Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

203 participants
124027 discussions

[PATCH v4] ocfs2: Add validate function for slot map blocks

by Prithvi Tambewagh

When the filesystem is being mounted, the kernel panics while the data regarding slot map allocation to the local node, is being written to the disk. This occurs because the value of slot map buffer head block number, which should have been greater than or equal to `OCFS2_SUPER_BLOCK_BLKNO` (evaluating to 2) is less than it, indicative of disk metadata corruption. This triggers BUG_ON(bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) in ocfs2_write_block(), causing the kernel to panic. This is fixed by introducing function ocfs2_validate_slot_map_block() to validate slot map blocks. It first checks if the buffer head passed to it is up to date and valid, else it panics the kernel at that point itself. Further, it contains an if condition block, which checks if `bh->b_blocknr` is lesser than `OCFS2_SUPER_BLOCK_BLKNO`; if yes, then ocfs2_error is called, which prints the error log, for debugging purposes, and the return value of ocfs2_error() is returned. If the if condition is false, value 0 is returned by ocfs2_validate_slot_map_block(). This function is used as validate function in calls to ocfs2_read_blocks() in ocfs2_refresh_slot_info() and ocfs2_map_slot_buffers(). Reported-by: syzbot+c818e5c4559444f88aa0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c818e5c4559444f88aa0 Tested-by: syzbot+c818e5c4559444f88aa0(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Prithvi Tambewagh <activprithvi(a)gmail.com> --- v3->v4: - Remove if condition in ocfs2_validate_slot_map_block() which checks if `rc` is zero - Update commit log message v3 link: https://lore.kernel.org/ocfs2-devel/tagu2npibmto5bgonhorg5krbvqho4zxsv5pulv… v2->v3: - Create new function ocfs2_validate_slot_map_block() to validate block number of slot map blocks, to be greater then or equal to OCFS2_SUPER_BLOCK_BLKNO - Use ocfs2_validate_slot_map_block() in calls to ocfs2_read_blocks() in ocfs2_refresh_slot_info() and ocfs2_map_slot_buffers() - In addition to using previously formulated if block in ocfs2_validate_slot_map_block(), also check if the buffer head passed in this function is up to date; if not, then kernel panics at that point - Update title of patch to 'ocfs2: Add validate function for slot map blocks' v2 link: https://lore.kernel.org/ocfs2-devel/nwkfpkm2wlajswykywnpt4sc6gdkesakw2sw7et… v1->v2: - Remove usage of le16_to_cpu() from ocfs2_error() - Cast bh->b_blocknr to unsigned long long - Remove type casting for OCFS2_SUPER_BLOCK_BLKNO - Fix Sparse warnings reported in v1 by kernel test robot - Update title from 'ocfs2: Fix kernel BUG in ocfs2_write_block' to 'ocfs2: fix kernel BUG in ocfs2_write_block' v1 link: https://lore.kernel.org/all/20251206154819.175479-1-activprithvi@gmail.com/… fs/ocfs2/slot_map.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/slot_map.c b/fs/ocfs2/slot_map.c index e544c704b583..ea4a68abc25b 100644 --- a/fs/ocfs2/slot_map.c +++ b/fs/ocfs2/slot_map.c @@ -44,6 +44,9 @@ struct ocfs2_slot_info { static int __ocfs2_node_num_to_slot(struct ocfs2_slot_info *si, unsigned int node_num); +static int ocfs2_validate_slot_map_block(struct super_block *sb, + struct buffer_head *bh); + static void ocfs2_invalidate_slot(struct ocfs2_slot_info *si, int slot_num) { @@ -132,7 +135,8 @@ int ocfs2_refresh_slot_info(struct ocfs2_super *osb) * this is not true, the read of -1 (UINT64_MAX) will fail. */ ret = ocfs2_read_blocks(INODE_CACHE(si->si_inode), -1, si->si_blocks, - si->si_bh, OCFS2_BH_IGNORE_CACHE, NULL); + si->si_bh, OCFS2_BH_IGNORE_CACHE, + ocfs2_validate_slot_map_block); if (ret == 0) { spin_lock(&osb->osb_lock); ocfs2_update_slot_info(si); @@ -332,6 +336,24 @@ int ocfs2_clear_slot(struct ocfs2_super *osb, int slot_num) return ocfs2_update_disk_slot(osb, osb->slot_info, slot_num); } +static int ocfs2_validate_slot_map_block(struct super_block *sb, + struct buffer_head *bh) +{ + int rc; + + BUG_ON(!buffer_uptodate(bh)); + + if (bh->b_blocknr < OCFS2_SUPER_BLOCK_BLKNO) { + rc = ocfs2_error(sb, + "Invalid Slot Map Buffer Head " + "Block Number : %llu, Should be >= %d", + (unsigned long long)bh->b_blocknr, + OCFS2_SUPER_BLOCK_BLKNO); + return rc; + } + return 0; +} + static int ocfs2_map_slot_buffers(struct ocfs2_super *osb, struct ocfs2_slot_info *si) { @@ -383,7 +405,8 @@ static int ocfs2_map_slot_buffers(struct ocfs2_super *osb, bh = NULL; /* Acquire a fresh bh */ status = ocfs2_read_blocks(INODE_CACHE(si->si_inode), blkno, - 1, &bh, OCFS2_BH_IGNORE_CACHE, NULL); + 1, &bh, OCFS2_BH_IGNORE_CACHE, + ocfs2_validate_slot_map_block); if (status < 0) { mlog_errno(status); goto bail; base-commit: 24172e0d79900908cf5ebf366600616d29c9b417 -- 2.43.0

3 weeks, 1 day

[PATCH v3 0/7] rust: build_assert: document and fix use with function arguments

by Alexandre Courbot

`build_assert` relies on the compiler to optimize out its error path, lest build fails with the dreaded error: ERROR: modpost: "rust_build_error" [path/to/module.ko] undefined! It has been observed that very trivial code performing I/O accesses (sometimes even using an immediate value) would seemingly randomly fail with this error whenever `CLIPPY=1` was set. The same behavior was also observed until different, very similar conditions [1][2]. The cause, as pointed out by Gary Guo [3], appears to be that the failing function is eventually using `build_assert` with its argument, but is only annotated with `#[inline]`. This gives the compiler freedom to not inline the function, which it notably did when Clippy was active, triggering the error. The fix is to annotate functions passing their argument to `build_assert` with `#[inline(always)]`, telling the compiler to be as aggressive as possible with their inlining. This is also the correct behavior as inlining is mandatory for correct behavior in these cases. This series fixes all possible points of failure in the kernel crate, and adds documentation to `build_assert` explaining how to properly inline functions for which this behavior may arise. [1] https://lore.kernel.org/all/DEEUYUOAEZU3.1J1HM2YQ10EX1@nvidia.com/ [2] https://lore.kernel.org/all/A1A280D4-836E-4D75-863E-30B1C276C80C@collabora.… [3] https://lore.kernel.org/all/20251121143008.2f5acc33.gary@garyguo.net/ Signed-off-by: Alexandre Courbot <acourbot(a)nvidia.com> --- Changes in v3: - Add "Fixes:" tags. - CC stable on fixup patches. - Link to v2: https://patch.msgid.link/20251128-io-build-assert-v2-0-a9ea9ce7d45d@nvidia.… Changes in v2: - Turn into a series and address other similar cases in the kernel crate. - Link to v1: https://patch.msgid.link/20251127-io-build-assert-v1-1-04237f2e5850@nvidia.… --- Alexandre Courbot (7): rust: build_assert: add instructions for use with function arguments rust: io: always inline functions using build_assert with arguments rust: cpufreq: always inline functions using build_assert with arguments rust: bits: always inline functions using build_assert with arguments rust: sync: refcount: always inline functions using build_assert with arguments rust: irq: always inline functions using build_assert with arguments rust: num: bounded: add missing comment for always inlined function rust/kernel/bits.rs | 6 ++++-- rust/kernel/build_assert.rs | 7 ++++++- rust/kernel/cpufreq.rs | 2 ++ rust/kernel/io.rs | 9 ++++++--- rust/kernel/io/resource.rs | 2 ++ rust/kernel/irq/flags.rs | 2 ++ rust/kernel/num/bounded.rs | 1 + rust/kernel/sync/refcount.rs | 3 ++- 8 files changed, 25 insertions(+), 7 deletions(-) --- base-commit: ba65a4e7120a616d9c592750d9147f6dcafedffa change-id: 20251127-io-build-assert-3579a5bfb81c Best regards, -- Alexandre Courbot <acourbot(a)nvidia.com>

3 weeks, 1 day

[PATCH 6.6 000/529] 6.6.117-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.117 release. There are 529 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 23 Nov 2025 13:01:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.117-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.117-rc1 Breno Leitao <leitao(a)debian.org> memcg: fix data-race KCSAN bug in rstats Dave Jiang <dave.jiang(a)intel.com> ACPI: HMAT: Remove register of memory node for generic target Yosry Ahmed <yosryahmed(a)google.com> mm: memcg: optimize parent iteration in memcg_rstat_updated() Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Ying Huang <ying.huang(a)intel.com> memory tiers: use default_dram_perf_ref_source in log message Nhat Pham <nphamcs(a)gmail.com> cachestat: do not flush stats in recency check John Sperbeck <jsperbeck(a)google.com> net: netpoll: ensure skb_pool list is always initialized Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Lance Yang <lance.yang(a)linux.dev> mm/secretmem: fix use-after-free race in fault handler Kiryl Shutsemau <kas(a)kernel.org> mm/truncate: unmap large folio on split failure Kiryl Shutsemau <kas(a)kernel.org> mm/memory: do not populate page table entries beyond i_size Pankaj Raghav <p.raghav(a)samsung.com> filemap: cap PTE range to be created to allowed zero fill in folio_map_range() Yosry Ahmed <yosryahmed(a)google.com> mm: memcg: restore subtree stats flushing Yosry Ahmed <yosryahmed(a)google.com> mm: workingset: move the stats flush into workingset_test_recent() Yosry Ahmed <yosryahmed(a)google.com> mm: memcg: make stats flushing threshold per-memcg Yosry Ahmed <yosryahmed(a)google.com> mm: memcg: move vmstats structs definition above flushing code Yosry Ahmed <yosryahmed(a)google.com> mm: memcg: change flush_next_time to flush_last_time Domenico Cerasuolo <cerasuolodomenico(a)gmail.com> mm: memcg: add per-memcg zswap writeback stat Xin Hao <vernhao(a)tencent.com> mm: memcg: add THP swap out info for anonymous reclaim Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: core: Add a quirk to suppress link_startup_again Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Add a quirk for handling broken LSDBS field in controller capabilities register Eric Biggers <ebiggers(a)google.com> scsi: ufs: core: Add UFSHCD_QUIRK_KEYS_IN_PRDT Eric Biggers <ebiggers(a)google.com> scsi: ufs: core: Add fill_crypto_prdt variant op Eric Biggers <ebiggers(a)google.com> scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE Eric Biggers <ebiggers(a)google.com> scsi: ufs: core: fold ufshcd_clear_keyslot() into its caller Eric Biggers <ebiggers(a)google.com> scsi: ufs: core: Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE Qingfang Deng <dqfext(a)gmail.com> net: stmmac: Fix accessing freed irq affinity_hint Chao Yu <chao(a)kernel.org> f2fs: fix to avoid overflow while left shift operation Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Breno Leitao <leitao(a)debian.org> net: netpoll: flush skb pool during cleanup Breno Leitao <leitao(a)debian.org> net: netpoll: Individualize the skb pool Eric Dumazet <edumazet(a)google.com> netpoll: remove netpoll_srcu Michal Hocko <mhocko(a)suse.com> mm, percpu: do not consider sleepable allocations atomic Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Don't overflow during division for dirty tracking Qu Wenruo <wqu(a)suse.com> btrfs: ensure no dirty metadata is written back for an fs with errors Ariel D'Alessandro <ariel.dalessandro(a)collabora.com> drm/mediatek: Disable AFBC support on Mediatek DRM driver jingxian.li <jingxian.li(a)shopee.com> Revert "perf dso: Add missed dso__put to dso__load_kcore" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: trunc: read all recv data Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: rm: set backup flag Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix fallback note due to OoO André Draszik <andre.draszik(a)linaro.org> pmdomain: samsung: plug potential memleak during probe Filipe Manana <fdmanana(a)suse.com> btrfs: do not update last_log_commit when logging inode due to a new name Zilin Guan <zilin(a)seu.edu.cn> btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY Ankit Khushwaha <ankitkhushwaha.linux(a)gmail.com> selftests/user_events: fix type cast for write_index packed member in perf_test Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix cifs_pick_channel when channel needs reconnect Miaoqian Lin <linmq006(a)gmail.com> crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value Edward Adam Davis <eadavis(a)qq.com> cifs: client: fix memory leak in smb3_fs_context_parse_param Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Shawn Lin <shawn.lin(a)rock-chips.com> mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: reject address change while connecting Steven Rostedt <rostedt(a)goodmis.org> selftests/tracing: Run sample events to clear page cache events Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use correct accessor to read FWPC/MWPC Qinxin Xia <xiaqinxin(a)huawei.com> dma-mapping: benchmark: Restore padding to ensure uABI remained consistent Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Joshua Rogers <linux(a)joshua.hu> ksmbd: close accepted socket when per-IP limit rejects connection Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated Abdun Nihaal <nihaal(a)cse.iitm.ac.in> HID: uclogic: Fix potential memory leak in error path Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: imx51-zii-rdu1: Fix audmux node names Anand Moon <linux.amoon(a)gmail.com> arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Sabrina Dubroca <sd(a)queasysnail.net> espintcp: fix skb leaks Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: improve shutdown sequence Paolo Abeni <pabeni(a)redhat.com> net: allow small head cache usage with large MAX_SKB_FRAGS values Wang Liang <wangliang74(a)huawei.com> net: fix NULL pointer dereference in l3mdev_l3_rcv Nick Hu <nick.hu(a)sifive.com> irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops Eduard Zingerman <eddyz87(a)gmail.com> bpf: account for current allocated stack depth in widen_imprecise_scalars() Eric Dumazet <edumazet(a)google.com> bpf: Add bpf_prog_run_data_pointers() Dave Jiang <dave.jiang(a)intel.com> acpi/hmat: Fix lockdep warning for hmem_register_resource() Dave Jiang <dave.jiang(a)intel.com> base/node / ACPI: Enumerate node access class for 'struct access_coordinate' Dave Jiang <dave.jiang(a)intel.com> acpi: numa: Add setting of generic port system locality attributes Dave Jiang <dave.jiang(a)intel.com> acpi: Break out nesting for hmat_parse_locality() Dave Jiang <dave.jiang(a)intel.com> acpi: numa: Add genport target allocation to the HMAT parsing Dave Jiang <dave.jiang(a)intel.com> acpi: numa: Create enum for memory_target access coordinates indexing Dave Jiang <dave.jiang(a)intel.com> base/node / acpi: Change 'node_hmem_attrs' to 'access_coordinates' Huang Ying <ying.huang(a)intel.com> acpi, hmat: calculate abstract distance with HMAT Huang Ying <ying.huang(a)intel.com> acpi, hmat: refactor hmat_register_target_initiators() Huang Ying <ying.huang(a)intel.com> memory tiering: add abstract distance calculation algorithms management Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Yang Xiuwei <yangxiuwei(a)kylinos.cn> NFS: sysfs: fix leak when nfs_client kobject add fails Trond Myklebust <trond.myklebust(a)hammerspace.com> pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: enable nconnect for RDMA Trond Myklebust <trond.myklebust(a)hammerspace.com> pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: fix getting the wrong device number Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: codecs: va-macro: fix resource leak in probe error path Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator David Howells <dhowells(a)redhat.com> cifs: Fix uncached read into ITER_KVEC iterator Shyam Prasad N <sprasad(a)microsoft.com> cifs: stop writeback extension when change of size is detected Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Perform fast check switch only for online CPUs Gautham R. Shenoy <gautham.shenoy(a)amd.com> ACPI: CPPC: Check _CPC validity for only the online CPUs Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio-net: fix incorrect flags recording in big mode Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix potentially misleading debug message Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Eric Dumazet <edumazet(a)google.com> net_sched: act_connmark: use RCU in tcf_connmark_dump() Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Initialise scc_index in unix_add_edge(). Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). Zilin Guan <zilin(a)seu.edu.cn> net/handshake: Fix memory leak in tls_handshake_accept() D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Pauli Virtanen <pav(a)iki.fi> Bluetooth: MGMT: cancel mesh send timer when hdev removed Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Alexander Sverdlin <alexander.sverdlin(a)siemens.com> selftests: net: local_termination: Wait for interfaces to come up Nicolas Escande <nico.escande(a)gmail.com> wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down ZhangGuoDong <zhangguodong(a)kylinos.cn> smb/server: fix possible refcount leak in smb2_sess_setup() ZhangGuoDong <zhangguodong(a)kylinos.cn> smb/server: fix possible memory leak in smb2_read() Oleg Makarenko <oleg(a)makarenk.ooo> HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel Scott Mayhew <smayhew(a)redhat.com> NFS: check if suid/sgid was cleared after a write as needed Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable MCLK switching on SI at high pixel clocks Han Gao <rabenda.cn(a)gmail.com> riscv: acpi: avoid errors caused by probing DT devices when ACPI is used Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix suspend failure with secure display TA Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Make vfio_compat's unmap succeed if the range is already empty Shuhao Fu <sfual(a)cse.ust.hk> smb: client: fix refcount leak in smb2_set_path_attr Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915: Fix conversion between clock ticks and nanoseconds Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: set test timeout to 10 minutes Clément Léger <cleger(a)rivosinc.com> riscv: stacktrace: fix backtracing through exceptions Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix black screen with HDMI outputs Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Fix function header names in amdgpu_connectors.c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: fix received length check in big packets Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix potential UAF in smb2_close_cached_fid() Joshua Rogers <linux(a)joshua.hu> smb: client: validate change notify buffer before copy Mario Limonciello (AMD) <superm1(a)kernel.org> x86/microcode/AMD: Add more known models to entry sign checking Yuta Hayama <hayama(a)lineo.co.jp> rtc: rx8025: fix incorrect register reference Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Enable mst when it's detected but yet to be initialized Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: fix MST static key usage Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: fix use-after-free due to MST port state bypass Horatiu Vultur <horatiu.vultur(a)microchip.com> lan966x: Fix sleeping in atomic context Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix reserved multicast address table programming Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix skb size check for 64K pages Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix return value in case of module EEPROM read error Gal Pressman <gal(a)nvidia.com> net/mlx5e: Use extack in get module eeprom by page callback Martin Willi <martin(a)strongswan.org> wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix a possible memory leak in bnxt_ptp_init Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Wang Liang <wangliang74(a)huawei.com> selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh David Wei <dw(a)davidwei.uk> netdevsim: add Makefile for selftests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: use destination options instead of hop-by-hop Richard Gobert <richardbgobert(a)gmail.com> selftests/net: fix GRO coalesce test and add ext header coalesce tests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: fix out-of-order delivery of FIN in gro:tcp test Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx Abdun Nihaal <nihaal(a)cse.iitm.ac.in> Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: hci_event: validate skb length for unknown CC opcode Josephine Pfeiffer <hi(a)josie.lol> riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: stacktrace: Disable KASAN checks for non-current tasks Anton Blanchard <antonb(a)tenstorrent.com> riscv: Improve exception and system call latency Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix device bus LAN ID Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Use heuristic to find stream entity Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: refactor wake_up_bit() pattern of calling Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Geert Uytterhoeven <geert(a)linux-m68k.org> kbuild: uapi: Strip comments before size type check Bruno Thomsen <bruno.thomsen(a)gmail.com> rtc: pcf2127: fix watchdog interrupt mask on pcf2131 Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sascha Hauer <s.hauer(a)pengutronix.de> tools: lib: thermal: use pkg-config to locate libnl3 Emil Dahl Juhl <juhl.emildahl(a)gmail.com> tools: lib: thermal: don't preserve owner in install Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Hoyoung Seo <hy50.seo(a)samsung.com> scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Initialize all cores to max frequencies Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Jerome Brunet <jbrunet(a)baylibre.com> NTB: epf: Allow arbitrary BAR mapping Matthias Schiffer <matthias.schiffer(a)tq-group.com> clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Nicolas Ferre <nicolas.ferre(a)microchip.com> clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register Ryan Wanner <Ryan.Wanner(a)microchip.com> clk: at91: clk-master: Add check for divide by 3 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Josua Mayer <josua(a)solid-run.com> rtc: pcf2127: clear minute/second interrupt Chen-Yu Tsai <wens(a)csie.org> clk: sunxi-ng: sun6i-rtc: Add A523 specifics Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong WQE data when QP wraps around wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the modification of max_send_sge Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Set irdma_cq cq_num field during CQ create Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove unused struct irdma_cq fields Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Fix SD index calculation Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: restrict the dynamic range to exclude reserved minors Coiby Xu <coxu(a)redhat.com> ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Fiona Ebner <f.ebner(a)proxmox.com> smb: client: transport: avoid reconnects triggered by pending task work Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use sock_create_kern interface to create kernel socket Vladimir Riabchun <ferr.lambarginio(a)gmail.com> ftrace: Fix softlockup in ftrace_module_enable Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Qingfang Deng <dqfext(a)gmail.com> 6pack: drop redundant locking and refcounting Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Arkadiusz Bokowy <arkadiusz.bokowy(a)gmail.com> Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Don't query FEC statistics when FEC is disabled Primoz Fiser <primoz.fiser(a)norik.com> ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 Olivier Moysan <olivier.moysan(a)foss.st.com> ASoC: stm32: sai: manage context in set_sysclk callback Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw Julian Sun <sunjunchao(a)bytedance.com> ext4: increase IO priority of fastcommit chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Moti Haimovski <moti.haimovski(a)intel.com> accel/habanalabs: support mapping cb with vmalloc-backed coherent memory Konstantin Sinyuk <konstantin.sinyuk(a)intel.com> accel/habanalabs/gaudi2: read preboot status after recovering from dirty state Tomer Tayar <tomer.tayar(a)intel.com> accel/habanalabs: return ENOMEM if less than requested pages were pinned Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate Vered Yavniely <vered.yavniely(a)intel.com> accel/habanalabs/gaudi2: fix BMON disable configuration Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Petr Machata <petrm(a)nvidia.com> net: bridge: Install FDB for bridge MAC on VLAN 0 Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Karthi Kandasamy <karthi.kandasamy(a)amd.com> drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream Nithyanantham Paramasivam <nithyanantham.paramasivam(a)oss.qualcomm.com> wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Mario Limonciello <mario.limonciello(a)amd.com> PCI/PM: Skip resuming to D0 if device is disconnected Alex Mastro <amastro(a)fb.com> vfio: return -ENOTTY for unsupported device feature Al Viro <viro(a)zeniv.linux.org.uk> sparc64: fix prototypes of reads[bwl]() Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Seyediman Seyedarab <ImanDevel(a)gmail.com> iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Robert Marko <robert.marko(a)sartura.hr> net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: clear link parameters on admin link down Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/irdma: Update Kconfig Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation wangzijie <wangzijie1(a)honor.com> f2fs: fix infinite loop in __insert_extent_tree() Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Disable timestamp functionality if not supported Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Christian König <christian.koenig(a)amd.com> drm/amdgpu: reject gang submissions under SRIOV Mario Limonciello (AMD) <superm1(a)kernel.org> HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 Stefan Wahren <wahrenst(a)gmx.net> ethernet: Extend device_get_mac_address() to use NVMEM Jakub Kicinski <kuba(a)kernel.org> page_pool: always add GFP_NOWARN for ATOMIC allocations Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Disable VRR on DCE 6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DVI-D/HDMI adapters Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Avoid evicting resources at S5 Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl John Keeping <jkeeping(a)inmusicbrands.com> ALSA: serial-generic: remove shared static buffer Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: Temporarily disable EPCS Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - double the entropy delay interval for retry Niklas Cassel <cassel(a)kernel.org> PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - remove channel timeout field Sangwook Shin <sw617.shin(a)samsung.com> watchdog: s3c2410_wdt: Fix max_timeout being calculated larger Antheas Kapenekakis <lkml(a)antheas.dev> HID: asus: add Z13 folio to generic group for multitouch to work Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't reply to icmp error messages Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Jakub Kicinski <kuba(a)kernel.org> selftests: net: replace sleeps in fcnal-test with waits Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Michael Riesch <michael.riesch(a)collabora.com> phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Michael Dege <michael.dege(a)renesas.com> phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix HE capabilities element check Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ntfs3: pretend $Extend records as regular files Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Disable auto-hibern8 during power mode changes Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Enhance recovery on hibernation exit failure Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Enhance recovery on resume failure Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer Hao Yao <hao.yao(a)intel.com> media: ov08x40: Fix the horizontal flip control Xion Wang <xion.wang(a)mediatek.com> char: Use list_del_init() in misc_deregister() to reinitialize list pointer Antonino Maniscalco <antomani103(a)gmail.com> drm/msm: make sure to not queue up recovery more than once Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add support for cyan skillfish gpu_info Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't enable SMU on cyan skillfish Alex Deucher <alexander.deucher(a)amd.com> drm/amd: add more cyan skillfish PCI ids Hector Martin <marcan(a)marcan.st> iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Colin Foster <colin.foster(a)in-advantage.com> smsc911x: add second read of EEPROM mac when possible corruption seen Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Paul Kocialkowski <paulk(a)sys-base.io> media: verisilicon: Explicitly disable selection api ioctls for decoders Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Only validate format in querystd Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Do not write format to device in set_fmt Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Add missing lock in suspend callback Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled David Francis <David.Francis(a)amd.com> drm/amdgpu: Allow kfd CRIU with no buffer objects Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy_7nm: Fix missing initial VCO rate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Miroslav Lichvar <mlichvar(a)redhat.com> ptp: Limit time setting of PTP clocks Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Qianfeng Rong <rongqianfeng(a)vivo.com> crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: rename stp node on EASY50712 reference board Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add model to EASY50712 dts Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix vram allocation failure for a special case Miklos Szeredi <mszeredi(a)redhat.com> fuse: zero initialize inode private data Heiner Kallweit <hkallweit1(a)gmail.com> net: phy: fixed_phy: let fixed_phy_unregister free the phy_device Andrew Davis <afd(a)ti.com> remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Fix controller init failure on fault during queue creation Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Oleksij Rempel <o.rempel(a)pengutronix.de> net: stmmac: Correctly handle Rx checksum offload errors Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Haibo Chen <haibo.chen(a)nxp.com> iio: adc: imx93_adc: load calibrated values even calibration failed Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Kent Russell <kent.russell(a)amd.com> drm/amdkfd: Handle lack of READ permissions in SVM mapping Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: host: mediatek: Fix invalid access in vccqx handling Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Change reset sequence for improved stability Alice Chao <alice.chao(a)mediatek.com> scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO mode change Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: host: mediatek: Fix auto-hibern8 timer configuration Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Use pci_uevent_ers() in PCI recovery Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Lukas Wunner <lukas(a)wunner.de> thunderbolt: Use is_pciehp instead of is_hotplug_bridge Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> ice: Don't use %pK through printk or tracepoints Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Mehdi Djait <mehdi.djait(a)linux.intel.com> media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Set crtc modesetting parameters with adjusted mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: amphion: Delete v4l2_fh synchronously in .release() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: sdio: use indirect IO for device registers before power-on Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on aldebaran Paul Hsieh <Paul.Hsieh(a)amd.com> drm/amd/display: update dpp/disp clock from smu clock table Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: add more cyan skillfish devices Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration Clay King <clayking(a)amd.com> drm/amd/display: ensure committing streams is seamless Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Ben Copeland <ben.copeland(a)linaro.org> hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Alistair Francis <alistair.francis(a)wdc.com> nvme: Use non zero KATO for persistent discovery connections Amery Hung <ameryhung(a)gmail.com> bpf: Clear pfmemalloc flag when freeing all fragments Chenghao Duan <duanchenghao(a)kylinos.cn> riscv: bpf: Fix uninitialized symbol 'retval_off' Yu Kuai <yukuai3(a)huawei.com> blk-cgroup: fix possible deadlock while configuring policy Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Biju Das <biju.das.jz(a)bp.renesas.com> spi: rpc-if: Add resume support for RZ/G3E Pranav Tyagi <pranav.tyagi03(a)gmail.com> futex: Don't leak robust_list pointer on exec race Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Tom Stellard <tstellar(a)redhat.com> bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 Fenglin Wu <fenglin.wu(a)oss.qualcomm.com> power: supply: qcom_battmgr: handle charging state change notifications Janne Grunau <j(a)jannau.net> pmdomain: apple: Add "apple,t8103-pmgr-pwrstate" Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: fix error return value in cpupower_write_sysfs() Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Do not limit bpf_cgroup_from_id to current's namespace Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Daniel Wagner <wagi(a)kernel.org> nvmet-fc: avoid scheduling association deletion twice Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: transformer-20: fix audio-codec interrupt Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: transformer-20: add missing magnetometer interrupt Svyatoslav Ryhel <clamor95(a)gmail.com> soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> arm64: zynqmp: Revert usb node drive strength and slew rate for zcu106 Ming Wang <wangming01(a)loongson.cn> irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller Andreas Kemnade <andreas(a)kemnade.info> hwmon: sy7636a: add alias Fabien Proriol <fabien.proriol(a)viavisolutions.com> power: supply: sbs-charger: Support multiple devices Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: keembay: release allocated memory in detach path Chuande Chen <chuachen(a)cisco.com> hwmon: (sbtsi_temp) AMD CPU extended temperature range support Rong Zhang <i(a)rong.moe> hwmon: (k10temp) Add device ID for Strix Halo Avadhut Naik <avadhut.naik(a)amd.com> hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models Christopher Ruehl <chris.ruehl(a)gtsys.com.hk> power: supply: qcom_battmgr: add OOI chemistry Hans de Goede <hansg(a)kernel.org> ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] Shang song (Lenovo) <shangsong2(a)foxmail.com> ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Inochi Amaoto <inochiama(a)gmail.com> irqchip/sifive-plic: Respect mask state when setting affinity Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Ryan Chen <ryan_chen(a)aspeedtech.com> soc: aspeed: socinfo: Add AST27xx silicon IDs Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Thomas Zimmermann <tzimmermann(a)suse.de> drm/sysfb: Do not dereference NULL pointer in plane reset Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix race in drm_sched_entity_select_rq() Heiko Carstens <hca(a)linux.ibm.com> s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP Pierre Gondois <pierre.gondois(a)arm.com> sched/fair: Use all little CPUs for CPU-bound workloads Vincent Guittot <vincent.guittot(a)linaro.org> sched/pelt: Avoid underestimation of task utilization Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Select polling state in some more cases Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Rearrange main loop in menu_select() Farhan Ali <alifm(a)linux.ibm.com> s390/pci: Restore IRQ unconditionally for the zPCI device Paolo Abeni <pabeni(a)redhat.com> mptcp: fix MSG_PEEK stream corruption Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix device use-after-free on unbind Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Abdun Nihaal <nihaal(a)cse.iitm.ac.in> sfc: fix potential memory leak in efx_mae_process_mport() Jijie Shao <shaojijie(a)huawei.com> net: hns3: return error code when function fails Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix tracking of periodic advertisement Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix another instance of dst_type handling Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset Cen Zhang <zzzccc427(a)163.com> Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix powerpc's stack register definition in bpf_tracing.h Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: fix bit order for DSD format Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Unprepare a stream when XRUN occurs Haotian Zhang <vulab(a)iscas.ac.cn> crypto: aspeed - fix double free caused by devm Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> crypto: aspeed-acry - Convert to platform remove callback returning void Ondrej Mosnacek <omosnace(a)redhat.com> bpf: Do not audit capability check in do_jit() Wonkon Kim <wkon.kim(a)samsung.com> scsi: ufs: core: Initialize value of an attribute returned by uic cmd Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Karthik M <quic_karm(a)quicinc.com> wifi: ath12k: free skb during idr cleanup callback Mark Pearson <mpearson-lenovo(a)squebb.ca> wifi: ath11k: Add missing platform IDs for quirk table Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Ensure XFD state on signal delivery Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix potential cfid UAF in smb2_query_info_compound Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Paolo Abeni <pabeni(a)redhat.com> mptcp: restore window probe Paolo Abeni <pabeni(a)redhat.com> mptcp: drop bogus optimization in __mptcp_check_push() Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Johan Hovold <johan(a)kernel.org> Bluetooth: rfcomm: fix modem control handling Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> ACPI: button: Call input_free_device() on failing input device registration Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Quanmin Yan <yanquanmin1(a)huawei.com> fbcon: Set fb_display[i]->mode to NULL when the mode is released Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() ------------- Diffstat: Documentation/admin-guide/cgroup-v2.rst | 9 + MAINTAINERS | 1 + Makefile | 4 +- arch/arc/include/asm/bitops.h | 2 + .../boot/dts/broadcom/bcm47189-luxul-xap-1440.dts | 4 +- arch/arm/boot/dts/nvidia/tegra20-asus-tf101.dts | 5 +- arch/arm/boot/dts/nxp/imx/imx51-zii-rdu1.dts | 4 +- arch/arm/crypto/Kconfig | 2 +- arch/arm/mach-at91/pm_suspend.S | 8 +- arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 + arch/arm64/boot/dts/xilinx/zynqmp-zcu106-revA.dts | 4 +- arch/loongarch/include/asm/hw_breakpoint.h | 4 +- arch/loongarch/include/asm/pgtable.h | 11 +- arch/loongarch/kernel/traps.c | 4 +- arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/boot/dts/lantiq/danube_easy50712.dts | 4 +- arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/cpu-hotplug.c | 1 + arch/riscv/kernel/entry.S | 18 +- arch/riscv/kernel/setup.c | 7 +- arch/riscv/kernel/stacktrace.c | 27 +- arch/riscv/mm/ptdump.c | 2 +- arch/riscv/net/bpf_jit_comp64.c | 5 +- arch/s390/Kconfig | 1 - arch/s390/include/asm/pci.h | 1 - arch/s390/pci/pci_event.c | 7 +- arch/s390/pci/pci_irq.c | 9 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/include/asm/io_64.h | 6 +- arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/x86/entry/vsyscall/vsyscall_64.c | 17 +- arch/x86/kernel/cpu/microcode/amd.c | 3 + arch/x86/kernel/fpu/core.c | 3 + arch/x86/kernel/kvm.c | 20 +- arch/x86/kvm/svm/svm.c | 4 + arch/x86/net/bpf_jit_comp.c | 2 +- block/blk-cgroup.c | 23 +- drivers/accel/habanalabs/common/memory.c | 2 +- drivers/accel/habanalabs/gaudi/gaudi.c | 19 + drivers/accel/habanalabs/gaudi2/gaudi2.c | 15 +- drivers/accel/habanalabs/gaudi2/gaudi2_coresight.c | 2 +- drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/button.c | 4 +- drivers/acpi/cppc_acpi.c | 6 +- drivers/acpi/numa/hmat.c | 322 ++++++++++----- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/prmt.c | 19 +- drivers/acpi/property.c | 24 +- drivers/acpi/scan.c | 2 + drivers/base/node.c | 18 +- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btmtksdio.c | 12 + drivers/bluetooth/btrtl.c | 4 +- drivers/bluetooth/btusb.c | 30 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 40 +- drivers/clk/at91/clk-master.c | 3 + drivers/clk/at91/clk-sam9x60-pll.c | 75 ++-- drivers/clk/sunxi-ng/ccu-sun6i-rtc.c | 11 + drivers/clk/ti/clk-33xx.c | 2 + drivers/clocksource/timer-vf-pit.c | 22 +- drivers/cpufreq/longhaul.c | 3 + drivers/cpufreq/tegra186-cpufreq.c | 27 +- drivers/cpuidle/cpuidle.c | 8 +- drivers/cpuidle/governors/menu.c | 79 ++-- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 1 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 5 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 2 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce-prng.c | 1 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce-trng.c | 1 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- drivers/crypto/aspeed/aspeed-acry.c | 8 +- drivers/crypto/caam/ctrl.c | 4 +- drivers/crypto/hisilicon/qm.c | 2 + drivers/crypto/intel/qat/qat_common/qat_uclo.c | 2 +- drivers/dma/dw-edma/dw-edma-core.c | 22 ++ drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +- drivers/dma/sh/shdmac.c | 17 +- drivers/edac/altera_edac.c | 22 +- drivers/extcon/extcon-adc-jack.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 66 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 23 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 19 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 10 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 23 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../drm/amd/display/dc/clk_mgr/dcn301/vg_clk_mgr.c | 16 + drivers/gpu/drm/amd/display/dc/core/dc.c | 19 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 14 +- drivers/gpu/drm/amd/display/dc/dc_helper.c | 5 + drivers/gpu/drm/amd/display/dc/dc_stream.h | 3 + drivers/gpu/drm/amd/display/dc/dm_services.h | 2 + .../gpu/drm/amd/display/dc/dml/dcn301/dcn301_fpu.c | 20 +- .../gpu/drm/amd/display/dc/link/link_detection.c | 5 + .../display/dc/link/protocols/link_dp_training.c | 9 +- drivers/gpu/drm/amd/display/include/dal_asic_id.h | 5 + drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 + .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 12 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/drm_gem_atomic_helper.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gt_clock_utils.c | 4 +- drivers/gpu/drm/i915/i915_vma.c | 16 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 10 - drivers/gpu/drm/mediatek/mtk_drm_plane.c | 24 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 + drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 37 +- drivers/gpu/drm/tidss/tidss_crtc.c | 7 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-asus.c | 6 +- drivers/hid/hid-ids.h | 6 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 2 + drivers/hid/hid-uclogic-params.c | 4 +- drivers/hid/i2c-hid/i2c-hid-acpi.c | 8 + drivers/hid/i2c-hid/i2c-hid-core.c | 28 +- drivers/hid/i2c-hid/i2c-hid.h | 2 + drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/hwmon/dell-smm-hwmon.c | 7 + drivers/hwmon/k10temp.c | 10 + drivers/hwmon/sbtsi_temp.c | 46 ++- drivers/hwmon/sy7636a-hwmon.c | 1 + drivers/iio/adc/imx93_adc.c | 18 +- drivers/iio/adc/spear_adc.c | 9 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 2 - drivers/infiniband/hw/irdma/Kconfig | 7 +- drivers/infiniband/hw/irdma/pble.c | 2 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/hw/irdma/verbs.h | 8 +- drivers/iommu/amd/init.c | 28 +- drivers/iommu/apple-dart.c | 5 + drivers/iommu/intel/debugfs.c | 10 +- drivers/iommu/intel/perf.c | 10 +- drivers/iommu/intel/perf.h | 5 +- drivers/iommu/iommufd/io_pagetable.c | 12 +- drivers/iommu/iommufd/ioas.c | 4 + drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/irqchip/irq-loongson-pch-lpc.c | 9 +- drivers/irqchip/irq-riscv-intc.c | 3 +- drivers/irqchip/irq-sifive-plic.c | 6 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 +- drivers/media/i2c/Kconfig | 2 +- drivers/media/i2c/adv7180.c | 48 +-- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/i2c/og01a1b.c | 6 +- drivers/media/i2c/ov08x40.c | 2 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/platform/amphion/vpu_v4l2.c | 7 +- drivers/media/platform/verisilicon/hantro_drv.c | 2 + drivers/media/platform/verisilicon/hantro_v4l2.c | 6 +- drivers/media/rc/imon.c | 61 +-- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/media/usb/uvc/uvc_driver.c | 15 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 + drivers/mmc/host/sdhci-of-dwcmshc.c | 2 +- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/net/dsa/b53/b53_common.c | 15 +- drivers/net/dsa/b53/b53_regs.h | 3 +- drivers/net/dsa/dsa_loop.c | 9 +- drivers/net/dsa/microchip/ksz9477.c | 98 ++++- drivers/net/dsa/microchip/ksz9477_reg.h | 3 +- drivers/net/dsa/microchip/ksz_common.c | 4 + drivers/net/dsa/microchip/ksz_common.h | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 +- drivers/net/ethernet/intel/ice/ice_trace.h | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 33 +- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 5 +- drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 12 +- .../ethernet/microchip/lan966x/lan966x_ethtool.c | 18 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 2 - .../net/ethernet/microchip/lan966x/lan966x_main.h | 4 +- .../ethernet/microchip/lan966x/lan966x_vcap_impl.c | 8 +- drivers/net/ethernet/microchip/sparx5/Kconfig | 2 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/sfc/mae.c | 4 + drivers/net/ethernet/smsc/smsc911x.c | 14 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 23 +- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 3 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 4 +- drivers/net/hamradio/6pack.c | 57 +-- drivers/net/ipvlan/ipvlan_l3s.c | 1 - drivers/net/mdio/of_mdio.c | 1 - drivers/net/phy/dp83867.c | 8 + drivers/net/phy/fixed_phy.c | 1 + drivers/net/phy/marvell.c | 39 +- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/phy/phy.c | 13 + drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/virtio_net.c | 41 +- drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 40 +- drivers/net/wireless/ath/ath11k/core.c | 54 ++- drivers/net/wireless/ath/ath11k/wmi.c | 3 + drivers/net/wireless/ath/ath12k/dp.h | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 34 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 2 + drivers/net/wireless/mediatek/mt76/mt7996/init.c | 1 - drivers/net/wireless/realtek/rtw88/sdio.c | 4 + drivers/net/wireless/virtual/mac80211_hwsim.c | 7 +- drivers/ntb/hw/epf/ntb_hw_epf.c | 103 ++--- drivers/nvme/host/core.c | 8 +- drivers/nvme/host/fc.c | 10 +- drivers/nvme/target/fc.c | 16 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/controller/dwc/pcie-designware.c | 4 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/pci-driver.c | 2 +- drivers/pci/pci.c | 5 + drivers/pci/quirks.c | 3 +- drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/phy/renesas/r8a779f0-ether-serdes.c | 28 ++ drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 +- drivers/pinctrl/pinctrl-keembay.c | 7 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/pmdomain/apple/pmgr-pwrstate.c | 1 + drivers/pmdomain/samsung/exynos-pm-domains.c | 11 +- drivers/power/supply/qcom_battmgr.c | 8 +- drivers/power/supply/sbs-charger.c | 16 +- drivers/ptp/ptp_clock.c | 13 +- drivers/regulator/fixed.c | 1 + drivers/remoteproc/qcom_q6v5.c | 5 + drivers/remoteproc/wkup_m3_rproc.c | 6 +- drivers/rtc/rtc-pcf2127.c | 19 +- drivers/rtc/rtc-rx8025.c | 2 +- drivers/scsi/libfc/fc_encode.h | 2 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_els.c | 6 +- drivers/scsi/lpfc/lpfc_init.c | 7 - drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 + drivers/scsi/mpt3sas/mpt3sas_transport.c | 3 + drivers/scsi/pm8001/pm8001_ctl.c | 24 +- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/soc/aspeed/aspeed-socinfo.c | 4 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 122 ++++++ drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi-rpc-if.c | 2 + drivers/spi/spi.c | 10 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/tb.c | 2 +- drivers/ufs/core/ufshcd-crypto.c | 34 +- drivers/ufs/core/ufshcd-crypto.h | 36 ++ drivers/ufs/core/ufshcd.c | 25 +- drivers/ufs/host/ufs-mediatek.c | 179 +++++++-- drivers/ufs/host/ufshcd-pci.c | 70 +++- drivers/usb/cdns3/cdnsp-gadget.c | 8 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 +- drivers/vfio/iova_bitmap.c | 5 +- drivers/vfio/vfio_main.c | 2 +- drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 +- drivers/video/fbdev/core/fbcon.c | 19 + drivers/video/fbdev/core/fbmem.c | 1 + drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + drivers/watchdog/s3c2410_wdt.c | 10 +- fs/9p/v9fs.c | 9 +- fs/btrfs/extent_io.c | 8 + fs/btrfs/file.c | 10 + fs/btrfs/scrub.c | 2 + fs/btrfs/tree-log.c | 2 +- fs/ceph/dir.c | 3 +- fs/ceph/file.c | 6 +- fs/ceph/locks.c | 5 +- fs/exfat/fatent.c | 11 +- fs/ext4/fast_commit.c | 2 +- fs/ext4/xattr.c | 2 +- fs/f2fs/compress.c | 2 +- fs/f2fs/extent_cache.c | 6 + fs/fuse/inode.c | 11 +- fs/hpfs/namei.c | 18 +- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs3client.c | 15 +- fs/nfs/nfs4client.c | 17 +- fs/nfs/nfs4proc.c | 15 +- fs/nfs/nfs4state.c | 3 + fs/nfs/pnfs_nfs.c | 34 +- fs/nfs/sysfs.c | 1 + fs/nfs/write.c | 3 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 3 +- fs/ntfs3/inode.c | 1 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- fs/smb/client/cached_dir.c | 16 +- fs/smb/client/file.c | 115 +++++- fs/smb/client/fs_context.c | 2 + fs/smb/client/smb2inode.c | 2 + fs/smb/client/smb2ops.c | 3 +- fs/smb/client/smb2pdu.c | 7 +- fs/smb/client/transport.c | 12 +- fs/smb/server/smb2pdu.c | 2 + fs/smb/server/transport_tcp.c | 12 +- include/linux/blk_types.h | 11 +- include/linux/cgroup.h | 1 + include/linux/compiler_types.h | 5 +- include/linux/fbcon.h | 2 + include/linux/filter.h | 22 +- include/linux/map_benchmark.h | 1 + include/linux/memcontrol.h | 8 +- include/linux/memory-tiers.h | 39 +- include/linux/netpoll.h | 1 + include/linux/node.h | 26 +- include/linux/pci.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/swap.h | 3 +- include/linux/vm_event_item.h | 1 + include/net/bluetooth/hci.h | 1 + include/net/bluetooth/hci_core.h | 8 + include/net/bluetooth/mgmt.h | 2 +- include/net/cls_cgroup.h | 2 +- include/net/gro.h | 3 + include/net/nfc/nci_core.h | 2 +- include/net/tc_act/tc_connmark.h | 1 + include/net/xdp.h | 5 + include/ufs/ufs_quirks.h | 3 + include/ufs/ufshcd.h | 44 +++ include/ufs/ufshci.h | 4 +- kernel/bpf/helpers.c | 2 +- kernel/bpf/ringbuf.c | 2 + kernel/bpf/verifier.c | 6 +- kernel/cgroup/cgroup.c | 24 +- kernel/events/uprobes.c | 7 + kernel/futex/syscalls.c | 106 ++--- kernel/gcov/gcc_4_7.c | 4 +- kernel/sched/fair.c | 15 +- kernel/trace/ftrace.c | 2 + kernel/trace/trace_events_hist.c | 6 +- lib/crypto/Makefile | 2 +- mm/filemap.c | 24 +- mm/memcontrol.c | 292 ++++++++------ mm/memory-tiers.c | 162 +++++++- mm/memory.c | 24 +- mm/mm_init.c | 2 +- mm/page_io.c | 8 +- mm/percpu.c | 8 +- mm/secretmem.c | 2 +- mm/truncate.c | 27 +- mm/vmscan.c | 3 +- mm/vmstat.c | 1 + mm/workingset.c | 54 ++- mm/zswap.c | 4 + net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 +++-- net/bluetooth/hci_event.c | 18 +- net/bluetooth/hci_sync.c | 23 +- net/bluetooth/iso.c | 8 +- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/mgmt.c | 7 +- net/bluetooth/rfcomm/tty.c | 26 +- net/bluetooth/sco.c | 7 + net/bridge/br.c | 5 + net/bridge/br_forward.c | 5 +- net/bridge/br_if.c | 1 + net/bridge/br_input.c | 4 +- net/bridge/br_mst.c | 10 +- net/bridge/br_private.h | 13 +- net/core/filter.c | 1 + net/core/gro.c | 3 - net/core/netpoll.c | 71 ++-- net/core/page_pool.c | 12 +- net/core/skbuff.c | 10 +- net/core/sock.c | 15 +- net/dsa/dsa.c | 7 + net/dsa/tag_brcm.c | 10 +- net/ethernet/eth.c | 5 +- net/handshake/tlshd.c | 1 + net/hsr/hsr_device.c | 3 + net/ipv4/esp4.c | 4 +- net/ipv4/netfilter/nf_reject_ipv4.c | 25 ++ net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 ++- net/ipv6/esp6.c | 4 +- net/ipv6/netfilter/nf_reject_ipv6.c | 30 ++ net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/iface.c | 14 +- net/mac80211/mlme.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/protocol.c | 54 ++- net/mptcp/protocol.h | 2 +- net/netfilter/nf_tables_api.c | 30 ++ net/rds/rds.h | 2 +- net/sched/act_bpf.c | 6 +- net/sched/act_connmark.c | 30 +- net/sched/act_ife.c | 12 +- net/sched/cls_bpf.c | 6 +- net/sched/sch_generic.c | 17 +- net/sctp/diag.c | 23 +- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/unix/garbage.c | 14 +- net/xfrm/espintcp.c | 4 +- security/integrity/ima/ima_appraise.c | 23 +- sound/drivers/serial-generic.c | 12 +- sound/pci/hda/patch_realtek.c | 17 +- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/lpass-va-macro.c | 2 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/codecs/tas2781-i2c.c | 9 +- sound/soc/codecs/tlv320aic3x.c | 32 +- sound/soc/fsl/fsl_sai.c | 3 +- sound/soc/intel/avs/pcm.c | 2 + sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/soc/qcom/sc8280xp.c | 3 + sound/soc/stm/stm32_sai_sub.c | 8 + sound/usb/endpoint.c | 5 + sound/usb/mixer.c | 9 + sound/usb/mixer_s1810c.c | 28 +- sound/usb/validate.c | 9 +- tools/bpf/bpftool/btf_dumper.c | 2 +- tools/bpf/bpftool/prog.c | 2 +- tools/include/linux/bitmap.h | 1 + tools/lib/bpf/bpf_tracing.h | 2 +- tools/lib/thermal/Makefile | 9 +- tools/perf/util/symbol.c | 1 - tools/power/cpupower/lib/cpuidle.c | 5 +- tools/power/cpupower/lib/cpupower.c | 2 +- .../x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/bpf/test_xsk.sh | 2 + .../selftests/drivers/net/netdevsim/Makefile | 21 + .../selftests/drivers/net/netdevsim/settings | 1 + .../ftrace/test.d/filter/event-filter-function.tc | 4 + tools/testing/selftests/iommu/iommufd.c | 2 + tools/testing/selftests/net/fcnal-test.sh | 432 +++++++++++---------- .../selftests/net/forwarding/local_termination.sh | 2 + tools/testing/selftests/net/gro.c | 101 ++++- tools/testing/selftests/net/mptcp/mptcp_connect.c | 18 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 +-- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- tools/testing/selftests/user_events/perf_test.c | 2 +- usr/include/headers_check.pl | 2 + 504 files changed, 4874 insertions(+), 2090 deletions(-)

3 weeks, 1 day

+ tools-mm-page_owner_sort-fix-timestamp-comparison-for-stable-sorting.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: tools/mm/page_owner_sort: fix timestamp comparison for stable sorting has been added to the -mm mm-hotfixes-unstable branch. Its filename is tools-mm-page_owner_sort-fix-timestamp-comparison-for-stable-sorting.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> Subject: tools/mm/page_owner_sort: fix timestamp comparison for stable sorting Date: Tue, 9 Dec 2025 10:15:52 +0530 The ternary operator in compare_ts() returns 1 when timestamps are equal, causing unstable sorting behavior. Replace with explicit three-way comparison that returns 0 for equal timestamps, ensuring stable qsort ordering and consistent output. Link: https://lkml.kernel.org/r/20251209044552.3396468-1-kaushlendra.kumar@intel.… Fixes: 8f9c447e2e2b ("tools/vm/page_owner_sort.c: support sorting pid and time") Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> Cc: Chongxi Zhao <zhaochongxi2019(a)email.szu.edu.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/mm/page_owner_sort.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/tools/mm/page_owner_sort.c~tools-mm-page_owner_sort-fix-timestamp-comparison-for-stable-sorting +++ a/tools/mm/page_owner_sort.c @@ -181,7 +181,11 @@ static int compare_ts(const void *p1, co { const struct block_list *l1 = p1, *l2 = p2; - return l1->ts_nsec < l2->ts_nsec ? -1 : 1; + if (l1->ts_nsec < l2->ts_nsec) + return -1; + if (l1->ts_nsec > l2->ts_nsec) + return 1; + return 0; } static int compare_cull_condition(const void *p1, const void *p2) _ Patches currently in -mm which might be from kaushlendra.kumar(a)intel.com are tools-mm-page_owner_sort-fix-timestamp-comparison-for-stable-sorting.patch

3 weeks, 1 day

+ selftests-mm-fix-thread-state-check-in-uffd-unit-tests.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix thread state check in uffd-unit-tests has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-thread-state-check-in-uffd-unit-tests.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Wake Liu <wakel(a)google.com> Subject: selftests/mm: fix thread state check in uffd-unit-tests Date: Wed, 10 Dec 2025 17:14:08 +0800 In the thread_state_get() function, the logic to find the thread's state character was using `sizeof(header) - 1` to calculate the offset from the "State:\t" string. The `header` variable is a `const char *` pointer. `sizeof()` on a pointer returns the size of the pointer itself, not the length of the string literal it points to. This makes the code's behavior dependent on the architecture's pointer size. This bug was identified on a 32-bit ARM build (`gsi_tv_arm`) for Android, running on an ARMv8-based device, compiled with Clang 19.0.1. On this 32-bit architecture, `sizeof(char *)` is 4. The expression `sizeof(header) - 1` resulted in an incorrect offset of 3, causing the test to read the wrong character from `/proc/[tid]/status` and fail. On 64-bit architectures, `sizeof(char *)` is 8, so the expression coincidentally evaluates to 7, which matches the length of "State:\t". This is why the bug likely remained hidden on 64-bit builds. To fix this and make the code portable and correct across all architectures, this patch replaces `sizeof(header) - 1` with `strlen(header)`. The `strlen()` function correctly calculates the string's length, ensuring the correct offset is always used. Link: https://lkml.kernel.org/r/20251210091408.3781445-1-wakel@google.com Fixes: f60b6634cd88 ("mm/selftests: add a test to verify mmap_changing race with -EAGAIN") Signed-off-by: Wake Liu <wakel(a)google.com> Acked-by: Peter Xu <peterx(a)redhat.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-unit-tests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-fix-thread-state-check-in-uffd-unit-tests +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1317,7 +1317,7 @@ static thread_state thread_state_get(pid p = strstr(tmp, header); if (p) { /* For example, "State:\tD (disk sleep)" */ - c = *(p + sizeof(header) - 1); + c = *(p + strlen(header)); return c == 'D' ? THR_STATE_UNINTERRUPTIBLE : THR_STATE_UNKNOWN; } _ Patches currently in -mm which might be from wakel(a)google.com are selftests-mm-fix-thread-state-check-in-uffd-unit-tests.patch

3 weeks, 1 day

[PATCH 6.1.y] dmaengine: idxd: Remove improper idxd_free

by lanbincn＠139.com

From: Yi Sun <yi.sun(a)intel.com> [ Upstream commit f41c538881eec4dcf5961a242097d447f848cda6 ] The call to idxd_free() introduces a duplicate put_device() leading to a reference count underflow: refcount_t: underflow; use-after-free. WARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110 ... Call Trace: <TASK> idxd_remove+0xe4/0x120 [idxd] pci_device_remove+0x3f/0xb0 device_release_driver_internal+0x197/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x74/0xf0 pci_unregister_driver+0x2e/0xb0 idxd_exit_module+0x34/0x7a0 [idxd] __do_sys_delete_module.constprop.0+0x183/0x280 do_syscall_64+0x54/0xd70 entry_SYSCALL_64_after_hwframe+0x76/0x7e The idxd_unregister_devices() which is invoked at the very beginning of idxd_remove(), already takes care of the necessary put_device() through the following call path: idxd_unregister_devices() -> device_unregister() -> put_device() In addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may trigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is called immediately after, it can result in a use-after-free. Remove the improper idxd_free() to avoid both the refcount underflow and potential memory corruption during module unload. Fixes: d5449ff1b04d ("dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call") Signed-off-by: Yi Sun <yi.sun(a)intel.com> Tested-by: Shuai Xue <xueshuai(a)linux.alibaba.com> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Link: https://lore.kernel.org/r/20250729150313.1934101-2-yi.sun@intel.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> [ Slightly adjust the context. ] Signed-off-by: Bin Lan <lanbincn(a)139.com> --- Without this patch, this issue can be reproduced in Linux-6.1.y when the idxd module is removed. --- drivers/dma/idxd/init.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c index 127a6a302a5b..6059ffc08eac 100644 --- a/drivers/dma/idxd/init.c +++ b/drivers/dma/idxd/init.c @@ -816,7 +816,6 @@ static void idxd_remove(struct pci_dev *pdev) destroy_workqueue(idxd->wq); perfmon_pmu_remove(idxd); put_device(idxd_confdev(idxd)); - idxd_free(idxd); } static struct pci_driver idxd_pci_driver = { -- 2.43.0

3 weeks, 1 day

[PATCH] vfs: fix EBUSY on FSCONFIG_CMD_CREATE retry

by Chen Linxuan via B4 Relay

From: Chen Linxuan <me(a)black-desk.cn> When using fsconfig(..., FSCONFIG_CMD_CREATE, ...), the filesystem context is retrieved from the file descriptor. Since the file structure persists across syscall restarts, the context state is preserved: // fs/fsopen.c SYSCALL_DEFINE5(fsconfig, ...) { ... fc = fd_file(f)->private_data; ... ret = vfs_fsconfig_locked(fc, cmd, &param); ... } In vfs_cmd_create(), the context phase is transitioned to FS_CONTEXT_CREATING before calling vfs_get_tree(): // fs/fsopen.c static int vfs_cmd_create(struct fs_context *fc, bool exclusive) { ... fc->phase = FS_CONTEXT_CREATING; ... ret = vfs_get_tree(fc); ... } However, vfs_get_tree() may return -ERESTARTNOINTR if the filesystem implementation needs to restart the syscall. For example, cgroup v1 does this when it encounters a race condition where the root is dying: // kernel/cgroup/cgroup-v1.c int cgroup1_get_tree(struct fs_context *fc) { ... if (unlikely(ret > 0)) { msleep(10); return restart_syscall(); } return ret; } If the syscall is restarted, fsconfig() is called again and retrieves the *same* fs_context. However, vfs_cmd_create() rejects the call because the phase was left as FS_CONTEXT_CREATING during the first attempt: if (fc->phase != FS_CONTEXT_CREATE_PARAMS) return -EBUSY; Fix this by resetting fc->phase back to FS_CONTEXT_CREATE_PARAMS if vfs_get_tree() returns -ERESTARTNOINTR. Cc: stable(a)vger.kernel.org Signed-off-by: Chen Linxuan <me(a)black-desk.cn> --- fs/fsopen.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/fsopen.c b/fs/fsopen.c index f645c99204eb..8a7cb031af50 100644 --- a/fs/fsopen.c +++ b/fs/fsopen.c @@ -229,6 +229,10 @@ static int vfs_cmd_create(struct fs_context *fc, bool exclusive) fc->exclusive = exclusive; ret = vfs_get_tree(fc); + if (ret == -ERESTARTNOINTR) { + fc->phase = FS_CONTEXT_CREATE_PARAMS; + return ret; + } if (ret) { fc->phase = FS_CONTEXT_FAILED; return ret; --- base-commit: 187d0801404f415f22c0b31531982c7ea97fa341 change-id: 20251213-mount-ebusy-8ee3888a7e4f Best regards, -- Chen Linxuan <me(a)black-desk.cn>

3 weeks, 1 day

+ kernel-kexec-fix-ima-when-allocation-happens-in-cma-area.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kernel/kexec: fix IMA when allocation happens in CMA area has been added to the -mm mm-hotfixes-unstable branch. Its filename is kernel-kexec-fix-ima-when-allocation-happens-in-cma-area.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Pingfan Liu <piliu(a)redhat.com> Subject: kernel/kexec: fix IMA when allocation happens in CMA area Date: Tue, 16 Dec 2025 09:48:52 +0800 *** Bug description *** When I tested kexec with the latest kernel, I ran into the following warning: [ 40.712410] ------------[ cut here ]------------ [ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198 [...] [ 40.816047] Call trace: [ 40.818498] kimage_map_segment+0x144/0x198 (P) [ 40.823221] ima_kexec_post_load+0x58/0xc0 [ 40.827246] __do_sys_kexec_file_load+0x29c/0x368 [...] [ 40.855423] ---[ end trace 0000000000000000 ]--- *** How to reproduce *** This bug is only triggered when the kexec target address is allocated in the CMA area. If no CMA area is reserved in the kernel, use the "cma=" option in the kernel command line to reserve one. *** Root cause *** The commit 07d24902977e ("kexec: enable CMA based contiguous allocation") allocates the kexec target address directly on the CMA area to avoid copying during the jump. In this case, there is no IND_SOURCE for the kexec segment. But the current implementation of kimage_map_segment() assumes that IND_SOURCE pages exist and map them into a contiguous virtual address by vmap(). *** Solution *** If IMA segment is allocated in the CMA area, use its page_address() directly. Link: https://lkml.kernel.org/r/20251216014852.8737-2-piliu@redhat.com Fixes: 07d24902977e ("kexec: enable CMA based contiguous allocation") Signed-off-by: Pingfan Liu <piliu(a)redhat.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Alexander Graf <graf(a)amazon.com> Cc: Steven Chen <chenste(a)linux.microsoft.com> Cc: Mimi Zohar <zohar(a)linux.ibm.com> Cc: Roberto Sassu <roberto.sassu(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kexec_core.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/kernel/kexec_core.c~kernel-kexec-fix-ima-when-allocation-happens-in-cma-area +++ a/kernel/kexec_core.c @@ -960,13 +960,17 @@ void *kimage_map_segment(struct kimage * kimage_entry_t *ptr, entry; struct page **src_pages; unsigned int npages; + struct page *cma; void *vaddr = NULL; int i; + cma = image->segment_cma[idx]; + if (cma) + return page_address(cma); + addr = image->segment[idx].mem; size = image->segment[idx].memsz; eaddr = addr + size; - /* * Collect the source pages and map them in a contiguous VA range. */ @@ -1007,7 +1011,8 @@ void *kimage_map_segment(struct kimage * void kimage_unmap_segment(void *segment_buffer) { - vunmap(segment_buffer); + if (is_vmalloc_addr(segment_buffer)) + vunmap(segment_buffer); } struct kexec_load_limit { _ Patches currently in -mm which might be from piliu(a)redhat.com are kernel-kexec-change-the-prototype-of-kimage_map_segment.patch kernel-kexec-fix-ima-when-allocation-happens-in-cma-area.patch

3 weeks, 1 day

+ kernel-kexec-change-the-prototype-of-kimage_map_segment.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kernel/kexec: change the prototype of kimage_map_segment() has been added to the -mm mm-hotfixes-unstable branch. Its filename is kernel-kexec-change-the-prototype-of-kimage_map_segment.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Pingfan Liu <piliu(a)redhat.com> Subject: kernel/kexec: change the prototype of kimage_map_segment() Date: Tue, 16 Dec 2025 09:48:51 +0800 The kexec segment index will be required to extract the corresponding information for that segment in kimage_map_segment(). Additionally, kexec_segment already holds the kexec relocation destination address and size. Therefore, the prototype of kimage_map_segment() can be changed. Link: https://lkml.kernel.org/r/20251216014852.8737-1-piliu@redhat.com Fixes: 07d24902977e ("kexec: enable CMA based contiguous allocation") Signed-off-by: Pingfan Liu <piliu(a)redhat.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Mimi Zohar <zohar(a)linux.ibm.com> Cc: Roberto Sassu <roberto.sassu(a)huawei.com> Cc: Alexander Graf <graf(a)amazon.com> Cc: Steven Chen <chenste(a)linux.microsoft.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kexec.h | 4 ++-- kernel/kexec_core.c | 9 ++++++--- security/integrity/ima/ima_kexec.c | 4 +--- 3 files changed, 9 insertions(+), 8 deletions(-) --- a/include/linux/kexec.h~kernel-kexec-change-the-prototype-of-kimage_map_segment +++ a/include/linux/kexec.h @@ -530,7 +530,7 @@ extern bool kexec_file_dbg_print; #define kexec_dprintk(fmt, arg...) \ do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) -extern void *kimage_map_segment(struct kimage *image, unsigned long addr, unsigned long size); +extern void *kimage_map_segment(struct kimage *image, int idx); extern void kimage_unmap_segment(void *buffer); #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; @@ -540,7 +540,7 @@ static inline void __crash_kexec(struct static inline void crash_kexec(struct pt_regs *regs) { } static inline int kexec_should_crash(struct task_struct *p) { return 0; } static inline int kexec_crash_loaded(void) { return 0; } -static inline void *kimage_map_segment(struct kimage *image, unsigned long addr, unsigned long size) +static inline void *kimage_map_segment(struct kimage *image, int idx) { return NULL; } static inline void kimage_unmap_segment(void *buffer) { } #define kexec_in_progress false --- a/kernel/kexec_core.c~kernel-kexec-change-the-prototype-of-kimage_map_segment +++ a/kernel/kexec_core.c @@ -953,17 +953,20 @@ int kimage_load_segment(struct kimage *i return result; } -void *kimage_map_segment(struct kimage *image, - unsigned long addr, unsigned long size) +void *kimage_map_segment(struct kimage *image, int idx) { + unsigned long addr, size, eaddr; unsigned long src_page_addr, dest_page_addr = 0; - unsigned long eaddr = addr + size; kimage_entry_t *ptr, entry; struct page **src_pages; unsigned int npages; void *vaddr = NULL; int i; + addr = image->segment[idx].mem; + size = image->segment[idx].memsz; + eaddr = addr + size; + /* * Collect the source pages and map them in a contiguous VA range. */ --- a/security/integrity/ima/ima_kexec.c~kernel-kexec-change-the-prototype-of-kimage_map_segment +++ a/security/integrity/ima/ima_kexec.c @@ -250,9 +250,7 @@ void ima_kexec_post_load(struct kimage * if (!image->ima_buffer_addr) return; - ima_kexec_buffer = kimage_map_segment(image, - image->ima_buffer_addr, - image->ima_buffer_size); + ima_kexec_buffer = kimage_map_segment(image, image->ima_segment_index); if (!ima_kexec_buffer) { pr_err("Could not map measurements buffer.\n"); return; _ Patches currently in -mm which might be from piliu(a)redhat.com are kernel-kexec-change-the-prototype-of-kimage_map_segment.patch kernel-kexec-fix-ima-when-allocation-happens-in-cma-area.patch

3 weeks, 1 day

[PATCH] perf/x86/intel: Add missing branch counters constraint apply

by Dapeng Mi

When running the command: 'perf record -e "{instructions,instructions:p}" -j any,counter sleep 1', a "shift-out-of-bounds" warning is reported on CWF. [ 5231.981423][ C17] UBSAN: shift-out-of-bounds in /kbuild/src/consumer/arch/x86/events/intel/lbr.c:970:15 [ 5231.981428][ C17] shift exponent 64 is too large for 64-bit type 'long long unsigned int' [ 5231.981436][ C17] CPU: 17 UID: 0 PID: 211871 Comm: sleep Tainted: G S W 6.18.0-2025-12-09-intel-next-48166-g6cf574943ba3 #1 PREEMPT(none) [ 5231.981445][ C17] Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN [ 5231.981447][ C17] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.IPC.3544.P98.2508260307 08/26/2025 [ 5231.981449][ C17] Call Trace: [ 5231.981453][ C17] <NMI> [ 5231.981455][ C17] dump_stack_lvl+0x4b/0x70 [ 5231.981463][ C17] ubsan_epilogue+0x5/0x2b [ 5231.981468][ C17] __ubsan_handle_shift_out_of_bounds.cold+0x61/0xe6 [ 5231.981472][ C17] ? __entry_text_end+0x158b/0x102259 [ 5231.981475][ C17] intel_pmu_lbr_counters_reorder.isra.0.cold+0x2a/0xa7 [ 5231.981480][ C17] ? __task_pid_nr_ns+0x134/0x2a0 [ 5231.981483][ C17] ? __pfx_intel_pmu_lbr_counters_reorder.isra.0+0x10/0x10 [ 5231.981486][ C17] ? __pfx_perf_output_sample+0x10/0x10 [ 5231.981489][ C17] ? arch_perf_update_userpage+0x293/0x310 [ 5231.981491][ C17] ? __pfx_arch_perf_update_userpage+0x10/0x10 [ 5231.981494][ C17] ? local_clock_noinstr+0xd/0x100 [ 5231.981498][ C17] ? calc_timer_values+0x2cb/0x860 [ 5231.981501][ C17] ? perf_event_update_userpage+0x399/0x5b0 [ 5231.981505][ C17] ? __pfx_perf_event_update_userpage+0x10/0x10 [ 5231.981508][ C17] ? local_clock_noinstr+0xd/0x100 [ 5231.981511][ C17] ? __perf_event_account_interrupt+0x11c/0x540 [ 5231.981514][ C17] intel_pmu_lbr_save_brstack+0xc0/0x4c0 [ 5231.981518][ C17] setup_arch_pebs_sample_data+0x114b/0x2400 [ 5231.981522][ C17] ? __pfx_x86_perf_event_set_period+0x10/0x10 [ 5231.981526][ C17] intel_pmu_drain_arch_pebs+0x64d/0xcc0 [ 5231.981530][ C17] ? __pfx_intel_pmu_drain_arch_pebs+0x10/0x10 [ 5231.981534][ C17] ? unwind_next_frame+0x11c5/0x1df0 [ 5231.981541][ C17] ? intel_pmu_drain_bts_buffer+0xbf/0x6e0 [ 5231.981545][ C17] ? __pfx_intel_pmu_drain_bts_buffer+0x10/0x10 [ 5231.981550][ C17] handle_pmi_common+0x5c5/0xcb0 [ 5231.981553][ C17] ? __pfx_handle_pmi_common+0x10/0x10 [ 5231.981556][ C17] ? intel_idle+0x64/0xb0 [ 5231.981560][ C17] ? intel_bts_interrupt+0xe5/0x4c0 [ 5231.981562][ C17] ? __pfx_intel_bts_interrupt+0x10/0x10 [ 5231.981565][ C17] ? intel_pmu_lbr_filter+0x27f/0x910 [ 5231.981568][ C17] intel_pmu_handle_irq+0x2ed/0x600 [ 5231.981571][ C17] perf_event_nmi_handler+0x219/0x280 [ 5231.981575][ C17] ? __pfx_perf_event_nmi_handler+0x10/0x10 [ 5231.981579][ C17] ? unwind_next_frame+0x11c5/0x1df0 [ 5231.981582][ C17] nmi_handle.part.0+0x11b/0x3a0 [ 5231.981585][ C17] ? unwind_next_frame+0x11c5/0x1df0 [ 5231.981588][ C17] default_do_nmi+0x6b/0x180 [ 5231.981591][ C17] fred_exc_nmi+0x3e/0x80 [ 5231.981594][ C17] asm_fred_entrypoint_kernel+0x41/0x60 [ 5231.981596][ C17] RIP: 0010:unwind_next_frame+0x11c5/0x1df0 ...... The warning occurs because the second "instructions:p" event, which involves branch counters sampling, is incorrectly programmed to fixed counter 0 instead of the general-purpose (GP) counters 0-3 that support branch counters sampling. Currently only GP counters 0~3 support branch counters sampling on CWF, any event involving branch counters sampling should be programed on GP counters 0~3. Since the counter index of fixed counter 0 is 32, it leads to the "src" value in below code is right shifted 64 bits and trigger the "shift-out-of-bounds" warning. cnt = (src >> (order[j] * LBR_INFO_BR_CNTR_BITS)) & LBR_INFO_BR_CNTR_MASK; The root cause is the loss of the branch counters constraint for the last event in the branch counters sampling event group. This results in the second "instructions:p" event being programmed on fixed counter 0 incorrectly instead of the appropriate GP counters 0~3. To address this, we apply the missing branch counters constraint for the last event in the group. Additionally, we introduce a new function, `intel_set_branch_counter_constr()`, to apply the branch counters constraint and avoid code duplication. Cc: stable(a)vger.kernel.org Reported-by: Xudong Hao <xudong.hao(a)intel.com> Fixes: 33744916196b ("perf/x86/intel: Support branch counters logging") Signed-off-by: Dapeng Mi <dapeng1.mi(a)linux.intel.com> --- arch/x86/events/intel/core.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index aad89c9d9514..7c6a0001c8e4 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4364,6 +4364,19 @@ static inline void intel_pmu_set_acr_caused_constr(struct perf_event *event, event->hw.dyn_constraint &= hybrid(event->pmu, acr_cause_mask64); } +static inline int intel_set_branch_counter_constr(struct perf_event *event, + int *num) +{ + if (branch_sample_call_stack(event)) + return -EINVAL; + if (branch_sample_counters(event)) { + (*num)++; + event->hw.dyn_constraint &= x86_pmu.lbr_counters; + } + + return 0; +} + static int intel_pmu_hw_config(struct perf_event *event) { int ret = x86_pmu_hw_config(event); @@ -4434,21 +4447,18 @@ static int intel_pmu_hw_config(struct perf_event *event) * group, which requires the extra space to store the counters. */ leader = event->group_leader; - if (branch_sample_call_stack(leader)) + if (intel_set_branch_counter_constr(leader, &num)) return -EINVAL; - if (branch_sample_counters(leader)) { - num++; - leader->hw.dyn_constraint &= x86_pmu.lbr_counters; - } leader->hw.flags |= PERF_X86_EVENT_BRANCH_COUNTERS; for_each_sibling_event(sibling, leader) { - if (branch_sample_call_stack(sibling)) + if (intel_set_branch_counter_constr(sibling, &num)) + return -EINVAL; + } + + if (event != leader) { + if (intel_set_branch_counter_constr(event, &num)) return -EINVAL; - if (branch_sample_counters(sibling)) { - num++; - sibling->hw.dyn_constraint &= x86_pmu.lbr_counters; - } } if (num > fls(x86_pmu.lbr_counters)) base-commit: 9929dffce5ed7e2988e0274f4db98035508b16d9 -- 2.34.1

3 weeks, 1 day

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror