mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-09-04 20:19:47 +08:00
f46e8ef8bb
1382368 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Edward Adam Davis
|
f46e8ef8bb |
ocfs2: prevent release journal inode after journal shutdown
Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already
been executed in ocfs2_dismount_volume(), so osb->journal must be NULL.
Therefore, the following calltrace will inevitably fail when it reaches
jbd2_journal_release_jbd_inode().
ocfs2_dismount_volume()->
ocfs2_delete_osb()->
ocfs2_free_slot_info()->
__ocfs2_free_slot_info()->
evict()->
ocfs2_evict_inode()->
ocfs2_clear_inode()->
jbd2_journal_release_jbd_inode(osb->journal->j_journal,
Adding osb->journal checks will prevent null-ptr-deref during the above
execution path.
Link: https://lkml.kernel.org/r/tencent_357489BEAEE4AED74CBD67D246DBD2C4C606@qq.com
Fixes:
|
||
|
Baptiste Lepers
|
5cc5e030bc |
rust: mm: mark VmaNew as transparent
Unsafe code in VmaNew's methods assumes that the type has the same layout
as the inner `bindings::vm_area_struct`. This is not guaranteed by the
default struct representation in Rust, but requires specifying the
`transparent` representation.
Link: https://lkml.kernel.org/r/20250812132712.61007-1-baptiste.lepers@gmail.com
Fixes:
|
||
|
Yin Tirui
|
ee4d098cbc |
of_numa: fix uninitialized memory nodes causing kernel panic
When there are memory-only nodes (nodes without CPUs), these nodes are not
properly initialized, causing kernel panic during boot.
of_numa_init
of_numa_parse_cpu_nodes
node_set(nid, numa_nodes_parsed);
of_numa_parse_memory_nodes
In of_numa_parse_cpu_nodes, numa_nodes_parsed gets updated only for nodes
containing CPUs. Memory-only nodes should have been updated in
of_numa_parse_memory_nodes, but they weren't.
Subsequently, when free_area_init() attempts to access NODE_DATA() for
these uninitialized memory nodes, the kernel panics due to NULL pointer
dereference.
This can be reproduced on ARM64 QEMU with 1 CPU and 2 memory nodes:
qemu-system-aarch64 \
-cpu host -nographic \
-m 4G -smp 1 \
-machine virt,accel=kvm,gic-version=3,iommu=smmuv3 \
-object memory-backend-ram,size=2G,id=mem0 \
-object memory-backend-ram,size=2G,id=mem1 \
-numa node,nodeid=0,memdev=mem0 \
-numa node,nodeid=1,memdev=mem1 \
-kernel $IMAGE \
-hda $DISK \
-append "console=ttyAMA0 root=/dev/vda rw earlycon"
[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x481fd010]
[ 0.000000] Linux version 6.17.0-rc1-00001-gabb4b3daf18c-dirty (yintirui@local) (gcc (GCC) 12.3.1, GNU ld (GNU Binutils) 2.41) #52 SMP PREEMPT Mon Aug 18 09:49:40 CST 2025
[ 0.000000] KASLR enabled
[ 0.000000] random: crng init done
[ 0.000000] Machine model: linux,dummy-virt
[ 0.000000] efi: UEFI not found.
[ 0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options '')
[ 0.000000] printk: legacy bootconsole [pl11] enabled
[ 0.000000] OF: reserved mem: Reserved memory: No reserved-memory node in the DT
[ 0.000000] NODE_DATA(0) allocated [mem 0xbfffd9c0-0xbfffffff]
[ 0.000000] node 1 must be removed before remove section 23
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000040000000-0x00000000ffffffff]
[ 0.000000] DMA32 empty
[ 0.000000] Normal [mem 0x0000000100000000-0x000000013fffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000040000000-0x00000000bfffffff]
[ 0.000000] node 1: [mem 0x00000000c0000000-0x000000013fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff]
[ 0.000000] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0
[ 0.000000] Mem abort info:
[ 0.000000] ESR = 0x0000000096000004
[ 0.000000] EC = 0x25: DABT (current EL), IL = 32 bits
[ 0.000000] SET = 0, FnV = 0
[ 0.000000] EA = 0, S1PTW = 0
[ 0.000000] FSC = 0x04: level 0 translation fault
[ 0.000000] Data abort info:
[ 0.000000] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 0.000000] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 0.000000] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 0.000000] [00000000000000a0] user address but active_mm is swapper
[ 0.000000] Internal error: Oops: 0000000096000004 [#1] SMP
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc1-00001-g760c6dabf762-dirty #54 PREEMPT
[ 0.000000] Hardware name: linux,dummy-virt (DT)
[ 0.000000] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.000000] pc : free_area_init+0x50c/0xf9c
[ 0.000000] lr : free_area_init+0x5c0/0xf9c
[ 0.000000] sp : ffffa02ca0f33c00
[ 0.000000] x29: ffffa02ca0f33cb0 x28: 0000000000000000 x27: 0000000000000000
[ 0.000000] x26: 4ec4ec4ec4ec4ec5 x25: 00000000000c0000 x24: 00000000000c0000
[ 0.000000] x23: 0000000000040000 x22: 0000000000000000 x21: ffffa02ca0f3b368
[ 0.000000] x20: ffffa02ca14c7b98 x19: 0000000000000000 x18: 0000000000000002
[ 0.000000] x17: 000000000000cacc x16: 0000000000000001 x15: 0000000000000001
[ 0.000000] x14: 0000000080000000 x13: 0000000000000018 x12: 0000000000000002
[ 0.000000] x11: ffffa02ca0fd4f00 x10: ffffa02ca14bab20 x9 : ffffa02ca14bab38
[ 0.000000] x8 : 00000000000c0000 x7 : 0000000000000001 x6 : 0000000000000002
[ 0.000000] x5 : 0000000140000000 x4 : ffffa02ca0f33c90 x3 : ffffa02ca0f33ca0
[ 0.000000] x2 : ffffa02ca0f33c98 x1 : 0000000080000000 x0 : 0000000000000001
[ 0.000000] Call trace:
[ 0.000000] free_area_init+0x50c/0xf9c (P)
[ 0.000000] bootmem_init+0x110/0x1dc
[ 0.000000] setup_arch+0x278/0x60c
[ 0.000000] start_kernel+0x70/0x748
[ 0.000000] __primary_switched+0x88/0x90
[ 0.000000] Code: d503201f b98093e0 52800016 f8607a93 (f9405260)
[ 0.000000] ---[ end trace 0000000000000000 ]---
[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!
[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---
Link: https://lkml.kernel.org/r/20250819075510.2079961-1-yintirui@huawei.com
Fixes:
|
||
|
Linus Torvalds
|
1b237f190e | Linux 6.17-rc3 | ||
|
Linus Torvalds
|
c330cb6077 |
i2c-for-6.17-rc3
- hisi: update maintainership
- rtl9300: fix several issues in xfer
- check message length boundaries
- correct multi-byte value composition on write
- increase polling timeout
- fix block transfer protocol
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmiq6uEACgkQFA3kzBSg
KbbG3Q/9GUwocQhQhtHiV1qfcbS2Q2vqXozVzypT5t9UY960BtT+DSb0m2xxXxLh
bU5LLYkl5IkomRZ0u8TUO70N+WdRM9zTgKMTfVPeWOoi3kdN6gEZbdWEfW9QCwo6
gvyHKWJ7VlaTvvonqy/x0i5niKPrJ1CKpIXz77W663ViTrKssUIGRq8R/n1+BxPv
SADAzuGawwF/UXR65K5/giKxsdMHRSNLasiAftF9zZgsK0d2xh74P++a9LWYobGD
4d7hhLLkGtpgob1Ibn3hiFTrx/Z2n3mqKljeZ4bSbWRXOM97bv7Aq9CV44OJouc+
OMxoT/AiteC0MtBciqDtd0E8kNt01mXI0tBhsgUJwSfz6pwbiuN2BqYkqjCO77SM
IpUwSJycIA6AMHBdJ/gTHRY+mOc2fLTEHECPkdNOb4z22DQYRCdCccH6jq9zFmHU
kv1Jrg+BKCPA/tm3FsPg7oj0lobB4tMB2TzKCkb8/HjxawA3mGq1KKP7ldiK4YZU
WmpEZkVRPKVHVHucPAvLaOjrtbJ5RjmKPbGdbXfX4Yz3Z+IT6pMN4Az9LnmrPXIZ
oDkPyZxxykhWp60NiUyHGz+lxudr+ayx8mVgFWkW0zHTARv8u3WqsXPxZEnzYEhg
iEAm3XMCfzC1ipZjbY2VP5A01cFz3kHqnSHUDbAgyVTexIZ2zTU=
=qg/x
-----END PGP SIGNATURE-----
Merge tag 'i2c-for-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
- hisi: update maintainership
- fix several issues in rtl9300 xfer:
- check message length boundaries
- correct multi-byte value composition on write
- increase polling timeout
- fix block transfer protocol
* tag 'i2c-for-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: rtl9300: Add missing count byte for SMBus Block Ops
i2c: rtl9300: Increase timeout for transfer polling
i2c: rtl9300: Fix multi-byte I2C write
i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer
MAINTAINERS: i2c: Update i2c_hisi entry
|
||
|
Linus Torvalds
|
69fd6b99b8 |
- Fix a case where the events throttling logic operates on inactive events
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmiq4usACgkQEsHwGGHe VUqytg/9GEznbpmRT2Byto488q6rBaxp+hpNL1xFubuZt9Xv0xbUKLGUInHwTx4I wcep6QXsS5k55vz7xV1Fw0gQMAeBlSTiyT3fq9cC97T5z+bT+tBXANEr6GzTXHGW 2KesAWQo9QVyNs/jCxWPBoWJnzBAG8NTuMNsnXVFnFuK9nFvmYOfVz5fJBIYw0cZ JXCtzIJGsXUDSa5wYIfbpORhVyJbwA30OdKc/rXvOa3eYuOazArR/OkH8IYXEPD9 kJsVAcOMNo5hJsOUrGle0O1AYtw1bqWCHOtdWkcDEL9zrodNXqeEfrJW4wymHo70 oXPSn74ZXI23ukbpYp1KvE66LvBsOsRS0rLk9avpGuNAKDSa1hNYC2cOF/ABD1Ca I8irVQnEslSdkW0SFnJ1cjHNZpQJWXJRlvvTnrE9FxGJWM8MPOunke34Z7O1q6qE kxupGb/ApfVlfRM6mAsU4G5Ya4wWed+gbMATPhcvRLqIJjS4E+Xzp/2Xw5Jg4Lln fkSOv0a3/OI4rk4xPrrvr85awP7qfxdRIfefuYae2RQ8twzrhlX9MyRTgX92T3Lu WgajYbWN7GhABdrfvAUIu9YiXYGKFiox5vT10O8IB7NXH6w1TlGEHdUkC/UUrjwa NL+LHl/zVh68JlMHaGfgpQeb4fWUvM7D3+KaLvN6dTm9LWCnKUc= =AsFO -----END PGP SIGNATURE----- Merge tag 'perf_urgent_for_v6.17_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fix from Borislav Petkov: - Fix a case where the events throttling logic operates on inactive events * tag 'perf_urgent_for_v6.17_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf: Avoid undefined behavior from stopping/starting inactive events |
||
|
Linus Torvalds
|
0f74d9cf52 |
- Fix the GDS mitigation detection on some machines after the recent attack
vectors conversion - Filter out the invalid machine reset reason value -1 when running as a guest as in such cases the reason why the machine was rebooted does not make a whole lot of sense - Init the resource control machinery on Hygon hw, also in order to avoid a division by 0 in addition to actually enabling the feature on hw which supports it -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmiq5wkACgkQEsHwGGHe VUpYAQ/+Jfon30aae+VI8T4k96Q93GuQnplrtPgLsC4SN4NBd63NWOfFtcIayU2h O7FpqZOmoN2oVppmMyjaRKLDhETb3u3YHtiOE5pYvEzVg0g9XoHNEzvioOPga3sY 5o/CrMGwWsUvGvZgxOzgptBppBbSYdz6+G6yAn+Kr4cb7TBNKdOMB3OJT2h0S1T7 6DuqAn3jVtYFlVcxpJwYLX8wpsZPvDUjYNxvGpd4pPqFcsOZUPNuYgcveK6aHb9T 8y3EWZcWPFNyiVXLxa0TsaA+iv8dSXZqw0JBMBcNQ7DYUtLBjHnQIPPYALQbErrY AZUj4AbYeBFcc8qXOmipPXqITRvH9tttCRAvoYI76P5a2IFEqhMOsiTstr4Zf50n lVx0RvDqbsbRTKSoiHWiR81tTugXD0Phdas4H0v4JwRVlOWQsuThSYqy6dEZSFQD graJHzJmcH+Wysrh8azBhzJa5FPDcmZo631+62CZCfFExTmT0GalbZ+1+Q7M5RRr U+HFpAmMQirnwzEoC8/BxgZAQEF40Sr14MsIeJfx59pBAP8FqZgjwxC1RXE2mRVS oyjpkgdPqmnz9N5yJDQxgev6SpB3nlEHyC6YZM+4Lv6nvWeNg6YjRrqF9esg88AQ fov1ZjmvHJ39CldlUETH4d1X4sRiRYgGcLPeG5cdfCwAGas3zxk= =VH8m -----END PGP SIGNATURE----- Merge tag 'x86_urgent_for_v6.17_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Borislav Petkov: - Fix the GDS mitigation detection on some machines after the recent attack vectors conversion - Filter out the invalid machine reset reason value -1 when running as a guest as in such cases the reason why the machine was rebooted does not make a whole lot of sense - Init the resource control machinery on Hygon hw in order to avoid a division by zero and to actually enable the feature on hw which supports it * tag 'x86_urgent_for_v6.17_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/bugs: Fix GDS mitigation selecting when mitigation is off x86/CPU/AMD: Ignore invalid reset reason value x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper |
||
|
Linus Torvalds
|
a69dfb4e0a |
Fix ethernet on Lantiq boards
-----BEGIN PGP SIGNATURE----- iQJOBAABCAA4FiEEbt46xwy6kEcDOXoUeZbBVTGwZHAFAmiqxjkaHHRzYm9nZW5k QGFscGhhLmZyYW5rZW4uZGUACgkQeZbBVTGwZHAg8BAAoN/NzDo68JDZt+Tgtb8q bfcSwb2PvrpYX763BJ8DOh7N9LTfI6nMm6tKsBX1Skj1N3UOujEDYRn0vRj+I0xW PNcddQXM1ZbBK2QErXDGBXReyHFHH9Akw3sUcU2fZR1Uydx2MJrQksghJFa2mOd5 uX9KgjLb/fWgFcRojw6j5wtyDmPDBZKKL7CdsTegBq/r1F7bVy0WhSxYbDJ9dJDQ HfyQt9Lu1Fy/X1H21Zy+Hbi2kcndIy+Hnv6HBNRnlQtQz2haF535XgtqgJZMdsCj K8SZyfkKHIwJxQZ9v9jaS7ZOQdz1/e2ldUJIWUQ5dLd4I85evZzF8PrrMzq3MKmx gF1DF3YGh3U0aWSs7hADiDMLKXxgQcY93G4U5OdblZICeZaQ5xQy5yTNbSx59WGm cIikrxe56dB2OsY0bl7CsLKy9qB8pi76m/Z42FY9meWksqZC93uS9j+ymG/Yz2GI JNtq3qk64vO4vsv1ef2yD1DmVXIvq3RygmbjCluNuQyR9WL0Dqz/yPsXEr8qeB7v l7nzHWzo7XAJ/mBHX2U7q1WVxvn0JHNWbt84eikgRvOpzEEBTY/OUetEGwYUThUZ 9I1CAAuogXxyPOmnShy8ZZjwdSnFoaXDOqOsUXrDU/6bu7TFWTgYa2nrjY9QGMMN zheydm3iNvEp+o8YdAvfAzA= =znbt -----END PGP SIGNATURE----- Merge tag 'mips-fixes_6.17_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Thomas Bogendoerfer: "Fix ethernet on Lantiq boards" * tag 'mips-fixes_6.17_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: mips: lantiq: xway: sysctrl: rename the etop node mips: dts: lantiq: danube: add missing burst length property |
||
|
Linus Torvalds
|
14f84cd318 |
Modules fixes for 6.17-rc3
This includes a fix part of the KSPP (Kernel Self Protection Project) to replace the deprecated and unsafe strcpy() calls in the kernel parameter string handler and sysfs parameters for built-in modules. Single commit, no functional changes. -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE73Ua4R8Pc+G5xjxTQJ6jxB8ZUfsFAmiqshwACgkQQJ6jxB8Z UfuF8Q//UVMLtvEREUM8m18u1SVDhnO9/+Dpl/bkTof+w03KviIbAN/VXm6qn3C7 ZYtK5lDWU4twg+bOpC6EC/LdNVNyJx6cCpqkZFri21i9Yhf5ak0Sp833lWTZdqH/ DDNCCAOuFH1EaihlJwQ/T4ox1CUOBTC49HyCBnVvdWiCCevUaPbxc8Cgsuzp/gsf vqXoOJCYKZD2ZdeRKgW7EgETWUljIpvjfXnb3DtMHztj92wzHPaCR50d0iBJbpZi 3JEmrZ6FQ+sb+Qgp4VrW7ZEIa8UFGusqKVZBzJfZR61OU+iVz97gg2WptczsTZCa GoV0sM5MbNwaBtaMEoM40OiQWCAtYyfsIFmOH142Djcmzgs2hGFTGMKgZReDRs8B XiPPTq0IW5czYLoNyzJKvtoRX1qBC7wV0rxN9MY8AQieCPmhV3fQsjUgnPKwUOlV 4U5EvzI2Qy4LL5oEUp3rEcymio/rP1wrd0dFxx/D+bMMj//PRF+9rr51deZ/tqtz Y0Q8rI7CYYlhg0I6XH8t2sAe2TypbU8gNGhOi23Z9vBZwtOv1e3fGTQXymopvVT4 m50c541senApTKFHDbbck2KXwNyasdtIWCQrtChaP99Y0Lk2KRxkgYtVuCJEPNsv rFjyK3KnfkhhqNJEl4I8EUJwfQ1z9tUHJyfx1p0q74cShV7fRg8= =8/92 -----END PGP SIGNATURE----- Merge tag 'modules-6.17-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux Pull modules fix from Daniel Gomez: "This includes a fix part of the KSPP (Kernel Self Protection Project) to replace the deprecated and unsafe strcpy() calls in the kernel parameter string handler and sysfs parameters for built-in modules. Single commit, no functional changes" * tag 'modules-6.17-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux: params: Replace deprecated strcpy() with strscpy() and memcpy() |
||
|
Linus Torvalds
|
8d245acc1e |
Char/Misc/IIO fixes for 6.17-rc3
Here are a small number of char/misc/iio and other driver fixes for 6.17-rc3. Included in here are: - IIO driver bugfixes for reported issues - bunch of comedi driver fixes - most core bugfix - fpga driver bugfix - cdx driver bugfix All of these have been in linux-next this week with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaKnPRw8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ymvOACffARDm9ydwRppM7KpQ0CDEOP8Gd8An2zt1S3z W5KoFRCkMEOZj93miep3 =Lp/R -----END PGP SIGNATURE----- Merge tag 'char-misc-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc/iio fixes from Greg KH: "Here are a small number of char/misc/iio and other driver fixes for 6.17-rc3. Included in here are: - IIO driver bugfixes for reported issues - bunch of comedi driver fixes - most core bugfix - fpga driver bugfix - cdx driver bugfix All of these have been in linux-next this week with no reported issues" * tag 'char-misc-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: most: core: Drop device reference after usage in get_channel() comedi: Make insn_rw_emulate_bits() do insn->n samples comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() comedi: pcl726: Prevent invalid irq number cdx: Fix off-by-one error in cdx_rpmsg_probe() fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() iio: light: as73211: Ensure buffer holes are zeroed iio: adc: rzg2l_adc: Set driver data before enabling runtime PM iio: adc: rzg2l: Cleanup suspend/resume path iio: adc: ad7380: fix missing max_conversion_rate_hz on adaq4381-4 iio: adc: bd79124: Add GPIOLIB dependency iio: imu: inv_icm42600: change invalid data error to -EBUSY iio: adc: ad7124: fix channel lookup in syscalib functions iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() iio: adc: ad7173: prevent scan if too many setups requested iio: proximity: isl29501: fix buffered read on big-endian systems iio: accel: sca3300: fix uninitialized iio scan data |
||
|
Linus Torvalds
|
8004d08330 |
USB fixes for 6.17-rc3
Here are some small USB driver fixes for 6.17-rc3 to resolve a bunch of reported issues. Included in here are: - typec driver fixes - dwc3 new device id - dwc3 driver fixes - new usb-storage driver quirks - xhci driver fixes - other tiny USB driver fixes to resolve bugs All of these have been in linux-next this week with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaKnTpQ8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+yk+7gCfV8UA7wAViZTaXWmqsa3GzeuSMKIAoKdcM0+j hV48oay+3njPXzlsTp0d =lRRr -----END PGP SIGNATURE----- Merge tag 'usb-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB driver fixes for 6.17-rc3 to resolve a bunch of reported issues. Included in here are: - typec driver fixes - dwc3 new device id - dwc3 driver fixes - new usb-storage driver quirks - xhci driver fixes - other tiny USB driver fixes to resolve bugs All of these have been in linux-next this week with no reported issues" * tag 'usb-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: xhci: fix host not responding after suspend and resume usb: xhci: Fix slot_id resource race conflict usb: typec: fusb302: Revert incorrect threaded irq fix USB: core: Update kerneldoc for usb_hcd_giveback_urb() usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean usb: typec: maxim_contaminant: disable low power mode when reading comparator values usb: dwc3: Remove WARN_ON for device endpoint command timeouts USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles usb: storage: realtek_cr: Use correct byte order for bcs->Residue usb: chipidea: imx: improve usbmisc_imx7d_pullup() kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() usb: dwc3: pci: add support for the Intel Wildcat Lake usb: dwc3: Ignore late xferNotReady event to prevent halt timeout USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test usb: renesas-xhci: Fix External ROM access timeouts usb: gadget: tegra-xudc: fix PM use count underflow usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive |
||
|
Linus Torvalds
|
e1d8f9ccb2 |
tracing fixes for v6.17-rc2:
- Fix rtla and latency tooling pkg-config errors
If libtraceevent and libtracefs is installed, but their corresponding '.pc'
files are not installed, it reports that the libraries are missing and
confuses the developer. Instead, report that the pkg-config files are
missing and should be installed.
- Fix overflow bug of the parser in trace_get_user()
trace_get_user() uses the parsing functions to parse the user space strings.
If the parser fails due to incorrect processing, it doesn't terminate the
buffer with a nul byte. Add a "failed" flag to the parser that gets set when
parsing fails and is used to know if the buffer is fine to use or not.
- Remove a semicolon that was at an end of a comment line
- Fix register_ftrace_graph() to unregister the pm notifier on error
The register_ftrace_graph() registers a pm notifier but there's an error
path that can exit the function without unregistering it. Since the function
returns an error, it will never be unregistered.
- Allocate and copy ftrace hash for reader of ftrace filter files
When the set_ftrace_filter or set_ftrace_notrace files are open for read,
an iterator is created and sets its hash pointer to the associated hash that
represents filtering or notrace filtering to it. The issue is that the hash
it points to can change while the iteration is happening. All the locking
used to access the tracer's hashes are released which means those hashes can
change or even be freed. Using the hash pointed to by the iterator can cause
UAF bugs or similar.
Have the read of these files allocate and copy the corresponding hashes and
use that as that will keep them the same while the iterator is open. This
also simplifies the code as opening it for write already does an allocate
and copy, and now that the read is doing the same, there's no need to check
which way it was opened on the release of the file, and the iterator hash
can always be freed.
- Fix function graph to copy args into temp storage
The output of the function graph tracer shows both the entry and the exit of
a function. When the exit is right after the entry, it combines the two
events into one with the output of "function();", instead of showing:
function() {
}
In order to do this, the iterator descriptor that reads the events includes
storage that saves the entry event while it peaks at the next event in
the ring buffer. The peek can free the entry event so the iterator must
store the information to use it after the peek.
With the addition of function graph tracer recording the args, where the
args are a dynamic array in the entry event, the temp storage does not save
them. This causes the args to be corrupted or even cause a read of unsafe
memory.
Add space to save the args in the temp storage of the iterator.
- Fix race between ftrace_dump and reading trace_pipe
ftrace_dump() is used when a crash occurs where the ftrace buffer will be
printed to the console. But it can also be triggered by sysrq-z. If a
sysrq-z is triggered while a task is reading trace_pipe it can cause a race
in the ftrace_dump() where it checks if the buffer has content, then it
checks if the next event is available, and then prints the output
(regardless if the next event was available or not). Reading trace_pipe
at the same time can cause it to not be available, and this triggers a
WARN_ON in the print. Move the printing into the check if the next event
exists or not.
-----BEGIN PGP SIGNATURE-----
iIoEABYKADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCaKnAGRQccm9zdGVkdEBn
b29kbWlzLm9yZwAKCRAp5XQQmuv6qotPAQD02idezasiFi0vakLTR+0x/uAI2UOL
5RLfTwmZW7S1FwEAwOvGpKx3k/kUwDp5EReP34A+1Fqyc5Mvps4UCE1s4gM=
=ENHu
-----END PGP SIGNATURE-----
Merge tag 'trace-v6.17-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull tracing fixes from Steven Rostedt:
- Fix rtla and latency tooling pkg-config errors
If libtraceevent and libtracefs is installed, but their corresponding
'.pc' files are not installed, it reports that the libraries are
missing and confuses the developer. Instead, report that the
pkg-config files are missing and should be installed.
- Fix overflow bug of the parser in trace_get_user()
trace_get_user() uses the parsing functions to parse the user space
strings. If the parser fails due to incorrect processing, it doesn't
terminate the buffer with a nul byte. Add a "failed" flag to the
parser that gets set when parsing fails and is used to know if the
buffer is fine to use or not.
- Remove a semicolon that was at an end of a comment line
- Fix register_ftrace_graph() to unregister the pm notifier on error
The register_ftrace_graph() registers a pm notifier but there's an
error path that can exit the function without unregistering it. Since
the function returns an error, it will never be unregistered.
- Allocate and copy ftrace hash for reader of ftrace filter files
When the set_ftrace_filter or set_ftrace_notrace files are open for
read, an iterator is created and sets its hash pointer to the
associated hash that represents filtering or notrace filtering to it.
The issue is that the hash it points to can change while the
iteration is happening. All the locking used to access the tracer's
hashes are released which means those hashes can change or even be
freed. Using the hash pointed to by the iterator can cause UAF bugs
or similar.
Have the read of these files allocate and copy the corresponding
hashes and use that as that will keep them the same while the
iterator is open. This also simplifies the code as opening it for
write already does an allocate and copy, and now that the read is
doing the same, there's no need to check which way it was opened on
the release of the file, and the iterator hash can always be freed.
- Fix function graph to copy args into temp storage
The output of the function graph tracer shows both the entry and the
exit of a function. When the exit is right after the entry, it
combines the two events into one with the output of "function();",
instead of showing:
function() {
}
In order to do this, the iterator descriptor that reads the events
includes storage that saves the entry event while it peaks at the
next event in the ring buffer. The peek can free the entry event so
the iterator must store the information to use it after the peek.
With the addition of function graph tracer recording the args, where
the args are a dynamic array in the entry event, the temp storage
does not save them. This causes the args to be corrupted or even
cause a read of unsafe memory.
Add space to save the args in the temp storage of the iterator.
- Fix race between ftrace_dump and reading trace_pipe
ftrace_dump() is used when a crash occurs where the ftrace buffer
will be printed to the console. But it can also be triggered by
sysrq-z. If a sysrq-z is triggered while a task is reading trace_pipe
it can cause a race in the ftrace_dump() where it checks if the
buffer has content, then it checks if the next event is available,
and then prints the output (regardless if the next event was
available or not). Reading trace_pipe at the same time can cause it
to not be available, and this triggers a WARN_ON in the print. Move
the printing into the check if the next event exists or not
* tag 'trace-v6.17-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
ftrace: Also allocate and copy hash for reading of filter files
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
fgraph: Copy args in intermediate storage with entry
trace/fgraph: Fix the warning caused by missing unregister notifier
ring-buffer: Remove redundant semicolons
tracing: Limit access to parser->buffer when trace_get_user failed
rtla: Check pkg-config install
tools/latency-collector: Check pkg-config install
|
||
|
Linus Torvalds
|
52025b8fc9 |
Driver core fixes for 6.16-rc3
- Fix swapped handling of lru_gen and lru_gen_full debugfs files in
vmscan.
- Fix debugfs mount options (uid, gid, mode) being silently ignored.
- Fix leak of devres action in the unwind path of Devres::new().
- Documentation
- Expand and fix documentation of (outdated) Device, DeviceContext
and generic driver infrastructure.
- Fix C header link of faux device abstractions.
- Clarify expected interaction with the security team.
- Smooth text flow in the security bug reporting process
documentation.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS2q/xV6QjXAdC7k+1FlHeO1qrKLgUCaKmYLgAKCRBFlHeO1qrK
LuUiAQDMA7wZCdzvU8kZazpVpiN5t4Y/EeCztbZJlTG1b0F66QEAgKfgBbdKdgvu
LNSXY0Mo6/t6RbFbW5+wR4R+sGn6PwQ=
=wBy0
-----END PGP SIGNATURE-----
Merge tag 'driver-core-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core
Pull driver core fixes from Danilo Krummrich:
- Fix swapped handling of lru_gen and lru_gen_full debugfs files in
vmscan
- Fix debugfs mount options (uid, gid, mode) being silently ignored
- Fix leak of devres action in the unwind path of Devres::new()
- Documentation:
- Expand and fix documentation of (outdated) Device, DeviceContext
and generic driver infrastructure
- Fix C header link of faux device abstractions
- Clarify expected interaction with the security team
- Smooth text flow in the security bug reporting process
documentation
* tag 'driver-core-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core:
Documentation: smooth the text flow in the security bug reporting process
Documentation: clarify the expected collaboration with security bugs reporters
debugfs: fix mount options not being applied
rust: devres: fix leaking call to devm_add_action()
rust: faux: fix C header link
driver: rust: expand documentation for driver infrastructure
device: rust: expand documentation for Device
device: rust: expand documentation for DeviceContext
mm/vmscan: fix inverted polarity in lru_gen_seq_show()
|
||
|
Wolfram Sang
|
3dd2207802 |
i2c-host-fixes for v6.17-rc3
i2c-host-fixes for v6.17-rc3 - hisi: update maintainership - rtl9300: fix several issues in xfer - check message length boundaries - correct multi-byte value composition on write - increase polling timeout - fix block transfer protocol -----BEGIN PGP SIGNATURE----- iIwEABYKADQWIQScDfrjQa34uOld1VLaeAVmJtMtbgUCaKhKQxYcYW5kaS5zaHl0 aUBrZXJuZWwub3JnAAoJENp4BWYm0y1u9IsBALBYecTp7j6OyulQtTI0vMiNxfUs dQuW562QW2ir8h23AQC9JJrL2EK5Ue2yFaALcyinVFJ0qwfxh3tsnp68S/cTBw== =FWwk -----END PGP SIGNATURE----- Merge tag 'i2c-host-fixes-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/andi.shyti/linux into i2c/for-current i2c-host-fixes for v6.17-rc3 - hisi: update maintainership - rtl9300: fix several issues in xfer - check message length boundaries - correct multi-byte value composition on write - increase polling timeout - fix block transfer protocol |
||
|
Steven Rostedt
|
bfb336cf97 |
ftrace: Also allocate and copy hash for reading of filter files
Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds
the pointer to the global tracer hash to its iterator. Unlike the writer
that allocates a copy of the hash, the reader keeps the pointer to the
filter hashes. This is problematic because this pointer is static across
function calls that release the locks that can update the global tracer
hashes. This can cause UAF and similar bugs.
Allocate and copy the hash for reading the filter files like it is done
for the writers. This not only fixes UAF bugs, but also makes the code a
bit simpler as it doesn't have to differentiate when to free the
iterator's hash between writers and readers.
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/20250822183606.12962cc3@batman.local.home
Fixes:
|
||
|
Linus Torvalds
|
6debb69041 |
drm fixes for 6.17-rc3
rust: - drm device memory layout and safety fixes tests: - Endianness fixes gpuvm: - docs warning fix panic: - fix division on 32-bit arm i915: - TypeC DP display Fixes - Silence rpm wakeref asserts on GEN11_GU_MISC_IIR access - Relocate compression repacking WA for JSL/EHL xe: - xe_vm_create fixes - fix vm bind ioctl double free amdgpu: - Replay fixes - SMU14 fix - Null check DC fixes - DCE6 DC fixes - Misc DC fixes bridge: - analogix_dp: devm_drm_bridge_alloc() error handling fix habanalabs: - Memory deallocation fix hibmc: - modesetting black screen fixes - fix UAF on irq - fix leak on i2c failure path nouveau: - memory leak fixes - typos rockchip: - Kconfig fix - register caching fix -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmio5O4ACgkQDHTzWXnE hr7CTQ//b+Qz9Qt/hxqoKVO7dX9RDQmXrR+BxCiQTkVGdzlrMKCLS4s5FPElq5II wSQ/Ya3r6rdy9MP8Jf+LTxY1UDHaAqhjE5cO/ETfzgE/2I3/rOb92/ITnCrA8ATc w2w1oM1pZ6SI9+Aigmbb6ivTKDjI2m/+VAR2YFfXVdZ6D1YggLXj2O4+IXVZHiGD LesusmoiyTiP+t5NroPSlXwKMJJVnTfQ8a3qUOzgplOIvPuQpB4EBesdPLAjuqos VYM0tXDEOrMy7taSpStgcn0PmT6rTHSC8RU+tXEtyB4EUqkfTrbyRQjH8DrQPUq1 gFDj265AzfCnRGTMSF52taDViJzHV3JkgibrFD71eejgqOw9NfICBfnYczt4W5jv dCnPXdVtMk4VVogqma9DiC9+ZWaPqRlD85NVQnwfy3rn8hEmpOlvs4vGa+zUxC3J iMYZnZPFHeGtmqweH0TSB1RNvYQgYAj+j7cKJWFEfhUrQYqRYppqzKtybUamR6JJ kEKXLGEoIvo84LvX71evxL8ogPo68kYdd4EWKpM2PdqQEsmfvEWWbO1SpGzRqmnm UOkDB2pQVEzfbO4Rsz7olcZBNqEcEf8Nq24z/laA4B7B9E7wAFCBjqpx/2Ih7dBG bknJI0ghm1Uxd4ZMa0c2ejxIcgxQ4DHC9MA+HFtDZU0SXrsyskY= =GfgI -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2025-08-23-1' of https://gitlab.freedesktop.org/drm/kernel Pull drm fixes from Dave Airlie: "Weekly drm fixes. Looks like things did indeed get busier after rc2, nothing seems too major, but stuff scattered all over the place, amdgpu, xe, i915, hibmc, rust support code, and other small fixes. rust: - drm device memory layout and safety fixes tests: - Endianness fixes gpuvm: - docs warning fix panic: - fix division on 32-bit arm i915: - TypeC DP display Fixes - Silence rpm wakeref asserts on GEN11_GU_MISC_IIR access - Relocate compression repacking WA for JSL/EHL xe: - xe_vm_create fixes - fix vm bind ioctl double free amdgpu: - Replay fixes - SMU14 fix - Null check DC fixes - DCE6 DC fixes - Misc DC fixes bridge: - analogix_dp: devm_drm_bridge_alloc() error handling fix habanalabs: - Memory deallocation fix hibmc: - modesetting black screen fixes - fix UAF on irq - fix leak on i2c failure path nouveau: - memory leak fixes - typos rockchip: - Kconfig fix - register caching fix" * tag 'drm-fixes-2025-08-23-1' of https://gitlab.freedesktop.org/drm/kernel: (49 commits) drm/xe: Fix vm_bind_ioctl double free bug drm/xe: Move ASID allocation and user PT BO tracking into xe_vm_create drm/xe: Assign ioctl xe file handler to vm in xe_vm_create drm/i915/gt: Relocate compression repacking WA for JSL/EHL drm/i915: silence rpm wakeref asserts on GEN11_GU_MISC_IIR access drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Don't print errors for nonexistent connectors drm/amd/display: Don't warn when missing DCE encoder caps drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15% drm/amd/display: Don't overclock DCE 6 by 15% drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() drm/amd/display: Fix Xorg desktop unresponsive on Replay panel drm/amd/display: Avoid a NULL pointer dereference drm/amdgpu/swm14: Update power limit logic drm/amd/display: Revert Add HPO encoder support to Replay drm/i915/icl+/tc: Convert AUX powered WARN to a debug message drm/i915/lnl+/tc: Use the cached max lane count value ... |
||
|
Tengda Wu
|
4013aef2ce |
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
When calling ftrace_dump_one() concurrently with reading trace_pipe,
a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race
condition.
The issue occurs because:
CPU0 (ftrace_dump) CPU1 (reader)
echo z > /proc/sysrq-trigger
!trace_empty(&iter)
trace_iterator_reset(&iter) <- len = size = 0
cat /sys/kernel/tracing/trace_pipe
trace_find_next_entry_inc(&iter)
__find_next_entry
ring_buffer_empty_cpu <- all empty
return NULL
trace_printk_seq(&iter.seq)
WARN_ON_ONCE(s->seq.len >= s->seq.size)
In the context between trace_empty() and trace_find_next_entry_inc()
during ftrace_dump, the ring buffer data was consumed by other readers.
This caused trace_find_next_entry_inc to return NULL, failing to populate
`iter.seq`. At this point, due to the prior trace_iterator_reset, both
`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,
the WARN_ON_ONCE condition is triggered.
Move the trace_printk_seq() into the if block that checks to make sure the
return value of trace_find_next_entry_inc() is non-NULL in
ftrace_dump_one(), ensuring the 'iter.seq' is properly populated before
subsequent operations.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Ingo Molnar <mingo@elte.hu>
Link: https://lore.kernel.org/20250822033343.3000289-1-wutengda@huaweicloud.com
Fixes:
|
||
|
Steven Rostedt
|
e3d01979e4 |
fgraph: Copy args in intermediate storage with entry
The output of the function graph tracer has two ways to display its
entries. One way for leaf functions with no events recorded within them,
and the other is for functions with events recorded inside it. As function
graph has an entry and exit event, to simplify the output of leaf
functions it combines the two, where as non leaf functions are separate:
2) | invoke_rcu_core() {
2) | raise_softirq() {
2) 0.391 us | __raise_softirq_irqoff();
2) 1.191 us | }
2) 2.086 us | }
The __raise_softirq_irqoff() function above is really two events that were
merged into one. Otherwise it would have looked like:
2) | invoke_rcu_core() {
2) | raise_softirq() {
2) | __raise_softirq_irqoff() {
2) 0.391 us | }
2) 1.191 us | }
2) 2.086 us | }
In order to do this merge, the reading of the trace output file needs to
look at the next event before printing. But since the pointer to the event
is on the ring buffer, it needs to save the entry event before it looks at
the next event as the next event goes out of focus as soon as a new event
is read from the ring buffer. After it reads the next event, it will print
the entry event with either the '{' (non leaf) or ';' and timestamps (leaf).
The iterator used to read the trace file has storage for this event. The
problem happens when the function graph tracer has arguments attached to
the entry event as the entry now has a variable length "args" field. This
field only gets set when funcargs option is used. But the args are not
recorded in this temp data and garbage could be printed. The entry field
is copied via:
data->ent = *curr;
Where "curr" is the entry field. But this method only saves the non
variable length fields from the structure.
Add a helper structure to the iterator data that adds the max args size to
the data storage in the iterator. Then simply copy the entire entry into
this storage (with size protection).
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/20250820195522.51d4a268@gandalf.local.home
Reported-by: Sasha Levin <sashal@kernel.org>
Tested-by: Sasha Levin <sashal@kernel.org>
Closes: https://lore.kernel.org/all/aJaxRVKverIjF4a6@lappy/
Fixes:
|
||
|
Dave Airlie
|
a60f5ee68e |
- xe_vm_create fixes (Piotr)
- Fix vm_bind_ioctl double free (Christoph) -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmincCkACgkQ+mJfZA7r E8qDCggAgXVuQNrn+4yD3AkN1jDFdMv0FigFdxegtflHoKqnBxyxF/Y1UD1uLXOp xBpVrhpGZpcp7LcEpEpu2JjBPTzeviDn6HEFAmTxqO7XRlu2q8b7RaLQeTQC9PC/ s2y/dnlHfqtoszi9B+gNDzEEBu7z4GmapLPT27kMijew8+Ho086CcZXhUqntWXyW q7K97om63NkXVM0CR4RQyRMIzj40GUf+eBNogL1QscTVFcfS3wHprr7TN8QTi3wo Mn4WMOgPkBB9abHuLipwXVvygjzY2dhKQVXIa6j3CqzB42lCLmTEM9CxuJMVYin+ CkZdkuWZFQ8kcNG0deEJDExrG3X+8g== =c7ul -----END PGP SIGNATURE----- Merge tag 'drm-xe-fixes-2025-08-21-1' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes - xe_vm_create fixes (Piotr) - Fix vm_bind_ioctl double free (Christoph) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rodrigo Vivi <rodrigo.vivi@intel.com> Link: https://lore.kernel.org/r/aKdxiw9hvO6mcyKs@intel.com |
||
|
Linus Torvalds
|
471b25a2fc |
iommufd 6.17 first rc pull
- Fix mismatched kvalloc()/kfree() - Spelling fixes in documentation -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCaKh6VwAKCRCFwuHvBreF YQkaAPwNEgZnQlmb8zPrTSm9cNTiCZlEr+s1KbE4brXza68PdwEAgAFm3KiBgG2n 2WhVfGQUcCpPnjcJ7skq4F765Y3GvAE= =J6IV -----END PGP SIGNATURE----- Merge tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd Pull iommufd fixes from Jason Gunthorpe: "Two very minor fixes: - Fix mismatched kvalloc()/kfree() - Spelling fixes in documentation" * tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd: iommufd: Fix spelling errors in iommufd.rst iommufd: viommu: free memory allocated by kvcalloc() using kvfree() |
||
|
Dave Airlie
|
f9915c391c |
A bunch of fixes for 6.17:
- analogix_dp: devm_drm_bridge_alloc() error handling fix - gaudi: Memory deallocation fix - gpuvm: Documentation warning fix - hibmc: Various misc fixes - nouveau: Memory leak fixes, typos - panic: u64 division handling on 32 bits architecture fix - rockchip: Kconfig fix, register caching fix - rust: memory layout and safety fixes - tests: Endianness fixes -----BEGIN PGP SIGNATURE----- iJUEABMJAB0WIQTkHFbLp4ejekA/qfgnX84Zoj2+dgUCaKbU8AAKCRAnX84Zoj2+ dlzDAYCq9KkxgD1kDNyqREp+WGbjOPTvq9XkkVJIcJKycVZjMqsCdmJrp91vn3XY JnmXql0Bfjcysmz0OfPIUJtjlS94RFVkGF7ZVlBhqvIosqjfyFN5GGaLKXZyMYQK aIBJ+DFEcA== =2Zvh -----END PGP SIGNATURE----- Merge tag 'drm-misc-fixes-2025-08-21' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes A bunch of fixes for 6.17: - analogix_dp: devm_drm_bridge_alloc() error handling fix - gaudi: Memory deallocation fix - gpuvm: Documentation warning fix - hibmc: Various misc fixes - nouveau: Memory leak fixes, typos - panic: u64 division handling on 32 bits architecture fix - rockchip: Kconfig fix, register caching fix - rust: memory layout and safety fixes - tests: Endianness fixes Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maxime Ripard <mripard@redhat.com> Link: https://lore.kernel.org/r/20250821-economic-dandelion-rooster-c57fa9@houat |
||
|
Aleksander Jan Bajkowski
|
8c431ea8f3 |
mips: lantiq: xway: sysctrl: rename the etop node
Bindig requires a node name matching ‘^ethernet@[0-9a-f]+$’. This patch
changes the clock name from “etop” to “ethernet”.
This fixes the following warning:
arch/mips/boot/dts/lantiq/danube_easy50712.dtb: etop@e180000 (lantiq,etop-xway): $nodename:0: 'etop@e180000' does not match '^ethernet@[0-9a-f]+$'
from schema $id: http://devicetree.org/schemas/net/lantiq,etop-xway.yaml#
Fixes:
|
||
|
Aleksander Jan Bajkowski
|
7b28232921 |
mips: dts: lantiq: danube: add missing burst length property
The upstream dts lacks the lantiq,{rx/tx}-burst-length property. Other
issues were also fixed:
arch/mips/boot/dts/lantiq/danube_easy50712.dtb: etop@e180000 (lantiq,etop-xway): 'interrupt-names' is a required property
from schema $id: http://devicetree.org/schemas/net/lantiq,etop-xway.yaml#
arch/mips/boot/dts/lantiq/danube_easy50712.dtb: etop@e180000 (lantiq,etop-xway): 'lantiq,tx-burst-length' is a required property
from schema $id: http://devicetree.org/schemas/net/lantiq,etop-xway.yaml#
arch/mips/boot/dts/lantiq/danube_easy50712.dtb: etop@e180000 (lantiq,etop-xway): 'lantiq,rx-burst-length' is a required property
from schema $id: http://devicetree.org/schemas/net/lantiq,etop-xway.yaml#
Fixes:
|
||
|
Linus Torvalds
|
cf6fc5eefc |
s390 fixes for 6.17-rc3
- When kernel lockdown is active userspace tools that rely on read operations only are unnecessarily blocked. Fix that by avoiding ioctl registration during lockdown - Invalid NULL pointer accesses succeed due to the lowcore is always mapped the identity mapping pinned to zero. To fix that never map the first two pages of physical memory with identity mapping - Fix invalid SCCB present check in the SCLP interrupt handler - Update defconfigs -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCaKhfnRccYWdvcmRlZXZA bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8KsfAP4m5In0Dv8QMvfxKZuImMcUXN0m FABuwlSVVoV2dKb0/AD/XX5XVvkg6EWEbAfknaQ06U6WdWQX/3BtS3hfDuLk1gQ= =4N65 -----END PGP SIGNATURE----- Merge tag 's390-6.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Alexander Gordeev: - When kernel lockdown is active userspace tools that rely on read operations only are unnecessarily blocked. Fix that by avoiding ioctl registration during lockdown - Invalid NULL pointer accesses succeed due to the lowcore is always mapped the identity mapping pinned to zero. To fix that never map the first two pages of physical memory with identity mapping - Fix invalid SCCB present check in the SCLP interrupt handler - Update defconfigs * tag 's390-6.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/hypfs: Enable limited access during lockdown s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/mm: Do not map lowcore with identity mapping s390/sclp: Fix SCCB present check s390/configs: Set HZ=1000 s390/configs: Update defconfigs |
||
|
Linus Torvalds
|
b3d80535e2 |
xen: branch for v6.17-rc3
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCaKf/jgAKCRCAXGG7T9hj
vsTcAP0eRBCWDlCTzyuRN+2MpyryoNspFcovhJGwMG16a/7SbgEA/Vi7WqK7Y0XT
/7ovC2AzehL9iJaZvl8hWULVnw9C8Aw=
=gDSN
-----END PGP SIGNATURE-----
Merge tag 'for-linus-6.17-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
"Two small cleanups which are both relevant only when running as a Xen
guest"
* tag 'for-linus-6.17-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
drivers/xen/xenbus: remove quirk for Xen 3.x
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
|
||
|
Linus Torvalds
|
272aa18fea |
platform-drivers-x86 for v6.17-2
Fixes and New HW Support:
- amd/hsmp:
- Ensure sock->metric_tbl_addr is non-NULL
- Register driver even if hwmon registration fails
- amd/pmc: Drop SMU F/W match for Cezanne
- dell-smbios-wmi: Separate "priority" from WMI device ID
- hp-wmi: mark Victus 16-r1xxx for Victus s fan and thermal profile support
- intel-uncore-freq: Check write blocked for efficiency latency control
The following is an automated shortlog grouped by driver:
amd/hsmp:
- Ensure sock->metric_tbl_addr is non-NULL
- Ensure success even if hwmon registration fails
amd: pmc:
- Drop SMU F/W match for Cezanne
dell-smbios-wmi:
- Stop touching WMI device ID
hp-wmi:
- mark Victus 16-r1xxx for victus_s fan and thermal profile support
intel-uncore-freq:
- Check write blocked for ELC
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCaKhs0wAKCRBZrE9hU+XO
MQOXAP4zJofX7KXdbIqCpAdlL+zbdDKichzyZG36u+BKdOn8VQEArbQaZoHEq/05
ReoDwmIWS7KWgcbXkZxlwkWYbrOLpwM=
=ZB4H
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v6.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver fixes from Ilpo Järvinen:
- amd/hsmp:
- Ensure sock->metric_tbl_addr is non-NULL
- Register driver even if hwmon registration fails
- amd/pmc: Drop SMU F/W match for Cezanne
- dell-smbios-wmi: Separate "priority" from WMI device ID
- hp-wmi: mark Victus 16-r1xxx for Victus s fan and thermal profile
support
- intel-uncore-freq: Check write blocked for efficiency latency control
* tag 'platform-drivers-x86-v6.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
platform/x86: hp-wmi: mark Victus 16-r1xxx for victus_s fan and thermal profile support
platform/x86/amd/hsmp: Ensure success even if hwmon registration fails
platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
platform/x86/intel-uncore-freq: Check write blocked for ELC
platform/x86/amd: pmc: Drop SMU F/W match for Cezanne
platform/x86: dell-smbios-wmi: Stop touching WMI device ID
|
||
|
Linus Torvalds
|
a2e94e8079 |
block-6.17-20250822
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmiobRkQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpnvDEAC6ybsqvNAOSV1Tdk1EQZ/mIrmIb7tVrp/P
zRReWTK9jF7kzOLn2Mqgu0c4RFLCMABXmPb5F2aLx72uSxMSFq2sI9QZCgGzZQeZ
yjOIxFBAPsdgr+gyIOdS3zH04+IKfJw20ojJb83irCgd5M1hpmVwzZ3iGMq8Gs9q
VJQYvKny7tjjpuLpk3DWl7t1J0YV+0sGQhk3iZdWEHrui7mqmfh6DkeB5forTu6z
Gn5e4DNbZvmcvkJQ+Rnkua1UmTZ4hr/+3YV9mqzsWYv+1hOTx/uomGbY7DjSdSyK
vWWNwN97sgAjwhaFgWvB2iRk1pdAb4A3zP+NV1MXheOhHnAT3C6i43DaS1fivone
YKLEqy4v3IzB5WcdlwclJW2qizoLtopu7A4pRURv9v+Q0wb4Q2YM0gRum59QgxZN
+YUhglR5ucazYPmIAxOZMaU/WMIN6m4h3hRa1RkFRNXkBvPGxV2fQxi8exX0QWqf
oxSSfImO0QVjYPlAL7oi0eWwHtqXtebXXdrUNozQdnrEQnimTrxPAuSnfRIv63un
swlaCzfqXXhtl25t9p6Sx7xM7aKF2k7tYnZdSM7JjiOS7KXHFaZcYt3YcoFfdLc7
X/vtT9OQWwnEtqzFKnK8EvcjSN+4KbXwI4neVLmsWK81dwqI2huScB+Xe5eBPidU
6d6dZzUikA==
=mbqK
-----END PGP SIGNATURE-----
Merge tag 'block-6.17-20250822' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
"A set of fixes for block that should go into this tree. A bit larger
than what I usually have at this point in time, a lot of that is the
continued fixing of the lockdep annotation for queue freezing that we
recently added, which has highlighted a number of little issues here
and there. This contains:
- MD pull request via Yu:
- Add a legacy_async_del_gendisk mode, to prevent a user tools
regression. New user tools releases will not use such a mode,
the old release with a new kernel now will have warning about
deprecated behavior, and we prepare to remove this legacy mode
after about a year later
- The rename in kernel causing user tools build failure, revert
the rename in mdp_superblock_s
- Fix a regression that interrupted resync can be shown as
recover from mdstat or sysfs
- Improve file size detection for loop, particularly for networked
file systems, by using getattr to get the size rather than the
cached inode size.
- Hotplug CPU lock vs queue freeze fix
- Lockdep fix while updating the number of hardware queues
- Fix stacking for PI devices
- Silence bio_check_eod() for the known case of device removal where
the size is truncated to 0 sectors"
* tag 'block-6.17-20250822' of git://git.kernel.dk/linux:
block: avoid cpu_hotplug_lock depedency on freeze_lock
block: decrement block_rq_qos static key in rq_qos_del()
block: skip q->rq_qos check in rq_qos_done_bio()
blk-mq: fix lockdep warning in __blk_mq_update_nr_hw_queues
block: tone down bio_check_eod
loop: use vfs_getattr_nosec for accurate file size
loop: Consolidate size calculation logic into lo_calculate_size()
block: remove newlines from the warnings in blk_validate_integrity_limits
block: handle pi_tuple_size in queue_limits_stack_integrity
selftests: ublk: Use ARRAY_SIZE() macro to improve code
md: fix sync_action incorrect display during resync
md: add helper rdev_needs_recovery()
md: keep recovery_cp in mdp_superblock_s
md: add legacy_async_del_gendisk mode
|
||
|
Linus Torvalds
|
d28de4fc0a |
io_uring-6.17-20250822
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmiobS0QHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpl2rD/44niBCUuj5CTZKqCCkVMduiBIvRWmRl+Fz Xth2qCwn5RBCi9dZWe4D8xTr0d9d3CTdCUMLiINm6+lyLTcE3taz2AczBHcs/FWZ rL7anFYtVLcadoqabrlbkI02dEIY4ARkpAfenyaBO693GoI5YD2CBxTH0YkVF2Qw beasIRi0s+TbmGQbtqbAROCdIywX6LpyEiT4tuDfLixDHwfoV0teLb57H7TrfJ3j MwuFX83JN2ZpGvHSJHs7/T21OwDJ8h2hV4TgFt5hwKg7UKpVq0crh/+lLlZnZxUw D5GMW3EDYaOwUO1dxTpFWKuKUCpzvaOpBdqhK3UNsSJwEu6riRzkC/7IydbX1qcI dBAvJqg4TJYRpAFwMS0yNZ1gA+rC/kXFQrbJivaRm57ZLrxvhSI4RCPgv+Vd5ayP Bd25paIDEndk2sDf9iMESM4yPciTCmjWhjFc6TQwo7uidJagXbXJQD1fXDxDoT+m /gGv0UG4vZ20sUZbBOLHeVUFxlaw9MtgFwq1RSPMCUBhYbaxW57BVwjngAaTILNK NzBkpamtzJxk66GL1fLZ/fmMdNJenM+40GyHLAt/e46x95aooExaV4a/FtrYXQVa LAJTEFUTG4Ybu5zRxTpl1evEXfktpOHlubdQnsAaP1sj8ydRL+JJmRlcbReWQupy SeuJhF4rbQ== =jOfg -----END PGP SIGNATURE----- Merge tag 'io_uring-6.17-20250822' of git://git.kernel.dk/linux Pull io_uring fixes from Jens Axboe: "Just two small fixes - one that fixes inconsistent ->async_data vs REQ_F_ASYNC_DATA handling in futex, and a followup that just ensures that if other opcode handlers mess this up, it won't cause any issues" * tag 'io_uring-6.17-20250822' of git://git.kernel.dk/linux: io_uring: clear ->async_data as part of normal init io_uring/futex: ensure io_futex_wait() cleans up properly on failure |
||
|
Linus Torvalds
|
edeee68c42 |
SCSI fixes on 20250822
All fixes in drivers. The largest diffstat in ufs is caused by the doc update with the next being the qcom null pointer deref fix. Signed-off-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com> -----BEGIN PGP SIGNATURE----- iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCaKhBSSYcamFtZXMuYm90 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pisheYBAP9IwgCR ANnFXfILBJ0vGkZiVsV7lZPtcUChbTT0stGCXAD/axlU11QwE673mlxkVK5JuFGc fnCdTAt0iM1AqiGiCeI= =+twj -----END PGP SIGNATURE----- Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "All fixes in drivers. The largest diffstat in ufs is caused by the doc update with the next being the qcom null pointer deref fix" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ufs: ufs-qcom: Fix ESI null pointer dereference scsi: ufs: core: Rename ufshcd_wait_for_doorbell_clr() scsi: ufs: core: Fix the return value documentation scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() scsi: ufs: core: Fix IRQ lock inversion for the SCSI host lock scsi: qla4xxx: Prevent a potential error pointer dereference scsi: ufs: ufs-pci: Add support for Intel Wildcat Lake scsi: fnic: Remove a useless struct mempool forward declaration |
||
|
Linus Torvalds
|
afd58777de |
MMC host:
- sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - sdhci-of-arasan: Ensure CD logic stabilization before power-up - sdhci-pci-gli: Mask the replay timer timeout of AER for GL9763e MEMSTICK: - Fix deadlock by moving removing flag earlier -----BEGIN PGP SIGNATURE----- iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmioRt4XHHVsZi5oYW5z c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCkW/w/+NeQhlSoTGr/eBWL2BqF3+b1J yxyS/DIW0CukTrpQNMqsu9yeWqRqqugBGm613/ffJ2elCOV8sfhyQt8tgvIur9WB mWEXui8PwReNa4ZLmUVbFMLfLL0uJO0MIYRXFxJB8CGk0OXsN4jffaomurVdmXsS 4WkvzHcm64MmGINPkGnkWICMIHiErjAaQOZJBmasG7VxkdHVvJjbi0QFeWjnVExd 7HXN2qPU1y8Vv7jgArGaGnL7ZElmzEjcDn7+ZCStC4Q6QjTsKE3FFjsEkiF08b1M 1BBwx6NfB/KOBxBNy6g7vLmeD52oLIET2AQ8E4aQ2MpQF24323eDmY/TLR7d8SIq jctdi21qcqQLeaj2oStcgS+FTH2vpkSQBK4kv/cRTcEVpvun+KYrCNpFI0JDovY0 0BHOukSHMkB0i0X1uyBmMXlxFGne67sDM42tynfkHVMfb6MTtk50EqyWi5shoYcJ PUPv/E+AemohyKzqLpU177Lx84pX3km9oK21tVGJS62Qv8ydgJLV2YXWU7IKQ+Mv d+X7Ks6AlHIbhMdo00/L/4nLNjvUiAzJ480QnAE1qt+luFhnKievFaZ0hX2z7E14 WGnpPlph2S2UUfJpeA4JuM3Pb2nwvjVm4pl5CZYRg2cRJz4DGRK20NbcZ/waA02I umWZrQ1PzgyYOqYRmkE= =FuWR -----END PGP SIGNATURE----- Merge tag 'mmc-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC host: - sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - sdhci-of-arasan: Ensure CD logic stabilization before power-up - sdhci-pci-gli: Mask the replay timer timeout of AER for GL9763e MEMSTICK: - Fix deadlock by moving removing flag earlier" * tag 'mmc-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 memstick: Fix deadlock by moving removing flag earlier mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency mmc: sdhci-pci-gli: Add a new function to simplify the code |
||
|
Linus Torvalds
|
e2d324af56 |
RDMA v6.17 first rc pull request
- Syzkaller found WARN_ON in rxe due to poor lifecycle management of resources linked to skbs - Missing error path handling in erdma qp creation - Initialize the qp number for the GSI QP in erdma - Mismatching of DIP, SCC and QP numbers in hns - SRQ bug fixes in bnxt_re - Memory leak and possibly uninited memory in bnxt_re - Remove retired irdma maintainer - Fix kfree() for kvalloc() in ODP - Fix memory leak in hns -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRRRCHOFoQz/8F5bUaFwuHvBreFYQUCaKeiiAAKCRCFwuHvBreF YWZtAQCYRx4n6lVWJ8t954bVZGcxLvruY6SVhR5r7xGTEEW/cwD/VnRJb7fwfgTc bP7+DIG+qLK2JWVNT4GptgpnjOuDPwY= =KjJs -----END PGP SIGNATURE----- Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma Pull rdma fixes from Jason Gunthorpe: - syzkaller found a WARN_ON in rxe due to poor lifecycle management of resources linked to skbs - Missing error path handling in erdma qp creation - Initialize the qp number for the GSI QP in erdma - Mismatching of DIP, SCC and QP numbers in hns - SRQ bug fixes in bnxt_re - Memory leak and possibly uninited memory in bnxt_re - Remove retired irdma maintainer - Fix kfree() for kvalloc() in ODP - Fix memory leak in hns * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: RDMA/hns: Fix dip entries leak on devices newer than hip09 RDMA/core: Free pfn_list with appropriate kvfree call MAINTAINERS: Remove bouncing irdma maintainer RDMA/bnxt_re: Fix to initialize the PBL array RDMA/bnxt_re: Fix a possible memory leak in the driver RDMA/bnxt_re: Fix to remove workload check in SRQ limit path RDMA/bnxt_re: Fix to do SRQ armena by default RDMA/hns: Fix querying wrong SCC context for DIP algorithm RDMA/erdma: Fix unset QPN of GSI QP RDMA/erdma: Fix ignored return value of init_kernel_qp RDMA/rxe: Flush delayed SKBs while releasing RXE resources |
||
|
Linus Torvalds
|
c37d2bc92b |
IOMMU Fixes for Linux v6.17-rc2:
Including: - AMD-Vi: Fix potential stack buffer overflow via command line. - NVidia-Tegra: Fix endianess sparse warning. - ARM-SMMU: Fix ATS-masters reference count issue. - Virtio-IOMMU: Fix race condition on instance lookup. - RISC-V IOMMU: Fix potential NULL-ptr dereference in riscv_iommu_iova_to_phys(). -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEr9jSbILcajRFYWYyK/BELZcBGuMFAmioMvgACgkQK/BELZcB GuMzlxAAh1sQ3jPkyEcQzCErCYvvICWMzEiV0Lweot5xBFcAZAXQEcYJy9u1PnA7 NNoSfhaEyufkANUznvI5ikkJzv9wfIOK1mn3vjaeZe7ymXqh0m+JqFWS1hQynjp4 6DEIYEJLB1pLDM41P+S+AnVWfS88XwMsUd13es773zJgPLHfK9U97oFWfUhkj6ei 9ItvgSAiqAcIPYu1/hI5Te7vIC5RBRyOfvAhhzxx2255T3bdUqbVUz3ERLXZ808M MOmhznlVAChhoOKTdWRpOaVnFsaWCbUBhdnnSwwL7lsmixd4wDELZM/8jGA8hlIT 7sbMIiiEdWqPfpMZxDuz7IfEilhFmZP8+e5c8VPL37PTouj2RdCGPbLtzGFzlMKU QF40K6FAJCbE9mmgmtdD33xhBkc3/7gar9Xvc3k9VEvVOfvZ/TxgPTW4ZilaO+OK C8S1/x3T6MFZmndKT/H1SAm+AM4pViON48N5t4L6rVA/na0xraOXNjFnsNeK6gLY lK5pz7St69Ud7KQUQXhUgKSktDDQOnZYcbn0I7z2KfSAIWFxqJgT9F5XtTde1kdm XZVe4qp59UzOgZQu1Q1K5F2peQGFSjoaK69r4I0Mh2VY7jokW/tZmqUgyTbW42hD qH/jhcPblpOTCFM9LPn94oShmTlMcNhKYbfO+VKIY9ThhxPVHJc= =BWSF -----END PGP SIGNATURE----- Merge tag 'iommu-fixes-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux Pull iommu fixes from Joerg Roedel: - AMD-Vi: Fix potential stack buffer overflow via command line - NVidia-Tegra: Fix endianess sparse warning - ARM-SMMU: Fix ATS-masters reference count issue - Virtio-IOMMU: Fix race condition on instance lookup - RISC-V IOMMU: Fix potential NULL-ptr dereference in riscv_iommu_iova_to_phys() * tag 'iommu-fixes-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux: iommu/riscv: prevent NULL deref in iova_to_phys iommu/virtio: Make instance lookup robust iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement iommu/tegra241-cmdqv: Fix missing cpu_to_le64 at lvcmdq_err_map iommu/amd: Avoid stack buffer overflow from kernel cmdline |
||
|
Linus Torvalds
|
f28ad47b66 |
sound fixes for 6.17-rc3
Only small fixes. - ASoC Cirrus codec fixes - A regression fix for the recent TAS2781 codec refactoring - A fix for user-timer error handling - Fixes for USB-audio descriptor validators - Usual HD-audio and ASoC device-specific quirks -----BEGIN PGP SIGNATURE----- iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAminN10OHHRpd2FpQHN1 c2UuZGUACgkQLtJE4w1nLE/RFw//XtS8u0fRY+WRbFdV7zE+nUBszbqAfOBs7kzd jB3iWJogKyeUq/whgT1xDa3R7PPHK74XDrSEAEJTTmyiUtAPMNh895CGIEqD07nz sg1rHlDLNgB4Hdc4cfiBXfSMZnPH4CAnWUSnUF7QsSXmaPHyhJsc3zQDwrVEl0/j DLuaF5BjzOGVL8my61UWCUrAEI+lVBerlJ5A2RT2LnZxH6f/PgtGmXyFElcfnxy0 TFZ/na7llmNn4O+yUPq/w/lvaEXE5ER/G4vfDbtQTlOeBXI4IHJ2xWtPGGA1Nkbm YagdLxoBAMq+mL4HOHhldF0nuPbia0LFdpc5NEmFT8D4SOuy6WS+0qlqAxpytbSC T9UhLDe1lDiMhVYhnvqPORNIC7lCXsUHIT/fccaK240qpQidwzmNDA8JsFNC6ZZj D/wJddMk8XgCs3kmIa8P7nfnF4QO+xIATaiWjpBgE+ahIpWZFMq1f7ZKY3pwjqu3 kJg4GsMeopqyOphD2mX3EQMJ6x4aDpemRLxVj9esPqvpT+j5dViLQsZI/h2n8ZUU V253FW9qj7uFPTQ/hYDcDXneMGG/kS741ggTFmHNJSNOAk31qBfOGjS52LkkHvw1 DT/UouG6GRh4Qgq23doRIC2zRU6ySh4KbktGvysVAvljMvRJLroQywJNyaTVH3HP 9Z+1zxI= =myx0 -----END PGP SIGNATURE----- Merge tag 'sound-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Only small fixes. - ASoC Cirrus codec fixes - A regression fix for the recent TAS2781 codec refactoring - A fix for user-timer error handling - Fixes for USB-audio descriptor validators - Usual HD-audio and ASoC device-specific quirks" * tag 'sound-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation ALSA: timer: fix ida_free call while not allocated ASoC: cs35l56: Remove SoundWire Clock Divider workaround for CS35L63 ASoC: cs35l56: Handle new algorithms IDs for CS35L63 ASoC: cs35l56: Update Firmware Addresses for CS35L63 for production silicon ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 ASoC: codecs: ES9389: Modify the standby configuration ALSA: usb-audio: Fix size validation in convert_chmap_v3() ALSA: hda/tas2781: Add name prefix tas2781 for tas2781's dvc_tlv and amp_vol_tlv ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 |
||
|
Linus Torvalds
|
3cfcd57def |
fix for netfs smb3 oops
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmin3xQACgkQiiy9cAdy T1Fq0gwAlHUoGyM53OFYvCKmiAmkKYk1p/xBMl8lf59meF0HC6jxhDkgngZ24FhL V8z9h9viETDidZeq3SDTrFUQVcHJUlk3VMRFCFjObfQ8ngt7r55DFRBFv5hky936 kTMoCRjHB6hHUL0tO5q1OPWrKNg1I1V8GDuH3jEima7MR5VwnHL1CMj+DBYRSlsB U2hPcgIVkDwNH+ZymI0FKXa1PbV+D1PlYy5Cr6X7EeSQC9FreU2HFrD0jbzUP1TW Y9GKnyikuD44GP69vBk7sXW8oe7YaXIyFiBW0lEIHlV1nVjNHBKs5+XyIjdH+0bF J8qeczKvsl6XkLpv32i/dqKVx/YdTsfY2iUo92JjjcbW1dbjqn7E9f+LufcCykFp zjZ77PWxtPkqZamaCmnf8av8GBf3HIdd5X5rpHkyYBphobkWe5NsAXoqFiAbGMcw Q3yrB8EA6a5pEejiWZA/N8NJwJFkvY/OARgRsGaOwopuMqOeoudzduRoaaDt4dPd 4sEoSN6X =MKGv -----END PGP SIGNATURE----- Merge tag '6.17-rc2-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fix from Steve French: "Fix for netfs smb3 oops" * tag '6.17-rc2-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6: cifs: Fix oops due to uninitialised variable |
||
|
Linus Torvalds
|
e86ba12cf8 |
NFS client bugfix for Linux 6.17
Stable fixes: - NFS: Fix a data corrupting race when updating an existing write -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEESQctxSBg8JpV8KqEZwvnipYKAPIFAminvwMACgkQZwvnipYK APIFkxAAmmlm+6rVRmkb5W37hgcsntWS90CjIw6axH7WlFToypiDam83pCIYzAMc wzO5e03ZnKwp49zabTYSqoLD30/irZ3QwR6H1XIe6NToomYr43CZPjqctZLhVaeq HpLfBiJdxI2jJQMpHubQk66MyBhk0tXln+Pzzi59ZESOevbGWcT8bz6v849nIh0F emngSbMEKMXLrY+r/NsX31wF3Te4WYNyV/tumck3hOEZNouCKD/a2JKGEXdkWKw6 1IFiTxo4IT8vsVrUTKsG3QUtkv/v8iZ0FSl1f9FD1C6eubX5Jo4JcEQmDc6NoJTF 4viy0c19+8TUs//Kax4VlBE6opeb9jXba4iN0FOXeYsbqVXyv8fEuinLu174I+s4 bQNpScZ8/o/dMio/Qa6RgTvxIvk9kICJEmfF1IKeIb7Kn+nczpsD8CqwT/EKiCV2 ZotYZP5BP2BKYrtV5eUhWcl9mKpagz8ivHCevKvaG4JX+M2/XVNNspgkdr8hwu3j SX5lwOdLP//gHqt3x8PUCrD2G9Pn81qkshR5mfJAyWhPodwrP6vsDSvAnB93zeZB LVln0c1BHmvPpjAEnIzCh3mZXdzMHSVHxKldktYDfhfh/8tFJAkS7o3bXpgZ8dMF eHsYZHBJnByZBfi61B3RkWB9QU8KWi+winDQJpoU+MbZGxRdFmA= =Yh2D -----END PGP SIGNATURE----- Merge tag 'nfs-for-6.17-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client fix from Trond Myklebust: - NFS: Fix a data corrupting race when updating an existing write * tag 'nfs-for-6.17-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFS: Fix a race when updating an existing write |
||
|
Linus Torvalds
|
6eba757ce9 |
20 hotfixes. 10 are cc:stable and the remainder address post-6.16 issues
or aren't considered necessary for -stable kernels. 17 of these fixes are for MM. As usual, singletons all over the place, apart from a three-patch series of KHO followup work from Pasha which is actually also a bunch of singletons. -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCaKfFVwAKCRDdBJ7gKXxA jvZGAQCCRTRgwnYsH0op9Rlxs72zokENbErSzXweWLez31pNpAD/S7bVSjjk1mXr BQ24ZadKUUomWkghwCusb9VomMeneg0= =+uBT -----END PGP SIGNATURE----- Merge tag 'mm-hotfixes-stable-2025-08-21-18-17' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Pull misc fixes from Andrew Morton: "20 hotfixes. 10 are cc:stable and the remainder address post-6.16 issues or aren't considered necessary for -stable kernels. 17 of these fixes are for MM. As usual, singletons all over the place, apart from a three-patch series of KHO followup work from Pasha which is actually also a bunch of singletons" * tag 'mm-hotfixes-stable-2025-08-21-18-17' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: mm/mremap: fix WARN with uffd that has remap events disabled mm/damon/sysfs-schemes: put damos dests dir after removing its files mm/migrate: fix NULL movable_ops if CONFIG_ZSMALLOC=m mm/damon/core: fix damos_commit_filter not changing allow mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn MAINTAINERS: mark MGLRU as maintained mm: rust: add page.rs to MEMORY MANAGEMENT - RUST iov_iter: iterate_folioq: fix handling of offset >= folio size selftests/damon: fix selftests by installing drgn related script .mailmap: add entry for Easwar Hariharan selftests/mm: add test for invalid multi VMA operations mm/mremap: catch invalid multi VMA moves earlier mm/mremap: allow multi-VMA move when filesystem uses thp_get_unmapped_area mm/damon/core: fix commit_ops_filters by using correct nth function tools/testing: add linux/args.h header and fix radix, VMA tests mm/debug_vm_pgtable: clear page table entries at destroy_args() squashfs: fix memory leak in squashfs_fill_super kho: warn if KHO is disabled due to an error kho: mm: don't allow deferred struct page with KHO kho: init new_physxa->phys_bits to fix lockdep |
||
|
XianLiang Huang
|
99d4d1a070 |
iommu/riscv: prevent NULL deref in iova_to_phys
The riscv_iommu_pte_fetch() function returns either NULL for
unmapped/never-mapped iova, or a valid leaf pte pointer that
requires no further validation.
riscv_iommu_iova_to_phys() failed to handle NULL returns.
Prevent null pointer dereference in
riscv_iommu_iova_to_phys(), and remove the pte validation.
Fixes:
|
||
|
Robin Murphy
|
72b6f7cd89 |
iommu/virtio: Make instance lookup robust
Much like arm-smmu in commit |
||
|
Nicolin Chen
|
685ca577b4 |
iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement
The arm_smmu_attach_commit() updates master->ats_enabled before calling
arm_smmu_remove_master_domain() that is supposed to clean up everything
in the old domain, including the old domain's nr_ats_masters. So, it is
supposed to use the old ats_enabled state of the device, not an updated
state.
This isn't a problem if switching between two domains where:
- old ats_enabled = false; new ats_enabled = false
- old ats_enabled = true; new ats_enabled = true
but can fail cases where:
- old ats_enabled = false; new ats_enabled = true
(old domain should keep the counter but incorrectly decreased it)
- old ats_enabled = true; new ats_enabled = false
(old domain needed to decrease the counter but incorrectly missed it)
Update master->ats_enabled after arm_smmu_remove_master_domain() to fix
this.
Fixes:
|
||
|
Linus Torvalds
|
3957a57201 |
cgroup: Fixes for v6.17-rc2
- Fix NULL de-ref in css_rstat_exit() which could happen after allocation failure. - Fix a cpuset partition handling bug and a couple other misc issues. - Doc spelling fix. -----BEGIN PGP SIGNATURE----- iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCaKd9WQ4cdGpAa2VybmVs Lm9yZwAKCRCxYfJx3gVYGd3pAQCkqjlcHyKBOr8AXCcNmisyj0PvSFJwmcCWf3Mu 7gsJ0wEAjxqs+otIPHzjhQlRBMN1vhwn5/B/xVqKO57pCHtrGQY= =zj8n -----END PGP SIGNATURE----- Merge tag 'cgroup-for-6.17-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fixes from Tejun Heo: - Fix NULL de-ref in css_rstat_exit() which could happen after allocation failure - Fix a cpuset partition handling bug and a couple other misc issues - Doc spelling fix * tag 'cgroup-for-6.17-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: docs: cgroup: fixed spelling mistakes in documentation cgroup: avoid null de-ref in css_rstat_exit() cgroup/cpuset: Remove the unnecessary css_get/put() in cpuset_partition_write() cgroup/cpuset: Fix a partition error with CPU hotplug cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key |
||
|
Linus Torvalds
|
9a36b58a88 |
spi: Fixes for v6.17
A small collection of fixes that came in during the past week, a few driver specifics plus one fix for the spi-mem core where we weren't taking account of the frequency capabilities of the system when determining if it can support an operation. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmincWcACgkQJNaLcl1U h9AZJgf9GgIDY30+6IAW13I+g0UVOWyUi7rz6RN4fC6fNc82+OLfgkR4yKr7a2az 77udyVqy/cgvUEC41OyJ8Tvl8mfPXjOQ8WzobYynq/ldvN4d7JRGeds2rF4qG3rF yz7sCDZBcBwZYQ5FGTsjawubFOjvgatafVcLUsZ6Q4gyt8lvyHs+Pl3P/XeEVlVZ GVbqJfzpidpxDxMII5E0TH+YGJwtU0BC0JGB0EfdW9/SKXRp3nkbMJIXVshmy5G3 E8QLVE6brSL7hhDOjOtBfxEb5ddvibsEkNJUg//VfDFh3tTx3BGaFDxaCw/WPGtL JReicUkzH0bm6Qg++xkVaHh37XFLDw== =hyVr -----END PGP SIGNATURE----- Merge tag 'spi-fix-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "A small collection of fixes that came in during the past week, a few driver specifics plus one fix for the spi-mem core where we weren't taking account of the frequency capabilities of the system when determining if it can support an operation" * tag 'spi-fix-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: st: fix PM macros to use CONFIG_PM instead of CONFIG_PM_SLEEP spi: spi-qpic-snand: fix calculating of ECC OOB regions' properties spi: spi-fsl-lpspi: Clamp too high speed_hz spi: spi-mem: add spi_mem_adjust_op_freq() in spi_mem_supports_op() spi: spi-mem: Add missing kdoc argument spi: spi-qpic-snand: use correct CW_PER_PAGE value for OOB write |
||
|
Linus Torvalds
|
f43e6ba0b4 |
regulator: Fixes for v6.17
A couple of fairly minor device specific fixes that came in over the past week or so, plus the addition of an actual maintainer for the IR38060. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmincPUACgkQJNaLcl1U h9CCbgf/dhq9uXBrSAEi/bAxMlr0sRPSeqZypnnkgPm7rFG2Ox7B2sZLa03Un8hz Kus6sUupyX/SHBTNIV+fgO6EXgeoOwXtTEvqdRy9TuA0EQMDM3QWTCkshF2wgMG5 o73ThEaWfLw1kju3NUKgV1szcgQ7VB8qHqlJwor3htPgSTHDq+Rk22lLYJ7oMVNo E1D075tyJb0hyBlPqVmard5nItWSHYi3SRvATu4to0MLU6iU970NWtzOVzCKzM+i 2TDt84QWqhemvArz08AKTpCYk9azxHbPSlS8UH5UV8WyX4MIfWAUdk5XworIpCPk 0d2jLevYR7BNO5uX1hZD7gqLno6kAg== =w1wH -----END PGP SIGNATURE----- Merge tag 'regulator-fix-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "A couple of fairly minor device specific fixes that came in over the past week or so, plus the addition of an actual maintainer for the IR38060" * tag 'regulator-fix-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: tps65219: regulator: tps65219: Fix error codes in probe() regulator: pca9450: Use devm_register_sys_off_handler regulator: dt-bindings: infineon,ir38060: Add Guenter as maintainer from IBM |
||
|
Linus Torvalds
|
f70e1e7980 |
ACPI fixes for 6.17-rc3
- Make ACPI APEI error injection check the version of the request when
mapping the EINJ parameter structure in the BIOS reserved memory to
prevent injecting errors based on an uninitialized field (Tony Luck)
- Fix potential NULL dereference in __einj_error_inject() that may
occur when memory allocation fails (Charles Han)
- Remove the __exit annotation from einj_remove(), so it can be called
on errors during faux device probe (Uwe Kleine-König)
- Use a security-version-number check instead of a runtime version
check during ACPI platform firmware runtime driver updates to prevent
those updates from failing due to false-positive driver version check
failures (Chen Yu)
-----BEGIN PGP SIGNATURE-----
iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAminbNQSHHJqd0Byand5
c29ja2kubmV0AAoJEO5fvZ0v1OO1ZBYH/RhnnCQasjnY8aWLk/yJAa7cdR9vuJKJ
V5ncMp/7/AYLLa9Bgszb6yh1zUCaaGbLUYroP89BDTUY3tn2NVQbHHD4I3qPX6FI
si4D7y9b5KsJjDOz2BYIcENZP/HqrSLox9tmYrUDh/2ADp7Ph3o9X0k9mFeXLXjx
fl3qGY7/4XTi2OG90Xh7aGo1W/damw0PjpAa0wNR8GY+ZhmiYtoLItCAJDFkTUlw
2Gv3t3nPIJbE6fuNI33nhwMNgG5wfYssC8W1KuFmpxi3VSryFNAMgaGqlWvlkcVt
vMybl2npaqjtTSOkkBaotSLUb7U0UFIa9thyE1o8FEsPDBxgAuyUXKI=
=jbTv
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These fix three new issues in the ACPI APEI error injection code and
an ACPI platform firmware runtime update interface issue:
- Make ACPI APEI error injection check the version of the request
when mapping the EINJ parameter structure in the BIOS reserved
memory to prevent injecting errors based on an uninitialized
field (Tony Luck)
- Fix potential NULL dereference in __einj_error_inject() that may
occur when memory allocation fails (Charles Han)
- Remove the __exit annotation from einj_remove(), so it can be
called on errors during faux device probe (Uwe Kleine-König)
- Use a security-version-number check instead of a runtime version
check during ACPI platform firmware runtime driver updates to
prevent those updates from failing due to false-positive driver
version check failures (Chen Yu)"
* tag 'acpi-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: pfr_update: Fix the driver update version check
ACPI: APEI: EINJ: Fix resource leak by remove callback in .exit.text
ACPI: APEI: EINJ: fix potential NULL dereference in __einj_error_inject()
ACPI: APEI: EINJ: Check if user asked for EINJV2 injection
|
||
|
Linus Torvalds
|
26d6ed49cd |
Power management fixes for 6.17-rc3
- Prevent the menu cpuidle governor from selecting idle states with
exit latency exceeding the current PM QoS limit after stopping the
scheduler tick (Rafael Wysocki)
- Make the set subcommand's -t option in the cpupower utility work as
documented and allow it to control the CPU boost feature of cpufreq
beyond x86 (Shinji Nomoto)
-----BEGIN PGP SIGNATURE-----
iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAminaMASHHJqd0Byand5
c29ja2kubmV0AAoJEO5fvZ0v1OO18vwH/1LQoO0ibu40yBpfjVemwuNGn4jrFV1i
lDnZ03njFGaZ01abjDEeNdggHCRybCmqWVQArEMGzWqCUGo/zmWzyi5apXic6d1A
qSMvFfoZHXdExa2+nm4OHcSCFAHrz+81ACyWlTuObhoPGqo2Mvu/hf2e2kn7uPOG
/HQE1E5sYqLaqBxLhQAfPU7CyfXiM2LL/8Fv7420Z5I85Tx9z6cHa7sUgrNveJxP
BrEm9u9dRKKc/tHL0RGsdCf7Ddff9jF/npjJ0965eSNwJh6Wr3HbcGOKyQcI3Xjx
S+UxijVz1CuZwMmyRHibYj+HV+fsYHbU6G9wQpez5wJBlHNbnI1/kzE=
=DhR+
-----END PGP SIGNATURE-----
Merge tag 'pm-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These fix a cpuidle menu governor issue and two issues in the cpupower
utility:
- Prevent the menu cpuidle governor from selecting idle states with
exit latency exceeding the current PM QoS limit after stopping the
scheduler tick (Rafael Wysocki)
- Make the set subcommand's -t option in the cpupower utility work as
documented and allow it to control the CPU boost feature of cpufreq
beyond x86 (Shinji Nomoto)"
* tag 'pm-6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpuidle: governors: menu: Avoid selecting states with too much latency
cpupower: Allow control of boost feature on non-x86 based systems with boost support.
cpupower: Fix a bug where the -t option of the set subcommand was not working.
|
||
|
Linus Torvalds
|
d72052ac09 |
sched_ext: Fixes for v6.17-rc2
- Fix a subtle bug during SCX enabling where a dead task skips init but doesn't skip sched class switch leading to invalid task state transition warning. - Cosmetic fix in selftests. -----BEGIN PGP SIGNATURE----- iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCaKdWkg4cdGpAa2VybmVs Lm9yZwAKCRCxYfJx3gVYGWI2AP9e+OTPPHa+sHeM7g3ngigF44nyvvRIPIMJHmZO 7CYT9AD/e+YI+atHzo5iSBcpGwjW8BSLc0ozdrkI0N7XFLXC4go= =7Ti1 -----END PGP SIGNATURE----- Merge tag 'sched_ext-for-6.17-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext Pull sched_ext fixes from Tejun Heo: - Fix a subtle bug during SCX enabling where a dead task skips init but doesn't skip sched class switch leading to invalid task state transition warning - Cosmetic fix in selftests * tag 'sched_ext-for-6.17-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext: selftests/sched_ext: Remove duplicate sched.h header sched/ext: Fix invalid task state transitions on class switch |
||
|
Jens Axboe
|
e4e6aaea46 |
io_uring: clear ->async_data as part of normal init
Opcode handlers like POLL_ADD will use ->async_data as the pointer for double poll handling, which is a bit different than the usual case where it's strictly gated by the REQ_F_ASYNC_DATA flag. Be a bit more proactive in handling ->async_data, and clear it to NULL as part of regular init. Init is touching that cacheline anyway, so might as well clear it. Signed-off-by: Jens Axboe <axboe@kernel.dk> |
||
|
Jens Axboe
|
508c1314b3 |
io_uring/futex: ensure io_futex_wait() cleans up properly on failure
The io_futex_data is allocated upfront and assigned to the io_kiocb
async_data field, but the request isn't marked with REQ_F_ASYNC_DATA
at that point. Those two should always go together, as the flag tells
io_uring whether the field is valid or not.
Additionally, on failure cleanup, the futex handler frees the data but
does not clear ->async_data. Clear the data and the flag in the error
path as well.
Thanks to Trend Micro Zero Day Initiative and particularly ReDress for
reporting this.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Christoph Manszewski
|
111fb43a55
|
drm/xe: Fix vm_bind_ioctl double free bug
If the argument check during an array bind fails, the bind_ops are freed
twice as seen below. Fix this by setting bind_ops to NULL after freeing.
==================================================================
BUG: KASAN: double-free in xe_vm_bind_ioctl+0x1b2/0x21f0 [xe]
Free of addr ffff88813bb9b800 by task xe_vm/14198
CPU: 5 UID: 0 PID: 14198 Comm: xe_vm Not tainted 6.16.0-xe-eudebug-cmanszew+ #520 PREEMPT(full)
Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR5 RVP, BIOS ADLPFWI1.R00.2411.A02.2110081023 10/08/2021
Call Trace:
<TASK>
dump_stack_lvl+0x82/0xd0
print_report+0xcb/0x610
? __virt_addr_valid+0x19a/0x300
? xe_vm_bind_ioctl+0x1b2/0x21f0 [xe]
kasan_report_invalid_free+0xc8/0xf0
? xe_vm_bind_ioctl+0x1b2/0x21f0 [xe]
? xe_vm_bind_ioctl+0x1b2/0x21f0 [xe]
check_slab_allocation+0x102/0x130
kfree+0x10d/0x440
? should_fail_ex+0x57/0x2f0
? xe_vm_bind_ioctl+0x1b2/0x21f0 [xe]
xe_vm_bind_ioctl+0x1b2/0x21f0 [xe]
? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe]
? __lock_acquire+0xab9/0x27f0
? lock_acquire+0x165/0x300
? drm_dev_enter+0x53/0xe0 [drm]
? find_held_lock+0x2b/0x80
? drm_dev_exit+0x30/0x50 [drm]
? drm_ioctl_kernel+0x128/0x1c0 [drm]
drm_ioctl_kernel+0x128/0x1c0 [drm]
? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe]
? find_held_lock+0x2b/0x80
? __pfx_drm_ioctl_kernel+0x10/0x10 [drm]
? should_fail_ex+0x57/0x2f0
? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe]
drm_ioctl+0x352/0x620 [drm]
? __pfx_drm_ioctl+0x10/0x10 [drm]
? __pfx_rpm_resume+0x10/0x10
? do_raw_spin_lock+0x11a/0x1b0
? find_held_lock+0x2b/0x80
? __pm_runtime_resume+0x61/0xc0
? rcu_is_watching+0x20/0x50
? trace_irq_enable.constprop.0+0xac/0xe0
xe_drm_ioctl+0x91/0xc0 [xe]
__x64_sys_ioctl+0xb2/0x100
? rcu_is_watching+0x20/0x50
do_syscall_64+0x68/0x2e0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fa9acb24ded
Fixes:
|
||
|
Piotr Piórkowski
|
8a30114073
|
drm/xe: Move ASID allocation and user PT BO tracking into xe_vm_create
Currently, ASID assignment for user VMs and page-table BO accounting for
client memory tracking are performed in xe_vm_create_ioctl.
To consolidate VM object initialization, move this logic to
xe_vm_create.
v2:
- removed unnecessary duplicate BO tracking code
- using the local variable xef to verify whether the VM is being created
by userspace
Fixes:
|
||
|
Rafael J. Wysocki
|
670b51121e |
Merge branches 'acpi-apei' and 'acpi-pfrut'
Merge ACPI APEI fixes and an ACPI platform firmware runtime update fix for 6.17-rc3. * acpi-apei: ACPI: APEI: EINJ: Fix resource leak by remove callback in .exit.text ACPI: APEI: EINJ: fix potential NULL dereference in __einj_error_inject() ACPI: APEI: EINJ: Check if user asked for EINJV2 injection * acpi-pfrut: ACPI: pfr_update: Fix the driver update version check |