GKI (arm64) relevant 87 out of 414 changes, affecting 112 files +738/-352
bdb71ee651 configfs: Do not override creating attribute file failure in populate_attrs() [1 file, +1/-1]
ba789be63d io_uring: account drain memory to cgroup [1 file, +1/-1]
c58b577cf7 io_uring/kbuf: account ring io_buffer_list memory [1 file, +1/-1]
f78b38af35 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() [1 file, +3/-2]
2429bb9fad media: v4l2-dev: fix error handling in __video_register_device() [1 file, +7/-7]
5d8b057ed7 media: videobuf2: use sgtable-based scatterlist wrappers [1 file, +2/-2]
b52dc88361 media: uvcvideo: Return the number of processed controls [1 file, +10/-1]
6d2b12e7c5 media: uvcvideo: Send control events for partial succeeds [1 file, +9/-3]
aac91ae06c media: uvcvideo: Fix deferred probing error [1 file, +19/-8]
86d9837e46 arm64/mm: Close theoretical race where stale TLB entry remains valid [1 file, +5/-4]
5538af3843 block: use plug request list tail for one-shot backmerge attempt [1 file, +13/-13]
943801c380 block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion [1 file, +1/-0]
1c71f3cf5f cgroup,freezer: fix incomplete freezing when attaching tasks [1 file, +1/-2]
a0890b7805 bus: firewall: Fix missing static inline annotations for stubs [1 file, +9/-6]
5766da2237 ext4: inline: fix len overflow in ext4_prepare_inline_data [1 file, +1/-1]
796632e6f8 ext4: fix calculation of credits for extent tree modification [1 file, +6/-5]
4b36399711 ext4: ensure i_size is smaller than maxbytes [1 file, +2/-1]
be5f3061a6 ext4: only dirty folios when data journaling regular files [1 file, +6/-1]
a0b1c91ada Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() [1 file, +2/-0]
fed611bd8c f2fs: fix to do sanity check on ino and xnid [1 file, +6/-0]
aaa644e7ff f2fs: prevent kernel warning due to negative i_nlink from corrupted image [1 file, +9/-0]
ee1b421c46 f2fs: fix to do sanity check on sit_bitmap_size [1 file, +8/-0]
f16a797dce watchdog: fix watchdog may detect false positive of softlockup [1 file, +27/-14]
02137179ff mm: fix ratelimit_pages update error in dirty_ratio_handler() [1 file, +1/-1]
462eee6d42 firmware: arm_scmi: Ensure that the message-id supports fastchannel [2 files, +45/-33]
e3cf1ef571 dm-verity: fix a memory leak if some arguments are specified multiple times [3 files, +24/-5]
f2986bccf2 dm: lock limits when reading them [1 file, +7/-1]
ec5f0b4412 ovl: Fix nested backing file paths [1 file, +2/-2]
92776ca0cc remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() [1 file, +2/-3]
f4ef928ca5 remoteproc: core: Release rproc->clean_table after rproc_attach() fails [1 file, +1/-0]
68e58f5791 PCI: dwc: ep: Correct PBA offset in .set_msix() callback [1 file, +3/-2]
b20701d594 PCI: Add ACS quirk for Loongson PCIe [1 file, +23/-0]
be0cf75cbd PCI: Fix lock symmetry in pci_slot_unlock() [1 file, +2/-1]
7b45d2401d clocksource: Fix the CPUs' choice in the watchdog per CPU verification [1 file, +1/-1]
c05aba32a9 ACPICA: Avoid sequence overread in call to strncmp() [1 file, +1/-1]
66613b13cd ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case [1 file, +8/-1]
33cd650d38 pmdomain: core: Reset genpd->states to avoid freeing invalid data [1 file, +3/-1]
f34e0c1556 platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() [1 file, +1/-0]
c519f81e9c gpiolib: of: Add polarity quirk for s5m8767 [1 file, +9/-0]
1f152ae557 PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() [1 file, +1/-1]
6c1151d53c tipc: use kfree_sensitive() for aead cleanup [1 file, +1/-1]
b0e647442c f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx [2 files, +15/-13]
2d834477bb bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() [1 file, +2/-1]
77ff6aec7c cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs [1 file, +35/-1]
0a8446058c tcp: always seek for minimal rtt in tcp_rcv_rtt_update() [1 file, +8/-14]
f97085d365 tcp: remove zero TCP TS samples for autotuning [1 file, +5/-5]
89b20c406e tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows [1 file, +3/-3]
84c156a351 tcp: add receive queue awareness in tcp_rcv_space_adjust() [2 files, +5/-3]
3a9e74d158 ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT [1 file, +4/-0]
5eb9c50e0c net: page_pool: Don't recycle into cache on PREEMPT_RT [1 file, +4/-0]
8b0741b167 xfrm: validate assignment of maximal possible SEQ number [1 file, +42/-10]
8fdf2f79eb bpf: Pass the same orig_call value to trampoline functions [1 file, +1/-1]
f0023d7a2a f2fs: fix to bail out in get_new_segment() [2 files, +6/-1]
448dc45eea bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index [1 file, +2/-2]
78f768e36c net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions [1 file, +69/-8]
4b3383110b software node: Correct a OOB check in software_node_get_reference_args() [1 file, +1/-1]
b7129ef57d sock: Correct error checking condition for (assign|release)_proto_idx() [1 file, +2/-2]
a58f0a0e99 f2fs: fix to set atomic write status more clear [3 files, +12/-2]
b8b4b8bb34 bpf, sockmap: Fix data lost during EAGAIN retries [1 file, +2/-1]
7c41f73b64 fs/xattr.c: fix simple_xattr_list() [1 file, +1/-0]
2e10dc9c2a io_uring/kbuf: don't truncate end buffer for multiple buffer peeks [1 file, +4/-1]
1a4254ab06 io_uring: fix task leak issue in io_wq_create() [1 file, +3/-1]
4220cc0b98 nvme: always punt polled uring_cmd end_io work to task_work [1 file, +7/-14]
f9b97d466e net_sched: sch_sfq: reject invalid perturb period [1 file, +8/-2]
2a3ad42a57 net: clear the dst when changing skb protocol [1 file, +13/-6]
510a29d776 mm: close theoretical race where stale TLB entries could linger [1 file, +2/-0]
57ec081869 sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() [3 files, +9/-2]
3d828519bd atm: Revert atm_account_tx() if copy_from_iter_full() fails. [3 files, +8/-1]
47f34289d1 arm64: Restrict pagetable teardown to avoid false warning [1 file, +2/-1]
9cf5b2a3b7 mm/hugetlb: unshare page tables during VMA split, not before [5 files, +57/-16]
dc5f0aef9e net: Fix checksum update for ILA adj-transport [4 files, +7/-7]
2516299184 bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE [3 files, +7/-2]
50189d9c5e erofs: remove unused trace event erofs_destroy_inode [1 file, +0/-18]
348e541fef ipv6: remove leftover ip6 cookie initializer [1 file, +0/-2]
3c44ebad5a ipv6: replace ipcm6_init calls with ipcm6_init_sk [4 files, +3/-29]
6b358b3adf io_uring/sqpoll: don't put task_struct on tctx setup failure [1 file, +1/-4]
8873080b88 workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() [1 file, +2/-1]
ac462a75fd net: netmem: fix skb_ensure_writable with unreadable skbs [1 file, +0/-3]
61b39e189d ptp: allow reading of currently dialed frequency to succeed on free-running clocks [1 file, +2/-1]
397c1faf8f tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior [1 file, +25/-12]
0d3d91c350 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer [1 file, +2/-2]
31d50dfe9c tcp: fix passive TFO socket having invalid NAPI ID [1 file, +3/-0]
0f8df5d6f2 ublk: santizize the arguments from userspace when adding a device [1 file, +3/-0]
456019adaa perf: Fix sample vs do_exit() [2 files, +16/-8]
7335c33d62 perf: Fix cgroup state vs ERROR [1 file, +30/-21]
fd199366bf perf/core: Fix WARN in perf_cgroup_switch() [1 file, +20/-2]
22f935bc86 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() [1 file, +1/-1]
Changes in 6.12.35
configfs: Do not override creating attribute file failure in populate_attrs()
crypto: marvell/cesa - Do not chain submitted requests
gfs2: move msleep to sleepable context
crypto: qat - add shutdown handler to qat_c3xxx
crypto: qat - add shutdown handler to qat_420xx
crypto: qat - add shutdown handler to qat_4xxx
crypto: qat - add shutdown handler to qat_c62x
crypto: qat - add shutdown handler to qat_dh895xcc
ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()
io_uring: account drain memory to cgroup
io_uring/kbuf: account ring io_buffer_list memory
powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states
s390/pci: Remove redundant bus removal and disable from zpci_release_device()
s390/pci: Prevent self deletion in disable_slot()
s390/pci: Allow re-add of a reserved but not yet removed device
s390/pci: Serialize device addition and removal
regulator: max20086: Fix MAX200086 chip id
regulator: max20086: Change enable gpio to optional
net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
wifi: mt76: mt7925: fix host interrupt register initialization
wifi: ath11k: fix rx completion meta data corruption
wifi: rtw88: usb: Upload the firmware in bigger chunks
wifi: ath11k: fix ring-buffer corruption
NFSD: unregister filesystem in case genl_register_family() fails
NFSD: fix race between nfsd registration and exports_proc
NFSD: Implement FATTR4_CLONE_BLKSIZE attribute
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls
NFSv4: Don't check for OPEN feature support in v4.1
fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
wifi: ath12k: fix ring-buffer corruption
jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
svcrdma: Unregister the device if svc_rdma_accept() fails
wifi: rtw88: usb: Reduce control message timeout to 500 ms
wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
media: ov8856: suppress probe deferral errors
media: ov5675: suppress probe deferral errors
media: imx335: Use correct register width for HNUM
media: nxp: imx8-isi: better handle the m2m usage_count
media: i2c: ds90ub913: Fix returned fmt from .set_fmt()
media: ccs-pll: Start VT pre-PLL multiplier search from correct value
media: ov2740: Move pm-runtime cleanup on probe-errors to proper place
media: ccs-pll: Start OP pre-PLL multiplier search from correct value
media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
media: cxusb: no longer judge rbuf when the write fails
media: davinci: vpif: Fix memory leak in probe error path
media: gspca: Add error handling for stv06xx_read_sensor()
media: i2c: imx335: Fix frame size enumeration
media: imagination: fix a potential memory leak in e5010_probe()
media: intel/ipu6: Fix dma mask for non-secure mode
media: ipu6: Remove workaround for Meteor Lake ES2
media: mediatek: vcodec: Correct vsi_core framebuffer size
media: omap3isp: use sgtable-based scatterlist wrappers
media: v4l2-dev: fix error handling in __video_register_device()
media: venus: Fix probe error handling
media: videobuf2: use sgtable-based scatterlist wrappers
media: vidtv: Terminating the subsequent process of initialization failure
media: vivid: Change the siize of the composing
media: imx-jpeg: Drop the first error frames
media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
media: imx-jpeg: Reset slot data pointers when freed
media: imx-jpeg: Cleanup after an allocation error
media: uvcvideo: Return the number of processed controls
media: uvcvideo: Send control events for partial succeeds
media: uvcvideo: Fix deferred probing error
arm64/mm: Close theoretical race where stale TLB entry remains valid
ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
ASoC: codecs: wcd9375: Fix double free of regulator supplies
ASoC: codecs: wcd937x: Drop unused buck_supply
block: use plug request list tail for one-shot backmerge attempt
block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion
bus: mhi: ep: Update read pointer only after buffer is written
bus: mhi: host: Fix conflict between power_up and SYSERR
can: kvaser_pciefd: refine error prone echo_skb_max handling logic
can: tcan4x5x: fix power regulator retrieval during probe
ceph: avoid kernel BUG for encrypted inode with unaligned file size
ceph: set superblock s_magic for IMA fsmagic matching
cgroup,freezer: fix incomplete freezing when attaching tasks
bus: firewall: Fix missing static inline annotations for stubs
ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard
ata: ahci: Disallow LPM for Asus B550-F motherboard
bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
bus: fsl-mc: fix GET/SET_TAILDROP command ids
ext4: inline: fix len overflow in ext4_prepare_inline_data
ext4: fix calculation of credits for extent tree modification
ext4: factor out ext4_get_maxbytes()
ext4: ensure i_size is smaller than maxbytes
ext4: only dirty folios when data journaling regular files
Input: ims-pcu - check record size in ims_pcu_flash_firmware()
Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
f2fs: fix to do sanity check on ino and xnid
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
f2fs: fix to do sanity check on sit_bitmap_size
hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
NFC: nci: uart: Set tty->disc_data only in success path
net/sched: fix use-after-free in taprio_dev_notifier
net: ftgmac100: select FIXED_PHY
iommu/vt-d: Restore context entry setup order for aliased devices
fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
EDAC/altera: Use correct write width with the INTTEST register
fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
parisc/unaligned: Fix hex output to show 8 hex chars
vgacon: Add check for vc_origin address range in vgacon_scroll()
parisc: fix building with gcc-15
clk: meson-g12a: add missing fclk_div2 to spicc
ipc: fix to protect IPCS lookups using RCU
watchdog: fix watchdog may detect false positive of softlockup
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
mm: fix ratelimit_pages update error in dirty_ratio_handler()
soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events
configfs-tsm-report: Fix NULL dereference of tsm_ops
firmware: arm_scmi: Ensure that the message-id supports fastchannel
mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk
mtd: nand: sunxi: Add randomizer configuration before randomizer enable
KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs
KVM: VMX: Flush shadow VMCS on emergency reboot
dm-mirror: fix a tiny race condition
dm-verity: fix a memory leak if some arguments are specified multiple times
mtd: rawnand: qcom: Fix read len for onfi param page
ftrace: Fix UAF when lookup kallsym after ftrace disabled
dm: lock limits when reading them
phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property()
net: ch9200: fix uninitialised access during mii_nway_restart
KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
sysfb: Fix screen_info type check for VGA
video: screen_info: Relocate framebuffers behind PCI bridges
pwm: axi-pwmgen: fix missing separate external clock
staging: iio: ad5933: Correct settling cycles encoding per datasheet
mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
ovl: Fix nested backing file paths
regulator: max14577: Add error check for max14577_read_reg()
remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
remoteproc: core: Release rproc->clean_table after rproc_attach() fails
remoteproc: k3-m4: Don't assert reset in detach routine
cifs: reset connections for all channels when reconnect requested
cifs: update dstaddr whenever channel iface is updated
cifs: dns resolution is needed only for primary channel
smb: client: add NULL check in automount_fullpath
Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
uio_hv_generic: Use correct size for interrupt and monitor pages
uio_hv_generic: Align ring size to system page
PCI: cadence-ep: Correct PBA offset in .set_msix() callback
PCI: dwc: ep: Correct PBA offset in .set_msix() callback
PCI: Add ACS quirk for Loongson PCIe
PCI: Fix lock symmetry in pci_slot_unlock()
PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up()
PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit()
iio: accel: fxls8962af: Fix temperature scan element sign
accel/ivpu: Improve buffer object logging
accel/ivpu: Use firmware names from upstream repo
accel/ivpu: Use dma_resv_lock() instead of a custom mutex
accel/ivpu: Fix warning in ivpu_gem_bo_free()
dummycon: Trigger redraw when switching consoles with deferred takeover
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
iio: imu: inv_icm42600: Fix temperature calculation
iio: adc: ad7944: mask high bits on direct read
iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build
iio: adc: ad7606_spi: fix reg write value mask
ACPICA: fix acpi operand cache leak in dswstate.c
ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
clocksource: Fix the CPUs' choice in the watchdog per CPU verification
power: supply: collie: Fix wakeup source leaks on device unbind
mmc: Add quirk to disable DDR50 tuning
ACPICA: Avoid sequence overread in call to strncmp()
ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init()
ACPI: bus: Bail out if acpi_kobj registration fails
ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case
ACPICA: fix acpi parse and parseext cache leaks
ACPICA: Apply pack(1) to union aml_resource
ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops
power: supply: bq27xxx: Retrieve again when busy
pmdomain: core: Reset genpd->states to avoid freeing invalid data
ACPICA: utilities: Fix overflow check in vsnprintf()
platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()
ASoC: tegra210_ahub: Add check to of_device_get_match_data()
Make 'cc-option' work correctly for the -Wno-xyzzy pattern
gpiolib: of: Add polarity quirk for s5m8767
PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
power: supply: max17040: adjust thermal channel scaling
ACPI: battery: negate current when discharging
net: macb: Check return value of dma_set_mask_and_coherent()
net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
tipc: use kfree_sensitive() for aead cleanup
f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx
bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922
i2c: designware: Invoke runtime suspend on quick slave re-registration
wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
emulex/benet: correct command version selection in be_cmd_get_stats()
Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925
wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
wifi: mt76: mt7925: introduce thermal protection
wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO
sctp: Do not wake readers in __sctp_write_space()
libbpf/btf: Fix string handling to support multi-split BTF
cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
i2c: tegra: check msg length in SMBUS block read
i2c: npcm: Add clock toggle recovery
clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks
net: dlink: add synchronization for stats update
wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET
wifi: ath12k: fix a possible dead lock caused by ab->base_lock
wifi: ath11k: Fix QMI memory reuse logic
iommu/amd: Allow matching ACPI HID devices without matching UIDs
wifi: rtw89: leave idle mode when setting WEP encryption for AP mode
tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
tcp: remove zero TCP TS samples for autotuning
tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
tcp: add receive queue awareness in tcp_rcv_space_adjust()
x86/sgx: Prevent attempts to reclaim poisoned pages
ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
net: page_pool: Don't recycle into cache on PREEMPT_RT
xfrm: validate assignment of maximal possible SEQ number
net: atlantic: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()
bpf: Pass the same orig_call value to trampoline functions
net: stmmac: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()
libbpf: Check bpf_map_skeleton link for NULL
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
wifi: mac80211: do not offer a mesh path if forwarding is disabled
clk: rockchip: rk3036: mark ddrphy as critical
hid-asus: check ROG Ally MCU version and warn
wifi: iwlwifi: mvm: fix beacon CCK flag
f2fs: fix to bail out in get_new_segment()
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
libbpf: Add identical pointer detection to btf_dedup_is_equiv()
scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
scsi: smartpqi: Add new PCI IDs
iommu/amd: Ensure GA log notifier callbacks finish running before module unload
wifi: iwlwifi: pcie: make sure to lock rxq->read
wifi: rtw89: 8922a: fix TX fail with wrong VCO setting
wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
netdevsim: Mark NAPI ID on skb in nsim_rcv
net/mlx5: HWS, Fix IP version decision
bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index
wifi: mac80211: VLAN traffic in multicast path
Revert "mac80211: Dynamically set CoDel parameters per station"
wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0
net: bridge: mcast: update multicast contex when vlan state is changed
net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions
vxlan: Do not treat dst cache initialization errors as fatal
bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp
wifi: ath12k: using msdu end descriptor to check for rx multicast packets
net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER
software node: Correct a OOB check in software_node_get_reference_args()
isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry
pinctrl: mcp23s08: Reset all pins to input at probe
wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping
scsi: lpfc: Use memcpy() for BIOS version
sock: Correct error checking condition for (assign|release)_proto_idx()
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
ixgbe: Fix unreachable retry logic in combined and byte I2C write functions
RDMA/hns: initialize db in update_srq_db()
ice: fix check for existing switch rule
usbnet: asix AX88772: leave the carrier control to phylink
f2fs: fix to set atomic write status more clear
bpf, sockmap: Fix data lost during EAGAIN retries
net: ethernet: cortina: Use TOE/TSO on all TCP
octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
wifi: ath11k: determine PM policy based on machine model
wifi: ath12k: fix link valid field initialization in the monitor Rx
wifi: ath12k: fix incorrect CE addresses
wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz
net/mlx5: HWS, Harden IP version definer checks
fbcon: Make sure modelist not set on unregistered console
watchdog: da9052_wdt: respect TWDMIN
bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
tee: Prevent size calculation wraparound on 32-bit kernels
Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first"
fs/xattr.c: fix simple_xattr_list()
platform/x86/amd: pmc: Clear metrics table at start of cycle
platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice
platform/x86: dell_rbu: Fix list usage
platform/x86: dell_rbu: Stop overwriting data buffer
powerpc/vdso: Fix build of VDSO32 with pcrel
powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
io_uring/kbuf: don't truncate end buffer for multiple buffer peeks
io_uring: fix task leak issue in io_wq_create()
drivers/rapidio/rio_cm.c: prevent possible heap overwrite
platform/loongarch: laptop: Get brightness setting from EC on probe
platform/loongarch: laptop: Unregister generic_sub_drivers on exit
platform/loongarch: laptop: Add backlight power control support
LoongArch: vDSO: Correctly use asm parameters in syscall wrappers
LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg
LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
jffs2: check that raw node were preallocated before writing summary
jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
cifs: deal with the channel loading lag while picking channels
cifs: serialize other channels when query server interfaces is pending
cifs: do not disable interface polling on failure
smb: improve directory cache reuse for readdir operations
scsi: storvsc: Increase the timeouts to storvsc_timeout
scsi: s390: zfcp: Ensure synchronous unit_add
nvme: always punt polled uring_cmd end_io work to task_work
net_sched: sch_sfq: reject invalid perturb period
net: clear the dst when changing skb protocol
mm: close theoretical race where stale TLB entries could linger
udmabuf: use sgtable-based scatterlist wrappers
x86/virt/tdx: Avoid indirect calls to TDX assembly functions
selftests/x86: Add a test to detect infinite SIGTRAP handler loop
ksmbd: fix null pointer dereference in destroy_previous_session
platform/x86: ideapad-laptop: use usleep_range() for EC polling
selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL
sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group()
atm: Revert atm_account_tx() if copy_from_iter_full() fails.
wifi: rtw89: phy: add dummy C2H event handler for report of TAS power
cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
Input: sparcspkr - avoid unannotated fall-through
wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
wifi: cfg80211: init wiphy_work before allocating rfkill fails
arm64: Restrict pagetable teardown to avoid false warning
ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card
ALSA: hda/intel: Add Thinkpad E15 to PM deny list
ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx
ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA
ALSA: hda/realtek: Add quirk for Asus GU605C
iio: accel: fxls8962af: Fix temperature calculation
mm/hugetlb: unshare page tables during VMA split, not before
drm/amdgpu: read back register after written for VCN v4.0.5
kbuild: rust: add rustc-min-version support function
rust: compile libcore with edition 2024 for 1.87+
net: Fix checksum update for ILA adj-transport
bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
erofs: remove unused trace event erofs_destroy_inode
nfsd: use threads array as-is in netlink interface
sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`
Kunit to check the longest symbol length
x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c
ipv6: remove leftover ip6 cookie initializer
ipv6: replace ipcm6_init calls with ipcm6_init_sk
smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels
drm/msm/disp: Correct porch timing for SDM845
drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names
drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
drm/ssd130x: fix ssd132x_clear_screen() columns
ionic: Prevent driver/fw getting out of sync on devcmd(s)
drm/nouveau/bl: increase buffer size to avoid truncate warning
drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled
hwmon: (occ) Rework attribute registration for stack usage
hwmon: (occ) fix unaligned accesses
hwmon: (ltc4282) avoid repeated register write
pldmfw: Select CRC32 when PLDMFW is selected
aoe: clean device rq_list in aoedev_downdev()
io_uring/sqpoll: don't put task_struct on tctx setup failure
net: ice: Perform accurate aRFS flow match
ice: fix eswitch code memory leak in reset scenario
e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
workqueue: Initialize wq_isolated_cpumask in workqueue_init_early()
ksmbd: add free_transport ops in ksmbd connection
net: netmem: fix skb_ensure_writable with unreadable skbs
bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
eth: bnxt: fix out-of-range access of vnic_info array
bnxt_en: Add a helper function to configure MRU and RSS
bnxt_en: Update MRU and RSS table of RSS contexts on queue reset
ptp: fix breakage after ptp_vclock_in_use() rework
ptp: allow reading of currently dialed frequency to succeed on free-running clocks
wifi: carl9170: do not ping device which has failed to load firmware
mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
atm: atmtcp: Free invalid length skb in atmtcp_c_send().
tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior
tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
tcp: fix passive TFO socket having invalid NAPI ID
eth: fbnic: avoid double free when failing to DMA-map FW msg
net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
ublk: santizize the arguments from userspace when adding a device
drm/xe: Wire up device shutdown handler
drm/xe/gt: Update handling of xe_force_wake_get return
drm/xe/bmg: Update Wa_16023588340
calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available
net: atm: add lec_mutex
net: atm: fix /proc/net/atm/lec handling
EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh
dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
smb: Log an error when close_all_cached_dirs fails
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
serial: sh-sci: Increment the runtime usage counter for the earlycon device
smb: client: fix first command failure during re-negotiation
smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
s390/pci: Fix __pcilg_mio_inuser() inline assembly
perf: Fix sample vs do_exit()
perf: Fix cgroup state vs ERROR
perf/core: Fix WARN in perf_cgroup_switch()
arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls
RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs
gpio: pca953x: fix wrong error probe return value
perf evsel: Missed close() when probing hybrid core PMUs
perf test: Directory file descriptor leak
gpio: mlxbf3: only get IRQ for device instance 0
cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function
bpftool: Fix cgroup command to only show cgroup bpf programs
Linux 6.12.35
Change-Id: Ida57d269272a624bedb979bfad0b3c5e7df7e846
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
The ADDRSPACE_VMMIO_CONFIGURE hypercall might be implemented but does
not allow the guest to nominate VMMIO regions. The current
implementation bails out only if the hypercall is not implemented.
If the firmware implements the hypercall but returns an insufficient
permission error, it could cause ioremap() to fail on the guest.
Fix this by checking against GUNYAH_ERROR_CSPACE_INSUF_RIGHTS error
code.
Bug: 427643547
Change-Id: I79faf8db580dca12a46d29f870b73a2af5e4cde6
Signed-off-by: Mukesh Pilaniya <quic_mpilaniy@quicinc.com>
commit fba4ceaa242d2bdf4c04b77bda41d32d02d3925d upstream.
Unlike sysfs, the lifetime of configfs objects is controlled by
userspace. There is no mechanism for the kernel to find and delete all
created config-items. Instead, the configfs-tsm-report mechanism has an
expectation that tsm_unregister() can happen at any time and cause
established config-item access to start failing.
That expectation is not fully satisfied. While tsm_report_read(),
tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail
if tsm_ops have been unregistered, tsm_report_privlevel_store()
tsm_report_provider_show() fail to check for ops registration. Add the
missing checks for tsm_ops having been removed.
Now, in supporting the ability for tsm_unregister() to always succeed,
it leaves the problem of what to do with lingering config-items. The
expectation is that the admin that arranges for the ->remove() (unbind)
of the ${tsm_arch}-guest driver is also responsible for deletion of all
open config-items. Until that deletion happens, ->probe() (reload /
bind) of the ${tsm_arch}-guest driver fails.
This allows for emergency shutdown / revocation of attestation
interfaces, and requires coordinated restart.
Fixes: 70e6f7e2b9 ("configfs-tsm: Introduce a shared ABI for attestation reports")
Cc: stable@vger.kernel.org
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reported-by: Cedric Xing <cedric.xing@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Link: https://patch.msgid.link/20250430203331.1177062-1-dan.j.williams@intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a gunyah hook for ioremap to let the hypervisor know what
iomem regions are being used by the guest.
Bug: 424772814
Change-Id: I46b25f704fcd2c35d16558718e36eef560f56bb9
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
Add a Gunyah protected guest driver. A Gunyah protected guest needs to
be hypervisor-aware to relinquish pages to the host/owner for
virtio-balloon. In the Android Virtualization Framework model, the
host/owner VM, not the hypervisor, owns the virtio devices. The
hypervisor is unaware about the virtio device and thus the guest needs
to inform the hypervisor that the host can access guest-private memory.
Bug: 395833312
Change-Id: I082dff22d12453005728d229b87ef11a8dce9c6b
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Signed-off-by: Prakruthi Deepak Heragu <quic_pheragu@quicinc.com>
The old API was used only by virtio_balloon, and this way we end up
less scattered around the kernel tree.
Bug: 381400679
Bug: 357781595
Change-Id: Ic896d1da83565cc260567b5a1183e94a4d13daab
Signed-off-by: Keir Fraser <keirf@google.com>
Currently pkvm_granule alignment is enforced for the start address of
the ioremap hook. This is a problem as this address doesn't have to be
aligned at all. At the same time, the size of the ioremap isn't verified
and we can simply overshoot the MMIO guard original request.
MMIO guard is solely here to indicate to the hypervisor where are the
MMIO regions. If we validate the RAM is aligned with the pkvm_granule,
we can safely overshoot the MMIO guard.
Bug: 381400679
Bug: 357781595
Fixes: 13c871aec2 ("ANDROID: KVM: arm64: Allow the pVM guest to boot with different granule")
Tested-by: Mostafa Saleh <smostafa@google.com>
Change-Id: I0ae27c1626fab17a3b58a6004b6b4f31c23c61a3
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Remove the limitation of having the same page size when we probe
the hypervisor services from a protected guest VM and allow 4K
protected guest VMs to boot on 16Kb kernels.
Test: Build Microdroid Kernel with this patch.
tools/bazel run --config=fast --lto=thin
//common:kernel_aarch64_microdroid_dist -- --destdir=out/dist
Replace the kernel with the one already built in the aosp repo:
$(aosp)/package/modules/Virtualization/guest/kernel/android15-6.6/arm64/kernel-6.6
Rebuild virtualization service and reinstall the apex
Reboot the device and make sure that protected VMs start on a 16Kb host.
Bug: 381400679
Bug: 357781595
Change-Id: I8ac96833c3fa031a40f02ca18d786febce8aa3b8
Signed-off-by: Sebastian Ene <sebastianene@google.com>
If the reporting granule is larger than guest page size, we cannot
safely relinquish memory to the hypervisor.
Bug: 381400679
Bug: 357781595
Change-Id: I84461c21e44209021afe617ed2796108c5c43718
Signed-off-by: Keir Fraser <keirf@google.com>
The pKVM hypervisor provides a set of HVCs for MMIO guard and memory
sharing that takes a number of pages as an argument to limit the
guest-hypervisor back and forths.
Bug: 357781595
Bug: 243642516
Change-Id: I23e92628bc36b39c6f4cb44694063dcaba63020f
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
GKI (arm64) relevant 24 out of 115 changes, affecting 34 files +169/-94
f4ab7d7424 bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP [1 file, +5/-1]
8cdfb06569 fork: avoid inappropriate uprobe access to invalid mm [1 file, +6/-7]
2175b66c7f mm/vmstat: fix a W=1 clang compiler warning [1 file, +1/-1]
35727f4506 tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() [2 files, +9/-3]
4aa5dcb389 tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection [3 files, +16/-5]
997cf2d8c2 bpf: Check negative offsets in __bpf_skb_min_len() [1 file, +15/-6]
a817e938a0 phy: core: Fix an OF node refcount leakage in _of_phy_get() [1 file, +5/-2]
479b6c2a5f phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() [1 file, +3/-1]
09f17bfb36 phy: core: Fix that API devm_phy_put() fails to release the phy [1 file, +1/-1]
f797151e84 phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider [1 file, +3/-3]
7e7c8ffc01 phy: core: Fix that API devm_phy_destroy() fails to destroy the phy [1 file, +1/-1]
c180c3f42d ALSA: memalloc: prefer dma_mapping_error() over explicit address checking [1 file, +1/-1]
a39ff5bf23 stddef: make __struct_group() UAPI C++-friendly [2 files, +21/-7]
68662d78af tracing/kprobe: Make trace_kprobe's module callback called after jump_label update [1 file, +1/-1]
ca5995f805 regmap: Use correct format specifier for logging range errors [1 file, +2/-2]
fdaaf92943 bpf: Zero index arg error string for dynptr and iter [6 files, +29/-29]
92d5139b91 virtio-blk: don't keep queue frozen during system suspend [1 file, +5/-2]
16b54ee81d blk-mq: register cpuhp callback after hctx is added to xarray table [1 file, +7/-8]
7d680f2f76 ublk: detach gendisk from ublk device if add_disk() fails [1 file, +17/-9]
79a47fd0f1 freezer, sched: Report frozen tasks as 'D' instead of 'R' [1 file, +2/-1]
a744146969 tracing: Constify string literal data member in struct trace_event_call [1 file, +1/-1]
1cca920af1 tracing: Prevent bad count for tracing_cpumask_write [1 file, +3/-0]
8e8494c83c io_uring/sqpoll: fix sqpoll error handling races [1 file, +6/-0]
aed157301c PCI/MSI: Handle lack of irqdomain gracefully [2 files, +9/-2]
Changes in 6.12.8
media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
ceph: allocate sparse_ext map only for sparse reads
arm64: dts: broadcom: Fix L2 linesize for Raspberry Pi 5
bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
fork: avoid inappropriate uprobe access to invalid mm
mm/vmstat: fix a W=1 clang compiler warning
selftests/bpf: Fix compilation error in get_uprobe_offset()
smb: client: Deduplicate "select NETFS_SUPPORT" in Kconfig
smb: fix bytes written value in /proc/fs/cifs/Stats
tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
bpf: Check negative offsets in __bpf_skb_min_len()
nfsd: Revert "nfsd: release svc_expkey/svc_export with rcu_work"
nfsd: restore callback functionality for NFSv4.0
mtd: diskonchip: Cast an operand to prevent potential overflow
mtd: rawnand: arasan: Fix double assertion of chip-select
mtd: rawnand: arasan: Fix missing de-registration of NAND
phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
phy: core: Fix an OF node refcount leakage in _of_phy_get()
phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
phy: core: Fix that API devm_phy_put() fails to release the phy
phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider
phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
phy: usb: Toggle the PHY power during init
phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM
phy: rockchip: naneng-combphy: fix phy reset
ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
dmaengine: mv_xor: fix child node refcount handling in early exit
dmaengine: dw: Select only supported masters for ACPI devices
dmaengine: tegra: Return correct DMA status when paused
dmaengine: amd: qdma: Remove using the private get and set dma_ops APIs
dmaengine: fsl-edma: implement the cleanup path of fsl_edma3_attach_pd()
dmaengine: apple-admac: Avoid accessing registers in probe
dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP
platform/chrome: cros_ec_lpc: fix product identity for early Framework Laptops
mtd: rawnand: fix double free in atmel_pmecc_create_user()
ASoC: amd: ps: Fix for enabling DMIC on acp63 platform via _DSD entry
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21QA and 21QB
ASoC: dt-bindings: realtek,rt5645: Fix CPVDD voltage comment
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21Q6 and 21Q7
powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
power: supply: bq24190: Fix BQ24296 Vbus regulator support
stddef: make __struct_group() UAPI C++-friendly
tracing/kprobe: Make trace_kprobe's module callback called after jump_label update
watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler
Revert "watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for PMU regs"
watchdog: mediatek: Add support for MT6735 TOPRGU/WDT
scsi: qla1280: Fix hw revision numbering for ISP1020/1040
scsi: megaraid_sas: Fix for a potential deadlock
udf: Skip parent dir link count update if corrupted
udf: Verify inode link counts before performing rename
ALSA: ump: Don't open legacy substream for an inactive group
ALSA: ump: Indicate the inactive group in legacy substream names
ALSA: ump: Update legacy substream names upon FB info update
ALSA: hda/conexant: fix Z60MR100 startup pop issue
ALSA: sh: Use standard helper for buffer accesses
smb: server: Fix building with GCC 15
regmap: Use correct format specifier for logging range errors
LoongArch: Fix reserving screen info memory for above-4G firmware
LoongArch: BPF: Adjust the parameter of emit_jirl()
platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
bpf: Zero index arg error string for dynptr and iter
spi: intel: Add Panther Lake SPI controller support
scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time
scsi: mpi3mr: Synchronize access to ioctl data buffer
scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
scsi: mpi3mr: Start controller indexing from 0
scsi: mpi3mr: Handling of fault code for insufficient power
scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error
ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A
spi: omap2-mcspi: Fix the IS_ERR() bug for devm_clk_get_optional_enabled()
drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()
virtio-blk: don't keep queue frozen during system suspend
blk-mq: register cpuhp callback after hctx is added to xarray table
wifi: iwlwifi: be less noisy if the NIC is dead in S3
ublk: detach gendisk from ublk device if add_disk() fails
drm/xe: Take PM ref in delayed snapshot capture worker
drm/xe: Move the coredump registration to the worker thread
objtool: Add bch2_trans_unlocked_error() to bcachefs noreturns
freezer, sched: Report frozen tasks as 'D' instead of 'R'
dmaengine: loongson2-apb: Change GENMASK to GENMASK_ULL
perf/x86/intel/uncore: Add Clearwater Forest support
tracing: Constify string literal data member in struct trace_event_call
tracing: Prevent bad count for tracing_cpumask_write
rtla/timerlat: Fix histogram ALL for zero samples
io_uring/sqpoll: fix sqpoll error handling races
i2c: microchip-core: actually use repeated sends
x86/fred: Clear WFE in missing-ENDBRANCH #CPs
virt: tdx-guest: Just leak decrypted memory on unrecoverable errors
PCI/MSI: Handle lack of irqdomain gracefully
perf/x86/intel: Fix bitmask of OCR and FRONTEND events for LNC
i2c: imx: add imx7d compatible string for applying erratum ERR007805
i2c: microchip-core: fix "ghost" detections
perf/x86/intel/ds: Add PEBS format 6
power: supply: cros_charge-control: add mutex for driver data
power: supply: cros_charge-control: allow start_threshold == end_threshold
power: supply: cros_charge-control: hide start threshold on v2 cmd
power: supply: gpio-charger: Fix set charge current limits
btrfs: fix race with memory mapped writes when activating swap file
btrfs: avoid monopolizing a core when activating a swap file
btrfs: fix swap file activation failure due to extents that used to be shared
btrfs: fix transaction atomicity bug when enabling simple quotas
btrfs: sysfs: fix direct super block member reads
btrfs: fix use-after-free when COWing tree bock and tracing is enabled
btrfs: check folio mapping after unlock in put_file_data()
btrfs: check folio mapping after unlock in relocate_one_folio()
Bluetooth: btusb: mediatek: move Bluetooth power off command position
Bluetooth: btusb: mediatek: add callback function in btusb_disconnect
Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
Bluetooth: btusb: mediatek: change the conditions for ISO interface
ALSA: ump: Shut up truncated string warning
ALSA: sh: Fix wrong argument order for copy_from_iter()
Linux 6.12.8
Change-Id: I2f5b46453984dde6ed8c381109655261a6bc3596
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 27834971f616c5e154423c578fa95e0444444ce1 upstream.
In CoCo VMs it is possible for the untrusted host to cause
set_memory_decrypted() to fail such that an error is returned
and the resulting memory is shared. Callers need to take care
to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional
or security issues.
Leak the decrypted memory when set_memory_decrypted() fails,
and don't need to print an error since set_memory_decrypted()
will call WARN_ONCE().
Fixes: f4738f56d1 ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS")
Signed-off-by: Li RongQing <lirongqing@baidu.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20240619111801.25630-1-lirongqing%40baidu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 129 out of 468 changes, affecting 180 files +1843/-980
e0964a5778 ptp: Add error handling for adjfine callback in ptp_clock_adjtime [1 file, +2/-1]
a007f8895f net/sched: tbf: correct backlog statistic for GSO packets [1 file, +12/-6]
9545011e7b net: Fix icmp host relookup triggering ip_rt_bug [1 file, +3/-0]
01f95357e4 ipv6: avoid possible NULL deref in modify_prefix_route() [1 file, +7/-6]
8b591bd522 net/ipv6: release expired exception dst cached in socket [1 file, +3/-3]
e48b211c4c tipc: Fix use-after-free of kernel socket in cleanup_bearer(). [1 file, +1/-1]
da5cc778e7 netfilter: nft_inner: incorrect percpu area handling under softirq [2 files, +46/-12]
a36a6d7037 Revert "udp: avoid calling sock_def_readable() if possible" [1 file, +3/-11]
22074dc1d4 ethtool: Fix wrong mod state in case of verbose and no_mask bitset [1 file, +44/-4]
316183d583 net: avoid potential UAF in default_operstate() [1 file, +6/-1]
c00372e41b mmc: sd: SDUC Support Recognition [7 files, +27/-15]
19e22f1e68 mmc: core: Adjust ACMD22 to SDUC [1 file, +18/-6]
42311846d3 mmc: core: Use GFP_NOIO in ACMD22 [1 file, +4/-0]
4e51552bc5 zram: do not mark idle slots that cannot be idle [1 file, +18/-7]
0ab037634b zram: clear IDLE flag in mark_idle() [1 file, +2/-0]
405b6d5f90 ntp: Remove invalid cast in time offset math [1 file, +1/-1]
6358df316d f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK} [1 file, +29/-39]
e6a91ed4b9 f2fs: fix to adjust appropriate length for fiemap [2 files, +4/-3]
8e9fec7f79 f2fs: fix to requery extent which cross boundary of inquiry [1 file, +15/-5]
815d8f0e52 i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS [2 files, +5/-3]
c3806cf647 i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED [2 files, +59/-13]
1117462773 i3c: master: Fix dynamic address leak when 'assigned-address' is present [1 file, +5/-10]
7d4e5e33ea scsi: ufs: core: Always initialize the UIC done completion [1 file, +4/-7]
3ad69f2f08 scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG [3 files, +38/-1]
47f4ad956b bpf, vsock: Fix poll() missing a queue [1 file, +3/-0]
a222e48fea bpf, vsock: Invoke proto::close on close() [1 file, +40/-27]
dabaf26846 xsk: always clear DMA mapping information when unmapping the pool [1 file, +2/-3]
5c9e3bb43a tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg [1 file, +4/-7]
7bc37dd9ea ALSA: usb-audio: Notify xrun for low-latency mode [1 file, +11/-3]
a78af11806 pmdomain: core: Add missing put_device() [1 file, +1/-0]
913a3f1c06 pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails [1 file, +19/-17]
5548887987 nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported [1 file, +2/-1]
bdbf87486d bpf: Ensure reg is PTR_TO_STACK in process_iter_arg [2 files, +7/-2]
2459a0b149 drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails [1 file, +1/-5]
0da7d4b7ca bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc [1 file, +6/-3]
f9f2a2739e bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots [1 file, +1/-0]
845cc4ee8e nvme-fabrics: handle zero MAXCMD without closing the connection [1 file, +3/-2]
c2277e2859 scatterlist: fix incorrect func name in kernel-doc [1 file, +1/-1]
81ec3c6ceb bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie [1 file, +20/-3]
6dc076a257 bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem [1 file, +1/-3]
7218e441ad bpf: Handle in-place update for full LPM trie correctly [1 file, +21/-23]
412bf01fd5 bpf: Fix exact match conditions in trie_get_next_key() [1 file, +2/-2]
e689bc6697 HID: wacom: fix when get product name maybe null pointer [1 file, +2/-1]
3b0c5bb437 can: dev: can_set_termination(): allow sleeping GPIOs [1 file, +1/-1]
ba0ee489cd tracing: Fix cmp_entries_dup() to respect sort() comparison rules [1 file, +1/-5]
ec643064ab arm64: mm: Fix zone_dma_limit calculation [1 file, +8/-9]
34b6197867 arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs [1 file, +2/-2]
abd614bbfc arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL [1 file, +5/-1]
8ab73c34e3 arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR [1 file, +2/-0]
4105dd76bc arm64: ptrace: fix partial SETREGSET for NT_ARM_POE [1 file, +2/-0]
7f1292f8d4 ALSA: usb-audio: Fix a DMA to stack memory bug [1 file, +27/-15]
39c5d89b56 ALSA: usb-audio: Add extra PID for RME Digiface USB [3 files, +176/-168]
9c191055c7 scsi: ufs: core: sysfs: Prevent div by zero [1 file, +6/-0]
2e7a3bb033 scsi: ufs: core: Cancel RTC work during ufshcd_remove() [1 file, +1/-0]
5a717f43c2 scsi: ufs: core: Add missing post notify for power mode change [2 files, +10/-7]
793e560a6b io_uring: Change res2 parameter type in io_uring_cmd_done [2 files, +3/-3]
85351e4941 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" [1 file, +2/-3]
95e197354e cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU [1 file, +8/-6]
bc031095d1 modpost: Add .irqentry.text to OTHER_SECTIONS [1 file, +1/-1]
178e31df1f bpf: fix OOB devmap writes when deleting elements [1 file, +3/-3]
3dcc20418e dma-buf: fix dma_fence_array_signaled v4 [1 file, +27/-1]
f3dbb097d6 dma-fence: Fix reference leak on fence merge failure path [1 file, +2/-0]
4715555964 dma-fence: Use kernel's sort for merging fences [1 file, +61/-67]
d486b5741d xsk: fix OOB map writes when deleting elements [1 file, +1/-1]
14258211d6 regmap: detach regmap from dev on regmap_exit [1 file, +12/-0]
d562b457e1 mmc: core: Further prevent card detect during shutdown [2 files, +5/-0]
9bfeeeff2c stackdepot: fix stack_depot_save_flags() in NMI context [2 files, +12/-4]
a71ddd5b87 sched/numa: fix memory leak due to the overwritten vma->numab_state [1 file, +9/-3]
835ca042df kasan: make report_lock a raw spinlock [1 file, +3/-3]
69d319450d mm/gup: handle NULL pages in unpin_user_pages() [1 file, +10/-1]
1dde3fde62 mm: open-code PageTail in folio_flags() and const_folio_flags() [1 file, +2/-2]
bd4d2333a3 mm: open-code page_folio() in dump_page() [1 file, +5/-2]
536ffb4014 mm: fix vrealloc()'s KASAN poisoning logic [1 file, +2/-1]
fe1a34e92a mm: respect mmap hint address when aligning for THP [1 file, +1/-0]
5c63e24b1b scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() [6 files, +2/-5]
2cec2d916a memblock: allow zero threshold in validate_numa_converage() [1 file, +2/-2]
d222934627 epoll: annotate racy check [2 files, +5/-3]
493326c4f1 block: RCU protect disk->conv_zones_bitmap [2 files, +32/-13]
b6ce2dbe98 ext4: partial zero eof block on unaligned inode size extension [2 files, +42/-16]
ff599ad2d2 cleanup: Adjust scoped_guard() macros to avoid potential warning [1 file, +42/-10]
3946e07552 gpio: free irqs that are still requested when the chip is being removed [1 file, +41/-0]
ea74e9675b HID: add per device quirk to force bind to hid-generic [3 files, +8/-2]
17db6ed5a3 media: uvcvideo: RealSense D421 Depth module metadata [1 file, +9/-0]
0c20fadfd0 media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera [1 file, +11/-0]
3cc5228d5b media: uvcvideo: Force UVC version to 1.0a for 0408:4033 [1 file, +11/-0]
4150f22342 drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model [1 file, +6/-0]
5d7f35ed5f drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition [1 file, +6/-0]
187d5ff497 drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK [1 file, +6/-0]
fd09880b16 af_packet: avoid erroring out after sock_init_data() in packet_create() [1 file, +6/-6]
61686abc2f Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() [1 file, +1/-0]
32df687e12 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() [1 file, +5/-5]
8df832e6b9 net: af_can: do not leave a dangling sk pointer in can_create() [1 file, +1/-0]
03caa9bfb9 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() [1 file, +7/-5]
691d6d816f net: inet: do not leave a dangling sk pointer in inet_create() [1 file, +10/-12]
f44fceb71d net: inet6: do not leave a dangling sk pointer in inet6_create() [1 file, +10/-12]
987aa730ba bpf: Prevent tailcall infinite loop caused by freplace [5 files, +81/-17]
051f49d517 net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals [4 files, +29/-23]
920159e1bf ALSA: usb-audio: Make mic volume workarounds globally applicable [3 files, +45/-48]
a50b4aa300 bpf: Call free_htab_elem() after htab_unlock_bucket() [1 file, +39/-17]
da561d5fb6 Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions [1 file, +3/-10]
c55a4c5a04 Bluetooth: hci_conn: Use disable_delayed_work_sync [1 file, +3/-3]
93a6160dc1 Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet [1 file, +9/-4]
b04b4fb91d Bluetooth: Add new quirks for ATS2851 [2 files, +20/-4]
359fc41e3c Bluetooth: Support new quirks for ATS2851 [2 files, +15/-1]
166cf43070 net/neighbor: clear error in case strict check is not set [1 file, +1/-0]
f63a1caae9 tracing/ftrace: disable preemption in syscall probe [2 files, +44/-4]
d1133dd57e tracing: Use atomic64_inc_return() in trace_clock_counter() [1 file, +1/-1]
09c083fbea ring-buffer: Limit time with disabled interrupts in rb_check_pages() [1 file, +72/-26]
c11e2ec9a7 pinmux: Use sequential access to access desc->pinmux data [3 files, +100/-77]
b865d4e569 scsi: ufs: core: Make DMA mask configuration more flexible [3 files, +13/-9]
2fcb921c27 bpf: put bpf_link's program when link is safe to be deallocated [1 file, +17/-5]
bb4a6236a4 leds: class: Protect brightness_show() with led_cdev->led_access mutex [2 files, +12/-4]
7214d3a64e tracing: Fix function name for trampoline [3 files, +36/-8]
9e28513fd2 f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. [1 file, +3/-1]
b51aa6a07e PCI: qcom: Add support for IPQ9574 [1 file, +1/-0]
617bd1e6c3 PCI: Add ACS quirk for Wangxun FF5xxx NICs [1 file, +9/-6]
1f51ae217d i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock [1 file, +2/-1]
6d41a2d5c1 f2fs: print message if fscorrupted was found in f2fs_new_node_page() [1 file, +6/-1]
924f7dd1e8 f2fs: fix to shrink read extent node in batches [1 file, +41/-28]
1648c7000f serial: 8250_dw: Add Sophgo SG2044 quirk [1 file, +3/-2]
950210c9c7 Revert "nvme: make keep-alive synchronous operation" [1 file, +10/-7]
d5b2ddf1f9 io_uring/tctx: work around xa_store() allocation error issue [1 file, +12/-1]
cd188519d2 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() [1 file, +1/-0]
a39ad4f507 sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() [1 file, +1/-1]
f9e144a544 sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy [1 file, +1/-1]
b4ec68868c sched/core: Prevent wakeup of ksoftirqd during idle load balance [1 file, +1/-1]
364dc8070b tracing/eprobe: Fix to release eprobe when failed to add dyn_event [1 file, +5/-0]
1a678f6829 clocksource: Make negative motion detection more robust [4 files, +20/-7]
6aeef0214d softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel [1 file, +11/-4]
Changes in 6.12.5
iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
watchdog: apple: Actually flush writes after requesting watchdog restart
watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart()
can: gs_usb: add usb endpoint address detection at driver probe step
can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails
can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
can: hi311x: hi3110_can_ist(): fix potential use-after-free
can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
netfilter: x_tables: fix LED ID check in led_tg_check()
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
selftests: hid: fix typo and exit code
net: enetc: Do not configure preemptible TCs if SIs do not support
ptp: Add error handling for adjfine callback in ptp_clock_adjtime
net/sched: tbf: correct backlog statistic for GSO packets
net: hsr: avoid potential out-of-bound access in fill_frame_info()
bnxt_en: ethtool: Supply ntuple rss context action
net: Fix icmp host relookup triggering ip_rt_bug
ipv6: avoid possible NULL deref in modify_prefix_route()
can: j1939: j1939_session_new(): fix skb reference counting
platform/x86: asus-wmi: Ignore return value when writing thermal policy
net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on LAN7800/7850
net/ipv6: release expired exception dst cached in socket
dccp: Fix memory leak in dccp_feat_change_recv
tipc: Fix use-after-free of kernel socket in cleanup_bearer().
net/smc: initialize close_work early to avoid warning
net/smc: fix LGR and link use-after-free issue
net/qed: allow old cards not supporting "num_images" to work
net: hsr: must allocate more bytes for RedBox support
ice: fix PHY Clock Recovery availability check
ice: fix PHY timestamp extraction for ETH56G
ice: Fix VLAN pruning in switchdev mode
idpf: set completion tag for "empty" bufs associated with a packet
ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
ixgbe: downgrade logging of unsupported VF API version to debug
ixgbe: Correct BASE-BX10 compliance code
igb: Fix potential invalid memory access in igb_init_module()
netfilter: nft_inner: incorrect percpu area handling under softirq
Revert "udp: avoid calling sock_def_readable() if possible"
net: sched: fix erspan_opt settings in cls_flower
netfilter: ipset: Hold module reference while requesting a module
netfilter: nft_set_hash: skip duplicated elements pending gc run
ethtool: Fix wrong mod state in case of verbose and no_mask bitset
mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
geneve: do not assume mac header is set in geneve_xmit_skb()
net/mlx5: HWS: Fix memory leak in mlx5hws_definer_calc_layout
net/mlx5: HWS: Properly set bwc queue locks lock classes
net/mlx5e: SD, Use correct mdev to build channel param
net/mlx5e: Remove workaround to avoid syndrome for internal port
vsock/test: fix failures due to wrong SO_RCVLOWAT parameter
vsock/test: fix parameter types in SO_VM_SOCKETS_* calls
net: avoid potential UAF in default_operstate()
gpio: grgpio: use a helper variable to store the address of ofdev->dev
gpio: grgpio: Add NULL check in grgpio_probe
mmc: mtk-sd: use devm_mmc_alloc_host
mmc: mtk-sd: Fix error handle of probe function
mmc: mtk-sd: fix devm_clk_get_optional usage
mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
mmc: sd: SDUC Support Recognition
mmc: core: Adjust ACMD22 to SDUC
mmc: core: Use GFP_NOIO in ACMD22
zram: do not mark idle slots that cannot be idle
zram: clear IDLE flag in mark_idle()
ntp: Remove invalid cast in time offset math
f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK}
f2fs: fix to adjust appropriate length for fiemap
f2fs: fix to requery extent which cross boundary of inquiry
i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED
i3c: master: Fix dynamic address leak when 'assigned-address' is present
drm/amd/display: calculate final viewport before TAP optimization
drm/amd/display: Ignore scalar validation failure if pipe is phantom
scsi: ufs: core: Always initialize the UIC done completion
scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
bpf, vsock: Fix poll() missing a queue
bpf, vsock: Invoke proto::close on close()
xsk: always clear DMA mapping information when unmapping the pool
bpftool: fix potential NULL pointer dereferencing in prog_dump()
drm/sti: Add __iomem for mixer_dbg_mxn's parameter
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
ALSA: seq: ump: Fix seq port updates per FB info notify
ALSA: usb-audio: Notify xrun for low-latency mode
tools: Override makefile ARCH variable if defined, but empty
spi: mpc52xx: Add cancel_work_sync before module remove
ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai()
pmdomain: core: Add missing put_device()
pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails
nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported
x86/pkeys: Change caller of update_pkru_in_sigframe()
x86/pkeys: Ensure updated PKRU value is XRSTOR'd
bpf: Ensure reg is PTR_TO_STACK in process_iter_arg
irqchip/stm32mp-exti: CONFIG_STM32MP_EXTI should not default to y when compile-testing
drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails
bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
nvme-fabrics: handle zero MAXCMD without closing the connection
nvme-tcp: fix the memleak while create new ctrl failed
nvme-rdma: unquiesce admin_q before destroy it
scsi: sg: Fix slab-use-after-free read in sg_release()
scsi: scsi_debug: Fix hrtimer support for ndelay
ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
drm/v3d: Enable Performance Counters before clearing them
ocfs2: free inode when ocfs2_get_init_inode() fails
scatterlist: fix incorrect func name in kernel-doc
iio: magnetometer: yas530: use signed integer type for clamp limits
smb: client: fix potential race in cifs_put_tcon()
bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
bpf: Handle in-place update for full LPM trie correctly
bpf: Fix exact match conditions in trie_get_next_key()
x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails
rust: allow `clippy::needless_lifetimes`
HID: i2c-hid: Revert to using power commands to wake on resume
HID: wacom: fix when get product name maybe null pointer
LoongArch: Add architecture specific huge_pte_clear()
LoongArch: KVM: Protect kvm_check_requests() with SRCU
ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
watchdog: rti: of: honor timeout-sec property
can: dev: can_set_termination(): allow sleeping GPIOs
can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6.
tracing: Fix cmp_entries_dup() to respect sort() comparison rules
net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
iommufd: Fix out_fput in iommufd_fault_alloc()
arm64: mm: Fix zone_dma_limit calculation
arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
ALSA: usb-audio: Fix a DMA to stack memory bug
ALSA: usb-audio: Add extra PID for RME Digiface USB
ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
ALSA: usb-audio: add mixer mapping for Corsair HS80
ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
scsi: qla2xxx: Fix abort in bsg timeout
scsi: qla2xxx: Fix NVMe and NPIV connect issue
scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
scsi: qla2xxx: Fix use after free on unload
scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
scsi: ufs: core: sysfs: Prevent div by zero
scsi: ufs: core: Cancel RTC work during ufshcd_remove()
scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers
scsi: ufs: core: Add missing post notify for power mode change
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX
fs/smb/client: Implement new SMB3 POSIX type
fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points
smb3.1.1: fix posix mounts to older servers
io_uring: Change res2 parameter type in io_uring_cmd_done
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"
pmdomain: imx: gpcv2: Adjust delay after power up handshake
selftests/damon: add _damon_sysfs.py to TEST_FILES
selftest: hugetlb_dio: fix test naming
cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
x86/cacheinfo: Delete global num_cache_leaves
drm/amdkfd: hard-code cacheline for gc943,gc944
drm/dp_mst: Fix MST sideband message body length check
drm/amdkfd: add MEC version that supports no PCIe atomics for GFX12
drm/amd/pm: fix and simplify workload handling
drm/dp_mst: Verify request type in the corresponding down message reply
drm/dp_mst: Fix resetting msg rx state after topology removal
drm/amd/display: Correct prefetch calculation
drm/amd/display: Limit VTotal range to max hw cap minus fp
drm/amd/display: Add a left edge pixel if in YCbCr422 or YCbCr420 and odm
drm/amdgpu/hdp6.0: do a posting read when flushing HDP
drm/amdgpu/hdp4.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.0: do a posting read when flushing HDP
drm/amdgpu/hdp7.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.2: do a posting read when flushing HDP
modpost: Add .irqentry.text to OTHER_SECTIONS
x86/kexec: Restore GDT on return from ::preserve_context kexec
bpf: fix OOB devmap writes when deleting elements
dma-buf: fix dma_fence_array_signaled v4
dma-fence: Fix reference leak on fence merge failure path
dma-fence: Use kernel's sort for merging fences
xsk: fix OOB map writes when deleting elements
regmap: detach regmap from dev on regmap_exit
arch_numa: Restore nid checks before registering a memblock with a node
mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet
mmc: core: Further prevent card detect during shutdown
x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
ocfs2: update seq_file index in ocfs2_dlm_seq_next
stackdepot: fix stack_depot_save_flags() in NMI context
lib: stackinit: hide never-taken branch from compiler
sched/numa: fix memory leak due to the overwritten vma->numab_state
kasan: make report_lock a raw spinlock
mm/gup: handle NULL pages in unpin_user_pages()
mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC
x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
mm/damon: fix order of arguments in damos_before_apply tracepoint
mm: memcg: declare do_memsw_account inline
mm: open-code PageTail in folio_flags() and const_folio_flags()
mm: open-code page_folio() in dump_page()
mm: fix vrealloc()'s KASAN poisoning logic
mm: respect mmap hint address when aligning for THP
scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove()
memblock: allow zero threshold in validate_numa_converage()
rust: enable arbitrary_self_types and remove `Receiver`
s390/pci: Sort PCI functions prior to creating virtual busses
s390/pci: Use topology ID for multi-function devices
s390/pci: Ignore RID for isolated VFs
epoll: annotate racy check
kselftest/arm64: Log fp-stress child startup errors to stdout
s390/cpum_sf: Handle CPU hotplug remove during sampling
block: RCU protect disk->conv_zones_bitmap
btrfs: don't take dev_replace rwsem on task already holding it
btrfs: avoid unnecessary device path update for the same device
btrfs: canonicalize the device path before adding it
btrfs: do not clear read-only when adding sprout device
kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
ext4: partial zero eof block on unaligned inode size extension
crypto: ecdsa - Avoid signed integer overflow on signature decoding
kcsan: Turn report_filterlist_lock into a raw_spinlock
hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list
ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID
ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
ACPI: video: force native for Apple MacbookPro11,2 and Air7,2
perf/x86/amd: Warn only on new bits set
cleanup: Adjust scoped_guard() macros to avoid potential warning
iio: magnetometer: fix if () scoped_guard() formatting
timekeeping: Always check for negative motion
gpio: free irqs that are still requested when the chip is being removed
spi: spi-fsl-lpspi: Adjust type of scldiv
soc: qcom: llcc: Use designated initializers for LLC settings
HID: add per device quirk to force bind to hid-generic
firmware: qcom: scm: Allow QSEECOM on Lenovo Yoga Slim 7x
soc: qcom: pd-mapper: Add QCM6490 PD maps
media: uvcvideo: RealSense D421 Depth module metadata
media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
media: uvcvideo: Force UVC version to 1.0a for 0408:4033
media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
mmc: core: Add SD card quirk for broken poweroff notification
mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED
firmware: qcom: scm: Allow QSEECOM on Dell XPS 13 9345
soc: imx8m: Probe the SoC driver as platform driver
regmap: maple: Provide lockdep (sub)class for maple tree's internal lock
selftests/resctrl: Protect against array overflow when reading strings
sched_ext: add a missing rcu_read_lock/unlock pair at scx_select_cpu_dfl()
HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
drm/xe/pciids: separate RPL-U and RPL-P PCI IDs
drm/xe/pciids: separate ARL and MTL PCI IDs
drm/vc4: hdmi: Avoid log spam for audio start failure
drm/vc4: hvs: Set AXI panic modes for the HVS
drm/xe/pciids: Add PVC's PCI device ID macros
wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
drm/xe/pciid: Add new PCI id for ARL
drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
drm/bridge: it6505: Enable module autoloading
drm/mcde: Enable module autoloading
wifi: rtw89: check return value of ieee80211_probereq_get() for RNR
drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL.
dlm: fix possible lkb_resource null dereference
drm/amd/display: skip disable CRTC in seemless bootup case
drm/amd/display: Fix garbage or black screen when resetting otg
drm/amd/display: disable SG displays on cyan skillfish
drm/xe/ptl: L3bank mask is not available on the media GT
drm/xe/xe3: Add initial set of workarounds
drm/display: Fix building with GCC 15
ALSA: hda: Use own quirk lookup helper
ALSA: hda/conexant: Use the new codec SSID matching
ALSA: hda/realtek: Use codec SSID matching for Lenovo devices
r8169: don't apply UDP padding quirk on RTL8126A
samples/bpf: Fix a resource leak
wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
accel/qaic: Add AIC080 support
drm/amd/display: Full exit out of IPS2 when all allow signals have been cleared
net: fec_mpc52xx_phy: Use %pa to format resource_size_t
net: ethernet: fs_enet: Use %pa to format resource_size_t
net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
af_packet: avoid erroring out after sock_init_data() in packet_create()
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
net: af_can: do not leave a dangling sk pointer in can_create()
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
net: inet: do not leave a dangling sk pointer in inet_create()
net: inet6: do not leave a dangling sk pointer in inet6_create()
wifi: ath10k: avoid NULL pointer error during sdio remove
wifi: ath5k: add PCI ID for SX76X
wifi: ath5k: add PCI ID for Arcadyan devices
fanotify: allow reporting errors on failure to open fd
bpf: Prevent tailcall infinite loop caused by freplace
ASoC: sdw_utils: Add support for exclusion DAI quirks
ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored
ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs
ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops
drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout
drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
net: sfp: change quirks for Alcatel Lucent G-010S-P
net: stmmac: Programming sequence for VLAN packets with split header
drm/sched: memset() 'job' in drm_sched_job_init()
drm/amd/display: Adding array index check to prevent memory corruption
drm/amdgpu/gfx9: Add cleaner shader for GFX9.4.2
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
drm/amdgpu: Dereference the ATCS ACPI buffer
netlink: specs: Add missing bitset attrs to ethtool spec
drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
ASoC: sdw_utils: Add quirk to exclude amplifier function
ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support
drm/amd/display: Fix underflow when playing 8K video in full screen mode
mptcp: annotate data-races around subflow->fully_established
dma-debug: fix a possible deadlock on radix_lock
jfs: array-index-out-of-bounds fix in dtReadFirst
jfs: fix shift-out-of-bounds in dbSplit
jfs: fix array-index-out-of-bounds in jfs_readdir
jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
fsl/fman: Validate cell-index value obtained from Device Tree
net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
drm/panic: Add ABGR2101010 support
drm/amd/display: Remove hw w/a toggle if on DP2/HPO
drm/amd/display: parse umc_info or vram_info based on ASIC
drm/amd/display: Prune Invalid Modes For HDMI Output
drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
virtio-net: fix overflow inside virtnet_rq_alloc
ALSA: usb-audio: Make mic volume workarounds globally applicable
drm/amdgpu: set the right AMDGPU sg segment limitation
wifi: ipw2x00: libipw_rx_any(): fix bad alignment
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
bpf: Call free_htab_elem() after htab_unlock_bucket()
mptcp: fix possible integer overflow in mptcp_reset_tout_timer
dsa: qca8k: Use nested lock to avoid splat
i2c: i801: Add support for Intel Panther Lake
Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925
Bluetooth: hci_conn: Use disable_delayed_work_sync
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
Bluetooth: Add new quirks for ATS2851
Bluetooth: Support new quirks for ATS2851
Bluetooth: Set quirks for ATS2851
Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925
Bluetooth: btusb: Add 3 HWIDs for MT7925
ASoC: hdmi-codec: reorder channel allocation list
rocker: fix link status detection in rocker_carrier_init()
net/neighbor: clear error in case strict check is not set
netpoll: Use rcu_access_pointer() in __netpoll_setup
pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
rtla: Fix consistency in getopt_long for timerlat_hist
tracing/ftrace: disable preemption in syscall probe
tracing: Use atomic64_inc_return() in trace_clock_counter()
tools/rtla: fix collision with glibc sched_attr/sched_set_attr
rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long
rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long
scsi: hisi_sas: Add cond_resched() for no forced preemption model
scsi: hisi_sas: Create all dump files during debugfs initialization
ring-buffer: Limit time with disabled interrupts in rb_check_pages()
pinmux: Use sequential access to access desc->pinmux data
scsi: ufs: core: Make DMA mask configuration more flexible
iommu/amd: Fix corruption when mapping large pages from 0
bpf: put bpf_link's program when link is safe to be deallocated
scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths
scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI
scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback
clk: qcom: rcg2: add clk_rcg2_shared_floor_ops
clk: qcom: rpmh: add support for SAR2130P
clk: qcom: tcsrcc-sm8550: add SAR2130P support
clk: qcom: dispcc-sm8550: enable support for SAR2130P
clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
leds: class: Protect brightness_show() with led_cdev->led_access mutex
scsi: st: Don't modify unknown block number in MTIOCGET
scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
pinctrl: qcom-pmic-gpio: add support for PM8937
pinctrl: qcom: spmi-mpp: Add PM8937 compatible
thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens
nvdimm: rectify the illogical code within nd_dax_probe()
smb: client: memcpy() with surrounding object base address
tracing: Fix function name for trampoline
tools/rtla: Enhance argument parsing in timerlat_load.py
verification/dot2: Improve dot parser robustness
mailbox: pcc: Check before sending MCTP PCC response ACK
f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
KMSAN: uninit-value in inode_go_dump (5)
i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
PCI: qcom: Add support for IPQ9574
PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
PCI: vmd: Set devices to D0 before enabling PM L1 Substates
PCI: Detect and trust built-in Thunderbolt chips
PCI: starfive: Enable controller runtime PM before probing host bridge
PCI: Add 'reset_subordinate' to reset hierarchy below bridge
PCI: Add ACS quirk for Wangxun FF5xxx NICs
remoteproc: qcom: pas: enable SAR2130P audio DSP support
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
f2fs: print message if fscorrupted was found in f2fs_new_node_page()
f2fs: fix to shrink read extent node in batches
f2fs: add a sysfs node to limit max read extent count per-inode
ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840
ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[]
LoongArch: Fix sleeping in atomic context for PREEMPT_RT
fs/ntfs3: Fix warning in ni_fiemap
fs/ntfs3: Fix case when unmarked clusters intersect with zone
regulator: qcom-rpmh: Update ranges for FTSMPS525
usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
usb: chipidea: udc: limit usb request length to max 16KB
usb: chipidea: udc: create bounce buffer for problem sglist entries if possible
usb: chipidea: udc: handle USB Error Interrupt if IOC not set
usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations
iio: adc: ad7192: properly check spi_get_device_match_data()
iio: light: ltr501: Add LTER0303 to the supported devices
usb: typec: ucsi: glink: be more precise on orientation-aware ports
ASoC: amd: yc: fix internal mic on Redmi G 2022
drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3
MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW
powerpc/prom_init: Fixup missing powermac #size-cells
misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
rtc: cmos: avoid taking rtc_lock for extended period of time
serial: 8250_dw: Add Sophgo SG2044 quirk
Revert "nvme: make keep-alive synchronous operation"
irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801
smb: client: don't try following DFS links in cifs_tree_connect()
setlocalversion: work around "git describe" performance
io_uring/tctx: work around xa_store() allocation error issue
scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
drm/xe/devcoredump: Use drm_puts and already cached local variables
drm/xe/devcoredump: Improve section headings and add tile info
drm/xe/devcoredump: Add ASCII85 dump helper function
drm/xe/guc: Copy GuC log prior to dumping
drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()
drm/xe/devcoredump: Update handling of xe_force_wake_get return
drm/amd/display: Add option to retrieve detile buffer size
sched: fix warning in sched_setaffinity
sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy
sched/core: Prevent wakeup of ksoftirqd during idle load balance
sched/deadline: Fix warning in migrate_enable for boosted tasks
btrfs: drop unused parameter options from open_ctree()
btrfs: drop unused parameter data from btrfs_fill_super()
btrfs: fix mount failure due to remount races
btrfs: fix missing snapshot drew unlock when root is dead during swap activation
clk: en7523: Initialize num before accessing hws in en7523_register_clocks()
tracing/eprobe: Fix to release eprobe when failed to add dyn_event
x86: Fix build regression with CONFIG_KEXEC_JUMP enabled
Revert "unicode: Don't special case ignorable code points"
vfio/mlx5: Align the page tracking max message size with the device capability
selftests/ftrace: adjust offset for kprobe syntax error test
KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn()
jffs2: Prevent rtime decompress memory corruption
jffs2: Fix rtime decompressor
media: ipu6: use the IPU6 DMA mapping APIs to do mapping
ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
net/mlx5: unique names for per device caches
ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
drm/amdgpu: rework resume handling for display (v2)
ALSA: hda: Fix build error without CONFIG_SND_DEBUG
Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
timekeeping: Remove CONFIG_DEBUG_TIMEKEEPING
clocksource: Make negative motion detection more robust
softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
Linux 6.12.5
Change-Id: If1b834954ed2ee1a16886f9a9909c6ca62d93b6c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit d44679fb954ffea961036ed1aeb7d65035f78489 ]
Calling the MMIO_GUARD hypercall from guests which have not been
enrolled (e.g. because they are running without pvmfw) results in
-EINVAL being returned. In this case, MMIO_GUARD is not active
and so we can simply proceed with the normal ioremap() routine.
Don't fail ioremap() if MMIO_GUARD fails; instead WARN_ON_ONCE()
to highlight that the pvm environment is slightly wonky.
Fixes: 0f12694958 ("drivers/virt: pkvm: Intercept ioremap using pKVM MMIO_GUARD hypercall")
Signed-off-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20241202145731.6422-2-will@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
On PKVM/ARM64 this uses the ARM SMCCC relinquish hypercall when available.
Memory relinquish interface is used by both memory ballooning and
by page reporting. It must be built if either is specified.
Bug: 357781595
Change-Id: Ifa85b641a48f348a2364cf8c6b06b6417f1eeedb
Signed-off-by: Keir Fraser <keirf@google.com>
Define the handful of hypercalls that MMIO guard will require.
Bug: 357781595
Change-Id: Iac312b2327c31a1532fdb38e8fa8066291d9f611
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Fuad Tabba <tabba@google.com>
no_llseek had been defined to NULL two years ago, in commit 868941b144
("fs: remove no_llseek")
To quote that commit,
At -rc1 we'll need do a mechanical removal of no_llseek -
git grep -l -w no_llseek | grep -v porting.rst | while read i; do
sed -i '/\<no_llseek\>/d' $i
done
would do it.
Unfortunately, that hadn't been done. Linus, could you do that now, so
that we could finally put that thing to rest? All instances are of the
form
.llseek = no_llseek,
so it's obviously safe.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull arm64 updates from Will Deacon:
"The highlights are support for Arm's "Permission Overlay Extension"
using memory protection keys, support for running as a protected guest
on Android as well as perf support for a bunch of new interconnect
PMUs.
Summary:
ACPI:
- Enable PMCG erratum workaround for HiSilicon HIP10 and 11
platforms.
- Ensure arm64-specific IORT header is covered by MAINTAINERS.
CPU Errata:
- Enable workaround for hardware access/dirty issue on Ampere-1A
cores.
Memory management:
- Define PHYSMEM_END to fix a crash in the amdgpu driver.
- Avoid tripping over invalid kernel mappings on the kexec() path.
- Userspace support for the Permission Overlay Extension (POE) using
protection keys.
Perf and PMUs:
- Add support for the "fixed instruction counter" extension in the
CPU PMU architecture.
- Extend and fix the event encodings for Apple's M1 CPU PMU.
- Allow LSM hooks to decide on SPE permissions for physical
profiling.
- Add support for the CMN S3 and NI-700 PMUs.
Confidential Computing:
- Add support for booting an arm64 kernel as a protected guest under
Android's "Protected KVM" (pKVM) hypervisor.
Selftests:
- Fix vector length issues in the SVE/SME sigreturn tests
- Fix build warning in the ptrace tests.
Timers:
- Add support for PR_{G,S}ET_TSC so that 'rr' can deal with
non-determinism arising from the architected counter.
Miscellaneous:
- Rework our IPI-based CPU stopping code to try NMIs if regular IPIs
don't succeed.
- Minor fixes and cleanups"
* tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (94 commits)
perf: arm-ni: Fix an NULL vs IS_ERR() bug
arm64: hibernate: Fix warning for cast from restricted gfp_t
arm64: esr: Define ESR_ELx_EC_* constants as UL
arm64: pkeys: remove redundant WARN
perf: arm_pmuv3: Use BR_RETIRED for HW branch event if enabled
MAINTAINERS: List Arm interconnect PMUs as supported
perf: Add driver for Arm NI-700 interconnect PMU
dt-bindings/perf: Add Arm NI-700 PMU
perf/arm-cmn: Improve format attr printing
perf/arm-cmn: Clean up unnecessary NUMA_NO_NODE check
arm64/mm: use lm_alias() with addresses passed to memblock_free()
mm: arm64: document why pte is not advanced in contpte_ptep_set_access_flags()
arm64: Expose the end of the linear map in PHYSMEM_END
arm64: trans_pgd: mark PTEs entries as valid to avoid dead kexec()
arm64/mm: Delete __init region from memblock.reserved
perf/arm-cmn: Support CMN S3
dt-bindings: perf: arm-cmn: Add CMN S3
perf/arm-cmn: Refactor DTC PMU register access
perf/arm-cmn: Make cycle counts less surprising
perf/arm-cmn: Improve build-time assertion
...
Hook up pKVM's MMIO_GUARD hypercall so that ioremap() and friends will
register the target physical address as MMIO with the hypervisor,
allowing guest exits to that page to be emulated by the host with full
syndrome information.
Acked-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20240830130150.8568-7-will@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Currently, struct snp_guest_msg includes a message header (96 bytes) and
a payload (4000 bytes). There is an implicit assumption here that the
SNP message header will always be 96 bytes, and with that assumption the
payload array size has been set to 4000 bytes - a magic number. If any
new member is added to the SNP message header, the SNP guest message
will span more than a page.
Instead of using a magic number for the payload, declare struct
snp_guest_msg in a way that payload plus the message header do not
exceed a page.
[ bp: Massage. ]
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20240731150811.156771-5-nikunj@amd.com
Pull kvm updates from Paolo Bonzini:
"ARM:
- Initial infrastructure for shadow stage-2 MMUs, as part of nested
virtualization enablement
- Support for userspace changes to the guest CTR_EL0 value, enabling
(in part) migration of VMs between heterogenous hardware
- Fixes + improvements to pKVM's FF-A proxy, adding support for v1.1
of the protocol
- FPSIMD/SVE support for nested, including merged trap configuration
and exception routing
- New command-line parameter to control the WFx trap behavior under
KVM
- Introduce kCFI hardening in the EL2 hypervisor
- Fixes + cleanups for handling presence/absence of FEAT_TCRX
- Miscellaneous fixes + documentation updates
LoongArch:
- Add paravirt steal time support
- Add support for KVM_DIRTY_LOG_INITIALLY_SET
- Add perf kvm-stat support for loongarch
RISC-V:
- Redirect AMO load/store access fault traps to guest
- perf kvm stat support
- Use guest files for IMSIC virtualization, when available
s390:
- Assortment of tiny fixes which are not time critical
x86:
- Fixes for Xen emulation
- Add a global struct to consolidate tracking of host values, e.g.
EFER
- Add KVM_CAP_X86_APIC_BUS_CYCLES_NS to allow configuring the
effective APIC bus frequency, because TDX
- Print the name of the APICv/AVIC inhibits in the relevant
tracepoint
- Clean up KVM's handling of vendor specific emulation to
consistently act on "compatible with Intel/AMD", versus checking
for a specific vendor
- Drop MTRR virtualization, and instead always honor guest PAT on
CPUs that support self-snoop
- Update to the newfangled Intel CPU FMS infrastructure
- Don't advertise IA32_PERF_GLOBAL_OVF_CTRL as an MSR-to-be-saved, as
it reads '0' and writes from userspace are ignored
- Misc cleanups
x86 - MMU:
- Small cleanups, renames and refactoring extracted from the upcoming
Intel TDX support
- Don't allocate kvm_mmu_page.shadowed_translation for shadow pages
that can't hold leafs SPTEs
- Unconditionally drop mmu_lock when allocating TDP MMU page tables
for eager page splitting, to avoid stalling vCPUs when splitting
huge pages
- Bug the VM instead of simply warning if KVM tries to split a SPTE
that is non-present or not-huge. KVM is guaranteed to end up in a
broken state because the callers fully expect a valid SPTE, it's
all but dangerous to let more MMU changes happen afterwards
x86 - AMD:
- Make per-CPU save_area allocations NUMA-aware
- Force sev_es_host_save_area() to be inlined to avoid calling into
an instrumentable function from noinstr code
- Base support for running SEV-SNP guests. API-wise, this includes a
new KVM_X86_SNP_VM type, encrypting/measure the initial image into
guest memory, and finalizing it before launching it. Internally,
there are some gmem/mmu hooks needed to prepare gmem-allocated
pages before mapping them into guest private memory ranges
This includes basic support for attestation guest requests, enough
to say that KVM supports the GHCB 2.0 specification
There is no support yet for loading into the firmware those signing
keys to be used for attestation requests, and therefore no need yet
for the host to provide certificate data for those keys.
To support fetching certificate data from userspace, a new KVM exit
type will be needed to handle fetching the certificate from
userspace.
An attempt to define a new KVM_EXIT_COCO / KVM_EXIT_COCO_REQ_CERTS
exit type to handle this was introduced in v1 of this patchset, but
is still being discussed by community, so for now this patchset
only implements a stub version of SNP Extended Guest Requests that
does not provide certificate data
x86 - Intel:
- Remove an unnecessary EPT TLB flush when enabling hardware
- Fix a series of bugs that cause KVM to fail to detect nested
pending posted interrupts as valid wake eents for a vCPU executing
HLT in L2 (with HLT-exiting disable by L1)
- KVM: x86: Suppress MMIO that is triggered during task switch
emulation
Explicitly suppress userspace emulated MMIO exits that are
triggered when emulating a task switch as KVM doesn't support
userspace MMIO during complex (multi-step) emulation
Silently ignoring the exit request can result in the
WARN_ON_ONCE(vcpu->mmio_needed) firing if KVM exits to userspace
for some other reason prior to purging mmio_needed
See commit 0dc902267c ("KVM: x86: Suppress pending MMIO write
exits if emulator detects exception") for more details on KVM's
limitations with respect to emulated MMIO during complex emulator
flows
Generic:
- Rename the AS_UNMOVABLE flag that was introduced for KVM to
AS_INACCESSIBLE, because the special casing needed by these pages
is not due to just unmovability (and in fact they are only
unmovable because the CPU cannot access them)
- New ioctl to populate the KVM page tables in advance, which is
useful to mitigate KVM page faults during guest boot or after live
migration. The code will also be used by TDX, but (probably) not
through the ioctl
- Enable halt poll shrinking by default, as Intel found it to be a
clear win
- Setup empty IRQ routing when creating a VM to avoid having to
synchronize SRCU when creating a split IRQCHIP on x86
- Rework the sched_in/out() paths to replace kvm_arch_sched_in() with
a flag that arch code can use for hooking both sched_in() and
sched_out()
- Take the vCPU @id as an "unsigned long" instead of "u32" to avoid
truncating a bogus value from userspace, e.g. to help userspace
detect bugs
- Mark a vCPU as preempted if and only if it's scheduled out while in
the KVM_RUN loop, e.g. to avoid marking it preempted and thus
writing guest memory when retrieving guest state during live
migration blackout
Selftests:
- Remove dead code in the memslot modification stress test
- Treat "branch instructions retired" as supported on all AMD Family
17h+ CPUs
- Print the guest pseudo-RNG seed only when it changes, to avoid
spamming the log for tests that create lots of VMs
- Make the PMU counters test less flaky when counting LLC cache
misses by doing CLFLUSH{OPT} in every loop iteration"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (227 commits)
crypto: ccp: Add the SNP_VLEK_LOAD command
KVM: x86/pmu: Add kvm_pmu_call() to simplify static calls of kvm_pmu_ops
KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops
KVM: x86: Replace static_call_cond() with static_call()
KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event
x86/sev: Move sev_guest.h into common SEV header
KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event
KVM: x86: Suppress MMIO that is triggered during task switch emulation
KVM: x86/mmu: Clean up make_huge_page_split_spte() definition and intro
KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE
KVM: selftests: x86: Add test for KVM_PRE_FAULT_MEMORY
KVM: x86: Implement kvm_arch_vcpu_pre_fault_memory()
KVM: x86/mmu: Make kvm_mmu_do_page_fault() return mapped level
KVM: x86/mmu: Account pf_{fixed,emulate,spurious} in callers of "do page fault"
KVM: x86/mmu: Bump pf_taken stat only in the "real" page fault handler
KVM: Add KVM_PRE_FAULT_MEMORY vcpu ioctl to pre-populate guest memory
KVM: Document KVM_PRE_FAULT_MEMORY ioctl
mm, virt: merge AS_UNMOVABLE and AS_INACCESSIBLE
perf kvm: Add kvm-stat for loongarch64
LoongArch: KVM: Add PV steal time support in guest side
...
The GHCB 2.0 specification defines 2 GHCB request types to allow SNP guests
to send encrypted messages/requests to firmware: SNP Guest Requests and SNP
Extended Guest Requests. These encrypted messages are used for things like
servicing attestation requests issued by the guest. Implementing support for
these is required to be fully GHCB-compliant.
For the most part, KVM only needs to handle forwarding these requests to
firmware (to be issued via the SNP_GUEST_REQUEST firmware command defined
in the SEV-SNP Firmware ABI), and then forwarding the encrypted response to
the guest.
However, in the case of SNP Extended Guest Requests, the host is also
able to provide the certificate data corresponding to the endorsement key
used by firmware to sign attestation report requests. This certificate data
is provided by userspace because:
1) It allows for different keys/key types to be used for each particular
guest with requiring any sort of KVM API to configure the certificate
table in advance on a per-guest basis.
2) It provides additional flexibility with how attestation requests might
be handled during live migration where the certificate data for
source/dest might be different.
3) It allows all synchronization between certificates and firmware/signing
key updates to be handled purely by userspace rather than requiring
some in-kernel mechanism to facilitate it. [1]
To support fetching certificate data from userspace, a new KVM exit type will
be needed to handle fetching the certificate from userspace. An attempt to
define a new KVM_EXIT_COCO/KVM_EXIT_COCO_REQ_CERTS exit type to handle this
was introduced in v1 of this patchset, but is still being discussed by
community, so for now this patchset only implements a stub version of SNP
Extended Guest Requests that does not provide certificate data, but is still
enough to provide compliance with the GHCB 2.0 spec.
sev_guest.h currently contains various definitions relating to the
format of SNP_GUEST_REQUEST commands to SNP firmware. Currently only the
sev-guest driver makes use of them, but when the KVM side of this is
implemented there's a need to parse the SNP_GUEST_REQUEST header to
determine whether additional information needs to be provided to the
guest. Prepare for this by moving those definitions to a common header
that's shared by host/guest code so that KVM can also make use of them.
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-ID: <20240701223148.3798365-3-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When an SVSM is present, the guest can also request attestation reports
from it. These SVSM attestation reports can be used to attest the SVSM
and any services running within the SVSM.
Extend the config-fs attestation support to provide such. This involves
creating four new config-fs attributes:
- 'service-provider' (input)
This attribute is used to determine whether the attestation request
should be sent to the specified service provider or to the SEV
firmware. The SVSM service provider is represented by the value
'svsm'.
- 'service_guid' (input)
Used for requesting the attestation of a single service within the
service provider. A null GUID implies that the SVSM_ATTEST_SERVICES
call should be used to request the attestation report. A non-null
GUID implies that the SVSM_ATTEST_SINGLE_SERVICE call should be used.
- 'service_manifest_version' (input)
Used with the SVSM_ATTEST_SINGLE_SERVICE call, the service version
represents a specific service manifest version be used for the
attestation report.
- 'manifestblob' (output)
Used to return the service manifest associated with the attestation
report.
Only display these new attributes when running under an SVSM.
[ bp: Massage.
- s/svsm_attestation_call/svsm_attest_call/g ]
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/965015dce3c76bb8724839d50c5dea4e4b5d598f.1717600736.git.thomas.lendacky@amd.com
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/52826a50250304ab0af14c594009f7b901c2cd31.1703596577.git.u.kleine-koenig@pengutronix.de
In TDX guest, the attestation process is used to verify the TDX guest
trustworthiness to other entities before provisioning secrets to the
guest. The first step in the attestation process is TDREPORT
generation, which involves getting the guest measurement data in the
format of TDREPORT, which is further used to validate the authenticity
of the TDX guest. TDREPORT by design is integrity-protected and can
only be verified on the local machine.
To support remote verification of the TDREPORT in a SGX-based
attestation, the TDREPORT needs to be sent to the SGX Quoting Enclave
(QE) to convert it to a remotely verifiable Quote. SGX QE by design can
only run outside of the TDX guest (i.e. in a host process or in a
normal VM) and guest can use communication channels like vsock or
TCP/IP to send the TDREPORT to the QE. But for security concerns, the
TDX guest may not support these communication channels. To handle such
cases, TDX defines a GetQuote hypercall which can be used by the guest
to request the host VMM to communicate with the SGX QE. More details
about GetQuote hypercall can be found in TDX Guest-Host Communication
Interface (GHCI) for Intel TDX 1.0, section titled
"TDG.VP.VMCALL<GetQuote>".
Trusted Security Module (TSM) [1] exposes a common ABI for Confidential
Computing Guest platforms to get the measurement data via ConfigFS.
Extend the TSM framework and add support to allow an attestation agent
to get the TDX Quote data (included usage example below).
report=/sys/kernel/config/tsm/report/report0
mkdir $report
dd if=/dev/urandom bs=64 count=1 > $report/inblob
hexdump -C $report/outblob
rmdir $report
GetQuote TDVMCALL requires TD guest pass a 4K aligned shared buffer
with TDREPORT data as input, which is further used by the VMM to copy
the TD Quote result after successful Quote generation. To create the
shared buffer, allocate a large enough memory and mark it shared using
set_memory_decrypted() in tdx_guest_init(). This buffer will be re-used
for GetQuote requests in the TDX TSM handler.
Although this method reserves a fixed chunk of memory for GetQuote
requests, such one time allocation can help avoid memory fragmentation
related allocation failures later in the uptime of the guest.
Since the Quote generation process is not time-critical or frequently
used, the current version uses a polling model for Quote requests and
it also does not support parallel GetQuote requests.
Link: https://lore.kernel.org/lkml/169342399185.3934343.3035845348326944519.stgit@dwillia2-xfh.jf.intel.com/ [1]
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Erdem Aktas <erdemaktas@google.com>
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Tested-by: Peter Gonda <pgonda@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
The sevguest driver was a first mover in the confidential computing
space. As a first mover that afforded some leeway to build the driver
without concern for common infrastructure.
Now that sevguest is no longer a singleton [1] the common operation of
building and transmitting attestation report blobs can / should be made
common. In this model the so called "TSM-provider" implementations can
share a common envelope ABI even if the contents of that envelope remain
vendor-specific. When / if the industry agrees on an attestation record
format, that definition can also fit in the same ABI. In the meantime
the kernel's maintenance burden is reduced and collaboration on the
commons is increased.
Convert sevguest to use CONFIG_TSM_REPORTS to retrieve the data that
the SNP_GET_EXT_REPORT ioctl produces. An example flow follows for
retrieving the report blob via the TSM interface utility,
assuming no nonce and VMPL==2:
report=/sys/kernel/config/tsm/report/report0
mkdir $report
echo 2 > $report/privlevel
dd if=/dev/urandom bs=64 count=1 > $report/inblob
hexdump -C $report/outblob # SNP report
hexdump -C $report/auxblob # cert_table
rmdir $report
Given that the platform implementation is free to return empty
certificate data if none is available it lets configfs-tsm be simplified
as it only needs to worry about wrapping SNP_GET_EXT_REPORT, and leave
SNP_GET_REPORT alone.
The old ioctls can be lazily deprecated, the main motivation of this
effort is to stop the proliferation of new ioctls, and to increase
cross-vendor collaboration.
Link: http://lore.kernel.org/r/64961c3baf8ce_142af829436@dwillia2-xfh.jf.intel.com.notmuch [1]
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Glaze <dionnaglaze@google.com>
Cc: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Tested-by: Alexey Kardashevskiy <aik@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
In preparation for using the configs-tsm facility to convey attestation
blobs to userspace, switch to using the 'sockptr' api for copying
payloads to provided buffers where 'sockptr' handles user vs kernel
buffers.
While configfs-tsm is meant to replace existing confidential computing
ioctl() implementations for attestation report retrieval the old ioctl()
path needs to stick around for a deprecation period.
No behavior change intended.
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Glaze <dionnaglaze@google.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
One of the common operations of a TSM (Trusted Security Module) is to
provide a way for a TVM (confidential computing guest execution
environment) to take a measurement of its launch state, sign it and
submit it to a verifying party. Upon successful attestation that
verifies the integrity of the TVM additional secrets may be deployed.
The concept is common across TSMs, but the implementations are
unfortunately vendor specific. While the industry grapples with a common
definition of this attestation format [1], Linux need not make this
problem worse by defining a new ABI per TSM that wants to perform a
similar operation. The current momentum has been to invent new ioctl-ABI
per TSM per function which at best is an abdication of the kernel's
responsibility to make common infrastructure concepts share common ABI.
The proposal, targeted to conceptually work with TDX, SEV-SNP, COVE if
not more, is to define a configfs interface to retrieve the TSM-specific
blob.
report=/sys/kernel/config/tsm/report/report0
mkdir $report
dd if=binary_userdata_plus_nonce > $report/inblob
hexdump $report/outblob
This approach later allows for the standardization of the attestation
blob format without needing to invent a new ABI. Once standardization
happens the standard format can be emitted by $report/outblob and
indicated by $report/provider, or a new attribute like
"$report/tcg_coco_report" can emit the standard format alongside the
vendor format.
Review of previous iterations of this interface identified that there is
a need to scale report generation for multiple container environments
[2]. Configfs enables a model where each container can bind mount one or
more report generation item instances. Still, within a container only a
single thread can be manipulating a given configuration instance at a
time. A 'generation' count is provided to detect conflicts between
multiple threads racing to configure a report instance.
The SEV-SNP concepts of "extended reports" and "privilege levels" are
optionally enabled by selecting 'tsm_report_ext_type' at register_tsm()
time. The expectation is that those concepts are generic enough that
they may be adopted by other TSM implementations. In other words,
configfs-tsm aims to address a superset of TSM specific functionality
with a common ABI where attributes may appear, or not appear, based on
the set of concepts the implementation supports.
Link: http://lore.kernel.org/r/64961c3baf8ce_142af829436@dwillia2-xfh.jf.intel.com.notmuch [1]
Link: http://lore.kernel.org/r/57f3a05e-8fcd-4656-beea-56bb8365ae64@linux.microsoft.com [2]
Cc: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Peter Gonda <pgonda@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Samuel Ortiz <sameo@rivosinc.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
CONFIG_DEBUG_SG highlights that get_{report,ext_report,derived_key)()}
are passing stack buffers as the @req_buf argument to
handle_guest_request(), generating a Call Trace of the following form:
WARNING: CPU: 0 PID: 1175 at include/linux/scatterlist.h:187 enc_dec_message+0x518/0x5b0 [sev_guest]
[..]
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
RIP: 0010:enc_dec_message+0x518/0x5b0 [sev_guest]
Call Trace:
<TASK>
[..]
handle_guest_request+0x135/0x520 [sev_guest]
get_ext_report+0x1ec/0x3e0 [sev_guest]
snp_guest_ioctl+0x157/0x200 [sev_guest]
Note that the above Call Trace was with the DEBUG_SG BUG_ON()s converted
to WARN_ON()s.
This is benign as long as there are no hardware crypto accelerators
loaded for the aead cipher, and no subsequent dma_map_sg() is performed
on the scatterlist. However, sev-guest can not assume the presence of
an aead accelerator nor can it assume that CONFIG_DEBUG_SG is disabled.
Resolve this bug by allocating virt_addr_valid() memory, similar to the
other buffers am @snp_dev instance carries, to marshal requests from
user buffers to kernel buffers.
Reported-by: Peter Gonda <pgonda@google.com>
Closes: http://lore.kernel.org/r/CAMkAt6r2VPPMZ__SQfJse8qWsUyYW3AgYbOUVM0S_Vtk=KvkxQ@mail.gmail.com
Fixes: fce96cf044 ("virt: Add SEV-SNP guest driver")
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Dionna Glaze <dionnaglaze@google.com>
Cc: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Tested-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
This driver fails to link when CRYPTO is disabled, or in a loadable
module:
WARNING: unmet direct dependencies detected for CRYPTO_GCM
WARNING: unmet direct dependencies detected for CRYPTO_AEAD2
Depends on [m]: CRYPTO [=m]
Selected by [y]:
- SEV_GUEST [=y] && VIRT_DRIVERS [=y] && AMD_MEM_ENCRYPT [=y]
x86_64-linux-ld: crypto/aead.o: in function `crypto_register_aeads':
Fixes: fce96cf044 ("virt: Add SEV-SNP guest driver")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230117171416.2715125-1-arnd@kernel.org
The GHCB specification declares that the firmware error value for
a guest request will be stored in the lower 32 bits of EXIT_INFO_2. The
upper 32 bits are for the VMM's own error code. The fw_err argument to
snp_guest_issue_request() is thus a misnomer, and callers will need
access to all 64 bits.
The type of unsigned long also causes problems, since sw_exit_info2 is
u64 (unsigned long long) vs the argument's unsigned long*. Change this
type for issuing the guest request. Pass the ioctl command struct's error
field directly instead of in a local variable, since an incomplete guest
request may not set the error code, and uninitialized stack memory would
be written back to user space.
The firmware might not even be called, so bookend the call with the no
firmware call error and clear the error.
Since the "fw_err" field is really exitinfo2 split into the upper bits'
vmm error code and lower bits' firmware error code, convert the 64 bit
value to a union.
[ bp:
- Massage commit message
- adjust code
- Fix a build issue as
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202303070609.vX6wp2Af-lkp@intel.com
- print exitinfo2 in hex
Tom:
- Correct -EIO exit case. ]
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230214164638.1189804-5-dionnaglaze@google.com
Link: https://lore.kernel.org/r/20230307192449.24732-12-bp@alien8.de
The encryption algorithms read and write directly to shared unencrypted
memory, which may leak information as well as permit the host to tamper
with the message integrity. Instead, copy whole messages in or out as
needed before doing any computation on them.
Fixes: d5af44dde5 ("x86/sev: Provide support for SNP guest request NAEs")
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230214164638.1189804-3-dionnaglaze@google.com
A potentially malicious SEV guest can constantly hammer the hypervisor
using this driver to send down requests and thus prevent or at least
considerably hinder other guests from issuing requests to the secure
processor which is a shared platform resource.
Therefore, the host is permitted and encouraged to throttle such guest
requests.
Add the capability to handle the case when the hypervisor throttles
excessive numbers of requests issued by the guest. Otherwise, the VM
platform communication key will be disabled, preventing the guest from
attesting itself.
Realistically speaking, a well-behaved guest should not even care about
throttling. During its lifetime, it would end up issuing a handful of
requests which the hardware can easily handle.
This is more to address the case of a malicious guest. Such guest should
get throttled and if its VMPCK gets disabled, then that's its own
wrongdoing and perhaps that guest even deserves it.
To the implementation: the hypervisor signals with SNP_GUEST_REQ_ERR_BUSY
that the guest requests should be throttled. That error code is returned
in the upper 32-bit half of exitinfo2 and this is part of the GHCB spec
v2.
So the guest is given a throttling period of 1 minute in which it
retries the request every 2 seconds. This is a good default but if it
turns out to not pan out in practice, it can be tweaked later.
For safety, since the encryption algorithm in GHCBv2 is AES_GCM, control
must remain in the kernel to complete the request with the current
sequence number. Returning without finishing the request allows the
guest to make another request but with different message contents. This
is IV reuse, and breaks cryptographic protections.
[ bp:
- Rewrite commit message and do a simplified version.
- The stable tags are supposed to denote that a cleanup should go
upfront before backporting this so that any future fixes to this
can preserve the sanity of the backporter(s). ]
Fixes: d5af44dde5 ("x86/sev: Provide support for SNP guest request NAEs")
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Co-developed-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@kernel.org> # d6fd48eff7 ("virt/coco/sev-guest: Check SEV_SNP attribute at probe time")
Cc: <stable@kernel.org> # 970ab82374 (" virt/coco/sev-guest: Simplify extended guest request handling")
Cc: <stable@kernel.org> # c5a338274b ("virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request()")
Cc: <stable@kernel.org> # 0fdb6cc7c8 ("virt/coco/sev-guest: Carve out the request issuing logic into a helper")
Cc: <stable@kernel.org> # d25bae7dc7 ("virt/coco/sev-guest: Do some code style cleanups")
Cc: <stable@kernel.org> # fa4ae42cc6 ("virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case")
Link: https://lore.kernel.org/r/20230214164638.1189804-2-dionnaglaze@google.com
Return a specific error code - -ENOSPC - to signal the too small cert
data buffer instead of checking exit code and exitinfo2.
While at it, hoist the *fw_err assignment in snp_issue_guest_request()
so that a proper error value is returned to the callers.
[ Tom: check override_err instead of err. ]
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230307192449.24732-4-bp@alien8.de