com> RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to use correct page size for PDE table Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() Jang Ingyu <ingyujang25(a)korea.ac.kr> RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Remove possible negative shift Michal Schmidt <mschmidt(a)redhat.com> RDMA/irdma: avoid invalid read in irdma_net_event Pwnverse <stanksal(a)purdue.edu> net: rose: fix invalid array index in rose_kill_by_device() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix reference count leak when using error routes with nexthop objects Will Rosenberg <whrosenb(a)asu.edu> ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wei Fang <wei.fang(a)nxp.com> net: stmmac: fix the crash issue for zero copy XDP_TX action Jisheng Zhang <jszhang(a)kernel.org> net: stmmac: use per-queue 64 bit statistics where necessary Teoh Ji Sheng <ji.sheng.teoh(a)intel.com> net: stmmac: xgmac: add ethtool per-queue irq statistic support Song Yoong Siang <yoong.siang.song(a)intel.com> net: stmmac: introduce wrapper for struct xdp_buff Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: dwmac4: Allow platforms to specify some DMA/MTL offsets Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Pass stmmac_priv in some callbacks Andrew Halaney <ahalaney(a)redhat.com> net: stmmac: Remove some unnecessary void pointers Revanth Kumar Uppala <ruppala(a)nvidia.com> net: stmmac: Power up SERDES after the PHY link Anshumali Gaur <agaur(a)marvell.com> octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Bagas Sanjaya <bagasdotme(a)gmail.com> net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Deepanshu Kartikey <kartikey406(a)gmail.com> net: usb: asix: validate PHY address before use Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: skip multicast entries for fdb_dump() Thomas Fourier <fourier.thomas(a)gmail.com> firewire: nosy: Fix dma_free_coherent() size Andrew Morton <akpm(a)linux-foundation.org> genalloc.h: fix htmldocs warning Yeoreum Yun <yeoreum.yun(a)arm.com> smc91x: fix broken irq-context in PREEMPT_RT Alice C. Munduruca <alice.munduruca(a)canonical.com> selftests: net: fix "buffer overflow detected" for tap.c Deepakkumar Karn <dkarn(a)redhat.com> net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Jiri Pirko <jiri(a)nvidia.com> team: fix check for port enabled in team_queue_override_port_prio_changed() Junrui Luo <moonafterrain(a)outlook.com> platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic Thomas Fourier <fourier.thomas(a)gmail.com> platform/x86: msi-laptop: add missing sysfs_remove_group() Eric Dumazet <edumazet(a)google.com> ip6_gre: make ip6gre_header() robust Toke Høiland-Jørgensen <toke(a)redhat.com> net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Jacky Chou <jacky_chou(a)aspeedtech.com> net: mdio: aspeed: add dummy read to avoid read-after-write issue Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: revert use of devm_kzalloc in btusb Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Kohei Enju <enjuk(a)amazon.com> iavf: fix off-by-one issues in iavf_config_rss_reg() Gregory Herrero <gregory.herrero(a)oracle.com> i40e: validate ring_len parameter against hardware-specific values Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor argument of i40e_detect_recover_hung() Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor argument of several client notification functions Przemyslaw Korba <przemyslaw.korba(a)intel.com> i40e: fix scheduling in set_rx_mode Aloka Dixit <aloka.dixit(a)oss.qualcomm.com> wifi: mac80211: do not use old MBSSID elements Aloka Dixit <quic_alokad(a)quicinc.com> mac80211: support RNR for EMA AP Aloka Dixit <quic_alokad(a)quicinc.com> cfg80211: support RNR for EMA AP Aloka Dixit <quic_alokad(a)quicinc.com> wifi: mac80211: generate EMA beacons in AP mode Avraham Stern <avraham.stern(a)intel.com> wifi: nl80211: add a command to enable/disable HW timestamping Aloka Dixit <quic_alokad(a)quicinc.com> wifi: nl80211: validate and configure puncturing bitmap Aloka Dixit <quic_alokad(a)quicinc.com> wifi: cfg80211: move puncturing bitmap validation from mac80211 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: mlme: handle EHT channel puncturing Vinayak Yadawad <vinayak.yadawad(a)broadcom.com> cfg80211: Update Transition Disable policy during port authorization Dan Carpenter <dan.carpenter(a)linaro.org> wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (w83791d) Convert macros to functions to avoid TOCTOU Gui-Dong Han <hanguidong02(a)gmail.com> hwmon: (max16065) Use local variable to avoid TOCTOU Ma Ke <make24(a)iscas.ac.cn> i2c: amd-mp2: fix reference leak in MP2 PCI device Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> platform/x86: intel: chtwc_int33fe: don't dereference swnode args Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> rpmsg: glink: fix rpmsg device leak Johan Hovold <johan(a)kernel.org> soc: amlogic: canvas: fix device leak on lookup Johan Hovold <johan(a)kernel.org> soc: qcom: ocmem: fix device leak on lookup Johan Hovold <johan(a)kernel.org> amba: tegra-ahb: Fix device leak on SMMU enable Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() Prithvi Tambewagh <activprithvi(a)gmail.com> io_uring: fix filename leak in __io_openat_prep() Jens Axboe <axboe(a)kernel.dk> io_uring/poll: correctly handle io_poll_add() return value on update Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/kexec: Enable SMT before waking offline CPUs Joshua Rogers <linux(a)joshua.hu> svcrdma: return 0 on success from svc_rdma_copy_inline_range Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> nfsd: Mark variable __maybe_unused to avoid W=1 build break Amir Goldstein <amir73il(a)gmail.com> fsnotify: do not generate ACCESS/MODIFY events on child for special files René Rebe <rene(a)exactco.de> r8169: fix RTL8117 Wake-on-Lan in DASH mode Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Do not clear needs_force_resume with enabled runtime PM Steven Rostedt <rostedt(a)goodmis.org> tracing: Do not register unsupported perf events Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> xfs: fix a memory leak in xfs_buf_item_init() Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits Sean Christopherson <seanjc(a)google.com> KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation Jim Mattson <jmattson(a)google.com> KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer fuqiang wang <fuqiang.wng(a)gmail.com> KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() Sean Christopherson <seanjc(a)google.com> KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 Ilya Dryomov <idryomov(a)gmail.com> libceph: make decode_pool() more resilient against corrupted osdmaps Helge Deller <deller(a)gmx.de> parisc: Do not reprogram affinitiy on ASP chip Zhichi Lin <zhichi.lin(a)vivo.com> scs: fix a wrong parameter in __scs_magic Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver Maxim Levitsky <mlevitsk(a)redhat.com> KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) Prithvi Tambewagh <activprithvi(a)gmail.com> ocfs2: fix kernel BUG in ocfs2_find_victim_chain Jeongjun Park <aha310510(a)gmail.com> media: vidtv: initialize local pointers upon transfer of memory ownership Alison Schofield <alison.schofield(a)intel.com> tools/testing/nvdimm: Use per-DIMM device handle Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_recover_fsync_data() Deepanshu Kartikey <kartikey406(a)gmail.com> f2fs: invalidate dentry cache on failed whiteout creation Andrey Vatoropin <a.vatoropin(a)crpt.ru> scsi: target: Reset t_task_cdb pointer in error case Dai Ngo <dai.ngo(a)oracle.com> NFSD: use correct reservation type in nfsd4_scsi_fence_client Junrui Luo <moonafterrain(a)outlook.com> scsi: aic94xx: fix use-after-free in device removal path Tony Battersby <tonyb(a)cybernetics.com> scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" Miaoqian Lin <linmq006(a)gmail.com> cpufreq: nforce2: fix reference count leak in nforce2 Ma Ke <make24(a)iscas.ac.cn> intel_th: Fix error handling in intel_th_output_open Tianchu Chen <flynnnchen(a)tencent.com> char: applicom: fix NULL pointer dereference in ac_ioctl Haoxiang Li <haoxiang_li2024(a)163.com> usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() Miaoqian Lin <linmq006(a)gmail.com> usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe Johan Hovold <johan(a)kernel.org> usb: phy: isp1301: fix non-OF device reference imbalance Duoming Zhou <duoming(a)zju.edu.cn> usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal Ma Ke <make24(a)iscas.ac.cn> USB: lpc32xx_udc: Fix error handling in probe Johan Hovold <johan(a)kernel.org> phy: broadcom: bcm63xx-usbh: fix section mismatches Colin Ian King <colin.i.king(a)gmail.com> media: pvrusb2: Fix incorrect variable used in trace message Jeongjun Park <aha310510(a)gmail.com> media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: Maintain minimal modifications to the bcdDevice range. Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-mem2mem: Fix outdated documentation Byungchul Park <byungchul(a)sk.com> jbd2: use a weaker annotation in journal handling Baokun Li <libaokun1(a)huawei.com> ext4: align max orphan file size with e2fsprogs limit Yongjian Sun <sunyongjian1(a)huawei.com> ext4: fix incorrect group number assertion in mb_check_buddy Haibo Chen <haibo.chen(a)nxp.com> ext4: clear i_state_flags when alloc inode Karina Yankevich <k.yankevich(a)omp.ru> ext4: xattr: fix null pointer deref in ext4_raw_inode() Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Fix uninitialized var in config-bisect.pl Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: fix mount failure for sparse runs in run_unpack() Zheng Yejian <zhengyejian(a)huaweicloud.com> kallsyms: Fix wrong "big" kernel symbol type read from procfs Rene Rebe <rene(a)exactco.de> floppy: fix for PAGE_SIZE != 4KB Li Chen <chenl311(a)chinatelecom.cn> block: rate-limit capacity change info log Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: Fix gendisk parent after copy pair swap Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit Sarthak Garg <sarthak.garg(a)oss.qualcomm.com> mmc: sdhci-msm: Avoid early clock doubling during HS400 transition Jarkko Sakkinen <jarkko(a)kernel.org> KEYS: trusted: Fix a memory leak in tpm2_load_cmd Stefano Garzarella <sgarzare(a)redhat.com> vhost/vsock: improve RCU read sections around vhost_vsock_get() Dan Carpenter <dan.carpenter(a)linaro.org> block: rnbd-clt: Fix signedness bug in init_dev() Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks Daniel Wagner <wagi(a)kernel.org> nvme-fc: don't hold rport lock when putting ctrl Wenhua Lin <Wenhua.Lin(a)unisoc.com> serial: sprd: Return -EPROBE_DEFER when uart clock is not ready Chen Changcheng <chenchangcheng(a)kylinos.cn> usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: xhci: limit run_graceperiod for only usb 3.0 devices Pei Xiao <xiaopei01(a)kylinos.cn> iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains Mark Pearson <mpearson-lenovo(a)squebb.ca> usb: typec: ucsi: Handle incorrect num_connectors capability Lizhi Xu <lizhi.xu(a)windriver.com> usbip: Fix locking bug in RT-enabled kernels Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix remount failure in different process environments Encrow Thorne <jyc0019(a)gmail.com> reset: fix BIT macro reference Li Qiang <liqiang01(a)kylinos.cn> via_wdt: fix critical boot hang due to unnamed resource allocation Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Use reinit_completion on mbx_intr_comp Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled Ben Collins <bcollins(a)kernel.org> powerpc/addnote: Fix overflow on 32-bit builds Josua Mayer <josua(a)solid-run.com> clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 Matthias Schiffer <matthias.schiffer(a)tq-group.com> ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: Init workqueue before request mbox channel Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix __scan_channels() failing to rescan channels Jinhui Guo <guojinhui.liam(a)bytedance.com> ipmi: Fix the race between __scan_channels() and deliver_response() Shipei Qu <qu(a)darknavy.com> ALSA: usb-mixer: us16x08: validate meter packet indices Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ALSA: vxpocket: Fix resource leak in vxpocket_probe error path Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() Jared Kangas <jkangas(a)redhat.com> mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig Christophe Leroy <christophe.leroy(a)csgroup.eu> spi: fsl-cpm: Check length parity before switching to 16 bit mode Pengjie Zhang <zhangpengjie2(a)huawei.com> ACPI: CPPC: Fix missing PCC check for guaranteed_perf Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table Junjie Cao <junjie.cao(a)intel.com> Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Ping Cheng <pinglinux(a)gmail.com> HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix buffer validation by including null terminator size in EA length Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Fix refcount leak when invalid session is found on session lookup Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: skip lock-range check on equal size to avoid size==0 underflow Thomas Fourier <fourier.thomas(a)gmail.com> block: rnbd-clt: Fix leaked ID in init_dev() Anurag Dutta <a-dutta(a)ti.com> spi: cadence-quadspi: Fix clock disable on probe failure path Yang Yingliang <yangyingliang(a)huawei.com> spi: cadence-quadspi: add missing clk_disable_unprepare() in cqspi_probe() William Qiu <william.qiu(a)starfivetech.com> spi: cadence-quadspi: Add clock configuration for StarFive JH7110 QSPI Brad Larson <blarson(a)amd.com> spi: cadence-quadspi: Add compatible for AMD Pensando Elba SoC William Qiu <william.qiu(a)starfivetech.com> spi: cadence-quadspi: Add support for StarFive JH7110 QSPI Juergen Gross <jgross(a)suse.com> x86/xen: Fix sparse warning in enlighten_pv.c Brian Gerst <brgerst(a)gmail.com> x86/xen: Move Xen upcall handler Haoxiang Li <haoxiang_li2024(a)163.com> MIPS: Fix a reference leak bug in ip22_check_gio() Alexey Simakov <bigalex934(a)gmail.com> hwmon: (tmp401) fix overflow caused by default conversion rate value Junrui Luo <moonafterrain(a)outlook.com> hwmon: (ibmpex) fix use-after-free in high/low store Jian Shen <shenjian15(a)huawei.com> net: hns3: add VLAN id validation before using Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx Jian Shen <shenjian15(a)huawei.com> net: hns3: using the num_tqps in the vf driver to apply for resources Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Handle escaped percent properly Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Validate format string parameters Shay Drory <shayd(a)nvidia.com> net/mlx5: fw_tracer, Add support for unrecognized string Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Drain firmware reset in shutdown callback Parav Pandit <parav(a)mellanox.com> net/mlx5: Create a new profile for SFs Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, clear reset requested on drain_fw_reset Gal Pressman <gal(a)nvidia.com> ethtool: Avoid overflowing userspace buffer on stats query Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats Dan Carpenter <dan.carpenter(a)linaro.org> nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() Victor Nogueira <victor(a)mojatatu.com> net/sched: ets: Remove drr class from the active list if it changes to strict Junrui Luo <moonafterrain(a)outlook.com> caif: fix integer underflow in cffrml_receive() Slavin Liu <slavin452(a)gmail.com> ipvs: fix ipv4 null-ptr-deref in route error path Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: fix leaked ct in error paths Alexey Simakov <bigalex934(a)gmail.com> broadcom: b44: prevent uninitialized value usage Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix middle attribute validation in push_nsh() action Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix neighbour use-after-free Dmitry Skorodumov <skorodumov.dmitry(a)huawei.com> ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() Jamal Hadi Salim <jhs(a)mojatatu.com> net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change Wang Liang <wangliang74(a)huawei.com> netrom: Fix memory leak in nr_sendmsg() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix use of bio_chain Gongwei Li <ligongwei(a)kylinos.cn> Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix return value of smb2_ioctl() Qu Wenruo <wqu(a)suse.com> btrfs: scrub: always update btrfs_scrub_progress::last_physical Hans de Goede <hansg(a)kernel.org> wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/073 Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: Verify inode mode when loading from disk Yang Chenzhi <yang.chenzhi(a)vivo.com> hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix volume corruption issue for generic/070 Mikhail Malyshev <mike.malyshev(a)gmail.com> kbuild: Use objtree for module signing key path Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Support timestamps prior to epoch Song Liu <song(a)kernel.org> livepatch: Match old_sympos 0 and 1 in klp_find_func() Shuhao Fu <sfual(a)cse.ust.hk> cpufreq: s5pv210: fix refcount leak Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only Cryolitia PukNgae <cryolitia.pukngae(a)linux.dev> ACPICA: Avoid walking the Namespace if start_node is NULL Peter Zijlstra <peterz(a)infradead.org> x86/ptrace: Always inline trivial accessors Peter Zijlstra <peterz(a)infradead.org> sched/fair: Revert max_newidle_lb_cost bump Doug Berger <opendmb(a)gmail.com> sched/deadline: only set free_cpus for online runqueues George Kennedy <george.kennedy(a)oracle.com> perf/x86/amd: Check event before enable to avoid GPF Deepanshu Kartikey <kartikey406(a)gmail.com> btrfs: fix memory leak of fs_devices in degraded seed device path Ondrej Mosnacek <omosnace(a)redhat.com> bpf, arm64: Do not audit capability check in do_jit() Filipe Manana <fdmanana(a)suse.com> btrfs: do not skip logging new dentries when logging a new name Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: get channel status data when PHY is not exists Junrui Luo <moonafterrain(a)outlook.com> ALSA: dice: fix buffer overflow in detect_stream_formats() Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> usb: phy: Initialize struct usb_phy list_head Haotien Hsu <haotienh(a)nvidia.com> usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Allocate rings outside ZONE_DMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add machine_kexec_mask_interrupts() implementation Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix memory leak in ocfs2_merge_rec_left() Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Adjust infopfx size to accept an extra space Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Add a new helper function to print bitmasks Haotian Zhang <vulab(a)iscas.ac.cn> dm log-writes: Add missing set_freezable() for freezable kthread Alexey Simakov <bigalex934(a)gmail.com> dm-raid: fix possible NULL dereference with undefined raid type Liyuan Pang <pangliyuan1(a)huawei.com> ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: add bounds check in put_user loop for DSP events Haotian Zhang <vulab(a)iscas.ac.cn> rtc: gamecube: Check the return value of ioremap() Andres J Rosa <andyrosa(a)gmail.com> ALSA: uapi: Fix typo in asound.h comment Dave Kleikamp <dave.kleikamp(a)oracle.com> dma/pool: eliminate alloc_pages warning in atomic_pool_expand Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events shechenglong <shechenglong(a)xfusion.com> block: fix comment for op_is_zone_mgmt() to include RESET_ALL Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: Abort suspend when wakeup events are pending Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak5558: Disable regulator when error happens Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak4458: Disable regulator when error happens Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() Anton Khirnov <anton(a)khirnov.net> platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix inheritance of the block sizes when automounting Trond Myklebust <trond.myklebust(a)primarydata.com> Expand the type of nfs_fattr->valid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Ondrej Mosnacek <omosnace(a)redhat.com> fs_context: drop the unused lsm_flags member Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when mounting nfs" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: clear SB_RDONLY before getting superblock" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when remounting nfs" Jonathan Curley <jcurley(a)purestorage.com> NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in readdir and lookup Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix utf16 to utf8 conversion Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid changing nlink when file removes and attribute updates race Abdun Nihaal <nihaal(a)cse.iitm.ac.in> fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: single: Fix incorrect type for error return variable Matthijs Kooijman <matthijs(a)stdin.nl> pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix split kallsyms DSO counting Xiang Mei <xmei5(a)asu.edu> net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Yu Kuai <yukuai(a)fnnas.com> md/raid5: fix IO hang when array is broken with IO inflight Yu Kuai <yukuai3(a)huawei.com> md: export md_is_rdwr() and is_md_suspended() Alexandru Gagniuc <mr.nuke.me(a)gmail.com> remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Ivan Stepchenko <sid(a)itb.spb.ru> mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: stmmac: fix rx limit check in stmmac_rx_zc() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_connlimit: update the count if add was skipped Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: rework API to use sk_buff directly Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Ilias Stamatis <ilstam(a)amazon.com> Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: introduce is_type_match() helper and use it Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: replace open coded resource_intersection() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Reuse for_each_resource() macro Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> resource: Replace printk(KERN_WARNING) by pr_warn(), printk() by pr_info() sparkhuang <huangshaobo3(a)xiaomi.com> regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: catpt: Fix error path in hw_params() Michael S. Tsirkin <mst(a)redhat.com> virtio: fix virtqueue_set_affinity() docs Michael S. Tsirkin <mst(a)redhat.com> virtio: fix typo in virtio_device_ready() comment Alok Tiwari <alok.a.tiwari(a)oracle.com> virtio_vdpa: fix misleading return in void function Yongjian Sun <sunyongjian1(a)huawei.com> ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove unused return value of __mb_check_buddy René Rebe <rene(a)exactco.de> ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 Haotian Zhang <vulab(a)iscas.ac.cn> hwmon: sy7636a: Fix regulator_enable resource leak on error path Dan Carpenter <dan.carpenter(a)linaro.org> drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: clear the channel status control memory Chancel Liu <chancel.liu(a)nxp.com> ASoC: fsl_xcvr: Add support for i.MX93 platform Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: Add Counter registers Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_sc_ccq_arm Stephan Gerhold <stephan.gerhold(a)linaro.org> iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Randy Dunlap <rdunlap(a)infradead.org> backlight: lp855x: Fix lp855x.h kernel-doc warnings Luca Ceresoli <luca.ceresoli(a)bootlin.com> backlight: led-bl: Add devlink to supplier LEDs Mans Rullgard <mans(a)mansr.com> backlight: led_bl: Take led_access lock when required Ria Thomas <ria.thomas(a)morsemicro.com> wifi: ieee80211: correct FILS status codes Shawn Lin <shawn.lin(a)rock-chips.com> PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Jianglei Nie <niejianglei2021(a)163.com> staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Dinh Nguyen <dinguyen(a)kernel.org> firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Zilin Guan <zilin(a)seu.edu.cn> mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() Fangyu Yu <fangyu.yu(a)linux.alibaba.com> RISC-V: KVM: Fix guest page fault within HLV* instructions Haotian Zhang <vulab(a)iscas.ac.cn> crypto: ccree - Correctly handle return of sg_nents_for_len Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: skip test_perf_branches_hw() on unsupported platforms Gopi Krishna Menon <krishnagopi487(a)gmail.com> usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during suspend if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during shutdown if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: disable platform lowlevel hw resources during shutdown Oliver Neukum <oneukum(a)suse.com> usb: chaoskey: fix locking for O_NONBLOCK Zhao Yipeng <zhaoyipeng5(a)huawei.com> ima: Handle error code returned by ima_filter_rule_match() Seungjin Bae <eeodqql09(a)gmail.com> wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Chen Ridong <chenridong(a)huawei.com> cpuset: Treat cpusets in attaching as populated Alexander Dahl <ada(a)thorsis.com> net: phy: adin1100: Fix software power-down ready condition Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6358-irq: Fix missing irq_domain_remove() in error path Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6397-irq: Fix missing irq_domain_remove() in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: bcm2835: Make sure the channel is enabled after pwm_request() Jay Liu <jay.liu(a)mediatek.com> drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Prevent memory leaks in add sub record Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: out1 also needs to put mi Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Pu Lehui <pulehui(a)huawei.com> bpf: Fix invalid prog->stats access when update_effective_progs fails Jose Fernandez <josef(a)netflix.com> bpf: Improve program stats run-time calculation Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD/blocklayout: Fix minlength check in proc_layoutget Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: wdat_wdt: Fix ACPI table leak in probe function Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Check skb->transport_header is set in bpf_skb_check_mtu Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Fix failure paths in send_signal test Rene Rebe <rene(a)exactco.de> ps3disk: use memcpy_{from,to}_bvec index Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Exit ks_pcie_probe() for invalid mode Haotian Zhang <vulab(a)iscas.ac.cn> leds: netxbig: Fix GPIO descriptor leak in error paths Haotian Zhang <vulab(a)iscas.ac.cn> scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls Haotian Zhang <vulab(a)iscas.ac.cn> ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> lib/vsprintf: Check pointer before dereferencing in time_and_date() Haotian Zhang <vulab(a)iscas.ac.cn> clk: renesas: r9a06g032: Fix memory leak in error path Herve Codina <herve.codina(a)bootlin.com> soc: renesas: r9a06g032-sysctrl: Handle h2mode setting based on USBF presence Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Add context synchronization before enabling trace Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Extract the trace unit controlling Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Correct polling IDLE bit Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config unlock in nbd_genl_connect Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() Long Li <leo.lilong(a)huawei.com> macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix unpaired stwcx. on interrupt exit Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Edward Adam Davis <eadavis(a)qq.com> ntfs3: init run lock for extend inode Ma Ke <make24(a)iscas.ac.cn> RDMA/rtrs: server: Fix error handling in get_or_create_srv Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> dt-bindings: PCI: amlogic: Fix the register name of the DBI region Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Fix device resources accessed after device removal Kevin Barnett <kevin.barnett(a)microchip.com> scsi: smartpqi: Add abort handler Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Remove contention for raid_bypass_cnt Don Brace <don.brace(a)microchip.com> scsi: smartpqi: Convert to host_tagset Haotian Zhang <vulab(a)iscas.ac.cn> scsi: stex: Fix reboot_notifier leak in probe error path Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config put in recv_work Gabor Juhos <j4g8y7(a)gmail.com> regulator: core: disable supply if enabling main regulator fails Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Correct large PEBS flag check Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the checking of quota files before moving extents Haotian Zhang <vulab(a)iscas.ac.cn> mfd: da9055: Fix missing regmap_del_irq_chip() in error path Usama Arif <usamaarif642(a)gmail.com> efi/libstub: Fix page table access in 5-level to 4-level paging transition Usama Arif <usamaarif642(a)gmail.com> x86/boot: Fix page table access in 5-level to 4-level paging transition Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix timeout handling Bart Van Assche <bvanassche(a)acm.org> scsi: target: Do not write NUL characters into ASCII configfs output Ahelenia Ziemiańska <nabijaczleweli(a)nabijaczleweli.xyz> power: supply: apm_power: only unset own apm_get_power_status Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: wm831x: Check wm831x_set_bits() return value Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: cw2015: Check devm_delayed_work_autocancel() return code Shuai Xue <xueshuai(a)linux.alibaba.com> perf record: skip synthesize event when open evsel failed Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Prevent incomplete IBI transaction Frank Li <Frank.Li(a)nxp.com> i3c: fix refcount inconsistency in i3c_master_register Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: master: Inherit DMA masks and parameters from parent device Jeremy Kerr <jk(a)codeconstruct.com.au> i3c: Allow OF-alias-based persistent bus numbering Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: stm32: fix hwspinlock resource leak in probe function Haotian Zhang <vulab(a)iscas.ac.cn> soc: qcom: smem: fix hwspinlock resource leak in probe error paths Benjamin Berg <benjamin.berg(a)intel.com> tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Tengda Wu <wutengda(a)huaweicloud.com> x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Kuniyuki Iwashima <kuniyu(a)google.com> sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix PTP for VSC8574 and VSC8572 Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: fix OF node leak in Heiko Carstens <hca(a)linux.ibm.com> s390/ap: Don't leak debug feature files if AP instructions are not available Heiko Carstens <hca(a)linux.ibm.com> s390/smp: Fix fallback CPU detection Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: fix peer HE MCS assignment nieweiqiang <nieweiqiang(a)huawei.com> crypto: hisilicon/qm - restore original qos values Thorsten Blum <thorsten.blum(a)linux.dev> crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Li Qiang <liqiang01(a)kylinos.cn> uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> inet: Avoid ehash lookup race in inet_ehash_insert() Xuanqiang Luo <luoxuanqiang(a)kylinos.cn> rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() Sidharth Seela <sidharthseela(a)gmail.com> ntfs3: Fix uninit buffer allocated by __getname() Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> ntfs3: fix uninit memory after failed mi_read in mi_format_new Johan Hovold <johan(a)kernel.org> irqchip/qcom-irq-combiner: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/imx-mu-msi: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-brcmstb-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7120-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7038-l1: Fix section mismatch Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix weak symbol detection Peter Zijlstra <peterz(a)infradead.org> objtool: Fix find_{symbol,func}_containing() Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Seungjin Bae <eeodqql09(a)gmail.com> USB: Fix descriptor count when handling invalid MBIM extended descriptor Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/vgem-fence: Fix potential deadlock on release Guido Günther <agx(a)sigxcpu.org> drm/panel: visionox-rm69299: Don't clear all mode flags Mainak Sen <msen(a)nvidia.com> gpu: host1x: Fix race in syncpt alloc/free Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: unprivileged task can create labels Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Navaneeth K <knavaneeth786(a)gmail.com> staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: check device's attached status in compat ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: multiq3: sanitize config options in multiq3_attach() Ian Abbott <abbotti(a)mev.co.uk> comedi: c6xdigio: Fix invalid PNP driver unregistration Linus Torvalds <torvalds(a)linux-foundation.org> samples: work around glibc redefining some of our defines wrong Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Mask all interrupts during kexec/kdump Naoki Ueki <naoki25519(a)gmail.com> HID: elecom: Add support for ELECOM M-XT3URBK (018F) Jia Ston <ston.jia(a)outlook.com> platform/x86: huawei-wmi: add keys for HONOR models April Grimoire <april(a)aprilg.moe> HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list Armin Wolf <W_Armin(a)gmx.de> platform/x86: acer-wmi: Ignore backlight event Praveen Talari <praveen.talari(a)oss.qualcomm.com> pinctrl: qcom: msm: Fix deadlock in pinmux configuration Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> bfs: Reconstruct file type when loading from disk Lushih Hsieh <bruce(a)mail.kh.edu.tw> ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series Yiqi Sun <sunyiqixm(a)gmail.com> smb: fix invalid username check in smb3_fs_context_parse_param() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Use kref in vmw_bo_dirty Robin Gong <yibin.gong(a)nxp.com> spi: imx: keep dma request disabled before dma transfer setup Alvaro Gamez Machado <alvaro.gamez(a)hazent.com> spi: xilinx: increase number of retries before declaring stall Song Liu <song(a)kernel.org> ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() Johan Hovold <johan(a)kernel.org> USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC Johan Hovold <johan(a)kernel.org> USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC Magne Bruno <magne.bruno(a)addi-data.com> serial: add support of CPCI cards Johan Hovold <johan(a)kernel.org> USB: serial: ftdi_sio: match on interface number for jtag Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: move Telit 0x10c7 composition in the right place Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 new compositions Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W760 Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Alexey Nepomnyashih <sdl(a)nppct.ru> ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> locking/spinlock/debug: Fix data-race in do_raw_write_lock Qianchang Zhao <pioooooooooip(a)gmail.com> ksmbd: ipc: fix use-after-free in ipc_msg_send_request Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: refresh inline data size before write operations Ye Bin <yebin10(a)huawei.com> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: process: Also mention Sasha Levin as stable tree maintainer Stefan Kalscheuer <stefan(a)stklcode.de> leds: spi-byte: Use devm_led_classdev_register_ext() Azeem Shaikh <azeemshaikh38(a)gmail.com> leds: Replace all non-returning strlcpy with strscpy Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> Revert "xfrm: destroy xfrm_state synchronously on net exit path" Sabrina Dubroca <sd(a)queasysnail.net> xfrm: delete x->tunnel as we delete x ------------- Diffstat: .../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 134 +++++++++++ .../devicetree/bindings/pci/amlogic,meson-pcie.txt | 70 ------ Documentation/driver-api/tty/tty_port.rst | 5 +- Documentation/filesystems/mount_api.rst | 1 - Documentation/process/2.Process.rst | 6 +- Makefile | 4 +- arch/arm/boot/dts/sama5d2.dtsi | 10 +- arch/arm/boot/dts/sama7g5.dtsi | 4 +- arch/arm/include/asm/word-at-a-time.h | 10 +- .../boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 - arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 +- arch/arm64/kvm/Makefile | 3 + arch/arm64/net/bpf_jit_comp.c | 2 +- arch/loongarch/include/asm/pgtable.h | 4 +- arch/loongarch/kernel/machine_kexec.c | 24 ++ arch/loongarch/kernel/setup.c | 8 +- arch/loongarch/net/bpf_jit.c | 2 + arch/loongarch/pci/pci.c | 2 + arch/mips/sgi-ip22/ip22-gio.c | 3 +- arch/parisc/kernel/asm-offsets.c | 2 + arch/parisc/kernel/entry.S | 16 +- arch/powerpc/boot/addnote.c | 7 +- arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/include/asm/kfence.h | 11 +- arch/powerpc/kernel/entry_32.S | 10 +- arch/powerpc/kernel/process.c | 5 - arch/powerpc/kexec/core_64.c | 19 ++ arch/powerpc/mm/book3s32/tlb.c | 9 + arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/radix_pgtable.c | 84 ++++++- arch/powerpc/mm/book3s64/slb.c | 88 ------- arch/powerpc/mm/init-common.c | 3 + arch/powerpc/mm/ptdump/hashpagetable.c | 6 + arch/powerpc/platforms/pseries/cmm.c | 5 +- arch/riscv/kvm/vcpu_insn.c | 22 ++ arch/s390/kernel/smp.c | 1 + arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/crypto/blake2s-core.S | 4 +- arch/x86/entry/common.c | 72 ------ arch/x86/events/amd/core.c | 7 +- arch/x86/events/intel/core.c | 4 +- arch/x86/include/asm/kvm_host.h | 46 ++-- arch/x86/include/asm/ptrace.h | 20 +- arch/x86/kernel/dumpstack.c | 23 +- arch/x86/kvm/lapic.c | 32 ++- arch/x86/kvm/mmu/mmu.c | 5 +- arch/x86/kvm/mmu/mmu_internal.h | 12 +- arch/x86/kvm/mmu/paging_tmpl.h | 4 +- arch/x86/kvm/svm/nested.c | 6 +- arch/x86/kvm/svm/svm.c | 78 +++--- arch/x86/kvm/svm/svm.h | 7 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 61 +++-- arch/x86/mm/pat/memtype.c | 50 ++-- arch/x86/xen/enlighten_pv.c | 69 ++++++ block/blk-mq.c | 103 ++++++-- block/genhd.c | 2 +- crypto/af_alg.c | 5 +- crypto/algif_hash.c | 3 +- crypto/algif_rng.c | 3 +- crypto/asymmetric_keys/asymmetric_type.c | 12 +- crypto/seqiv.c | 8 +- drivers/acpi/acpica/nswalk.c | 9 +- drivers/acpi/apei/ghes.c | 16 +- drivers/acpi/cppc_acpi.c | 3 +- drivers/acpi/processor_core.c | 2 +- drivers/acpi/property.c | 9 +- drivers/amba/tegra-ahb.c | 1 + drivers/base/power/runtime.c | 22 +- drivers/block/floppy.c | 2 +- drivers/block/nbd.c | 5 +- drivers/block/ps3disk.c | 4 + drivers/block/rnbd/rnbd-clt.c | 13 +- drivers/block/rnbd/rnbd-clt.h | 2 +- drivers/bluetooth/btusb.c | 14 +- drivers/bus/ti-sysc.c | 11 +- drivers/char/applicom.c | 5 +- drivers/char/ipmi/ipmi_msghandler.c | 20 +- drivers/char/tpm/tpm-chip.c | 1 - drivers/char/tpm/tpm1-cmd.c | 5 - drivers/char/tpm/tpm2-cmd.c | 8 +- drivers/char/virtio_console.c | 2 +- drivers/clk/mvebu/cp110-system-controller.c | 20 ++ drivers/clk/renesas/r9a06g032-clocks.c | 34 ++- drivers/clk/renesas/renesas-cpg-mssr.c | 11 +- drivers/comedi/comedi_fops.c | 42 +++- drivers/comedi/drivers/c6xdigio.c | 46 +++- drivers/comedi/drivers/multiq3.c | 9 + drivers/comedi/drivers/pcl818.c | 5 +- drivers/cpufreq/cpufreq-nforce2.c | 3 + drivers/cpufreq/s5pv210-cpufreq.c | 6 +- drivers/crypto/ccree/cc_buffer_mgr.c | 6 +- drivers/crypto/hisilicon/qm.c | 14 +- drivers/dma/idxd/init.c | 1 - drivers/firewire/nosy.c | 10 +- drivers/firmware/arm_scmi/notify.c | 1 + drivers/firmware/efi/cper-arm.c | 52 ++-- drivers/firmware/efi/cper.c | 60 +++++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 +- drivers/firmware/imx/imx-scu-irq.c | 8 +- drivers/firmware/stratix10-svc.c | 12 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 44 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 58 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 22 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 61 ++--- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 12 +- drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 17 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 2 +- drivers/gpu/drm/gma500/framebuffer.c | 42 ---- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 ++- drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 +- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mgag200/mgag200_mode.c | 25 ++ drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 + drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 2 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 + drivers/gpu/drm/vgem/vgem_fence.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 +- drivers/gpu/host1x/syncpt.c | 4 +- drivers/hid/hid-apple.c | 1 + drivers/hid/hid-elecom.c | 6 +- drivers/hid/hid-ids.h | 3 +- drivers/hid/hid-input.c | 18 +- drivers/hid/hid-logitech-dj.c | 56 ++--- drivers/hid/hid-quirks.c | 3 +- drivers/hwmon/ibmpex.c | 9 +- drivers/hwmon/max16065.c | 7 +- drivers/hwmon/sy7636a-hwmon.c | 7 +- drivers/hwmon/tmp401.c | 2 +- drivers/hwmon/w83791d.c | 19 +- drivers/hwmon/w83l786ng.c | 26 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 130 ++++++---- drivers/hwtracing/intel_th/core.c | 20 +- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 +- drivers/i3c/master.c | 40 +++- drivers/i3c/master/svc-i3c-master.c | 22 +- drivers/iio/adc/ti_am335x_adc.c | 2 +- drivers/infiniband/core/addr.c | 33 +-- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/device.c | 5 + drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 +- drivers/infiniband/hw/efa/efa_verbs.c | 4 - drivers/infiniband/hw/irdma/ctrl.c | 3 + drivers/infiniband/hw/irdma/pble.c | 6 +- drivers/infiniband/hw/irdma/utils.c | 3 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 + drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 7 + drivers/input/touchscreen/ti_am335x_tsc.c | 2 +- drivers/interconnect/qcom/msm8996.c | 1 + drivers/iommu/amd/init.c | 43 ++-- drivers/iommu/apple-dart.c | 2 + drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 ++- drivers/iommu/arm/arm-smmu/arm-smmu.c | 12 +- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 56 +++-- drivers/iommu/exynos-iommu.c | 9 +- drivers/iommu/ipmmu-vmsa.c | 2 + drivers/iommu/mtk_iommu.c | 78 ++++-- drivers/iommu/mtk_iommu_v1.c | 30 ++- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 - drivers/iommu/sun50i-iommu.c | 2 + drivers/iommu/tegra-smmu.c | 5 +- drivers/irqchip/irq-bcm7038-l1.c | 8 +- drivers/irqchip/irq-bcm7120-l2.c | 17 +- drivers/irqchip/irq-brcmstb-l2.c | 12 +- drivers/irqchip/irq-imx-mu-msi.c | 14 +- drivers/irqchip/irq-mchp-eic.c | 2 +- drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/isdn/capi/capi.c | 8 +- drivers/leds/flash/leds-aat1290.c | 2 +- drivers/leds/led-class.c | 2 +- drivers/leds/leds-lp50xx.c | 67 ++++-- drivers/leds/leds-netxbig.c | 36 ++- drivers/leds/leds-spi-byte.c | 11 +- drivers/macintosh/mac_hid.c | 3 +- drivers/md/dm-bufio.c | 10 +- drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-log-writes.c | 1 + drivers/md/dm-raid.c | 2 + drivers/md/md.c | 16 -- drivers/md/md.h | 17 ++ drivers/md/raid5.c | 6 +- drivers/media/cec/core/cec-core.c | 1 + .../media/common/videobuf2/videobuf2-dma-contig.c | 1 + drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 11 +- drivers/media/i2c/msp3400-kthreads.c | 2 + drivers/media/i2c/tda1997x.c | 1 - drivers/media/platform/amphion/vpu_malone.c | 35 ++- drivers/media/platform/amphion/vpu_v4l2.c | 28 +-- drivers/media/platform/amphion/vpu_v4l2.h | 18 -- .../platform/mediatek/vcodec/mtk_vcodec_fw_vpu.c | 4 +- drivers/media/platform/renesas/rcar_drif.c | 1 + .../media/platform/samsung/exynos4-is/media-dev.c | 10 +- drivers/media/platform/ti/davinci/vpif_capture.c | 4 +- drivers/media/platform/ti/davinci/vpif_display.c | 4 +- drivers/media/platform/verisilicon/hantro_g2.c | 84 +++++-- .../platform/verisilicon/hantro_g2_hevc_dec.c | 17 +- .../media/platform/verisilicon/hantro_g2_regs.h | 13 + .../media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 - drivers/media/platform/verisilicon/hantro_hw.h | 1 + drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 + drivers/media/rc/st_rc.c | 2 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 + drivers/media/usb/dvb-usb/dtv5100.c | 5 + drivers/media/usb/pvrusb2/pvrusb2-hdw.c | 2 +- drivers/mfd/altera-sysmgr.c | 2 + drivers/mfd/da9055-core.c | 1 + drivers/mfd/max77620.c | 15 +- drivers/mfd/mt6358-irq.c | 1 + drivers/mfd/mt6397-irq.c | 1 + drivers/misc/vmw_balloon.c | 3 +- drivers/mmc/host/Kconfig | 4 +- drivers/mmc/host/sdhci-msm.c | 27 ++- drivers/mtd/lpddr/lpddr_cmds.c | 8 +- drivers/mtd/nand/raw/renesas-nand-controller.c | 5 +- drivers/net/can/usb/gs_usb.c | 2 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/sja1105/sja1105_static_config.c | 6 +- drivers/net/ethernet/broadcom/b44.c | 3 + drivers/net/ethernet/cadence/macb_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 + .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 4 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 15 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 20 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 - drivers/net/ethernet/intel/i40e/i40e_main.c | 15 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 10 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 4 +- .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.c | 122 ++++++++-- .../ethernet/mellanox/mlx5/core/diag/fw_tracer.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 10 + .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 1 + .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 2 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 17 +- drivers/net/ethernet/microchip/lan743x_main.c | 3 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/smsc/smc91x.c | 10 +- drivers/net/ethernet/stmicro/stmmac/chain_mode.c | 10 +- drivers/net/ethernet/stmicro/stmmac/common.h | 60 +++-- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 47 ++-- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 +- .../net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 19 +- drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 17 +- drivers/net/ethernet/stmicro/stmmac/dwmac4.h | 101 ++++++-- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 50 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 16 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 201 +++++++++------- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 92 ++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 119 ++++++---- drivers/net/ethernet/stmicro/stmmac/dwmac_dma.h | 22 +- drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c | 29 ++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 9 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_descs.c | 4 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 82 ++++--- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 19 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 172 ++++++++------ drivers/net/ethernet/stmicro/stmmac/norm_desc.c | 15 +- drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 4 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 175 +++++++++++--- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 252 +++++++++++++++----- drivers/net/fjes/fjes_hw.c | 12 +- drivers/net/ipvlan/ipvlan_core.c | 3 + drivers/net/mdio/mdio-aspeed.c | 7 + drivers/net/phy/adin1100.c | 2 +- drivers/net/phy/mscc/mscc_main.c | 6 +- drivers/net/team/team.c | 2 +- drivers/net/usb/asix_common.c | 5 + drivers/net/usb/rtl8150.c | 2 + drivers/net/usb/sr9700.c | 4 +- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 7 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/dmi.c | 14 ++ drivers/net/wireless/mediatek/mt76/eeprom.c | 37 ++- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 +- drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 ++- drivers/net/wireless/st/cw1200/bh.c | 6 +- drivers/nfc/pn533/usb.c | 2 +- drivers/nvme/host/fc.c | 6 +- drivers/parisc/gsc.c | 4 +- drivers/pci/controller/dwc/pci-keystone.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 +- drivers/pci/controller/pcie-brcmstb.c | 10 +- drivers/pci/pci-driver.c | 4 + drivers/phy/broadcom/phy-bcm63xx-usbh.c | 6 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 +- drivers/pinctrl/pinctrl-single.c | 25 +- drivers/pinctrl/qcom/pinctrl-msm.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 2 +- drivers/platform/chrome/cros_ec_ishtp.c | 1 + drivers/platform/x86/acer-wmi.c | 4 + drivers/platform/x86/asus-wmi.c | 8 +- drivers/platform/x86/huawei-wmi.c | 4 + drivers/platform/x86/ibm_rtl.c | 2 +- drivers/platform/x86/intel/chtwc_int33fe.c | 29 ++- drivers/platform/x86/intel/hid.c | 12 + drivers/platform/x86/msi-laptop.c | 3 + drivers/power/supply/apm_power.c | 3 +- drivers/power/supply/cw2015_battery.c | 8 +- drivers/power/supply/wm831x_power.c | 10 +- drivers/pwm/pwm-bcm2835.c | 28 +-- drivers/pwm/pwm-stm32.c | 3 +- drivers/regulator/core.c | 37 ++- drivers/remoteproc/qcom_q6v5_wcss.c | 8 +- drivers/rpmsg/qcom_glink_native.c | 8 + drivers/rtc/rtc-gamecube.c | 4 + drivers/s390/block/dasd_eckd.c | 8 + drivers/s390/crypto/ap_bus.c | 8 +- drivers/scsi/aic94xx/aic94xx_init.c | 3 + drivers/scsi/qla2xxx/qla_def.h | 1 - drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 32 +-- drivers/scsi/qla2xxx/qla_mbx.c | 2 + drivers/scsi/qla2xxx/qla_mid.c | 4 +- drivers/scsi/qla2xxx/qla_os.c | 14 +- drivers/scsi/sim710.c | 2 + drivers/scsi/smartpqi/smartpqi.h | 19 +- drivers/scsi/smartpqi/smartpqi_init.c | 264 ++++++++++++++++----- drivers/scsi/stex.c | 1 + drivers/soc/actions/owl-sps.c | 16 +- drivers/soc/amlogic/meson-canvas.c | 5 +- drivers/soc/imx/gpc.c | 12 +- drivers/soc/qcom/ocmem.c | 2 +- drivers/soc/qcom/smem.c | 3 +- drivers/soc/rockchip/pm_domains.c | 13 +- drivers/spi/Kconfig | 2 +- drivers/spi/spi-cadence-quadspi.c | 113 ++++++++- drivers/spi/spi-fsl-spi.c | 2 +- drivers/spi/spi-imx.c | 15 +- drivers/spi/spi-tegra210-quad.c | 22 +- drivers/spi/spi-xilinx.c | 2 +- drivers/staging/fbtft/fbtft-core.c | 4 +- drivers/staging/greybus/uart.c | 7 +- drivers/staging/rtl8723bs/core/rtw_ieee80211.c | 14 +- drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +- drivers/target/target_core_configfs.c | 1 - drivers/target/target_core_transport.c | 1 + drivers/tty/serial/8250/8250_pci.c | 37 +++ drivers/tty/serial/atmel_serial.c | 5 +- drivers/tty/serial/clps711x.c | 4 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 5 +- drivers/tty/serial/imx.c | 4 +- drivers/tty/serial/lantiq.c | 4 +- drivers/tty/serial/serial_core.c | 13 +- drivers/tty/serial/sprd_serial.c | 6 + drivers/tty/serial/st-asc.c | 4 +- drivers/tty/serial/uartlite.c | 12 +- drivers/tty/serial/xilinx_uartps.c | 5 +- drivers/tty/tty_port.c | 17 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/uio/uio_fsl_elbc_gpcm.c | 7 + drivers/usb/class/cdc-acm.c | 7 +- drivers/usb/core/message.c | 2 +- drivers/usb/dwc2/platform.c | 16 +- drivers/usb/dwc3/dwc3-of-simple.c | 7 +- drivers/usb/dwc3/gadget.c | 2 +- drivers/usb/dwc3/host.c | 2 +- drivers/usb/gadget/legacy/raw_gadget.c | 3 + drivers/usb/gadget/udc/lpc32xx_udc.c | 20 +- drivers/usb/gadget/udc/tegra-xudc.c | 6 - drivers/usb/host/ohci-nxp.c | 20 +- drivers/usb/host/xhci-dbgtty.c | 2 +- drivers/usb/host/xhci-hub.c | 2 +- drivers/usb/host/xhci-mem.c | 10 +- drivers/usb/host/xhci-ring.c | 8 +- drivers/usb/host/xhci.h | 16 +- drivers/usb/misc/chaoskey.c | 16 +- drivers/usb/phy/phy-fsl-usb.c | 1 + drivers/usb/phy/phy-isp1301.c | 7 +- drivers/usb/phy/phy.c | 4 + drivers/usb/renesas_usbhs/pipe.c | 2 + drivers/usb/serial/belkin_sa.c | 28 ++- drivers/usb/serial/ftdi_sio.c | 72 ++---- drivers/usb/serial/kobil_sct.c | 18 +- drivers/usb/serial/option.c | 22 +- drivers/usb/serial/usb-serial.c | 7 +- drivers/usb/storage/unusual_uas.h | 2 +- drivers/usb/typec/ucsi/ucsi.c | 6 + drivers/usb/usbip/vhci_hcd.c | 6 +- drivers/vhost/vsock.c | 15 +- drivers/video/backlight/led_bl.c | 18 +- drivers/video/fbdev/gbefb.c | 5 +- drivers/video/fbdev/pxafb.c | 12 +- drivers/video/fbdev/ssd1307fb.c | 4 +- drivers/video/fbdev/tcx.c | 2 +- drivers/virtio/virtio_balloon.c | 4 +- drivers/virtio/virtio_vdpa.c | 2 +- drivers/watchdog/via_wdt.c | 1 + drivers/watchdog/wdat_wdt.c | 64 +++-- fs/bfs/inode.c | 19 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/scrub.c | 5 + fs/btrfs/tree-log.c | 46 +++- fs/btrfs/volumes.c | 1 + fs/exfat/super.c | 19 +- fs/ext4/ext4.h | 1 + fs/ext4/ialloc.c | 1 - fs/ext4/inline.c | 14 +- fs/ext4/inode.c | 1 - fs/ext4/mballoc.c | 58 +++-- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 4 +- fs/ext4/super.c | 70 ++++-- fs/ext4/xattr.c | 6 +- fs/f2fs/data.c | 17 ++ fs/f2fs/debug.c | 3 + fs/f2fs/f2fs.h | 34 +-- fs/f2fs/file.c | 89 +++++-- fs/f2fs/inode.c | 20 +- fs/f2fs/namei.c | 6 +- fs/f2fs/recovery.c | 12 +- fs/f2fs/super.c | 56 +++-- fs/f2fs/xattr.c | 30 +-- fs/f2fs/xattr.h | 10 +- fs/fscache/main.c | 1 + fs/fuse/file.c | 26 +- fs/gfs2/lops.c | 2 +- fs/gfs2/super.c | 4 +- fs/hfsplus/bnode.c | 4 +- fs/hfsplus/dir.c | 7 +- fs/hfsplus/inode.c | 32 ++- fs/jbd2/journal.c | 14 ++ fs/jbd2/transaction.c | 21 +- fs/lockd/svc4proc.c | 4 +- fs/lockd/svclock.c | 21 +- fs/lockd/svcproc.c | 5 +- fs/locks.c | 13 +- fs/nfs/client.c | 21 +- fs/nfs/dir.c | 27 ++- fs/nfs/inode.c | 2 +- fs/nfs/internal.h | 3 +- fs/nfs/namespace.c | 11 +- fs/nfs/nfs4client.c | 18 +- fs/nfs/pnfs.c | 1 + fs/nfs/super.c | 36 +-- fs/nfsd/blocklayout.c | 7 +- fs/nfsd/export.c | 2 +- fs/nfsd/nfs4state.c | 4 +- fs/nfsd/nfs4xdr.c | 5 + fs/nfsd/vfs.c | 2 +- fs/nls/nls_base.c | 27 ++- fs/notify/fsnotify.c | 9 +- fs/ntfs3/frecord.c | 43 +++- fs/ntfs3/fsntfs.c | 9 +- fs/ntfs3/inode.c | 2 + fs/ntfs3/ntfs_fs.h | 9 +- fs/ntfs3/run.c | 6 +- fs/ocfs2/alloc.c | 1 - fs/ocfs2/move_extents.c | 8 +- fs/ocfs2/suballoc.c | 10 + fs/smb/client/fs_context.c | 2 +- fs/smb/server/mgmt/tree_connect.c | 18 +- fs/smb/server/mgmt/tree_connect.h | 1 - fs/smb/server/mgmt/user_session.c | 4 +- fs/smb/server/smb2pdu.c | 16 +- fs/smb/server/smbacl.c | 16 ++ fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/vfs.c | 5 +- fs/xfs/xfs_buf_item.c | 1 + include/linux/balloon_compaction.h | 43 ++-- include/linux/blk_types.h | 5 +- include/linux/compiler_types.h | 13 + include/linux/cper.h | 12 +- include/linux/filter.h | 16 +- include/linux/fs_context.h | 1 - include/linux/genalloc.h | 1 + include/linux/hugetlb.h | 4 +- include/linux/ieee80211.h | 4 +- include/linux/if_bridge.h | 6 +- include/linux/kasan.h | 15 ++ include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 12 +- include/linux/nfs_fs_sb.h | 7 +- include/linux/nfs_xdr.h | 54 ++--- include/linux/pgtable.h | 34 ++- include/linux/platform_data/lp855x.h | 4 +- include/linux/rculist_nulls.h | 59 +++++ include/linux/reset.h | 1 + include/linux/sched/isolation.h | 12 + include/linux/sched/topology.h | 3 + include/linux/security.h | 2 +- include/linux/serial_core.h | 2 +- include/linux/stmmac.h | 20 ++ include/linux/tpm.h | 8 +- include/linux/tty_port.h | 21 +- include/linux/virtio_config.h | 4 +- include/media/v4l2-mem2mem.h | 3 +- include/net/cfg80211.h | 70 +++++- include/net/mac80211.h | 73 +++++- include/net/netfilter/nf_conntrack_count.h | 15 +- include/net/sock.h | 13 + include/net/xfrm.h | 13 +- include/sound/snd_wavefront.h | 4 - include/uapi/linux/mptcp.h | 1 + include/uapi/linux/nl80211.h | 49 ++++ include/uapi/sound/asound.h | 2 +- io_uring/openclose.c | 2 +- io_uring/poll.c | 9 +- kernel/bpf/syscall.c | 3 + kernel/bpf/trampoline.c | 3 +- kernel/cgroup/cpuset.c | 35 ++- kernel/dma/pool.c | 2 +- kernel/fork.c | 5 + kernel/kallsyms.c | 5 +- kernel/livepatch/core.c | 8 +- kernel/locking/spinlock_debug.c | 4 +- kernel/resource.c | 95 ++++---- kernel/sched/core.c | 3 + kernel/sched/cpudeadline.c | 34 +-- kernel/sched/cpudeadline.h | 4 +- kernel/sched/deadline.c | 8 +- kernel/sched/fair.c | 75 ++++-- kernel/sched/features.h | 5 + kernel/sched/sched.h | 7 + kernel/sched/topology.c | 6 + kernel/scs.c | 2 +- kernel/trace/ftrace.c | 40 +++- kernel/trace/trace_events.c | 2 + lib/idr.c | 2 + lib/vsprintf.c | 6 +- mm/balloon_compaction.c | 9 +- mm/damon/core-test.h | 88 ++++++- mm/damon/vaddr-test.h | 26 +- mm/hugetlb.c | 4 +- mm/kasan/common.c | 17 ++ mm/memory.c | 10 +- mm/mempolicy.c | 2 +- mm/mprotect.c | 125 +++++----- mm/mremap.c | 2 +- mm/vmalloc.c | 4 +- net/bluetooth/rfcomm/tty.c | 7 +- net/bridge/br_ioctl.c | 36 ++- net/bridge/br_private.h | 4 +- net/caif/cffrml.c | 9 +- net/ceph/osdmap.c | 116 ++++----- net/core/dev_ioctl.c | 16 -- net/core/filter.c | 9 +- net/core/page_pool.c | 27 ++- net/ethtool/ioctl.c | 134 +++++++---- net/hsr/hsr_forward.c | 2 + net/ipv4/fib_trie.c | 7 +- net/ipv4/inet_hashtables.c | 8 +- net/ipv4/ipcomp.c | 2 + net/ipv6/calipso.c | 3 +- net/ipv6/ip6_gre.c | 9 +- net/ipv6/ipcomp6.c | 2 + net/ipv6/xfrm6_tunnel.c | 2 +- net/key/af_key.c | 2 +- net/mac80211/cfg.c | 70 +++++- net/mac80211/chan.c | 2 +- net/mac80211/ieee80211_i.h | 27 ++- net/mac80211/mlme.c | 163 ++++++++++++- net/mac80211/rx.c | 5 + net/mac80211/tx.c | 146 +++++++++++- net/mptcp/options.c | 10 + net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 16 +- net/mptcp/protocol.h | 5 +- net/mptcp/subflow.c | 9 - net/netfilter/ipvs/ip_vs_xmit.c | 3 + net/netfilter/nf_conncount.c | 208 ++++++++++------ net/netfilter/nft_connlimit.c | 34 ++- net/netfilter/nft_flow_offload.c | 9 +- net/netfilter/xt_connlimit.c | 14 +- net/netrom/nr_out.c | 4 +- net/nfc/core.c | 9 +- net/openvswitch/conntrack.c | 16 +- net/openvswitch/flow_netlink.c | 13 +- net/openvswitch/vport-netdev.c | 17 +- net/rose/af_rose.c | 2 +- net/sched/sch_cake.c | 60 ++--- net/sched/sch_ets.c | 6 +- net/sctp/socket.c | 5 +- net/socket.c | 19 +- net/sunrpc/auth_gss/svcauth_gss.c | 3 +- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 +- net/wireless/chan.c | 69 ++++++ net/wireless/core.h | 5 +- net/wireless/nl80211.c | 162 ++++++++++++- net/wireless/nl80211.h | 3 +- net/wireless/rdev-ops.h | 17 ++ net/wireless/sme.c | 14 +- net/wireless/trace.h | 25 ++ net/wireless/util.c | 4 +- net/xfrm/xfrm_ipcomp.c | 1 - net/xfrm/xfrm_state.c | 41 ++-- net/xfrm/xfrm_user.c | 2 +- samples/vfs/test-statx.c | 6 + samples/watch_queue/watch_test.c | 6 + scripts/Makefile.modinst | 4 +- security/integrity/ima/ima_policy.c | 2 +- security/keys/trusted-keys/trusted_tpm2.c | 6 +- security/smack/smack_lsm.c | 41 ++-- sound/firewire/dice/dice-extension.c | 4 +- sound/firewire/motu/motu-hwdep.c | 7 +- sound/isa/wavefront/wavefront.c | 61 ++--- sound/isa/wavefront/wavefront_fx.c | 36 +-- sound/isa/wavefront/wavefront_midi.c | 146 +++++------- sound/isa/wavefront/wavefront_synth.c | 216 ++++++++--------- sound/pci/hda/cs35l41_hda.c | 2 + sound/pcmcia/pdaudiocf/pdaudiocf.c | 8 +- sound/pcmcia/vx/vxpocket.c | 8 +- sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 +- sound/soc/codecs/ak4458.c | 10 +- sound/soc/codecs/ak5558.c | 10 +- sound/soc/fsl/fsl_xcvr.c | 197 +++++++++++---- sound/soc/fsl/fsl_xcvr.h | 28 +++ sound/soc/intel/catpt/pcm.c | 4 +- sound/soc/qcom/qdsp6/q6adm.c | 146 ++++++------ sound/soc/qcom/qdsp6/q6apm-dai.c | 2 + sound/soc/qcom/qdsp6/q6asm-dai.c | 7 +- sound/soc/stm/stm32_sai.c | 14 +- sound/soc/stm/stm32_sai_sub.c | 58 +++-- sound/usb/mixer_us16x08.c | 20 +- sound/usb/quirks.c | 6 + tools/include/linux/interval_tree_generic.h | 187 +++++++++++++++ tools/include/nolibc/stdio.h | 4 + tools/objtool/elf.c | 101 ++++---- tools/objtool/include/objtool/elf.h | 3 +- tools/perf/builtin-record.c | 2 +- tools/perf/util/symbol.c | 4 +- tools/testing/ktest/config-bisect.pl | 4 +- tools/testing/nvdimm/test/nfit.c | 7 +- tools/testing/radix-tree/idr-test.c | 21 ++ .../selftests/bpf/prog_tests/perf_branches.c | 22 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 5 + .../selftests/bpf/progs/test_perf_branches.c | 3 + .../test.d/ftrace/func_traceonoff_triggers.tc | 5 +- tools/testing/selftests/net/tap.c | 16 +- 660 files changed, 8219 insertions(+), 4086 deletions(-)

5 hours

[PATCH 6.12 00/16] 6.12.65-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.65 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 11 Jan 2026 11:19:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.65-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.65-rc1 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "iommu/amd: Skip enabling command/event buffers for kdump" Sean Nyekjaer <sean(a)geanix.com> pwm: stm32: Always program polarity Maximilian Immanuel Brandtner <maxbr(a)linux.ibm.com> virtio_console: fix order of fields cols and rows Peter Zijlstra <peterz(a)infradead.org> sched/fair: Proportional newidle balance Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to update_newidle_cost() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Small cleanup to sched_balance_newidle() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. Richa Bharti <richa.bharti(a)siemens.com> cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes Natalie Vock <natalie.vock(a)gmx.de> drm/amdgpu: Forward VMID reservation errors Miaoqian Lin <linmq006(a)gmail.com> net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure context reset on disconnect() Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() David Hildenbrand <david(a)redhat.com> mm: simplify folio_expected_ref_count() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/page_alloc: change all pageblocks migrate type on coalescing Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection ------------- Diffstat: Makefile | 4 +-- drivers/char/virtio_console.c | 2 +- drivers/cpufreq/intel_pstate.c | 9 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 ++-- drivers/iommu/amd/init.c | 28 +++++---------- drivers/net/phy/mediatek-ge-soc.c | 2 +- drivers/pwm/pwm-stm32.c | 3 +- include/linux/if_bridge.h | 6 ++-- include/linux/mm.h | 10 +++--- include/linux/sched/topology.h | 3 ++ kernel/sched/core.c | 3 ++ kernel/sched/fair.c | 65 +++++++++++++++++++++++++++------- kernel/sched/features.h | 5 +++ kernel/sched/sched.h | 7 ++++ kernel/sched/topology.c | 6 ++++ mm/page_alloc.c | 24 ++++++------- net/bridge/br_ioctl.c | 36 +++++++++++++++++-- net/bridge/br_private.h | 3 +- net/core/dev_ioctl.c | 16 --------- net/mac80211/rx.c | 5 +++ net/mptcp/options.c | 10 ++++++ net/mptcp/protocol.c | 8 +++-- net/mptcp/protocol.h | 9 +++-- net/mptcp/subflow.c | 10 +----- net/socket.c | 19 +++++----- 25 files changed, 186 insertions(+), 113 deletions(-)

5 hours, 1 minute

← Newer
1
2
3
4
5
6
7
8
...
12419
Older →

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror