- Linux-stable-mirror - lists.linaro.org

[PATCH v4] w1: therm: Fix off-by-one buffer overflow in alarms_store

by Thorsten Blum

The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtoll() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code. Cc: stable(a)vger.kernel.org Fixes: e2c94d6f5720 ("w1_therm: adding alarm sysfs entry") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- Compile-tested only. Changes in v4: - Use simple_strtoll because kstrtoint also parses long long internally - Return -ERANGE in addition to -EINVAL to match kstrtoint's behavior - Remove any changes unrelated to fixing the buffer overflow (Krzysztof) while maintaining the same behavior and return values as before - Link to v3: https://lore.kernel.org/lkml/20251030155614.447905-1-thorsten.blum@linux.de… Changes in v3: - Add integer range check for 'temp' to match kstrtoint() behavior - Explicitly cast 'temp' to int when calling int_to_short() - Link to v2: https://lore.kernel.org/lkml/20251029130045.70127-2-thorsten.blum@linux.dev/ Changes in v2: - Fix buffer overflow instead of truncating the copy using strscpy() - Parse buffer directly using simple_strtol() as suggested by David - Update patch subject and description - Link to v1: https://lore.kernel.org/lkml/20251017170047.114224-2-thorsten.blum@linux.de… --- drivers/w1/slaves/w1_therm.c | 64 ++++++++++++------------------------ 1 file changed, 21 insertions(+), 43 deletions(-) diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c index 9ccedb3264fb..5707fa34e804 100644 --- a/drivers/w1/slaves/w1_therm.c +++ b/drivers/w1/slaves/w1_therm.c @@ -1836,55 +1836,36 @@ static ssize_t alarms_store(struct device *device, struct w1_slave *sl = dev_to_w1_slave(device); struct therm_info info; u8 new_config_register[3]; /* array of data to be written */ - int temp, ret; - char *token = NULL; + long long temp; + int ret = 0; s8 tl, th; /* 1 byte per value + temp ring order */ - char *p_args, *orig; - - p_args = orig = kmalloc(size, GFP_KERNEL); - /* Safe string copys as buf is const */ - if (!p_args) { - dev_warn(device, - "%s: error unable to allocate memory %d\n", - __func__, -ENOMEM); - return size; - } - strcpy(p_args, buf); - - /* Split string using space char */ - token = strsep(&p_args, " "); - - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - - /* Convert 1st entry to int */ - ret = kstrtoint (token, 10, &temp); + const char *p = buf; + char *endp; + + temp = simple_strtoll(p, &endp, 10); + if (p == endp || *endp != ' ') + ret = -EINVAL; + else if (temp < INT_MIN || temp > INT_MAX) + ret = -ERANGE; if (ret) { dev_info(device, "%s: error parsing args %d\n", __func__, ret); - goto free_m; + goto err; } tl = int_to_short(temp); - /* Split string using space char */ - token = strsep(&p_args, " "); - if (!token) { - dev_info(device, - "%s: error parsing args %d\n", __func__, -EINVAL); - goto free_m; - } - /* Convert 2nd entry to int */ - ret = kstrtoint (token, 10, &temp); + p = endp + 1; + temp = simple_strtoll(p, &endp, 10); + if (p == endp) + ret = -EINVAL; + else if (temp < INT_MIN || temp > INT_MAX) + ret = -ERANGE; if (ret) { dev_info(device, "%s: error parsing args %d\n", __func__, ret); - goto free_m; + goto err; } - /* Prepare to cast to short by eliminating out of range values */ th = int_to_short(temp); @@ -1905,7 +1886,7 @@ static ssize_t alarms_store(struct device *device, dev_info(device, "%s: error reading from the slave device %d\n", __func__, ret); - goto free_m; + goto err; } /* Write data in the device RAM */ @@ -1913,7 +1894,7 @@ static ssize_t alarms_store(struct device *device, dev_info(device, "%s: Device not supported by the driver %d\n", __func__, -ENODEV); - goto free_m; + goto err; } ret = SLAVE_SPECIFIC_FUNC(sl)->write_data(sl, new_config_register); @@ -1922,10 +1903,7 @@ static ssize_t alarms_store(struct device *device, "%s: error writing to the slave device %d\n", __func__, ret); -free_m: - /* free allocated memory */ - kfree(orig); - +err: return size; } -- 2.51.1

1 week, 2 days

1
1
0 0

FAILED: patch "[PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 103e17aac09cdd358133f9e00998b75d6c1f1518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112434-arise-unlimited-9689@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 103e17aac09cdd358133f9e00998b75d6c1f1518 Mon Sep 17 00:00:00 2001 From: Sebastian Ene <sebastianene(a)google.com> Date: Fri, 17 Oct 2025 07:57:10 +0000 Subject: [PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel. Signed-off-by: Sebastian Ene <sebastianene(a)google.com> Acked-by: Will Deacon <will(a)kernel.org> Link: https://patch.msgid.link/20251017075710.2605118-1-sebastianene@google.com Signed-off-by: Marc Zyngier <maz(a)kernel.org> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 4e16f9b96f63..58b7d0c477d7 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -479,7 +479,7 @@ static void __do_ffa_mem_xfer(const u64 func_id, struct ffa_mem_region_attributes *ep_mem_access; struct ffa_composite_mem_region *reg; struct ffa_mem_region *buf; - u32 offset, nr_ranges; + u32 offset, nr_ranges, checked_offset; int ret = 0; if (addr_mbz || npages_mbz || fraglen > len || @@ -516,7 +516,12 @@ static void __do_ffa_mem_xfer(const u64 func_id, goto out_unlock; } - if (fraglen < offset + sizeof(struct ffa_composite_mem_region)) { + if (check_add_overflow(offset, sizeof(struct ffa_composite_mem_region), &checked_offset)) { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + if (fraglen < checked_offset) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; }

1 week, 2 days

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 103e17aac09cdd358133f9e00998b75d6c1f1518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112434-impending-cupid-a11e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 103e17aac09cdd358133f9e00998b75d6c1f1518 Mon Sep 17 00:00:00 2001 From: Sebastian Ene <sebastianene(a)google.com> Date: Fri, 17 Oct 2025 07:57:10 +0000 Subject: [PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel. Signed-off-by: Sebastian Ene <sebastianene(a)google.com> Acked-by: Will Deacon <will(a)kernel.org> Link: https://patch.msgid.link/20251017075710.2605118-1-sebastianene@google.com Signed-off-by: Marc Zyngier <maz(a)kernel.org> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 4e16f9b96f63..58b7d0c477d7 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -479,7 +479,7 @@ static void __do_ffa_mem_xfer(const u64 func_id, struct ffa_mem_region_attributes *ep_mem_access; struct ffa_composite_mem_region *reg; struct ffa_mem_region *buf; - u32 offset, nr_ranges; + u32 offset, nr_ranges, checked_offset; int ret = 0; if (addr_mbz || npages_mbz || fraglen > len || @@ -516,7 +516,12 @@ static void __do_ffa_mem_xfer(const u64 func_id, goto out_unlock; } - if (fraglen < offset + sizeof(struct ffa_composite_mem_region)) { + if (check_add_overflow(offset, sizeof(struct ffa_composite_mem_region), &checked_offset)) { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + if (fraglen < checked_offset) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; }

1 week, 2 days

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 103e17aac09cdd358133f9e00998b75d6c1f1518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112430-brunch-scone-7ffb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 103e17aac09cdd358133f9e00998b75d6c1f1518 Mon Sep 17 00:00:00 2001 From: Sebastian Ene <sebastianene(a)google.com> Date: Fri, 17 Oct 2025 07:57:10 +0000 Subject: [PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel. Signed-off-by: Sebastian Ene <sebastianene(a)google.com> Acked-by: Will Deacon <will(a)kernel.org> Link: https://patch.msgid.link/20251017075710.2605118-1-sebastianene@google.com Signed-off-by: Marc Zyngier <maz(a)kernel.org> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 4e16f9b96f63..58b7d0c477d7 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -479,7 +479,7 @@ static void __do_ffa_mem_xfer(const u64 func_id, struct ffa_mem_region_attributes *ep_mem_access; struct ffa_composite_mem_region *reg; struct ffa_mem_region *buf; - u32 offset, nr_ranges; + u32 offset, nr_ranges, checked_offset; int ret = 0; if (addr_mbz || npages_mbz || fraglen > len || @@ -516,7 +516,12 @@ static void __do_ffa_mem_xfer(const u64 func_id, goto out_unlock; } - if (fraglen < offset + sizeof(struct ffa_composite_mem_region)) { + if (check_add_overflow(offset, sizeof(struct ffa_composite_mem_region), &checked_offset)) { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + if (fraglen < checked_offset) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; }

1 week, 2 days

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 103e17aac09cdd358133f9e00998b75d6c1f1518 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112430-imperial-yearling-e395@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 103e17aac09cdd358133f9e00998b75d6c1f1518 Mon Sep 17 00:00:00 2001 From: Sebastian Ene <sebastianene(a)google.com> Date: Fri, 17 Oct 2025 07:57:10 +0000 Subject: [PATCH] KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX] is set from the host kernel. Signed-off-by: Sebastian Ene <sebastianene(a)google.com> Acked-by: Will Deacon <will(a)kernel.org> Link: https://patch.msgid.link/20251017075710.2605118-1-sebastianene@google.com Signed-off-by: Marc Zyngier <maz(a)kernel.org> diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index 4e16f9b96f63..58b7d0c477d7 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -479,7 +479,7 @@ static void __do_ffa_mem_xfer(const u64 func_id, struct ffa_mem_region_attributes *ep_mem_access; struct ffa_composite_mem_region *reg; struct ffa_mem_region *buf; - u32 offset, nr_ranges; + u32 offset, nr_ranges, checked_offset; int ret = 0; if (addr_mbz || npages_mbz || fraglen > len || @@ -516,7 +516,12 @@ static void __do_ffa_mem_xfer(const u64 func_id, goto out_unlock; } - if (fraglen < offset + sizeof(struct ffa_composite_mem_region)) { + if (check_add_overflow(offset, sizeof(struct ffa_composite_mem_region), &checked_offset)) { + ret = FFA_RET_INVALID_PARAMETERS; + goto out_unlock; + } + + if (fraglen < checked_offset) { ret = FFA_RET_INVALID_PARAMETERS; goto out_unlock; }

1 week, 2 days

1
0
0 0

[PATCH] crypto: hisilicon/qm - fix device leak on QoS updates

by Johan Hovold

Make sure to drop the reference taken when looking up the PCI device on QoS updates. Fixes: 22d7a6c39cab ("crypto: hisilicon/qm - add pci bdf number check") Cc: stable(a)vger.kernel.org # 6.2 Cc: Kai Ye <yekai13(a)huawei.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/crypto/hisilicon/qm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index a5b96adf2d1e..ef6fdcc3dbcb 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -3871,11 +3871,14 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf, pdev = container_of(dev, struct pci_dev, dev); if (pci_physfn(pdev) != qm->pdev) { pci_err(qm->pdev, "the pdev input does not match the pf!\n"); + put_device(dev); return -EINVAL; } *fun_index = pdev->devfn; + put_device(dev); + return 0; } -- 2.51.2

1 week, 2 days

2
2
0 0

[PATCH] drm/tegra: fix device leak on probe()

by Johan Hovold

Make sure to drop the reference taken when looking up the companion device during probe(). Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference. Fixes: f68ba6912bd2 ("drm/tegra: dc: Link DC1 to DC0 on Tegra20") Cc: stable(a)vger.kernel.org # 4.16 Cc: Dmitry Osipenko <digetx(a)gmail.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/tegra/dc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index 59d5c1ba145a..7a6b30df6a89 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -3148,6 +3148,8 @@ static int tegra_dc_couple(struct tegra_dc *dc) dc->client.parent = &parent->client; dev_dbg(dc->dev, "coupled to %s\n", dev_name(companion)); + + put_device(companion); } return 0; -- 2.51.2

1 week, 2 days

1
1
0 0

[PATCH] crypto: zstd - fix double-free in per-CPU stream cleanup

by Giovanni Cabiddu

The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstd_streams (per-CPU contexts) are freed in zstd_exit() during every tfm destruction, rather than being managed at the module level. When multiple tfms exist, each tfm exit attempts to free the same shared per-CPU streams, resulting in a double-free. This leads to a stack trace similar to: BUG: Bad page state in process kworker/u16:1 pfn:106fd93 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93 flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000000 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero entire_mapcount Modules linked in: ... CPU: 3 UID: 0 PID: 2506 Comm: kworker/u16:1 Kdump: loaded Tainted: G B Hardware name: ... Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 bad_page+0x71/0xd0 free_unref_page_prepare+0x24e/0x490 free_unref_page+0x60/0x170 crypto_acomp_free_streams+0x5d/0xc0 crypto_acomp_exit_tfm+0x23/0x50 crypto_destroy_tfm+0x60/0xc0 ... Change the lifecycle management of zstd_streams to free the streams only once during module cleanup. Fixes: f5ad93ffb541 ("crypto: zstd - convert to acomp") Cc: stable(a)vger.kernel.org Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Reviewed-by: Suman Kumar Chakraborty <suman.kumar.chakraborty(a)intel.com> --- crypto/zstd.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/crypto/zstd.c b/crypto/zstd.c index dc5b36141ff8..cbbd0413751a 100644 --- a/crypto/zstd.c +++ b/crypto/zstd.c @@ -75,11 +75,6 @@ static int zstd_init(struct crypto_acomp *acomp_tfm) return ret; } -static void zstd_exit(struct crypto_acomp *acomp_tfm) -{ - crypto_acomp_free_streams(&zstd_streams); -} - static int zstd_compress_one(struct acomp_req *req, struct zstd_ctx *ctx, const void *src, void *dst, unsigned int *dlen) { @@ -297,7 +292,6 @@ static struct acomp_alg zstd_acomp = { .cra_module = THIS_MODULE, }, .init = zstd_init, - .exit = zstd_exit, .compress = zstd_compress, .decompress = zstd_decompress, }; @@ -310,6 +304,7 @@ static int __init zstd_mod_init(void) static void __exit zstd_mod_fini(void) { crypto_unregister_acomp(&zstd_acomp); + crypto_acomp_free_streams(&zstd_streams); } module_init(zstd_mod_init); base-commit: 8faa5c4b47998c5930314a3bb8ee53534cfdc1ce -- 2.51.1

1 week, 2 days

2
1
0 0

Linux 6.17.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.9 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4 arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4 arch/arm/boot/dts/nxp/imx/imx6ull-engicam-microgea-rmm.dts | 2 arch/arm/crypto/Kconfig | 2 arch/arm64/boot/dts/freescale/imx8-ss-img.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mp-kontron-bl-osm-s.dts | 24 arch/arm64/boot/dts/rockchip/rk3566-bigtreetech-cb2.dtsi | 6 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/rockchip/rk3576.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588-opp.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 2 arch/arm64/kernel/probes/kprobes.c | 5 arch/arm64/kvm/sys_regs.c | 59 - arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/io.h | 5 arch/loongarch/include/asm/pgtable.h | 11 arch/loongarch/kernel/mem.c | 7 arch/loongarch/kernel/numa.c | 23 arch/loongarch/kernel/setup.c | 5 arch/loongarch/kernel/traps.c | 4 arch/loongarch/kvm/intc/eiointc.c | 2 arch/loongarch/kvm/timer.c | 2 arch/loongarch/kvm/vcpu.c | 5 arch/loongarch/mm/init.c | 2 arch/loongarch/mm/ioremap.c | 2 arch/riscv/Makefile | 2 arch/riscv/kernel/cpu-hotplug.c | 1 arch/riscv/kernel/setup.c | 7 arch/x86/include/asm/kvm_host.h | 3 arch/x86/include/uapi/asm/vmx.h | 7 arch/x86/kernel/acpi/cppc.c | 2 arch/x86/kernel/cpu/amd.c | 7 arch/x86/kernel/cpu/microcode/amd.c | 1 arch/x86/kvm/svm/nested.c | 20 arch/x86/kvm/svm/svm.c | 71 - arch/x86/kvm/vmx/common.h | 2 arch/x86/kvm/vmx/nested.c | 21 arch/x86/kvm/vmx/vmx.c | 29 arch/x86/kvm/vmx/vmx.h | 5 arch/x86/kvm/x86.c | 75 + drivers/acpi/cppc_acpi.c | 6 drivers/acpi/numa/hmat.c | 46 drivers/acpi/numa/srat.c | 2 drivers/bluetooth/btusb.c | 13 drivers/cpufreq/intel_pstate.c | 9 drivers/crypto/hisilicon/qm.c | 2 drivers/edac/altera_edac.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_isp.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 5 drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 5 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 5 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 73 - drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_pp_smu.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/dm_services_types.h | 2 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 6 drivers/gpu/drm/amd/include/dm_pp_interface.h | 1 drivers/gpu/drm/amd/pm/amdgpu_dpm_internal.c | 67 + drivers/gpu/drm/amd/pm/inc/amdgpu_dpm_internal.h | 2 drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 4 drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 6 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 70 - drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 11 drivers/gpu/drm/clients/drm_client_setup.c | 4 drivers/gpu/drm/i915/display/intel_psr.c | 3 drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 drivers/gpu/drm/i915/i915_vma.c | 16 drivers/gpu/drm/mediatek/mtk_crtc.c | 7 drivers/gpu/drm/panthor/panthor_gem.c | 18 drivers/gpu/drm/vmwgfx/vmwgfx_cursor_plane.c | 16 drivers/gpu/drm/vmwgfx/vmwgfx_cursor_plane.h | 1 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 drivers/gpu/drm/xe/xe_device.c | 14 drivers/gpu/drm/xe/xe_guc_ct.c | 3 drivers/gpu/drm/xe/xe_wa.c | 11 drivers/hid/hid-ids.h | 4 drivers/hid/hid-logitech-hidpp.c | 21 drivers/hid/hid-nintendo.c | 2 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-playstation.c | 2 drivers/hid/hid-quirks.c | 2 drivers/hid/hid-uclogic-params.c | 4 drivers/hid/intel-thc-hid/intel-quickspi/pci-quickspi.c | 6 drivers/hid/intel-thc-hid/intel-quickspi/quickspi-dev.h | 2 drivers/infiniband/hw/mlx5/cq.c | 15 drivers/iommu/iommufd/io_pagetable.c | 12 drivers/iommu/iommufd/ioas.c | 4 drivers/irqchip/irq-riscv-intc.c | 3 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 drivers/mmc/host/dw_mmc-rockchip.c | 4 drivers/mmc/host/pxamci.c | 56 - drivers/mmc/host/sdhci-of-dwcmshc.c | 2 drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 15 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 79 + drivers/net/ethernet/mellanox/mlx5/core/cq.c | 24 drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_common.c | 11 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 drivers/net/ethernet/mellanox/mlx5/core/eq.c | 8 drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c | 16 drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c | 8 drivers/net/ethernet/mellanox/mlx5/core/main.c | 11 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/send.c | 15 drivers/net/ethernet/mellanox/mlx5/core/steering/sws/dr_send.c | 29 drivers/net/ethernet/mellanox/mlx5/core/wc.c | 4 drivers/net/ethernet/ti/am65-cpsw-qos.c | 51 drivers/net/phy/mdio_bus.c | 5 drivers/net/phy/micrel.c | 515 ++++++---- drivers/net/virtio_net.c | 16 drivers/net/wireless/ath/ath11k/wmi.c | 3 drivers/net/wireless/intel/iwlwifi/mld/link.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 13 drivers/net/wireless/intel/iwlwifi/mvm/utils.c | 12 drivers/pmdomain/arm/scmi_pm_domain.c | 13 drivers/pmdomain/imx/gpc.c | 2 drivers/pmdomain/samsung/exynos-pm-domains.c | 29 drivers/pwm/pwm-adp5585.c | 4 drivers/regulator/fixed.c | 1 drivers/spi/spi.c | 10 drivers/vdpa/mlx5/net/mlx5_vnet.c | 6 fs/afs/cell.c | 78 + fs/afs/dynroot.c | 3 fs/afs/internal.h | 12 fs/afs/mntpt.c | 3 fs/afs/proc.c | 3 fs/afs/super.c | 2 fs/afs/vl_alias.c | 3 fs/binfmt_misc.c | 4 fs/btrfs/inode.c | 4 fs/btrfs/scrub.c | 2 fs/btrfs/tree-log.c | 2 fs/btrfs/zoned.c | 60 - fs/erofs/decompressor_zstd.c | 11 fs/exfat/namei.c | 6 fs/file_attr.c | 4 fs/fuse/virtio_fs.c | 2 fs/hostfs/hostfs_kern.c | 29 fs/namespace.c | 32 fs/nfs/client.c | 8 fs/nfs/dir.c | 23 fs/nfs/inode.c | 18 fs/nfs/nfs3client.c | 14 fs/nfs/nfs4client.c | 15 fs/nfs/nfs4proc.c | 22 fs/nfs/pnfs_nfs.c | 66 - fs/nfs/sysfs.c | 1 fs/nfs/write.c | 3 fs/nfsd/nfs4state.c | 3 fs/nfsd/nfs4xdr.c | 3 fs/nfsd/nfsd.h | 1 fs/nfsd/nfsfh.c | 6 fs/nilfs2/segment.c | 7 fs/proc/generic.c | 12 fs/smb/client/fs_context.c | 2 fs/smb/client/smb2inode.c | 2 fs/smb/client/transport.c | 2 fs/smb/server/smb2pdu.c | 2 fs/smb/server/transport_tcp.c | 5 include/linux/compiler_types.h | 5 include/linux/filter.h | 20 include/linux/huge_mm.h | 55 - include/linux/map_benchmark.h | 1 include/linux/mlx5/cq.h | 2 include/linux/mlx5/driver.h | 3 include/linux/nfs_xdr.h | 1 include/net/bluetooth/hci.h | 5 include/uapi/linux/mount.h | 2 io_uring/register.c | 7 io_uring/rsrc.c | 16 io_uring/rw.c | 3 kernel/bpf/trampoline.c | 5 kernel/bpf/verifier.c | 6 kernel/crash_core.c | 2 kernel/futex/core.c | 12 kernel/gcov/gcc_4_7.c | 4 kernel/kexec_handover.c | 8 kernel/power/swap.c | 17 kernel/sched/ext.c | 4 kernel/time/posix-timers.c | 12 kernel/trace/ftrace.c | 20 lib/maple_tree.c | 30 mm/damon/stat.c | 9 mm/damon/sysfs.c | 10 mm/filemap.c | 20 mm/huge_memory.c | 38 mm/kmsan/core.c | 3 mm/kmsan/hooks.c | 6 mm/kmsan/shadow.c | 2 mm/ksm.c | 113 ++ mm/memory.c | 20 mm/mm_init.c | 2 mm/mremap.c | 2 mm/secretmem.c | 2 mm/shmem.c | 9 mm/slub.c | 6 mm/swap_state.c | 13 mm/truncate.c | 6 net/bluetooth/6lowpan.c | 97 + net/bluetooth/hci_conn.c | 33 net/bluetooth/hci_event.c | 56 - net/bluetooth/hci_sync.c | 2 net/bluetooth/l2cap_core.c | 1 net/bluetooth/mgmt.c | 1 net/core/netpoll.c | 7 net/dsa/tag_brcm.c | 6 net/handshake/tlshd.c | 1 net/hsr/hsr_device.c | 5 net/hsr/hsr_forward.c | 22 net/ipv4/route.c | 5 net/mac80211/iface.c | 14 net/mac80211/rx.c | 10 net/netfilter/nft_ct.c | 5 net/sched/act_bpf.c | 6 net/sched/act_connmark.c | 12 net/sched/act_ife.c | 12 net/sched/cls_bpf.c | 6 net/sched/sch_generic.c | 17 net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/unix/garbage.c | 14 rust/Makefile | 2 scripts/decode_stacktrace.sh | 43 scripts/gendwarfksyms/gendwarfksyms.c | 3 scripts/gendwarfksyms/gendwarfksyms.h | 2 scripts/gendwarfksyms/symbols.c | 4 sound/hda/codecs/hdmi/nvhdmi-mcp.c | 4 sound/hda/codecs/realtek/alc269.c | 1 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/da7213.c | 65 - sound/soc/codecs/da7213.h | 1 sound/soc/codecs/lpass-va-macro.c | 2 sound/soc/codecs/max98090.c | 6 sound/soc/codecs/nau8821.c | 22 sound/soc/codecs/nau8821.h | 2 sound/soc/codecs/tas2781-i2c.c | 9 sound/soc/renesas/rcar/ssiu.c | 3 sound/soc/sdw_utils/soc_sdw_utils.c | 20 sound/usb/endpoint.c | 5 sound/usb/mixer.c | 2 tools/build/feature/Makefile | 4 tools/perf/Makefile.config | 5 tools/perf/builtin-lock.c | 2 tools/perf/tests/shell/lock_contention.sh | 21 tools/perf/util/header.c | 10 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4 tools/testing/selftests/iommu/iommufd.c | 2 tools/testing/selftests/iommu/iommufd_utils.h | 4 tools/testing/selftests/net/forwarding/local_termination.sh | 2 tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 90 - tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21 tools/testing/selftests/user_events/perf_test.c | 2 virt/kvm/guest_memfd.c | 45 277 files changed, 2494 insertions(+), 1381 deletions(-) Abdun Nihaal (3): HID: playstation: Fix memory leak in dualshock4_get_calibration_data() HID: uclogic: Fix potential memory leak in error path isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Abhishek Tamboli (1): HID: intel-thc-hid: intel-quickspi: Add ARL PCI Device Id's Akiva Goldberger (1): mlx5: Fix default values in create CQ Aksh Garg (2): net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism Al Viro (1): simplify nfs_atomic_open_v23() Aleksei Nikiforov (1): mm/kmsan: fix kmsan kmalloc hook when no stack depots are allocated yet Alex Deucher (1): drm/amdgpu: set default gfx reset masks for gfx6-8 Alexander Sverdlin (1): selftests: net: local_termination: Wait for interfaces to come up Alok Tiwari (1): virtio-fs: fix incorrect check for fsvq->kobj Anand Moon (1): arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 Andrei Vagin (1): fs/namespace: correctly handle errors returned by grab_requested_mnt_ns Andrey Albershteyn (1): fs: return EOPNOTSUPP from file_setattr/file_getattr syscalls Andrey Leonchikov (2): arm64: dts: rockchip: Fix PCIe power enable pin for BigTreeTech CB2 and Pi2 arm64: dts: rockchip: Fix USB power enable pin for BTT CB2 and Pi2 Andrii Melnychenko (1): netfilter: nft_ct: add seqadj extension for natted connections André Draszik (1): pmdomain: samsung: plug potential memleak during probe Ankit Khushwaha (1): selftests/user_events: fix type cast for write_index packed member in perf_test Arnaldo Carvalho de Melo (1): perf build: Don't fail fast path feature detection when binutils-devel is not available Balasubramani Vivekanandan (1): drm/xe/guc: Synchronize Dead CT worker with unbind Benjamin Berg (1): wifi: mac80211: skip rate verification for not captured PSDUs Bibo Mao (3): LoongArch: KVM: Restore guest PMU if it is enabled LoongArch: KVM: Add delay until timer interrupt injected LoongArch: KVM: Fix max supported vCPUs set with EIOINTC Boris Brezillon (1): drm/panthor: Flush shmem writes before mapping buffers CPU-uncached Borislav Petkov (AMD) (1): x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev Breno Leitao (1): net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Caleb Sander Mateos (1): io_uring/rsrc: don't use blk_rq_nr_phys_segments() as number of bvecs Carlos Llamas (1): scripts/decode_stacktrace.sh: fix build ID and PC source parsing Carolina Jubran (1): net/mlx5e: Fix missing error assignment in mlx5e_xfrm_add_state() Christian König (2): drm/amdgpu: remove two invalid BUG_ON()s drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Skip close replay processing if XDR encoding fails Chukun Pan (1): arm64: dts: rockchip: drop reset from rk3576 i2c9 node Claudiu Beznea (1): ASoC: da7213: Use component driver suspend/resume Cosmin Ratiu (3): net/mlx5: Fix typo of MLX5_EQ_DOORBEL_OFFSET net/mlx5: Store the global doorbell in mlx5_priv net/mlx5e: Prepare for using different CQ doorbells Cristian Ciocaltea (1): ASoC: nau8821: Avoid unnecessary blocking in IRQ handler D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Dai Ngo (1): NFS: Fix LTP test failures when timestamps are delegated Dan Carpenter (1): mtd: onenand: Pass correct pointer to IRQ handler Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Dario Binacchi (1): ARM: dts: imx6ull-engicam-microgea-rmm: fix report-rate-hz value Dave Jiang (1): acpi/hmat: Fix lockdep warning for hmem_register_resource() David Howells (1): afs: Fix dynamic lookup to fail on cell lookup failure Dawn Gardner (1): ALSA: hda/realtek: Fix mute led for HP Omen 17-cb0xxx Dev Jain (1): mm/mremap: honour writable bit in mremap pte batching Dragan Simic (1): arm64: dts: rockchip: Make RK3588 GPU OPP table naming less generic Eduard Zingerman (1): bpf: account for current allocated stack depth in widen_imprecise_scalars() Edward Adam Davis (2): nilfs2: avoid having an active sc_timer before freeing sci cifs: client: fix memory leak in smb3_fs_context_parse_param Eric Biggers (1): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Eric Dumazet (3): sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: limit try_bulk_dequeue_skb() batches bpf: Add bpf_prog_run_data_pointers() Eslam Khafagy (1): posix-timers: Plug potential memory leak in do_timer_create() Felix Maurer (2): hsr: Fix supervision frame sending on HSRv0 hsr: Follow standard for HSRv0 supervision frames Feng Jiang (1): riscv: Build loader.bin exclusively for Canaan K210 Filipe Manana (1): btrfs: do not update last_log_commit when logging inode due to a new name Frieder Schrempf (1): arm64: dts: imx8mp-kontron: Fix USB OTG role switching Gal Pressman (3): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps net/mlx5e: Fix potentially misleading debug message Gao Xiang (1): erofs: avoid infinite loop due to incomplete zstd-compressed data Gautham R. Shenoy (4): ACPI: CPPC: Detect preferred core availability on online CPUs ACPI: CPPC: Check _CPC validity for only the online CPUs ACPI: CPPC: Perform fast check switch only for online CPUs ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Geert Uytterhoeven (1): ASoC: da7213: Convert to DEFINE_RUNTIME_DEV_PM_OPS() Greg Kroah-Hartman (1): Linux 6.17.9 Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Han Gao (1): riscv: acpi: avoid errors caused by probing DT devices when ACPI is used Hans de Goede (1): spi: Try to get ACPI GPIO IRQ earlier Hao Ge (1): codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Haotian Zhang (4): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure ASoC: codecs: va-macro: fix resource leak in probe error path ASoC: rsnd: fix OF node reference leak in rsnd_ssiu_probe() Henrique Carvalho (1): smb: client: fix cifs_pick_channel when channel needs reconnect Hongbo Li (1): hostfs: Fix only passing host root in boot stage with new mount Horatiu Vultur (4): net: phy: micrel: Introduce lanphy_modify_page_reg net: phy: micrel: Replace hardcoded pages with defines net: phy: micrel: lan8814 fix reset of the QSGMII interface net: phy: micrel: Fix lan8814_config_init Huacai Chen (4): LoongArch: Consolidate early_ioremap()/ioremap_prot() LoongArch: Use correct accessor to read FWPC/MWPC LoongArch: Consolidate max_pfn & max_low_pfn calculation LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Ian Forbes (2): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE drm/vmwgfx: Restore Guest-Backed only cursor plane support Ian Rogers (1): perf test shell lock_contention: Extra debug diagnostics Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jaehun Gou (1): exfat: fix improper check of dentry.stream.valid_size Jani Nikula (1): drm/i915/psr: fix pipe to vblank conversion Janusz Krzysztofik (1): drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jason Gunthorpe (1): iommufd: Make vfio_compat's unmap succeed if the range is already empty Jason-JH Lin (1): drm/mediatek: Add pm_runtime support for GCE power control Jedrzej Jagielski (2): ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd Jens Axboe (1): io_uring/rw: ensure allocated iovec gets cleared for early failure Jesse.Zhang (2): drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process Jihed Chaibi (1): ARM: dts: imx51-zii-rdu1: Fix audmux node names Johannes Berg (2): wifi: iwlwifi: mvm: fix beacon template/fixed rate wifi: mac80211: reject address change while connecting Jonas Gorski (1): net: dsa: tag_brcm: do not mark link local traffic as offloaded Jonathan Kim (2): drm/amdkfd: fix suspend/resume all calls in mes based eviction path drm/amdkfd: relax checks for over allocation of save area Joshua Rogers (1): ksmbd: close accepted socket when per-IP limit rejects connection Joshua Watt (2): NFS4: Fix state renewals missing after boot NFS4: Apply delay_retrans to async operations Jouni Högander (1): drm/xe: Do clean shutdown also when using flr João Paulo Gonçalves (1): arm64: dts: imx8-ss-img: Avoid gpio0_mipi_csi GPIOs being deferred Kairui Song (2): mm/shmem: fix THP allocation and fallback loop mm, swap: fix potential UAF issue for VMA readahead Kiryl Shutsemau (1): mm/memory: do not populate page table entries beyond i_size Kuniyuki Iwashima (2): tipc: Fix use-after-free in tipc_mon_reinit_self(). af_unix: Initialise scc_index in unix_add_edge(). Lance Yang (1): mm/secretmem: fix use-after-free race in fault handler Luiz Augusto von Dentz (2): Bluetooth: hci_conn: Fix not cleaning up PA_LINK connections Bluetooth: hci_event: Fix not handling PA Sync Lost event Luke Wang (1): pwm: adp5585: Correct mismatched pwm chip info Marc Zyngier (1): KVM: arm64: Make all 32bit ID registers fully writable Marek Szyprowski (1): pmdomain: samsung: Rework legacy splash-screen handover workaround Mario Limonciello (2): drm/amd: Fix suspend failure with secure display TA x86/CPU/AMD: Add additional fixed RDSEED microcode revisions Mario Limonciello (AMD) (3): drm/amd/display: Don't stretch non-native images by default in eDP PM: hibernate: Emit an error when image writing fails PM: hibernate: Use atomic64_t for compressed_size variable Martin Kaiser (1): maple_tree: fix tracepoint string pointers Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Matthieu Baerts (NGI0) (8): selftests: mptcp: connect: fix fallback note due to OoO selftests: mptcp: join: rm: set backup flag selftests: mptcp: join: endpoints: longer transfer selftests: mptcp: connect: trunc: read all recv data selftests: mptcp: join: userspace: longer transfer selftests: mptcp: join: properly kill background tasks scripts/decode_stacktrace.sh: symbol: avoid trailing whitespaces scripts/decode_stacktrace.sh: symbol: preserve alignment Miaoqian Lin (3): ASoC: sdw_utils: fix device reference leak in is_sdca_endpoint_present() crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value pmdomain: imx: Fix reference count leak in imx_gpc_remove Miri Korenblit (1): wifi: iwlwifi: mld: always take beacon ies in link grading Naohiro Aota (2): btrfs: zoned: fix conventional zone capacity calculation btrfs: zoned: fix stripe width calculation Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug NeilBrown (1): nfsd: fix refcount leak in nfsd_set_fh_dentry() Nick Hu (1): irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops Nicolas Escande (1): wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Nicolin Chen (1): iommufd/selftest: Fix ioctl return value in _test_cmd_trigger_vevents() Niravkumar L Rabara (2): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Nitin Gote (2): drm/xe/xe3lpg: Extend Wa_15016589081 for xe3lpg drm/xe/xe3: Add WA_14024681466 for Xe3_LPG Oleg Makarenko (1): HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel Olga Kornievskaia (2): nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes NFSD: free copynotify stateid in nfs4_free_ol_stateid() Pauli Virtanen (5): Bluetooth: MGMT: cancel mesh send timer when hdev removed Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Pavel Begunkov (1): io_uring: fix unexpected placement on same size resizing Pedro Demarchi Gomes (1): ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (2): futex: Optimize per-cpu reference counting compiler_types: Move unused static inline functions warning to W=2 Pratyush Yadav (1): kho: warn and exit when unpreserved page wasn't preserved Qinxin Xia (1): dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Quanmin Yan (2): mm/damon/sysfs: change next_update_jiffies to a global variable mm/damon/stat: change last_refresh_jiffies to a global variable Rafał Miłecki (1): ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY Rakuram Eswaran (1): mmc: pxamci: Simplify pxamci_probe() error handling using devm APIs Randy Dunlap (1): drm/client: fix MODULE_PARM_DESC string for "active" Ranganath V N (2): net: sched: act_connmark: initialize struct tc_ife to fix kernel leak net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Ravi Bangoria (2): perf lock: Fix segfault due to missing kernel map perf test: Fix lock contention test Sami Tolvanen (1): gendwarfksyms: Skip files with no exports Scott Mayhew (1): NFS: check if suid/sgid was cleared after a write as needed Sean Christopherson (3): KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying KVM: x86: Rename local "ecx" variables to "msr" and "pmc" as appropriate KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shawn Lin (2): mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 mmc: dw_mmc-rockchip: Fix wrong internal phase calculate Shenghao Ding (1): ASoC: tas2781: fix getting the wrong device number Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Shuhao Fu (1): smb: client: fix refcount leak in smb2_set_path_attr Song Liu (1): ftrace: Fix BPF fexit with livepatch Sourabh Jain (1): crash: fix crashkernel resource shrink Srinivas Pandruvada (1): cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes Steven Rostedt (1): selftests/tracing: Run sample events to clear page cache events Stuart Hayhurst (1): HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sukrit Bhatnagar (1): KVM: VMX: Fix check for valid GVA on an EPT violation Sultan Alsawaf (1): drm/amd/amdgpu: Ensure isp_kernel_buffer_alloc() creates a new BO Takashi Iwai (2): ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Tangudu Tilak Tirumalesh (1): drm/xe/xe3: Extend wa_14023061436 Tejas Upadhyay (1): drm/xe: Move declarations under conditional branch Thomas Falcon (1): perf header: Write bpf_prog (infos|btfs)_cnt to data file Tianyang Zhang (1): LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Timur Kristóf (5): drm/amd/display: Add pixel_clock to amd_pp_display_configuration drm/amd/pm: Use pm_display_cfg in legacy DPM (v2) drm/amd/display: Disable fastboot on DCE 6 too drm/amd/pm: Disable MCLK switching on SI at high pixel clocks drm/amd: Disable ASPM on SI Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Trond Myklebust (6): pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect() pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS NFS: Check the TLS certificate fields in nfs_match_client() NFSv2/v3: Fix error handling in nfs_atomic_open_v23() NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Umesh Nerlige Ramappa (1): drm/i915: Fix conversion between clock ticks and nanoseconds Vicki Pfau (1): HID: nintendo: Wait longer for initial probe Vitaly Prosyak (1): drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() Xi Ruoyao (1): rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags Xin Li (1): KVM: x86: Add support for RDMSR/WRMSRNS w/ immediate on Intel Xuan Zhuo (1): virtio-net: fix incorrect flags recording in big mode Yang Shi (1): arm64: kprobes: check the return value of set_memory_rox() Yang Xiuwei (1): NFS: sysfs: fix leak when nfs_client kobject add fails Yosry Ahmed (3): KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() KVM: nSVM: Fix and simplify LBR virtualization handling with nested ZhangGuoDong (2): smb/server: fix possible memory leak in smb2_read() smb/server: fix possible refcount leak in smb2_sess_setup() Zi Yan (3): mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order mm/huge_memory: fix folio split check for anon folios in swapcache mm/huge_memory: do not change split_huge_page*() target order silently Zilin Guan (4): net/handshake: Fix memory leak in tls_handshake_accept() binfmt_misc: restore write access before closing files opened by open_exec() btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() btrfs: release root after error in data_reloc_print_warning_inode() Zqiang (1): sched_ext: Fix unsafe locking in the scx_dump_state()

1 week, 2 days

1
1
0 0

Linux 6.12.59

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.59 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4 arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4 arch/arm/crypto/Kconfig | 2 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/rockchip/rk3588-opp.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 2 arch/arm64/kernel/probes/kprobes.c | 5 arch/loongarch/include/asm/hw_breakpoint.h | 4 arch/loongarch/include/asm/pgtable.h | 11 arch/loongarch/kernel/traps.c | 4 arch/loongarch/kvm/timer.c | 2 arch/loongarch/kvm/vcpu.c | 5 arch/riscv/Makefile | 2 arch/riscv/kernel/cpu-hotplug.c | 1 arch/riscv/kernel/setup.c | 7 arch/x86/kernel/acpi/cppc.c | 2 arch/x86/kernel/cpu/microcode/amd.c | 1 arch/x86/kvm/svm/svm.c | 4 arch/x86/kvm/vmx/common.h | 34 arch/x86/kvm/vmx/vmx.c | 25 drivers/acpi/cppc_acpi.c | 6 drivers/acpi/numa/hmat.c | 46 drivers/acpi/numa/srat.c | 2 drivers/bluetooth/btusb.c | 13 drivers/crypto/hisilicon/qm.c | 2 drivers/edac/altera_edac.c | 22 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 12 drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 drivers/gpu/drm/i915/i915_vma.c | 16 drivers/gpu/drm/mediatek/mtk_crtc.c | 7 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 drivers/gpu/drm/xe/xe_device.c | 14 drivers/gpu/drm/xe/xe_guc_ct.c | 3 drivers/hid/hid-ids.h | 4 drivers/hid/hid-logitech-hidpp.c | 21 drivers/hid/hid-nintendo.c | 2 drivers/hid/hid-ntrig.c | 7 drivers/hid/hid-playstation.c | 2 drivers/hid/hid-quirks.c | 2 drivers/hid/hid-uclogic-params.c | 4 drivers/iommu/iommufd/io_pagetable.c | 12 drivers/iommu/iommufd/ioas.c | 4 drivers/irqchip/irq-riscv-intc.c | 3 drivers/isdn/hardware/mISDN/hfcsusb.c | 18 drivers/mmc/host/dw_mmc-rockchip.c | 4 drivers/mmc/host/sdhci-of-dwcmshc.c | 2 drivers/mtd/nand/onenand/onenand_samsung.c | 2 drivers/net/dsa/sja1105/sja1105_static_config.c | 6 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33 drivers/net/ethernet/ti/am65-cpsw-qos.c | 51 drivers/net/phy/mdio_bus.c | 5 drivers/net/phy/micrel.c | 515 ++++++---- drivers/net/virtio_net.c | 16 drivers/net/wireless/ath/ath11k/pci.c | 2 drivers/net/wireless/ath/ath11k/wmi.c | 3 drivers/pmdomain/arm/scmi_pm_domain.c | 13 drivers/pmdomain/imx/gpc.c | 2 drivers/pmdomain/samsung/exynos-pm-domains.c | 11 drivers/regulator/fixed.c | 1 drivers/spi/spi.c | 10 drivers/uio/uio_hv_generic.c | 32 fs/btrfs/inode.c | 4 fs/btrfs/scrub.c | 2 fs/btrfs/tree-log.c | 2 fs/btrfs/zoned.c | 4 fs/erofs/decompressor_zstd.c | 11 fs/exfat/namei.c | 6 fs/ext4/inode.c | 5 fs/ext4/xattr.c | 32 fs/ext4/xattr.h | 10 fs/f2fs/compress.c | 2 fs/fuse/virtio_fs.c | 2 fs/hostfs/hostfs_kern.c | 29 fs/namespace.c | 32 fs/nfs/dir.c | 23 fs/nfs/inode.c | 18 fs/nfs/nfs3client.c | 14 fs/nfs/nfs4client.c | 15 fs/nfs/nfs4proc.c | 22 fs/nfs/pnfs_nfs.c | 34 fs/nfs/sysfs.c | 1 fs/nfs/write.c | 3 fs/nfsd/nfs4state.c | 3 fs/nfsd/nfs4xdr.c | 3 fs/nfsd/nfsd.h | 1 fs/nfsd/nfsfh.c | 6 fs/nilfs2/segment.c | 7 fs/proc/base.c | 12 fs/proc/generic.c | 12 fs/proc/task_mmu.c | 8 fs/proc/task_nommu.c | 4 fs/smb/client/fs_context.c | 2 fs/smb/client/smb2inode.c | 2 fs/smb/client/transport.c | 2 fs/smb/server/smb2pdu.c | 2 fs/smb/server/transport_tcp.c | 5 include/linux/compiler_types.h | 5 include/linux/filter.h | 20 include/linux/huge_mm.h | 21 include/linux/kvm_host.h | 7 include/linux/map_benchmark.h | 1 include/linux/netpoll.h | 1 include/linux/nfs_xdr.h | 1 include/net/bluetooth/mgmt.h | 2 include/net/cfg80211.h | 78 + include/net/tc_act/tc_connmark.h | 1 include/uapi/linux/mount.h | 2 io_uring/napi.c | 19 kernel/bpf/trampoline.c | 5 kernel/bpf/verifier.c | 6 kernel/crash_core.c | 2 kernel/gcov/gcc_4_7.c | 4 kernel/power/swap.c | 17 kernel/sched/ext.c | 4 kernel/trace/ftrace.c | 20 mm/filemap.c | 20 mm/huge_memory.c | 32 mm/ksm.c | 113 ++ mm/memory.c | 23 mm/mm_init.c | 2 mm/percpu.c | 8 mm/secretmem.c | 2 mm/shmem.c | 9 mm/slub.c | 6 mm/truncate.c | 27 net/bluetooth/6lowpan.c | 97 + net/bluetooth/l2cap_core.c | 1 net/bluetooth/mgmt.c | 260 +++-- net/bluetooth/mgmt_util.c | 46 net/bluetooth/mgmt_util.h | 3 net/core/netpoll.c | 56 - net/handshake/tlshd.c | 1 net/hsr/hsr_device.c | 3 net/ipv4/route.c | 5 net/mac80211/chan.c | 2 net/mac80211/ieee80211_i.h | 4 net/mac80211/iface.c | 14 net/mac80211/link.c | 4 net/mac80211/mlme.c | 18 net/mac80211/rx.c | 10 net/mptcp/protocol.c | 36 net/netfilter/nf_tables_api.c | 66 - net/sched/act_bpf.c | 6 net/sched/act_connmark.c | 30 net/sched/act_ife.c | 12 net/sched/cls_bpf.c | 6 net/sched/sch_generic.c | 17 net/sctp/transport.c | 13 net/smc/smc_clc.c | 1 net/strparser/strparser.c | 2 net/tipc/net.c | 2 net/unix/garbage.c | 14 net/wireless/core.c | 56 + net/wireless/trace.h | 21 rust/Makefile | 16 sound/pci/hda/hda_component.c | 4 sound/soc/codecs/cs4271.c | 10 sound/soc/codecs/lpass-va-macro.c | 2 sound/soc/codecs/max98090.c | 6 sound/soc/codecs/tas2781-i2c.c | 9 sound/usb/endpoint.c | 5 sound/usb/mixer.c | 2 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 4 tools/testing/selftests/iommu/iommufd.c | 2 tools/testing/selftests/net/forwarding/local_termination.sh | 2 tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 90 - tools/testing/selftests/net/mptcp/mptcp_lib.sh | 21 tools/testing/selftests/user_events/perf_test.c | 2 virt/kvm/guest_memfd.c | 89 + 182 files changed, 2089 insertions(+), 907 deletions(-) Abdun Nihaal (3): HID: playstation: Fix memory leak in dualshock4_get_calibration_data() HID: uclogic: Fix potential memory leak in error path isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Aksh Garg (2): net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism Al Viro (1): simplify nfs_atomic_open_v23() Alexander Sverdlin (1): selftests: net: local_termination: Wait for interfaces to come up Alok Tiwari (1): virtio-fs: fix incorrect check for fsvq->kobj Anand Moon (1): arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 Andrei Vagin (1): fs/namespace: correctly handle errors returned by grab_requested_mnt_ns André Draszik (1): pmdomain: samsung: plug potential memleak during probe Ankit Khushwaha (1): selftests/user_events: fix type cast for write_index packed member in perf_test Balasubramani Vivekanandan (1): drm/xe/guc: Synchronize Dead CT worker with unbind Benjamin Berg (3): wifi: mac80211: skip rate verification for not captured PSDUs wifi: cfg80211: add an hrtimer based delayed work item wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work Bibo Mao (2): LoongArch: KVM: Restore guest PMU if it is enabled LoongArch: KVM: Add delay until timer interrupt injected Borislav Petkov (AMD) (1): x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev Breno Leitao (3): net: netpoll: Individualize the skb pool net: netpoll: flush skb pool during cleanup net: netpoll: fix incorrect refcount handling causing incorrect cleanup Buday Csaba (1): net: mdio: fix resource leak in mdiobus_register_device() Chao Yu (1): f2fs: fix to avoid overflow while left shift operation Christian König (2): drm/amdgpu: remove two invalid BUG_ON()s drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Chuang Wang (1): ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Chuck Lever (1): NFSD: Skip close replay processing if XDR encoding fails D. Wythe (1): net/smc: fix mismatch between CLC header and proposal Dai Ngo (1): NFS: Fix LTP test failures when timestamps are delegated Dan Carpenter (1): mtd: onenand: Pass correct pointer to IRQ handler Danil Skrebenkov (1): RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Dave Jiang (1): acpi/hmat: Fix lockdep warning for hmem_register_resource() Denis Arefev (1): ALSA: hda: Fix missing pointer check in hda_component_manager_init function Dragan Simic (1): arm64: dts: rockchip: Make RK3588 GPU OPP table naming less generic Eduard Zingerman (1): bpf: account for current allocated stack depth in widen_imprecise_scalars() Edward Adam Davis (2): nilfs2: avoid having an active sc_timer before freeing sci cifs: client: fix memory leak in smb3_fs_context_parse_param Eric Biggers (1): lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Eric Dumazet (4): sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto net_sched: act_connmark: use RCU in tcf_connmark_dump() net_sched: limit try_bulk_dequeue_skb() batches bpf: Add bpf_prog_run_data_pointers() Felix Maurer (1): hsr: Fix supervision frame sending on HSRv0 Feng Jiang (1): riscv: Build loader.bin exclusively for Canaan K210 Filipe Manana (1): btrfs: do not update last_log_commit when logging inode due to a new name Gal Pressman (3): net/mlx5e: Fix maxrate wraparound in threshold between units net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps net/mlx5e: Fix potentially misleading debug message Gao Xiang (1): erofs: avoid infinite loop due to incomplete zstd-compressed data Gautham R. Shenoy (4): ACPI: CPPC: Detect preferred core availability on online CPUs ACPI: CPPC: Check _CPC validity for only the online CPUs ACPI: CPPC: Perform fast check switch only for online CPUs ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Greg Kroah-Hartman (1): Linux 6.12.59 Haein Lee (1): ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Han Gao (1): riscv: acpi: avoid errors caused by probing DT devices when ACPI is used Hans de Goede (1): spi: Try to get ACPI GPIO IRQ earlier Hao Ge (1): codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Haotian Zhang (3): regulator: fixed: fix GPIO descriptor leak on register failure ASoC: cs4271: Fix regulator leak on probe failure ASoC: codecs: va-macro: fix resource leak in probe error path Henrique Carvalho (1): smb: client: fix cifs_pick_channel when channel needs reconnect Hongbo Li (1): hostfs: Fix only passing host root in boot stage with new mount Horatiu Vultur (4): net: phy: micrel: Introduce lanphy_modify_page_reg net: phy: micrel: Replace hardcoded pages with defines net: phy: micrel: lan8814 fix reset of the QSGMII interface net: phy: micrel: Fix lan8814_config_init Huacai Chen (2): LoongArch: Use correct accessor to read FWPC/MWPC LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Ian Forbes (1): drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Isaac J. Manjarres (1): mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jaehun Gou (1): exfat: fix improper check of dentry.stream.valid_size Janusz Krzysztofik (1): drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jason Gunthorpe (1): iommufd: Make vfio_compat's unmap succeed if the range is already empty Jason-JH Lin (1): drm/mediatek: Add pm_runtime support for GCE power control Jesse.Zhang (1): drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Jialin Wang (1): proc: proc_maps_open allow proc_mem_open to return NULL Jihed Chaibi (1): ARM: dts: imx51-zii-rdu1: Fix audmux node names Johannes Berg (1): wifi: mac80211: reject address change while connecting John Sperbeck (1): net: netpoll: ensure skb_pool list is always initialized Jonathan Kim (1): drm/amdkfd: relax checks for over allocation of save area Joshua Rogers (1): ksmbd: close accepted socket when per-IP limit rejects connection Joshua Watt (2): NFS4: Fix state renewals missing after boot NFS4: Apply delay_retrans to async operations Jouni Högander (1): drm/xe: Do clean shutdown also when using flr Kairui Song (1): mm/shmem: fix THP allocation and fallback loop Kiryl Shutsemau (2): mm/memory: do not populate page table entries beyond i_size mm/truncate: unmap large folio on split failure Kuniyuki Iwashima (2): tipc: Fix use-after-free in tipc_mon_reinit_self(). af_unix: Initialise scc_index in unix_add_edge(). Lance Yang (1): mm/secretmem: fix use-after-free race in fault handler Long Li (1): uio_hv_generic: Set event for all channels on the device Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix possible UAFs Manivannan Sadhasivam (1): wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path Mario Limonciello (1): drm/amd: Fix suspend failure with secure display TA Mario Limonciello (AMD) (2): PM: hibernate: Emit an error when image writing fails PM: hibernate: Use atomic64_t for compressed_size variable Masami Ichikawa (1): HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Matthieu Baerts (NGI0) (6): selftests: mptcp: connect: fix fallback note due to OoO selftests: mptcp: join: rm: set backup flag selftests: mptcp: join: endpoints: longer transfer selftests: mptcp: connect: trunc: read all recv data selftests: mptcp: join: userspace: longer transfer selftests: mptcp: join: properly kill background tasks Miaoqian Lin (2): crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value pmdomain: imx: Fix reference count leak in imx_gpc_remove Michal Hocko (1): mm, percpu: do not consider sleepable allocations atomic Miguel Ojeda (2): rust: kbuild: treat `build_error` and `rustdoc` as kernel objects rust: kbuild: workaround `rustdoc` doctests modifier bug Naohiro Aota (1): btrfs: zoned: fix conventional zone capacity calculation Nate Karstens (1): strparser: Fix signed/unsigned mismatch bug NeilBrown (1): nfsd: fix refcount leak in nfsd_set_fh_dentry() Nick Hu (1): irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops Nicolas Escande (1): wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Niravkumar L Rabara (2): EDAC/altera: Handle OCRAM ECC enable after warm reset EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Oleg Makarenko (1): HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel Olga Kornievskaia (2): nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes NFSD: free copynotify stateid in nfs4_free_ol_stateid() Olivier Langlois (1): io_uring/napi: fix io_napi_entry RCU accesses Pablo Neira Ayuso (2): Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" netfilter: nf_tables: reject duplicate device on updates Paolo Abeni (1): mptcp: fix MSG_PEEK stream corruption Pauli Virtanen (6): Bluetooth: MGMT: cancel mesh send timer when hdev removed Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Bluetooth: L2CAP: export l2cap_chan_hold for modules Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete Pedro Demarchi Gomes (1): ksm: use range-walk function to jump over holes in scan_get_next_rmap_item Penglei Jiang (1): proc: fix the issue of proc_mem_open returning NULL Peter Oberparleiter (1): gcov: add support for GCC 15 Peter Zijlstra (1): compiler_types: Move unused static inline functions warning to W=2 Qinxin Xia (1): dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Rafał Miłecki (1): ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY Ranganath V N (2): net: sched: act_connmark: initialize struct tc_ife to fix kernel leak net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Raphael Pinsonneault-Thibeault (1): Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Scott Mayhew (1): NFS: check if suid/sgid was cleared after a write as needed Sean Christopherson (3): KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying KVM: VMX: Split out guts of EPT violation to common/exposed function Sharique Mohammad (1): ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Shawn Lin (2): mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 mmc: dw_mmc-rockchip: Fix wrong internal phase calculate Shenghao Ding (1): ASoC: tas2781: fix getting the wrong device number Shuai Xue (1): acpi,srat: Fix incorrect device handle check for Generic Initiator Shuhao Fu (1): smb: client: fix refcount leak in smb2_set_path_attr Song Liu (1): ftrace: Fix BPF fexit with livepatch Sourabh Jain (1): crash: fix crashkernel resource shrink Steven Rostedt (1): selftests/tracing: Run sample events to clear page cache events Stuart Hayhurst (1): HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Sukrit Bhatnagar (1): KVM: VMX: Fix check for valid GVA on an EPT violation Takashi Iwai (1): ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Tejas Upadhyay (1): drm/xe: Move declarations under conditional branch Tianyang Zhang (1): LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Timur Kristóf (1): drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Tristan Lobb (1): HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Trond Myklebust (4): pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS NFSv2/v3: Fix error handling in nfs_atomic_open_v23() NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Umesh Nerlige Ramappa (1): drm/i915: Fix conversion between clock ticks and nanoseconds Vicki Pfau (1): HID: nintendo: Wait longer for initial probe Vitaly Prosyak (1): drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces Vladimir Oltean (1): net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() Wei Fang (1): net: fec: correct rx_bytes statistic for the case SHIFT16 is set Wei Yang (1): fs/proc: fix uaf in proc_readdir_de() Xi Ruoyao (1): rust: Add -fno-isolate-erroneous-paths-dereference to bindgen_skip_c_flags Xuan Zhuo (1): virtio-net: fix incorrect flags recording in big mode Yan Zhao (1): KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file Yang Shi (1): arm64: kprobes: check the return value of set_memory_rox() Yang Xiuwei (1): NFS: sysfs: fix leak when nfs_client kobject add fails Ye Bin (2): ext4: introduce ITAIL helper ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() Yosry Ahmed (1): KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated ZhangGuoDong (2): smb/server: fix possible memory leak in smb2_read() smb/server: fix possible refcount leak in smb2_sess_setup() Zi Yan (2): mm/huge_memory: do not change split_huge_page*() target order silently mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order Zilin Guan (3): net/handshake: Fix memory leak in tls_handshake_accept() btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() btrfs: release root after error in data_reloc_print_warning_inode() Zqiang (1): sched_ext: Fix unsafe locking in the scx_dump_state()

1 week, 2 days

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror