In page-compat mode, align the stack top / base by the emulated
page-size.
Bug: 383389337
Bug: 315325080
Bug: 302403436
Change-Id: I46e08a3b99842e7810866f48a2f53365c0bbd2bc
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
GKI (arm64) relevant 77 out of 426 changes, affecting 93 files +851/-461
40426fc097 cpufreq: scpi: compare kHz instead of Hz [1 file, +3/-2]
7b1d2454d0 sched: Cancel the slice protection of the idle entity [1 file, +33/-13]
b576c4834d sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks [1 file, +4/-0]
f381c92ab4 cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() [1 file, +23/-22]
4d28c2ab2a lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock [1 file, +0/-2]
31d5665172 PM: sleep: Adjust check before setting power.must_resume [3 files, +9/-8]
864750968d watchdog/hardlockup/perf: Fix perf_event memory leak [4 files, +1/-61]
c3a4c91a40 PM: sleep: Fix handling devices with direct_complete set on errors [1 file, +4/-4]
345957c1cf lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() [1 file, +4/-4]
5108828fec perf/ring_buffer: Allow the EPOLLRDNORM flag for poll [1 file, +1/-1]
15291b561d ALSA: timer: Don't take register_mutex with copy_from/to_user() [1 file, +77/-70]
254f771c70 PCI: Use downstream bridges for distributing resources [1 file, +1/-2]
372e387c4f PCI: Remove add_align overwrite unrelated to size0 [1 file, +0/-1]
f556b6ba0a PCI/ASPM: Fix link state exit during switch upstream function removal [1 file, +9/-8]
8ba27aa512 PCI/ACS: Fix 'pci=config_acs=' parameter [1 file, +13/-5]
2a54a1a9c6 PCI/portdrv: Only disable pciehp interrupts early when needed [1 file, +5/-3]
bcb4842004 PCI: Avoid reset when disabled via sysfs [1 file, +4/-0]
362b5879a7 PCI: Remove stray put_device() in pci_register_host_bridge() [1 file, +2/-3]
b004cf517d PCI: dwc: ep: Return -ENOMEM for allocation failures [1 file, +1/-0]
e23dfb926f PCI: Fix BAR resizing when VF BARs are assigned [1 file, +2/-2]
057298d193 crypto: bpf - Add MODULE_DESCRIPTION for skcipher [1 file, +1/-0]
2df19f5f6f remoteproc: core: Clear table_sz when rproc_shutdown [1 file, +1/-0]
bfcca46f01 of: property: Increase NR_FWNODE_REFERENCE_ARGS [1 file, +1/-1]
8ed5381756 bpf: Use preempt_count() directly in bpf_send_signal_common() [1 file, +1/-1]
6d4e56e4c5 crypto: api - Fix larval relookup type and mask [1 file, +7/-10]
8ba426f170 rust: fix signature of rust_fmt_argument [2 files, +4/-5]
19e6817f84 bpf: Fix array bounds error with may_goto [2 files, +22/-4]
c2ddf2f576 leds: Fix LED_OFF brightness race [1 file, +18/-4]
8109f57613 usb: xhci: correct debug message page size calculation [1 file, +3/-3]
c42282a078 kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() [1 file, +12/-1]
5b2b692804 tty: n_tty: use uint for space returned by tty_write_room() [1 file, +7/-6]
aba9189992 fs/procfs: fix the comment above proc_pid_wchan() [1 file, +1/-1]
456300be23 thermal: core: Remove duplicate struct declaration [1 file, +0/-2]
6a14075325 exfat: fix the infinite loop in exfat_find_last_cluster() [1 file, +1/-1]
4a9595eb02 exfat: fix missing shutdown check [1 file, +27/-2]
28b21ee8e8 rtnetlink: Allocate vfinfo size for VF GUIDs when supported [1 file, +3/-0]
2a6f8823ff ring-buffer: Fix bytes_dropped calculation issue [1 file, +2/-2]
8e49f912ae sched/smt: Always inline sched_smt_active() [1 file, +1/-1]
00911b416a context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() [1 file, +4/-4]
d80168db5e rcu-tasks: Always inline rcu_irq_work_resched() [1 file, +1/-1]
63bd235de2 nvme-pci: clean up CMBMSC when registering CMB fails [1 file, +1/-0]
5eb8c8fee7 nvme-pci: skip CMB blocks incompatible with PCI P2P DMA [1 file, +12/-8]
7364420090 perf/core: Fix perf_pmu_register() vs. perf_init_event() [1 file, +26/-2]
9207575878 exfat: add a check for invalid data size [1 file, +5/-0]
ddf40162ac locking/semaphore: Use wake_q to wake up processes outside lock critical section [1 file, +9/-4]
3e6ce0d9ec nvme-pci: fix stuck reset on concurrent DPC and HP [1 file, +12/-1]
93c59b5548 net: devmem: do not WARN conditionally after netdev_rx_queue_restart() [1 file, +3/-1]
d840c84cdd can: statistics: use atomic access in hot path [3 files, +39/-31]
7a95b48873 netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int [1 file, +3/-3]
7e3497d7da ublk: make sure ubq->canceling is set when queue is frozen [1 file, +29/-10]
a3800b64f8 nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer [1 file, +1/-1]
94d5ad7b41 udp: Fix multiple wraparounds of sk->sk_rmem_alloc. [1 file, +17/-9]
a116b271bf udp: Fix memory accounting leak. [1 file, +7/-9]
47744d0d5f vsock: avoid timeout during connect() if the socket is closing [1 file, +5/-1]
9539c1721a tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). [2 files, +1/-7]
92a5c18513 net: decrease cached dst counters in dst_release [1 file, +8/-0]
de579015d1 ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS [1 file, +25/-12]
2952776c69 net: fix geneve_opt length integer overflow [4 files, +4/-4]
1eb36a2cdf ipv6: Start path selection from the first nexthop [1 file, +35/-3]
f4fea25f5c ipv6: Do not consider link down nexthops in path selection [1 file, +4/-2]
e9c9288072 perf/core: Fix child_total_time_enabled accounting bug at task exit [1 file, +9/-9]
387dc88c2c tracing: Switch trace_events_hist.c code over to use guard() [1 file, +10/-22]
fe87f8d3a5 tracing/hist: Add poll(POLLIN) support on hist file [3 files, +95/-3]
eecb62a24b tracing/hist: Support POLLPRI event for poll on histogram [1 file, +26/-3]
ef79f2dec7 tracing: Correct the refcount if the hist/hist_debug file fails to open [1 file, +18/-6]
39bc1484eb cgroup/rstat: Tracking cgroup-level niced CPU time [2 files, +15/-5]
3501677651 cgroup/rstat: Fix forceidle time in cpu.stat [1 file, +13/-16]
d689645cd1 usbnet:fix NPE during rx_complete [1 file, +3/-3]
49b0a6ab8e exfat: fix random stack corruption after get_block [1 file, +33/-6]
37c9875c17 exfat: fix potential wrong error return from get_block [1 file, +2/-0]
cffc2a6718 tracing: Ensure module defining synth event cannot be unloaded while tracing [1 file, +29/-1]
33052e7f52 tracing: Fix synth event printk format for str fields [1 file, +1/-1]
2e877ff349 mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs [1 file, +3/-0]
13d6f8ba50 ext4: don't over-report free space or inodes in statvfs [1 file, +17/-10]
b47584c556 ext4: fix OOB read when checking dotdot dir [1 file, +3/-0]
e2d8e7bd33 exec: fix the racy usage of fs_struct->in_exec [1 file, +9/-6]
625e9b91eb tracing: Do not use PERF enums when perf is not defined [1 file, +6/-2]
Changes in 6.12.23
watch_queue: fix pipe accounting mismatch
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
cpufreq: scpi: compare kHz instead of Hz
smack: dont compile ipv6 code unless ipv6 is configured
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
sched: Cancel the slice protection of the idle entity
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
x86/fpu: Fix guest FPU state buffer allocation size
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
x86/platform: Only allow CONFIG_EISA for 32-bit
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
PM: sleep: Adjust check before setting power.must_resume
cpufreq: tegra194: Allow building for Tegra234
RISC-V: KVM: Disable the kernel perf counter during configure
kunit/stackinit: Use fill byte different from Clang i386 pattern
watchdog/hardlockup/perf: Fix perf_event memory leak
selinux: Chain up tool resolving errors in install_policy.sh
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
thermal: int340x: Add NULL check for adev
PM: sleep: Fix handling devices with direct_complete set on errors
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
x86/traps: Make exc_double_fault() consistently noreturn
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
x86/entry: Add __init to ia32_emulation_override_cmdline()
regulator: pca9450: Fix enable register for LDO5
auxdisplay: MAX6959 should select BITREVERSE
media: verisilicon: HEVC: Initialize start_bit field
media: platform: allgro-dvt: unregister v4l2_device on the error path
auxdisplay: panel: Fix an API misuse in panel.c
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
platform/x86: dell-ddv: Fix temperature calculation
ASoC: cs35l41: check the return value from spi_setup()
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
dt-bindings: vendor-prefixes: add GOcontroll
ALSA: hda/realtek: Always honor no_shutup_pins
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
ALSA: timer: Don't take register_mutex with copy_from/to_user()
drm/bridge: ti-sn65dsi86: Fix multiple instances
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
drm/ssd130x: fix ssd132x encoding
drm/ssd130x: ensure ssd132x pitch is correct
drm/dp_mst: Fix drm RAD print
drm/bridge: it6505: fix HDCP V match check is not performed correctly
drm: xlnx: zynqmp: Fix max dma segment size
drm/vkms: Fix use after free and double free on init error
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
drm/amdgpu: refine smu send msg debug log format
drm/amdgpu/umsch: fix ucode check
PCI: Use downstream bridges for distributing resources
PCI: Remove add_align overwrite unrelated to size0
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
PCI/ASPM: Fix link state exit during switch upstream function removal
drm/panel: ilitek-ili9882t: fix GPIO name in error message
PCI/ACS: Fix 'pci=config_acs=' parameter
drm/amd/display: fix an indent issue in DML21
drm/msm/dpu: don't use active in atomic_check()
drm/msm/dsi/phy: Program clock inverters in correct register
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
PCI: brcmstb: Set generation limit before PCIe link up
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
PCI/portdrv: Only disable pciehp interrupts early when needed
PCI: Avoid reset when disabled via sysfs
drm/panthor: Update CS_STATUS_ defines to correct values
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
PCI: Remove stray put_device() in pci_register_host_bridge()
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
drm/mediatek: Fix config_updating flag never false when no mbox channel
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
drm/amd/display: avoid NPD when ASIC does not support DMUB
PCI: dwc: ep: Return -ENOMEM for allocation failures
PCI: histb: Fix an error handling path in histb_pcie_probe()
PCI: Fix BAR resizing when VF BARs are assigned
PCI: pciehp: Don't enable HPIE when resuming in poll mode
fbdev: au1100fb: Move a variable assignment behind a null pointer check
dummycon: fix default rows/cols
mdacon: rework dependency list
fbdev: sm501fb: Add some geometry checks.
crypto: iaa - Test the correct request flag
crypto: qat - set parity error mask for qat_420xx
crypto: tegra - Use separate buffer for setkey
crypto: tegra - check return value for hash do_one_req
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
crypto: tegra - Use HMAC fallback when keyslots are full
clk: amlogic: gxbb: drop incorrect flag on 32k clock
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
RDMA/mlx5: Fix page_size variable overflow
remoteproc: core: Clear table_sz when rproc_shutdown
of: property: Increase NR_FWNODE_REFERENCE_ARGS
pinctrl: renesas: rzg2l: Suppress binding attributes
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
selftests/bpf: Fix string read in strncmp benchmark
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
clk: samsung: Fix UBSAN panic in samsung_clk_init()
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
crypto: tegra - Fix CMAC intermediate result handling
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
s390: Remove ioremap_wt() and pgprot_writethrough()
RDMA/mana_ib: Ensure variable err is initialized
crypto: tegra - Set IV to NULL explicitly for AES ECB
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
bpf: Use preempt_count() directly in bpf_send_signal_common()
lib: 842: Improve error handling in sw842_compress()
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
RDMA/mlx5: Fix MR cache initialization error flow
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
RDMA/core: Don't expose hw_counters outside of init net namespace
RDMA/mlx5: Fix calculation of total invalidated pages
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
power: supply: bq27xxx_battery: do not update cached flags prematurely
crypto: api - Fix larval relookup type and mask
IB/mad: Check available slots before posting receive WRs
pinctrl: tegra: Set SFIO mode to Mux Register
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
selftests/bpf: Select NUMA_NO_NODE to create map
rust: fix signature of rust_fmt_argument
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
crypto: qat - remove access to parity register for QAT GEN4
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
clk: amlogic: g12a: fix mmc A peripheral clock
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
power: supply: max77693: Fix wrong conversion of charge input threshold value
crypto: nx - Fix uninitialised hv_nxc on error
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
bpf: Fix array bounds error with may_goto
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
mfd: sm501: Switch to BIT() to mitigate integer overflows
leds: Fix LED_OFF brightness race
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
RDMA/core: Fix use-after-free when rename device name
crypto: hisilicon/sec2 - fix for aead auth key length
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
perf stat: Fix find_stat for mixed legacy/non-legacy events
perf: Always feature test reallocarray
w1: fix NULL pointer dereference in probe
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
soundwire: slave: fix an OF node reference leak in soundwire slave device
perf report: Switch data file correctly in TUI
greybus: gb-beagleplay: Add error handling for gb_greybus_init
coresight: catu: Fix number of pages while using 64k pages
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
coresight-etm4x: add isb() before reading the TRCSTATR
perf pmu: Don't double count common sysfs and json events
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
perf build: Fix in-tree build due to symbolic link
ucsi_ccg: Don't show failed to get FW build information error
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
iio: backend: make sure to NULL terminate stack buffer
perf arm-spe: Fix load-store operation checking
perf bench: Fix perf bench syscall loop count
usb: xhci: correct debug message page size calculation
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
dmaengine: fsl-edma: free irq correctly in remove path
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
iio: adc: ad7173: Fix comparison of channel configs
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
iio: light: Add check for array bounds in veml6075_read_int_time_ms
perf debug: Avoid stack overflow in recursive error message
perf evlist: Add success path to evlist__create_syswide_maps
perf units: Fix insufficient array space
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
kexec: initialize ELF lowest address to ULONG_MAX
ocfs2: validate l_tree_depth to avoid out-of-bounds access
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
NFS: fix open_owner_id_maxsz and related fields.
fuse: fix dax truncate/punch_hole fault path
selftests/mm/cow: fix the incorrect error handling
um: Pass the correct Rust target and options with gcc
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
i3c: master: svc: Fix missing the IBI rules
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
perf dso: fix dso__is_kallsyms() check
perf: intel-tpebs: Fix incorrect usage of zfree()
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
staging: vchiq_arm: Register debugfs after cdev
staging: vchiq_arm: Fix possible NPR of keep-alive thread
tty: n_tty: use uint for space returned by tty_write_room()
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
fs/procfs: fix the comment above proc_pid_wchan()
perf tools: annotate asm_pure_loop.S
perf bpf-filter: Fix a parsing error with comma
thermal: core: Remove duplicate struct declaration
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
NFS: Shut down the nfs_client only after all the superblocks
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
exfat: fix the infinite loop in exfat_find_last_cluster()
exfat: fix missing shutdown check
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
rndis_host: Flag RNDIS modems as WWAN devices
ksmbd: use aead_request_free to match aead_request_alloc
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
net/mlx5e: SHAMPO, Make reserved size independent of page size
ring-buffer: Fix bytes_dropped calculation issue
objtool: Fix segfault in ignore_unreachable_insn()
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
LoongArch: Rework the arch_kgdb_breakpoint() implementation
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
net: phy: broadcom: Correct BCM5221 PHY model detection
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
objtool/loongarch: Add unwind hints in prepare_frametrace()
nfs: Add missing release on error in nfs_lock_and_join_requests()
wifi: mac80211: Cleanup sta TXQs on flush
wifi: mac80211: remove debugfs dir for virtual monitor
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: iwlwifi: mvm: use the right version of the rate API
nvme-tcp: fix possible UAF in nvme_tcp_poll
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
wifi: brcmfmac: keep power during suspend if board requires it
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
ALSA: hda/realtek: Fix Asus Z13 2025 audio
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
perf/core: Fix perf_pmu_register() vs. perf_init_event()
smb: common: change the data type of num_aces to le16
cifs: fix incorrect validation for num_aces field of smb_acl
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
platform/x86/intel/vsec: Add Diamond Rapids support
net: dsa: rtl8366rb: don't prompt users for LED control
HID: i2c-hid: improve i2c_hid_get_report error message
platform/x86/amd/pmf: Propagate PMF-TA return codes
platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA
exfat: add a check for invalid data size
ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
sched/deadline: Use online cpus for validating runtime
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius
ASoC: rt1320: set wake_capable = 0 explicitly
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
wifi: mac80211: fix SA Query processing in MLO
locking/semaphore: Use wake_q to wake up processes outside lock critical section
x86/hyperv: Fix output argument to hypercall that changes page visibility
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
nvme-pci: fix stuck reset on concurrent DPC and HP
drm/amd: Keep display off while going into S4
net: devmem: do not WARN conditionally after netdev_rx_queue_restart()
selftests: netfilter: skip br_netfilter queue tests if kernel is tainted
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
can: statistics: use atomic access in hot path
memory: omap-gpmc: drop no compatible check
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
fs/9p: fix NULL pointer dereference on mkdir
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
ntb: intel: Fix using link status DB's
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
RISC-V: errata: Use medany for relocatable builds
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
ublk: make sure ubq->canceling is set when queue is frozen
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
riscv/purgatory: 4B align purgatory_start
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
ASoC: imx-card: Add NULL check in imx_card_probe()
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
e1000e: change k1 configuration on MTP and later platforms
idpf: fix adapter NULL pointer dereference on reboot
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
netfilter: nf_tables: don't unregister hook when table is dormant
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
net_sched: skbprio: Remove overly strict queue assertions
sctp: add mutual exclusion in proc_sctp_do_udp_port()
net: mvpp2: Prevent parser TCAM memory corruption
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
udp: Fix memory accounting leak.
vsock: avoid timeout during connect() if the socket is closing
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
net: decrease cached dst counters in dst_release
netfilter: nft_tunnel: fix geneve_opt type confusion addition
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
net: fix geneve_opt length integer overflow
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
arcnet: Add NULL check in com20020pci_probe()
net: ibmveth: make veth_pool_store stop hanging
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
drm/amdgpu/gfx11: fix num_mec
drm/amdgpu/gfx12: fix num_mec
perf/core: Fix child_total_time_enabled accounting bug at task exit
tools/power turbostat: report CoreThr per measurement interval
tracing: Switch trace_events_hist.c code over to use guard()
tracing/hist: Add poll(POLLIN) support on hist file
tracing/hist: Support POLLPRI event for poll on histogram
tracing: Correct the refcount if the hist/hist_debug file fails to open
cgroup/rstat: Tracking cgroup-level niced CPU time
cgroup/rstat: Fix forceidle time in cpu.stat
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
tty: serial: fsl_lpuart: use port struct directly to simply code
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
wifi: mac80211: Fix sparse warning for monitor_sdata
usbnet:fix NPE during rx_complete
rust: Fix enabling Rust and building with GCC for LoongArch
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: Increase MAX_IO_PICS up to 8
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
x86/hyperv: Fix check of return value from snp_set_vmsa()
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
x86/mce: use is_copy_from_user() to determine copy-from-user context
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
platform/x86: ISST: Correct command storage data length
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
perf/x86/intel: Apply static call for drain_pebs
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
uprobes/x86: Harden uretprobe syscall trampoline check
idpf: Don't hard code napi_struct size
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
wifi: mt76: mt7925: remove unused acpi function for clc
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
media: omap3isp: Handle ARM dma_iommu_mapping
Remove unnecessary firmware version check for gc v9_4_2
mmc: omap: Fix memory leak in mmc_omap_new_slot
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
ksmbd: add bounds check for durable handle context
ksmbd: add bounds check for create lease context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: fix overflow in dacloffset bounds check
ksmbd: validate zero num_subauth before sub_auth is accessed
ksmbd: fix null pointer dereference in alloc_preauth_hash()
exfat: fix random stack corruption after get_block
exfat: fix potential wrong error return from get_block
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
arm64: Don't call NULL in do_compat_alignment_fixup()
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
ext4: don't over-report free space or inodes in statvfs
ext4: fix OOB read when checking dotdot dir
jfs: fix slab-out-of-bounds read in ea_get()
jfs: add index corruption check to DT_GETPAGE()
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
exec: fix the racy usage of fs_struct->in_exec
media: vimc: skip .s_stream() for stopped entities
media: streamzap: fix race between device disconnection and urb callback
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
nfsd: put dl_stid if fail to queue dl_recall
nfsd: fix management of listener transports
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
tracing: Do not use PERF enums when perf is not defined
platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
Linux 6.12.23
Change-Id: I007dc80a847f3232a2d12c056a74d16d2ab92b29
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 75 out of 419 changes, affecting 91 files +700/-304
38a1aa02b9 exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case [2 files, +29/-4]
e5ff8d825d sched: Don't try to catch up excess steal time. [1 file, +4/-2]
404e5fd918 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX [1 file, +1/-1]
b006aadf72 drm/connector: add mutex to protect ELD from concurrent access [3 files, +11/-1]
22a1a75818 ring-buffer: Make reading page consistent with the code logic [1 file, +3/-1]
5c2b1d9386 tun: fix group permission check [1 file, +9/-5]
f4b8bac3cf mmc: core: Respect quirk_max_rate for non-UHS SDIO card [1 file, +2/-0]
e557b15ea2 HID: multitouch: Add quirk for Hantick 5288 touchpad [1 file, +5/-0]
adcb8ce68d HID: Wacom: Add PCI Wacom device support [1 file, +5/-0]
ebb90f23f0 Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync [1 file, +11/-1]
c257c15845 tipc: re-order conditions in tipc_crypto_key_rcv() [1 file, +2/-2]
90778f31ef ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback [1 file, +28/-4]
33a4a9f54a Input: allocate keycode for phone linking [1 file, +1/-0]
57e07d10b3 sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue [1 file, +19/-0]
bc85817e6b nvme: handle connectivity loss in nvme_set_queue_count [1 file, +7/-1]
5eba53a9ea nvme: make nvme_tls_attrs_group static [1 file, +1/-1]
83ebf741aa udp: gso: do not drop small packets when PMTU reduces [3 files, +30/-4]
3139a7024e ethtool: rss: fix hiding unsupported fields in dumps [1 file, +2/-1]
e40cb34b7f pfifo_tail_enqueue: Drop new packet when sch->limit == 0 [1 file, +3/-0]
6312555249 netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() [1 file, +1/-1]
e36364d5d4 tun: revert fix group permission check [1 file, +5/-9]
181b23ca2e net: sched: Fix truncation of offloaded action statistics [1 file, +1/-1]
ac7b5f3e4d drm/client: Handle tiled displays better [1 file, +9/-0]
f735c9d4dc fs/proc: do_task_stat: Fix ESP not readable during coredump [1 file, +1/-1]
5a6520493c arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 [1 file, +4/-4]
c66e5205fd arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() [2 files, +10/-13]
e5251ae5d3 arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled [3 files, +11/-7]
de3ffeb212 KVM: arm64: timer: Always evaluate the need for a soft timer [1 file, +1/-3]
f2f805ada6 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() [1 file, +9/-0]
691218a50c Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc [1 file, +2/-1]
ddfc234761 Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection [1 file, +2/-2]
5a262628f4 seccomp: passthrough uretprobe systemcall without filtering [1 file, +12/-0]
2ce09aabe0 blk-cgroup: Fix class @block_class's subsystem refcount leakage [1 file, +1/-0]
ae959ab075 scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions [1 file, +2/-2]
45ad3c7d62 of: Correct child specifier used as input of the 2nd nexus node [1 file, +1/-1]
e62c630810 of: address: Fix empty resource handling in __of_address_resource_bounds() [1 file, +5/-7]
4e4b3d4926 of: Fix of_find_node_opts_by_path() handling of alias+path+options [1 file, +3/-3]
5b91440ebe of: reserved-memory: Fix using wrong number of cells to get property 'alignment' [1 file, +2/-2]
ed0ad04c68 ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() [1 file, +7/-2]
d0b81ea5a5 dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() [1 file, +3/-11]
68a25ceb11 dm-crypt: track tag_offset in convert_context [1 file, +7/-6]
68f16d3034 block: don't revert iter for -EIOCBQUEUED [1 file, +3/-2]
0a14a2b841 Revert "media: uvcvideo: Require entities to have a non-zero unique ID" [1 file, +27/-43]
3d17a4bbf2 PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() [1 file, +1/-0]
36786d1a45 PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() [1 file, +15/-13]
b5cacfd067 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() [1 file, +21/-1]
9fbac83100 nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk [1 file, +2/-1]
2c4cda456e nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk [1 file, +1/-0]
0c77c0d754 scsi: ufs: core: Fix use-after free in init error and remove paths [4 files, +30/-32]
8db25d4c4a scsi: core: Do not retry I/Os during depopulation [1 file, +7/-2]
c287f18f64 rv: Reset per-task monitors also for idle tasks [1 file, +4/-0]
e456a88bdd hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING [2 files, +83/-21]
2a54e8f118 kfence: skip __GFP_THISNODE allocations on NUMA systems [1 file, +2/-0]
b64b773087 soc: qcom: smem_state: fix missing of_node_put in error path [1 file, +2/-1]
5100391aca media: mc: fix endpoint iteration [1 file, +1/-1]
d2eac8b14a media: uvcvideo: Fix crash during unbind if gpio unit is in use [2 files, +22/-7]
4f534dd576 media: uvcvideo: Fix event flags in uvc_ctrl_send_events [1 file, +2/-2]
ac7737ed9a media: uvcvideo: Support partial control reads [1 file, +21/-0]
34fb9eb31d media: uvcvideo: Only save async fh if success [1 file, +11/-7]
e8a650dbc7 media: uvcvideo: Remove redundant NULL assignment [1 file, +1/-3]
438bda062b media: uvcvideo: Remove dangling pointers [3 files, +67/-3]
a403eca86c mm: gup: fix infinite loop within __get_longterm_locked [1 file, +4/-10]
4b69308314 mm/vmscan: accumulate nr_demoted for accurate demotion statistics [1 file, +4/-3]
4491159774 mm/compaction: fix UBSAN shift-out-of-bounds warning [1 file, +2/-1]
2c3109dcda nvmem: core: improve range check for nvmem_cell_write() [1 file, +2/-0]
35ae7910c3 io_uring: fix multishots with selected buffers [1 file, +2/-0]
be985aea92 io_uring/net: don't retry connect operation on EPOLLERR [2 files, +7/-0]
e398619920 i3c: master: Fix missing 'ret' assignment in set_speed() [1 file, +1/-1]
8b4120b3e0 misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors [1 file, +30/-9]
19fc795e9d maple_tree: simplify split calculation [1 file, +6/-17]
8441aea464 ptp: Ensure info->enable callback is always set [1 file, +8/-0]
c6dd70e5b4 timers/migration: Fix off-by-one root mis-connection [1 file, +9/-1]
45439a8b11 fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() [1 file, +4/-0]
7db0365ee6 fs: fix adding security options to statmount.mnt_opt [1 file, +14/-15]
d49c64c1d7 statmount: let unset strings be empty [1 file, +12/-4]
Changes in 6.12.14
irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI
btrfs: fix assertion failure when splitting ordered extent after transaction abort
btrfs: do not output error message if a qgroup has been already cleaned up
btrfs: fix use-after-free when attempting to join an aborted transaction
arm64/mm: Ensure adequate HUGE_MAX_HSTATE
exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
s390/stackleak: Use exrl instead of ex in __stackleak_poison()
btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents()
btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
sched: Don't try to catch up excess steal time.
x86: Convert unreachable() to BUG()
locking/ww_mutex/test: Use swap() macro
lockdep: Fix upper limit for LOCKDEP_*_BITS configs
x86/amd_nb: Restrict init function to AMD-based systems
drm/virtio: New fence for every plane update
drm: Add panel backlight quirks
drm: panel-backlight-quirks: Add Framework 13 matte panel
drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels
nvkm/gsp: correctly advance the read pointer of GSP message queue
nvkm: correctly calculate the available space of the GSP cmdq buffer
drm/tests: hdmi: handle empty modes in find_preferred_mode()
drm/tests: hdmi: return meaningful value from set_connector_edid()
drm/amd/display: Populate chroma prefetch parameters, DET buffer fix
drm/amd/display: Overwriting dualDPP UBF values before usage
printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
drm/connector: add mutex to protect ELD from concurrent access
drm/bridge: anx7625: use eld_mutex to protect access to connector->eld
drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld
drm/amd/display: use eld_mutex to protect access to connector->eld
drm/exynos: hdmi: use eld_mutex to protect access to connector->eld
drm/radeon: use eld_mutex to protect access to connector->eld
drm/sti: hdmi: use eld_mutex to protect access to connector->eld
drm/vc4: hdmi: use eld_mutex to protect access to connector->eld
drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt
drm/amdkfd: Queue interrupt work to different CPU
drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
drm/bridge: it6505: fix HDCP Bstatus check
drm/bridge: it6505: fix HDCP encryption when R0 ready
drm/bridge: it6505: fix HDCP CTS compare V matching
drm/bridge: it6505: fix HDCP CTS KSV list wait timer
safesetid: check size of policy writes
drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang
drm/amd/display: Limit Scaling Ratio on DCN3.01
ring-buffer: Make reading page consistent with the code logic
wifi: rtw89: add crystal_cap check to avoid setting as overflow value
tun: fix group permission check
mmc: core: Respect quirk_max_rate for non-UHS SDIO card
mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G
wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
tomoyo: don't emit warning in tomoyo_write_control()
mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
wifi: rtw88: add __packed attribute to efuse layout struct
clk: qcom: Make GCC_8150 depend on QCOM_GDSC
HID: multitouch: Add quirk for Hantick 5288 touchpad
HID: Wacom: Add PCI Wacom device support
net/mlx5: use do_aux_work for PHC overflow checks
wifi: brcmfmac: Check the return value of of_property_read_string_index()
wifi: iwlwifi: pcie: Add support for new device ids
wifi: iwlwifi: avoid memory leak
i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
APEI: GHES: Have GHES honor the panic= setting
Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922
Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925
Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
net: wwan: iosm: Fix hibernation by re-binding the driver around it
HID: hid-asus: Disable OOBE mode on the ProArt P16
mmc: sdhci-msm: Correctly set the load for the regulator
octeon_ep: update tx/rx stats locally for persistence
octeon_ep_vf: update tx/rx stats locally for persistence
tipc: re-order conditions in tipc_crypto_key_rcv()
selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path
ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
x86/kexec: Allocate PGD for x86_64 transition page tables separately
ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7
iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible
iommu/arm-smmu-v3: Clean up more on probe failure
platform/x86: int3472: Check for adev == NULL
platform/x86: acer-wmi: Add support for Acer PH14-51
ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
platform/x86: acer-wmi: Add support for Acer Predator PH16-72
ASoC: amd: Add ACPI dependency to fix build error
Input: allocate keycode for phone linking
platform/x86: acer-wmi: add support for Acer Nitro AN515-58
platform/x86: acer-wmi: Ignore AC events
KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()
KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock
KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
KVM: e500: always restore irqs
drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation
xfs: report realtime block quota limits on realtime directories
xfs: don't over-report free space or inodes in statvfs
tty: xilinx_uartps: split sysrq handling
tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN
platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL
sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue
nvme: handle connectivity loss in nvme_set_queue_count
firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
gpu: drm_dp_cec: fix broken CEC adapter properties check
ice: put Rx buffers after being done with current frame
ice: gather page_count()'s of each frag right before XDP prog call
ice: stop storing XDP verdict within ice_rx_buf
nvme: make nvme_tls_attrs_group static
nvme-fc: use ctrl state getter
net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN
ice: Add check for devm_kzalloc()
vmxnet3: Fix tx queue race condition with XDP
tg3: Disable tg3 PCIe AER on system reboot
udp: gso: do not drop small packets when PMTU reduces
drm/i915/dp: fix the Adaptive sync Operation mode for SDP
ethtool: rss: fix hiding unsupported fields in dumps
rxrpc: Fix the rxrpc_connection attend queue handling
gpio: pca953x: Improve interrupt support
net: atlantic: fix warning during hot unplug
net: rose: lock the socket in rose_bind()
gpio: sim: lock hog configfs items if present
x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
x86/xen: add FRAME_END to xen_hypercall_hvm()
ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
pfifo_tail_enqueue: Drop new packet when sch->limit == 0
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
tun: revert fix group permission check
net: sched: Fix truncation of offloaded action statistics
rxrpc: Fix call state set to not include the SERVER_SECURING state
cpufreq: fix using cpufreq-dt as module
cpufreq: s3c64xx: Fix compilation warning
leds: lp8860: Write full EEPROM, not only half of it
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
cifs: Remove intermediate object of failed create SFU call
drm/modeset: Handle tiled displays in pan_display_atomic.
drm/client: Handle tiled displays better
smb: client: fix order of arguments of tracepoints
smb: client: change lease epoch type from unsigned int to __u16
md: reintroduce md-linear
s390/futex: Fix FUTEX_OP_ANDN implementation
arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented
m68k: vga: Fix I/O defines
fs/proc: do_task_stat: Fix ESP not readable during coredump
binfmt_flat: Fix integer overflow bug on 32 bit systems
accel/ivpu: Fix Qemu crash when running in passthrough
arm64/kvm: Configure HYP TCR.PS/DS based on host stage1
arm64/mm: Override PARange for !LPA2 and use it consistently
arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()
arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled
KVM: arm64: timer: Always evaluate the need for a soft timer
drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
remoteproc: omap: Handle ARM dma_iommu_mapping
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
kvm: defer huge page recovery vhost task to later
KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
ksmbd: fix integer overflows on 32 bit systems
drm/amd/display: Optimize cursor position updates
drm/amd/pm: Mark MM activity as unsupported
drm/amd/amdgpu: change the config of cgcg on gfx12
drm/amdkfd: only flush the validate MES contex
drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1
Revert "drm/amd/display: Use HW lock mgr for PSR1"
drm/i915/guc: Debug print LRC state entries only if the context is pinned
drm/i915: Fix page cleanup on DMA remap failure
drm/komeda: Add check for komeda_get_layer_fourcc_list()
drm/xe/devcoredump: Move exec queue snapshot to Contexts section
drm/i915/dp: Iterate DSC BPP from high to low on all platforms
drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan
drm/amd/display: Fix seamless boot sequence
Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y
clk: sunxi-ng: a100: enable MMC clock reparenting
clk: mmp2: call pm_genpd_init() only after genpd.name is set
media: i2c: ds90ub960: Fix UB9702 refclk register access
clk: clk-loongson2: Fix the number count of clk provider
clk: qcom: clk-alpha-pll: fix alpha mode configuration
clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable()
clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable()
clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe
clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe
clk: mediatek: mt2701-bdp: add missing dummy clk
clk: mediatek: mt2701-img: add missing dummy clk
clk: mediatek: mt2701-mm: add missing dummy clk
seccomp: passthrough uretprobe systemcall without filtering
blk-cgroup: Fix class @block_class's subsystem refcount leakage
efi: libstub: Use '-std=gnu11' to fix build with GCC 15
perf bench: Fix undefined behavior in cmpworker()
scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
of: Correct child specifier used as input of the 2nd nexus node
of: address: Fix empty resource handling in __of_address_resource_bounds()
of: Fix of_find_node_opts_by_path() handling of alias+path+options
of: reserved-memory: Fix using wrong number of cells to get property 'alignment'
Input: bbnsm_pwrkey - add remove hook
HID: hid-sensor-hub: don't use stale platform-data on remove
ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg()
atomic64: Use arch_spin_locks instead of raw_spin_locks
wifi: rtlwifi: rtl8821ae: Fix media status report
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH
wifi: rtw88: sdio: Fix disconnection after beacon loss
wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916
wifi: rtw88: 8703b: Fix RX/TX issues
usb: gadget: f_tcm: Translate error to sense
usb: gadget: f_tcm: Decrement command ref count on cleanup
usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
usb: gadget: f_tcm: Don't prepare BOT write request twice
usbnet: ipheth: fix possible overflow in DPE length check
usbnet: ipheth: use static NDP16 location in URB
usbnet: ipheth: check that DPE points past NCM header
usbnet: ipheth: refactor NCM datagram loop
usbnet: ipheth: break up NCM header size computation
usbnet: ipheth: fix DPE OoB read
usbnet: ipheth: document scope of NCM implementation
arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts
ASoC: acp: Support microphone from Lenovo Go S
soc: qcom: socinfo: Avoid out of bounds read of serial number
serial: sh-sci: Drop __initdata macro for port_cfg
serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use
MIPS: Loongson64: remove ROM Size unit in boardinfo
LoongArch: Extend the maximum number of watchpoints
powerpc/pseries/eeh: Fix get PE state translation
dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
dm-crypt: track tag_offset in convert_context
mips/math-emu: fix emulation of the prefx instruction
MIPS: pci-legacy: Override pci_address_to_pio
Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT"
block: don't revert iter for -EIOCBQUEUED
Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available()
firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
ALSA: hda/realtek: Enable headset mic on Positivo C6400
ALSA: hda/realtek: Fix quirk matching for Legion Pro 7
ALSA: hda: Fix headset detection failure due to unstable sort
arm64: tegra: Fix Tegra234 PCIe interrupt-map
s390/pci: Fix SR-IOV for PFs initially in standby
PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar()
PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking
scsi: st: Don't set pos_unknown just after device recognition
scsi: qla2xxx: Move FCE Trace buffer allocation to user control
scsi: ufs: qcom: Fix crypto key eviction
scsi: ufs: core: Fix use-after free in init error and remove paths
scsi: storvsc: Set correct data length for sending SCSI command without payload
scsi: core: Do not retry I/Os during depopulation
kbuild: Move -Wenum-enum-conversion to W=2
rust: init: use explicit ABI to clean warning in future compilers
x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0
x86/acpi: Fix LAPIC/x2APIC parsing order
x86/boot: Use '-std=gnu11' to fix build with GCC 15
ubi: Add a check for ubi_num
ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
ARM: dts: ti/omap: gta04: fix pm issues caused by spi module
arm64: dts: mediatek: mt8183: Disable DPI display output by default
arm64: dts: qcom: sdx75: Fix MPSS memory length
arm64: dts: qcom: x1e80100: Fix ADSP memory base and length
arm64: dts: qcom: x1e80100: Fix CDSP memory length
arm64: dts: qcom: sm6115: Fix MPSS memory length
arm64: dts: qcom: sm6115: Fix CDSP memory length
arm64: dts: qcom: sm6115: Fix ADSP memory base and length
arm64: dts: qcom: sm6350: Fix ADSP memory length
arm64: dts: qcom: sm6350: Fix MPSS memory length
arm64: dts: qcom: sm6350: Fix uart1 interconnect path
arm64: dts: qcom: sm6375: Fix ADSP memory length
arm64: dts: qcom: sm6375: Fix CDSP memory base and length
arm64: dts: qcom: sm6375: Fix MPSS memory base and length
arm64: dts: qcom: sm8350: Fix ADSP memory base and length
arm64: dts: qcom: sm8350: Fix CDSP memory base and length
arm64: dts: qcom: sm8350: Fix MPSS memory length
arm64: dts: qcom: sm8450: Fix ADSP memory base and length
arm64: dts: qcom: sm8450: Fix CDSP memory length
arm64: dts: qcom: sm8450: Fix MPSS memory length
arm64: dts: qcom: sm8550: Fix ADSP memory base and length
arm64: dts: qcom: sm8550: Fix CDSP memory length
arm64: dts: qcom: sm8550: Fix MPSS memory length
arm64: dts: qcom: sm8650: Fix ADSP memory base and length
arm64: dts: qcom: sm8650: Fix CDSP memory length
arm64: dts: qcom: sm8650: Fix MPSS memory length
arm64: dts: qcom: sm8550: correct MDSS interconnects
arm64: dts: qcom: sm8650: correct MDSS interconnects
crypto: qce - fix priority to be less than ARMv8 CE
arm64: tegra: Fix typo in Tegra234 dce-fabric compatible
arm64: tegra: Disable Tegra234 sce-fabric node
parisc: Temporarily disable jump label support
pwm: microchip-core: fix incorrect comparison with max period
xfs: don't call remap_verify_area with sb write protection held
xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end
xfs: Add error handling for xfs_reflink_cancel_cow_range
accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails
ACPI: PRM: Remove unnecessary strict handler address checks
tpm: Change to kvalloc() in eventlog/acpi.c
rv: Reset per-task monitors also for idle tasks
hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
iommufd: Fix struct iommu_hwpt_pgfault init and padding
kfence: skip __GFP_THISNODE allocations on NUMA systems
media: ccs: Clean up parsed CCS static data on parse failure
mm/hugetlb: fix avoid_reserve to allow taking folio from subpool
iio: light: as73211: fix channel handling in only-color triggered buffer
iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding
iommufd/fault: Destroy response and mutex in iommufd_fault_destroy()
iommufd/fault: Use a separate spinlock to protect fault->deliver list
soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic()
soc: mediatek: mtk-devapc: Fix leaking IO map on error paths
soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove
soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1
soc: qcom: smem_state: fix missing of_node_put in error path
media: mmp: Bring back registration of the device
media: mc: fix endpoint iteration
media: nuvoton: Fix an error check in npcm_video_ece_init()
media: imx296: Add standby delay during probe
media: intel/ipu6: remove cpu latency qos request on error
media: ov5640: fix get_light_freq on auto
media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value
media: ccs: Fix CCS static data parsing for large block sizes
media: ccs: Fix cleanup order in ccs_probe()
media: i2c: ds90ub9x3: Fix extra fwnode_handle_put()
media: i2c: ds90ub960: Fix use of non-existing registers on UB9702
media: i2c: ds90ub960: Fix UB9702 VC map
media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702
media: uvcvideo: Fix crash during unbind if gpio unit is in use
media: uvcvideo: Fix event flags in uvc_ctrl_send_events
media: uvcvideo: Support partial control reads
media: uvcvideo: Only save async fh if success
media: uvcvideo: Remove redundant NULL assignment
media: uvcvideo: Remove dangling pointers
mm: kmemleak: fix upper boundary check for physical address objects
mm: gup: fix infinite loop within __get_longterm_locked
mm/vmscan: accumulate nr_demoted for accurate demotion statistics
mm/hugetlb: fix hugepage allocation for interleaved memory nodes
mm/compaction: fix UBSAN shift-out-of-bounds warning
ata: libata-sff: Ensure that we cannot write outside the allocated buffer
irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data
crypto: qce - fix goto jump in error path
crypto: qce - unregister previously registered algos in error path
ceph: fix memory leak in ceph_mds_auth_match()
nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
nvmem: core: improve range check for nvmem_cell_write()
nvmem: imx-ocotp-ele: simplify read beyond device check
nvmem: imx-ocotp-ele: fix MAC address byte order
nvmem: imx-ocotp-ele: fix reading from non zero offset
nvmem: imx-ocotp-ele: set word length to 1
io_uring: fix multishots with selected buffers
io_uring/net: don't retry connect operation on EPOLLERR
vfio/platform: check the bounds of read/write syscalls
selftests: mptcp: connect: -f: no reconnect
pnfs/flexfiles: retry getting layout segment for reads
ocfs2: fix incorrect CPU endianness conversion causing mount failure
ocfs2: handle a symlink read error correctly
nilfs2: fix possible int overflows in nilfs_fiemap()
nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it
NFSD: Encode COMPOUND operation status on page boundaries
mailbox: tegra-hsp: Clear mailbox before using message
mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe()
NFC: nci: Add bounds checking in nci_hci_create_pipe()
fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT
i3c: master: Fix missing 'ret' assignment in set_speed()
irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
mtd: onenand: Fix uninitialized retlen in do_otp_read()
misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors
misc: fastrpc: Deregister device nodes properly in error scenarios
misc: fastrpc: Fix registered buffer page address
misc: fastrpc: Fix copy buffer page size
net/ncsi: wait for the last response to Deselect Package before configuring channel
net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
maple_tree: simplify split calculation
scripts/gdb: fix aarch64 userspace detection in get_current_task
tracing/osnoise: Fix resetting of tracepoints
rtla/osnoise: Distinguish missing workload option
rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads
rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads
rtla: Add trace_instance_stop
rtla/timerlat_hist: Stop timerlat tracer on signal
rtla/timerlat_top: Stop timerlat tracer on signal
pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails
pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E
ptp: Ensure info->enable callback is always set
RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
rtc: zynqmp: Fix optional clock name property
timers/migration: Fix off-by-one root mis-connection
s390/fpu: Add fpc exception handler / remove fixup section again
MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
xfs: avoid nested calls to __xfs_trans_commit
xfs: don't lose solo superblock counter update transactions
xfs: separate dquot buffer reads from xfs_dqflush
xfs: clean up log item accesses in xfs_qm_dqflush{,_done}
xfs: attach dquot buffer to dquot log item buffer
xfs: convert quotacheck to attach dquot buffers
xfs: release the dquot buf outside of qli_lock
xfs: lock dquot buffer before detaching dquot from b_li_list
xfs: fix mount hang during primary superblock recovery failure
spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families
spi: atmel-qspi: Memory barriers after memory-mapped I/O
Revert "btrfs: avoid monopolizing a core when activating a swap file"
btrfs: avoid monopolizing a core when activating a swap file
mptcp: prevent excessive coalescing on receive
x86/mm: Convert unreachable() to BUG()
md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add()
md: Fix linear_set_limits()
Revert "selftests/sched_ext: fix build after renames in sched_ext API"
Revert "drm/amd/display: Fix green screen issue after suspend"
drm/xe: Fix and re-enable xe_print_blob_ascii85()
fs: prepend statmount.mnt_opts string with security_sb_mnt_opts()
fs: fix adding security options to statmount.mnt_opt
statmount: let unset strings be empty
arm64: dts: rockchip: add reset-names for combphy on rk3568
ocfs2: check dir i_size in ocfs2_find_entry
Linux 6.12.14
Change-Id: Id4141bfc8ee9a6320b056561aa528228e7a3f1df
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 543841d1806029889c2f69f040e88b247aba8e22 ]
Zbigniew mentioned at Linux Plumber's that systemd is interested in
switching to execveat() for service execution, but can't, because the
contents of /proc/pid/comm are the file descriptor which was used,
instead of the path to the binary[1]. This makes the output of tools like
top and ps useless, especially in a world where most fds are opened
CLOEXEC so the number is truly meaningless.
When the filename passed in is empty (e.g. with AT_EMPTY_PATH), use the
dentry's filename for "comm" instead of using the useless numeral from
the synthetic fdpath construction. This way the actual exec machinery
is unchanged, but cosmetically the comm looks reasonable to admins
investigating things.
Instead of adding TASK_COMM_LEN more bytes to bprm, use one of the unused
flag bits to indicate that we need to set "comm" from the dentry.
Suggested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Suggested-by: Tycho Andersen <tandersen@netflix.com>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://github.com/uapi-group/kernel-features#set-comm-field-before-exec [1]
Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Tested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Kees Cook <kees@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 159 out of 815 changes, affecting 226 files +2434/-822
a11e7e3d2a arm64: probes: Disable kprobes/uprobes on MOPS instructions [2 files, +6/-2]
78de864e8a block/fs: Pass an iocb to generic_atomic_write_valid() [3 files, +7/-7]
cfe3e04e9a fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() [3 files, +19/-14]
63dfd728b3 brd: defer automatic disk creation until module initialization succeeds [1 file, +44/-22]
26cc5063e3 ext4: avoid remount errors with 'abort' mount option [1 file, +8/-3]
fb83b093f7 initramfs: avoid filename buffer overrun [1 file, +15/-0]
de56fa09a0 arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers [1 file, +1/-0]
582d9ed999 nvme-pci: fix freeing of the HMB descriptor table [1 file, +9/-7]
8ae5e37357 loop: fix type of block size [1 file, +3/-3]
7044259018 block: take chunk_sectors into account in bio_split_write_zeroes [1 file, +23/-12]
731d5bdc74 block: fix bio_split_rw_at to take zone_write_granularity into account [1 file, +9/-1]
61832ee7fa ext4: fix race in buffer_head read fault injection [10 files, +29/-29]
9abae59243 nvme-pci: reverse request order in nvme_queue_rqs [1 file, +17/-22]
475404eac5 virtio_blk: reverse request order in virtio_queue_rqs [1 file, +21/-25]
d01d9005fb thermal: core: Initialize thermal zones before registering them [1 file, +1/-1]
933ef9360a thermal: core: Rearrange PM notification code [1 file, +46/-42]
f52dc3c757 thermal: core: Represent suspend-related thermal zone flags as bits [2 files, +12/-10]
39a5ad6b63 thermal: core: Mark thermal zones as initializing to start with [2 files, +14/-3]
79cb9952e1 thermal: core: Fix race between zone registration and system suspend [1 file, +16/-2]
5ced426d97 rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu [1 file, +12/-2]
94f4e7b0eb cleanup: Remove address space of returned pointer [1 file, +2/-2]
5c3a9f6f7f time: Partially revert cleanup on msecs_to_jiffies() documentation [1 file, +1/-1]
b62a8825d3 time: Fix references to _msecs_to_jiffies() handling of values [2 files, +2/-2]
1dfa6c5200 timers: Add missing READ_ONCE() in __run_timer_base() [1 file, +2/-1]
8dbd7603e4 kcsan, seqlock: Fix incorrect assumption in read_seqbegin() [1 file, +1/-11]
0916201308 sched/ext: Remove sched_fork() hack [2 files, +1/-7]
351bb7f9ec soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() [1 file, +2/-1]
c365c1456e efi/libstub: fix efi_parse_options() ignoring the default command line [1 file, +1/-1]
30e42ac0bd tpm: fix signed/unsigned bug when checking event logs [1 file, +9/-8]
dd6ade970d Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" [1 file, +1/-3]
f390525e49 cgroup/bpf: only cgroup v2 can be attached by bpf programs [1 file, +11/-6]
a5b7bc2747 regmap: irq: Set lockdep class for hierarchical IRQ domains [1 file, +4/-0]
9beaff47bc firmware: arm_scpi: Check the DVFS OPP count returned by the firmware [1 file, +3/-0]
e369246067 pwm: Assume a disabled PWM to emit a constant inactive output [1 file, +7/-3]
f9aaa841ac drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused [1 file, +1/-1]
4d8621151b bpf, arm64: Remove garbage frame for struct_ops trampoline [1 file, +31/-16]
aa51be3fa9 bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable [1 file, +15/-0]
3634d4a310 bpf: Mark raw_tp arguments with PTR_MAYBE_NULL [4 files, +87/-9]
e883c475c4 drm: use ATOMIC64_INIT() for atomic64_t [1 file, +1/-1]
bc23584768 netlink: typographical error in nlmsg_type constants definition [1 file, +1/-1]
ce06c450ac bpf, sockmap: Several fixes to bpf_msg_push_data [1 file, +33/-20]
275a9f3ef8 bpf, sockmap: Several fixes to bpf_msg_pop_data [1 file, +9/-6]
08baa3f0a1 bpf, sockmap: Fix sk_msg_reset_curr [1 file, +9/-11]
0e4c6faaef ipv6: release nexthop on device removal [1 file, +3/-3]
36ede57f0c bpf: Allow return values 0 and 1 for kprobe session [1 file, +9/-0]
9ff1b95ccd bpf: Force uprobe bpf program to always return 0 [1 file, +2/-3]
34a949e7a0 ipv6: Fix soft lockups in fib6_select_path under high next hop churn [4 files, +297/-19]
9c44c06123 bpf: Use function pointers count as struct_ops links count [1 file, +25/-10]
449b1a7178 bpf: Add kernel symbol for struct_ops trampoline [4 files, +89/-5]
3397001cfa Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() [1 file, +1/-3]
a58d0f5dac Bluetooth: ISO: Use kref to track lifetime of iso_conn [1 file, +71/-17]
67ead8f86a Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending [4 files, +139/-40]
91d19383b7 Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending [5 files, +125/-16]
1360e5b6ce Bluetooth: ISO: Send BIG Create Sync via hci_sync [2 files, +25/-1]
7b277bd569 Bluetooth: fix use-after-free in device_for_each_child() [1 file, +4/-11]
d5d346deb6 xsk: Free skb when TX metadata options are invalid [1 file, +6/-5]
5036f2f024 erofs: fix file-backed mounts over FUSE [2 files, +7/-4]
679d8537e5 erofs: fix blksize < PAGE_SIZE for file-backed mounts [1 file, +5/-1]
daaf68fef4 erofs: handle NONHEAD !delta[1] lclusters gracefully [1 file, +9/-8]
6b8b9d9b06 netpoll: Use rcu_access_pointer() in netpoll_poll_lock [1 file, +1/-1]
f84c5ef6ca bpf: fix recursive lock when verdict program return SK_PASS [1 file, +2/-2]
89933f8ab3 unicode: Fix utf8_load() error path [1 file, +1/-1]
b746a3afa2 trace/trace_event_perf: remove duplicate samples on the first tracepoint event [1 file, +6/-0]
e691826a3d kasan: move checks to do_strncpy_from_user [1 file, +3/-2]
843d366ff1 zram: fix NULL pointer in comp_algorithm_show() [1 file, +2/-3]
fe6fae61f3 PCI: Fix reset_method_store() memory leak [1 file, +3/-2]
a26ace3c6e f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks [1 file, +1/-1]
9e11b1d5fd f2fs: fix null-ptr-deref in f2fs_submit_page_bio() [1 file, +6/-6]
2bc07714dc virtiofs: use pages instead of pointer for kernel direct IO [3 files, +50/-19]
c31c7b81c1 i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin [1 file, +9/-4]
9b57a3f7e3 f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block [1 file, +1/-1]
abfd2c13ba f2fs: check curseg->inited before write_sum_page in change_curseg [1 file, +2/-1]
5e69964251 f2fs: Fix not used variable 'index' [1 file, +2/-2]
801092a2c9 f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() [3 files, +9/-9]
a16e6f7966 PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported [1 file, +3/-1]
c631207897 f2fs: fix race in concurrent f2fs_stop_gc_thread [1 file, +6/-3]
a10cc033b2 f2fs: fix to map blocks correctly for direct write [1 file, +2/-1]
bbe48e47b9 f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode [1 file, +5/-1]
45438da843 f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow [2 files, +4/-4]
f7f7f22dbb power: supply: core: Remove might_sleep() from power_supply_put() [1 file, +0/-2]
28af028a71 netlink: fix false positive warning in extack during dumps [1 file, +11/-10]
ad6e5bdca3 exfat: fix file being changed by unaligned direct write [1 file, +10/-0]
a487cc8986 net/l2tp: fix warning in l2tp_exit_net found by syzbot [1 file, +19/-3]
cb74207ef9 net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged [1 file, +29/-12]
87819234aa Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync [1 file, +9/-2]
cac34e4428 Bluetooth: MGMT: Fix possible deadlocks [1 file, +18/-9]
6d84502860 tcp: Fix use-after-free of nreq in reqsk_timer_handler(). [1 file, +1/-1]
ead7c1263e ip6mr: fix tables suspicious RCU usage [1 file, +27/-11]
14367e7170 usb: gadget: uvc: wake pump everytime we update the free list [1 file, +4/-0]
f380f895db firmware_loader: Fix possible resource leak in fw_log_firmware_info() [1 file, +2/-3]
98b8725630 f2fs: fix fiemap failure issue when page size is 16KB [1 file, +1/-21]
d716851d0a net_sched: sch_fq: don't follow the fast path if Tx is behind now [1 file, +6/-0]
b521b53ac6 ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices [1 file, +21/-6]
096bb5b43e ALSA: usb-audio: Fix out of bounds reads when finding clock sources [1 file, +23/-1]
ec56ada623 ext4: supress data-race warnings in ext4_free_inodes_{count,set}() [1 file, +4/-4]
ad34d9c738 ext4: fix FS_IOC_GETFSMAP handling [3 files, +68/-5]
f594a5683a KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR [1 file, +6/-1]
8b6916f4cf KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status [1 file, +0/-1]
d0571c3add KVM: arm64: Don't retire aborted MMIO instruction [1 file, +30/-2]
eabd7ef140 KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE [1 file, +5/-1]
fe425d5239 KVM: arm64: Get rid of userspace_irqchip_in_use [3 files, +4/-19]
46018a04c5 KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* [2 files, +31/-12]
1059f1e5f5 KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device [1 file, +4/-2]
69d2ceac11 PCI: Fix use-after-free of slot->bus on hot remove [1 file, +3/-1]
a6b283526b fsnotify: fix sending inotify event with unexpected filename [1 file, +13/-10]
83af1cfa10 fsnotify: Fix ordering of iput() and watched_objects decrement [1 file, +9/-3]
53bbfa6896 tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler [1 file, +1/-1]
88232a223a locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() [1 file, +1/-1]
a4fc6966d8 fcntl: make F_DUPFD_QUERY associative [1 file, +3/-0]
c500b0cca2 exfat: fix uninit-value in __exfat_get_dentry_set [1 file, +1/-0]
3ddd1cb2b4 exfat: fix out-of-bounds access of directory entries [1 file, +16/-4]
9258c9ed32 xhci: Fix control transfer error on Etron xHCI host [1 file, +14/-0]
218796e95a xhci: Combine two if statements for Etron xHCI host [1 file, +2/-6]
a92cd42097 xhci: Don't perform Soft Retry for Etron xHCI host [1 file, +1/-0]
827f963a0b xhci: Don't issue Reset Device command to Etron xHCI host [3 files, +21/-0]
33209e6f29 Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() [1 file, +6/-4]
2637e8c5fb usb: xhci: Limit Stop Endpoint retries [3 files, +27/-4]
61bce2d8ff usb: xhci: Fix TD invalidation under pending Set TR Dequeue [1 file, +13/-5]
6debdd82c3 usb: xhci: Avoid queuing redundant Stop Endpoint commands [3 files, +29/-4]
13111945c2 Revert "fs: don't block i_writecount during exec" [5 files, +49/-14]
0586f12896 Revert "f2fs: remove unreachable lazytime mount option parsing" [1 file, +10/-0]
ca82b37c47 Revert "usb: gadget: composite: fix OS descriptors w_value logic" [1 file, +15/-3]
d222fd21dd io_uring: fix corner case forgetting to vunmap [1 file, +3/-1]
aaa90844af io_uring: check for overflows in io_pin_pages [1 file, +6/-1]
37c2ca4e89 blk-settings: round down io_opt to physical_block_size [1 file, +7/-0]
97b68bda72 spi: Fix acpi deferred irq probe [1 file, +10/-3]
e881c8f0a7 serial: amba-pl011: Fix RX stall when DMA is used [1 file, +5/-0]
1fae444a61 serial: amba-pl011: fix build regression [1 file, +2/-0]
7baf942326 Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" [2 files, +5/-2]
43375e9bb7 block: Prevent potential deadlock in blk_revalidate_disk_zones() [1 file, +10/-4]
4ef8b6f7c4 ublk: fix ublk_ch_mmap() for 64K page size [1 file, +12/-3]
e4d1f38bc0 arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled [1 file, +1/-1]
8b25c0a165 block: fix missing dispatching request when queue is started or unquiesced [1 file, +2/-0]
2094bd1b52 block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding [1 file, +34/-13]
4170346747 block: fix ordering between checking BLK_MQ_S_STOPPED request adding [2 files, +19/-0]
aeb420ebdf blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long [1 file, +2/-1]
28d4191e19 HID: wacom: Interpret tilt data from Intuos Pro BT as signed values [1 file, +2/-2]
343e3e903c netdev-genl: Hold rcu_read_lock in napi_get [1 file, +2/-0]
df225df839 ALSA: rawmidi: Fix kvfree() call in spinlock [1 file, +3/-1]
0c4c9bf5ea ALSA: pcm: Add sanity NULL check for the default mmap fault handler [1 file, +4/-2]
068aab9564 usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED [1 file, +1/-1]
2f6c3acece usb: dwc3: gadget: Fix checking for number of TRBs left [1 file, +6/-3]
70777a23a5 usb: dwc3: gadget: Fix looping of queued SG entries [1 file, +3/-3]
31e45c09a8 ublk: fix error code for unsupported command [1 file, +1/-1]
9517bc76ff lib: string_helpers: silence snprintf() output truncation warning [1 file, +1/-1]
0a5c8b3fbf f2fs: fix to do sanity check on node blkaddr in truncate_node() [1 file, +10/-0]
e77bce0a8c rtc: check if __rtc_read_time was successful in rtc_timer_do_work() [1 file, +6/-1]
4eaa19c620 nvme/multipath: Fix RCU list traversal to use SRCU primitive [1 file, +14/-7]
9c3d53f113 blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs [2 files, +22/-0]
a6fc2ba1c7 block: model freeze & enter queue as lock for supporting lockdep [5 files, +81/-13]
61092568f2 block: fix uaf for flush rq while iterating tags [2 files, +5/-10]
5e15cc7a1d block: return unsigned int from bdev_io_min [1 file, +1/-1]
5416b76a81 nvme-fabrics: fix kernel crash while shutting down controller [1 file, +5/-0]
d5457349e5 block: Don't allow an atomic write be truncated in blkdev_write_iter() [1 file, +4/-1]
e70c21daad modpost: remove incorrect code in do_eisa_entry() [1 file, +1/-4]
01a853faae block, bfq: fix bfqq uaf in bfq_limit_depth() [1 file, +24/-13]
fbc342372a brd: decrease the number of allocated pages which discarded [1 file, +3/-1]
b12cfcae8a block: always verify unfreeze lock on the owner task [4 files, +61/-10]
6cea47849d block: don't verify IO lock for freeze/unfreeze in elevator_init_mq() [1 file, +8/-2]
Changes in 6.12.2
MAINTAINERS: appoint myself the XFS maintainer for 6.12 LTS
drm/amd/display: Skip Invalid Streams from DSC Policy
drm/amd/display: Fix incorrect DSC recompute trigger
s390/facilities: Fix warning about shadow of global variable
s390/virtio_ccw: Fix dma_parm pointer not set up
efs: fix the efs new mount api implementation
arm64: probes: Disable kprobes/uprobes on MOPS instructions
kselftest/arm64: hwcap: fix f8dp2 cpuinfo name
kselftest/arm64: mte: fix printf type warnings about __u64
kselftest/arm64: mte: fix printf type warnings about longs
block/fs: Pass an iocb to generic_atomic_write_valid()
fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid()
s390/cio: Do not unregister the subchannel based on DNV
s390/pageattr: Implement missing kernel_page_present()
x86/pvh: Call C code via the kernel virtual mapping
brd: defer automatic disk creation until module initialization succeeds
ext4: avoid remount errors with 'abort' mount option
mips: asm: fix warning when disabling MIPS_FP_SUPPORT
s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex
initramfs: avoid filename buffer overrun
arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers
kselftest/arm64: Fix encoding for SVE B16B16 test
nvme-pci: fix freeing of the HMB descriptor table
m68k: mvme147: Fix SCSI controller IRQ numbers
m68k: mvme147: Reinstate early console
arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
loop: fix type of block size
cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter()
cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter()
cachefiles: Fix NULL pointer dereference in object->file
netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
block: take chunk_sectors into account in bio_split_write_zeroes
block: fix bio_split_rw_at to take zone_write_granularity into account
s390/syscalls: Avoid creation of arch/arch/ directory
hfsplus: don't query the device logical block size multiple times
ext4: fix race in buffer_head read fault injection
nvme-pci: reverse request order in nvme_queue_rqs
virtio_blk: reverse request order in virtio_queue_rqs
crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys
crypto: caam - Fix the pointer passed to caam_qi_shutdown()
crypto: qat - remove check after debugfs_create_dir()
crypto: qat/qat_420xx - fix off by one in uof_get_name()
crypto: qat/qat_4xxx - fix off by one in uof_get_name()
firmware: google: Unregister driver_info on failure
EDAC/bluefield: Fix potential integer overflow
crypto: qat - remove faulty arbiter config reset
thermal: core: Initialize thermal zones before registering them
thermal: core: Rearrange PM notification code
thermal: core: Represent suspend-related thermal zone flags as bits
thermal: core: Mark thermal zones as initializing to start with
thermal: core: Fix race between zone registration and system suspend
EDAC/fsl_ddr: Fix bad bit shift operations
EDAC/skx_common: Differentiate memory error sources
EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
crypto: cavium - Fix the if condition to exit loop after timeout
cpufreq/amd-pstate: Don't update CPPC request in amd_pstate_cpu_boost_update()
amd-pstate: Set min_perf to nominal_perf for active mode performance gov
crypto: hisilicon/qm - disable same error report before resetting
EDAC/igen6: Avoid segmentation fault on module unload
crypto: qat - Fix missing destroy_workqueue in adf_init_aer()
crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init()
sched/cpufreq: Ensure sd is rebuilt for EAS check
doc: rcu: update printed dynticks counter bits
rcu/srcutiny: don't return before reenabling preemption
rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
rcu/nocb: Fix missed RCU barrier on deoffloading
hwmon: (pmbus/core) clear faults after setting smbalert mask
hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
ACPI: CPPC: Fix _CPC register setting issue
thermal: testing: Use DEFINE_FREE() and __free() to simplify code
thermal: testing: Initialize some variables annoteded with _free()
crypto: caam - add error check to caam_rsa_set_priv_key_form
crypto: bcm - add error check in the ahash_hmac_init function
crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
rcuscale: Do a proper cleanup if kfree_scale_init() fails
tools/lib/thermal: Make more generic the command encoding function
thermal/lib: Fix memory leak on error in thermal_genl_auto()
x86/unwind/orc: Fix unwind for newly forked tasks
Revert "scripts/faddr2line: Check only two symbols when calculating symbol size"
cleanup: Remove address space of returned pointer
time: Partially revert cleanup on msecs_to_jiffies() documentation
time: Fix references to _msecs_to_jiffies() handling of values
timers: Add missing READ_ONCE() in __run_timer_base()
locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64()
locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu()
kcsan, seqlock: Support seqcount_latch_t
kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
sched/ext: Remove sched_fork() hack
locking/rt: Add sparse annotation PREEMPT_RT's sleeping locks.
rust: helpers: Avoid raw_spin_lock initialization for PREEMPT_RT
clocksource/drivers:sp804: Make user selectable
clocksource/drivers/timer-ti-dm: Fix child node refcount handling
irqchip/riscv-aplic: Prevent crash when MSI domain is missing
regulator: qcom-smd: make smd_vreg_rpm static
spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP
ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash
drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
microblaze: Export xmb_manager functions
arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain
arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy
arm64: dts: mt8195: Fix dtbs_check error for mutex node
arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node
arm64: dts: mediatek: mt8183-kukui: Disable DPI display interface
arm64: dts: mt8183: Add port node to dpi node
soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins
arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges
ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode
mmc: mmc_spi: drop buggy snprintf()
scripts/kernel-doc: Do not track section counter across processed files
arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs
arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs
openrisc: Implement fixmap to fix earlycon
efi/libstub: fix efi_parse_options() ignoring the default command line
tpm: fix signed/unsigned bug when checking event logs
media: i2c: max96717: clean up on error in max96717_subdev_init()
media: i2c: vgxy61: Fix an error handling path in vgxy61_detect()
media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call
arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region
kernel-doc: allow object-like macros in ReST output
arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs
gpio: sloppy-logic-analyzer remove reference to rcu_momentary_dyntick_idle()
arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad
arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status
arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI
Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
cgroup/bpf: only cgroup v2 can be attached by bpf programs
regulator: rk808: Restrict DVS GPIOs to the RK808 variant only
power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF
arm64: tegra: p2180: Add mandatory compatible for WiFi node
arm64: dts: rockchip: Remove 'enable-active-low' from two boards
arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns
arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
arm64: dts: ti: k3-j7200: Fix register map for main domain pmx
arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances
arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances
arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances
watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240
arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers
dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries
of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify
pmdomain: ti-sci: Add missing of_node_put() for args.np
spi: tegra210-quad: Avoid shift-out-of-bounds
spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time
regmap: irq: Set lockdep class for hierarchical IRQ domains
arm64: dts: renesas: hihope: Drop #sound-dai-cells
arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO
arm64: dts: mediatek: mt6358: fix dtbs_check error
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators
selftests/resctrl: Print accurate buffer size as part of MBM results
selftests/resctrl: Fix memory overflow due to unhandled wraparound
selftests/resctrl: Protect against array overrun during iMC config parsing
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
media: ipu6: Fix DMA and physical address debugging messages for 32-bit
media: ipu6: not override the dma_ops of device in driver
media: ipu6: remove architecture DMA ops dependency in Kconfig
pwm: Assume a disabled PWM to emit a constant inactive output
media: atomisp: Add check for rgby_data memory allocation failure
arm64: dts: rockchip: correct analog audio name on Indiedroid Nova
sched_ext: scx_bpf_dispatch_from_dsq_set_*() are allowed from unlocked context
HID: hyperv: streamline driver probe to avoid devres issues
platform/x86: asus-wmi: Fix inconsistent use of thermal policies
platform/x86/intel/pmt: allow user offset for PMT callbacks
platform/x86: panasonic-laptop: Return errno correctly in show callback
drm/imagination: Convert to use time_before macro
drm/imagination: Use pvr_vm_context_get()
drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
drm/vc4: hvs: Don't write gamma luts on 2711
drm/vc4: hdmi: Avoid hang with debug registers when suspended
drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer
drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function
drm/vc4: hvs: Correct logic on stopping an HVS channel
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
drm/omap: Fix possible NULL dereference
drm/omap: Fix locking in omap_gem_new_dmabuf()
drm/v3d: Appease lockdep while updating GPU stats
wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
udmabuf: change folios array from kmalloc to kvmalloc
udmabuf: fix vmap_udmabuf error page set
drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
drm/panel: nt35510: Make new commands optional
drm/v3d: Address race-condition in MMU flush
drm/v3d: Flush the MMU before we supply more memory to the binner
drm/amdgpu: Fix JPEG v4.0.3 register write
wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
wifi: ath12k: Skip Rx TID cleanup for self peer
dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
ASoC: fsl_micfil: fix regmap_write_bits usage
ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module
ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios
drm/bridge: anx7625: Drop EDID cache on bridge power off
drm/bridge: it6505: Drop EDID cache on bridge power off
libbpf: Fix expected_attach_type set handling in program load callback
libbpf: Fix output .symtab byte-order during linking
selftests/bpf: Fix uprobe_multi compilation error
dlm: fix swapped args sb_flags vs sb_status
wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled
ASoC: amd: acp: fix for inconsistent indenting
ASoC: amd: acp: fix for cpu dai index logic
drm/amd/display: fix a memleak issue when driver is removed
wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()
wifi: ath12k: fix one more memcpy size error
libbpf: Add missing per-arch include path
selftests: bpf: Add missing per-arch include path
bpf: Fix the xdp_adjust_tail sample prog issue
selftests/bpf: Fix backtrace printing for selftests crashes
wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR
selftests/bpf: add missing header include for htons
wifi: cfg80211: check radio iface combination for multi radio per wiphy
ice: consistently use q_idx in ice_vc_cfg_qs_msg()
drm/vc4: hdmi: Increase audio MAI fifo dreq threshold
drm/vc4: Introduce generation number enum
drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load
drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush
drm/vc4: Correct generation check in vc4_hvs_lut_load
libbpf: fix sym_is_subprog() logic for weak global subprogs
accel/ivpu: Prevent recovery invocation during probe and resume
ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c
libbpf: never interpret subprogs in .text as entry programs
netdevsim: copy addresses for both in and out paths
drm/bridge: tc358767: Fix link properties discovery
drm/panic: Select ZLIB_DEFLATE for DRM_PANIC_SCREEN_QR_CODE
selftests/bpf: Fix msg_verify_data in test_sockmap
selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
wifi: mwifiex: add missing locking for cfg80211 calls
wifi: wilc1000: Set MAC after operation mode
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
drm: fsl-dcu: enable PIXCLK on LS1021A
drm: panel: nv3052c: correct spi_device_id for RG35XX panel
drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block
drm/msm/dpu: drop LM_3 / LM_4 on SDM845
drm/msm/dpu: drop LM_3 / LM_4 on MSM8998
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c
octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c
selftests/bpf: fix test_spin_lock_fail.c's global vars usage
libbpf: move global data mmap()'ing into bpf_object__load()
wifi: rtw89: rename rtw89_vif to rtw89_vif_link ahead for MLO
wifi: rtw89: rename rtw89_sta to rtw89_sta_link ahead for MLO
wifi: rtw89: read bss_conf corresponding to the link
wifi: rtw89: read link_sta corresponding to the link
wifi: rtw89: refactor VIF related func ahead for MLO
wifi: rtw89: refactor STA related func ahead for MLO
wifi: rtw89: tweak driver architecture for impending MLO support
wifi: rtw89: Fix TX fail with A2DP after scanning
wifi: rtw89: unlock on error path in rtw89_ops_unassign_vif_chanctx()
drm/panfrost: Remove unused id_mask from struct panfrost_model
bpf, arm64: Remove garbage frame for struct_ops trampoline
drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
drm/msm/gpu: Check the status of registration to PM QoS
drm/xe/hdcp: Fix gsc structure check in fw check status
drm/etnaviv: Request pages from DMA32 zone on addressing_limited
drm/etnaviv: hold GPU lock across perfmon sampling
drm/amd/display: Increase idle worker HPD detection time
drm/amd/display: Reduce HPD Detection Interval for IPS
drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
drm: zynqmp_kms: Unplug DRM device before removal
drm: xlnx: zynqmp_disp: layer may be null while releasing
wifi: wfx: Fix error handling in wfx_core_init()
wifi: cw1200: Fix potential NULL dereference
drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
bpf, bpftool: Fix incorrect disasm pc
bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable
drm/vkms: Drop unnecessary call to drm_crtc_cleanup()
drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()
drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'
bpf: Mark raw_tp arguments with PTR_MAYBE_NULL
drm: use ATOMIC64_INIT() for atomic64_t
netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion
netfilter: nf_tables: must hold rcu read lock while iterating expression type list
netfilter: nf_tables: must hold rcu read lock while iterating object type list
netlink: typographical error in nlmsg_type constants definition
wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg()
drm/panfrost: Add missing OPP table refcnt decremental
drm/panthor: introduce job cycle and timestamp accounting
drm/panthor: record current and maximum device clock frequencies
drm/panthor: Fix OPP refcnt leaks in devfreq initialisation
isofs: avoid memory leak in iocharset
selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
selftests/bpf: Fix SENDPAGE data logic in test_sockmap
selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
bpf, sockmap: Several fixes to bpf_msg_push_data
bpf, sockmap: Several fixes to bpf_msg_pop_data
bpf, sockmap: Fix sk_msg_reset_curr
ipv6: release nexthop on device removal
selftests: net: really check for bg process completion
wifi: cfg80211: Remove the Medium Synchronization Delay validity check
wifi: iwlwifi: allow fast resume on ax200
wifi: iwlwifi: mvm: tell iwlmei when we finished suspending
drm/amdgpu: fix ACA bank count boundary check error
drm/amdgpu: Fix map/unmap queue logic
drm/amdkfd: Fix wrong usage of INIT_WORK()
bpf: Allow return values 0 and 1 for kprobe session
bpf: Force uprobe bpf program to always return 0
selftests/bpf: skip the timer_lockup test for single-CPU nodes
ipv6: Fix soft lockups in fib6_select_path under high next hop churn
net: rfkill: gpio: Add check for clk_enable()
Revert "wifi: iwlegacy: do not skip frames with bad FCS"
bpf: Use function pointers count as struct_ops links count
bpf: Add kernel symbol for struct_ops trampoline
ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
ALSA: us122l: Use snd_card_free_when_closed() at disconnection
ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
ALSA: 6fire: Release resources at card release
i2c: dev: Fix memory leak when underlying adapter does not support I2C
selftests: netfilter: Fix missing return values in conntrack_dump_flush
Bluetooth: btintel_pcie: Add handshake between driver and firmware
Bluetooth: btintel: Do no pass vendor events to stack
Bluetooth: btmtk: adjust the position to init iso data anchor
Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name()
Bluetooth: ISO: Use kref to track lifetime of iso_conn
Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending
Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending
Bluetooth: ISO: Send BIG Create Sync via hci_sync
Bluetooth: fix use-after-free in device_for_each_child()
xsk: Free skb when TX metadata options are invalid
erofs: fix file-backed mounts over FUSE
erofs: fix blksize < PAGE_SIZE for file-backed mounts
erofs: handle NONHEAD !delta[1] lclusters gracefully
dlm: fix dlm_recover_members refcount on error
eth: fbnic: don't disable the PCI device twice
net: txgbe: remove GPIO interrupt controller
net: txgbe: fix null pointer to pcs
netpoll: Use rcu_access_pointer() in netpoll_poll_lock
wireguard: selftests: load nf_conntrack if not present
bpf: fix recursive lock when verdict program return SK_PASS
unicode: Fix utf8_load() error path
cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged
RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages
RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset
pinctrl: renesas: rzg2l: Fix missing return in rzg2l_pinctrl_register()
clk: mediatek: drop two dead config options
trace/trace_event_perf: remove duplicate samples on the first tracepoint event
pinctrl: zynqmp: drop excess struct member description
pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC
clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650
iommu/s390: Implement blocking domain
scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset
powerpc/vdso: Flag VDSO64 entry points as functions
mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
mfd: da9052-spi: Change read-mask to write-mask
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication
cpufreq: loongson2: Unregister platform_driver on failure
powerpc/fadump: Refactor and prepare fadump_cma_init for late init
powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()
mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE
mtd: rawnand: atmel: Fix possible memory leak
clk: Allow kunit tests to run without OF_OVERLAY enabled
powerpc/mm/fault: Fix kfence page fault reporting
iommu/tegra241-cmdqv: Staticize cmdqv_debugfs_dir
clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate()
mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP
powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB
RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci
RDMA/hns: Fix flush cqe error when racing with destroy qp
RDMA/hns: Modify debugfs name
RDMA/hns: Use dev_* printings in hem code instead of ibdev_*
RDMA/hns: Fix cpu stuck caused by printings during reset
RDMA/rxe: Fix the qp flush warnings in req
RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset
clk: renesas: rzg2l: Fix FOUTPOSTDIV clk
RDMA/rxe: Set queue pair cur_qp_state when being queried
RDMA/mlx5: Call dev_put() after the blocking notifier
RDMA/core: Implement RoCE GID port rescan and export delete function
RDMA/mlx5: Ensure active slave attachment to the bond IB device
RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation
riscv: kvm: Fix out-of-bounds array access
clk: imx: lpcg-scu: SW workaround for errata (e10858)
clk: imx: fracn-gppll: correct PLL initialization flow
clk: imx: fracn-gppll: fix pll power up
clk: imx: clk-scu: fix clk enable state save and restore
clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains()
iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes()
iommu/vt-d: Fix checks and print in pgtable_walk()
checkpatch: always parse orig_commit in fixes tag
mfd: rt5033: Fix missing regmap_del_irq_chip()
leds: max5970: Fix unreleased fwnode_handle in probe function
leds: ktd2692: Set missing timing properties
fs/proc/kcore.c: fix coccinelle reported ERROR instances
scsi: target: Fix incorrect function name in pscsi_create_type_disk()
scsi: bfa: Fix use-after-free in bfad_im_module_exit()
scsi: fusion: Remove unused variable 'rc'
scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
scsi: sg: Enable runtime power management
x86/tdx: Introduce wrappers to read and write TD metadata
x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()
x86/tdx: Dynamically disable SEPT violations from causing #VEs
powerpc/fadump: allocate memory for additional parameters early
fadump: reserve param area if below boot_mem_top
RDMA/hns: Fix out-of-order issue of requester when setting FENCE
RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
cpufreq: loongson3: Check for error code from devm_mutex_init() call
cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost()
cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power()
kasan: move checks to do_strncpy_from_user
kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL
ocfs2: fix uninitialized value in ocfs2_file_read_iter()
zram: ZRAM_DEF_COMP should depend on ZRAM
iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift
dax: delete a stale directory pmem
KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests
KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells
powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
RDMA/hns: Fix different dgids mapping to the same dip_idx
KVM: PPC: Book3S HV: Fix kmv -> kvm typo
powerpc/kexec: Fix return of uninitialized variable
fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
RDMA/mlx5: Move events notifier registration to be after device registration
clk: clk-apple-nco: Add NULL check in applnco_probe
clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883
clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs
clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration
clk: en7523: move clock_register in hw_init callback
clk: en7523: introduce chip_scu regmap
clk: en7523: fix estimation of fixed rate for EN7581
dt-bindings: clock: axi-clkgen: include AXI clk
clk: clk-axi-clkgen: make sure to enable the AXI bus clock
zram: permit only one post-processing operation at a time
zram: fix NULL pointer in comp_algorithm_show()
RDMA/bnxt_re: Correct the sequence of device suspend
arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw
pinctrl: k210: Undef K210_PC_DEFAULT
rtla/timerlat: Do not set params->user_workload with -U
smb: cached directories can be more than root file handle
mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()
mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
x86: fix off-by-one in access_ok()
perf cs-etm: Don't flush when packet_queue fills up
gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE
gfs2: Allow immediate GLF_VERIFY_DELETE work
gfs2: Fix unlinked inode cleanup
perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC}
dt-bindings: PCI: mediatek-gen3: Allow exact number of clocks only
PCI: Fix reset_method_store() memory leak
perf jevents: Don't stop at the first matched pmu when searching a events table
perf stat: Close cork_fd when create_perf_stat_counter() failed
perf stat: Fix affinity memory leaks on error path
perf trace: Keep exited threads for summary
perf test attr: Add back missing topdown events
rust: rbtree: fix `SAFETY` comments that should be `# Safety` sections
f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks
f2fs: fix null-ptr-deref in f2fs_submit_page_bio()
mailbox, remoteproc: k3-m4+: fix compile testing
f2fs: fix to account dirty data in __get_secs_required()
perf dso: Fix symtab_type for kmod compression
perf disasm: Fix capstone memory leak
perf probe: Fix libdw memory leak
perf probe: Correct demangled symbols in C++ program
rust: kernel: fix THIS_MODULE header path in ThisModule doc comment
rust: macros: fix documentation of the paste! macro
PCI: cpqphp: Fix PCIBIOS_* return value confusion
rust: block: fix formatting of `kernel::block::mq::request` module
perf disasm: Use disasm_line__free() to properly free disasm_line
perf disasm: Fix not cleaning up disasm_line in symbol__disassemble_raw()
virtiofs: use pages instead of pointer for kernel direct IO
perf ftrace latency: Fix unit on histogram first entry when using --use-nsec
i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin
f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
f2fs: check curseg->inited before write_sum_page in change_curseg
f2fs: Fix not used variable 'index'
f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()
f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID
PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported
PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds
perf build: Add missing cflags when building with custom libtraceevent
f2fs: fix race in concurrent f2fs_stop_gc_thread
f2fs: fix to map blocks correctly for direct write
f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode
perf trace: avoid garbage when not printing a trace event's arguments
m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
m68k: coldfire/device.c: only build FEC when HW macros are defined
svcrdma: Address an integer overflow
nfsd: drop inode parameter from nfsd4_change_attribute()
perf list: Fix topic and pmu_name argument order
perf trace: Fix tracing itself, creating feedback loops
perf trace: Do not lose last events in a race
perf trace: Avoid garbage when not printing a syscall's arguments
remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe()
remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe()
remoteproc: qcom: pas: add minidump_id to SM8350 resources
rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
nfsd: release svc_expkey/svc_export with rcu_work
svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
NFSD: Fix nfsd4_shutdown_copy()
nfs_common: must not hold RCU while calling nfsd_file_put_local
f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow
perf bpf-filter: Return -ENOMEM directly when pfi allocation fails
hwmon: (tps23861) Fix reporting of negative temperatures
hwmon: (aquacomputer_d5next) Fix length of speed_input array
phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out()
phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l()
phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll()
phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions
vdpa/mlx5: Fix suboptimal range on iotlb iteration
vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages()
vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data()
selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
gpio: zevio: Add missed label initialisation
vfio/pci: Properly hide first-in-list PCIe extended capability
fs_parser: update mount_api doc to match function signature
LoongArch: Fix build failure with GCC 15 (-std=gnu23)
LoongArch: BPF: Sign-extend return values
power: supply: core: Remove might_sleep() from power_supply_put()
power: supply: bq27xxx: Fix registers of bq27426
power: supply: rt9471: Fix wrong WDT function regfield declaration
power: supply: rt9471: Use IC status regfield to report real charger status
fs/ntfs3: Equivalent transition from page to folio
power: reset: ep93xx: add AUXILIARY_BUS dependency
net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration
net: microchip: vcap: Add typegroup table terminators in kunit tests
netlink: fix false positive warning in extack during dumps
exfat: fix file being changed by unaligned direct write
net/l2tp: fix warning in l2tp_exit_net found by syzbot
s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
rtase: Refactor the rtase_check_mac_version_valid() function
rtase: Correct the speed for RTL907XD-V1
rtase: Corrects error handling of the rtase_check_mac_version_valid()
net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged
net: mdio-ipq4019: add missing error check
marvell: pxa168_eth: fix call balance of pep->clk handling routines
net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
octeontx2-af: RPM: Fix mismatch in lmac type
octeontx2-af: RPM: Fix low network performance
octeontx2-af: RPM: fix stale RSFEC counters
octeontx2-af: RPM: fix stale FCFEC counters
octeontx2-af: Quiesce traffic before NIX block reset
spi: atmel-quadspi: Fix register name in verbose logging function
net: hsr: fix hsr_init_sk() vs network/transport headers.
bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
bnxt_en: Set backplane link modes correctly for ethtool
bnxt_en: Fix queue start to update vnic RSS table
bnxt_en: Fix receive ring space parameters when XDP is active
bnxt_en: Refactor bnxt_ptp_init()
bnxt_en: Unregister PTP during PCI shutdown and suspend
Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
Bluetooth: MGMT: Fix possible deadlocks
llc: Improve setsockopt() handling of malformed user input
rxrpc: Improve setsockopt() handling of malformed user input
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
ip6mr: fix tables suspicious RCU usage
ipmr: fix tables suspicious RCU usage
iio: light: al3010: Fix an error handling path in al3010_probe()
usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
usb: yurex: make waiting on yurex_write interruptible
USB: chaoskey: fail open after removal
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
misc: apds990x: Fix missing pm_runtime_disable()
devres: Fix page faults when tracing devres from unloaded modules
usb: gadget: uvc: wake pump everytime we update the free list
interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency
iio: backend: fix wrong pointer passed to IS_ERR()
iio: adc: ad4000: fix reading unsigned data
iio: adc: ad4000: Check for error code from devm_mutex_init() call
iio: adc: pac1921: Check for error code from devm_mutex_init() call
iio: accel: adxl380: fix raw sample read
phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
counter: stm32-timer-cnt: Add check for clk_enable()
counter: ti-ecap-capture: Add check for clk_enable()
bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian
usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
firmware_loader: Fix possible resource leak in fw_log_firmware_info()
ALSA: hda/realtek: Update ALC256 depop procedure
drm/radeon: Fix spurious unplug event on radeon HDMI
drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
ASoC: imx-audmix: Add NULL check in imx_audmix_probe
drm/xe/ufence: Wake up waiters after setting ufence->signalled
apparmor: fix 'Do simple duplicate message elimination'
ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()
ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe
s390/pci: Fix potential double remove of hotplug slot
f2fs: fix fiemap failure issue when page size is 16KB
net_sched: sch_fq: don't follow the fast path if Tx is behind now
xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
usb: ehci-spear: fix call balance of sehci clk handling routines
usb: typec: ucsi: glink: fix off-by-one in connector_status
xfs: fix simplify extent lookup in xfs_can_free_eofblocks
ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
ext4: fix FS_IOC_GETFSMAP handling
MAINTAINERS: update location of media main tree
docs: media: update location of the media patches
jfs: xattr: check invalid xattr size more strictly
ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00
ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
ASoC: da7213: Populate max_register to regmap_config
perf/x86/intel/pt: Fix buffer full but size is 0 case
crypto: x86/aegis128 - access 32-bit arguments as 32-bit
KVM: x86: switch hugepage recovery thread to vhost_task
KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE
KVM: x86: add back X86_LOCAL_APIC dependency
KVM: x86: Break CONFIG_KVM_X86's direct dependency on KVM_INTEL || KVM_AMD
powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR
KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()"
KVM: arm64: Don't retire aborted MMIO instruction
KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
KVM: arm64: Get rid of userspace_irqchip_in_use
KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
Compiler Attributes: disable __counted_by for clang < 19.1.3
PCI: Fix use-after-free of slot->bus on hot remove
LoongArch: Explicitly specify code model in Makefile
clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider
clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access
fsnotify: fix sending inotify event with unexpected filename
fsnotify: Fix ordering of iput() and watched_objects decrement
comedi: Flush partial mappings in error case
apparmor: test: Fix memory leak for aa_unpack_strdup()
iio: dac: adi-axi-dac: fix wrong register bitfield
tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
tools/nolibc: s390: include std.h
fcntl: make F_DUPFD_QUERY associative
pinctrl: qcom: spmi: fix debugfs drive strength
dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks
dt-bindings: iio: dac: ad3552r: fix maximum spi speed
exfat: fix uninit-value in __exfat_get_dentry_set
exfat: fix out-of-bounds access of directory entries
xhci: Fix control transfer error on Etron xHCI host
xhci: Combine two if statements for Etron xHCI host
xhci: Don't perform Soft Retry for Etron xHCI host
xhci: Don't issue Reset Device command to Etron xHCI host
Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
usb: xhci: Limit Stop Endpoint retries
usb: xhci: Fix TD invalidation under pending Set TR Dequeue
usb: xhci: Avoid queuing redundant Stop Endpoint commands
ARM: dts: omap36xx: declare 1GHz OPP as turbo again
wifi: ath12k: fix warning when unbinding
wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures
wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan
wifi: ath12k: fix crash when unbinding
wifi: brcmfmac: release 'root' node in all execution paths
Revert "fs: don't block i_writecount during exec"
Revert "f2fs: remove unreachable lazytime mount option parsing"
Revert "usb: gadget: composite: fix OS descriptors w_value logic"
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
io_uring: fix corner case forgetting to vunmap
io_uring: check for overflows in io_pin_pages
blk-settings: round down io_opt to physical_block_size
gpio: exar: set value when external pull-up or pull-down is present
netfilter: ipset: add missing range check in bitmap_ip_uadt
spi: Fix acpi deferred irq probe
mtd: spi-nor: core: replace dummy buswidth from addr to data
cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
cifs: support mounting with alternate password to allow password rotation
parisc/ftrace: Fix function graph tracing disablement
RISC-V: Scalar unaligned access emulated on hotplug CPUs
RISC-V: Check scalar unaligned access on all CPUs
ksmbd: fix use-after-free in SMB request handling
smb: client: fix NULL ptr deref in crypto_aead_setkey()
platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain
x86/CPU/AMD: Terminate the erratum_1386_microcode array
ubi: wl: Put source PEB into correct list if trying locking LEB failed
um: ubd: Do not use drvdata in release
um: net: Do not use drvdata in release
dt-bindings: serial: rs485: Fix rs485-rts-delay property
serial: 8250_fintek: Add support for F81216E
serial: 8250: omap: Move pm_runtime_get_sync
serial: amba-pl011: Fix RX stall when DMA is used
serial: amba-pl011: fix build regression
Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()"
mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode()
block: Prevent potential deadlock in blk_revalidate_disk_zones()
um: vector: Do not use drvdata in release
sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
iio: gts: Fix uninitialized symbol 'ret'
ublk: fix ublk_ch_mmap() for 64K page size
arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
block: fix missing dispatching request when queue is started or unquiesced
block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding
block: fix ordering between checking BLK_MQ_S_STOPPED request adding
blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long
gve: Flow steering trigger reset only for timeout error
HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
i40e: Fix handling changed priv flags
media: wl128x: Fix atomicity violation in fmc_send_cmd()
media: intel/ipu6: do not handle interrupts when device is disabled
arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes
netdev-genl: Hold rcu_read_lock in napi_get
soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure
soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
x86/mm: Carve out INVLPG inline asm for use by others
x86/microcode/AMD: Flush patch buffer mapping after application
ALSA: rawmidi: Fix kvfree() call in spinlock
ALSA: ump: Fix evaluation of MIDI 1.0 FB info
ALSA: pcm: Add sanity NULL check for the default mmap fault handler
ALSA: hda/realtek: Update ALC225 depop procedure
ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform
ALSA: hda/realtek: Set PCBeep to default value for ALC274
ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i
ALSA: hda/realtek: Apply quirk for Medion E15433
fs/smb/client: implement chmod() for SMB3 POSIX Extensions
smb: client: fix use-after-free of signing key
smb3: request handle caching when caching directories
smb: client: handle max length for SMB symlinks
smb: Don't leak cfid when reconnect races with open_cached_dir
smb: prevent use-after-free due to open_cached_dir error paths
smb: During unmount, ensure all cached dir instances drop their dentry
usb: misc: ljca: set small runtime autosuspend delay
usb: misc: ljca: move usb_autopm_put_interface() after wait for response
usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED
usb: musb: Fix hardware lockup on first Rx endpoint request
usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic
usb: dwc3: gadget: Fix checking for number of TRBs left
usb: dwc3: gadget: Fix looping of queued SG entries
staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node
counter: stm32-timer-cnt: fix device_node handling in probe_encoder()
ublk: fix error code for unsupported command
lib: string_helpers: silence snprintf() output truncation warning
f2fs: fix to do sanity check on node blkaddr in truncate_node()
ipc: fix memleak if msg_init_ns failed in create_ipc_ns
Input: cs40l50 - fix wrong usage of INIT_WORK()
NFSD: Prevent a potential integer overflow
SUNRPC: make sure cache entry active before cache_show
um: Fix potential integer overflow during physmem setup
um: Fix the return value of elf_core_copy_task_fpregs
kfifo: don't include dma-mapping.h in kfifo.h
um: ubd: Initialize ubd's disk pointer in ubd_add
um: Always dump trace for specified task in show_stack
NFSv4.0: Fix a use-after-free problem in the asynchronous open()
nfs/localio: must clear res.replen in nfs_local_read_done
rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
rtc: abx80x: Fix WDT bit position of the status register
rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty
ubifs: Correct the total block count by deducting journal reservation
ubi: fastmap: Fix duplicate slab cache names while attaching
ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
jffs2: fix use of uninitialized variable
hostfs: Fix the NULL vs IS_ERR() bug for __filemap_get_folio()
net/9p/usbg: fix handling of the failed kzalloc() memory allocation
rtc: rzn1: fix BCD to rtc_time conversion errors
Revert "nfs: don't reuse partially completed requests in nfs_lock_and_join_requests"
nvme/multipath: Fix RCU list traversal to use SRCU primitive
blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs
block: model freeze & enter queue as lock for supporting lockdep
block: fix uaf for flush rq while iterating tags
block: return unsigned int from bdev_io_min
nvme-fabrics: fix kernel crash while shutting down controller
9p/xen: fix init sequence
9p/xen: fix release of IRQ
perf/arm-smmuv3: Fix lockdep assert in ->event_init()
perf/arm-cmn: Ensure port and device id bits are set properly
smb: client: disable directory caching when dir_cache_timeout is zero
x86/Documentation: Update algo in init_size description of boot protocol
cifs: Fix parsing native symlinks relative to the export
cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session
rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
Rename .data.unlikely to .data..unlikely
Rename .data.once to .data..once to fix resetting WARN*_ONCE
kbuild: deb-pkg: Don't fail if modules.order is missing
smb: Initialize cfid->tcon before performing network ops
block: Don't allow an atomic write be truncated in blkdev_write_iter()
modpost: remove incorrect code in do_eisa_entry()
cifs: during remount, make sure passwords are in sync
cifs: unlock on error in smb3_reconfigure()
nfs: ignore SB_RDONLY when mounting nfs
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT
sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
nfs/blocklayout: Don't attempt unregister for invalid block device
nfs/blocklayout: Limit repeat device registration on failure
block, bfq: fix bfqq uaf in bfq_limit_depth()
brd: decrease the number of allocated pages which discarded
sh: intc: Fix use-after-free bug in register_intc_controller()
tools/power turbostat: Fix trailing '\n' parsing
tools/power turbostat: Fix child's argument forwarding
block: always verify unfreeze lock on the owner task
block: don't verify IO lock for freeze/unfreeze in elevator_init_mq()
Linux 6.12.2
Change-Id: Ifebddb35b5a6a6ff2a65eb795a912633639aca9a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 3b832035387ff508fdcf0fba66701afc78f79e3d upstream.
This reverts commit 2a010c4128.
Rui Ueyama <rui314@gmail.com> writes:
> I'm the creator and the maintainer of the mold linker
> (https://github.com/rui314/mold). Recently, we discovered that mold
> started causing process crashes in certain situations due to a change
> in the Linux kernel. Here are the details:
>
> - In general, overwriting an existing file is much faster than
> creating an empty file and writing to it on Linux, so mold attempts to
> reuse an existing executable file if it exists.
>
> - If a program is running, opening the executable file for writing
> previously failed with ETXTBSY. If that happens, mold falls back to
> creating a new file.
>
> - However, the Linux kernel recently changed the behavior so that
> writing to an executable file is now always permitted
> (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2a010c412853).
>
> That caused mold to write to an executable file even if there's a
> process running that file. Since changes to mmap'ed files are
> immediately visible to other processes, any processes running that
> file would almost certainly crash in a very mysterious way.
> Identifying the cause of these random crashes took us a few days.
>
> Rejecting writes to an executable file that is currently running is a
> well-known behavior, and Linux had operated that way for a very long
> time. So, I don’t believe relying on this behavior was our mistake;
> rather, I see this as a regression in the Linux kernel.
Quoting myself from commit 2a010c4128 ("fs: don't block i_writecount during exec")
> Yes, someone in userspace could potentially be relying on this. It's not
> completely out of the realm of possibility but let's find out if that's
> actually the case and not guess.
It seems we found out that someone is relying on this obscure behavior.
So revert the change.
Link: https://github.com/rui314/mold/issues/1361
Link: https://lore.kernel.org/r/4a2bc207-76be-4715-8e12-7fc45a76a125@leemhuis.info
Cc: <stable@vger.kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
android_rvh_set_task_comm:
To record vendor-specific task comm's change.
We need to know the name changes of specific tasks so that
we can notify the user layer of the pids of these tasks,
and then the user layer can set some attributes of the tasks
based on the names, such as priority scheduling, priority, etc.
Since the user layer is notified through netlink, and netlink may
cause blocking actions when sending messages, it's non-atomic context,
so set the hook be restricted.
Bug: 381487678
Change-Id: Ica30c123be339a7ef29c727bfaa7513efced5bd1
Signed-off-by: Xuewen Yan <xuewen.yan@unisoc.com>
Steps on the way to 6.12-rc1
Bug: 367265496
Change-Id: Ia778d96b2e701765c170e2f4e920e850ceedec0e
Signed-off-by: Matthias Maennich <maennich@google.com>
Steps on the way to 6.12-rc1
Bug: 367265496
Change-Id: I8208eaedc88c8d4b116383ce2b20692e8a0b8ca8
Signed-off-by: Matthias Maennich <maennich@google.com>
Steps on the way to 6.12-rc1
Bug: 367265496
Change-Id: I37a904f83857c7847142c7273b3c2771b5125cfc
Signed-off-by: Matthias Maennich <maennich@google.com>
Pull MM updates from Andrew Morton:
"Along with the usual shower of singleton patches, notable patch series
in this pull request are:
- "Align kvrealloc() with krealloc()" from Danilo Krummrich. Adds
consistency to the APIs and behaviour of these two core allocation
functions. This also simplifies/enables Rustification.
- "Some cleanups for shmem" from Baolin Wang. No functional changes -
mode code reuse, better function naming, logic simplifications.
- "mm: some small page fault cleanups" from Josef Bacik. No
functional changes - code cleanups only.
- "Various memory tiering fixes" from Zi Yan. A small fix and a
little cleanup.
- "mm/swap: remove boilerplate" from Yu Zhao. Code cleanups and
simplifications and .text shrinkage.
- "Kernel stack usage histogram" from Pasha Tatashin and Shakeel
Butt. This is a feature, it adds new feilds to /proc/vmstat such as
$ grep kstack /proc/vmstat
kstack_1k 3
kstack_2k 188
kstack_4k 11391
kstack_8k 243
kstack_16k 0
which tells us that 11391 processes used 4k of stack while none at
all used 16k. Useful for some system tuning things, but
partivularly useful for "the dynamic kernel stack project".
- "kmemleak: support for percpu memory leak detect" from Pavel
Tikhomirov. Teaches kmemleak to detect leaksage of percpu memory.
- "mm: memcg: page counters optimizations" from Roman Gushchin. "3
independent small optimizations of page counters".
- "mm: split PTE/PMD PT table Kconfig cleanups+clarifications" from
David Hildenbrand. Improves PTE/PMD splitlock detection, makes
powerpc/8xx work correctly by design rather than by accident.
- "mm: remove arch_make_page_accessible()" from David Hildenbrand.
Some folio conversions which make arch_make_page_accessible()
unneeded.
- "mm, memcg: cg2 memory{.swap,}.peak write handlers" fro David
Finkel. Cleans up and fixes our handling of the resetting of the
cgroup/process peak-memory-use detector.
- "Make core VMA operations internal and testable" from Lorenzo
Stoakes. Rationalizaion and encapsulation of the VMA manipulation
APIs. With a view to better enable testing of the VMA functions,
even from a userspace-only harness.
- "mm: zswap: fixes for global shrinker" from Takero Funaki. Fix
issues in the zswap global shrinker, resulting in improved
performance.
- "mm: print the promo watermark in zoneinfo" from Kaiyang Zhao. Fill
in some missing info in /proc/zoneinfo.
- "mm: replace follow_page() by folio_walk" from David Hildenbrand.
Code cleanups and rationalizations (conversion to folio_walk())
resulting in the removal of follow_page().
- "improving dynamic zswap shrinker protection scheme" from Nhat
Pham. Some tuning to improve zswap's dynamic shrinker. Significant
reductions in swapin and improvements in performance are shown.
- "mm: Fix several issues with unaccepted memory" from Kirill
Shutemov. Improvements to the new unaccepted memory feature,
- "mm/mprotect: Fix dax puds" from Peter Xu. Implements mprotect on
DAX PUDs. This was missing, although nobody seems to have notied
yet.
- "Introduce a store type enum for the Maple tree" from Sidhartha
Kumar. Cleanups and modest performance improvements for the maple
tree library code.
- "memcg: further decouple v1 code from v2" from Shakeel Butt. Move
more cgroup v1 remnants away from the v2 memcg code.
- "memcg: initiate deprecation of v1 features" from Shakeel Butt.
Adds various warnings telling users that memcg v1 features are
deprecated.
- "mm: swap: mTHP swap allocator base on swap cluster order" from
Chris Li. Greatly improves the success rate of the mTHP swap
allocation.
- "mm: introduce numa_memblks" from Mike Rapoport. Moves various
disparate per-arch implementations of numa_memblk code into generic
code.
- "mm: batch free swaps for zap_pte_range()" from Barry Song. Greatly
improves the performance of munmap() of swap-filled ptes.
- "support large folio swap-out and swap-in for shmem" from Baolin
Wang. With this series we no longer split shmem large folios into
simgle-page folios when swapping out shmem.
- "mm/hugetlb: alloc/free gigantic folios" from Yu Zhao. Nice
performance improvements and code reductions for gigantic folios.
- "support shmem mTHP collapse" from Baolin Wang. Adds support for
khugepaged's collapsing of shmem mTHP folios.
- "mm: Optimize mseal checks" from Pedro Falcato. Fixes an mprotect()
performance regression due to the addition of mseal().
- "Increase the number of bits available in page_type" from Matthew
Wilcox. Increases the number of bits available in page_type!
- "Simplify the page flags a little" from Matthew Wilcox. Many legacy
page flags are now folio flags, so the page-based flags and their
accessors/mutators can be removed.
- "mm: store zero pages to be swapped out in a bitmap" from Usama
Arif. An optimization which permits us to avoid writing/reading
zero-filled zswap pages to backing store.
- "Avoid MAP_FIXED gap exposure" from Liam Howlett. Fixes a race
window which occurs when a MAP_FIXED operqtion is occurring during
an unrelated vma tree walk.
- "mm: remove vma_merge()" from Lorenzo Stoakes. Major rotorooting of
the vma_merge() functionality, making ot cleaner, more testable and
better tested.
- "misc fixups for DAMON {self,kunit} tests" from SeongJae Park.
Minor fixups of DAMON selftests and kunit tests.
- "mm: memory_hotplug: improve do_migrate_range()" from Kefeng Wang.
Code cleanups and folio conversions.
- "Shmem mTHP controls and stats improvements" from Ryan Roberts.
Cleanups for shmem controls and stats.
- "mm: count the number of anonymous THPs per size" from Barry Song.
Expose additional anon THP stats to userspace for improved tuning.
- "mm: finish isolate/putback_lru_page()" from Kefeng Wang: more
folio conversions and removal of now-unused page-based APIs.
- "replace per-quota region priorities histogram buffer with
per-context one" from SeongJae Park. DAMON histogram
rationalization.
- "Docs/damon: update GitHub repo URLs and maintainer-profile" from
SeongJae Park. DAMON documentation updates.
- "mm/vdpa: correct misuse of non-direct-reclaim __GFP_NOFAIL and
improve related doc and warn" from Jason Wang: fixes usage of page
allocator __GFP_NOFAIL and GFP_ATOMIC flags.
- "mm: split underused THPs" from Yu Zhao. Improve THP=always policy.
This was overprovisioning THPs in sparsely accessed memory areas.
- "zram: introduce custom comp backends API" frm Sergey Senozhatsky.
Add support for zram run-time compression algorithm tuning.
- "mm: Care about shadow stack guard gap when getting an unmapped
area" from Mark Brown. Fix up the various arch_get_unmapped_area()
implementations to better respect guard areas.
- "Improve mem_cgroup_iter()" from Kinsey Ho. Improve the reliability
of mem_cgroup_iter() and various code cleanups.
- "mm: Support huge pfnmaps" from Peter Xu. Extends the usage of huge
pfnmap support.
- "resource: Fix region_intersects() vs add_memory_driver_managed()"
from Huang Ying. Fix a bug in region_intersects() for systems with
CXL memory.
- "mm: hwpoison: two more poison recovery" from Kefeng Wang. Teaches
a couple more code paths to correctly recover from the encountering
of poisoned memry.
- "mm: enable large folios swap-in support" from Barry Song. Support
the swapin of mTHP memory into appropriately-sized folios, rather
than into single-page folios"
* tag 'mm-stable-2024-09-20-02-31' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (416 commits)
zram: free secondary algorithms names
uprobes: turn xol_area->pages[2] into xol_area->page
uprobes: introduce the global struct vm_special_mapping xol_mapping
Revert "uprobes: use vm_special_mapping close() functionality"
mm: support large folios swap-in for sync io devices
mm: add nr argument in mem_cgroup_swapin_uncharge_swap() helper to support large folios
mm: fix swap_read_folio_zeromap() for large folios with partial zeromap
mm/debug_vm_pgtable: Use pxdp_get() for accessing page table entries
set_memory: add __must_check to generic stubs
mm/vma: return the exact errno in vms_gather_munmap_vmas()
memcg: cleanup with !CONFIG_MEMCG_V1
mm/show_mem.c: report alloc tags in human readable units
mm: support poison recovery from copy_present_page()
mm: support poison recovery from do_cow_fault()
resource, kunit: add test case for region_intersects()
resource: make alloc_free_mem_region() works for iomem_resource
mm: z3fold: deprecate CONFIG_Z3FOLD
vfio/pci: implement huge_fault support
mm/arm64: support large pfn mappings
mm/x86: support large pfn mappings
...
Pull parisc architecture updates from Helge Deller:
- On parisc we now use the generic clockevent framework for timekeeping
- Although there is no 64-bit glibc/userspace for parisc yet, for
testing purposes one can run statically linked 64-bit binaries. This
patchset contains two patches which fix 64-bit userspace which has
been broken since kernel 4.19
- Fix the userspace stack position and size when the ADDR_NO_RANDOMIZE
personality is enabled
- On other architectures mmap(MAP_GROWSDOWN | MAP_STACK) creates a
downward-growing stack. On parisc mmap(MAP_STACK) is now sufficient
to create an upward-growing stack
* tag 'parisc-for-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Allow mmap(MAP_STACK) memory to automatically expand upwards
parisc: Use PRIV_USER instead of hardcoded value
parisc: Fix itlb miss handler for 64-bit programs
parisc: Fix 64-bit userspace syscall path
parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
parisc: Convert to generic clockevents
parisc: pdc_stable: Constify struct kobj_type
Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact
of the previous implementation. They used to legitimately check for the
condition, but that got moved up in two commits:
633fb6ac39 ("exec: move S_ISREG() check earlier")
0fd338b2d2 ("exec: move path_noexec() check earlier")
Instead of being removed said checks are WARN_ON'ed instead, which
has some debug value.
However, the spurious path_noexec check is racy, resulting in
unwarranted warnings should someone race with setting the noexec flag.
One can note there is more to perm-checking whether execve is allowed
and none of the conditions are guaranteed to still hold after they were
tested for.
Additionally this does not validate whether the code path did any perm
checking to begin with -- it will pass if the inode happens to be
regular.
Keep the redundant path_noexec() check even though it's mindless
nonsense checking for guarantee that isn't given so drop the WARN.
Reword the commentary and do small tidy ups while here.
Signed-off-by: Mateusz Guzik <mjguzik@gmail.com>
Link: https://lore.kernel.org/r/20240805131721.765484-1-mjguzik@gmail.com
[brauner: keep redundant path_noexec() check]
Signed-off-by: Christian Brauner <brauner@kernel.org>
When opening a file for exec via do_filp_open(), permission checking is
done against the file's metadata at that moment, and on success, a file
pointer is passed back. Much later in the execve() code path, the file
metadata (specifically mode, uid, and gid) is used to determine if/how
to set the uid and gid. However, those values may have changed since the
permissions check, meaning the execution may gain unintended privileges.
For example, if a file could change permissions from executable and not
set-id:
---------x 1 root root 16048 Aug 7 13:16 target
to set-id and non-executable:
---S------ 1 root root 16048 Aug 7 13:16 target
it is possible to gain root privileges when execution should have been
disallowed.
While this race condition is rare in real-world scenarios, it has been
observed (and proven exploitable) when package managers are updating
the setuid bits of installed programs. Such files start with being
world-executable but then are adjusted to be group-exec with a set-uid
bit. For example, "chmod o-x,u+s target" makes "target" executable only
by uid "root" and gid "cdrom", while also becoming setuid-root:
-rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target
becomes:
-rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target
But racing the chmod means users without group "cdrom" membership can
get the permission to execute "target" just before the chmod, and when
the chmod finishes, the exec reaches brpm_fill_uid(), and performs the
setuid to root, violating the expressed authorization of "only cdrom
group members can setuid to root".
Re-check that we still have execute permissions in case the metadata
has changed. It would be better to keep a copy from the perm-check time,
but until we can do that refactoring, the least-bad option is to do a
full inode_permission() call (under inode lock). It is understood that
this is safe against dead-locks, but hardly optimal.
Reported-by: Marco Vanotti <mvanotti@google.com>
Tested-by: Marco Vanotti <mvanotti@google.com>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Signed-off-by: Kees Cook <kees@kernel.org>
This reverts commit 2a010c4128.
Works around some breaking LTP tests which should be removed.
Bug: 358030023
Change-Id: I22ebfee74ea05beacb7f006adc256e7b49a786a7
Signed-off-by: Lee Jones <joneslee@google.com>
const qualify the struct ctl_table argument in the proc_handler function
signatures. This is a prerequisite to moving the static ctl_table
structs into .rodata data which will ensure that proc_handler function
pointers cannot be modified.
This patch has been generated by the following coccinelle script:
```
virtual patch
@r1@
identifier ctl, write, buffer, lenp, ppos;
identifier func !~ "appldata_(timer|interval)_handler|sched_(rt|rr)_handler|rds_tcp_skbuf_handler|proc_sctp_do_(hmac_alg|rto_min|rto_max|udp_port|alpha_beta|auth|probe_interval)";
@@
int func(
- struct ctl_table *ctl
+ const struct ctl_table *ctl
,int write, void *buffer, size_t *lenp, loff_t *ppos);
@r2@
identifier func, ctl, write, buffer, lenp, ppos;
@@
int func(
- struct ctl_table *ctl
+ const struct ctl_table *ctl
,int write, void *buffer, size_t *lenp, loff_t *ppos)
{ ... }
@r3@
identifier func;
@@
int func(
- struct ctl_table *
+ const struct ctl_table *
,int , void *, size_t *, loff_t *);
@r4@
identifier func, ctl;
@@
int func(
- struct ctl_table *ctl
+ const struct ctl_table *ctl
,int , void *, size_t *, loff_t *);
@r5@
identifier func, write, buffer, lenp, ppos;
@@
int func(
- struct ctl_table *
+ const struct ctl_table *
,int write, void *buffer, size_t *lenp, loff_t *ppos);
```
* Code formatting was adjusted in xfs_sysctl.c to comply with code
conventions. The xfs_stats_clear_proc_handler,
xfs_panic_mask_proc_handler and xfs_deprecated_dointvec_minmax where
adjusted.
* The ctl_table argument in proc_watchdog_common was const qualified.
This is called from a proc_handler itself and is calling back into
another proc_handler, making it necessary to change it as part of the
proc_handler migration.
Co-developed-by: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Co-developed-by: Joel Granados <j.granados@samsung.com>
Signed-off-by: Joel Granados <j.granados@samsung.com>
Pull execve fix from Kees Cook:
"This moves the exec and binfmt_elf tests out of your way and into the
tests/ subdirectory, following the newly ratified KUnit naming
conventions. :)"
* tag 'execve-v6.11-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
execve: Move KUnit tests to tests/ subdirectory
Pull execve updates from Kees Cook:
- Use value of kernel.randomize_va_space once per exec (Alexey
Dobriyan)
- Honor PT_LOAD alignment for static PIE
- Make bprm->argmin only visible under CONFIG_MMU
- Add KUnit testing of bprm_stack_limits()
* tag 'execve-v6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
exec: Avoid pathological argc, envc, and bprm->p values
execve: Keep bprm->argmin behind CONFIG_MMU
ELF: fix kernel.randomize_va_space double read
exec: Add KUnit test for bprm_stack_limits()
binfmt_elf: Honor PT_LOAD alignment for static PIE
binfmt_elf: Calculate total_size earlier
selftests/exec: Build both static and non-static load_address tests
Make sure nothing goes wrong with the string counters or the bprm's
belief about the stack pointer. Add checks and matching self-tests.
Take special care for !CONFIG_MMU, since argmin is not exposed there.
For 32-bit validation, 32-bit UML was used:
$ tools/testing/kunit/kunit.py run \
--make_options CROSS_COMPILE=i686-linux-gnu- \
--make_options SUBARCH=i386 \
exec
For !MMU validation, m68k was used:
$ tools/testing/kunit/kunit.py run \
--arch m68k --make_option CROSS_COMPILE=m68k-linux-gnu- \
exec
Link: https://lore.kernel.org/r/20240520021615.741800-2-keescook@chromium.org
Link: https://lore.kernel.org/r/20240621205046.4001362-2-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
Back in 2021 we already discussed removing deny_write_access() for
executables. Back then I was hesistant because I thought that this might
cause issues in userspace. But even back then I had started taking some
notes on what could potentially depend on this and I didn't come up with
a lot so I've changed my mind and I would like to try this.
Here are some of the notes that I took:
(1) The deny_write_access() mechanism is causing really pointless issues
such as [1]. If a thread in a thread-group opens a file writable,
then writes some stuff, then closing the file descriptor and then
calling execve() they can fail the execve() with ETXTBUSY because
another thread in the thread-group could have concurrently called
fork(). Multi-threaded libraries such as go suffer from this.
(2) There are userspace attacks that rely on overwriting the binary of a
running process. These attacks are _mitigated_ but _not at all
prevented_ from ocurring by the deny_write_access() mechanism.
I'll go over some details. The clearest example of such attacks was
the attack against runC in CVE-2019-5736 (cf. [3]).
An attack could compromise the runC host binary from inside a
_privileged_ runC container. The malicious binary could then be used
to take over the host.
(It is crucial to note that this attack is _not_ possible with
unprivileged containers. IOW, the setup here is already insecure.)
The attack can be made when attaching to a running container or when
starting a container running a specially crafted image. For example,
when runC attaches to a container the attacker can trick it into
executing itself.
This could be done by replacing the target binary inside the
container with a custom binary pointing back at the runC binary
itself. As an example, if the target binary was /bin/bash, this
could be replaced with an executable script specifying the
interpreter path #!/proc/self/exe.
As such when /bin/bash is executed inside the container, instead the
target of /proc/self/exe will be executed. That magic link will
point to the runc binary on the host. The attacker can then proceed
to write to the target of /proc/self/exe to try and overwrite the
runC binary on the host.
However, this will not succeed because of deny_write_access(). Now,
one might think that this would prevent the attack but it doesn't.
To overcome this, the attacker has multiple ways:
* Open a file descriptor to /proc/self/exe using the O_PATH flag and
then proceed to reopen the binary as O_WRONLY through
/proc/self/fd/<nr> and try to write to it in a busy loop from a
separate process. Ultimately it will succeed when the runC binary
exits. After this the runC binary is compromised and can be used
to attack other containers or the host itself.
* Use a malicious shared library annotating a function in there with
the constructor attribute making the malicious function run as an
initializor. The malicious library will then open /proc/self/exe
for creating a new entry under /proc/self/fd/<nr>. It'll then call
exec to a) force runC to exit and b) hand the file descriptor off
to a program that then reopens /proc/self/fd/<nr> for writing
(which is now possible because runC has exited) and overwriting
that binary.
To sum up: the deny_write_access() mechanism doesn't prevent such
attacks in insecure setups. It just makes them minimally harder.
That's all.
The only way back then to prevent this is to create a temporary copy
of the calling binary itself when it starts or attaches to
containers. So what I did back then for LXC (and Aleksa for runC)
was to create an anonymous, in-memory file using the memfd_create()
system call and to copy itself into the temporary in-memory file,
which is then sealed to prevent further modifications. This sealed,
in-memory file copy is then executed instead of the original on-disk
binary.
Any compromising write operations from a privileged container to the
host binary will then write to the temporary in-memory binary and
not to the host binary on-disk, preserving the integrity of the host
binary. Also as the temporary, in-memory binary is sealed, writes to
this will also fail.
The point is that deny_write_access() is uselss to prevent these
attacks.
(3) Denying write access to an inode because it's currently used in an
exec path could easily be done on an LSM level. It might need an
additional hook but that should be about it.
(4) The MAP_DENYWRITE flag for mmap() has been deprecated a long time
ago so while we do protect the main executable the bigger portion of
the things you'd think need protecting such as the shared libraries
aren't. IOW, we let anyone happily overwrite shared libraries.
(5) We removed all remaining uses of VM_DENYWRITE in [2]. That means:
(5.1) We removed the legacy uselib() protection for preventing
overwriting of shared libraries. Nobody cared in 3 years.
(5.2) We allow write access to the elf interpreter after exec
completed treating it on a par with shared libraries.
Yes, someone in userspace could potentially be relying on this. It's not
completely out of the realm of possibility but let's find out if that's
actually the case and not guess.
Link: https://github.com/golang/go/issues/22315 [1]
Link: 49624efa65 ("Merge tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux") [2]
Link: https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736 [3]
Link: https://lwn.net/Articles/866493
Link: https://github.com/golang/go/issues/22220
Link: 5bf8c0cf09/src/cmd/go/internal/work/buildid.go (L724)
Link: 5bf8c0cf09/src/cmd/go/internal/work/exec.go (L1493)
Link: 5bf8c0cf09/src/cmd/go/internal/script/cmds.go (L457)
Link: 5bf8c0cf09/src/cmd/go/internal/test/test.go (L1557)
Link: 5bf8c0cf09/src/os/exec/lp_linux_test.go (L61)
Link: https://github.com/buildkite/agent/pull/2736
Link: https://github.com/rust-lang/rust/issues/114554
Link: https://bugs.openjdk.org/browse/JDK-8068370
Link: https://github.com/dotnet/runtime/issues/58964
Link: https://lore.kernel.org/r/20240531-vfs-i_writecount-v1-1-a17bea7ee36b@kernel.org
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Pull mm updates from Andrew Morton:
"The usual shower of singleton fixes and minor series all over MM,
documented (hopefully adequately) in the respective changelogs.
Notable series include:
- Lucas Stach has provided some page-mapping cleanup/consolidation/
maintainability work in the series "mm/treewide: Remove pXd_huge()
API".
- In the series "Allow migrate on protnone reference with
MPOL_PREFERRED_MANY policy", Donet Tom has optimized mempolicy's
MPOL_PREFERRED_MANY mode, yielding almost doubled performance in
one test.
- In their series "Memory allocation profiling" Kent Overstreet and
Suren Baghdasaryan have contributed a means of determining (via
/proc/allocinfo) whereabouts in the kernel memory is being
allocated: number of calls and amount of memory.
- Matthew Wilcox has provided the series "Various significant MM
patches" which does a number of rather unrelated things, but in
largely similar code sites.
- In his series "mm: page_alloc: freelist migratetype hygiene"
Johannes Weiner has fixed the page allocator's handling of
migratetype requests, with resulting improvements in compaction
efficiency.
- In the series "make the hugetlb migration strategy consistent"
Baolin Wang has fixed a hugetlb migration issue, which should
improve hugetlb allocation reliability.
- Liu Shixin has hit an I/O meltdown caused by readahead in a
memory-tight memcg. Addressed in the series "Fix I/O high when
memory almost met memcg limit".
- In the series "mm/filemap: optimize folio adding and splitting"
Kairui Song has optimized pagecache insertion, yielding ~10%
performance improvement in one test.
- Baoquan He has cleaned up and consolidated the early zone
initialization code in the series "mm/mm_init.c: refactor
free_area_init_core()".
- Baoquan has also redone some MM initializatio code in the series
"mm/init: minor clean up and improvement".
- MM helper cleanups from Christoph Hellwig in his series "remove
follow_pfn".
- More cleanups from Matthew Wilcox in the series "Various
page->flags cleanups".
- Vlastimil Babka has contributed maintainability improvements in the
series "memcg_kmem hooks refactoring".
- More folio conversions and cleanups in Matthew Wilcox's series:
"Convert huge_zero_page to huge_zero_folio"
"khugepaged folio conversions"
"Remove page_idle and page_young wrappers"
"Use folio APIs in procfs"
"Clean up __folio_put()"
"Some cleanups for memory-failure"
"Remove page_mapping()"
"More folio compat code removal"
- David Hildenbrand chipped in with "fs/proc/task_mmu: convert
hugetlb functions to work on folis".
- Code consolidation and cleanup work related to GUP's handling of
hugetlbs in Peter Xu's series "mm/gup: Unify hugetlb, part 2".
- Rick Edgecombe has developed some fixes to stack guard gaps in the
series "Cover a guard gap corner case".
- Jinjiang Tu has fixed KSM's behaviour after a fork+exec in the
series "mm/ksm: fix ksm exec support for prctl".
- Baolin Wang has implemented NUMA balancing for multi-size THPs.
This is a simple first-cut implementation for now. The series is
"support multi-size THP numa balancing".
- Cleanups to vma handling helper functions from Matthew Wilcox in
the series "Unify vma_address and vma_pgoff_address".
- Some selftests maintenance work from Dev Jain in the series
"selftests/mm: mremap_test: Optimizations and style fixes".
- Improvements to the swapping of multi-size THPs from Ryan Roberts
in the series "Swap-out mTHP without splitting".
- Kefeng Wang has significantly optimized the handling of arm64's
permission page faults in the series
"arch/mm/fault: accelerate pagefault when badaccess"
"mm: remove arch's private VM_FAULT_BADMAP/BADACCESS"
- GUP cleanups from David Hildenbrand in "mm/gup: consistently call
it GUP-fast".
- hugetlb fault code cleanups from Vishal Moola in "Hugetlb fault
path to use struct vm_fault".
- selftests build fixes from John Hubbard in the series "Fix
selftests/mm build without requiring "make headers"".
- Memory tiering fixes/improvements from Ho-Ren (Jack) Chuang in the
series "Improved Memory Tier Creation for CPUless NUMA Nodes".
Fixes the initialization code so that migration between different
memory types works as intended.
- David Hildenbrand has improved follow_pte() and fixed an errant
driver in the series "mm: follow_pte() improvements and acrn
follow_pte() fixes".
- David also did some cleanup work on large folio mapcounts in his
series "mm: mapcount for large folios + page_mapcount() cleanups".
- Folio conversions in KSM in Alex Shi's series "transfer page to
folio in KSM".
- Barry Song has added some sysfs stats for monitoring multi-size
THP's in the series "mm: add per-order mTHP alloc and swpout
counters".
- Some zswap cleanups from Yosry Ahmed in the series "zswap
same-filled and limit checking cleanups".
- Matthew Wilcox has been looking at buffer_head code and found the
documentation to be lacking. The series is "Improve buffer head
documentation".
- Multi-size THPs get more work, this time from Lance Yang. His
series "mm/madvise: enhance lazyfreeing with mTHP in madvise_free"
optimizes the freeing of these things.
- Kemeng Shi has added more userspace-visible writeback
instrumentation in the series "Improve visibility of writeback".
- Kemeng Shi then sent some maintenance work on top in the series
"Fix and cleanups to page-writeback".
- Matthew Wilcox reduces mmap_lock traffic in the anon vma code in
the series "Improve anon_vma scalability for anon VMAs". Intel's
test bot reported an improbable 3x improvement in one test.
- SeongJae Park adds some DAMON feature work in the series
"mm/damon: add a DAMOS filter type for page granularity access recheck"
"selftests/damon: add DAMOS quota goal test"
- Also some maintenance work in the series
"mm/damon/paddr: simplify page level access re-check for pageout"
"mm/damon: misc fixes and improvements"
- David Hildenbrand has disabled some known-to-fail selftests ni the
series "selftests: mm: cow: flag vmsplice() hugetlb tests as
XFAIL".
- memcg metadata storage optimizations from Shakeel Butt in "memcg:
reduce memory consumption by memcg stats".
- DAX fixes and maintenance work from Vishal Verma in the series
"dax/bus.c: Fixups for dax-bus locking""
* tag 'mm-stable-2024-05-17-19-19' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (426 commits)
memcg, oom: cleanup unused memcg_oom_gfp_mask and memcg_oom_order
selftests/mm: hugetlb_madv_vs_map: avoid test skipping by querying hugepage size at runtime
mm/hugetlb: add missing VM_FAULT_SET_HINDEX in hugetlb_wp
mm/hugetlb: add missing VM_FAULT_SET_HINDEX in hugetlb_fault
selftests: cgroup: add tests to verify the zswap writeback path
mm: memcg: make alloc_mem_cgroup_per_node_info() return bool
mm/damon/core: fix return value from damos_wmark_metric_value
mm: do not update memcg stats for NR_{FILE/SHMEM}_PMDMAPPED
selftests: cgroup: remove redundant enabling of memory controller
Docs/mm/damon/maintainer-profile: allow posting patches based on damon/next tree
Docs/mm/damon/maintainer-profile: change the maintainer's timezone from PST to PT
Docs/mm/damon/design: use a list for supported filters
Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command
Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file
selftests/damon: classify tests for functionalities and regressions
selftests/damon/_damon_sysfs: use 'is' instead of '==' for 'None'
selftests/damon/_damon_sysfs: find sysfs mount point from /proc/mounts
selftests/damon/_damon_sysfs: check errors from nr_schemes file reads
mm/damon/core: initialize ->esz_bp from damos_quota_init_priv()
selftests/damon: add a test for DAMOS quota goal
...
Patch series "mm/ksm: fix ksm exec support for prctl", v4.
commit 3c6f33b727 ("mm/ksm: support fork/exec for prctl") inherits
MMF_VM_MERGE_ANY flag when a task calls execve(). However, it doesn't
create the mm_slot, so ksmd will not try to scan this task. The first
patch fixes the issue.
The second patch refactors to prepare for the third patch. The third
patch extends the selftests of ksm to verfity the deduplication really
happens after fork/exec inherits ths KSM setting.
This patch (of 3):
commit 3c6f33b727 ("mm/ksm: support fork/exec for prctl") inherits
MMF_VM_MERGE_ANY flag when a task calls execve(). Howerver, it doesn't
create the mm_slot, so ksmd will not try to scan this task.
To fix it, allocate and add the mm_slot to ksm_mm_head in __bprm_mm_init()
when the mm has MMF_VM_MERGE_ANY flag.
Link: https://lkml.kernel.org/r/20240328111010.1502191-1-tujinjiang@huawei.com
Link: https://lkml.kernel.org/r/20240328111010.1502191-2-tujinjiang@huawei.com
Fixes: 3c6f33b727 ("mm/ksm: support fork/exec for prctl")
Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Nanyong Sun <sunnanyong@huawei.com>
Cc: Rik van Riel <riel@surriel.com>
Cc: Stefan Roesch <shr@devkernel.io>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Add "sched_prepare_exec" tracepoint, which is run right after the point
of no return but before the current task assumes its new exec identity.
Unlike the tracepoint "sched_process_exec", the "sched_prepare_exec"
tracepoint runs before flushing the old exec, i.e. while the task still
has the original state (such as original MM), but when the new exec
either succeeds or crashes (but never returns to the original exec).
Being able to trace this event can be helpful in a number of use cases:
* allowing tracing eBPF programs access to the original MM on exec,
before current->mm is replaced;
* counting exec in the original task (via perf event);
* profiling flush time ("sched_prepare_exec" to "sched_process_exec").
Example of tracing output:
$ cat /sys/kernel/debug/tracing/trace_pipe
<...>-379 [003] ..... 179.626921: sched_prepare_exec: interp=/usr/bin/sshd filename=/usr/bin/sshd pid=379 comm=sshd
<...>-381 [002] ..... 180.048580: sched_prepare_exec: interp=/bin/bash filename=/bin/bash pid=381 comm=sshd
<...>-385 [001] ..... 180.068277: sched_prepare_exec: interp=/usr/bin/tty filename=/usr/bin/tty pid=385 comm=bash
<...>-389 [006] ..... 192.020147: sched_prepare_exec: interp=/usr/bin/dmesg filename=/usr/bin/dmesg pid=389 comm=bash
Signed-off-by: Marco Elver <elver@google.com>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Link: https://lore.kernel.org/r/20240411102158.1272267-1-elver@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Pull execve fixes from Kees Cook:
- Fix selftests to conform to the TAP output format (Muhammad Usama
Anjum)
- Fix NOMMU linux_binprm::exec pointer in auxv (Max Filippov)
- Replace deprecated strncpy usage (Justin Stitt)
- Replace another /bin/sh instance in selftests
* tag 'execve-v6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
binfmt: replace deprecated strncpy
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
selftests/exec: Convert remaining /bin/sh to /bin/bash
selftests/exec: execveat: Improve debug reporting
selftests/exec: recursion-depth: conform test to TAP format output
selftests/exec: load_address: conform test to TAP format output
selftests/exec: binfmt_script: Add the overall result line according to TAP
In NOMMU kernel the value of linux_binprm::p is the offset inside the
temporary program arguments array maintained in separate pages in the
linux_binprm::page. linux_binprm::exec being a copy of linux_binprm::p
thus must be adjusted when that array is copied to the user stack.
Without that adjustment the value passed by the NOMMU kernel to the ELF
program in the AT_EXECFN entry of the aux array doesn't make any sense
and it may break programs that try to access memory pointed to by that
entry.
Adjust linux_binprm::exec before the successful return from the
transfer_args_to_stack().
Cc: <stable@vger.kernel.org>
Fixes: b6a2fea393 ("mm: variable length argument support")
Fixes: 5edc2a5123 ("binfmt_elf_fdpic: wire up AT_EXECFD, AT_EXECFN, AT_SECURE")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Link: https://lore.kernel.org/r/20240320182607.1472887-1-jcmvbkbc@gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Pull pdfd updates from Christian Brauner:
- Until now pidfds could only be created for thread-group leaders but
not for threads. There was no technical reason for this. We simply
had no users that needed support for this. Now we do have users that
need support for this.
This introduces a new PIDFD_THREAD flag for pidfd_open(). If that
flag is set pidfd_open() creates a pidfd that refers to a specific
thread.
In addition, we now allow clone() and clone3() to be called with
CLONE_PIDFD | CLONE_THREAD which wasn't possible before.
A pidfd that refers to an individual thread differs from a pidfd that
refers to a thread-group leader:
(1) Pidfds are pollable. A task may poll a pidfd and get notified
when the task has exited.
For thread-group leader pidfds the polling task is woken if the
thread-group is empty. In other words, if the thread-group
leader task exits when there are still threads alive in its
thread-group the polling task will not be woken when the
thread-group leader exits but rather when the last thread in the
thread-group exits.
For thread-specific pidfds the polling task is woken if the
thread exits.
(2) Passing a thread-group leader pidfd to pidfd_send_signal() will
generate thread-group directed signals like kill(2) does.
Passing a thread-specific pidfd to pidfd_send_signal() will
generate thread-specific signals like tgkill(2) does.
The default scope of the signal is thus determined by the type
of the pidfd.
Since use-cases exist where the default scope of the provided
pidfd needs to be overriden the following flags are added to
pidfd_send_signal():
- PIDFD_SIGNAL_THREAD
Send a thread-specific signal.
- PIDFD_SIGNAL_THREAD_GROUP
Send a thread-group directed signal.
- PIDFD_SIGNAL_PROCESS_GROUP
Send a process-group directed signal.
The scope change will only work if the struct pid is actually
used for this scope.
For example, in order to send a thread-group directed signal the
provided pidfd must be used as a thread-group leader and
similarly for PIDFD_SIGNAL_PROCESS_GROUP the struct pid must be
used as a process group leader.
- Move pidfds from the anonymous inode infrastructure to a tiny pseudo
filesystem. This will unblock further work that we weren't able to do
simply because of the very justified limitations of anonymous inodes.
Moving pidfds to a tiny pseudo filesystem allows for statx on pidfds
to become useful for the first time. They can now be compared by
inode number which are unique for the system lifetime.
Instead of stashing struct pid in file->private_data we can now stash
it in inode->i_private. This makes it possible to introduce concepts
that operate on a process once all file descriptors have been closed.
A concrete example is kill-on-last-close. Another side-effect is that
file->private_data is now freed up for per-file options for pidfds.
Now, each struct pid will refer to a different inode but the same
struct pid will refer to the same inode if it's opened multiple
times. In contrast to now where each struct pid refers to the same
inode.
The tiny pseudo filesystem is not visible anywhere in userspace
exactly like e.g., pipefs and sockfs. There's no lookup, there's no
complex inode operations, nothing. Dentries and inodes are always
deleted when the last pidfd is closed.
We allocate a new inode and dentry for each struct pid and we reuse
that inode and dentry for all pidfds that refer to the same struct
pid. The code is entirely optional and fairly small. If it's not
selected we fallback to anonymous inodes. Heavily inspired by nsfs.
The dentry and inode allocation mechanism is moved into generic
infrastructure that is now shared between nsfs and pidfs. The
path_from_stashed() helper must be provided with a stashing location,
an inode number, a mount, and the private data that is supposed to be
used and it will provide a path that can be passed to dentry_open().
The helper will try retrieve an existing dentry from the provided
stashing location. If a valid dentry is found it is reused. If not a
new one is allocated and we try to stash it in the provided location.
If this fails we retry until we either find an existing dentry or the
newly allocated dentry could be stashed. Subsequent openers of the
same namespace or task are then able to reuse it.
- Currently it is only possible to get notified when a task has exited,
i.e., become a zombie and userspace gets notified with EPOLLIN. We
now also support waiting until the task has been reaped, notifying
userspace with EPOLLHUP.
- Ensure that ESRCH is reported for getfd if a task is exiting instead
of the confusing EBADF.
- Various smaller cleanups to pidfd functions.
* tag 'vfs-6.9.pidfd' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (23 commits)
libfs: improve path_from_stashed()
libfs: add stashed_dentry_prune()
libfs: improve path_from_stashed() helper
pidfs: convert to path_from_stashed() helper
nsfs: convert to path_from_stashed() helper
libfs: add path_from_stashed()
pidfd: add pidfs
pidfd: move struct pidfd_fops
pidfd: allow to override signal scope in pidfd_send_signal()
pidfd: change pidfd_send_signal() to respect PIDFD_THREAD
signal: fill in si_code in prepare_kill_siginfo()
selftests: add ESRCH tests for pidfd_getfd()
pidfd: getfd should always report ESRCH if a task is exiting
pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together
pidfd: exit: kill the no longer used thread_group_exited()
pidfd: change do_notify_pidfd() to use __wake_up(poll_to_key(EPOLLIN))
pid: kill the obsolete PIDTYPE_PID code in transfer_pid()
pidfd: kill the no longer needed do_notify_pidfd() in de_thread()
pidfd_poll: report POLLHUP when pid_task() == NULL
pidfd: implement PIDFD_THREAD flag for pidfd_open()
...
Now that __change_pid() does wake_up_all(&pid->wait_pidfd) we can kill
do_notify_pidfd(leader) in de_thread(), it calls release_task(leader)
right after that and this implies detach_pid(leader, PIDTYPE_PID).
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lore.kernel.org/r/20240202131248.GA26022@redhat.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
With this flag:
- pidfd_open() doesn't require that the target task must be
a thread-group leader
- pidfd_poll() succeeds when the task exits and becomes a
zombie (iow, passes exit_notify()), even if it is a leader
and thread-group is not empty.
This means that the behaviour of pidfd_poll(PIDFD_THREAD,
pid-of-group-leader) is not well defined if it races with
exec() from its sub-thread; pidfd_poll() can succeed or not
depending on whether pidfd_task_exited() is called before
or after exchange_tids().
Perhaps we can improve this behaviour later, pidfd_poll()
can probably take sig->group_exec_task into account. But
this doesn't really differ from the case when the leader
exits before other threads (so pidfd_poll() succeeds) and
then another thread execs and pidfd_poll() will block again.
thread_group_exited() is no longer used, perhaps it can die.
Co-developed-by: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Link: https://lore.kernel.org/r/20240131132602.GA23641@redhat.com
Tested-by: Tycho Andersen <tandersen@netflix.com>
Reviewed-by: Tycho Andersen <tandersen@netflix.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Jann Horn points out that uselib() really shouldn't trigger the new
FMODE_EXEC logic introduced by commit 4759ff71f2 ("exec: __FMODE_EXEC
instead of in_execve for LSMs").
In fact, it shouldn't even have ever triggered the old pre-existing
logic for __FMODE_EXEC (like the NFS code that makes executables not
need read permissions). Unlike a real execve(), that can work even with
files that are purely executable by the user (not readable), uselib()
has that MAY_READ requirement becasue it's really just a convenience
wrapper around mmap() for legacy shared libraries.
The whole FMODE_EXEC bit was originally introduced by commit
b500531e6f ("[PATCH] Introduce FMODE_EXEC file flag"), primarily to
give ETXTBUSY error returns for distributed filesystems.
It has since grown a few other warts (like that NFS thing), but there
really isn't any reason to use it for uselib(), and now that we are
trying to use it to replace the horrid 'tsk->in_execve' flag, it's
actively wrong.
Of course, as Jann Horn also points out, nobody should be enabling
CONFIG_USELIB in the first place in this day and age, but that's a
different discussion entirely.
Reported-by: Jann Horn <jannh@google.com>
Fixes: 4759ff71f2 ("exec: __FMODE_EXEC instead of in_execve for LSMs")
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull sysctl updates from Luis Chamberlain:
"To help make the move of sysctls out of kernel/sysctl.c not incur a
size penalty sysctl has been changed to allow us to not require the
sentinel, the final empty element on the sysctl array. Joel Granados
has been doing all this work.
In the v6.6 kernel we got the major infrastructure changes required to
support this. For v6.7 we had all arch/ and drivers/ modified to
remove the sentinel. For v6.8-rc1 we get a few more updates for fs/
directory only.
The kernel/ directory is left but we'll save that for v6.9-rc1 as
those patches are still being reviewed. After that we then can expect
also the removal of the no longer needed check for procname == NULL.
Let us recap the purpose of this work:
- this helps reduce the overall build time size of the kernel and run
time memory consumed by the kernel by about ~64 bytes per array
- the extra 64-byte penalty is no longer inncurred now when we move
sysctls out from kernel/sysctl.c to their own files
Thomas Weißschuh also sent a few cleanups, for v6.9-rc1 we expect to
see further work by Thomas Weißschuh with the constificatin of the
struct ctl_table.
Due to Joel Granados's work, and to help bring in new blood, I have
suggested for him to become a maintainer and he's accepted. So for
v6.9-rc1 I look forward to seeing him sent you a pull request for
further sysctl changes. This also removes Iurii Zaikin as a maintainer
as he has moved on to other projects and has had no time to help at
all"
* tag 'sysctl-6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux:
sysctl: remove struct ctl_path
sysctl: delete unused define SYSCTL_PERM_EMPTY_DIR
coda: Remove the now superfluous sentinel elements from ctl_table array
sysctl: Remove the now superfluous sentinel elements from ctl_table array
fs: Remove the now superfluous sentinel elements from ctl_table array
cachefiles: Remove the now superfluous sentinel element from ctl_table array
sysclt: Clarify the results of selftest run
sysctl: Add a selftest for handling empty dirs
sysctl: Fix out of bounds access for empty sysctl registers
MAINTAINERS: Add Joel Granados as co-maintainer for proc sysctl
MAINTAINERS: remove Iurii Zaikin from proc sysctl
Kalesh Singh
Greg Kroah-Hartman
Oleg Nesterov
Yang Yang
Kees Cook
Christian Brauner
Xuewen Yan
Matthias Maennich
Linus Torvalds
Helge Deller
Lee Jones
Lorenzo Stoakes
Mateusz Guzik
Tudor Ambarus
Joel Granados
Jinjiang Tu
Marco Elver
Max Filippov
Kees Cook
Li kunyu
Bernd Edlinger
Askar Safin