NFSD has always supported added network listeners. The new netlink
protocol now enables the removal of listeners.
Olga noticed that if an RDMA listener is removed and immediately
re-added, the deferred __svc_rdma_free() function might not have
run yet, so some or all of the old listener's RDMA resources
linger, which prevents a new listener on the same address from
being created.
Also, svc_xprt_free() does a module_put() just after calling
->xpo_free(). That means if there is deferred work going on, the
module could be unloaded before that work is even started,
resulting in a UAF.
Neil asks:
> What particular part of __svc_rdma_free() needs to run in order for a
> subsequent registration to succeed?
> Can that bit be run directory from svc_rdma_free() rather than be
> delayed?
> (I know almost nothing about rdma so forgive me if the answers to these
> questions seems obvious)
The reasons I can recall are:
- Some of the transport tear-down work can sleep
- Releasing a cm_id is tricky and can deadlock
We might be able to mitigate the second issue with judicious
application of transport reference counting.
Reported-by: Olga Kornievskaia <okorniev@redhat.com>
Closes: https://lore.kernel.org/linux-nfs/20250821204328.89218-1-okorniev@redhat.com/
Suggested-by: NeilBrown <neil@brown.name>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
- Fix writing bpf_prog (infos|btfs)_cnt to data file, to not generate
invalid perf.data files in some corner cases.
- Fix 'perf top' segfault by ensuring libbfd is initialized. This is an
opt-in feature due to license incompatibilities.
- Fix segfault in 'perf lock' due to missing kernel map.
- Fix 'perf lock contention' test.
- Don't fail fast path detection if binutils-devel isn't available.
- Sync KVM's vmx.h with the kernel to pick SEAMCALL exit reason.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCaRokLwAKCRCyPKLppCJ+
JwEYAQDuSXq1QraQr4ADvGpLAGVyWCxnXbhNqSmcCVB07OO5AQEA69kNlvoKHm3L
ml2BiY6MMRQAXaTs4vi9hJnEdSnzcg0=
=vvjd
-----END PGP SIGNATURE-----
Merge tag 'perf-tools-fixes-for-v6.18-2-2025-11-16' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools
Pull perf tools fixes from Arnaldo Carvalho de Melo:
- Fix writing bpf_prog (infos|btfs)_cnt to data file, to not generate
invalid perf.data files in some corner cases.
- Fix 'perf top' segfault by ensuring libbfd is initialized. This is an
opt-in feature due to license incompatibilities.
- Fix segfault in 'perf lock' due to missing kernel map.
- Fix 'perf lock contention' test.
- Don't fail fast path detection if binutils-devel isn't available.
- Sync KVM's vmx.h with the kernel to pick SEAMCALL exit reason.
* tag 'perf-tools-fixes-for-v6.18-2-2025-11-16' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools:
perf libbfd: Ensure libbfd is initialized prior to use
perf test: Fix lock contention test
perf lock: Fix segfault due to missing kernel map
tools headers UAPI: Sync KVM's vmx.h with the kernel to pick SEAMCALL exit reason
perf build: Don't fail fast path feature detection when binutils-devel is not available
perf header: Write bpf_prog (infos|btfs)_cnt to data file
All are singletons - please see the respective changelogs for details.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCaRoauQAKCRDdBJ7gKXxA
jtNFAQDEMH0+zRGz/Larkf9cgmdKcDgij1DP2gP/3i8PWAoaGQD8C9evZxu1h9wC
rFbaSkPDeSdDafo3RZfpo1gqE0LdEA4=
=oew8
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2025-11-16-10-40' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"7 hotfixes. 5 are cc:stable, 4 are against mm/
All are singletons - please see the respective changelogs for details"
* tag 'mm-hotfixes-stable-2025-11-16-10-40' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
mm, swap: fix potential UAF issue for VMA readahead
selftests/user_events: fix type cast for write_index packed member in perf_test
lib/test_kho: check if KHO is enabled
mm/huge_memory: fix folio split check for anon folios in swapcache
MAINTAINERS: update David Hildenbrand's email address
crash: fix crashkernel resource shrink
mm: fix MAX_FOLIO_ORDER on powerpc configs with hugetlb
This includes some fixes for bugs to generate topology map, newly
introduced in v6.18 kernel.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQE66IEYNDXNBPeGKSsLtaWM8LwEwUCaRnGhQAKCRCsLtaWM8Lw
E+wNAQDH0TMsY74+RNGNx+qqObPIYETYF+8It4ToktG06DpY/QEArbuXoXich3IN
NumMhjT2kPbJd5iSSn9Vg5ueHAKzLwc=
=uzc3
-----END PGP SIGNATURE-----
Merge tag 'firewire-fixes-6.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fixes from Takashi Sakamoto:
"This includes some fixes for the topology map, newly introduced in
v6.18 kernel"
* tag 'firewire-fixes-6.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: core: fix to update generation field in topology map
firewire: core: Initialize topology_map.lock
information can come in more than one remote processor message.
- Explicitly reenable ECC checking after a warm reset in Altera OCRAM as those
registers are reset to default otherwise
- Fix single-bit error injection in Altera EDAC to not inject errors directly
in ECC RAM and thus lead to false double-bit errors due to same ECC RAM
being in concurrent use
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmkZrFYACgkQEsHwGGHe
VUrv1xAAviijUhOhHWUOi60rwA+x49gbpOPCj6vEOIpimb1OxujuDpovMeoPFPLr
OtY7ktmkSoWkmOut2cVMK24GswHPEpFlSDTfqNDiMIIrGOf/K+uV8OSLEzCbvnHg
nr0bK5NumrowtM2ztEXQieDLcWy/mWmzmlWiFaxczsQ/y8dt5j4ZJyvTjtP/QVPg
uCRIiXhbNDPTbR1TFCaB2cEjPBowG4msxvJOeneN68cXxetAFQxg2zFBBPm4yu2v
UwKqwaGNLTn56mVaB3mVFCVdhYOJisAeih9ezU0iQU7Jez0/56ZSnNEUQyJcvzdX
iJUPbOalus3i0zZGMvSMaH3WmtNCmDJOVeGWOIhhLSdlBrL0+A8wUYaBAkjH72fR
b3Nc9p4VIpv3kUvp6u65HyklyeBGHtCSj2tZgTbqQnBGOtmFZEfKFNEvRYkAlIOx
uuuwaRjeQzQ3RhFPVMzzDPLFGb18kyFtSvuU44bvaVmaUxnAm5ej4J9CNB19Qyyz
bBiJizqZsJbcea0K6NwYL//PFOxUsIQlrf0wZIfLX4Zw9NlgLd/qTuWtQ75fjo/N
LWERjfJWtOspGCAzfDT01enraGi5/eueQho2N4bQT1Ngi4b8GAcYjQRu7Fev8bse
fgZbrUv3UduH094iH8KNIZDQfzn+YYPSEO2A+iNrUNraoveLpTg=
=ebJr
-----END PGP SIGNATURE-----
Merge tag 'edac_urgent_for_v6.18_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras
Pull EDAC fixes from Borislav Petkov:
- In Versalnet, handle the reporting of non-standard hw errors whose
information can come in more than one remote processor message.
- Explicitly reenable ECC checking after a warm reset in Altera OCRAM
as those registers are reset to default otherwise
- Fix single-bit error injection in Altera EDAC to not inject errors
directly in ECC RAM and thus lead to false double-bit errors due to
same ECC RAM being in concurrent use
* tag 'edac_urgent_for_v6.18_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
EDAC/altera: Handle OCRAM ECC enable after warm reset
EDAC/versalnet: Handle split messages for non-standard errors
The generation field of topology map is updated after initialized by zero.
The updated value of generation field is always zero, and is against
specification.
This commit fixes the bug.
Fixes: 7d138cb269db ("firewire: core: use spin lock specific to topology map")
Link: https://lore.kernel.org/r/20251114144421.415278-1-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Since commit 78524b05f1a3 ("mm, swap: avoid redundant swap device
pinning"), the common helper for allocating and preparing a folio in the
swap cache layer no longer tries to get a swap device reference
internally, because all callers of __read_swap_cache_async are already
holding a swap entry reference. The repeated swap device pinning isn't
needed on the same swap device.
Caller of VMA readahead is also holding a reference to the target entry's
swap device, but VMA readahead walks the page table, so it might encounter
swap entries from other devices, and call __read_swap_cache_async on
another device without holding a reference to it.
So it is possible to cause a UAF when swapoff of device A raced with
swapin on device B, and VMA readahead tries to read swap entries from
device A. It's not easy to trigger, but in theory, it could cause real
issues.
Make VMA readahead try to get the device reference first if the swap
device is a different one from the target entry.
Link: https://lkml.kernel.org/r/20251111-swap-fix-vma-uaf-v1-1-41c660e58562@tencent.com
Fixes: 78524b05f1a3 ("mm, swap: avoid redundant swap device pinning")
Suggested-by: Huang Ying <ying.huang@linux.alibaba.com>
Signed-off-by: Kairui Song <kasong@tencent.com>
Acked-by: Chris Li <chrisl@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Barry Song <baohua@kernel.org>
Cc: Kemeng Shi <shikemeng@huaweicloud.com>
Cc: Nhat Pham <nphamcs@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Accessing 'reg.write_index' directly triggers a -Waddress-of-packed-member
warning due to potential unaligned pointer access:
perf_test.c:239:38: warning: taking address of packed member 'write_index'
of class or structure 'user_reg' may result in an unaligned pointer value
[-Waddress-of-packed-member]
239 | ASSERT_NE(-1, write(self->data_fd, ®.write_index,
| ^~~~~~~~~~~~~~~
Since write(2) works with any alignment. Casting '®.write_index'
explicitly to 'void *' to suppress this warning.
Link: https://lkml.kernel.org/r/20251106095532.15185-1-ankitkhushwaha.linux@gmail.com
Fixes: 42187bdc3ca4 ("selftests/user_events: Add perf self-test for empty arguments events")
Signed-off-by: Ankit Khushwaha <ankitkhushwaha.linux@gmail.com>
Cc: Beau Belgrave <beaub@linux.microsoft.com>
Cc: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: sunliming <sunliming@kylinos.cn>
Cc: Wei Yang <richard.weiyang@gmail.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
We must check whether KHO is enabled prior to issuing KHO commands,
otherwise KHO internal data structures are not initialized.
Link: https://lkml.kernel.org/r/20251106220635.2608494-1-pasha.tatashin@soleen.com
Fixes: b753522bed0b ("kho: add test for kexec handover")
Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202511061629.e242724-lkp@intel.com
Reviewed-by: Pratyush Yadav <pratyush@kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Cc: Alexander Graf <graf@amazon.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Both uniform and non uniform split check missed the check to prevent
splitting anon folios in swapcache to non-zero order.
Splitting anon folios in swapcache to non-zero order can cause data
corruption since swapcache only support PMD order and order-0 entries.
This can happen when one use split_huge_pages under debugfs to split
anon folios in swapcache.
In-tree callers do not perform such an illegal operation. Only debugfs
interface could trigger it. I will put adding a test case on my TODO
list.
Fix the check.
Link: https://lkml.kernel.org/r/20251105162910.752266-1-ziy@nvidia.com
Fixes: 58729c04cf10 ("mm/huge_memory: add buddy allocator like (non-uniform) folio_split()")
Signed-off-by: Zi Yan <ziy@nvidia.com>
Reported-by: "David Hildenbrand (Red Hat)" <david@kernel.org>
Closes: https://lore.kernel.org/all/dc0ecc2c-4089-484f-917f-920fdca4c898@kernel.org/
Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>
Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: Barry Song <baohua@kernel.org>
Cc: Dev Jain <dev.jain@arm.com>
Cc: Lance Yang <lance.yang@linux.dev>
Cc: Liam Howlett <liam.howlett@oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Nico Pache <npache@redhat.com>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: Wei Yang <richard.weiyang@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Switch to kernel.org email address as I will be leaving Red Hat. The old
address will remain active until end of January 2026, so performing the
change now should make sure that most mails will reach me.
Link: https://lkml.kernel.org/r/20251103103659.379335-1-david@kernel.org
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: David Hildenbrand (Red Hat) <david@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
When crashkernel is configured with a high reservation, shrinking its
value below the low crashkernel reservation causes two issues:
1. Invalid crashkernel resource objects
2. Kernel crash if crashkernel shrinking is done twice
For example, with crashkernel=200M,high, the kernel reserves 200MB of high
memory and some default low memory (say 256MB). The reservation appears
as:
cat /proc/iomem | grep -i crash
af000000-beffffff : Crash kernel
433000000-43f7fffff : Crash kernel
If crashkernel is then shrunk to 50MB (echo 52428800 >
/sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved:
af000000-beffffff : Crash kernel
Instead, it should show 50MB:
af000000-b21fffff : Crash kernel
Further shrinking crashkernel to 40MB causes a kernel crash with the
following trace (x86):
BUG: kernel NULL pointer dereference, address: 0000000000000038
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
<snip...>
Call Trace: <TASK>
? __die_body.cold+0x19/0x27
? page_fault_oops+0x15a/0x2f0
? search_module_extables+0x19/0x60
? search_bpf_extables+0x5f/0x80
? exc_page_fault+0x7e/0x180
? asm_exc_page_fault+0x26/0x30
? __release_resource+0xd/0xb0
release_resource+0x26/0x40
__crash_shrink_memory+0xe5/0x110
crash_shrink_memory+0x12a/0x190
kexec_crash_size_store+0x41/0x80
kernfs_fop_write_iter+0x141/0x1f0
vfs_write+0x294/0x460
ksys_write+0x6d/0xf0
<snip...>
This happens because __crash_shrink_memory()/kernel/crash_core.c
incorrectly updates the crashk_res resource object even when
crashk_low_res should be updated.
Fix this by ensuring the correct crashkernel resource object is updated
when shrinking crashkernel memory.
Link: https://lkml.kernel.org/r/20251101193741.289252-1-sourabhjain@linux.ibm.com
Fixes: 16c6006af4d4 ("kexec: enable kexec_crash_size to support two crash kernel regions")
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Acked-by: Baoquan He <bhe@redhat.com>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
In the past, CONFIG_ARCH_HAS_GIGANTIC_PAGE indicated that we support
runtime allocation of gigantic hugetlb folios. In the meantime it evolved
into a generic way for the architecture to state that it supports gigantic
hugetlb folios.
In commit fae7d834c43c ("mm: add __dump_folio()") we started using
CONFIG_ARCH_HAS_GIGANTIC_PAGE to decide MAX_FOLIO_ORDER: whether we could
have folios larger than what the buddy can handle. In the context of that
commit, we started using MAX_FOLIO_ORDER to detect page corruptions when
dumping tail pages of folios. Before that commit, we assumed that we
cannot have folios larger than the highest buddy order, which was
obviously wrong.
In commit 7b4f21f5e038 ("mm/hugetlb: check for unreasonable folio sizes
when registering hstate"), we used MAX_FOLIO_ORDER to detect
inconsistencies, and in fact, we found some now.
Powerpc allows for configs that can allocate gigantic folio during boot
(not at runtime), that do not set CONFIG_ARCH_HAS_GIGANTIC_PAGE and can
exceed PUD_ORDER.
To fix it, let's make powerpc select CONFIG_ARCH_HAS_GIGANTIC_PAGE with
hugetlb on powerpc, and increase the maximum folio size with hugetlb to 16
GiB on 64bit (possible on arm64 and powerpc) and 1 GiB on 32 bit
(powerpc). Note that on some powerpc configurations, whether we actually
have gigantic pages depends on the setting of CONFIG_ARCH_FORCE_MAX_ORDER,
but there is nothing really problematic about setting it unconditionally:
we just try to keep the value small so we can better detect problems in
__dump_folio() and inconsistencies around the expected largest folio in
the system.
Ideally, we'd have a better way to obtain the maximum hugetlb folio size
and detect ourselves whether we really end up with gigantic folios. Let's
defer bigger changes and fix the warnings first.
While at it, handle gigantic DAX folios more clearly: DAX can only end up
creating gigantic folios with HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD.
Add a new Kconfig option HAVE_GIGANTIC_FOLIOS to make both cases clearer.
In particular, worry about ARCH_HAS_GIGANTIC_PAGE only with HUGETLB_PAGE.
Note: with enabling CONFIG_ARCH_HAS_GIGANTIC_PAGE on powerpc, we will now
also allow for runtime allocations of folios in some more powerpc configs.
I don't think this is a problem, but if it is we could handle it through
__HAVE_ARCH_GIGANTIC_PAGE_RUNTIME_SUPPORTED.
While __dump_page()/__dump_folio was also problematic (not handling
dumping of tail pages of such gigantic folios correctly), it doesn't seem
critical enough to mark it as a fix.
Link: https://lkml.kernel.org/r/20251114214920.2550676-1-david@kernel.org
Fixes: 7b4f21f5e038 ("mm/hugetlb: check for unreasonable folio sizes when registering hstate")
Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Closes: https://lore.kernel.org/r/3e043453-3f27-48ad-b987-cc39f523060a@csgroup.eu/
Reported-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Closes: https://lore.kernel.org/r/94377f5c-d4f0-4c0f-b0f6-5bf1cd7305b1@linux.ibm.com/
Signed-off-by: David Hildenbrand (Red Hat) <david@kernel.org>
Cc: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Cc: Madhavan Srinivasan <maddy@linux.ibm.com>
Cc: Donet Tom <donettom@linux.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
- Fix a bug in the __ptep_rdp() inline assembly which may lead to
missing TLB flushes
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECMNfWEw3SLnmiLkZIg7DeRspbsIFAmkYpckACgkQIg7DeRsp
bsI0mg/+NMbrwwaj5G9nJuBxGuvWjXkQJalYxd/uLZIG5ErzpCitoLyBNgCWx3Ec
wDR2W3tWeTtzRB1aXBN3ZZuYn2ADwe5jR/YMqqR5IT9XBoYsbxgRHnKaS4yD5D1i
4UPdhkrZ8Kuw9+tnAepohYr4K29qCBQ1v3rH1O7RwfQ/ZccxgxS6KRlCrwAc2yx5
d7r18q32fljg0uwaJB3vWjH35b8XG2XGALRRyF5uW4HjGrNje38d8eHRNbQ6aO12
Mrf7Pj5WV68bTMQOP5gV2uQHv9oG8UiAnvGREBQXqAONGnqXKy4xHf+NHI0QT97Y
lco7DyCaTCVjw9J6KZk7uHRwE12kcJPdDuU40csq3XOOL8jU2lC+G31fXf0gnW+N
QKYNRQnN2F8oKwxhccnuGgrMEEengO77jfgfEtoVZM3uK9OeLAGX77M3koNTorgj
BCTZEYlOPN1Ql6xGVJpB0ZyhtPBqd1lVE55SvRwGDFNZGtm/seMMj3ELrt+VNwgG
bICeY8Tv8+5yji+icZPJSh76mvjw7uuksNYQQpqMp5idjtGkigEO4PiP1PZtKc6Y
FZPldwzXue5Y5P0SiOjPRk/qgxeXFEtlYrWXuKybQWOfSWjwiTyJ0fZdPss2nMf7
3lBN1GfPxH54OBkmNPrNkIBbrYxypcY65FVro7r3p4PGj7vPGlA=
=5CBh
-----END PGP SIGNATURE-----
Merge tag 's390-6.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fix from Heiko Carstens:
- Fix a bug in the __ptep_rdp() inline assembly which may lead to
missing TLB flushes
* tag 's390-6.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/mm: Fix __ptep_rdp() inline assembly
- Update the list of AMD microcode minimum Entrysign revisions
- Add additional fixed AMD RDSEED microcode revisions
- Update the language transliteration for Kiryl Shutsemau's
name in the MAINTAINERS entry
Signed-off-by: Ingo Molnar <mingo@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmkYRacRHG1pbmdvQGtl
cm5lbC5vcmcACgkQEnMQ0APhK1iM3BAArKOmHR83umO4nz9/zs0EsuSTeYJubx9C
1lYsFBwe/Yu8qE9ALAkxOiSsah8g5uw+eAjNoyn3XoyEa879w6lBbc/AhbECCLD7
ZELNeuSf54Z8BkSSFXrYop2+Zdi1fKGcUxI1ZBf4qFTdhdsBcST1BgRqi5piUORY
UajSaOKf5UluzW1Yvi75GuNuDiVqWRieu37lNH4JFl21yqKvjPE8N6Vd1T2PtZCD
ZYM2oUsoMZZYxnlSFcA3KRoMaeQ0dUufQ7jXvlB5+WwSAO0dzQScH2a5UVjPatG8
9gT9IQPsUxJZsnUWjsSOeU2Z2ALEVeKFkTTTp7kn18aFAtI4vXDYS77SjxInpkgf
P7goWDVNKR6oLJR7wIVNnfBWwgR9WBtgPXyu4DVIghPx0k47p+fvBcZaeMFoD44E
GD7NjYmq9Qr2GauOAgGY9v7flZO3AyUJOiTyBVEjTphGIKCcWhKwRmak78n/nu2+
j/OLwQdjlCBVMU46Uo/XbziiCQJ2WxyJlu4+nxIhp93sCl81EhMeiyOsRE4LH5Vu
Do+XPCf9ARRa+fEao19UrNjJLg4Lj+gY6OvMx5cvgDXLyZU46OuKSAVXqWbmIAnH
vOOH9OzyLTn1lPXdS6ih7xIbD8PJbXrJK4GZE5EKQEfgECEjOeTnDX1cg5zZqD7V
8XIwafes3Ik=
=r/gL
-----END PGP SIGNATURE-----
Merge tag 'x86-urgent-2025-11-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
- Update the list of AMD microcode minimum Entrysign revisions
- Add additional fixed AMD RDSEED microcode revisions
- Update the language transliteration for Kiryl Shutsemau's name
in the MAINTAINERS entry
* tag 'x86-urgent-2025-11-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
x86/CPU/AMD: Add additional fixed RDSEED microcode revisions
MAINTAINERS: Update name spelling
hasn't caused problems upstream yet because no arch overrides
arch_xfer_to_guest_mode_handle_work() at this moment.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmkYQbERHG1pbmdvQGtl
cm5lbC5vcmcACgkQEnMQ0APhK1jEUQ/8CUp5lWXbahK69XGn4ZPMRvdgxE4qnci+
YTCvoQYsQUheBhDZ08QWujj5DgSErJi+3KD6oRbvYBDStS5u711LdvSOg+Kr6ql7
1ATSegZnEz6M/ntAlcYmcLkQtAKbl3nrODfRfU9ZBDQFHwd+BYgMUzOJ8W73O3tA
AiqXxlOTzykk9pDG/fxH6PMHQlKAf3uOBR8rG+NzLhsEF+WZFXoloQ+HGEgSvrnq
oRPiSdNLeb007vDr+qprnXapmuTziTbcE+BUZ1FD1ze7rFLmH2pFiyuqKTlL1gDH
nfRIIrVG8uLEzTTtu+U5oM/J9a0sHA0QaI8XJa2gOGhb2nOKcv2CfhxJ9HHRqrZv
IfolXsRIdVXmVmPX4ksXg2q1H7fSuqpz4220WhQqe3CKoimOsTQ7t6F7gt7B8pnU
6BKjlAA9aPBpRSQh/WWmkRsQsaaCy9ni3xFwNaUDoPOqbIxlZL1u0dLjTwHYcIvB
+BSyvYx/70qNPgF4ounp7/jWQ/hG+U4JbogXLKWAD9pqUsR9n97S1/Z00gUEl8Ka
oyLrOrq/NlS/ytBc/GgjMk/qq2hdGaQ1ztJc9lQGCfZvLtRGUh0pAhoopanTg56q
zs3/lTADRANLsD+0f9pWY66zOFKt8fF8h0fO8lXVMp3aQ/PVeDwxpcYwbN7vh4Q8
23Vfh+aOsTA=
=7by8
-----END PGP SIGNATURE-----
Merge tag 'core-urgent-2025-11-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core fix from Ingo Molnar:
"Fix a broken #ifndef in the <linux/entry-virt.h> header.
It hasn't caused problems upstream yet because no arch overrides
arch_xfer_to_guest_mode_handle_work() at this moment"
* tag 'core-urgent-2025-11-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
entry: Fix ifndef around arch_xfer_to_guest_mode_handle_work() stub
-----BEGIN PGP SIGNATURE-----
iQJIBAABCgAyFiEEgMe7l+5h9hnxdsnuWYigwDrT+vwFAmkXokcUHGJoZWxnYWFz
QGdvb2dsZS5jb20ACgkQWYigwDrT+vyejw/8CN4kM8PROTw3p6QBJQF6am5uPCA4
nQans+groD/XJXJd7T4aqwuvLXvIrrEd3K+PegBLiGgk3Wgw9fq5pEWDafUH8IAv
LG5g462aHyrHPMV8XI6lIrDLD7PCltmpoIu22Xkri4l4gkca7Ros/4Q5gU+AgtCz
LtsO9UmcK0PaR95NCdYFf2VZ1PsdZu/ezTb90S1xT5gty9uwpxCmHje5gg07MXXO
12i/SNczU9gFYo8P6XMeD7q0Ixwt7JLC+xa1iBlBEODvcPkyf8Al2dIkxWlnrwGn
kxi4K/PKM4f7ZhtyTHh/G8EiFYh/QwbHGvnCBj5XQAKOLWkjZCn8l5MxqGAKKvnz
Dem3/MFwJQ79+y/vrseg5beBiLPahd5fsAITOFIxmQZsEjvL+B8fhU52QBkLVFUw
iJg7PJXHJ9Jy/NRGT/rinu9mi2K+z1baZHZm11QK5khTTbYAs+qsvwWck9Jcr004
OEsQGngomUv09WjHv0/26dJzVI5wpnn+C+DFAximlIMZnTaQguN/WNplYYyXBRzB
T09qK1ZzpJM6QEU5i2ZForGpFtKSbGHwJrC6DYjLiVV3P4EzpHWSmTy2dqM7GUNa
Wrvaxy3j/MT2kudfyIs10Qwu1EJ+rHYb/QfS3pqlggSDic9WFg9P4uUlFR1YUKPb
h+Peip6NV/tQNHI=
=2eqF
-----END PGP SIGNATURE-----
Merge tag 'pci-v6.18-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
Pull pci fixes from Bjorn Helgaas:
- Cache the ASPM L0s/L1 Supported bits early so quirks can override
them if necessary (Bjorn Helgaas)
- Add quirks for PA Semi and Freescale Root Ports and a HiSilicon Wi-Fi
device that are reported to have broken L0s and L1 (Shawn Lin, Bjorn
Helgaas)
* tag 'pci-v6.18-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
PCI/ASPM: Avoid L0s and L1 on Hi1105 [19e5:1105] Wi-Fi
PCI/ASPM: Avoid L0s and L1 on PA Semi [1959:a002] Root Ports
PCI/ASPM: Avoid L0s and L1 on Freescale [1957:0451] Root Ports
PCI/ASPM: Convert quirks to override advertised link states
PCI/ASPM: Add pcie_aspm_remove_cap() to override advertised link states
PCI/ASPM: Cache L0s/L1 Supported so advertised link states can be overridden
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+soXsSLHKoYyzcli6rmadz2vbToFAmkXpZUACgkQ6rmadz2v
bTrGCw//UCx+KBXbzvv7m0A1QGOUL3oHL/Qd+OJA3RW3B+saVbYYzn9jjl0SRgFP
X0q/DwbDOjFtOSORV9oFgJkrucn7+BM/yxPaC4sE1SQZJAjDFA/CSaF0r8duuGsM
Mvat9TTiwwetOMAkNB9WZ1e6AKGovBLguLFGAWZc6vLeQZopcER5+pFwS44a9RrK
dq0Th8O/oY3VmUDgSKJ2KyY51KxpJU7k2ipifiIbu1M1MWZ7s2vERkMEkzJ/lB8/
nldMsTZUdknGFzVH/W6Rc9ScFYlH+h/x1gkOHwTibMsqDBm92mWVo6O7hvuUbsEO
NlPDgMtkhBp7PDSx9SA0UBcriMs1M6ovNBOpj/cI4AL1k8WNubf/FHZtrBwoy8C9
3HaM+8lkA2uiHVPUvT5dImzWqshweN0GXoXAoa9xPSQPchJ38UdzCHqYRAg/kWFZ
5jUK2j4e5+yyII44pD7Xti0PrfoP81giliqmTbGFV8+Y89dQnk+WK12vnbv34ER7
unLwId8HLtq0ZN7FVG4F6s/4qNdEMKqXbAkve0WWFXn4vKZMCju4ol6NYVGisRAg
zcn7Yk+weSuY3UOzC+/4SxhfTEAD0Kg6fUoG/1JdflgNsm8XhLBja0DZaAlIVO0p
xz5UaljwcNvjAKGGMYbCGrf3XN2tOmGpVyJkMj17Vcq88y3bJBU=
=JJui
-----END PGP SIGNATURE-----
Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Pull bpf fixes from Alexei Starovoitov:
- Fix interaction between livepatch and BPF fexit programs (Song Liu)
With Steven and Masami acks.
- Fix stack ORC unwind from BPF kprobe_multi (Jiri Olsa)
With Steven and Masami acks.
- Fix out of bounds access in widen_imprecise_scalars() in the verifier
(Eduard Zingerman)
- Fix conflicts between MPTCP and BPF sockmap (Jiayuan Chen)
- Fix net_sched storage collision with BPF data_meta/data_end (Eric
Dumazet)
- Add _impl suffix to BPF kfuncs with implicit args to avoid breaking
them in bpf-next when KF_IMPLICIT_ARGS is added (Mykyta Yatsenko)
* tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
selftests/bpf: Test widen_imprecise_scalars() with different stack depth
bpf: account for current allocated stack depth in widen_imprecise_scalars()
bpf: Add bpf_prog_run_data_pointers()
selftests/bpf: Add mptcp test with sockmap
mptcp: Fix proto fallback detection with BPF
mptcp: Disallow MPTCP subflows from sockmap
selftests/bpf: Add stacktrace ips test for raw_tp
selftests/bpf: Add stacktrace ips test for kprobe_multi/kretprobe_multi
x86/fgraph,bpf: Fix stack ORC unwind from kprobe_multi return probe
Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
bpf: add _impl suffix for bpf_stream_vprintk() kfunc
bpf:add _impl suffix for bpf_task_work_schedule* kfuncs
selftests/bpf: Add tests for livepatch + bpf trampoline
ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
ftrace: Fix BPF fexit with livepatch
Toolchain and infrastructure:
- Fix a Rust 1.91.0 build issue due to 'bindings.o' not containing
DWARF debug information anymore by teaching gendwarfksyms to skip
object files without exports.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAmkXorAACgkQGXyLc2ht
IW3fIw/+IKI2iM5bbyQ9WbS3GDtUzSBxu/4OXL25UarD/vEA3xAo2XeHlpBnwhZ6
wK439HSqtKNF3iMMVUZO0A81YnBVPCUE6y3QKvRWbNj4X0s+fb8/TNnSKIsjSIiV
j3Wf2d/ssXfPGknKhzHIMWY2YxhS+QjX31oPbnDPeXw0tomL9wb8xl/xeWlARKYQ
R3YhE9FLBtaVNVGEKwL4QY4GpubZ098sQo5wkL9MuqcB79A34X5hXoNj9A2vAWhx
iLHCwIcmcyNNcFzfwy9L9xScal63E+FPENIx5gtVaxV5NsUuis/7CRcDAl8WPXVz
G60fC1c42stho/Tv/Ymt55vqYjdbgyCyQg68vQIvcMofyU5zQocm1+5re9JaVj7G
r/QJ6eL9sRON7ym//FZirk352ttwad2T4yhUmG933iVAjDoZAvBBw4ocX2LpdHxq
1b7PzDCpTl+eFbUc2vTfx33OsnE7gj5vJeSvMmcrlxFbEd1GLb9PEBcBdF6OR77L
+H6aWbkJ53dsji8veL/9UkhNJAGLEJyfNnaOtjgWA2XthyHAz2U6GSR176KY4fFK
pEsImpLyTJKd5mlwYaZwhDEVa+kdz8RCNxY1k8BDSFRk8gvDNlAioCqcddRdqoOt
0BTTlYEMzHz78FeGth33w+eYCT8tp1fHiovWReD3TJcgVuJjpE8=
=FPGX
-----END PGP SIGNATURE-----
Merge tag 'rust-fixes-6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux
Pull Rust fix from Miguel Ojeda:
- Fix a Rust 1.91.0 build issue due to 'bindings.o' not containing
DWARF debug information anymore by teaching gendwarfksyms to skip
object files without exports
* tag 'rust-fixes-6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux:
gendwarfksyms: Skip files with no exports
Bugfixes:
* Various fixes when using NFS with TLS
* Localio direct-IO fixes
* Fix error handling in nfs_atomic_open_v23()
* Fix sysfs memory leak when nfs_client kobject add fails
* Fix an incorrect parameter when calling nfs4_call_sync()
* Fix a failing LTP test when using delegated timestamps
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEnZ5MQTpR7cLU7KEp18tUv7ClQOsFAmkXmqIACgkQ18tUv7Cl
QOsdlg/8CgomAZvepcW9e5H/bXi0x3Q4gUTcXWV49/oqwfnpVJ1C0Xanx1zdtY6P
QhchYwHv1r989IEJWaeO4U/ppCei8LoOSq2dkb1TzWohZuUbIg44KnpPtcbkXTgy
cDcGZu3PNLtvwodljDOtaF4ZVLaWl0MwTYnp0I4xQJc12InHUQ9TPPCSOBb262nN
BeFPRguhQXZl1jUOv/F0SE/bEcoAnNX8MnbXMaIN3aHy2d9Vq5m4IpJCgyeXQwle
KvEE6hAmJGm3rG+wpkz7x56KOn7k/K/Py772T7qzEADLcr4Qmusi1++ffnxikVIc
F9EElTw5pgAvdTuKr+sVw+gktaYWu0LeTFbcIK9dwC5N+uksb7l/TcP9cmhA6lxE
7KVVmYZGzPV8rwDIztoO8qPSePQTaJB8P3mQmZ8XVd1bz75BQ1zi4SSz578kl84E
YMHVLHBHiR/chA1z1YSrh8fV8inOiijwrjXU3Oa/blaRhhaH1AvEFboMbn7FyW17
GjmtL2rfC+hg+kWuvflJiK/zlVJOSNyZBNoD3iQaHq/D4vwXqVETETZnT8002kwL
sWVFmHdv1Y0fF3K/VsB8QFVhW46K6urJlKU694bWVzo9aK2pX7oj+ElcyXqyFv/p
Hq1sxe4KPlsVPoG/ClVvtH2a56vNRTOO0LySUN/ZAfUruLQeVv8=
=7pf4
-----END PGP SIGNATURE-----
Merge tag 'nfs-for-6.18-3' of git://git.linux-nfs.org/projects/anna/linux-nfs
Pull NFS client fixes from Anna Schumaker:
- Various fixes when using NFS with TLS
- Localio direct-IO fixes
- Fix error handling in nfs_atomic_open_v23()
- Fix sysfs memory leak when nfs_client kobject add fails
- Fix an incorrect parameter when calling nfs4_call_sync()
- Fix a failing LTP test when using delegated timestamps
* tag 'nfs-for-6.18-3' of git://git.linux-nfs.org/projects/anna/linux-nfs:
NFS: Fix LTP test failures when timestamps are delegated
NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
NFS: sysfs: fix leak when nfs_client kobject add fails
NFSv2/v3: Fix error handling in nfs_atomic_open_v23()
nfs/localio: do not issue misaligned DIO out-of-order
nfs/localio: Ensure DIO WRITE's IO on stable storage upon completion
nfs/localio: backfill missing partial read support for misaligned DIO
nfs/localio: add refcounting for each iocb IO associated with NFS pgio header
nfs/localio: remove unecessary ENOTBLK handling in DIO WRITE support
NFS: Check the TLS certificate fields in nfs_match_client()
pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect()
client:
- Fix description of module parameter
panthor:
- Flush writes before mapping buffers
vmwgfx:
- Improve command validation
- Improve ref counting
- Fix cursor-plane support
amdgpu:
- Disallow P2P DMA for GC 12 DCC surfaces
- ctx error handling fix
- UserQ fixes
- VRR fix
- ISP fix
- JPEG 5.0.1 fix
amdkfd:
- Save area check fix
- Fix GPU mappings for APU after prefetch
i915:
- Fix PSR's pipe to vblank conversion
- Disable Panel Replay on MST links
xe:
- New HW workarounds affecting PTL and WCL platforms
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmkXkdEACgkQDHTzWXnE
hr5npQ//exMOLUD1T7V4e8uGn5SZKrJGh2Q/6rfC3Kf8+rjlNVXtAh6fxGZlOyOz
qA4Z4d6Cvy6t96PyVohjQMW5WVl6AtCyPljaXf+EDx1jihtGY2dGI6ccMrkitEX4
GuEO2EtiI9VA6vtr7/GWwUcQiUJrGmFYVhGhy8JzRGnZZMsJjCn2KFJ7jB6NN/BR
PfIj2f23KfWW4wCNrt8uZ6s6SLcXvGUVxD7SZb12Ze3zg2OL3iZsypRKsFwstF0o
dZBsCdea0LkmDCVpSWxIvltBP4vfoPhRlm9LC/Vy2iJoa2ALQ7w+xWO0CPpgOvgY
guj765FHUsKWBv0lyaFj86NrXOTrY1CRQ9toNaIp7vKgH5zmOaS8O8+Ganr34yGc
A75qn1+jBNC4YUV/99KW9mola7wraGDYi96MBSWtHg7fZTDraclca+WUUHK+gI6s
Vu4uUD1rWOkDO6gzJOXxrMwVy/+/S/qUS9CCojg/u1YYw2xg1lVP8yVyq8/oPXR1
t5qgJZweCXJ5Ev4dygVEl4VOZUQnbe+5QDO3euRFM1r19vhlb2jwcE0WW2BQjRK0
Hl3P5Lk9IVmdEd7ew+xgCqgwPkccP5lYzM/ygRw4oNO+u/TcIzEcsYucsYLc7WRU
bwlvwdxPJFghW634cbQTlnC2BfrzeP5VrOKWsu9dfmlkYniBc4o=
=VOqX
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2025-11-15' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Weekly fixes, amdgpu and vmwgfx making up the most of it, along with
panthor and i915/xe.
Seems about right for this time of development, nothing major
outstanding.
client:
- Fix description of module parameter
panthor:
- Flush writes before mapping buffers
vmwgfx:
- Improve command validation
- Improve ref counting
- Fix cursor-plane support
amdgpu:
- Disallow P2P DMA for GC 12 DCC surfaces
- ctx error handling fix
- UserQ fixes
- VRR fix
- ISP fix
- JPEG 5.0.1 fix
amdkfd:
- Save area check fix
- Fix GPU mappings for APU after prefetch
i915:
- Fix PSR's pipe to vblank conversion
- Disable Panel Replay on MST links
xe:
- New HW workarounds affecting PTL and WCL platforms
* tag 'drm-fixes-2025-11-15' of https://gitlab.freedesktop.org/drm/kernel:
drm/client: fix MODULE_PARM_DESC string for "active"
drm/i915/dp_mst: Disable Panel Replay
drm/amdkfd: Fix GPU mappings for APU after prefetch
drm/amdkfd: relax checks for over allocation of save area
drm/amdgpu/jpeg: Add parse_cs for JPEG5_0_1
drm/amd/amdgpu: Ensure isp_kernel_buffer_alloc() creates a new BO
drm/amd/display: Allow VRR params change if unsynced with the stream
drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process
drm/amdgpu: jump to the correct label on failure
drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces
drm/xe/xe3lpg: Extend Wa_15016589081 for xe3lpg
drm/xe/xe3: Extend wa_14023061436
drm/xe/xe3: Add WA_14024681466 for Xe3_LPG
drm/i915/psr: fix pipe to vblank conversion
drm/panthor: Flush shmem writes before mapping buffers CPU-uncached
drm/vmwgfx: Restore Guest-Backed only cursor plane support
drm/vmwgfx: Use kref in vmw_bo_dirty
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
A few standard fixes here, plus one more interesting one from Hans which
addresses an issue where a move in when we requested GPIOs on ACPI
systems caused us to stop doing pinmuxing and leave things floating that
we'd really rather not have floating.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmkXP5oACgkQJNaLcl1U
h9AaBwf8DS6cv1xTWZw9YNXWgqr09UcK8ISniIIaS8h8+AZ+uWX0NFpRjMegIyUq
TQTGkSqlIF+qSslkso+lWcYRblrUmQuLzDPOCHbDqpa2Dckio8fvVbyN9dV7sk4m
4pqteHdPF8HIbys0aZvB4gPl4n8SR77Q2t9zrx7Ey6ZMOQn+AxwkxDeF6ZwMkA6W
FBZ1uY2O063IMVv4Bx79jEIlGMrWxWzQVEK8MvK10ZBp5ds8DzyflHmYEUIGr5t2
/fxqSHT8RNLnOeffI9Lch0XN3VIJ7b7Yo8hOzFzc4rdMjmtB2AtdWx6hFr2Yb99F
1rtq495LIBaGojcyfJoqVpCb+lK3KA==
=nO9q
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v6.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A few standard fixes here, plus one more interesting one from Hans
which addresses an issue where a move in when we requested GPIOs on
ACPI systems caused us to stop doing pinmuxing and leave things
floating that we'd really rather not have floating"
* tag 'spi-fix-v6.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: Add TODO comment about ACPI GPIO setup
spi: xilinx: increase number of retries before declaring stall
spi: imx: keep dma request disabled before dma transfer setup
spi: Try to get ACPI GPIO IRQ earlier
One simple fix for a GPIO descriptor leak in the probe error handling
for the fixed regulator.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmkXPkEACgkQJNaLcl1U
h9BXIQf/Ukhvnq+eZSkfaKByc/K6Xjm/zCnFeSg+eAuvEKMSG7AardtIFPYiaudD
Ck6HLstOZ1T+3u75sfFTohSJlkokV9KojcvtbGpDrYM/937ZhPCtf8kcieZw03QQ
upMRSJySetkkrOOrJhXoE5rvL7b2dLultQMR3haJ6sshE41UU0+EcfCB6+Z6oPfc
d8Yf45J2TngMb5GD8DNxbdGX8TznRyMFMyUo6lVX3r1z+dEUTbQFOdYTQaZp9job
XUQwt24MsG3w69MQnfe0Dr+Qa7TtZx8Cnyz0i0xcSfyHOmgwUiz/NJz6BUi0chpH
J4O37MpvWSoDz6YFEe+BH7oaQkwRfg==
=gy41
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v6.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fix from Mark Brown:
"One simple fix for a GPIO descriptor leak in the probe error handling
for the fixed regulator"
* tag 'regulator-fix-v6.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: fixed: fix GPIO descriptor leak on register failure
A collection of small fixes. All changes are device-specific, and
nothing stands out.
- A regression fix for HD-audio HDMI probe
- USB-audio hardening patches for issues spotted by fuzzers
- ASoC fixes for TAS278x, SoundWire and Cirrus
- Usual HD-audio and USB-audio quirks
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmkXPLcOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+9jw//e/vre+F6Pv8HcL7QjXp+9d5/sNvDG04sHONy
jIewcedg1AkFHVynLMKJqwjgdo6/lEJ/sJRh/40uYvm1NoYhu86M6zFQZg4YABIe
bFEpRsCv1nS4UwxsgGggAemlJHKsg4xvhmw533eSatDXuo7Evwl9PG31VNJBweXV
CJiIgqKa4lJHCRNcffzHOEj3YzACwNn0GfRHHzGgwyfO7bStMT3hgptzeEfT8vhe
op/tG3V5bICRE6gBTK1A4p0RCwHwRYXsLCQITgzPcbJgBYaS7+KoCQJlnIwRqQfN
F5qij0QuNzR+tR9SvNBZo2c+PYdFTroIoesXXpz2EJb5LdijOOUlj+QyXJz41nON
FzUfrtQKoWfBk+7CgUT0gmDjp9ZthwJSjCUxPenuhamXl5/Ug3wTJMuhhxts1zBg
dY6E92p9fvk8TgATiKp01LSTcemwcTSMol+288eh5/8DbUHdn0OgFp6lxIO05M3E
yq3IBsc+cimii2iHUd1XeHJZQbBq4RE+rCgU2qUce0bZctPw/NVLzPJefrVxjDzS
MnPkJtktQIZBhRmuOwMn6E2ZezprGR63X/nfe2sOA4f6+POB3NPCDdKjNkT9AoSj
Fg1qjUSGfM9R6YI3+6vN4Brx8USW5C0FmQZ81VjAkkWfZpGFI59loMi9jHWH3o04
zZpuGUo=
=Mj01
-----END PGP SIGNATURE-----
Merge tag 'sound-6.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes. All changes are device-specific, and
nothing stands out.
- A regression fix for HD-audio HDMI probe
- USB-audio hardening patches for issues spotted by fuzzers
- ASoC fixes for TAS278x, SoundWire and Cirrus
- Usual HD-audio and USB-audio quirks"
* tag 'sound-6.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series
ASoC: rsnd: fix OF node reference leak in rsnd_ssiu_probe()
ALSA: hda/tas2781: Correct the wrong project ID
ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list
ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
ALSA: hda/tas2781: Add new quirk for HP new projects
ASoC: tas2781: fix getting the wrong device number
ASoC: codecs: va-macro: fix resource leak in probe error path
ASoC: tas2783A: Fix issues in firmware parsing
ASoC: sdw_utils: fix device reference leak in is_sdca_endpoint_present()
ASoC: cs4271: Fix regulator leak on probe failure
ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver
ASoC: da7213: Use component driver suspend/resume
ALSA: usb-audio: add min_mute quirk for SteelSeries Arctis
ASoC: doc: cs35l56: Update firmware filename description for B0 silicon
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmkXIOsQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpsIqEADcP2pYgNZO2N2PcaeCng6JIb0MS306fG+G
d+NiBXFzW4jJ95o681aaXDdnf5iJhZXsENV5E9Dze6iYilzgCbypD48cSH0k3V89
O97DDmvfzv09fcsiCd5bqLOQIcYwbaWHOrIlvK4cypYNlTVP4aO7ZpkbkgT7BLa3
YZGLsPP7JEdA1qqEOm1MoC1ghDXBx5ztkJsY6eYUpisc5zQY8H+68ELdQB+EP9KY
MESvRsRby+Z2fwtg964Bz4VWBbqHH8tn3PhkO46DRuL6DAa6CO1gLHrNSFliQPU6
ib9SGA982uy9fcV8l2hQcFM20LmwVYPPfR2XEWpPtYWy7AH7Mg635RHTXp0RZfGq
5xmd/EBrZwWJIiqSrT2pAKnZMnsQzI/cWzfz0nhLGZeSpR68AS04HcQJ/utS/X0n
VCVyBeRWEo4kB4pM41VCA6qispLBp2mIBeqNJow8+ydmIaysBEHsaFWlSrCRrixW
GL0y05v3l/51vNgPmT839htW7sFfRqIO/Fp0arC/MKClAMhmy/dlRWaRG6T+Dz87
KA98nDvVig7LVbMpN4WaBu1zUQRY/VZpzuAFxfn7mo6TKKaEnEg3/mgH453tuOEB
OYrZS8Fw+3MQ0OPzlJM0MRsNu+jpd0CsztfYBiFy/cSVy50uDSO7gZsbXWL9zEBk
W5KvXNiawQ==
=sIJv
-----END PGP SIGNATURE-----
Merge tag 'block-6.18-20251114' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull block fixlet from Jens Axboe:
"Been sitting on this one for a week or two, planning on sending it out
when there were other block changes for 6.18. But as that hasn't
materialized in the second week of sitting on it, let's flush it out.
A previous commit updated my git tree locations, but one was missed as
it was already set to the git.kernel.org one. But the git location swap
also renamed the actual tree from linux-block to just linux, let's get
that last one updated too"
* tag 'block-6.18-20251114' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
MAINTAINERS: correct git location for block layer tree
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmkWeqcQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgplM6D/4jSqj7PedcnEDHNKHJR/0v5wSQWMugD0hg
Xn1EFnmPJMLBacZrkobL3v6aCvA4WYQManc1VPdC94b9ofdbjDMVtcIDoljBXuAD
A94kk4TiIsHzKn8Un5bprC20Xc/v1pQ3uFERtK7mnonGb6n+/RITIQuWqn/Fey3N
58K7njnInQXDS2U6rx4QTdyuyrg6EHHIoNh1GmKdQgSY1kcJnQz4C+Yrh3qIBlTV
AEWkoIwSp15hXvmn8J4nvbbFEZypg0qTaBREdc7KXt8kPMNCLqQ1Z4FOXYDt0qo1
zm88Z/08mwXbxFLtfse8JJ7XHPgy1+G0rXmdwv4F6CEtCyklnChLynrTpqUK5FCH
pvuzOfA3tPcyg6dgc7X2z40u3g+vISydjprs9m5eL6hgovDhH+EfDGzpWxUzuuNe
AXNXb3N9ZrxZePGfAweW2BxZ+D2OwYdQjKWSrL+438Tb3Q8QiiYCwM7eLyl0kXKH
QpjJJsbIEJgLXYRVHE5tu0XdMdYsZYZYUv0wVACQ0hw+EtgaNi2yjySBvRJUJPzZ
sL6Lnu5UzbEqSf1y8YGcdCCvOgHc6CHFAdKMgz0CXUcRC+ftmGz4iEXhGJJdMemQ
6WRLvsRykF1FO93dpfaIjWv9k/d40cGt5LrjiINfb36NDlqBth+EY+HbSJHBDI54
p2wDeoP3Kw==
=sd1e
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.18-20251113' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull io_uring fixes from Jens Axboe:
- Use the actual segments in a request when for bvec based buffers
- Fix an odd case where the iovec might get leaked for a read/write
request, if it was newly allocated, overflowed the alloc cache, and
hit an early error
- Minor tweak to the query API added in this release, returning the
number of available entries
* tag 'io_uring-6.18-20251113' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
io_uring/rsrc: don't use blk_rq_nr_phys_segments() as number of bvecs
io_uring/query: return number of available queries
io_uring/rw: ensure allocated iovec gets cleared for early failure
A test case for a situation when widen_imprecise_scalars() is called
with old->allocated_stack > cur->allocated_stack. Test structure:
def widening_stack_size_bug():
r1 = 0
for r6 in 0..1:
iterator_with_diff_stack_depth(r1)
r1 = 42
def iterator_with_diff_stack_depth(r1):
if r1 != 42:
use 128 bytes of stack
iterator based loop
iterator_with_diff_stack_depth() is verified with r1 == 0 first and
r1 == 42 next. Causing stack usage of 128 bytes on a first visit and 8
bytes on a second. Such arrangement triggered a KASAN error in
widen_imprecise_scalars().
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20251114025730.772723-2-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
The usage pattern for widen_imprecise_scalars() looks as follows:
prev_st = find_prev_entry(env, ...);
queued_st = push_stack(...);
widen_imprecise_scalars(env, prev_st, queued_st);
Where prev_st is an ancestor of the queued_st in the explored states
tree. This ancestor is not guaranteed to have same allocated stack
depth as queued_st. E.g. in the following case:
def main():
for i in 1..2:
foo(i) // same callsite, differnt param
def foo(i):
if i == 1:
use 128 bytes of stack
iterator based loop
Here, for a second 'foo' call prev_st->allocated_stack is 128,
while queued_st->allocated_stack is much smaller.
widen_imprecise_scalars() needs to take this into account and avoid
accessing bpf_verifier_state->frame[*]->stack out of bounds.
Fixes: 2793a8b015f7 ("bpf: exact states comparison for iterator convergence checks")
Reported-by: Emil Tsalapatis <emil@etsalapatis.com>
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20251114025730.772723-1-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
syzbot found that cls_bpf_classify() is able to change
tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop().
WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 __sk_skb_reason_drop net/core/skbuff.c:1189 [inline]
WARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 sk_skb_reason_drop+0x76/0x170 net/core/skbuff.c:1214
struct tc_skb_cb has been added in commit ec624fe740b4 ("net/sched:
Extend qdisc control block with tc control block"), which added a wrong
interaction with db58ba459202 ("bpf: wire in data and data_end for
cls_act_bpf").
drop_reason was added later.
Add bpf_prog_run_data_pointers() helper to save/restore the net_sched
storage colliding with BPF data_meta/data_end.
Fixes: ec624fe740b4 ("net/sched: Extend qdisc control block with tc control block")
Reported-by: syzbot <syzkaller@googlegroups.com>
Closes: https://lore.kernel.org/netdev/6913437c.a70a0220.22f260.013b.GAE@google.com/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://patch.msgid.link/20251112125516.1563021-1-edumazet@google.com
When posix timer creation is set to allocate a given timer ID and the
access to the user space value faults, the function terminates without
freeing the already allocated posix timer structure.
Move the allocation after the user space access to cure that.
[ tglx: Massaged change log ]
Fixes: ec2d0c04624b3 ("posix-timers: Provide a mechanism to allocate a given timer ID")
Reported-by: syzbot+9c47ad18f978d4394986@syzkaller.appspotmail.com
Suggested-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Eslam Khafagy <eslam.medhat1993@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Link: https://patch.msgid.link/20251114122739.994326-1-eslam.medhat1993@gmail.com
Closes: https://lore.kernel.org/all/69155df4.a70a0220.3124cb.0017.GAE@google.com/T/
The irq_domain_free_irqs() helper requires that the irq_domain_ops->free
callback is implemented. Otherwise, the kernel reports the warning message
"NULL pointer, cannot free irq" when irq_dispose_mapping() is invoked to
release the per-HART local interrupts.
Set irq_domain_ops->free to irq_domain_free_irqs_top() to cure that.
Fixes: 832f15f42646 ("RISC-V: Treat IPIs as normal Linux IRQs")
Signed-off-by: Nick Hu <nick.hu@sifive.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://patch.msgid.link/20251114-rv-intc-fix-v1-1-a3edd1c1a868@sifive.com
When a zero ASCE is passed to the __ptep_rdp() inline assembly, the
generated instruction should have the R3 field of the instruction set to
zero. However the inline assembly is written incorrectly: for such cases a
zero is loaded into a register allocated by the compiler and this register
is then used by the instruction.
This means that selected TLB entries may not be flushed since the specified
ASCE does not match the one which was used when the selected TLB entries
were created.
Fix this by removing the asce and opt parameters of __ptep_rdp(), since
all callers always pass zero, and use a hard-coded register zero for
the R3 field.
Fixes: 0807b856521f ("s390/mm: add support for RDP (Reset DAT-Protection)")
Cc: stable@vger.kernel.org
Reviewed-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
The PureAudio APA DAC and Lotus DAC5 series are USB Audio
2.0 Class devices that support native Direct Stream Digital (DSD)
playback via specific vendor protocols.
Without these quirks, the devices may only function in standard
PCM mode, or fail to correctly report their DSD format capabilities
to the ALSA framework, preventing native DSD playback under Linux.
This commit adds new quirk entries for the mentioned DAC models
based on their respective Vendor/Product IDs (VID:PID), for example:
0x16d0:0x0ab1 (APA DAC), 0x16d0:0xeca1 (DAC5 series), etc.
The quirk ensures correct DSD format handling by setting the required
SNDRV_PCM_FMTBIT_DSD_U32_BE format bit and defining the DSD-specific
Audio Class 2.0 (AC2.0) endpoint configurations. This allows the ALSA
DSD API to correctly address the device for high-bitrate DSD streams,
bypassing the need for DoP (DSD over PCM).
Test on APA DAC and Lotus DAC5 SE under Arch Linux.
Tested-by: Lushih Hsieh <bruce@mail.kh.edu.tw>
Signed-off-by: Lushih Hsieh <bruce@mail.kh.edu.tw>
Link: https://patch.msgid.link/20251114052053.54989-1-bruce@mail.kh.edu.tw
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Add the minimum Entrysign revision for that model+stepping to the list
of minimum revisions.
Fixes: 50cef76d5cb0 ("x86/microcode/AMD: Load only SHA256-checksummed patches")
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/e94dd76b-4911-482f-8500-5c848a3df026@citrix.com
A small collection of fixes, all driver specific and none especially
remarkable unless you have the hardware (many not even then).
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmkWOIUACgkQJNaLcl1U
h9D44Af9FaCTkAF1pCMuw36hVgMtzGRV7E1rQ6o7qFbt3GEhULSXdjg8i/lLZA2t
NHOgYpm0CS9F6/IordghPsXuC4OZGB6BILTWLdgA9beeMYaQJu5WuthXeIKunvio
vWd4hOcdzhxA+ikjkxLAX/lkHC+ca2GQOV/X6Ivd3J6OcY0kSZCq/2zlqEAF/nZo
W0WUc7ym3K5IPA634/5syidfb+Ai+o78O/9vZvWnTfJDgVOo/QzttVXsLigf1k6t
vUH9gPf94h7wo6UxZy1MIkV/IGeE7E/raClJM7oobU3C2+MqfDMzz77T3UfnVhFJ
x4kkTfmWYApaBXj4Wr/XewA1oEgIIQ==
=WFOO
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v6.18-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.18
A small collection of fixes, all driver specific and none especially
remarkable unless you have the hardware (many not even then).
- Fix vfio selftests to remove the expectation that the IOMMU
supports a 64-bit IOVA space. These manifest both in the original
set of tests introduced this development cycle in identity mapping
the IOVA to buffer virtual address space, as well as the more
recent boundary testing. Implement facilities for collecting the
valid IOVA ranges from the backend, implement a simple IOVA
allocator, and use the information for determining extents.
(Alex Mastro)
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmkWXwYRHGFsZXhAc2hh
emJvdC5vcmcACgkQI5ubbjuwiyK96w//ep97M1B5RSA4/AIP4j+fovnlM2RVUrPy
RKxVYK+rzftO4Hq8sg1Co3aB68hItbYiw/0BDUgQBFFCEoInQ9zht89tsHhuXq55
lYq9hyYMnp60FLzpX8Fi2HKf8SKTdD+6P1hX5UWZfYExc/tCD/9FPE2QsfUTbnh/
u2aguEp0RhgC8xCcR/5EsGFzcBgioDcTBQq5UQ/5By51nUNvdmHKRHKRC7ZmQfiK
bwFpYseWHRdzdBH2KggNaDZUh0q7Y9+cwL2UndQV5IfwGhGWODztOsVhhoxAAu0n
c6gXYDg34i5i1epPrr8Yvv8trDzMFCRYJi4g8BsLPOBXe8Lr2bWj/4wA1ftdW6Ha
0ii4Gx1UO1vz0KZQBajMHv5pO06lJZshzEQgHr3sYgjaRg8AVTV6hI3IVaty2JWk
DPKPNSGKhjkWvWnx73KFiiepz5zXEL7r7ooFBimtBwFr/5bDB8hfPjpXMh+mhiZu
QW6DV+Mrqg1G1KDCwdHSvbBwH8IvfX/tQbs9eKvGt+6ICpH1GJ1cUr58vjcc6ESi
sJzKI0ceTjGZAhHJogO4xAzhI8H6kwtDHB1ZC9QLHIwbkXFN1m64VjOwwXuHk0HT
559gjqjH0yKNSABwRMV1nKzn9EFnivQn1tAoGkUGSFE9ZI/VfCNNlspPziZEz0z9
u14SILGMqWU=
=ywvT
-----END PGP SIGNATURE-----
Merge tag 'vfio-v6.18-rc6' of https://github.com/awilliam/linux-vfio
Pull VFIO seftest fixes from Alex Williamson:
- Fix vfio selftests to remove the expectation that the IOMMU supports
a 64-bit IOVA space.
These manifest both in the original set of tests introduced this
development cycle in identity mapping the IOVA to buffer virtual
address space, as well as the more recent boundary testing.
Implement facilities for collecting the valid IOVA ranges from the
backend, implement a simple IOVA allocator, and use the information
for determining extents (Alex Mastro)
* tag 'vfio-v6.18-rc6' of https://github.com/awilliam/linux-vfio:
vfio: selftests: replace iova=vaddr with allocated iovas
vfio: selftests: add iova allocator
vfio: selftests: fix map limit tests to use last available iova
vfio: selftests: add iova range query helpers
