mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-01-11 17:10:13 +00:00
1413078 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Linus Torvalds
|
97313d6113 |
IOMU Fixes for Linux v6.19-rc4
Including: - Generic IO-Page-Table code: - Several Kconfig-related build fixes - Fix for when gcc 8.5 on PPC refuses to inline a function from a header file. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAmliiDkACgkQK/BELZcB GuNXgQ//ROiKTCUpZj+qin9X3kM/VVgofwHIkE7xhTL0jzV99dv3eLsc9A268dWD c1y1/o9HP3wi/e8ESTUFUXi5OnTJqdoQ1nxQWpBr6xn3si6yNQir4gvqbSvLjcKG keVrIBYUn79yV6FJDUkM5NGcLYIX1gMIFxkj/xjkjlsaCG3z8VoRyW4zb1ZN3tZn R8Mgy7BquRhMbL0NBLn0AkSJgxxHoIiiL0Itdgke00ODkj1yq71e2vbf8X4XU9SJ OGtVCXzC3FxAsdhxpS0mQJqnX9ZN1UjDVzw+/3NJ/+OQPI3lR6KjG6x+v8yk70uf G8kSSCpqHpkInCNXzRPtURDoUM4EsdtHtKtd5VNz8Xuxkcfdie1NeKclNPnRxc7L 7z+vBikZ3G5vvk5wjn/o/sailN4HVGuebBavgNeWKPttaeGig71rbkJ3aUP6C0QH Cdf9rkV/UtJcmI8h4MlFMirw7cRH280hldQj4WWUt0KKta4gMeClII/PXsQOyYB4 BEkwaA8wc8J/W3UWz37UJqlhIYMjJdRwo4WaUjwtS1+Mtudh6wN1YKDQ1hKnNtua 6qza5gN5Zn6Q0TiqHFj0vsxvsTjijhMIqlEdReHeF5W0KDNrYl2Y9rfjk/QpDrYa yZ53ccQMFbEwrVKPM+Mxt1FIuF1aiG5vRneLU3NW7qX80xfIU78= =h82g -----END PGP SIGNATURE----- Merge tag 'iommu-fixes-v6.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux Pull iomu fixes from Joerg Roedel: - several Kconfig-related build fixes - fix for when gcc 8.5 on PPC refuses to inline a function from a header file * tag 'iommu-fixes-v6.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux: iommupt: Make pt_feature() always_inline iommufd/selftest: Prevent module/builtin conflicts in kconfig iommufd/selftest: Add missing kconfig for DMA_SHARED_BUFFER iommupt: Fix the kunit building |
||
|
Gao Xiang
|
7893cc1225 |
erofs: fix file-backed mounts no longer working on EROFS partitions
Sheng Yong reported [1] that Android APEX images didn't work with commit
072a7c7cdbea ("erofs: don't bother with s_stack_depth increasing for
now") because "EROFS-formatted APEX file images can be stored within an
EROFS-formatted Android system partition."
In response, I sent a quick fat-fingered [PATCH v3] to address the
report. Unfortunately, the updated condition was incorrect:
if (erofs_is_fileio_mode(sbi)) {
- sb->s_stack_depth =
- file_inode(sbi->dif0.file)->i_sb->s_stack_depth + 1;
- if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
- erofs_err(sb, "maximum fs stacking depth exceeded");
+ inode = file_inode(sbi->dif0.file);
+ if ((inode->i_sb->s_op == &erofs_sops && !sb->s_bdev) ||
+ inode->i_sb->s_stack_depth) {
The condition `!sb->s_bdev` is always true for all file-backed EROFS
mounts, making the check effectively a no-op.
The real fix tested and confirmed by Sheng Yong [2] at that time was
[PATCH v3 RESEND], which correctly ensures the following EROFS^2 setup
works:
EROFS (on a block device) + EROFS (file-backed mount)
But sadly I screwed it up again by upstreaming the outdated [PATCH v3].
This patch applies the same logic as the delta between the upstream
[PATCH v3] and the real fix [PATCH v3 RESEND].
Reported-by: Sheng Yong <shengyong1@xiaomi.com>
Closes: https://lore.kernel.org/r/3acec686-4020-4609-aee4-5dae7b9b0093@gmail.com [1]
Fixes: 072a7c7cdbea ("erofs: don't bother with s_stack_depth increasing for now")
Link: https://lore.kernel.org/r/243f57b8-246f-47e7-9fb1-27a771e8e9e8@gmail.com [2]
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Jason Gunthorpe
|
6a3d5fda2c |
iommupt: Make pt_feature() always_inline
gcc 8.5 on powerpc does not automatically inline these functions even
though they evaluate to constants in key cases. Since the constant
propagation is essential for some code elimination and built-time checks
this causes a build failure:
ERROR: modpost: "__pt_no_sw_bit" [drivers/iommu/generic_pt/fmt/iommu_amdv1.ko] undefined!
Caused by this:
if (pts_feature(&pts, PT_FEAT_DMA_INCOHERENT) &&
!pt_test_sw_bit_acquire(&pts,
SW_BIT_CACHE_FLUSH_DONE))
flush_writes_item(&pts);
Where pts_feature() evaluates to a constant false. Mark them as
__always_inline to force it to evaluate to a constant and trigger the code
elimination.
Fixes: 7c5b184db714 ("genpt: Generic Page Table base API")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202512230720.9y9DtWIo-lkp@intel.com/
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
|
||
|
Jason Gunthorpe
|
7adfd68274 |
iommufd/selftest: Prevent module/builtin conflicts in kconfig
The selftest now depends on the AMDv1 page table, however the selftest
kconfig itself is just an sub-option of the main IOMMUFD module kconfig.
This means it cannot be modular and so kconfig allowed a modular
IOMMU_PT_AMDV1 with a built in IOMMUFD. This causes link failures:
ld: vmlinux.o: in function `mock_domain_alloc_pgtable.isra.0':
selftest.c:(.text+0x12e8ad3): undefined reference to `pt_iommu_amdv1_init'
ld: vmlinux.o: in function `BSWAP_SHUFB_CTL':
sha1-avx2-asm.o:(.rodata+0xaa36a8): undefined reference to `pt_iommu_amdv1_read_and_clear_dirty'
ld: sha1-avx2-asm.o:(.rodata+0xaa36f0): undefined reference to `pt_iommu_amdv1_map_pages'
ld: sha1-avx2-asm.o:(.rodata+0xaa36f8): undefined reference to `pt_iommu_amdv1_unmap_pages'
ld: sha1-avx2-asm.o:(.rodata+0xaa3720): undefined reference to `pt_iommu_amdv1_iova_to_phys'
Adjust the kconfig to disable IOMMUFD_TEST if IOMMU_PT_AMDV1 is incompatible.
Fixes: e93d5945ed5b ("iommufd: Change the selftest to use iommupt instead of xarray")
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202512210135.freQWpxa-lkp@intel.com/
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
|
||
|
Jason Gunthorpe
|
faa37ff3bf |
iommufd/selftest: Add missing kconfig for DMA_SHARED_BUFFER
The test doesn't build without it, dma-buf.h does not provide stub
functions if it is not enabled. Compilation can fail with:
ERROR:root:ld: vmlinux.o: in function `iommufd_test':
(.text+0x3b1cdd): undefined reference to `dma_buf_get'
ld: (.text+0x3b1d08): undefined reference to `dma_buf_put'
ld: (.text+0x3b2105): undefined reference to `dma_buf_export'
ld: (.text+0x3b211f): undefined reference to `dma_buf_fd'
ld: (.text+0x3b2e47): undefined reference to `dma_buf_move_notify'
Add the missing select.
Fixes: d2041f1f11dd ("iommufd/selftest: Add some tests for the dmabuf flow")
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
|
||
|
Jason Gunthorpe
|
cefd81e76a |
iommupt: Fix the kunit building
The kunit doesn't work since the below commit made GENERIC_PT
unselectable:
$ make ARCH=x86_64 O=build_kunit_x86_64 olddefconfig
ERROR:root:Not all Kconfig options selected in kunitconfig were in the generated .config.
This is probably due to unsatisfied dependencies.
Missing: CONFIG_DEBUG_GENERIC_PT=y, CONFIG_IOMMUFD_TEST=y,
CONFIG_IOMMU_PT_X86_64=y, CONFIG_GENERIC_PT=y, CONFIG_IOMMU_PT_AMDV1=y,
CONFIG_IOMMU_PT_VTDSS=y, CONFIG_IOMMU_PT=y, CONFIG_IOMMU_PT_KUNIT_TEST=y
Also remove the unneeded CONFIG_IOMMUFD_TEST reference as the iommupt kunit
doesn't interact with iommufd, and it doesn't currently build for the
kunit due problems with DMA_SHARED buffer either.
Fixes: 01569c216dde ("genpt: Make GENERIC_PT invisible")
Fixes: 1dd4187f53c3 ("iommupt: Add a kunit test for Generic Page Table")
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
|
||
|
Linus Torvalds
|
b6151c4e60 |
Change since last update:
- Don't bother with s_stack_depth increasing to band-aid
regressions in some composefs mount setups (EROFS + ovl^2)
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEQ0A6bDUS9Y+83NPFUXZn5Zlu5qoFAmlh3l4RHHhpYW5nQGtl
cm5lbC5vcmcACgkQUXZn5Zlu5qry/A/+M2JIV6Cu9IW2MZ/8X+mlTK0NOP/fKq1z
tbtcTvkIXP31L+/ANOPRRlyYC+mNLFvUbig2nbKChkriQxX7Sw/oy9qCOKLUCwmN
bV1Hv6kbAAAI/+G2DOSUw8pgvrgbT/7cj3EYQHslwdkkgSI/6IjZggU/KjrtAK32
xlXe2bNR6ATfsUIP8URLdqLEwp2U/mzEbJTa5FhrWYmsDyFWSYbe9g3GHKjO1v/V
gH/RYl1GETNccuGWQBQOagSWx4tUQZgvhnabPTwT31UyNnAR6+uRDS94zBeLzbku
6f0MiK69ZsbB7ToelKw0Vj5nWCAFnAIOnMKM0TDY7uuOXlhUx8YOvcrD7/9b0mZ1
YVq14vKEhZKVj5s9dPu78nq+64UkHwBIhbs95ssu+P1HymyzGtCxaWkVsKkMQRzs
vK0uoTqfdBgttF7e4mQZEn9KA0VyWIwoGmNlCyABKfuRfvqK/SxX1NFYfl8Zhn++
b7ifrjuzLG+c0kf4VBWeauIjga+m7NBEqGgCfqulZp9CnWrmiA/8RsevUZLUAhFf
nGkhBX3IlrZFfsD/gzyh1NWtLlLkmFaZe65pR3cJSJi3+Dl+1pqa0R6fNZAH0WKZ
B7+VlLPyi3NtHACXWEV5Oqv8qh2G28Yz/54afMzYI7hetUsApVUKbler49qNZEaG
BbV+G77l7fY=
=irvd
-----END PGP SIGNATURE-----
Merge tag 'erofs-for-6.19-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs
Pull erofs fix from Gao Xiang:
- Don't increase s_stack_depth which caused regressions in some
composefs mount setups (EROFS + ovl^2)
Instead just allow one extra unaccounted fs stacking level for
straightforward cases.
* tag 'erofs-for-6.19-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
erofs: don't bother with s_stack_depth increasing for now
|
||
|
Gao Xiang
|
072a7c7cdb |
erofs: don't bother with s_stack_depth increasing for now
Previously, commit d53cd891f0e4 ("erofs: limit the level of fs stacking
for file-backed mounts") bumped `s_stack_depth` by one to avoid kernel
stack overflow when stacking an unlimited number of EROFS on top of
each other.
This fix breaks composefs mounts, which need EROFS+ovl^2 sometimes
(and such setups are already used in production for quite a long time).
One way to fix this regression is to bump FILESYSTEM_MAX_STACK_DEPTH
from 2 to 3, but proving that this is safe in general is a high bar.
After a long discussion on GitHub issues [1] about possible solutions,
one conclusion is that there is no need to support nesting file-backed
EROFS mounts on stacked filesystems, because there is always the option
to use loopback devices as a fallback.
As a quick fix for the composefs regression for this cycle, instead of
bumping `s_stack_depth` for file backed EROFS mounts, we disallow
nesting file-backed EROFS over EROFS and over filesystems with
`s_stack_depth` > 0.
This works for all known file-backed mount use cases (composefs,
containerd, and Android APEX for some Android vendors), and the fix is
self-contained.
Essentially, we are allowing one extra unaccounted fs stacking level of
EROFS below stacking filesystems, but EROFS can only be used in the read
path (i.e. overlayfs lower layers), which typically has much lower stack
usage than the write path.
We can consider increasing FILESYSTEM_MAX_STACK_DEPTH later, after more
stack usage analysis or using alternative approaches, such as splitting
the `s_stack_depth` limitation according to different combinations of
stacking.
Fixes: d53cd891f0e4 ("erofs: limit the level of fs stacking for file-backed mounts")
Reported-and-tested-by: Dusty Mabe <dusty@dustymabe.com>
Reported-by: Timothée Ravier <tim@siosm.fr>
Closes: https://github.com/coreos/fedora-coreos-tracker/issues/2087 [1]
Reported-by: "Alekséi Naidénov" <an@digitaltide.io>
Closes: https://lore.kernel.org/r/CAFHtUiYv4+=+JP_-JjARWjo6OwcvBj1wtYN=z0QXwCpec9sXtg@mail.gmail.com
Acked-by: Amir Goldstein <amir73il@gmail.com>
Acked-by: Alexander Larsson <alexl@redhat.com>
Reviewed-and-tested-by: Sheng Yong <shengyong1@xiaomi.com>
Reviewed-by: Zhiguo Niu <zhiguo.niu@unisoc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
|
||
|
Linus Torvalds
|
cb2076b091 |
block-6.19-20260109
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmlhS3UQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpqN1EACZI7gCMHL+CI5utvaQVPoZbyDf3jED73KO NwDyLKl/frGW2njbM/hcSSH0SITGYnrN0+KGr9JFIIu/AMnl+0prl74DrPjUsQ3x b9FwHYcjgQxPEIR39KxqSGAJTrxNxGFyS0OaTg91OMKg8Ze57WlkDRtRIJBpsTB4 I2OUrMC34fVvjSTzefErB/eNsY3xAO8aFpWbBGD2h/GpH0f3SgGTAu7JH6Hj1Zfw kFWyMMSc/JkGB7wSOLxDB2IepS7PkLwlRaU6rHV3xzI1DXs24oUT8E20VU8JMedf WLQpzNSfqKws6KQa9LIywMo/bwA4dh3FogUJ6MflJKZoGCiMQnps4f18L6EI+w9L NpDCWkNgNwd6siDbTBZebd8YlqkWJYJ7NPwTl9dBdczX4DWsfej0exC2UPgN3B7R MQNKuP/+oC7y92igMAXIgFRQIwriVNFCsW/Q3oZSDTJSmaDc7CvONNaLnRom0sen 1uPt/8w7bz8PkUlVUt6SFl0+KaCXX3mFUnEDiY7+du7nSUeyo1BEL6tm46q7gybC lRjyDWp5mz/a/JL3tmiOtavVbnyZ1iy03Nd5HfULUhsARJAQKbE+hAvBEhZGq2F2 A4FKJgzRd7u5dBcaGLNf8H6UVml600ZX9GPkjH35tVXkqB6z87mQTfJmT6ViLKLU vM8AfGWbLQ== =DaMl -----END PGP SIGNATURE----- Merge tag 'block-6.19-20260109' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull block fixes from Jens Axboe: - Kill unlikely checks for blk-rq-qos. These checks are really all-or-nothing, either the branch is taken all the time, or it's not. Depending on the configuration, either one of those cases may be true. Just remove the annotation - Fix for merging bios with different app tags set - Fix for a recently introduced slowdown due to RCU synchronization - Fix for a status change on loop while it's in use, and then a later fix for that fix - Fix for the async partition scanning in ublk * tag 'block-6.19-20260109' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: ublk: fix use-after-free in ublk_partition_scan_work blk-mq: avoid stall during boot due to synchronize_rcu_expedited loop: add missing bd_abort_claiming in loop_set_status block: don't merge bios with different app_tags blk-rq-qos: Remove unlikely() hints from QoS checks loop: don't change loop device under exclusive opener in loop_set_status |
||
|
Linus Torvalds
|
68ad2095ca |
io_uring-6.19-20260109
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmlhS1wQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgphGvD/9NR0RzWZdM0DwfbK4kyzfmQPCSs1kkqQF4 LECsSc3B7OrJ/4yX27CiWNRlGdHWpmrOc8mtlAiUv+eArpoBmatjfn1UZACN0u/t CC0/ZXeYA6NQ8vnbnQZk+guHE7r9K66EFPFvMcEWmGGQ/CUBUKt1gkDkB1gD8qBp pdI/A+tZujCQA3XuyCE+qc5GJX+cFXqEx06GRDGQ+UnnAsJmSrtbUtZrEZsladMj 16dclDfOX2X0bu9+P42rSkV2IrjwddNntDsLyF933uaayAJX9HbTTWxxw/mWr2Bt Be0Xh1+FniVAQFFM7qFQRqrWqecKrnh6RKg9lufWiuB4d5rq7eJT1xGb+IXX6xlr j/Lwbi8UkjpJmG1xnyWtk9oDQK4h+7p5MvCgCSqLrp1rY8nYT1CeCEzt1OJjeVWj cqm2hhkEUcioCz4gTHU8PBRxhfd4PRr/GBwZJ4jBFBeFTip1vy9kAn94Afrk/VLH HAreWZtsNsTDTF9cUSXyKDHYR9uGSi8NpZSEEV8dUaAKYpYBNSIutX5uqT9NBs8y 3TJ0NrhlpVJIGwa5XtwKli62CXNsibQlNbnsd092+zvkiAAiYUiLNRaQnt3MGctk 4eBp0sWTUkHxxKO3njUIDXZPB5g9jZvJxpjqK+V0CYzVdeimw2qs8fBQJvnYPtNw k3C0E2aJKQ== =ObKS -----END PGP SIGNATURE----- Merge tag 'io_uring-6.19-20260109' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull io_uring fixes from Jens Axboe: "A single fix for a regression introduced in 6.15, where a failure to wake up idle io-wq workers at ring exit will wait for the timeout to expire. This isn't normally noticeable, as the exit is async. But if a parent task created a thread that sets up a ring and uses requests that cause io-wq threads to be created, and the parent task then waits for the thread to exit, then it can take 5 seconds for that pthread_join() to succeed as the child thread is waiting for its children to exit. On top of that, just a basic cleanup as well" * tag 'io_uring-6.19-20260109' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: io_uring/io-wq: remove io_wq_for_each_worker() return value io_uring/io-wq: fix incorrect io_wq_for_each_worker() termination logic |
||
|
Linus Torvalds
|
e28ddd0b7a |
arm64 fixes:
- Do not return false if !preemptible() in current_in_efi(). EFI
runtime services can now run with preemption enabled
- Fix uninitialised variable in the arm MPAM driver, reported by sparse
- Fix partial kasan_reset_tag() use in change_memory_common() when
calculating page indices or comparing ranges
- Save/restore TCR2_EL1 during suspend/resume, otherwise the E0POE bit
is lost
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmlhSCwACgkQa9axLQDI
XvFj5w/+MUtRj+UL2p2Z2BsQvU6eheiKvvoVYr6kRURlYE1YahXh1lmp8S7t2St5
VYi41VUyT+udAmzIyQvM9GHB1co4d0BPOJcrmU+lKNM5uz/obQ6+Gf8RrHBh6XDM
ZuoEaWB1cRlLQF3NNUNO8IHHW2PwU88jxriZSbq0jnsqFudu1n70XxSH6FH+ilb7
MSkjP1NwaqiA+lTLAL6vCWL0XFA+qgXKMKfUPgW2QwVOM0irPAvmAciXHSwUJe69
W3Fj5UApJVAlwCNkXh6phzwqzorCMshXebVi/Kjxoo8XA/FJ6ezIzjLIsfxTzkgp
GrBW2sAH0xb5BQDsDsihcikKUZBF9Rpf7HtsVaaGcV5yJabo4Yz/cIyKzs9KLfI0
INl9Scno21FK2wqH1dZn+hbLUoRewbtw5+j3HK99Y9b0vNGccHU1g0uS6Kf8Bda3
if8adLIozRz3tcNQn9EWFAlkUYHH8XOKS0kaKTt1VVZWhRRBBTnnFqlDYxQ7Q3WH
t1S1a568UYi6Op0kAHNm5Gl2w0xF3oMQMHnI/hNn94q63m6S/rpvjyoT4Cmg0f0F
xW1Olxlqeve/4Siv5pBrl9SdwQT/0yZsCEqHi1NffDGooQOosXiWYR1xx+PsFRqf
qNvBsREqWkCg/KygtFeDSajrDjOKiN+vsleMR/absogBzvHF8vc=
=GVR8
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- Do not return false if !preemptible() in current_in_efi(). EFI
runtime services can now run with preemption enabled
- Fix uninitialised variable in the arm MPAM driver, reported by sparse
- Fix partial kasan_reset_tag() use in change_memory_common() when
calculating page indices or comparing ranges
- Save/restore TCR2_EL1 during suspend/resume, otherwise the E0POE bit
is lost
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Fix cleared E0POE bit after cpu_suspend()/resume()
arm64: mm: Fix incomplete tag reset in change_memory_common()
arm_mpam: Stop using uninitialized variables in __ris_msmon_read()
arm64/efi: Don't fail check current_in_efi() if preemptible
|
||
|
Linus Torvalds
|
e55feea3a0 |
soc: fixes for 6.19
The main code change is a revert of the Raspberry Pi RP1 overlay
support that was decided to not be ready.
The other fixes are all for devicetree sources:
- ethernet configuration on ixp42x-actiontec-mi424wr is
board revision specific
- validation warning fixes for imx27/imx51/imx6, hikey960 and k3
- Minor corrections across imx8 boards, addressing all types of
issues with interrups, dma, ethernet and clock settings, all
simple one-line changes.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmlhOYAACgkQmmx57+YA
GNlViQ/8CrVllBec/x8Mp7hqTTvRxYSkxnbkPcgqgOLgMyNwg0gZZeA06+EAEJK/
Pqx/Ht86w61A9yZo2OH/p5w6GjmT17J7a0DHYSKjCuW0Dc52ZB+Xqpng2bI92YmL
MjdG4XZ0wJDHCJ2Vt8fHPb06szZAzRyTrDQ4iK1r2/vbOep+4lvXzcS70uKlWYHY
ipIknMork833I5lV434WRhXIg7P/wDfv6U/lXH969pngf2fbxUQipwzHxWZ5OjeE
s1E8ESdJ7QyBhNeMJXIgeNc0jcHV/8jmyxz7D7rkcULpPeo+dNI/l65n6G9j91V/
vt7SarnQbkoWj5Z3skwb7coMJ4P8iVBruqxT9z5yotTDgy8rR4vivwuPqiB0Kahm
gWc00OfdyX9LxBGSdiwq1Ms+tHv2gMrfVkxzI7ppQzRlG+tokD5ZBElM6+cUdMIL
vUoEolm42GIG8FX/QwFLCBqjrZ0b2pI41Bh8UIEBNV4w8qvcJ9BrOGBWKGI4R1uq
vdYSS+jvqdOEsW9q9iWz2EdCSjLHoIf43ljWdYzDt3T9xw+g92b7/8h7drJwf17w
O4nA3G7WFn57lP3YlLmZ/xeR59Zg5i/fC0Za4j5kyu96karn4ySTinxJfOPcqKMb
mhYxs1N0cdp1r/wsXDEAxOCOQS0Yij0oQc16BfDamrsNq13BdjY=
=2kPF
-----END PGP SIGNATURE-----
Merge tag 'soc-fixes-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull SoC fixes from Arnd Bergmann:
"The main code change is a revert of the Raspberry Pi RP1 overlay
support that was decided to not be ready.
The other fixes are all for devicetree sources:
- ethernet configuration on ixp42x-actiontec-mi424wr is board
revision specific
- validation warning fixes for imx27/imx51/imx6, hikey960 and k3
- Minor corrections across imx8 boards, addressing all types of
issues with interrups, dma, ethernet and clock settings, all simple
one-line changes"
* tag 'soc-fixes-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (25 commits)
arm64: dts: hisilicon: hikey960: Drop "snps,gctl-reset-quirk" and "snps,tx_de_emphasis*" properties
Documentation/process: maintainer-soc: Mark 'make' as commands
Documentation/process: maintainer-soc: Be more explicit about defconfig
arm64: dts: mba8mx: Fix Ethernet PHY IRQ support
arm64: dts: imx8qm-ss-dma: correct the dma channels of lpuart
arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM
arm64: dts: freescale: tx8p-ml81: fix eqos nvmem-cells
arm64: dts: freescale: moduline-display: fix compatible
dt-bindings: arm: fsl: moduline-display: fix compatible
ARM: dts: imx6q-ba16: fix RTC interrupt level
arm64: dts: freescale: imx95-toradex-smarc: fix SMARC_SDIO_WP label position
arm64: dts: freescale: imx95-toradex-smarc: use edge trigger for ethphy1 interrupt
arm64: dts: add off-on-delay-us for usdhc2 regulator
arm64: dts: imx8qm-mek: correct the light sensor interrupt type to low level
ARM: dts: nxp: imx: Fix mc13xxx LED node names
arm64: dts: imx95: correct I3C2 pclk to IMX95_CLK_BUSWAKEUP
MAINTAINERS: Fix a linusw mail address
arm64: dts: broadcom: rp1: drop RP1 overlay
arm64: dts: broadcom: bcm2712: fix RP1 endpoint PCI topology
misc: rp1: drop overlay support
...
|
||
|
Linus Torvalds
|
4621c338d3 |
A bunch of libceph fixes split evenly between memory safety and
implementation correctness issues (all marked for stable) and a change in maintainers for CephFS: Slava and Alex have formally taken over Xiubo's role. -----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAmlhPnYTHGlkcnlvbW92 QGdtYWlsLmNvbQAKCRBKf944AhHzi+xRB/4wW8+zp9w+AzK023uL93A9iU4yPM+/ XYRSIhnR0VWdGTwQsSiQmuwT9RVW5ElH1o0Zzt9BBM9XW8BTIyDnCcdd4yYT+fRc ZCG5JUXF0rRgSXYWTpHfEUg5H0wAFCruhhv51vfAuxe5+AFh+7J2/Ct2SraIMt7r brShR7vqxUgaBp4TINdsEZBSNBhEIUkPbulZxDDq4+uFN5Cl1ZgESm4QOdxqZFJ8 lkvPRRjh7rpSIUfULSyH6UVvS/FsSjXrL1rhszlGbgwc297ox+UTk+dOfko8gdmL /l92y6Si5CdCxEwLGHvW4lW7qWj9ba9g8v9DCy1BL6dE+CbY1HSjgtJB =bROV -----END PGP SIGNATURE----- Merge tag 'ceph-for-6.19-rc5' of https://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "A bunch of libceph fixes split evenly between memory safety and implementation correctness issues (all marked for stable) and a change in maintainers for CephFS: Slava and Alex have formally taken over Xiubo's role" * tag 'ceph-for-6.19-rc5' of https://github.com/ceph/ceph-client: libceph: make calc_target() set t->paused, not just clear it libceph: reset sparse-read state in osd_fault() libceph: return the handler error from mon_handle_auth_done() libceph: make free_choose_arg_map() resilient to partial allocation ceph: update co-maintainers list in MAINTAINERS libceph: replace overzealous BUG_ON in osdmap_apply_incremental() libceph: prevent potential out-of-bounds reads in handle_auth_done() |
||
|
Linus Torvalds
|
372800cb95 |
for-6.19-rc4-tag
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmlhIx0ACgkQxWXV+ddt
WDszVRAAik5HCuE0AwSmn/9VlN4ZFIZDKNUF1RnctsJuKkqEVTXLvpf7exM+C+WR
HKTNlRxCcKikAgtk4vlh7XI3bydaeYZpxyQmfVqn1prBXvL1NUPzdKjCOkhQL9yi
9uJAGPjekrVGc/l805DlQxZ19Jzc/HxWV6/uUBO2djKNVXOljxFK9IIL6rHHzwHe
pMR6n0zkdDUUxz0+x6BaJfvz1Vn8HyNd64MgVsOYsguaOmyHpn3/gxQ17jMcIvKu
Zh3Y+3vmZBdHP4t9USi0whc5tKiM2xOAzYm10ZQLhXDFWXNWnIoLmX+QrDhPZiyJ
r99ILwFBpoxHyuACNhZJK6YaNaukp97pmgfhO8k226FpAkTsBymdSYp5il8utAIE
/mBulniqkDKA2XTyv+KtRHPCeStUK427t/ZDTzmlBxYxtdcLSvrKtiXempYQ41vt
SQZGOt4psEhR7ZuFvFI7TgtbPoEq7z2O2WukX1ujx/9gjjZTLppst7EnKfdsRT8B
KygNl8W4wWo3yhP8RSlt8XBfF+KxCO75HnpBm78yoJqxOgle6h+Vx2WzsVi06o6R
06SzEHkzNMWW6Tj68xvGcm0DTmScvY5uiElf9MgyZBY69I7/q4U8SnnlTnwiru6g
wNaDLT0y2FWrH+RhKqUmWbWQGDyKdAdA5rZdI9eXoJRNxegOMkA=
=Euzv
-----END PGP SIGNATURE-----
Merge tag 'for-6.19-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
- fix potential NULL pointer dereference when replaying tree log after
an error
- release path before initializing extent tree to avoid potential
deadlock when allocating new inode
- on filesystems with block size > page size
- fix potential read out of bounds during encoded read of an inline
extent
- only enforce free space tree if v1 cache is required
- print correct tree id in error message
* tag 'for-6.19-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: show correct warning if can't read data reloc tree
btrfs: fix NULL pointer dereference in do_abort_log_replay()
btrfs: force free space tree for bs > ps cases
btrfs: only enforce free space tree if v1 cache is required for bs < ps cases
btrfs: release path before initializing extent tree in btrfs_read_locked_inode()
btrfs: avoid access-beyond-folio for bs > ps encoded writes
|
||
|
Linus Torvalds
|
4d6fe1dd12 |
pci-v6.19-fixes-2
-----BEGIN PGP SIGNATURE----- iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmlhJ10UHGJoZWxnYWFz QGdvb2dsZS5jb20ACgkQWYigwDrT+vzUhg//aXpxdbp4Y7UABwnTVEJTDMnSu7v0 wd8f+zfhaORHv+rIRabrvy4qfCra/ZRRo6VBivB7lOJsl3QREYdnXGz/OZKidAq3 TrzAV1EOwUg7lskhcVwbC6SEExWEtRx58WiRtGJxrMU6BnmulG3wBMpS6/cKrsn9 VnXnZt6RwG5Ltioh9k6GW4z9uNTot/+edzN0GfQkVsuAS9O6jgqathhz1kh33VVH xZlopVwQC9YAQJXbLoAEHc5KkiE5KDQbFBBsPZBUxUIk1BUyyXCuf790rKUtwfR1 vymi6TcdLsGuETy5UpxtZPNGp8MlnRYCj6NIIW2FgaPijzf8XINxefPrnmN9cMx+ MFp0JtTJqqs/lf12pvfAcG102E2kvzl+Cv97ru+zsJviUeVlmtqCnku6DTMTeE9y acL0VLhZaZqrld2klYucZ1aYbANxnpGtRFzQ/ToUuJxeKlyvDBswF0+Ph8vzqFx4 UwM6jLtLGrGeqEAXYSCQp3vLDI/ESeHXVLQOqwY3KrtySgCZO7IWX1eWiGJCKq92 GRwZdRyIhfoM94P2dNPtdfPzG6pefOjxlR5f18gVRsWgqKE2FZgoVNcNJaIN7aGR OrmZ9DtyYgJkuDyKffbwDc1taGpEwjWwvvaN4zwx8DrachDPaSfGo91ui7Zpyvlq dKAc3JzSjCjVQK8= =pTRZ -----END PGP SIGNATURE----- Merge tag 'pci-v6.19-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci Pull PCI fixes from Bjorn Helgaas: - Remove ASPM L0s support for MSM8996 SoC since we now enable L0s when advertised, and it caused random hangs on this device (Manivannan Sadhasivam) - Fix meson-pcie to report that the link is up while in ASPM L0s or L1, since those are active states from the software point of view, and treating the link as down caused config access failures (Bjorn Helgaas) - Fix up sparc DTS BAR descriptions that are above 4GB but not marked as prefetchable, which caused resource assignment and driver probe failures after we converted from the SPARC pcibios_enable_device() to the generic version (Ilpo Järvinen) * tag 'pci-v6.19-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci: sparc/PCI: Correct 64-bit non-pref -> pref BAR resources PCI: meson: Report that link is up while in ASPM L0s and L1 states PCI: qcom: Remove ASPM L0s support for MSM8996 SoC |
||
|
Linus Torvalds
|
553410fcb9 |
ACPI support fix for 6.19-rc5
Fix the ACPI/PCI legacy interrupts (INTx) parsing in the cases when the ACPI Global System Interrupt (GSI) value is a 32-bit one with the MSB set that is interpreted as a negative integer and causes acpi_pci_link_allocate_irq() to fail and acpi_irq_get_penalty() to trigger an out-of-bounds array dereference (Lorenzo Pieralisi) -----BEGIN PGP SIGNATURE----- iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmlhHEMSHHJqd0Byand5 c29ja2kubmV0AAoJEO5fvZ0v1OO1sSIIAK1NeCVdGg9YpInOmVSneDENsaWReo9c ZxJBKISVPkiwG+8jEbPgIJJcwAXGBgzYBOA/l2S8TkFjj3h6yRidKI2PUabW49KA LN0k1Xkts/W4EVvY4d2J5WdNCwzzPi+cxG5fDuL5izZNP4yKJxiOvEybUAmA6i9g EqKXnAme/qSGSfZKFltjKDu9OcV+Nq1MSezl5h4JffChIXyJ1vX5tGmM3ENxzwXN gBUMk3BKD1TnnmjVO8Cz1WV8oDszOY3Y2+8MBGkbB5P/6Kwkdf2Wh79voddozi3D i+kJxdAJBqsUFODprhIYmgYR5duvi8XOj6p94hLzu8yJvvStYcqudRs= =v1UK -----END PGP SIGNATURE----- Merge tag 'acpi-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI support fix from Rafael Wysocki: "This fixes the ACPI/PCI legacy interrupts (INTx) parsing in the case when the ACPI Global System Interrupt (GSI) value is a 32-bit one with the MSB set. That was interpreted as a negative integer and caused acpi_pci_link_allocate_irq() to fail and acpi_irq_get_penalty() to trigger an out-of-bounds array dereference (Lorenzo Pieralisi)" * tag 'acpi-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: PCI: IRQ: Fix INTx GSIs signedness |
||
|
Linus Torvalds
|
81c5ffec9e |
Power management fix for 6.19-rc5
Fix a crash in the hibernation image saving code that can be triggered when the given compression algorithm is unavailable (Malaya Kumar Rout) -----BEGIN PGP SIGNATURE----- iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmlhGicSHHJqd0Byand5 c29ja2kubmV0AAoJEO5fvZ0v1OO1q1QH/A7sxNcitVM3I6bdoYyVDYpVnKiDQqTk ofzJ+eEEh2+5iD7iBoqQBVNLDWL3iOtSCk3u8VzhIoJMwvsmaxSQYqGaOMIHNSKx Lfdl+RsMv5LKK05uN9uxLCSIBQJkRhnKI3+AC2TEbSpmLwi0+W15XYHecj1JmyY0 upsrRUq+XGBr2LQDoWiUmRmPay8+lp8zjoHaAorl7Jm4yr7pHV8kzrztrCOttuUx nUtJiCks+Srnm09uIf0ghVgzBTwnmAGYft/xOf+fRqJDy9t91Nf/oJsev28mFCsn qRVn/O4i8xAgba9mKiKWmHvzoqqW8omixDFShweeTdr7Lw4hADxMwn8= =8zHM -----END PGP SIGNATURE----- Merge tag 'pm-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fix from Rafael Wysocki: "This fixes a crash in the hibernation image saving code that can be triggered when the given compression algorithm is unavailable (Malaya Kumar Rout)" * tag 'pm-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM: hibernate: Fix crash when freeing invalid crypto compressor |
||
|
Linus Torvalds
|
a81668db9e |
gpio fixes for v6.19-rc5
- balance superio enter/exit calls in error path in gpio-it87
- fix a race where we try to take the SRCU read lock of the GPIO device
before it's been initialized causing a NULL-pointer dereference
- fix handling of short-pulse interrupts in gpio-pca053x
- fix a reference leak in error path in gpio-mpsse
- mark the GPIO controller as sleeping (it calls sleeping functions) in
gpio-rockchip
- fix several issues in management of shared GPIOs
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEkeUTLeW1Rh17omX8BZ0uy/82hMMFAmlhBn4ACgkQBZ0uy/82
hMMUpg//Vzmls7Xn/IT9Qx08yXaezZLl2+e+g2fGzeiQKojLUME4H8+vJIlsMQ9t
pJ8mv5SqFIk1ScGZLrcPVE4hNi9dVvobX7KtwGsEcsTpQBri/ZhNn1MW+dmoPE8e
vsIhWA63n5WB24IloM4xSILa49TNNladwKl4yhoHi2A3cWeCysRJncOJ3ZfJ/XXu
MM9zzIVNnPpNy08zpwKlwy51a+nwsuPNofMARTnINMrEiIaI7Aw5zt+ecNJJCyvX
Zr+mWxM8jp9bMPMdK2CmuCzKdEapnsoS7Et/RRO8UtcIRnfvigJbntc4o3b/Fk9L
hJg95WYvwK8s7kXCj5ipoCSk2xFTYGxjSt2gmwR2/6qO+ogwpcnuRGncZuS+Wmz7
pHN+Y1DEYuaCPbR7mR448yprD7FO8OTjY+a3y1sDXKb8LqxrSu+KT/noBZ8acZkh
f7nRxXRjwI8dHYyzYppvoxyYNknFN/PAYi+P0V4xESLalIYycBOOrulM3dnpC6VM
DxrsK0pdTtQNOHEh+Ru9EMB5cZyBMUPg4BIxZ3MvZfcC7kDjEB698galk2EXIslU
bWIrJ7ayLJgkTIVDN8EAcwEWkdg4uFUhuWqQ/vyfydmIUqLq9Fs4NJVARM5B8ypz
nmAx3Vvpg4W3swUUzm9xZNSPPi6k5fz6fCL8hzA90oCw/oSD/cE=
=HN6d
-----END PGP SIGNATURE-----
Merge tag 'gpio-fixes-for-v6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fixes from Bartosz Golaszewski:
"There are several ordinary driver fixes and a fix to a race between
the registration of two chips that causes a crash in GPIO core.
The bulk of the changed lines however, concerns the management of
shared GPIOs that landed in v6.19-rc1. Enabling it for ARCH_QCOM
enabled it in defconfig which effectively enabled it for all arm64
platforms and exposed the code to quite a lot of testing (which is
good, right? :)).
As a resukt, I received a number of bug reports, which I progressively
fixed over the course of last weeks. This explains the number of lines
higher than what I normally aim for at this stage.
- balance superio enter/exit calls in error path in gpio-it87
- fix a race where we try to take the SRCU read lock of the GPIO
device before it's been initialized causing a NULL-pointer
dereference
- fix handling of short-pulse interrupts in gpio-pca053x
- fix a reference leak in error path in gpio-mpsse
- mark the GPIO controller as sleeping (it calls sleeping functions)
in gpio-rockchip
- fix several issues in management of shared GPIOs"
* tag 'gpio-fixes-for-v6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpio: shared: fix a false-positive sharing detection with reset-gpios
gpiolib: fix lookup table matching
gpio: shared: don't allocate the lookup table until we really need it
gpio: shared: fix a race condition
gpio: shared: assign the correct firmware node for reset-gpio use-case
gpio: rockchip: mark the GPIO controller as sleeping
gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths
gpio: pca953x: handle short interrupt pulses on PCAL devices
gpiolib: fix race condition for gdev->srcu
gpio: shared: allow sharing a reset-gpios pin between reset-gpio and gpiolib
gpio: shared: verify con_id when adding proxy lookup
gpiolib: allow multiple lookup tables per consumer
gpio: it87: balance superio enter/exit calls in error path
|
||
|
Linus Torvalds
|
cbd4480cfa |
drm fixes for 6.19-rc5
MAINTAINERS:
- Fix Nova GPU driver git links.
- Fix typo in TYR driver entry preventing correct behavior of
scripts/get_maintainer.pl.
- Exclude TYR driver from DRM MISC.
nova-core:
- Correctly select RUST_FW_LOADER_ABSTRACTIONS to prevent build
errors.
- Regenerate nova-core bindgen bindings with '--explicit-padding' to
avoid uninitialized bytes.
- Fix length of received GSP messages, due to miscalculated message
payload size.
- Regenerate bindings to derive MaybeZeroable.
- Use a bindings alias to derive the firmware version.
exynos:
- hdmi: replace system_wq with system_percpu_wq
pl111:
- Fix error handling in probe
mediatek/atomic/tidss:
- Fix tidss in another way and revert reordering of pre-enable and post-disable operations,
as it breaks other bridge drivers.
nouveau:
- Fix regression from fwsec s/r fix.
pci/vga:
- Fix multiple gpu's being reported a 'boot_display'
fb-helper:
- Fix vblank timeout during suspend/reset
amdgpu:
- Clang fixes
- Navi1x PCIe DPM fixes
- Ring reset fixes
- ISP suspend fix
- Analog DC fixes
- VPE fixes
- Mode1 reset fix
radeon:
- Variable sized array fix
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmlglnMACgkQDHTzWXnE
hr7jcg//cUeuoY47qg5o5jpJOjhgjDkj6+5OWv5TBZBZJRNtB0FphEa12pV+V6FY
c4efvX6eB5Y+36067vDdNdV4eVfKIX4wSUCD07IpqNotwfQB+YpVXFS1wTyDYk/J
VHOkChiqZHx4LGhIfqPQCatIo3H+h/xRpp6/AcAxWw2IKSendla9qSNAh1MHDDfU
LEGp9RE/nbhMmAXw8njRV8qIjLV9jsPq4FnGTqOD7V4X/gt/t2g3goKnbQ2xrAY+
dAa37rhYi6I0IeD1nJmnmBvNulP/5bMSzvse53kQNpphkv+DtSyjW1WSXLI4CV7w
xJIAz4NV62qHqqahi9MFRWSn0A/tphjbOVj4qQ1E5Y1LObX4MP63b5elwbQ6GFbo
pUroDdIW1ko92pQU27tjslDqDIo0TbUJHBjaSRKe7WTOrfgOzDExpg7UbSqPRUxt
ConvZupRcrzUxspiVJi9HejFDC2QS1uwyoEmLhjHlBHLKSrtc0xHTDZrVc7BrfoM
EdrCT/tgEvOWjJOYH/HuInaKuaXXuWwKBuwjhETTqUvR8+xmPBVgIAMrxox1gJAf
p0UfM6y7AKsWeXpdN9+FBKOpvpXMst2dKjJ83k53Z3HBNp+5jE7f9VMp085u46JO
dOnIsUd7wtILpTkpGUGG4AAmoTlhaynO+vlB4xwJRW3B4eydAkM=
=kmaJ
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2026-01-09' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"I missed the drm-rust fixes tree for last week, so this catches up on
that, along with amdgpu, and then some misc fixes across a few
drivers. I hadn't got an xe pull by the time I sent this, I suspect
one will arrive 10 mins after, but I don't think there is anything
that can't wait for next week.
Things seem to have picked up a little with people coming back from
holidays,
MAINTAINERS:
- Fix Nova GPU driver git links
- Fix typo in TYR driver entry preventing correct behavior of
scripts/get_maintainer.pl
- Exclude TYR driver from DRM MISC
nova-core:
- Correctly select RUST_FW_LOADER_ABSTRACTIONS to prevent build
errors
- Regenerate nova-core bindgen bindings with '--explicit-padding' to
avoid uninitialized bytes
- Fix length of received GSP messages, due to miscalculated message
payload size
- Regenerate bindings to derive MaybeZeroable
- Use a bindings alias to derive the firmware version
exynos:
- hdmi: replace system_wq with system_percpu_wq
pl111:
- Fix error handling in probe
mediatek/atomic/tidss:
- Fix tidss in another way and revert reordering of pre-enable and
post-disable operations, as it breaks other bridge drivers
nouveau:
- Fix regression from fwsec s/r fix
pci/vga:
- Fix multiple gpu's being reported a 'boot_display'
fb-helper:
- Fix vblank timeout during suspend/reset
amdgpu:
- Clang fixes
- Navi1x PCIe DPM fixes
- Ring reset fixes
- ISP suspend fix
- Analog DC fixes
- VPE fixes
- Mode1 reset fix
radeon:
- Variable sized array fix"
* tag 'drm-fixes-2026-01-09' of https://gitlab.freedesktop.org/drm/kernel: (32 commits)
Reapply "Revert "drm/amd: Skip power ungate during suspend for VPE""
drm/amd/display: Check NULL before calling dac_load_detection
drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
drm/exynos: hdmi: replace use of system_wq with system_percpu_wq
drm/fb-helper: Fix vblank timeout during suspend/reset
PCI/VGA: Don't assume the only VGA device on a system is `boot_vga`
drm/amdgpu: Fix query for VPE block_type and ip_count
drm/amd/display: Add missing encoder setup to DACnEncoderControl
drm/amd/display: Correct color depth for SelectCRTC_Source
drm/amd/amdgpu: Fix SMU warning during isp suspend-resume
drm/amdgpu: always backup and reemit fences
drm/amdgpu: don't reemit ring contents more than once
drm/amd/pm: force send pcie parmater on navi1x
drm/amd/pm: fix wrong pcie parameter on navi1x
drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
drm/amd/display: Reduce number of arguments of dcn30's CalculateWatermarksAndDRAMSpeedChangeSupport()
drm/amd/display: Reduce number of arguments of dcn30's CalculatePrefetchSchedule()
drm/amd/display: Apply e4479aecf658 to dml
nouveau: don't attempt fwsec on sb on newer platforms
drm/tidss: Fix enable/disable order
...
|
||
|
Linus Torvalds
|
2bfe3e0da6 |
vfs-6.19-rc5.fixes
-----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCaWDTUAAKCRCRxhvAZXjc okDeAQDsEpgFy8hpD08HBs4TpUXv7MSRqwZS7emlsfUqEjeprwEAgu95YuJ+z6hV RFk/Lior/+YlB5FN5VcKzyQGMuRDUwc= =snsQ -----END PGP SIGNATURE----- Merge tag 'vfs-6.19-rc5.fixes' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs Pull vfs fixes from Christian Brauner: - Remove incorrect __user annotation from struct xattr_args::value - Documentation fix: Add missing kernel-doc description for the @isnew parameter in ilookup5_nowait() to silence Sphinx warnings - Documentation fix: Fix kernel-doc comment for __start_dirop() - the function name in the comment was wrong and the @state parameter was undocumented - Replace dynamic folio_batch allocation with stack allocation in iomap_zero_range(). The dynamic allocation was problematic for ext4-on-iomap work (didn't handle allocation failure properly) and triggered lockdep complaints. Uses a flag instead to control batch usage - Re-add #ifdef guards around PIDFD_GET_<ns-type>_NAMESPACE ioctls. When a namespace type is disabled, ns->ops is NULL, causes crashes during inode eviction when closing the fd. The ifdefs were removed in a recent simplification but are still needed - Fixe a race where a folio could be unlocked before the trailing zeros (for EOF within the page) were written - Split out a dedicated lease_dispose_list() helper since lease code paths always know they're disposing of leases. Removes unnecessary runtime flag checks and prepares for upcoming lease_manager enhancements - Fix userland delegation requests succeeding despite conflicting opens. Previously, FL_LAYOUT and FL_DELEG leases bypassed conflict checks (a hack for nfsd). Adds new ->lm_open_conflict() lease_manager operation so userland delegations get proper conflict checking while nfsd can continue its own conflict handling - Fix LOOKUP_CACHED path lookups incorrectly falling through to the slow path. After legitimize_links() calls were conditionally elided, the routine would always fail with LOOKUP_CACHED regardless of whether there were any links. Now the flag is checked at the two callsites before calling legitimize_links() - Fix bug in media fd allocation in media_request_alloc() - Fix mismatched API calls in ecryptfs_mknod(): was calling end_removing() instead of end_creating() after ecryptfs_start_creating_dentry() - Fix dentry reference count leak in ecryptfs_mkdir(): a dget() of the lower parent dir was added but never dput()'d, causing BUG during lower filesystem unmount due to the still-in-use dentry * tag 'vfs-6.19-rc5.fixes' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs: pidfs: protect PIDFD_GET_* ioctls() via ifdef ecryptfs: Release lower parent dentry after creating dir ecryptfs: Fix improper mknod pairing of start_creating()/end_removing() get rid of bogus __user in struct xattr_args::value VFS: fix __start_dirop() kernel-doc warnings fs: Describe @isnew parameter in ilookup5_nowait() fs: make sure to fail try_to_unlazy() and try_to_unlazy() for LOOKUP_CACHED netfs: Fix early read unlock of page with EOF in middle filelock: allow lease_managers to dictate what qualifies as a conflict filelock: add lease_dispose_list() helper iomap: replace folio_batch allocation with stack allocation media: mc: fix potential use-after-free in media_request_alloc() |
||
|
Linus Torvalds
|
77d4c5da97 |
This push contains the following changes:
- Fix duplicate restart messages in qat. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmlgzoQACgkQxycdCkmx i6czXw//QkusOaqZSeG0tPItRlEcILIdf6KAA5wnOrf9O82bh0HvSZBSOK6+eWrx 0zVXoadIzVHHW+qZZ00J7aUM6/Q9h4AX1UIPXWWWcfT/HE40UBlHeEP+AFg7Ff4n JSX6X0EOMo12VMLAQo2oS9zIVUaL8nRZFFnLT8IfBNRswC0XklRNnDh6/RrTGO+/ UunOrcaV0UOliGfBqiUTEfDf1TQ12WCks9F7ckrBVvnSAY6BYdcJaHJekQmvgUm0 fxZIv9Zsh8rkJkw9HKvgqb4stG5IGEBddfbC8XpJyFk3N/t4xW56ttgX+Q0OgLt/ htICm1bDUPvEPpPrzZTgb/FdL5TGf+ZsJeU77Up8wKRdl3H1FvU6uJ7j/uMereY4 ywqyAW82g2yHNooFAKEsAGfR3U6pE+9Xbzl8ahsWw2wUZ2BJ0xMHi9RLfFGOgoR1 gyWaYyQKogq4er45EVkuW+Pkac7T9O0QFGxUi96KuR0lajGWRyHD22ZF0/xru+kT qwBkoEToCUQ3g3H770Xnxfc20MqaBB1+aGgPMtWwVUyWykYWWIG+5zUGRU+rMlkM pbeOI7NUMBDFEydywbxSmuP0c8X+sM3FHb/6BVM+8ykNF3U8RVU97ErYD8xsX6EJ mG/GhXZ7k9J4Dm0pDCWFhJwsWZ4CLlh+Nh3KdUXJYDnxhgbfpkc= =e1Vy -----END PGP SIGNATURE----- Merge tag 'v6.19-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: - Fix duplicate restart messages in qat * tag 'v6.19-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: qat - fix duplicate restarting msg during AER error |
||
|
Ming Lei
|
f0d385f668 |
ublk: fix use-after-free in ublk_partition_scan_work
A race condition exists between the async partition scan work and device
teardown that can lead to a use-after-free of ub->ub_disk:
1. ublk_ctrl_start_dev() schedules partition_scan_work after add_disk()
2. ublk_stop_dev() calls ublk_stop_dev_unlocked() which does:
- del_gendisk(ub->ub_disk)
- ublk_detach_disk() sets ub->ub_disk = NULL
- put_disk() which may free the disk
3. The worker ublk_partition_scan_work() then dereferences ub->ub_disk
leading to UAF
Fix this by using ublk_get_disk()/ublk_put_disk() in the worker to hold
a reference to the disk during the partition scan. The spinlock in
ublk_get_disk() synchronizes with ublk_detach_disk() ensuring the worker
either gets a valid reference or sees NULL and exits early.
Also change flush_work() to cancel_work_sync() to avoid running the
partition scan work unnecessarily when the disk is already detached.
Fixes: 7fc4da6a304b ("ublk: scan partition in async way")
Reported-by: Ruikai Peng <ruikai@pwno.io>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
||
|
Yeoreum Yun
|
bdf3f41760 |
arm64: Fix cleared E0POE bit after cpu_suspend()/resume()
TCR2_ELx.E0POE is set during smp_init().
However, this bit is not reprogrammed when the CPU enters suspension and
later resumes via cpu_resume(), as __cpu_setup() does not re-enable E0POE
and there is no save/restore logic for the TCR2_ELx system register.
As a result, the E0POE feature no longer works after cpu_resume().
To address this, save and restore TCR2_EL1 in the cpu_suspend()/cpu_resume()
path, rather than adding related logic to __cpu_setup(), taking into account
possible future extensions of the TCR2_ELx feature.
Fixes: bf83dae90fbc ("arm64: enable the Permission Overlay Extension for EL0")
Cc: <stable@vger.kernel.org> # 6.12.x
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Reviewed-by: Kevin Brodsky <kevin.brodsky@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
|
||
|
Bartosz Golaszewski
|
d578b31856 |
gpio: shared: fix a false-positive sharing detection with reset-gpios
After scanning the devicetree, we remove all entries that have only one
reference, while creating GPIO shared proxies for the remaining, shared
entries. However: for the reset-gpio corner-case, we will have two
references for a "reset-gpios" pin that's not really shared. In this
case one will come from the actual consumer fwnode and the other from
the potential auxiliary reset-gpio device. This causes the GPIO core to
create unnecessary GPIO shared proxy devices for pins that are not
really shared.
Add a function that can detect this situation and remove entries that
have exactly two references but one of them is a reset-gpio.
Fixes: 7b78b26757e0 ("gpio: shared: handle the reset-gpios corner case")
Link: https://lore.kernel.org/r/20260108-gpio-shared-false-positive-v1-1-5dbf8d1b2f7d@oss.qualcomm.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
|
||
|
Linus Torvalds
|
623fb9912f |
Pin control fixes for the v6.19 series:
- Fix the mt8189 register base name order back from being fixed broken. - Add REGMAP_MMIO to the pic64gx-gpio2 to avoid build breakages. - Mark the Qualcomm lpass-lpi pin controller GPIO chip instance as sleeping to fix lock splats. - Update .mailmap with my new kernel.org address for all old mails after maintainers ran into issues with this. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmlgIUUACgkQQRCzN7AZ XXNA1RAAmNzJ+nyrY9510gT0/tcNIzToUzxPz3AVL5VLtc9i+fDjr5egfUdk/+mM 9OAaLYeXB7q8ZocmJwKb4QKcc2/jgAyiv0GwUP+lmlizVFYMniYoTRKEIPW6d34a Edb/du+cncZlqaOqeBjQWN23dFW8x9Wr8gUvMEhCKCh0eCqAWFguq/zkewWvDjQN tTqGwn+L0I8pPLHytRocqVTNJLCRHDsq3xmfmSYS1k8RuccHtzoirKcKwYNHoB0a ceJV20SJ8xUoHiiFnr2r3eZZBCpR1dV9qPgZbug4j4jYjdNu49Cb17iLIaY6SUoU ZjEypL2bFck69py/alPbjtnrT2G+M0dRY9NrPbjy4aRPvDwlKaXuQ7WCzm9QOcBj 30w0wC2+N8d14bWsFVbMUThoPhCAxpJHQoqSTMXxRKXKQPDPs9vXvOtbBUwPxfS9 KveYveddu0ZrcncOEqBgvocbxNqqU/oi4Fo2qbnM2Jyq8+MkGTkziApWtORYqMhZ NTQRD2KDUnLQnGHFJSuoRpbNyxVei3Okv1EFjZboDYoTSl5NJ7MRcgge3yVFLuqo 7O2d5jF6lO+Xoqy4CWmuN5whsrSlmFS7nLAfLz/Xd/UgBu8UedD8JPL45OnKhO5u Y28p/d8hWnfuj8pIia4Fb8yifovB92y+XGHbFjwQvXKqNlSnSog= =k9fl -----END PGP SIGNATURE----- Merge tag 'pinctrl-v6.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: - Fix the mt8189 register base name order back from being fixed broken - Add REGMAP_MMIO to the pic64gx-gpio2 to avoid build breakages - Mark the Qualcomm lpass-lpi pin controller GPIO chip instance as sleeping to fix lock splats - Update .mailmap with my new kernel.org address for all old mails after maintainers ran into issues with this * tag 'pinctrl-v6.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping pinctrl: pic64gx-gpio2: Add REGMAP_MMIO dependency Update .mailmap for Linus Walleij pinctrl: mediatek: mt8189: restore previous register base name array order |
||
|
Jiayuan Chen
|
5fcd551307 |
arm64: mm: Fix incomplete tag reset in change_memory_common()
Running KASAN KUnit tests with {HW,SW}_TAGS mode triggers a fault in
change_memory_common():
Call trace:
change_memory_common+0x168/0x210 (P)
set_memory_ro+0x20/0x48
vmalloc_helpers_tags+0xe8/0x338
kunit_try_run_case+0x74/0x188
kunit_generic_run_threadfn_adapter+0x30/0x70
kthread+0x11c/0x200
ret_from_fork+0x10/0x20
---[ end trace 0000000000000000 ]---
# vmalloc_helpers_tags: try faulted
not ok 67 vmalloc_helpers_tags
Commit a06494adb7ef ("arm64: mm: use untagged address to calculate page index")
fixed a KASAN warning in the BPF subsystem by adding kasan_reset_tag() to
the index calculation. In the execmem flow:
bpf_prog_pack_alloc()
-> bpf_jit_alloc_exec()
-> execmem_alloc()
The returned address from execmem_vmalloc/execmem_cache_alloc is passed
through kasan_reset_tag(), so start has no tag while area->addr still
retains the original tag. The fix correctly handled this case by resetting
the tag on area->addr:
(start - (unsigned long)kasan_reset_tag(area->addr)) >> PAGE_SHIFT
However, in normal vmalloc paths, both start and area->addr have matching
tags(or no tags). Resetting only area->addr causes a mismatch when
subtracting a tagged address from an untagged one, resulting in an
incorrect index.
Fix this by resetting tags on both addresses in the index calculation.
This ensures correct results regardless of the tag state of either address.
Tested with KASAN KUnit tests under CONFIG_KASAN_GENERIC,
CONFIG_KASAN_SW_TAGS, and CONFIG_KASAN_HW_TAGS - all pass. Also verified
the original BPF KASAN warning from [1] is still fixed.
[1] https://lore.kernel.org/all/20251118164115.GA3977565@ax162/
Fixes: a06494adb7ef ("arm64: mm: use untagged address to calculate page index")
Signed-off-by: Jiayuan Chen <jiayuan.chen@shopee.com>
Signed-off-by: Jiayuan Chen <jiayuan.chen@linux.dev>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
|
||
|
Ben Horgan
|
c2803bd580 |
arm_mpam: Stop using uninitialized variables in __ris_msmon_read()
Dan has reported two uses of uninitialized variables in __ris_msmon_read().
If an unknown monitor type is encountered then the local variable, now, is
used uninitialized. Fix this by returning early on error. If a non-mbwu
monitor is being read then the local variable, overflow, is not initialized
but still read. Initialize it to false as overflow is not relevant for csu
monitors.
Fixes: 823e7c3712c5 ("arm_mpam: Add mpam_msmon_read() to read monitor value")
Fixes: 9e5afb7c3283 ("arm_mpam: Use long MBWU counters if supported")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202512091519.RBwiJcSq-lkp@intel.com/
Closes: https://lore.kernel.org/r/202512100547.N7QPYgfb-lkp@intel.com/
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
|
||
|
Linus Torvalds
|
5572ad8fdd |
tracing fixes for v6.19:
- Remove useless assignment of soft_mode variable The function __ftrace_event_enable_disable() sets "soft_mode" in one of the branch paths but doesn't use it after that. Remove the setting of that variable. - Add a cond_resched() in ring_buffer_resize() The resize function that allocates all the pages for the ring buffer was causing a soft lockup on PREEMPT_NONE configs when allocating large buffers on machines with many CPUs. Hopefully this is the last cond_resched() needed to be added as PREEMPT_LAZY becomes the norm in the future. - Make ftrace_graph_ent depth field signed The "depth" field of struct ftrace_graph_ent was converted from "int" to "unsigned long" for alignment reasons to work with being embedded in other structures. The conversion from a signed to unsigned caused integrity checks to always pass as they were comparing "depth" to less than zero. Make the field signed long. - Add recursion protection to stack trace events A infinite recursion was triggered by a stack trace event calling RCU which internally called rcu_read_unlock_special(), which triggered an event that was also doing stacktraces which cause it to trigger the same RCU lock that called rcu_read_unlock_special() again. Update the trace_test_and_set_recursion() to add a set of context checks for events to use, and have the stack trace event use that for recursion protection. - Make the variable ftrace_dump_on_oops static The cleanup of sysctl that moved all the updates to the files that use them moved the reference of ftrace_dump_on_oops to where it is used. It is no longer used outside of the trace.c file. Make it static. -----BEGIN PGP SIGNATURE----- iIoEABYKADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCaV/2wRQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qmMqAQD+LyAOb7bKlgFjwRABjszg1yDhJPb0 gQGSNPchQyq/7gD8Cu3/ze5UxrNV8cNNsbAPu0/xEg4eyozbRiP/VjzZ4gU= =uLUP -----END PGP SIGNATURE----- Merge tag 'trace-v6.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing fixes from Steven Rostedt: - Remove useless assignment of soft_mode variable The function __ftrace_event_enable_disable() sets "soft_mode" in one of the branch paths but doesn't use it after that. Remove the setting of that variable. - Add a cond_resched() in ring_buffer_resize() The resize function that allocates all the pages for the ring buffer was causing a soft lockup on PREEMPT_NONE configs when allocating large buffers on machines with many CPUs. Hopefully this is the last cond_resched() needed to be added as PREEMPT_LAZY becomes the norm in the future. - Make ftrace_graph_ent depth field signed The "depth" field of struct ftrace_graph_ent was converted from "int" to "unsigned long" for alignment reasons to work with being embedded in other structures. The conversion from a signed to unsigned caused integrity checks to always pass as they were comparing "depth" to less than zero. Make the field signed long. - Add recursion protection to stack trace events A infinite recursion was triggered by a stack trace event calling RCU which internally called rcu_read_unlock_special(), which triggered an event that was also doing stacktraces which cause it to trigger the same RCU lock that called rcu_read_unlock_special() again. Update the trace_test_and_set_recursion() to add a set of context checks for events to use, and have the stack trace event use that for recursion protection. - Make the variable ftrace_dump_on_oops static The cleanup of sysctl that moved all the updates to the files that use them moved the reference of ftrace_dump_on_oops to where it is used. It is no longer used outside of the trace.c file. Make it static. * tag 'trace-v6.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: trace: ftrace_dump_on_oops[] is not exported, make it static tracing: Add recursion protection in kernel stack trace recording ftrace: Make ftrace_graph_ent depth field signed ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free tracing: Drop unneeded assignment to soft_mode |
||
|
Linus Torvalds
|
f2a3b12b30 |
Including fixes from netfilter and wireless.
Current release - fix to a fix: - net: do not write to msg_get_inq in callee - arp: do not assume dev_hard_header() does not change skb->head Current release - regressions: - wifi: mac80211: don't iterate not running interfaces - eth: mlx5: fix NULL pointer dereference in ioctl module EEPROM Current release - new code bugs: - eth: bnge: add AUXILIARY_BUS to Kconfig dependencies Previous releases - regressions: - eth: mlx5: dealloc forgotten PSP RX modify header Previous releases - always broken: - ping: fix ICMP out SNMP stats double-counting with ICMP sockets - bonding: preserve NETIF_F_ALL_FOR_ALL across TSO updates - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress - eth: bnxt: fix potential data corruption with HW GRO/LRO Signed-off-by: Jakub Kicinski <kuba@kernel.org> -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmlf6N8ACgkQMUZtbf5S Irt9lxAAote4zPojTEJvE1DkABVsx31gPm6DF8zEae39XsFKtOMfb876s5bchOUA Rkd27+k28l/U5HFrrhUhqDlaOikjXx6baT12qTPsuxGrOL6Um23EfIgVuNFzxMwE lcBgkSNe1tfT8WBirWEVWLc5xme+vvll7ViX7kkQJ7fEdk1mvTPZ5roIq1+pE1U0 V5Gu4l9QBcWC/IymAO8Z2UE08terMcYt1G4H6mSIoooeMM1QElbPwVEiRWAzJ/NP 9cTjvnHJDAdRnA4bMa76CGWxg4wgPhgj3+ydlouWjgJADL6hlMj4sIZxaXgjDuoE XyCEuk6Y/rUTSmX1yn7rha9FQwJOyMu9XlEjnNSvH0LRdnSa7xO7NzeXtrWv7HSg kQOMTnMVgVlabOuMbR6xNqY6UyulQgK/2E56RgOO4Iw6U7crZsbyZx3OFkIKhq8g ZWaRBQNdYBBftjJA7FwQSyj/K75sLfbYAS5YizguNyFPBCBhSBJdgFWoGb+XhT0/ k0KwsX/NWN0apHmZNiD4mT/UdX2PhJRdiTWPczNyEzqJcxh1P2HMWHVZOsIyZQHT EK3w6LLqp1eshEERPqFsqCFYX4LUuifQbPPF0kBkL1hTMa2NuXnkIsOzbcWal88o qdej9TY9VC5ycabgDI4/9ZNhnAzho1Nk/e6YuHsBcu2pIVDKgNI= =vR9r -----END PGP SIGNATURE----- Merge tag 'net-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from Jakub Kicinski: "Including fixes from netfilter and wireless. Current release - fix to a fix: - net: do not write to msg_get_inq in callee - arp: do not assume dev_hard_header() does not change skb->head Current release - regressions: - wifi: mac80211: don't iterate not running interfaces - eth: mlx5: fix NULL pointer dereference in ioctl module EEPROM Current release - new code bugs: - eth: bnge: add AUXILIARY_BUS to Kconfig dependencies Previous releases - regressions: - eth: mlx5: dealloc forgotten PSP RX modify header Previous releases - always broken: - ping: fix ICMP out SNMP stats double-counting with ICMP sockets - bonding: preserve NETIF_F_ALL_FOR_ALL across TSO updates - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress - eth: bnxt: fix potential data corruption with HW GRO/LRO" * tag 'net-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (70 commits) arp: do not assume dev_hard_header() does not change skb->head net: enetc: fix build warning when PAGE_SIZE is greater than 128K atm: Fix dma_free_coherent() size tools: ynl: don't install tests net: do not write to msg_get_inq in callee bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup net: usb: pegasus: fix memory leak in update_eth_regs_async() net: 3com: 3c59x: fix possible null dereference in vortex_probe1() net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset wifi: mac80211: collect station statistics earlier when disconnect wifi: mac80211: restore non-chanctx injection behaviour wifi: mac80211_hwsim: disable BHs for hwsim_radio_lock wifi: mac80211: don't iterate not running interfaces wifi: mac80211_hwsim: fix typo in frequency notification wifi: avoid kernel-infoleak from struct iw_point net: airoha: Fix schedule while atomic in airoha_ppe_deinit() selftests: netdevsim: add carrier state consistency test net: netdevsim: fix inconsistent carrier state after link/unlink selftests: drv-net: Bring back tool() to driver __init__s net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy ... |
||
|
Eric Dumazet
|
c92510f5e3 |
arp: do not assume dev_hard_header() does not change skb->head
arp_create() is the only dev_hard_header() caller
making assumption about skb->head being unchanged.
A recent commit broke this assumption.
Initialize @arp pointer after dev_hard_header() call.
Fixes: db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust")
Reported-by: syzbot+58b44a770a1585795351@syzkaller.appspotmail.com
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260107212250.384552-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Jakub Kicinski
|
1f20c77496 |
Merge branch '200GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue
Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2026-01-06 (idpf) This series contains updates to idpf driver only. Emil fixes issues related to resets; among them timeouts, NULL pointer dereferences, and memory leaks. Sreedevi resolves issues around RSS; mainly involving operations when the interface is down and resets. She also addresses some incomplete cleanups for ntuple filters and interrupts. Erik fixes incomplete output of ntuple filters. Josh sets restriction of Rx buffer size to follow hardware restrictions. Larysa adds check to prevent NULL pointer dereference when RDMA is not enabled. * '200GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue: idpf: fix aux device unplugging when rdma is not supported by vport idpf: cap maximum Rx buffer size idpf: Fix error handling in idpf_vport_open() idpf: Fix RSS LUT NULL ptr issue after soft reset idpf: Fix RSS LUT configuration on down interfaces idpf: Fix RSS LUT NULL pointer crash on early ethtool operations idpf: fix issue with ethtool -n command display idpf: fix memory leak of flow steer list on rmmod idpf: fix error handling in the init_task on load idpf: fix memory leak in idpf_vc_core_deinit() idpf: fix memory leak in idpf_vport_rel() idpf: detach and close netdevs while handling a reset idpf: keep the netdev when a reset fails ==================== Link: https://patch.msgid.link/20260107000648.1861994-1-anthony.l.nguyen@intel.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Wei Fang
|
4b5bdabb54 |
net: enetc: fix build warning when PAGE_SIZE is greater than 128K
The max buffer size of ENETC RX BD is 0xFFFF bytes, so if the PAGE_SIZE is greater than 128K, ENETC_RXB_DMA_SIZE and ENETC_RXB_DMA_SIZE_XDP will be greater than 0xFFFF, thus causing a build warning. This will not cause any practical issues because ENETC is currently only used on the ARM64 platform, and the max PAGE_SIZE is 64K. So this patch is only for fixing the build warning that occurs when compiling ENETC drivers for other platforms. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202601050637.kHEKKOG7-lkp@intel.com/ Fixes: e59bc32df2e9 ("net: enetc: correct the value of ENETC_RXB_TRUESIZE") Signed-off-by: Wei Fang <wei.fang@nxp.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260107091204.1980222-1-wei.fang@nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Jakub Kicinski
|
804809ae40 |
Couple of fixes:
- mac80211:
- long-standing injection bug due to chanctx rework
- more recent interface iteration issue
- collect statistics before removing stations
- hwsim:
- fix NAN frequency typo (potential NULL ptr deref)
- fix locking of radio lock (needs softirqs disabled)
- wext:
- ancient issue with compat and events copying some
uninitialized stack data to userspace
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEpeA8sTs3M8SN2hR410qiO8sPaAAFAmlfuIgACgkQ10qiO8sP
aABFOQ/9Fgkpncx7+iA7Als75L4DkVz94k/PE+VCN8gmBQp7PwQLEHyLhm+EgK1d
sSdRcgJAJ6P7sdyZ4foZlZszAEPdLLfb0JaYLEQ6h4+g6cVmaFzOSE2/6mUDE2OO
SlYxWjF1wnzpL5InVE54UBGvfLEZyoO80xqQhSW5J6v2pBsovDsve1KMtT8a4myi
zId7tpCpOTGuP9jtPJZWeBXZlLLIkvpTOyCAPQ57WJKCVflwxHVTpCFMEoDLbT8v
KV6af8zns57Tu+VTLAD4CmBTXyWsVnOsLmRdB7a2S5X6zYoqiep0JMOnmVPcLwmm
WhxIWgoquGHFKJxbCNp7tyG641Pa39ZfeBErqfZY0FTUgxVjj7tLdvwm1gxg5SAW
gjv2TlnyrPhRhcD3ocjbudn7H+76rqPSZC7FwGhrmPi0CfrEgfYmS0S+g3Jng0x0
KrX1ej4/dSR6KTjvmZ62skLPq6HzRQVbOPuZhcYq9Gqt9yMQ57W3kHoDbiwaAwYi
0iTZo7W8JcyN3cbWVNKf4ZHDSywL+YNGVuY0o/umNQk0A+SXvk73HrhDVH2sj9h2
haP7+uOpN90YM1c+Zjfe3uxL0M3MPquGBojJZVDzMApRNczd/pSOvuIO7txhqy9B
H9rjlHNyxYtsj4CZhML/GUSKYX551aO6WjyzgAxq/gSIfYxcb0k=
=KKD4
-----END PGP SIGNATURE-----
Merge tag 'wireless-2026-01-08' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless
Johannes Berg says:
====================
Couple of fixes:
- mac80211:
- long-standing injection bug due to chanctx rework
- more recent interface iteration issue
- collect statistics before removing stations
- hwsim:
- fix NAN frequency typo (potential NULL ptr deref)
- fix locking of radio lock (needs softirqs disabled)
- wext:
- ancient issue with compat and events copying some
uninitialized stack data to userspace
* tag 'wireless-2026-01-08' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
wifi: mac80211: collect station statistics earlier when disconnect
wifi: mac80211: restore non-chanctx injection behaviour
wifi: mac80211_hwsim: disable BHs for hwsim_radio_lock
wifi: mac80211: don't iterate not running interfaces
wifi: mac80211_hwsim: fix typo in frequency notification
wifi: avoid kernel-infoleak from struct iw_point
====================
Link: https://patch.msgid.link/20260108140141.139687-3-johannes@sipsolutions.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Thomas Fourier
|
4d984b0574 |
atm: Fix dma_free_coherent() size
The size of the buffer is not the same when alloc'd with
dma_alloc_coherent() in he_init_tpdrq() and freed.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: <stable@vger.kernel.org>
Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
Link: https://patch.msgid.link/20260107090141.80900-2-fourier.thomas@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Jakub Kicinski
|
790792ebc9 |
tools: ynl: don't install tests
make's install target is meant for installing the production
artifacts, AFAIU. Don't install test_ynl_cli and test_ynl_ethtool
from under the main YNL install target. The install target
under tests/ is retained in case someone wants the tests
to be installed.
Fixes: 308b7dee3e5c ("tools: ynl: add YNL test framework")
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://patch.msgid.link/20260106163426.1468943-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Willem de Bruijn
|
7d11e047ed |
net: do not write to msg_get_inq in callee
NULL pointer dereference fix.
msg_get_inq is an input field from caller to callee. Don't set it in
the callee, as the caller may not clear it on struct reuse.
This is a kernel-internal variant of msghdr only, and the only user
does reinitialize the field. So this is not critical for that reason.
But it is more robust to avoid the write, and slightly simpler code.
And it fixes a bug, see below.
Callers set msg_get_inq to request the input queue length to be
returned in msg_inq. This is equivalent to but independent from the
SO_INQ request to return that same info as a cmsg (tp->recvmsg_inq).
To reduce branching in the hot path the second also sets the msg_inq.
That is WAI.
This is a fix to commit 4d1442979e4a ("af_unix: don't post cmsg for
SO_INQ unless explicitly asked for"), which fixed the inverse.
Also avoid NULL pointer dereference in unix_stream_read_generic if
state->msg is NULL and msg->msg_get_inq is written. A NULL state->msg
can happen when splicing as of commit 2b514574f7e8 ("net: af_unix:
implement splice for stream af_unix sockets").
Also collapse two branches using a bitwise or.
Cc: stable@vger.kernel.org
Fixes: 4d1442979e4a ("af_unix: don't post cmsg for SO_INQ unless explicitly asked for")
Link: https://lore.kernel.org/netdev/willemdebruijn.kernel.24d8030f7a3de@gmail.com/
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260106150626.3944363-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Breno Leitao
|
3358995b1a |
bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup
When bnxt_init_one() fails during initialization (e.g.,
bnxt_init_int_mode returns -ENODEV), the error path calls
bnxt_free_hwrm_resources() which destroys the DMA pool and sets
bp->hwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called,
which invokes ptp_clock_unregister().
Since commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to
disable events"), ptp_clock_unregister() now calls
ptp_disable_all_events(), which in turn invokes the driver's .enable()
callback (bnxt_ptp_enable()) to disable PTP events before completing the
unregistration.
bnxt_ptp_enable() attempts to send HWRM commands via bnxt_ptp_cfg_pin()
and bnxt_ptp_cfg_event(), both of which call hwrm_req_init(). This
function tries to allocate from bp->hwrm_dma_pool, causing a NULL
pointer dereference:
bnxt_en 0000:01:00.0 (unnamed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Call Trace:
__hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72)
bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517)
ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66)
ptp_clock_unregister (drivers/ptp/ptp_clock.c:518)
bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134)
bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889)
Lines are against commit f8f9c1f4d0c7 ("Linux 6.19-rc3")
Fix this by clearing and unregistering ptp (bnxt_ptp_clear()) before
freeing HWRM resources.
Suggested-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Signed-off-by: Breno Leitao <leitao@debian.org>
Fixes: a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events")
Cc: stable@vger.kernel.org
Reviewed-by: Pavan Chebbi <pavan.chebbi@broadcom.com>
Link: https://patch.msgid.link/20260106-bnxt-v3-1-71f37e11446a@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Petko Manolov
|
afa27621a2 |
net: usb: pegasus: fix memory leak in update_eth_regs_async()
When asynchronously writing to the device registers and if usb_submit_urb()
fail, the code fail to release allocated to this point resources.
Fixes: 323b34963d11 ("drivers: net: usb: pegasus: fix control urb submission")
Signed-off-by: Petko Manolov <petkan@nucleusys.com>
Link: https://patch.msgid.link/20260106084821.3746677-1-petko.manolov@konsulko.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Thomas Fourier
|
a4e305ed60 |
net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
pdev can be null and free_ring: can be called in 1297 with a null
pdev.
Fixes: 55c82617c3e8 ("3c59x: convert to generic DMA API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
Link: https://patch.msgid.link/20260106094731.25819-2-fourier.thomas@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Xiang Mei
|
c1d73b1480 |
net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset
`qfq_class->leaf_qdisc->q.qlen > 0` does not imply that the class itself is active. Two qfq_class objects may point to the same leaf_qdisc. This happens when: 1. one QFQ qdisc is attached to the dev as the root qdisc, and 2. another QFQ qdisc is temporarily referenced (e.g., via qdisc_get() / qdisc_put()) and is pending to be destroyed, as in function tc_new_tfilter. When packets are enqueued through the root QFQ qdisc, the shared leaf_qdisc->q.qlen increases. At the same time, the second QFQ qdisc triggers qdisc_put and qdisc_destroy: the qdisc enters qfq_reset() with its own q->q.qlen == 0, but its class's leaf qdisc->q.qlen > 0. Therefore, the qfq_reset would wrongly deactivate an inactive aggregate and trigger a null-deref in qfq_deactivate_agg: [ 0.903172] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 0.903571] #PF: supervisor write access in kernel mode [ 0.903860] #PF: error_code(0x0002) - not-present page [ 0.904177] PGD 10299b067 P4D 10299b067 PUD 10299c067 PMD 0 [ 0.904502] Oops: Oops: 0002 [#1] SMP NOPTI [ 0.904737] CPU: 0 UID: 0 PID: 135 Comm: exploit Not tainted 6.19.0-rc3+ #2 NONE [ 0.905157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014 [ 0.905754] RIP: 0010:qfq_deactivate_agg (include/linux/list.h:992 (discriminator 2) include/linux/list.h:1006 (discriminator 2) net/sched/sch_qfq.c:1367 (discriminator 2) net/sched/sch_qfq.c:1393 (discriminator 2)) [ 0.906046] Code: 0f 84 4d 01 00 00 48 89 70 18 8b 4b 10 48 c7 c2 ff ff ff ff 48 8b 78 08 48 d3 e2 48 21 f2 48 2b 13 48 8b 30 48 d3 ea 8b 4b 18 0 Code starting with the faulting instruction =========================================== 0: 0f 84 4d 01 00 00 je 0x153 6: 48 89 70 18 mov %rsi,0x18(%rax) a: 8b 4b 10 mov 0x10(%rbx),%ecx d: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx 14: 48 8b 78 08 mov 0x8(%rax),%rdi 18: 48 d3 e2 shl %cl,%rdx 1b: 48 21 f2 and %rsi,%rdx 1e: 48 2b 13 sub (%rbx),%rdx 21: 48 8b 30 mov (%rax),%rsi 24: 48 d3 ea shr %cl,%rdx 27: 8b 4b 18 mov 0x18(%rbx),%ecx ... [ 0.907095] RSP: 0018:ffffc900004a39a0 EFLAGS: 00010246 [ 0.907368] RAX: ffff8881043a0880 RBX: ffff888102953340 RCX: 0000000000000000 [ 0.907723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 0.908100] RBP: ffff888102952180 R08: 0000000000000000 R09: 0000000000000000 [ 0.908451] R10: ffff8881043a0000 R11: 0000000000000000 R12: ffff888102952000 [ 0.908804] R13: ffff888102952180 R14: ffff8881043a0ad8 R15: ffff8881043a0880 [ 0.909179] FS: 000000002a1a0380(0000) GS:ffff888196d8d000(0000) knlGS:0000000000000000 [ 0.909572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.909857] CR2: 0000000000000000 CR3: 0000000102993002 CR4: 0000000000772ef0 [ 0.910247] PKRU: 55555554 [ 0.910391] Call Trace: [ 0.910527] <TASK> [ 0.910638] qfq_reset_qdisc (net/sched/sch_qfq.c:357 net/sched/sch_qfq.c:1485) [ 0.910826] qdisc_reset (include/linux/skbuff.h:2195 include/linux/skbuff.h:2501 include/linux/skbuff.h:3424 include/linux/skbuff.h:3430 net/sched/sch_generic.c:1036) [ 0.911040] __qdisc_destroy (net/sched/sch_generic.c:1076) [ 0.911236] tc_new_tfilter (net/sched/cls_api.c:2447) [ 0.911447] rtnetlink_rcv_msg (net/core/rtnetlink.c:6958) [ 0.911663] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6861) [ 0.911894] netlink_rcv_skb (net/netlink/af_netlink.c:2550) [ 0.912100] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344) [ 0.912296] ? __alloc_skb (net/core/skbuff.c:706) [ 0.912484] netlink_sendmsg (net/netlink/af_netlink.c:1894) [ 0.912682] sock_write_iter (net/socket.c:727 (discriminator 1) net/socket.c:742 (discriminator 1) net/socket.c:1195 (discriminator 1)) [ 0.912880] vfs_write (fs/read_write.c:593 fs/read_write.c:686) [ 0.913077] ksys_write (fs/read_write.c:738) [ 0.913252] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 0.913438] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 0.913687] RIP: 0033:0x424c34 [ 0.913844] Code: 89 02 48 c7 c0 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d 2d 44 09 00 00 74 13 b8 01 00 00 00 0f 05 9 Code starting with the faulting instruction =========================================== 0: 89 02 mov %eax,(%rdx) 2: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax 9: eb bd jmp 0xffffffffffffffc8 b: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 12: 00 00 00 15: 90 nop 16: f3 0f 1e fa endbr64 1a: 80 3d 2d 44 09 00 00 cmpb $0x0,0x9442d(%rip) # 0x9444e 21: 74 13 je 0x36 23: b8 01 00 00 00 mov $0x1,%eax 28: 0f 05 syscall 2a: 09 .byte 0x9 [ 0.914807] RSP: 002b:00007ffea1938b78 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 0.915197] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000424c34 [ 0.915556] RDX: 000000000000003c RSI: 000000002af378c0 RDI: 0000000000000003 [ 0.915912] RBP: 00007ffea1938bc0 R08: 00000000004b8820 R09: 0000000000000000 [ 0.916297] R10: 0000000000000001 R11: 0000000000000202 R12: 00007ffea1938d28 [ 0.916652] R13: 00007ffea1938d38 R14: 00000000004b3828 R15: 0000000000000001 [ 0.917039] </TASK> [ 0.917158] Modules linked in: [ 0.917316] CR2: 0000000000000000 [ 0.917484] ---[ end trace 0000000000000000 ]--- [ 0.917717] RIP: 0010:qfq_deactivate_agg (include/linux/list.h:992 (discriminator 2) include/linux/list.h:1006 (discriminator 2) net/sched/sch_qfq.c:1367 (discriminator 2) net/sched/sch_qfq.c:1393 (discriminator 2)) [ 0.917978] Code: 0f 84 4d 01 00 00 48 89 70 18 8b 4b 10 48 c7 c2 ff ff ff ff 48 8b 78 08 48 d3 e2 48 21 f2 48 2b 13 48 8b 30 48 d3 ea 8b 4b 18 0 Code starting with the faulting instruction =========================================== 0: 0f 84 4d 01 00 00 je 0x153 6: 48 89 70 18 mov %rsi,0x18(%rax) a: 8b 4b 10 mov 0x10(%rbx),%ecx d: 48 c7 c2 ff ff ff ff mov $0xffffffffffffffff,%rdx 14: 48 8b 78 08 mov 0x8(%rax),%rdi 18: 48 d3 e2 shl %cl,%rdx 1b: 48 21 f2 and %rsi,%rdx 1e: 48 2b 13 sub (%rbx),%rdx 21: 48 8b 30 mov (%rax),%rsi 24: 48 d3 ea shr %cl,%rdx 27: 8b 4b 18 mov 0x18(%rbx),%ecx ... [ 0.918902] RSP: 0018:ffffc900004a39a0 EFLAGS: 00010246 [ 0.919198] RAX: ffff8881043a0880 RBX: ffff888102953340 RCX: 0000000000000000 [ 0.919559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 0.919908] RBP: ffff888102952180 R08: 0000000000000000 R09: 0000000000000000 [ 0.920289] R10: ffff8881043a0000 R11: 0000000000000000 R12: ffff888102952000 [ 0.920648] R13: ffff888102952180 R14: ffff8881043a0ad8 R15: ffff8881043a0880 [ 0.921014] FS: 000000002a1a0380(0000) GS:ffff888196d8d000(0000) knlGS:0000000000000000 [ 0.921424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.921710] CR2: 0000000000000000 CR3: 0000000102993002 CR4: 0000000000772ef0 [ 0.922097] PKRU: 55555554 [ 0.922240] Kernel panic - not syncing: Fatal exception [ 0.922590] Kernel Offset: disabled Fixes: 0545a3037773 ("pkt_sched: QFQ - quick fair queue scheduler") Signed-off-by: Xiang Mei <xmei5@asu.edu> Link: https://patch.msgid.link/20260106034100.1780779-1-xmei5@asu.edu Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Linus Torvalds
|
79b95d7447 |
hid-for-linus-2026010801
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEL65usyKPHcrRDEicpmLzj2vtYEkFAmlfxBEACgkQpmLzj2vt YEl21w//SDcIehN5GWJn6pMKoS8mYj+S17vo9BqQ9S68dQbhTww8D1jZ9k50+xbU 7YLzwiMpDEex8omY9zs5EYiEBf6RCMSb/y5dGt8eyqLj+cHjqmmUK+4yjq/mKTjz SWh7A9A/WqFVbiQz43wOqu/kCBg10cNxKuOXmZm9LknJSb5PJRd9bd9/HGKWFDg2 VstoZC/n/+mQoMsvDvMtbOJw/iLSGr/wDkhFkIzSbHdCnRKRmCwBOrjGonwzPOet 8c0kNSZt9kpzhZCmOXTDWhGDr+fpaxWtkpX+WkDZ7Guxjb/4wRkLEMDqs77WRwPx cI1ko1ug3oPv0e0dqG1+2VQ1nJ5h6Q83gp/l+R9H4P6aT874IAcmpGoXa04u82ob vlkOzfQjBb8qe/O4+KG9lj6Wclr3m3nvZ07vfjQRCnizwnAo5z+NjZqWJPJcuoDf 7KInyQI2+2KHWqLmGtAXbXfK6xb7Kcxx9ysKcN32kWSubf6FBg0GYclhlAJyqRiC /Z1yPNFWroJYChNN3p4IIh4hr2SCMj/Qzil456/JeXjt/3Gqbg+DLmgY8IgUng3g M6OTMvXR1UP9i73mb0Z22oN0x4s4Ijysjnj4X2AhL+K+lCrZBJ84j4lt+zY/N39C IC5pqbvPKZAvZ5iSnz07g9QQ0CbDCMDzst96jigiMN/aTtx6mm8= =s/hE -----END PGP SIGNATURE----- Merge tag 'hid-for-linus-2026010801' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid Pull HID fixes from Jiri Kosina: - build fix for HID-BPF (Benjamin Tissoires) - fix for potential buffer overflow in i2c-hid (Kwok Kin Ming) - a couple of selftests/hid fixes (Peter Hutterer) - fix for handling pressure pads in hid-multitouch (Peter Hutterer) - fix for potential NULL pointer dereference in intel-thc-hid (Even Xu) - fix for interrupt delay control in intel-thc-hid (Even Xu) - fix finger release detection on some VTL-class touchpads (DaytonCL) - fix for correct enumeration on intel-ish-hid systems with no sensors (Zhang Lixu) - assorted device ID additions and device-specific quirks * tag 'hid-for-linus-2026010801' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid: (21 commits) HID: logitech: add HID++ support for Logitech MX Anywhere 3S HID: Elecom: Add support for ELECOM M-XT3DRBK (018C) HID: quirks: work around VID/PID conflict for appledisplay HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() selftests/hid: add a test for the Digitizer/Button Type pressurepad selftests/hid: use a enum class for the different button types selftests/hid: require hidtools 0.12 HID: multitouch: set INPUT_PROP_PRESSUREPAD based on Digitizer/Button Type HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer hid: intel-thc-hid: Select SGL_ALLOC selftests/hid: fix bpf compilations due to -fms-extensions HID: bpf: fix bpf compilation with -fms-extensions HID: Intel-thc-hid: Intel-thc: Fix wrong register reading HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL HID: intel-ish-hid: Reset enum_devices_done before enumeration HID: intel-ish-hid: Update ishtp bus match to support device ID table HID: Intel-thc-hid: Intel-thc: fix dma_unmap_sg() nents value HID: playstation: Center initial joystick axes to prevent spurious events ... |
||
|
Linus Torvalds
|
108b661c79 |
sound fixes for 6.19-rc5
A collection of small device-specific fixes. * ASoC Intel topology fixes for conflicting Bluetooth bits * Cleanups of ASoC drivers for superfluous NULL checks * Fix for error handling in the AC97 bus * A regression fix for TAS2781 speaker ID handling * HD-audio quirks -----BEGIN PGP SIGNATURE----- iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmlei+kOHHRpd2FpQHN1 c2UuZGUACgkQLtJE4w1nLE+gARAAnt27oEhAhhxpmKn6UyMfmjex+cHO0zyzGReV PZ7fzdyaxsYKjf2iZtgHLDIv2zydvhmskh0c4OFSCbegjd0T2/BSVNksT3yswf1C D2YVGw5m6k/zoiEAUvlfRrNrEYiAgDh0HBqWCuw1OwdkJ0LQH8Zh49iXAW9N1HGY gQupq7z9Ee2/od4k/ZpMDGrSZQ2IA0vA49jDNO3GvuB6XSUcbL+IJRsrSBSRenlv ckNGZa7c+kD5DqqtfwkZQe0G/NcriwcYs2K9e2Mo0C8Fk7Cp3m0ROsCjfkP/XqW2 lAVacOBjxZlwNTSgpejyG2ejPRN5+D7Nq5izJLW4zjzagUV/W2KglFWtFeKuzjzJ UCPk1hTZMLIxk1UcQ/kUjGuOi41lRRNwNLF+1+STTYzGRMgDGtwO2HRHFyKsQKDO eeJ723EadF3hR50qWiUfEoVEkSjnprPAlRVdQ6B/kumM8prS/9H9XFOEPl7gg/Yy fza+WvbGJgNBAEM3v7h8Imml2DnrWQ1rJnZuto5e32OcPLz/c/JY8V2EXoqZ4h4A BluW6XtFv/YPEOBPhv9CgDwUcnjuYPqamSanwMa5hBN4nXTTBoJwievOTnLoxB36 AXBnEBV03RfJWMZkBRNqoK9XKB+AKFMdD1Zp/k0A+XO7BWsMNminAKEMCAPcqmyn 7I86rfw= =S57y -----END PGP SIGNATURE----- Merge tag 'sound-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A collection of small device-specific fixes: - ASoC Intel topology fixes for conflicting Bluetooth bits - Cleanups of ASoC drivers for superfluous NULL checks - Fix for error handling in the AC97 bus - A regression fix for TAS2781 speaker ID handling - HD-audio quirks" * tag 'sound-6.19-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 ALSA: hda/tas2781: properly initialize speaker_id for TAS2563 ALSA: ac97: fix a double free in snd_ac97_controller_register() ASoC: sun4i-spdif: Add missing kerneldoc fields for sun4i_spdif_quirks ASoC: codecs: pm4125: clean up bind() device reference handling ASoC: soc_sdw_utils: drop bogus container_of() error handling ASoC: codecs: wcd937x: drop bogus container_of() error handling ASoC: codecs: pm4125: drop bogus container_of() error handling ASoC: SOF: Intel: add -bt tplg suffix if BT is present ASoC: Intel: sof_sdw: shift SSP BT mask bits. |
||
|
Bartosz Golaszewski
|
36f597bba0 |
gpiolib: fix lookup table matching
If on any iteration in gpiod_find(), gpio_desc_table_match() returns
NULL (which is normal and expected), we never reinitialize desc back to
ERR_PTR(-ENOENT) and if we don't find a match later on, we will return
NULL causing a NULL-pointer dereference in users not expecting it. Don't
initialize desc, but return ERR_PTR(-ENOENT) explicitly at the end of
the function.
Fixes: 9700b0fccf38 ("gpiolib: allow multiple lookup tables per consumer")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Closes: https://lore.kernel.org/all/00107523-7737-4b92-a785-14ce4e93b8cb@samsung.com/
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20260108102314.18816-1-bartosz.golaszewski@oss.qualcomm.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
|
||
|
Baochen Qiang
|
a203dbeeca |
wifi: mac80211: collect station statistics earlier when disconnect
In __sta_info_destroy_part2(), station statistics are requested after the IEEE80211_STA_NONE -> IEEE80211_STA_NOTEXIST transition. This is problematic because the driver may be unable to handle the request due to the STA being in the NOTEXIST state (i.e. if the driver destroys the underlying data when transitioning to NOTEXIST). Move the statistics collection to before the state transition to avoid this issue. Signed-off-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com> Link: https://patch.msgid.link/20251222-mac80211-move-station-stats-collection-earlier-v1-1-12cd4e42c633@oss.qualcomm.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
||
|
Johannes Berg
|
d594cc6f2c |
wifi: mac80211: restore non-chanctx injection behaviour
During the transition to use channel contexts throughout, the ability to do injection while in monitor mode concurrent with another interface was lost, since the (virtual) monitor won't have a chanctx assigned in this scenario. It's harder to fix drivers that actually transitioned to using channel contexts themselves, such as mt76, but it's easy to do those that are (still) just using the emulation. Do that. Cc: stable@vger.kernel.org Link: https://bugzilla.kernel.org/show_bug.cgi?id=218763 Reported-and-tested-by: Oscar Alfonso Diaz <oscar.alfonso.diaz@gmail.com> Fixes: 0a44dfc07074 ("wifi: mac80211: simplify non-chanctx drivers") Link: https://patch.msgid.link/20251216105242.18366-2-johannes@sipsolutions.net Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
||
|
Benjamin Berg
|
6f38593716 |
wifi: mac80211_hwsim: disable BHs for hwsim_radio_lock
The hwsim_radio_lock spinlock expects bottom-half to be disabled, fix the call in mac80211_hwsim_nan_stop to ensure BHs are disabled. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Link: https://patch.msgid.link/20260107143805.ce7406511608.I688f8b19346e94c1f8de0cdadde072054d4b861c@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
||
|
Miri Korenblit
|
c0d82ba961 |
wifi: mac80211: don't iterate not running interfaces
for_each_chanctx_user_* was introdcued as a replacement for
for_each_sdata_link, which visits also other chanctx users that are not
link.
for_each_sdata_link skips not running interfaces, do the same for
for_each_chanctx_user_*
Fixes: 1ce954c98b89 ("wifi: mac80211: add and use chanctx usage iteration")
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260107143736.55c084e2a976.I38b7b904a135dadca339321923b501b2c2c5c8c0@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||
|
Benjamin Berg
|
333418872b |
wifi: mac80211_hwsim: fix typo in frequency notification
The NAN notification is for 5745 MHz which corresponds to channel 149
and not 5475 which is not actually a valid channel. This could result in
a NULL pointer dereference in cfg80211_next_nan_dw_notif.
Fixes: a37a6f54439b ("wifi: mac80211_hwsim: Add simulation support for NAN device")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260107143652.7dab2035836f.Iacbaf7bb94ed5c14a0928a625827e4137d8bfede@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||
|
Eric Dumazet
|
21cbf883d0 |
wifi: avoid kernel-infoleak from struct iw_point
struct iw_point has a 32bit hole on 64bit arches.
struct iw_point {
void __user *pointer; /* Pointer to the data (in user space) */
__u16 length; /* number of fields or size in bytes */
__u16 flags; /* Optional params */
};
Make sure to zero the structure to avoid disclosing 32bits of kernel data
to user space.
Fixes: 87de87d5e47f ("wext: Dispatch and handle compat ioctls entirely in net/wireless/wext.c")
Reported-by: syzbot+bfc7323743ca6dbcc3d3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/695f83f3.050a0220.1c677c.0392.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/20260108101927.857582-1-edumazet@google.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||
|
Dennis Marttinen
|
d7f6629bff |
HID: logitech: add HID++ support for Logitech MX Anywhere 3S
I've acquired a Logitech MX Anywhere 3S mouse, which supports HID++ over Bluetooth. Adding its PID 0xb037 to the allowlist enables the additional features, such as high-resolution scrolling. Tested working across multiple machines, with a mix of Intel and Mediatek Bluetooth chips. [jkosina@suse.com: standardize shortlog] Signed-off-by: Dennis Marttinen <twelho@welho.tech> Signed-off-by: Jiri Kosina <jkosina@suse.com> |