GKI (arm64) relevant 87 out of 414 changes, affecting 112 files +738/-352
bdb71ee651 configfs: Do not override creating attribute file failure in populate_attrs() [1 file, +1/-1]
ba789be63d io_uring: account drain memory to cgroup [1 file, +1/-1]
c58b577cf7 io_uring/kbuf: account ring io_buffer_list memory [1 file, +1/-1]
f78b38af35 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() [1 file, +3/-2]
2429bb9fad media: v4l2-dev: fix error handling in __video_register_device() [1 file, +7/-7]
5d8b057ed7 media: videobuf2: use sgtable-based scatterlist wrappers [1 file, +2/-2]
b52dc88361 media: uvcvideo: Return the number of processed controls [1 file, +10/-1]
6d2b12e7c5 media: uvcvideo: Send control events for partial succeeds [1 file, +9/-3]
aac91ae06c media: uvcvideo: Fix deferred probing error [1 file, +19/-8]
86d9837e46 arm64/mm: Close theoretical race where stale TLB entry remains valid [1 file, +5/-4]
5538af3843 block: use plug request list tail for one-shot backmerge attempt [1 file, +13/-13]
943801c380 block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion [1 file, +1/-0]
1c71f3cf5f cgroup,freezer: fix incomplete freezing when attaching tasks [1 file, +1/-2]
a0890b7805 bus: firewall: Fix missing static inline annotations for stubs [1 file, +9/-6]
5766da2237 ext4: inline: fix len overflow in ext4_prepare_inline_data [1 file, +1/-1]
796632e6f8 ext4: fix calculation of credits for extent tree modification [1 file, +6/-5]
4b36399711 ext4: ensure i_size is smaller than maxbytes [1 file, +2/-1]
be5f3061a6 ext4: only dirty folios when data journaling regular files [1 file, +6/-1]
a0b1c91ada Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() [1 file, +2/-0]
fed611bd8c f2fs: fix to do sanity check on ino and xnid [1 file, +6/-0]
aaa644e7ff f2fs: prevent kernel warning due to negative i_nlink from corrupted image [1 file, +9/-0]
ee1b421c46 f2fs: fix to do sanity check on sit_bitmap_size [1 file, +8/-0]
f16a797dce watchdog: fix watchdog may detect false positive of softlockup [1 file, +27/-14]
02137179ff mm: fix ratelimit_pages update error in dirty_ratio_handler() [1 file, +1/-1]
462eee6d42 firmware: arm_scmi: Ensure that the message-id supports fastchannel [2 files, +45/-33]
e3cf1ef571 dm-verity: fix a memory leak if some arguments are specified multiple times [3 files, +24/-5]
f2986bccf2 dm: lock limits when reading them [1 file, +7/-1]
ec5f0b4412 ovl: Fix nested backing file paths [1 file, +2/-2]
92776ca0cc remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() [1 file, +2/-3]
f4ef928ca5 remoteproc: core: Release rproc->clean_table after rproc_attach() fails [1 file, +1/-0]
68e58f5791 PCI: dwc: ep: Correct PBA offset in .set_msix() callback [1 file, +3/-2]
b20701d594 PCI: Add ACS quirk for Loongson PCIe [1 file, +23/-0]
be0cf75cbd PCI: Fix lock symmetry in pci_slot_unlock() [1 file, +2/-1]
7b45d2401d clocksource: Fix the CPUs' choice in the watchdog per CPU verification [1 file, +1/-1]
c05aba32a9 ACPICA: Avoid sequence overread in call to strncmp() [1 file, +1/-1]
66613b13cd ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case [1 file, +8/-1]
33cd650d38 pmdomain: core: Reset genpd->states to avoid freeing invalid data [1 file, +3/-1]
f34e0c1556 platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() [1 file, +1/-0]
c519f81e9c gpiolib: of: Add polarity quirk for s5m8767 [1 file, +9/-0]
1f152ae557 PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() [1 file, +1/-1]
6c1151d53c tipc: use kfree_sensitive() for aead cleanup [1 file, +1/-1]
b0e647442c f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx [2 files, +15/-13]
2d834477bb bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() [1 file, +2/-1]
77ff6aec7c cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs [1 file, +35/-1]
0a8446058c tcp: always seek for minimal rtt in tcp_rcv_rtt_update() [1 file, +8/-14]
f97085d365 tcp: remove zero TCP TS samples for autotuning [1 file, +5/-5]
89b20c406e tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows [1 file, +3/-3]
84c156a351 tcp: add receive queue awareness in tcp_rcv_space_adjust() [2 files, +5/-3]
3a9e74d158 ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT [1 file, +4/-0]
5eb9c50e0c net: page_pool: Don't recycle into cache on PREEMPT_RT [1 file, +4/-0]
8b0741b167 xfrm: validate assignment of maximal possible SEQ number [1 file, +42/-10]
8fdf2f79eb bpf: Pass the same orig_call value to trampoline functions [1 file, +1/-1]
f0023d7a2a f2fs: fix to bail out in get_new_segment() [2 files, +6/-1]
448dc45eea bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index [1 file, +2/-2]
78f768e36c net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions [1 file, +69/-8]
4b3383110b software node: Correct a OOB check in software_node_get_reference_args() [1 file, +1/-1]
b7129ef57d sock: Correct error checking condition for (assign|release)_proto_idx() [1 file, +2/-2]
a58f0a0e99 f2fs: fix to set atomic write status more clear [3 files, +12/-2]
b8b4b8bb34 bpf, sockmap: Fix data lost during EAGAIN retries [1 file, +2/-1]
7c41f73b64 fs/xattr.c: fix simple_xattr_list() [1 file, +1/-0]
2e10dc9c2a io_uring/kbuf: don't truncate end buffer for multiple buffer peeks [1 file, +4/-1]
1a4254ab06 io_uring: fix task leak issue in io_wq_create() [1 file, +3/-1]
4220cc0b98 nvme: always punt polled uring_cmd end_io work to task_work [1 file, +7/-14]
f9b97d466e net_sched: sch_sfq: reject invalid perturb period [1 file, +8/-2]
2a3ad42a57 net: clear the dst when changing skb protocol [1 file, +13/-6]
510a29d776 mm: close theoretical race where stale TLB entries could linger [1 file, +2/-0]
57ec081869 sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() [3 files, +9/-2]
3d828519bd atm: Revert atm_account_tx() if copy_from_iter_full() fails. [3 files, +8/-1]
47f34289d1 arm64: Restrict pagetable teardown to avoid false warning [1 file, +2/-1]
9cf5b2a3b7 mm/hugetlb: unshare page tables during VMA split, not before [5 files, +57/-16]
dc5f0aef9e net: Fix checksum update for ILA adj-transport [4 files, +7/-7]
2516299184 bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE [3 files, +7/-2]
50189d9c5e erofs: remove unused trace event erofs_destroy_inode [1 file, +0/-18]
348e541fef ipv6: remove leftover ip6 cookie initializer [1 file, +0/-2]
3c44ebad5a ipv6: replace ipcm6_init calls with ipcm6_init_sk [4 files, +3/-29]
6b358b3adf io_uring/sqpoll: don't put task_struct on tctx setup failure [1 file, +1/-4]
8873080b88 workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() [1 file, +2/-1]
ac462a75fd net: netmem: fix skb_ensure_writable with unreadable skbs [1 file, +0/-3]
61b39e189d ptp: allow reading of currently dialed frequency to succeed on free-running clocks [1 file, +2/-1]
397c1faf8f tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior [1 file, +25/-12]
0d3d91c350 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer [1 file, +2/-2]
31d50dfe9c tcp: fix passive TFO socket having invalid NAPI ID [1 file, +3/-0]
0f8df5d6f2 ublk: santizize the arguments from userspace when adding a device [1 file, +3/-0]
456019adaa perf: Fix sample vs do_exit() [2 files, +16/-8]
7335c33d62 perf: Fix cgroup state vs ERROR [1 file, +30/-21]
fd199366bf perf/core: Fix WARN in perf_cgroup_switch() [1 file, +20/-2]
22f935bc86 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() [1 file, +1/-1]
Changes in 6.12.35
configfs: Do not override creating attribute file failure in populate_attrs()
crypto: marvell/cesa - Do not chain submitted requests
gfs2: move msleep to sleepable context
crypto: qat - add shutdown handler to qat_c3xxx
crypto: qat - add shutdown handler to qat_420xx
crypto: qat - add shutdown handler to qat_4xxx
crypto: qat - add shutdown handler to qat_c62x
crypto: qat - add shutdown handler to qat_dh895xcc
ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()
io_uring: account drain memory to cgroup
io_uring/kbuf: account ring io_buffer_list memory
powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states
s390/pci: Remove redundant bus removal and disable from zpci_release_device()
s390/pci: Prevent self deletion in disable_slot()
s390/pci: Allow re-add of a reserved but not yet removed device
s390/pci: Serialize device addition and removal
regulator: max20086: Fix MAX200086 chip id
regulator: max20086: Change enable gpio to optional
net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
wifi: mt76: mt7925: fix host interrupt register initialization
wifi: ath11k: fix rx completion meta data corruption
wifi: rtw88: usb: Upload the firmware in bigger chunks
wifi: ath11k: fix ring-buffer corruption
NFSD: unregister filesystem in case genl_register_family() fails
NFSD: fix race between nfsd registration and exports_proc
NFSD: Implement FATTR4_CLONE_BLKSIZE attribute
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls
NFSv4: Don't check for OPEN feature support in v4.1
fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
wifi: ath12k: fix ring-buffer corruption
jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
svcrdma: Unregister the device if svc_rdma_accept() fails
wifi: rtw88: usb: Reduce control message timeout to 500 ms
wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
media: ov8856: suppress probe deferral errors
media: ov5675: suppress probe deferral errors
media: imx335: Use correct register width for HNUM
media: nxp: imx8-isi: better handle the m2m usage_count
media: i2c: ds90ub913: Fix returned fmt from .set_fmt()
media: ccs-pll: Start VT pre-PLL multiplier search from correct value
media: ov2740: Move pm-runtime cleanup on probe-errors to proper place
media: ccs-pll: Start OP pre-PLL multiplier search from correct value
media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
media: cxusb: no longer judge rbuf when the write fails
media: davinci: vpif: Fix memory leak in probe error path
media: gspca: Add error handling for stv06xx_read_sensor()
media: i2c: imx335: Fix frame size enumeration
media: imagination: fix a potential memory leak in e5010_probe()
media: intel/ipu6: Fix dma mask for non-secure mode
media: ipu6: Remove workaround for Meteor Lake ES2
media: mediatek: vcodec: Correct vsi_core framebuffer size
media: omap3isp: use sgtable-based scatterlist wrappers
media: v4l2-dev: fix error handling in __video_register_device()
media: venus: Fix probe error handling
media: videobuf2: use sgtable-based scatterlist wrappers
media: vidtv: Terminating the subsequent process of initialization failure
media: vivid: Change the siize of the composing
media: imx-jpeg: Drop the first error frames
media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
media: imx-jpeg: Reset slot data pointers when freed
media: imx-jpeg: Cleanup after an allocation error
media: uvcvideo: Return the number of processed controls
media: uvcvideo: Send control events for partial succeeds
media: uvcvideo: Fix deferred probing error
arm64/mm: Close theoretical race where stale TLB entry remains valid
ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
ASoC: codecs: wcd9375: Fix double free of regulator supplies
ASoC: codecs: wcd937x: Drop unused buck_supply
block: use plug request list tail for one-shot backmerge attempt
block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion
bus: mhi: ep: Update read pointer only after buffer is written
bus: mhi: host: Fix conflict between power_up and SYSERR
can: kvaser_pciefd: refine error prone echo_skb_max handling logic
can: tcan4x5x: fix power regulator retrieval during probe
ceph: avoid kernel BUG for encrypted inode with unaligned file size
ceph: set superblock s_magic for IMA fsmagic matching
cgroup,freezer: fix incomplete freezing when attaching tasks
bus: firewall: Fix missing static inline annotations for stubs
ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard
ata: ahci: Disallow LPM for Asus B550-F motherboard
bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
bus: fsl-mc: fix GET/SET_TAILDROP command ids
ext4: inline: fix len overflow in ext4_prepare_inline_data
ext4: fix calculation of credits for extent tree modification
ext4: factor out ext4_get_maxbytes()
ext4: ensure i_size is smaller than maxbytes
ext4: only dirty folios when data journaling regular files
Input: ims-pcu - check record size in ims_pcu_flash_firmware()
Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
f2fs: fix to do sanity check on ino and xnid
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
f2fs: fix to do sanity check on sit_bitmap_size
hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
NFC: nci: uart: Set tty->disc_data only in success path
net/sched: fix use-after-free in taprio_dev_notifier
net: ftgmac100: select FIXED_PHY
iommu/vt-d: Restore context entry setup order for aliased devices
fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
EDAC/altera: Use correct write width with the INTTEST register
fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
parisc/unaligned: Fix hex output to show 8 hex chars
vgacon: Add check for vc_origin address range in vgacon_scroll()
parisc: fix building with gcc-15
clk: meson-g12a: add missing fclk_div2 to spicc
ipc: fix to protect IPCS lookups using RCU
watchdog: fix watchdog may detect false positive of softlockup
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
mm: fix ratelimit_pages update error in dirty_ratio_handler()
soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events
configfs-tsm-report: Fix NULL dereference of tsm_ops
firmware: arm_scmi: Ensure that the message-id supports fastchannel
mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk
mtd: nand: sunxi: Add randomizer configuration before randomizer enable
KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs
KVM: VMX: Flush shadow VMCS on emergency reboot
dm-mirror: fix a tiny race condition
dm-verity: fix a memory leak if some arguments are specified multiple times
mtd: rawnand: qcom: Fix read len for onfi param page
ftrace: Fix UAF when lookup kallsym after ftrace disabled
dm: lock limits when reading them
phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property()
net: ch9200: fix uninitialised access during mii_nway_restart
KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
sysfb: Fix screen_info type check for VGA
video: screen_info: Relocate framebuffers behind PCI bridges
pwm: axi-pwmgen: fix missing separate external clock
staging: iio: ad5933: Correct settling cycles encoding per datasheet
mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
ovl: Fix nested backing file paths
regulator: max14577: Add error check for max14577_read_reg()
remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
remoteproc: core: Release rproc->clean_table after rproc_attach() fails
remoteproc: k3-m4: Don't assert reset in detach routine
cifs: reset connections for all channels when reconnect requested
cifs: update dstaddr whenever channel iface is updated
cifs: dns resolution is needed only for primary channel
smb: client: add NULL check in automount_fullpath
Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
uio_hv_generic: Use correct size for interrupt and monitor pages
uio_hv_generic: Align ring size to system page
PCI: cadence-ep: Correct PBA offset in .set_msix() callback
PCI: dwc: ep: Correct PBA offset in .set_msix() callback
PCI: Add ACS quirk for Loongson PCIe
PCI: Fix lock symmetry in pci_slot_unlock()
PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up()
PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit()
iio: accel: fxls8962af: Fix temperature scan element sign
accel/ivpu: Improve buffer object logging
accel/ivpu: Use firmware names from upstream repo
accel/ivpu: Use dma_resv_lock() instead of a custom mutex
accel/ivpu: Fix warning in ivpu_gem_bo_free()
dummycon: Trigger redraw when switching consoles with deferred takeover
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
iio: imu: inv_icm42600: Fix temperature calculation
iio: adc: ad7944: mask high bits on direct read
iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build
iio: adc: ad7606_spi: fix reg write value mask
ACPICA: fix acpi operand cache leak in dswstate.c
ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
clocksource: Fix the CPUs' choice in the watchdog per CPU verification
power: supply: collie: Fix wakeup source leaks on device unbind
mmc: Add quirk to disable DDR50 tuning
ACPICA: Avoid sequence overread in call to strncmp()
ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init()
ACPI: bus: Bail out if acpi_kobj registration fails
ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case
ACPICA: fix acpi parse and parseext cache leaks
ACPICA: Apply pack(1) to union aml_resource
ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops
power: supply: bq27xxx: Retrieve again when busy
pmdomain: core: Reset genpd->states to avoid freeing invalid data
ACPICA: utilities: Fix overflow check in vsnprintf()
platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()
ASoC: tegra210_ahub: Add check to of_device_get_match_data()
Make 'cc-option' work correctly for the -Wno-xyzzy pattern
gpiolib: of: Add polarity quirk for s5m8767
PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
power: supply: max17040: adjust thermal channel scaling
ACPI: battery: negate current when discharging
net: macb: Check return value of dma_set_mask_and_coherent()
net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
tipc: use kfree_sensitive() for aead cleanup
f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx
bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922
i2c: designware: Invoke runtime suspend on quick slave re-registration
wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
emulex/benet: correct command version selection in be_cmd_get_stats()
Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925
wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
wifi: mt76: mt7925: introduce thermal protection
wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO
sctp: Do not wake readers in __sctp_write_space()
libbpf/btf: Fix string handling to support multi-split BTF
cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
i2c: tegra: check msg length in SMBUS block read
i2c: npcm: Add clock toggle recovery
clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks
net: dlink: add synchronization for stats update
wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET
wifi: ath12k: fix a possible dead lock caused by ab->base_lock
wifi: ath11k: Fix QMI memory reuse logic
iommu/amd: Allow matching ACPI HID devices without matching UIDs
wifi: rtw89: leave idle mode when setting WEP encryption for AP mode
tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
tcp: remove zero TCP TS samples for autotuning
tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
tcp: add receive queue awareness in tcp_rcv_space_adjust()
x86/sgx: Prevent attempts to reclaim poisoned pages
ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
net: page_pool: Don't recycle into cache on PREEMPT_RT
xfrm: validate assignment of maximal possible SEQ number
net: atlantic: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()
bpf: Pass the same orig_call value to trampoline functions
net: stmmac: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()
libbpf: Check bpf_map_skeleton link for NULL
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
wifi: mac80211: do not offer a mesh path if forwarding is disabled
clk: rockchip: rk3036: mark ddrphy as critical
hid-asus: check ROG Ally MCU version and warn
wifi: iwlwifi: mvm: fix beacon CCK flag
f2fs: fix to bail out in get_new_segment()
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
libbpf: Add identical pointer detection to btf_dedup_is_equiv()
scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
scsi: smartpqi: Add new PCI IDs
iommu/amd: Ensure GA log notifier callbacks finish running before module unload
wifi: iwlwifi: pcie: make sure to lock rxq->read
wifi: rtw89: 8922a: fix TX fail with wrong VCO setting
wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
netdevsim: Mark NAPI ID on skb in nsim_rcv
net/mlx5: HWS, Fix IP version decision
bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index
wifi: mac80211: VLAN traffic in multicast path
Revert "mac80211: Dynamically set CoDel parameters per station"
wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0
net: bridge: mcast: update multicast contex when vlan state is changed
net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions
vxlan: Do not treat dst cache initialization errors as fatal
bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp
wifi: ath12k: using msdu end descriptor to check for rx multicast packets
net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER
software node: Correct a OOB check in software_node_get_reference_args()
isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry
pinctrl: mcp23s08: Reset all pins to input at probe
wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping
scsi: lpfc: Use memcpy() for BIOS version
sock: Correct error checking condition for (assign|release)_proto_idx()
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
ixgbe: Fix unreachable retry logic in combined and byte I2C write functions
RDMA/hns: initialize db in update_srq_db()
ice: fix check for existing switch rule
usbnet: asix AX88772: leave the carrier control to phylink
f2fs: fix to set atomic write status more clear
bpf, sockmap: Fix data lost during EAGAIN retries
net: ethernet: cortina: Use TOE/TSO on all TCP
octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
wifi: ath11k: determine PM policy based on machine model
wifi: ath12k: fix link valid field initialization in the monitor Rx
wifi: ath12k: fix incorrect CE addresses
wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz
net/mlx5: HWS, Harden IP version definer checks
fbcon: Make sure modelist not set on unregistered console
watchdog: da9052_wdt: respect TWDMIN
bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
tee: Prevent size calculation wraparound on 32-bit kernels
Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first"
fs/xattr.c: fix simple_xattr_list()
platform/x86/amd: pmc: Clear metrics table at start of cycle
platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice
platform/x86: dell_rbu: Fix list usage
platform/x86: dell_rbu: Stop overwriting data buffer
powerpc/vdso: Fix build of VDSO32 with pcrel
powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
io_uring/kbuf: don't truncate end buffer for multiple buffer peeks
io_uring: fix task leak issue in io_wq_create()
drivers/rapidio/rio_cm.c: prevent possible heap overwrite
platform/loongarch: laptop: Get brightness setting from EC on probe
platform/loongarch: laptop: Unregister generic_sub_drivers on exit
platform/loongarch: laptop: Add backlight power control support
LoongArch: vDSO: Correctly use asm parameters in syscall wrappers
LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg
LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
jffs2: check that raw node were preallocated before writing summary
jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
cifs: deal with the channel loading lag while picking channels
cifs: serialize other channels when query server interfaces is pending
cifs: do not disable interface polling on failure
smb: improve directory cache reuse for readdir operations
scsi: storvsc: Increase the timeouts to storvsc_timeout
scsi: s390: zfcp: Ensure synchronous unit_add
nvme: always punt polled uring_cmd end_io work to task_work
net_sched: sch_sfq: reject invalid perturb period
net: clear the dst when changing skb protocol
mm: close theoretical race where stale TLB entries could linger
udmabuf: use sgtable-based scatterlist wrappers
x86/virt/tdx: Avoid indirect calls to TDX assembly functions
selftests/x86: Add a test to detect infinite SIGTRAP handler loop
ksmbd: fix null pointer dereference in destroy_previous_session
platform/x86: ideapad-laptop: use usleep_range() for EC polling
selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL
sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group()
atm: Revert atm_account_tx() if copy_from_iter_full() fails.
wifi: rtw89: phy: add dummy C2H event handler for report of TAS power
cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
Input: sparcspkr - avoid unannotated fall-through
wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
wifi: cfg80211: init wiphy_work before allocating rfkill fails
arm64: Restrict pagetable teardown to avoid false warning
ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card
ALSA: hda/intel: Add Thinkpad E15 to PM deny list
ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx
ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA
ALSA: hda/realtek: Add quirk for Asus GU605C
iio: accel: fxls8962af: Fix temperature calculation
mm/hugetlb: unshare page tables during VMA split, not before
drm/amdgpu: read back register after written for VCN v4.0.5
kbuild: rust: add rustc-min-version support function
rust: compile libcore with edition 2024 for 1.87+
net: Fix checksum update for ILA adj-transport
bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
erofs: remove unused trace event erofs_destroy_inode
nfsd: use threads array as-is in netlink interface
sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`
Kunit to check the longest symbol length
x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c
ipv6: remove leftover ip6 cookie initializer
ipv6: replace ipcm6_init calls with ipcm6_init_sk
smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels
drm/msm/disp: Correct porch timing for SDM845
drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names
drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
drm/ssd130x: fix ssd132x_clear_screen() columns
ionic: Prevent driver/fw getting out of sync on devcmd(s)
drm/nouveau/bl: increase buffer size to avoid truncate warning
drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled
hwmon: (occ) Rework attribute registration for stack usage
hwmon: (occ) fix unaligned accesses
hwmon: (ltc4282) avoid repeated register write
pldmfw: Select CRC32 when PLDMFW is selected
aoe: clean device rq_list in aoedev_downdev()
io_uring/sqpoll: don't put task_struct on tctx setup failure
net: ice: Perform accurate aRFS flow match
ice: fix eswitch code memory leak in reset scenario
e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
workqueue: Initialize wq_isolated_cpumask in workqueue_init_early()
ksmbd: add free_transport ops in ksmbd connection
net: netmem: fix skb_ensure_writable with unreadable skbs
bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
eth: bnxt: fix out-of-range access of vnic_info array
bnxt_en: Add a helper function to configure MRU and RSS
bnxt_en: Update MRU and RSS table of RSS contexts on queue reset
ptp: fix breakage after ptp_vclock_in_use() rework
ptp: allow reading of currently dialed frequency to succeed on free-running clocks
wifi: carl9170: do not ping device which has failed to load firmware
mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
atm: atmtcp: Free invalid length skb in atmtcp_c_send().
tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior
tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
tcp: fix passive TFO socket having invalid NAPI ID
eth: fbnic: avoid double free when failing to DMA-map FW msg
net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
ublk: santizize the arguments from userspace when adding a device
drm/xe: Wire up device shutdown handler
drm/xe/gt: Update handling of xe_force_wake_get return
drm/xe/bmg: Update Wa_16023588340
calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available
net: atm: add lec_mutex
net: atm: fix /proc/net/atm/lec handling
EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh
dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
smb: Log an error when close_all_cached_dirs fails
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
serial: sh-sci: Increment the runtime usage counter for the earlycon device
smb: client: fix first command failure during re-negotiation
smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
s390/pci: Fix __pcilg_mio_inuser() inline assembly
perf: Fix sample vs do_exit()
perf: Fix cgroup state vs ERROR
perf/core: Fix WARN in perf_cgroup_switch()
arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls
RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs
gpio: pca953x: fix wrong error probe return value
perf evsel: Missed close() when probing hybrid core PMUs
perf test: Directory file descriptor leak
gpio: mlxbf3: only get IRQ for device instance 0
cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function
bpftool: Fix cgroup command to only show cgroup bpf programs
Linux 6.12.35
Change-Id: Ida57d269272a624bedb979bfad0b3c5e7df7e846
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e26268ff1dcae5662c1b96c35f18cfa6ab73d9de upstream.
fstest generic/388 occasionally reproduces a crash that looks as
follows:
BUG: kernel NULL pointer dereference, address: 0000000000000000
...
Call Trace:
<TASK>
ext4_block_zero_page_range+0x30c/0x380 [ext4]
ext4_truncate+0x436/0x440 [ext4]
ext4_process_orphan+0x5d/0x110 [ext4]
ext4_orphan_cleanup+0x124/0x4f0 [ext4]
ext4_fill_super+0x262d/0x3110 [ext4]
get_tree_bdev_flags+0x132/0x1d0
vfs_get_tree+0x26/0xd0
vfs_cmd_create+0x59/0xe0
__do_sys_fsconfig+0x4ed/0x6b0
do_syscall_64+0x82/0x170
...
This occurs when processing a symlink inode from the orphan list. The
partial block zeroing code in the truncate path calls
ext4_dirty_journalled_data() -> folio_mark_dirty(). The latter calls
mapping->a_ops->dirty_folio(), but symlink inodes are not assigned an
a_ops vector in ext4, hence the crash.
To avoid this problem, update the ext4_dirty_journalled_data() helper to
only mark the folio dirty on regular files (for which a_ops is
assigned). This also matches the journaling logic in the ext4_symlink()
creation path, where ext4_handle_dirty_metadata() is called directly.
Fixes: d84c9ebdac ("ext4: Mark pages with journalled data dirty")
Signed-off-by: Brian Foster <bfoster@redhat.com>
Link: https://patch.msgid.link/20250516173800.175577-1-bfoster@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 32a93f5bc9b9812fc710f43a4d8a6830f91e4988 upstream.
Luis and David are reporting that after running generic/750 test for 90+
hours on 2k ext4 filesystem, they are able to trigger a warning in
jbd2_journal_dirty_metadata() complaining that there are not enough
credits in the running transaction started in ext4_do_writepages().
Indeed the code in ext4_do_writepages() is racy and the extent tree can
change between the time we compute credits necessary for extent tree
computation and the time we actually modify the extent tree. Thus it may
happen that the number of credits actually needed is higher. Modify
ext4_ext_index_trans_blocks() to count with the worst case of maximum
tree depth. This can reduce the possible number of writers that can
operate in the system in parallel (because the credit estimates now won't
fit in one transaction) but for reasonably sized journals this shouldn't
really be an issue. So just go with a safe and simple fix.
Link: https://lore.kernel.org/all/20250415013641.f2ppw6wov4kn4wq2@offworld
Reported-by: Davidlohr Bueso <dave@stgolabs.net>
Reported-by: Luis Chamberlain <mcgrof@kernel.org>
Tested-by: kdevops@lists.linux.dev
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Link: https://patch.msgid.link/20250429175535.23125-2-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 17207d0bb209e8b40f27d7f3f96e82a78af0bf2c ]
When zeroing a range of folios on the filesystem which block size is
less than the page size, the file's mapped blocks within one page will
be marked as unwritten, we should remove writable userspace mappings to
ensure that ext4_page_mkwrite() can be called during subsequent write
access to these partial folios. Otherwise, data written by subsequent
mmap writes may not be saved to disk.
$mkfs.ext4 -b 1024 /dev/vdb
$mount /dev/vdb /mnt
$xfs_io -t -f -c "pwrite -S 0x58 0 4096" -c "mmap -rw 0 4096" \
-c "mwrite -S 0x5a 2048 2048" -c "fzero 2048 2048" \
-c "mwrite -S 0x59 2048 2048" -c "close" /mnt/foo
$od -Ax -t x1z /mnt/foo
000000 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
*
000800 59 59 59 59 59 59 59 59 59 59 59 59 59 59 59 59
*
001000
$umount /mnt && mount /dev/vdb /mnt
$od -Ax -t x1z /mnt/foo
000000 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
*
000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
001000
Fix this by introducing ext4_truncate_page_cache_block_range() to remove
writable userspace mappings when truncating a partial folio range.
Additionally, move the journal data mode-specific handlers and
truncate_pagecache_range() into this function, allowing it to serve as a
common helper that correctly manages the page cache in preparation for
block range manipulations.
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://patch.msgid.link/20241220011637.1157197-2-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 43d0105e2c7523cc6b14cad65e2044e829c0a07a ]
There is no need to write back all data before punching a hole in
non-journaled mode since it will be dropped soon after removing space.
Therefore, the call to filemap_write_and_wait_range() can be eliminated.
Besides, similar to ext4_zero_range(), we must address the case of
partially punched folios when block size < page size. It is essential to
remove writable userspace mappings to ensure that the folio can be
faulted again during subsequent mmap write access.
In journaled mode, we need to write dirty pages out before discarding
page cache in case of crash before committing the freeing data
transaction, which could expose old, stale data, even if synchronization
has been performed.
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://patch.msgid.link/20241220011637.1157197-4-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e856f93e0fb249955f7d5efb18fe20500a9ccc6d ]
When dioread_nolock is turned on (the default), it will convert unwritten
extents to written at ext4_end_io_end(), even if the data writeback fails.
It leads to the possibility that stale data may be exposed when the
physical block corresponding to the file data is read-only (i.e., writes
return -EIO, but reads are normal).
Therefore a new ext4_io_end->flags EXT4_IO_END_FAILED is added, which
indicates that some bio write-back failed in the current ext4_io_end.
When this flag is set, the unwritten to written conversion is no longer
performed. Users can read the data normally until the caches are dropped,
after that, the failed extents can only be read to all 0.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Link: https://patch.msgid.link/20250122110533.4116662-3-libaokun@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1b419c889c0767a5b66d0a6c566cae491f1cb0f7 ]
capable() calls refer to enabled LSMs whether to permit or deny the
request. This is relevant in connection with SELinux, where a
capability check results in a policy decision and by default a denial
message on insufficient permission is issued.
It can lead to three undesired cases:
1. A denial message is generated, even in case the operation was an
unprivileged one and thus the syscall succeeded, creating noise.
2. To avoid the noise from 1. the policy writer adds a rule to ignore
those denial messages, hiding future syscalls, where the task
performs an actual privileged operation, leading to hidden limited
functionality of that task.
3. To avoid the noise from 1. the policy writer adds a rule to permit
the task the requested capability, while it does not need it,
violating the principle of least privilege.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20250302160657.127253-2-cgoettsche@seltendoof.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d7b0befd09320e3356a75cb96541c030515e7f5f ]
A user complained that a message such as:
EXT4-fs (nvme0n1p3): re-mounted UUID ro. Quota mode: none.
implied that the file system was previously mounted read/write and was
now remounted read-only, when it could have been some other mount
state that had changed by the "mount -o remount" operation. Fix this
by only logging "ro"or "r/w" when it has changed.
https://bugzilla.kernel.org/show_bug.cgi?id=219132
Signed-off-by: Nicolas Bretz <bretznic@gmail.com>
Link: https://patch.msgid.link/20250319171011.8372-1-bretznic@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 69 out of 278 changes, affecting 88 files +585/-290
0b603e7759 tracing: Add __print_dynamic_array() helper [3 files, +15/-1]
0312735402 tracing: Verify event formats that have "%*p.." [2 files, +13/-2]
1c9798bf81 mm/vmscan: don't try to reclaim hwpoison folio [1 file, +7/-0]
db3b3964af PM: EM: use kfree_rcu() to simplify the code [1 file, +1/-9]
9d5752b853 PM: EM: Address RCU-related sparse warnings [2 files, +26/-25]
3e12e8c273 block: remove the write_hint field from struct request [4 files, +13/-12]
ed7535b141 block: remove the ioprio field from struct request [4 files, +11/-15]
2afa5ea7c4 block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone [1 file, +1/-0]
46d3575209 PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends [1 file, +6/-12]
35ba7b2d4d PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads [2 files, +5/-0]
16c8aa5de1 dma/contiguous: avoid warning about unused size_bytes [1 file, +1/-2]
7ccfadfb25 cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() [1 file, +8/-2]
28fbd7b13b cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() [1 file, +10/-3]
7d002f5914 scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() [1 file, +5/-7]
5d92e582d1 cgroup/cpuset-v1: Add missing support for cpuset_v2_mode [1 file, +29/-0]
29daa63f2c scsi: core: Clear flags for scsi_cmnd that did not complete [1 file, +5/-1]
eeab661803 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() [1 file, +2/-0]
41143e7105 net: phy: leds: fix memory leak [1 file, +13/-10]
0ceef62a32 tipc: fix NULL pointer dereference in tipc_mon_reinit_self() [1 file, +2/-1]
a61afd5482 fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() [1 file, +36/-33]
7f24ea6a46 block: never reduce ra_pages in blk_apply_bdi_limits [1 file, +7/-1]
3decda1a3c splice: remove duplicate noinline from pipe_clear_nowait [1 file, +1/-1]
30c0d6e778 virtio_console: fix missing byte order handling for cols and rows [1 file, +4/-3]
c2a6b4d78c net: selftests: initialize TCP header and skb payload with zero [1 file, +13/-5]
3939d6f29d irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() [1 file, +1/-1]
7a8a6b627f io_uring: fix 'sync' handling of io_fallback_tw() [1 file, +7/-6]
1f439fe4d8 scsi: Improve CDL control [1 file, +24/-12]
3670dee376 char: misc: register chrdev region with all possible minors [1 file, +1/-1]
ea0d806b94 USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe [2 files, +7/-0]
1777714865 xhci: Limit time spent with xHC interrupts disabled during bus resume [3 files, +20/-16]
bce3055b08 usb: xhci: Fix invalid pointer dereference in Etron workaround [1 file, +1/-1]
52a7c9d930 usb: dwc3: gadget: check that event count does not exceed event buffer length [1 file, +6/-0]
9924ee1bcd usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive [1 file, +3/-0]
d85b7af3bd usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive [1 file, +3/-0]
3e52ae347e USB: VLI disk crashes if LPM is used [1 file, +3/-0]
0486de3c1b crypto: null - Use spin lock instead of mutex [1 file, +26/-13]
7758e308ae bpf: Fix kmemleak warning for percpu hashmap [1 file, +3/-3]
c5c833f637 bpf: Fix deadlock between rcu_tasks_trace and event_mutex. [1 file, +4/-3]
4139072087 clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() [1 file, +4/-0]
4131411f42 bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage [1 file, +6/-5]
b817d2bfd6 bpf: Reject attaching fexit/fmod_ret to __noreturn functions [1 file, +32/-0]
2ecae00138 usb: dwc3: gadget: Refactor loop to avoid NULL endpoints [1 file, +18/-4]
cbfa55bda1 usb: xhci: Complete 'error mid TD' transfers when handling Missed Service [1 file, +5/-1]
16a7a8e6c4 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling [1 file, +14/-6]
635be13606 xhci: Handle spurious events on Etron host isoc enpoints [2 files, +27/-13]
9ff59cb815 usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running [1 file, +7/-4]
0485bdf88f objtool, panic: Disable SMAP in __stack_chk_fail() [2 files, +10/-1]
c548f95688 9p/net: fix improper handling of bogus negative read/write replies [1 file, +16/-14]
18296b5951 9p/trans_fd: mark concurrent read and writes to p9_conn->err [1 file, +10/-7]
3568fd9e44 io_uring: always do atomic put from iowq [2 files, +8/-1]
90dc6c1e3b perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init [1 file, +3/-3]
24ede35eb2 nvme: requeue namespace scan on missed AENs [1 file, +4/-0]
b9c89c97d7 nvme: re-read ANA log page after ns scan completes [1 file, +5/-0]
ee5521176a nvme: multipath: fix return value of nvme_available_path [1 file, +1/-1]
5e58b93a12 gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment [1 file, +3/-3]
9f8eeac3a6 timekeeping: Add a lockdep override in tick_freeze() [1 file, +22/-0]
b14d986413 iommu: Clear iommu-dma ops on cleanup [1 file, +3/-0]
b626bc3c1d ext4: make block validity check resistent to sb bh corruption [2 files, +6/-6]
2ef6eea2ef netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS [1 file, +4/-0]
d53b2d49a8 iomap: skip unnecessary ifs_block_is_uptodate check [1 file, +1/-1]
bfc66c4c28 Revert "drivers: core: synchronize really_probe() and dev_uevent()" [1 file, +0/-3]
de7c24febd usb: typec: class: Fix NULL pointer access [2 files, +14/-2]
45314999f9 ext4: goto right label 'out_mmap_sem' in ext4_setattr() [1 file, +1/-1]
40966fc993 usb: typec: class: Invalidate USB device pointers on partner unregistration [1 file, +6/-2]
4833d0a92b iommu: Handle race with default domain setup [1 file, +5/-0]
1042d22942 nvme: fixup scan failure for non-ANA multipath controllers [1 file, +1/-1]
1b7647efad usb: xhci: Fix Short Packet handling rework ignoring errors [1 file, +1/-1]
ab5281d21e usb: typec: class: Unlocked on error in typec_register_partner() [1 file, +1/-0]
6b9ebcbd31 mq-deadline: don't call req_get_ioprio from the I/O completion handler [1 file, +4/-9]
Changes in 6.12.26
module: sign with sha512 instead of sha1 by default
tracing: Add __print_dynamic_array() helper
tracing: Verify event formats that have "%*p.."
mm/vmscan: don't try to reclaim hwpoison folio
soc: qcom: ice: introduce devm_of_qcom_ice_get
mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get
PM: EM: use kfree_rcu() to simplify the code
PM: EM: Address RCU-related sparse warnings
media: i2c: imx214: Use subdev active state
media: i2c: imx214: Simplify with dev_err_probe()
media: i2c: imx214: Convert to CCI register access helpers
media: i2c: imx214: Replace register addresses with macros
media: i2c: imx214: Check number of lanes from device tree
media: i2c: imx214: Fix link frequency validation
media: ov08x40: Move ov08x40_identify_module() function up
media: ov08x40: Add missing ov08x40_identify_module() call on stream-start
block: remove the write_hint field from struct request
block: remove the ioprio field from struct request
block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone
net: dsa: mv88e6xxx: fix VTU methods for 6320 family
iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check
iio: adc: ad7768-1: Fix conversion result sign
arm64: dts: ti: Refactor J784s4 SoC files to a common file
arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks
of: resolver: Simplify of_resolve_phandles() using __free()
of: resolver: Fix device node refcount leakage in of_resolve_phandles()
scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get
PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag
PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends
PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
accel/ivpu: Add auto selection logic for job scheduler
accel/ivpu: Fix the NPU's DPU frequency calculation
ksmbd: use __GFP_RETRY_MAYFAIL
ksmbd: add netdev-up/down event debug print
ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
ksmbd: fix use-after-free in __smb2_lease_break_noti()
scsi: ufs: exynos: Remove empty drv_init method
scsi: ufs: exynos: Remove superfluous function parameter
scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster
scsi: ufs: exynos: Move UFS shareability value to drvdata
scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
drm/xe/bmg: Add one additional PCI ID
drm/amd/display: Fix unnecessary cast warnings from checkpatch
drm/amd/display/dml2: use vzalloc rather than kzalloc
lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP
ceph: Fix incorrect flush end position calculation
cpufreq: sun50i: prevent out-of-bounds access
dma/contiguous: avoid warning about unused size_bytes
cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()
cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
cpufreq: cppc: Fix invalid return value in .get() callback
cpufreq: Do not enable by default during compile testing
cpufreq: fix compile-test defaults
btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
btrfs: zoned: return EIO on RAID1 block group write pointer mismatch
cgroup/cpuset-v1: Add missing support for cpuset_v2_mode
vhost-scsi: Add better resource allocation failure handling
vhost-scsi: Fix vhost_scsi_send_bad_target()
vhost-scsi: Fix vhost_scsi_send_status()
net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
net/mlx5: Move ttc allocation after switch case to prevent leaks
scsi: core: Clear flags for scsi_cmnd that did not complete
scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
net: lwtunnel: disable BHs when required
net: phy: leds: fix memory leak
tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration
fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
net_sched: hfsc: Fix a UAF vulnerability in class handling
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
net: dsa: mt7530: sync driver-specific behavior of MT7531 variants
pds_core: Prevent possible adminq overflow/stuck condition
pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
pds_core: Remove unnecessary check in pds_client_adminq_cmd()
pds_core: make wait_context part of q_info
block: never reduce ra_pages in blk_apply_bdi_limits
iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
riscv: Replace function-like macro by static inline function
riscv: uprobes: Add missing fence.i after building the XOL buffer
splice: remove duplicate noinline from pipe_clear_nowait
bpf: Add namespace to BPF internal symbols
perf/x86: Fix non-sampling (counting) events on certain x86 platforms
LoongArch: Select ARCH_USE_MEMTEST
LoongArch: Make regs_irqs_disabled() more clear
LoongArch: Make do_xyz() exception handlers more robust
KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature
netfilter: fib: avoid lookup if socket is available
virtio_console: fix missing byte order handling for cols and rows
sched_ext: Use kvzalloc for large exit_dump allocation
crypto: atmel-sha204a - Set hwrng quality to lowest possible
xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
net: selftests: initialize TCP header and skb payload with zero
net: phy: microchip: force IRQ polling mode for lan88xx
scsi: mpi3mr: Fix pending I/O counter
rust: firmware: Use `ffi::c_char` type in `FwFunc`
drm: panel: jd9365da: fix reset signal polarity in unprepare
drm/amd/display: Fix gpu reset in multidisplay config
drm/amd/display: Force full update in gpu reset
x86/insn: Fix CTEST instruction decoding
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
LoongArch: Handle fp, lsx, lasx and lbt assembly symbols
LoongArch: Return NULL from huge_pte_offset() for invalid PMD
LoongArch: Remove a bogus reference to ZONE_DMA
LoongArch: KVM: Fully clear some CSRs when VM reboot
LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally
io_uring: fix 'sync' handling of io_fallback_tw()
KVM: SVM: Allocate IR data using atomic allocation
cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports
mcb: fix a double free bug in chameleon_parse_gdd()
ata: libata-scsi: Improve CDL control
ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type
ata: libata-scsi: Fix ata_msense_control_ata_feature()
USB: storage: quirk for ADATA Portable HDD CH94
scsi: Improve CDL control
mei: me: add panther lake H DID
mei: vsc: Fix fortify-panic caused by invalid counted_by() use
KVM: x86: Explicitly treat routing entry type changes as changes
KVM: x86: Reset IRTE to host control if *new* route isn't postable
KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
char: misc: register chrdev region with all possible minors
misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration
misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack
firmware: stratix10-svc: Add of_platform_default_populate()
tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
serial: msm: Configure correct working mode before starting earlycon
serial: sifive: lock port in startup()/shutdown() callbacks
USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
USB: serial: option: add Sierra Wireless EM9291
USB: serial: simple: add OWON HDS200 series oscilloscope support
xhci: Limit time spent with xHC interrupts disabled during bus resume
usb: xhci: Fix invalid pointer dereference in Etron workaround
usb: cdns3: Fix deadlock when using NCM gadget
usb: chipidea: ci_hdrc_imx: fix usbmisc handling
usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
usb: dwc3: gadget: check that event count does not exceed event buffer length
usb: dwc3: xilinx: Prevent spike in reset signal
usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
USB: VLI disk crashes if LPM is used
USB: wdm: handle IO errors in wdm_wwan_port_start
USB: wdm: close race between wdm_open and wdm_wwan_port_stop
USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
USB: wdm: add annotation
selftests/bpf: Fix stdout race condition in traffic monitor
pinctrl: renesas: rza2: Fix potential NULL pointer dereference
pinctrl: mcp23s08: Get rid of spurious level interrupts
MIPS: cm: Detect CM quirks from device tree
crypto: ccp - Add support for PCI device 0x1134
crypto: lib/Kconfig - Fix lib built-in failure when arch is modular
crypto: null - Use spin lock instead of mutex
bpf: Fix kmemleak warning for percpu hashmap
bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
parisc: PDT: Fix missing prototype warning
s390/sclp: Add check for get_zeroed_page()
s390/tty: Fix a potential memory leak bug
bpf: bpftool: Setting error code in do_loader()
bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage
bpf: Reject attaching fexit/fmod_ret to __noreturn functions
mailbox: pcc: Fix the possible race in updation of chan_in_use flag
mailbox: pcc: Always clear the platform ack interrupt first
usb: host: max3421-hcd: Add missing spi_device_id table
fs/ntfs3: Keep write operations atomic
fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
usb: xhci: Complete 'error mid TD' transfers when handling Missed Service
usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
xhci: Handle spurious events on Etron host isoc enpoints
i3c: master: svc: Add support for Nuvoton npcm845 i3c
dmaengine: dmatest: Fix dmatest waiting less when interrupted
usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init
usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func
thunderbolt: Scan retimers after device router has been enumerated
um: work around sched_yield not yielding in time-travel mode
objtool: Silence more KCOV warnings
objtool, panic: Disable SMAP in __stack_chk_fail()
objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler()
objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc()
objtool, lkdtm: Obfuscate the do_nothing() pointer
qibfs: fix _another_ leak
ntb: reduce stack usage in idt_scan_mws
ntb_hw_amd: Add NTB PCI ID for new gen CPU
9p/net: fix improper handling of bogus negative read/write replies
9p/trans_fd: mark concurrent read and writes to p9_conn->err
rtc: pcf85063: do a SW reset if POR failed
io_uring: always do atomic put from iowq
kbuild: add dependency from vmlinux to sorttable
sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
KVM: s390: Don't use %pK through tracepoints
KVM: s390: Don't use %pK through debug printing
cgroup/cpuset: Don't allow creation of local partition over a remote one
selftests: ublk: fix test_stripe_04
perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
xen: Change xen-acpi-processor dom0 dependency
nvme: requeue namespace scan on missed AENs
ACPI: EC: Set ec_no_wakeup for Lenovo Go S
ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
drm/amdgpu: Increase KIQ invalidate_tlbs timeout
drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406
nvme: re-read ANA log page after ns scan completes
nvme: multipath: fix return value of nvme_available_path
objtool: Stop UNRET validation on UD2
gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment
x86/xen: disable CPU idle and frequency drivers for PVH dom0
selftests/mincore: Allow read-ahead pages to reach the end of the file
x86/bugs: Use SBPB in write_ibpb() if applicable
x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
x86/bugs: Don't fill RSB on context switch with eIBRS
nvmet-fc: take tgtport reference only once
nvmet-fc: put ref when assoc->del_work is already scheduled
cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode
timekeeping: Add a lockdep override in tick_freeze()
cifs: Fix querying of WSL CHR and BLK reparse points over SMB1
iommu: Clear iommu-dma ops on cleanup
ext4: make block validity check resistent to sb bh corruption
scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init()
scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO
scsi: ufs: exynos: Move phy calls to .exit() callback
scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend()
scsi: pm80xx: Set phy_attached to zero when device is gone
ASoC: fsl_asrc_dma: get codec or cpu dai from backend
x86/i8253: Call clockevent_i8253_disable() with interrupts disabled
netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
iomap: skip unnecessary ifs_block_is_uptodate check
riscv: Provide all alternative macros all the time
ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"
spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts
spi: tegra210-quad: add rate limiting and simplify timeout error message
ubsan: Fix panic from test_ubsan_out_of_bounds
x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores
md/raid1: Add check for missing source disk in process_checks()
drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4
drm/amdgpu: Use the right function for hdp flush
spi: spi-imx: Add check for spi_imx_setupxfer()
Revert "drivers: core: synchronize really_probe() and dev_uevent()"
driver core: introduce device_set_driver() helper
driver core: fix potential NULL pointer dereference in dev_uevent()
xfs: do not check NEEDSREPAIR if ro,norecovery mount.
xfs: Do not allow norecovery mount with quotacheck
xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate
xfs: flush inodegc before swapon
selftests/bpf: fix bpf_map_redirect call for cpu map test
selftests/bpf: make xdp_cpumap_attach keep redirect prog attached
selftests/bpf: check program redirect in xdp_cpumap_attach
selftests/bpf: Adjust data size to have ETH_HLEN
usb: typec: class: Fix NULL pointer access
vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
comedi: jr3_pci: Fix synchronous deletion of timer
ext4: goto right label 'out_mmap_sem' in ext4_setattr()
usb: typec: class: Invalidate USB device pointers on partner unregistration
Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family"
net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
net: dsa: mv88e6xxx: enable PVT for 6321 switch
net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
net: dsa: mv88e6xxx: enable STU methods for 6320 family
iommu: Handle race with default domain setup
crypto: lib/Kconfig - Hide arch options from user
media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl()
MIPS: cm: Fix warning if MIPS_CM is disabled
nvme: fixup scan failure for non-ANA multipath controllers
usb: xhci: Fix Short Packet handling rework ignoring errors
objtool: Ignore end-of-section jumps for KCOV/GCOV
objtool: Silence more KCOV warnings, part 2
usb: typec: class: Unlocked on error in typec_register_partner()
crypto: Kconfig - Select LIB generic option
arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size
mq-deadline: don't call req_get_ioprio from the I/O completion handler
Linux 6.12.26
Change-Id: Iff5be8c388b8b915652fafb787156a4653f060aa
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit ccad447a3d331a239477c281533bacb585b54a98 ]
Block validity checks need to be skipped in case they are called
for journal blocks since they are part of system's protected
zone.
Currently, this is done by checking inode->ino against
sbi->s_es->s_journal_inum, which is a direct read from the ext4 sb
buffer head. If someone modifies this underneath us then the
s_journal_inum field might get corrupted. To prevent against this,
change the check to directly compare the inode with journal->j_inode.
**Slight change in behavior**: During journal init path,
check_block_validity etc might be called for journal inode when
sbi->s_journal is not set yet. In this case we now proceed with
ext4_inode_block_valid() instead of returning early. Since systems zones
have not been set yet, it is okay to proceed so we can perform basic
checks on the blocks.
Suggested-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
Signed-off-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://patch.msgid.link/0c06bc9ebfcd6ccfed84a36e79147bf45ff5adc1.1743142920.git.ojaswin@linux.ibm.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 77 out of 426 changes, affecting 93 files +851/-461
40426fc097 cpufreq: scpi: compare kHz instead of Hz [1 file, +3/-2]
7b1d2454d0 sched: Cancel the slice protection of the idle entity [1 file, +33/-13]
b576c4834d sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks [1 file, +4/-0]
f381c92ab4 cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() [1 file, +23/-22]
4d28c2ab2a lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock [1 file, +0/-2]
31d5665172 PM: sleep: Adjust check before setting power.must_resume [3 files, +9/-8]
864750968d watchdog/hardlockup/perf: Fix perf_event memory leak [4 files, +1/-61]
c3a4c91a40 PM: sleep: Fix handling devices with direct_complete set on errors [1 file, +4/-4]
345957c1cf lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() [1 file, +4/-4]
5108828fec perf/ring_buffer: Allow the EPOLLRDNORM flag for poll [1 file, +1/-1]
15291b561d ALSA: timer: Don't take register_mutex with copy_from/to_user() [1 file, +77/-70]
254f771c70 PCI: Use downstream bridges for distributing resources [1 file, +1/-2]
372e387c4f PCI: Remove add_align overwrite unrelated to size0 [1 file, +0/-1]
f556b6ba0a PCI/ASPM: Fix link state exit during switch upstream function removal [1 file, +9/-8]
8ba27aa512 PCI/ACS: Fix 'pci=config_acs=' parameter [1 file, +13/-5]
2a54a1a9c6 PCI/portdrv: Only disable pciehp interrupts early when needed [1 file, +5/-3]
bcb4842004 PCI: Avoid reset when disabled via sysfs [1 file, +4/-0]
362b5879a7 PCI: Remove stray put_device() in pci_register_host_bridge() [1 file, +2/-3]
b004cf517d PCI: dwc: ep: Return -ENOMEM for allocation failures [1 file, +1/-0]
e23dfb926f PCI: Fix BAR resizing when VF BARs are assigned [1 file, +2/-2]
057298d193 crypto: bpf - Add MODULE_DESCRIPTION for skcipher [1 file, +1/-0]
2df19f5f6f remoteproc: core: Clear table_sz when rproc_shutdown [1 file, +1/-0]
bfcca46f01 of: property: Increase NR_FWNODE_REFERENCE_ARGS [1 file, +1/-1]
8ed5381756 bpf: Use preempt_count() directly in bpf_send_signal_common() [1 file, +1/-1]
6d4e56e4c5 crypto: api - Fix larval relookup type and mask [1 file, +7/-10]
8ba426f170 rust: fix signature of rust_fmt_argument [2 files, +4/-5]
19e6817f84 bpf: Fix array bounds error with may_goto [2 files, +22/-4]
c2ddf2f576 leds: Fix LED_OFF brightness race [1 file, +18/-4]
8109f57613 usb: xhci: correct debug message page size calculation [1 file, +3/-3]
c42282a078 kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() [1 file, +12/-1]
5b2b692804 tty: n_tty: use uint for space returned by tty_write_room() [1 file, +7/-6]
aba9189992 fs/procfs: fix the comment above proc_pid_wchan() [1 file, +1/-1]
456300be23 thermal: core: Remove duplicate struct declaration [1 file, +0/-2]
6a14075325 exfat: fix the infinite loop in exfat_find_last_cluster() [1 file, +1/-1]
4a9595eb02 exfat: fix missing shutdown check [1 file, +27/-2]
28b21ee8e8 rtnetlink: Allocate vfinfo size for VF GUIDs when supported [1 file, +3/-0]
2a6f8823ff ring-buffer: Fix bytes_dropped calculation issue [1 file, +2/-2]
8e49f912ae sched/smt: Always inline sched_smt_active() [1 file, +1/-1]
00911b416a context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() [1 file, +4/-4]
d80168db5e rcu-tasks: Always inline rcu_irq_work_resched() [1 file, +1/-1]
63bd235de2 nvme-pci: clean up CMBMSC when registering CMB fails [1 file, +1/-0]
5eb8c8fee7 nvme-pci: skip CMB blocks incompatible with PCI P2P DMA [1 file, +12/-8]
7364420090 perf/core: Fix perf_pmu_register() vs. perf_init_event() [1 file, +26/-2]
9207575878 exfat: add a check for invalid data size [1 file, +5/-0]
ddf40162ac locking/semaphore: Use wake_q to wake up processes outside lock critical section [1 file, +9/-4]
3e6ce0d9ec nvme-pci: fix stuck reset on concurrent DPC and HP [1 file, +12/-1]
93c59b5548 net: devmem: do not WARN conditionally after netdev_rx_queue_restart() [1 file, +3/-1]
d840c84cdd can: statistics: use atomic access in hot path [3 files, +39/-31]
7a95b48873 netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int [1 file, +3/-3]
7e3497d7da ublk: make sure ubq->canceling is set when queue is frozen [1 file, +29/-10]
a3800b64f8 nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer [1 file, +1/-1]
94d5ad7b41 udp: Fix multiple wraparounds of sk->sk_rmem_alloc. [1 file, +17/-9]
a116b271bf udp: Fix memory accounting leak. [1 file, +7/-9]
47744d0d5f vsock: avoid timeout during connect() if the socket is closing [1 file, +5/-1]
9539c1721a tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). [2 files, +1/-7]
92a5c18513 net: decrease cached dst counters in dst_release [1 file, +8/-0]
de579015d1 ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS [1 file, +25/-12]
2952776c69 net: fix geneve_opt length integer overflow [4 files, +4/-4]
1eb36a2cdf ipv6: Start path selection from the first nexthop [1 file, +35/-3]
f4fea25f5c ipv6: Do not consider link down nexthops in path selection [1 file, +4/-2]
e9c9288072 perf/core: Fix child_total_time_enabled accounting bug at task exit [1 file, +9/-9]
387dc88c2c tracing: Switch trace_events_hist.c code over to use guard() [1 file, +10/-22]
fe87f8d3a5 tracing/hist: Add poll(POLLIN) support on hist file [3 files, +95/-3]
eecb62a24b tracing/hist: Support POLLPRI event for poll on histogram [1 file, +26/-3]
ef79f2dec7 tracing: Correct the refcount if the hist/hist_debug file fails to open [1 file, +18/-6]
39bc1484eb cgroup/rstat: Tracking cgroup-level niced CPU time [2 files, +15/-5]
3501677651 cgroup/rstat: Fix forceidle time in cpu.stat [1 file, +13/-16]
d689645cd1 usbnet:fix NPE during rx_complete [1 file, +3/-3]
49b0a6ab8e exfat: fix random stack corruption after get_block [1 file, +33/-6]
37c9875c17 exfat: fix potential wrong error return from get_block [1 file, +2/-0]
cffc2a6718 tracing: Ensure module defining synth event cannot be unloaded while tracing [1 file, +29/-1]
33052e7f52 tracing: Fix synth event printk format for str fields [1 file, +1/-1]
2e877ff349 mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs [1 file, +3/-0]
13d6f8ba50 ext4: don't over-report free space or inodes in statvfs [1 file, +17/-10]
b47584c556 ext4: fix OOB read when checking dotdot dir [1 file, +3/-0]
e2d8e7bd33 exec: fix the racy usage of fs_struct->in_exec [1 file, +9/-6]
625e9b91eb tracing: Do not use PERF enums when perf is not defined [1 file, +6/-2]
Changes in 6.12.23
watch_queue: fix pipe accounting mismatch
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
cpufreq: scpi: compare kHz instead of Hz
smack: dont compile ipv6 code unless ipv6 is configured
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
sched: Cancel the slice protection of the idle entity
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
x86/fpu: Fix guest FPU state buffer allocation size
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
x86/platform: Only allow CONFIG_EISA for 32-bit
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
PM: sleep: Adjust check before setting power.must_resume
cpufreq: tegra194: Allow building for Tegra234
RISC-V: KVM: Disable the kernel perf counter during configure
kunit/stackinit: Use fill byte different from Clang i386 pattern
watchdog/hardlockup/perf: Fix perf_event memory leak
selinux: Chain up tool resolving errors in install_policy.sh
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
thermal: int340x: Add NULL check for adev
PM: sleep: Fix handling devices with direct_complete set on errors
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
x86/traps: Make exc_double_fault() consistently noreturn
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
x86/entry: Add __init to ia32_emulation_override_cmdline()
regulator: pca9450: Fix enable register for LDO5
auxdisplay: MAX6959 should select BITREVERSE
media: verisilicon: HEVC: Initialize start_bit field
media: platform: allgro-dvt: unregister v4l2_device on the error path
auxdisplay: panel: Fix an API misuse in panel.c
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
platform/x86: dell-ddv: Fix temperature calculation
ASoC: cs35l41: check the return value from spi_setup()
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
dt-bindings: vendor-prefixes: add GOcontroll
ALSA: hda/realtek: Always honor no_shutup_pins
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
ALSA: timer: Don't take register_mutex with copy_from/to_user()
drm/bridge: ti-sn65dsi86: Fix multiple instances
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
drm/ssd130x: fix ssd132x encoding
drm/ssd130x: ensure ssd132x pitch is correct
drm/dp_mst: Fix drm RAD print
drm/bridge: it6505: fix HDCP V match check is not performed correctly
drm: xlnx: zynqmp: Fix max dma segment size
drm/vkms: Fix use after free and double free on init error
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
drm/amdgpu: refine smu send msg debug log format
drm/amdgpu/umsch: fix ucode check
PCI: Use downstream bridges for distributing resources
PCI: Remove add_align overwrite unrelated to size0
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
PCI/ASPM: Fix link state exit during switch upstream function removal
drm/panel: ilitek-ili9882t: fix GPIO name in error message
PCI/ACS: Fix 'pci=config_acs=' parameter
drm/amd/display: fix an indent issue in DML21
drm/msm/dpu: don't use active in atomic_check()
drm/msm/dsi/phy: Program clock inverters in correct register
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
PCI: brcmstb: Set generation limit before PCIe link up
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
PCI/portdrv: Only disable pciehp interrupts early when needed
PCI: Avoid reset when disabled via sysfs
drm/panthor: Update CS_STATUS_ defines to correct values
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
PCI: Remove stray put_device() in pci_register_host_bridge()
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
drm/mediatek: Fix config_updating flag never false when no mbox channel
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
drm/amd/display: avoid NPD when ASIC does not support DMUB
PCI: dwc: ep: Return -ENOMEM for allocation failures
PCI: histb: Fix an error handling path in histb_pcie_probe()
PCI: Fix BAR resizing when VF BARs are assigned
PCI: pciehp: Don't enable HPIE when resuming in poll mode
fbdev: au1100fb: Move a variable assignment behind a null pointer check
dummycon: fix default rows/cols
mdacon: rework dependency list
fbdev: sm501fb: Add some geometry checks.
crypto: iaa - Test the correct request flag
crypto: qat - set parity error mask for qat_420xx
crypto: tegra - Use separate buffer for setkey
crypto: tegra - check return value for hash do_one_req
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
crypto: tegra - Use HMAC fallback when keyslots are full
clk: amlogic: gxbb: drop incorrect flag on 32k clock
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
RDMA/mlx5: Fix page_size variable overflow
remoteproc: core: Clear table_sz when rproc_shutdown
of: property: Increase NR_FWNODE_REFERENCE_ARGS
pinctrl: renesas: rzg2l: Suppress binding attributes
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
selftests/bpf: Fix string read in strncmp benchmark
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
clk: samsung: Fix UBSAN panic in samsung_clk_init()
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
crypto: tegra - Fix CMAC intermediate result handling
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
s390: Remove ioremap_wt() and pgprot_writethrough()
RDMA/mana_ib: Ensure variable err is initialized
crypto: tegra - Set IV to NULL explicitly for AES ECB
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
bpf: Use preempt_count() directly in bpf_send_signal_common()
lib: 842: Improve error handling in sw842_compress()
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
RDMA/mlx5: Fix MR cache initialization error flow
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
RDMA/core: Don't expose hw_counters outside of init net namespace
RDMA/mlx5: Fix calculation of total invalidated pages
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
power: supply: bq27xxx_battery: do not update cached flags prematurely
crypto: api - Fix larval relookup type and mask
IB/mad: Check available slots before posting receive WRs
pinctrl: tegra: Set SFIO mode to Mux Register
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
selftests/bpf: Select NUMA_NO_NODE to create map
rust: fix signature of rust_fmt_argument
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
crypto: qat - remove access to parity register for QAT GEN4
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
clk: amlogic: g12a: fix mmc A peripheral clock
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
power: supply: max77693: Fix wrong conversion of charge input threshold value
crypto: nx - Fix uninitialised hv_nxc on error
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
bpf: Fix array bounds error with may_goto
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
mfd: sm501: Switch to BIT() to mitigate integer overflows
leds: Fix LED_OFF brightness race
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
RDMA/core: Fix use-after-free when rename device name
crypto: hisilicon/sec2 - fix for aead auth key length
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
perf stat: Fix find_stat for mixed legacy/non-legacy events
perf: Always feature test reallocarray
w1: fix NULL pointer dereference in probe
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
soundwire: slave: fix an OF node reference leak in soundwire slave device
perf report: Switch data file correctly in TUI
greybus: gb-beagleplay: Add error handling for gb_greybus_init
coresight: catu: Fix number of pages while using 64k pages
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
coresight-etm4x: add isb() before reading the TRCSTATR
perf pmu: Don't double count common sysfs and json events
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
perf build: Fix in-tree build due to symbolic link
ucsi_ccg: Don't show failed to get FW build information error
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
iio: backend: make sure to NULL terminate stack buffer
perf arm-spe: Fix load-store operation checking
perf bench: Fix perf bench syscall loop count
usb: xhci: correct debug message page size calculation
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
dmaengine: fsl-edma: free irq correctly in remove path
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
iio: adc: ad7173: Fix comparison of channel configs
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
iio: light: Add check for array bounds in veml6075_read_int_time_ms
perf debug: Avoid stack overflow in recursive error message
perf evlist: Add success path to evlist__create_syswide_maps
perf units: Fix insufficient array space
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
kexec: initialize ELF lowest address to ULONG_MAX
ocfs2: validate l_tree_depth to avoid out-of-bounds access
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
NFS: fix open_owner_id_maxsz and related fields.
fuse: fix dax truncate/punch_hole fault path
selftests/mm/cow: fix the incorrect error handling
um: Pass the correct Rust target and options with gcc
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
i3c: master: svc: Fix missing the IBI rules
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
perf dso: fix dso__is_kallsyms() check
perf: intel-tpebs: Fix incorrect usage of zfree()
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
staging: vchiq_arm: Register debugfs after cdev
staging: vchiq_arm: Fix possible NPR of keep-alive thread
tty: n_tty: use uint for space returned by tty_write_room()
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
fs/procfs: fix the comment above proc_pid_wchan()
perf tools: annotate asm_pure_loop.S
perf bpf-filter: Fix a parsing error with comma
thermal: core: Remove duplicate struct declaration
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
NFS: Shut down the nfs_client only after all the superblocks
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
exfat: fix the infinite loop in exfat_find_last_cluster()
exfat: fix missing shutdown check
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
rndis_host: Flag RNDIS modems as WWAN devices
ksmbd: use aead_request_free to match aead_request_alloc
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
net/mlx5e: SHAMPO, Make reserved size independent of page size
ring-buffer: Fix bytes_dropped calculation issue
objtool: Fix segfault in ignore_unreachable_insn()
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
LoongArch: Rework the arch_kgdb_breakpoint() implementation
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
net: phy: broadcom: Correct BCM5221 PHY model detection
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
objtool/loongarch: Add unwind hints in prepare_frametrace()
nfs: Add missing release on error in nfs_lock_and_join_requests()
wifi: mac80211: Cleanup sta TXQs on flush
wifi: mac80211: remove debugfs dir for virtual monitor
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: iwlwifi: mvm: use the right version of the rate API
nvme-tcp: fix possible UAF in nvme_tcp_poll
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
wifi: brcmfmac: keep power during suspend if board requires it
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
ALSA: hda/realtek: Fix Asus Z13 2025 audio
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
perf/core: Fix perf_pmu_register() vs. perf_init_event()
smb: common: change the data type of num_aces to le16
cifs: fix incorrect validation for num_aces field of smb_acl
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
platform/x86/intel/vsec: Add Diamond Rapids support
net: dsa: rtl8366rb: don't prompt users for LED control
HID: i2c-hid: improve i2c_hid_get_report error message
platform/x86/amd/pmf: Propagate PMF-TA return codes
platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA
exfat: add a check for invalid data size
ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
sched/deadline: Use online cpus for validating runtime
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius
ASoC: rt1320: set wake_capable = 0 explicitly
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
wifi: mac80211: fix SA Query processing in MLO
locking/semaphore: Use wake_q to wake up processes outside lock critical section
x86/hyperv: Fix output argument to hypercall that changes page visibility
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
nvme-pci: fix stuck reset on concurrent DPC and HP
drm/amd: Keep display off while going into S4
net: devmem: do not WARN conditionally after netdev_rx_queue_restart()
selftests: netfilter: skip br_netfilter queue tests if kernel is tainted
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
can: statistics: use atomic access in hot path
memory: omap-gpmc: drop no compatible check
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
fs/9p: fix NULL pointer dereference on mkdir
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
ntb: intel: Fix using link status DB's
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
RISC-V: errata: Use medany for relocatable builds
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
ublk: make sure ubq->canceling is set when queue is frozen
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
riscv/purgatory: 4B align purgatory_start
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
ASoC: imx-card: Add NULL check in imx_card_probe()
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
e1000e: change k1 configuration on MTP and later platforms
idpf: fix adapter NULL pointer dereference on reboot
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
netfilter: nf_tables: don't unregister hook when table is dormant
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
net_sched: skbprio: Remove overly strict queue assertions
sctp: add mutual exclusion in proc_sctp_do_udp_port()
net: mvpp2: Prevent parser TCAM memory corruption
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
udp: Fix memory accounting leak.
vsock: avoid timeout during connect() if the socket is closing
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
net: decrease cached dst counters in dst_release
netfilter: nft_tunnel: fix geneve_opt type confusion addition
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
net: fix geneve_opt length integer overflow
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
arcnet: Add NULL check in com20020pci_probe()
net: ibmveth: make veth_pool_store stop hanging
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
drm/amdgpu/gfx11: fix num_mec
drm/amdgpu/gfx12: fix num_mec
perf/core: Fix child_total_time_enabled accounting bug at task exit
tools/power turbostat: report CoreThr per measurement interval
tracing: Switch trace_events_hist.c code over to use guard()
tracing/hist: Add poll(POLLIN) support on hist file
tracing/hist: Support POLLPRI event for poll on histogram
tracing: Correct the refcount if the hist/hist_debug file fails to open
cgroup/rstat: Tracking cgroup-level niced CPU time
cgroup/rstat: Fix forceidle time in cpu.stat
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
tty: serial: fsl_lpuart: use port struct directly to simply code
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
wifi: mac80211: Fix sparse warning for monitor_sdata
usbnet:fix NPE during rx_complete
rust: Fix enabling Rust and building with GCC for LoongArch
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: Increase MAX_IO_PICS up to 8
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
x86/hyperv: Fix check of return value from snp_set_vmsa()
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
x86/mce: use is_copy_from_user() to determine copy-from-user context
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
platform/x86: ISST: Correct command storage data length
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
perf/x86/intel: Apply static call for drain_pebs
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
uprobes/x86: Harden uretprobe syscall trampoline check
idpf: Don't hard code napi_struct size
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
wifi: mt76: mt7925: remove unused acpi function for clc
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
media: omap3isp: Handle ARM dma_iommu_mapping
Remove unnecessary firmware version check for gc v9_4_2
mmc: omap: Fix memory leak in mmc_omap_new_slot
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
ksmbd: add bounds check for durable handle context
ksmbd: add bounds check for create lease context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: fix overflow in dacloffset bounds check
ksmbd: validate zero num_subauth before sub_auth is accessed
ksmbd: fix null pointer dereference in alloc_preauth_hash()
exfat: fix random stack corruption after get_block
exfat: fix potential wrong error return from get_block
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
arm64: Don't call NULL in do_compat_alignment_fixup()
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
ext4: don't over-report free space or inodes in statvfs
ext4: fix OOB read when checking dotdot dir
jfs: fix slab-out-of-bounds read in ea_get()
jfs: add index corruption check to DT_GETPAGE()
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
exec: fix the racy usage of fs_struct->in_exec
media: vimc: skip .s_stream() for stopped entities
media: streamzap: fix race between device disconnection and urb callback
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
nfsd: put dl_stid if fail to queue dl_recall
nfsd: fix management of listener transports
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
tracing: Do not use PERF enums when perf is not defined
platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
Linux 6.12.23
Change-Id: I007dc80a847f3232a2d12c056a74d16d2ab92b29
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 94824ac9a8aaf2fb3c54b4bdde842db80ffa555d upstream.
Syzkaller detected a use-after-free issue in ext4_insert_dentry that was
caused by out-of-bounds access due to incorrect splitting in do_split.
BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109
Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847
CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106
ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109
add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154
make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351
ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455
ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796
ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431
vfs_symlink+0x137/0x2e0 fs/namei.c:4615
do_symlinkat+0x222/0x3a0 fs/namei.c:4641
__do_sys_symlink fs/namei.c:4662 [inline]
__se_sys_symlink fs/namei.c:4660 [inline]
__x64_sys_symlink+0x7a/0x90 fs/namei.c:4660
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>
The following loop is located right above 'if' statement.
for (i = count-1; i >= 0; i--) {
/* is more than half of this entry in 2nd half of the block? */
if (size + map[i].size/2 > blocksize/2)
break;
size += map[i].size;
move++;
}
'i' in this case could go down to -1, in which case sum of active entries
wouldn't exceed half the block size, but previous behaviour would also do
split in half if sum would exceed at the very last block, which in case of
having too many long name files in a single block could lead to
out-of-bounds access and following use-after-free.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Cc: stable@vger.kernel.org
Fixes: 5872331b3d ("ext4: fix potential negative array index in do_split()")
Signed-off-by: Artem Sadovnikov <a.sadovnikov@ispras.ru>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20250404082804.2567-3-a.sadovnikov@ispras.ru
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 642335f3ea2b3fd6dba03e57e01fa9587843a497 ]
A file handle that userspace provides to open_by_handle_at() can
legitimately contain an outdated inode number that has since been reused
for another purpose - that's why the file handle also contains a generation
number.
But if the inode number has been reused for an ea_inode, check_igot_inode()
will notice, __ext4_iget() will go through ext4_error_inode(), and if the
inode was newly created, it will also be marked as bad by iget_failed().
This all happens before the point where the inode generation is checked.
ext4_error_inode() is supposed to only be used on filesystem corruption; it
should not be used when userspace just got unlucky with a stale file
handle. So when this happens, let __ext4_iget() just return an error.
Fixes: b3e6bcb945 ("ext4: add EA_INODE checking to ext4_iget()")
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20241129-ext4-ignore-ea-fhandle-v1-1-e532c0d1cee0@google.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 530fea29ef82e169cd7fe048c2b7baaeb85a0028 ]
Protect ext4_release_dquot against freezing so that we
don't try to start a transaction when FS is frozen, leading
to warnings.
Further, avoid taking the freeze protection if a transaction
is already running so that we don't need end up in a deadlock
as described in
46e294efc3 ext4: fix deadlock with fs freezing and EA inodes
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Reviewed-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20241121123855.645335-3-ojaswin@linux.ibm.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit d5e206778e96e8667d3bde695ad372c296dc9353 upstream.
Mounting a corrupted filesystem with directory which contains '.' dir
entry with rec_len == block size results in out-of-bounds read (later
on, when the corrupted directory is removed).
ext4_empty_dir() assumes every ext4 directory contains at least '.'
and '..' as directory entries in the first data block. It first loads
the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry()
and then uses its rec_len member to compute the location of '..' dir
entry (in ext4_next_entry). It assumes the '..' dir entry fits into the
same data block.
If the rec_len of '.' is precisely one block (4KB), it slips through the
sanity checks (it is considered the last directory entry in the data
block) and leaves "struct ext4_dir_entry_2 *de" point exactly past the
memory slot allocated to the data block. The following call to
ext4_check_dir_entry() on new value of de then dereferences this pointer
which results in out-of-bounds mem access.
Fix this by extending __ext4_check_dir_entry() to check for '.' dir
entries that reach the end of data block. Make sure to ignore the phony
dir entries for checksum (by checking name_len for non-zero).
Note: This is reported by KASAN as use-after-free in case another
structure was recently freed from the slot past the bound, but it is
really an OOB read.
This issue was found by syzkaller tool.
Call Trace:
[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710
[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375
[ 38.595158]
[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1
[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 38.595304] Call Trace:
[ 38.595308] <TASK>
[ 38.595311] dump_stack_lvl+0xa7/0xd0
[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0
[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710
[ 38.595349] print_report+0xaa/0x250
[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710
[ 38.595368] ? kasan_addr_to_slab+0x9/0x90
[ 38.595378] kasan_report+0xab/0xe0
[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710
[ 38.595400] __ext4_check_dir_entry+0x67e/0x710
[ 38.595410] ext4_empty_dir+0x465/0x990
[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10
[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10
[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0
[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10
[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10
[ 38.595478] ? down_write+0xdb/0x140
[ 38.595487] ? __pfx_down_write+0x10/0x10
[ 38.595497] ext4_rmdir+0xee/0x140
[ 38.595506] vfs_rmdir+0x209/0x670
[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190
[ 38.595529] do_rmdir+0x363/0x3c0
[ 38.595537] ? __pfx_do_rmdir+0x10/0x10
[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0
[ 38.595561] __x64_sys_unlinkat+0xf0/0x130
[ 38.595570] do_syscall_64+0x5b/0x180
[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e
Fixes: ac27a0ec11 ("[PATCH] ext4: initial copy of files from ext3")
Signed-off-by: Jakub Acs <acsjakub@amazon.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Cc: linux-ext4@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Mahmoud Adam <mngyadam@amazon.com>
Cc: stable@vger.kernel.org
Cc: security@kernel.org
Link: https://patch.msgid.link/b3ae36a6794c4a01944c7d70b403db5b@amazon.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f87d3af7419307ae26e705a2b2db36140db367a2 upstream.
This fixes an analogus bug that was fixed in xfs in commit
4b8d867ca6e2 ("xfs: don't over-report free space or inodes in
statvfs") where statfs can report misleading / incorrect information
where project quota is enabled, and the free space is less than the
remaining quota.
This commit will resolve a test failure in generic/762 which tests for
this bug.
Cc: stable@kernel.org
Fixes: 689c958cbe ("ext4: add project quota support")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 50 out of 186 changes, affecting 60 files +397/-205
56c4353ce4 jbd2: increase IO priority for writing revoke records [1 file, +1/-1]
a5bc868610 jbd2: flush filesystem device before updating tail sequence [1 file, +2/-2]
7adf7df4bb iomap: pass byte granular end position to iomap_add_to_ioend [1 file, +12/-9]
82c59a86a2 iomap: fix zero padding data issue in concurrent append writes [2 files, +46/-1]
88ecdfea1b netfs: Fix enomem handling in buffered reads [1 file, +16/-12]
2c3348864a netfs: Fix missing barriers by using clear_and_wake_up_bit() [2 files, +4/-8]
43b8d3249b netfs: Fix ceph copy to cache on write-begin [1 file, +4/-2]
ba37bdfe59 netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled [1 file, +4/-0]
6f153055ba netfs: Fix is-caching check in read-retry [2 files, +1/-2]
d9ea94f5cd exfat: fix the infinite loop in exfat_readdir() [1 file, +2/-1]
942c6f91ab exfat: fix the new buffer was not zeroed before writing [1 file, +6/-0]
0bebeb6672 exfat: fix the infinite loop in __exfat_free_cluster() [1 file, +10/-0]
c0f613f214 fuse: respect FOPEN_KEEP_CACHE on opendir [1 file, +2/-0]
668d8dea2c ovl: pass realinode to ovl_encode_real_fh() instead of realdentry [4 files, +12/-10]
3c7c90274a ovl: support encoding fid from inode with no alias [1 file, +25/-21]
a3a9630d4d net: 802: LLC+SNAP OID:PID lookup on start of skb data [1 file, +2/-2]
e4a92f0d51 tcp/dccp: allow a connection when sk_max_ack_backlog is zero [1 file, +1/-1]
6fde663f73 net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute [1 file, +2/-1]
61b437faf2 net: don't dump Tx and uninitialized NAPIs [1 file, +3/-2]
52a24538d5 ipvlan: Fix use-after-free in ipvlan_get_iflink(). [1 file, +7/-3]
ccc1ef1884 Bluetooth: hci_sync: Fix not setting Random Address when required [1 file, +6/-5]
1f88b53135 Bluetooth: MGMT: Fix Add Device to responding before completing [1 file, +36/-2]
8b800ea3f3 tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset [1 file, +1/-1]
f559357d03 netfilter: conntrack: clamp maximum hashtable size to INT_MAX [1 file, +4/-1]
9f3a265836 netfs: Fix kernel async DIO [1 file, +6/-1]
3f545392e9 netfs: Fix read-retry for fs with no ->prepare_read() [1 file, +2/-1]
adcde2872f fs: relax assertions on failure to encode file handles [2 files, +3/-6]
8790d511d4 fs: fix is_mnt_ns_file() [1 file, +8/-2]
fc89438866 dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) [1 file, +26/-14]
dc63fd2e47 cgroup/cpuset: Prevent leakage of isolated CPUs into sched domains [2 files, +28/-15]
5b80f2fe8a thermal: of: fix OF node leak in of_thermal_zone_find() [1 file, +1/-0]
11cb1d643a cgroup/cpuset: remove kernfs active break [1 file, +0/-25]
2b30bffd9a io_uring/timeout: fix multishot updates [1 file, +3/-1]
aa7496d668 io_uring/sqpoll: zero sqd->thread on tctx errors [1 file, +5/-1]
360596e7fe topology: Keep the cpumask unchanged when printing cpumap [1 file, +20/-4]
07f09383b1 tty: serial: 8250: Fix another runtime PM usage counter underflow [1 file, +3/-0]
8e122d780a usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null [1 file, +4/-4]
e982fcb440 USB: core: Disable LPM only for non-suspended ports [1 file, +4/-3]
4fb62dea06 usb: fix reference leak in usb_new_device() [1 file, +4/-2]
8586d6ea62 usb: typec: tcpci: fix NULL pointer issue on shared irq case [1 file, +15/-10]
4bb6450bfd usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints [1 file, +1/-0]
a8b6a18b9b usb: gadget: f_fs: Remove WARN_ON in functionfs_bind [1 file, +1/-1]
62aa896683 usb: gadget: configfs: Ignore trailing LF for user strings to cdev [1 file, +5/-1]
a25f1e6f60 usb: host: xhci-plat: set skip_phy_initialization if software node has XHCI_SKIP_PHY_INIT property [1 file, +2/-1]
b44c99621d iio: inkern: call iio_device_put() only on mapped devices [1 file, +1/-1]
a7085c3ae4 io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period [1 file, +1/-1]
bc2aeb35ff block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() [1 file, +10/-2]
810aad1d7f firewall: remove misplaced semicolon from stm32_firewall_get_firewall [1 file, +1/-1]
476e4c4a1a io_uring: don't touch sqd->thread off tw add [1 file, +1/-4]
b683ba0df1 netdev: prevent accessing NAPI instances from another namespace [3 files, +33/-17]
Changes in 6.12.10
jbd2: increase IO priority for writing revoke records
jbd2: flush filesystem device before updating tail sequence
fs/writeback: convert wbc_account_cgroup_owner to take a folio
iomap: pass byte granular end position to iomap_add_to_ioend
iomap: fix zero padding data issue in concurrent append writes
dm array: fix releasing a faulty array block twice in dm_array_cursor_end
dm array: fix unreleased btree blocks on closing a faulty array cursor
dm array: fix cursor index when skipping across block boundaries
netfs: Fix enomem handling in buffered reads
nfs: Fix oops in nfs_netfs_init_request() when copying to cache
netfs: Fix missing barriers by using clear_and_wake_up_bit()
netfs: Fix ceph copy to cache on write-begin
netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled
netfs: Fix is-caching check in read-retry
exfat: fix the infinite loop in exfat_readdir()
exfat: fix the new buffer was not zeroed before writing
exfat: fix the infinite loop in __exfat_free_cluster()
fuse: respect FOPEN_KEEP_CACHE on opendir
ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
ovl: support encoding fid from inode with no alias
ASoC: rt722: add delay time to wait for the calibration procedure
ASoC: mediatek: disable buffer pre-allocation
selftests/alsa: Fix circular dependency involving global-timer
ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
net: 802: LLC+SNAP OID:PID lookup on start of skb data
tcp/dccp: allow a connection when sk_max_ack_backlog is zero
net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
net: libwx: fix firmware mailbox abnormal return
btrfs: avoid NULL pointer dereference if no valid extent tree
pds_core: limit loop over fw name list
bnxt_en: Fix possible memory leak when hwrm_req_replace fails
bnxt_en: Fix DIM shutdown
cxgb4: Avoid removal of uninserted tid
net: don't dump Tx and uninitialized NAPIs
ice: fix max values for dpll pin phase adjust
ice: fix incorrect PHY settings for 100 GB/s
igc: return early when failing to read EECD register
tls: Fix tls_sw_sendmsg error handling
ipvlan: Fix use-after-free in ipvlan_get_iflink().
eth: gve: use appropriate helper to set xdp_features
Bluetooth: hci_sync: Fix not setting Random Address when required
Bluetooth: MGMT: Fix Add Device to responding before completing
Bluetooth: btnxpuart: Fix driver sending truncated data
Bluetooth: btmtk: Fix failed to send func ctrl for MediaTek devices.
tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
net: hns3: fixed reset failure issues caused by the incorrect reset type
net: hns3: fix missing features due to dev->features configuration too early
net: hns3: Resolved the issue that the debugfs query result is inconsistent.
net: hns3: don't auto enable misc vector
net: hns3: initialize reset_timer before hclgevf_misc_irq_init()
net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue
net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
mctp i3c: fix MCTP I3C driver multi-thread issue
netfilter: nf_tables: imbalance in flowtable binding
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
sched: sch_cake: add bounds checks to host bulk flow fairness counts
net: stmmac: dwmac-tegra: Read iommu stream id from device tree
rtase: Fix a check for error in rtase_alloc_msix()
net/mlx5: Fix variable not being completed when function returns
drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err
drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
drm/mediatek: Add support for 180-degree rotation in the display driver
drm/mediatek: stop selecting foreign drivers
drm/mediatek: Fix YCbCr422 color format issue for DP
drm/mediatek: Fix mode valid issue for dp
drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188
gpio: virtuser: fix missing lookup table cleanups
gpio: virtuser: fix handling of multiple conn_ids in lookup table
drm/mediatek: Add return value check when reading DPCD
ksmbd: fix a missing return value check bug
afs: Fix the maximum cell name length
platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it
platform/x86: intel/pmc: Fix ioremap() of bad address
ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
riscv: module: remove relocation_head rel_entry member allocation
cpuidle: riscv-sbi: fix device node release in early exit of for_each_possible_cpu
riscv: mm: Fix the out of bound issue of vmemmap address
riscv: stacktrace: fix backtracing through exceptions
riscv: use local label names instead of global ones in assembly
drm/xe: Fix tlb invalidation when wedging
netfs: Fix kernel async DIO
netfs: Fix read-retry for fs with no ->prepare_read()
drivers/perf: riscv: Fix Platform firmware event data
drivers/perf: riscv: Return error for default case
dm thin: make get_first_thin use rcu-safe list first function
scsi: ufs: qcom: Power off the PHY if it was already powered on in ufs_qcom_power_up_sequence()
vfio/pci: Fallback huge faults for unaligned pfn
fs: relax assertions on failure to encode file handles
fs: fix is_mnt_ns_file()
dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)
mptcp: sysctl: avail sched: remove write access
mptcp: sysctl: sched: avoid using current->nsproxy
mptcp: sysctl: blackhole timeout: avoid using current->nsproxy
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
sctp: sysctl: rto_min/max: avoid using current->nsproxy
sctp: sysctl: auth_enable: avoid using current->nsproxy
sctp: sysctl: udp_port: avoid using current->nsproxy
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
ksmbd: Implement new SMB3 POSIX type
btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path
Revert "drm/mediatek: dsi: Correct calculation formula of PHY Timing"
drm/amd/display: Remove unnecessary amdgpu_irq_get/put
drm/amd/display: Add check for granularity in dml ceil/floor helpers
cgroup/cpuset: Prevent leakage of isolated CPUs into sched domains
thermal: of: fix OF node leak in of_thermal_zone_find()
sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()
sched_ext: switch class when preempted by higher priority scheduler
cgroup/cpuset: remove kernfs active break
sched_ext: idle: Refresh idle masks during idle-to-idle transitions
arm64: dts: qcom: x1e80100: Fix up BAR space size for PCIe6a
arm64: dts: qcom: sa8775p: Fix the size of 'addr_space' regions
smb: client: sync the root session and superblock context passwords before automounting
fs: kill MNT_ONRB
riscv: Fix sleeping in invalid context in die()
riscv: kprobes: Fix incorrect address calculation
gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
drm/amdgpu: Add a lock when accessing the buddy trim function
drm/amd/pm: fix BUG: scheduling while atomic
drm/amdkfd: fixed page fault when enable MES shader debugger
drm/amdkfd: wq_release signals dma_fence only when available
drm/amd/display: fix divide error in DM plane scale calcs
drm/amd/display: fix page fault due to max surface definition mismatch
drm/amd/display: increase MAX_SURFACES to the value supported by hw
io_uring/timeout: fix multishot updates
io_uring/sqpoll: zero sqd->thread on tctx errors
USB: serial: option: add MeiG Smart SRM815
USB: serial: option: add Neoway N723-EA support
staging: iio: ad9834: Correct phase range check
staging: iio: ad9832: Correct phase range check
usb-storage: Add max sectors quirk for Nokia 208
USB: serial: cp210x: add Phoenix Contact UPS Device
usb: dwc3: gadget: fix writing NYET threshold
topology: Keep the cpumask unchanged when printing cpumap
misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling
misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config
tty: serial: 8250: Fix another runtime PM usage counter underflow
serial: stm32: use port lock wrappers for break control
usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
x86/fpu: Ensure shadow stack is active before "getting" registers
usb: dwc3-am62: Disable autosuspend during remove
USB: usblp: return error when setting unsupported protocol
USB: core: Disable LPM only for non-suspended ports
usb: fix reference leak in usb_new_device()
usb: gadget: midi2: Reverse-select at the right place
usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()
usb: typec: tcpci: fix NULL pointer issue on shared irq case
usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm()
usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
usb: gadget: configfs: Ignore trailing LF for user strings to cdev
usb: host: xhci-plat: set skip_phy_initialization if software node has XHCI_SKIP_PHY_INIT property
usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
iio: pressure: zpa2326: fix information leak in triggered buffer
iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
iio: light: vcnl4035: fix information leak in triggered buffer
iio: light: bh1745: fix information leak in triggered buffer
iio: imu: kmx61: fix information leak in triggered buffer
iio: adc: rockchip_saradc: fix information leak in triggered buffer
iio: adc: ti-ads8688: fix information leak in triggered buffer
iio: adc: ti-ads1119: fix information leak in triggered buffer
iio: adc: ti-ads1119: fix sample size in scan struct for triggered buffer
iio: gyro: fxas21002c: Fix missing data update in trigger handler
iio: adc: ti-ads1298: Add NULL check in ads1298_init
iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
iio: adc: at91: call input_free_device() on allocated iio_dev
iio: inkern: call iio_device_put() only on mapped devices
iio: adc: ad7173: fix using shared static info struct
iio: adc: ad7124: Disable all channels at probe time
io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
arm64: dts: imx95: correct the address length of netcmix_blk_ctrl
ARM: dts: imxrt1050: Fix clocks for mmc
arm64: dts: qcom: sa8775p: fix the secure device bootup issue
hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur
block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
arm64: dts: rockchip: add hevc power domain clock to rk3328
firewall: remove misplaced semicolon from stm32_firewall_get_firewall
drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported
io_uring: don't touch sqd->thread off tw add
iio: imu: inv_icm42600: fix spi burst write not supported
netdev: prevent accessing NAPI instances from another namespace
Linux 6.12.10
Change-Id: Ie2f94fe090d61be2389c21427b56a19ec5f88bd6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 30dac24e14b52e1787572d1d4e06eeabe8a63630 ]
Most of the callers of wbc_account_cgroup_owner() are converting a folio
to page before calling the function. wbc_account_cgroup_owner() is
converting the page back to a folio to call mem_cgroup_css_from_folio().
Convert wbc_account_cgroup_owner() to take a folio instead of a page,
and convert all callers to pass a folio directly except f2fs.
Convert the page to folio for all the callers from f2fs as they were the
only callers calling wbc_account_cgroup_owner() with a page. As f2fs is
already in the process of converting to folios, these call sites might
also soon be calling wbc_account_cgroup_owner() with a folio directly in
the future.
No functional changes. Only compile tested.
Signed-off-by: Pankaj Raghav <p.raghav@samsung.com>
Link: https://lore.kernel.org/r/20240926140121.203821-1-kernel@pankajraghav.com
Acked-by: David Sterba <dsterba@suse.com>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Stable-dep-of: 51d20d1dacbe ("iomap: fix zero padding data issue in concurrent append writes")
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 129 out of 468 changes, affecting 180 files +1843/-980
e0964a5778 ptp: Add error handling for adjfine callback in ptp_clock_adjtime [1 file, +2/-1]
a007f8895f net/sched: tbf: correct backlog statistic for GSO packets [1 file, +12/-6]
9545011e7b net: Fix icmp host relookup triggering ip_rt_bug [1 file, +3/-0]
01f95357e4 ipv6: avoid possible NULL deref in modify_prefix_route() [1 file, +7/-6]
8b591bd522 net/ipv6: release expired exception dst cached in socket [1 file, +3/-3]
e48b211c4c tipc: Fix use-after-free of kernel socket in cleanup_bearer(). [1 file, +1/-1]
da5cc778e7 netfilter: nft_inner: incorrect percpu area handling under softirq [2 files, +46/-12]
a36a6d7037 Revert "udp: avoid calling sock_def_readable() if possible" [1 file, +3/-11]
22074dc1d4 ethtool: Fix wrong mod state in case of verbose and no_mask bitset [1 file, +44/-4]
316183d583 net: avoid potential UAF in default_operstate() [1 file, +6/-1]
c00372e41b mmc: sd: SDUC Support Recognition [7 files, +27/-15]
19e22f1e68 mmc: core: Adjust ACMD22 to SDUC [1 file, +18/-6]
42311846d3 mmc: core: Use GFP_NOIO in ACMD22 [1 file, +4/-0]
4e51552bc5 zram: do not mark idle slots that cannot be idle [1 file, +18/-7]
0ab037634b zram: clear IDLE flag in mark_idle() [1 file, +2/-0]
405b6d5f90 ntp: Remove invalid cast in time offset math [1 file, +1/-1]
6358df316d f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK} [1 file, +29/-39]
e6a91ed4b9 f2fs: fix to adjust appropriate length for fiemap [2 files, +4/-3]
8e9fec7f79 f2fs: fix to requery extent which cross boundary of inquiry [1 file, +15/-5]
815d8f0e52 i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS [2 files, +5/-3]
c3806cf647 i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED [2 files, +59/-13]
1117462773 i3c: master: Fix dynamic address leak when 'assigned-address' is present [1 file, +5/-10]
7d4e5e33ea scsi: ufs: core: Always initialize the UIC done completion [1 file, +4/-7]
3ad69f2f08 scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG [3 files, +38/-1]
47f4ad956b bpf, vsock: Fix poll() missing a queue [1 file, +3/-0]
a222e48fea bpf, vsock: Invoke proto::close on close() [1 file, +40/-27]
dabaf26846 xsk: always clear DMA mapping information when unmapping the pool [1 file, +2/-3]
5c9e3bb43a tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg [1 file, +4/-7]
7bc37dd9ea ALSA: usb-audio: Notify xrun for low-latency mode [1 file, +11/-3]
a78af11806 pmdomain: core: Add missing put_device() [1 file, +1/-0]
913a3f1c06 pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails [1 file, +19/-17]
5548887987 nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported [1 file, +2/-1]
bdbf87486d bpf: Ensure reg is PTR_TO_STACK in process_iter_arg [2 files, +7/-2]
2459a0b149 drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails [1 file, +1/-5]
0da7d4b7ca bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc [1 file, +6/-3]
f9f2a2739e bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots [1 file, +1/-0]
845cc4ee8e nvme-fabrics: handle zero MAXCMD without closing the connection [1 file, +3/-2]
c2277e2859 scatterlist: fix incorrect func name in kernel-doc [1 file, +1/-1]
81ec3c6ceb bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie [1 file, +20/-3]
6dc076a257 bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem [1 file, +1/-3]
7218e441ad bpf: Handle in-place update for full LPM trie correctly [1 file, +21/-23]
412bf01fd5 bpf: Fix exact match conditions in trie_get_next_key() [1 file, +2/-2]
e689bc6697 HID: wacom: fix when get product name maybe null pointer [1 file, +2/-1]
3b0c5bb437 can: dev: can_set_termination(): allow sleeping GPIOs [1 file, +1/-1]
ba0ee489cd tracing: Fix cmp_entries_dup() to respect sort() comparison rules [1 file, +1/-5]
ec643064ab arm64: mm: Fix zone_dma_limit calculation [1 file, +8/-9]
34b6197867 arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs [1 file, +2/-2]
abd614bbfc arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL [1 file, +5/-1]
8ab73c34e3 arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR [1 file, +2/-0]
4105dd76bc arm64: ptrace: fix partial SETREGSET for NT_ARM_POE [1 file, +2/-0]
7f1292f8d4 ALSA: usb-audio: Fix a DMA to stack memory bug [1 file, +27/-15]
39c5d89b56 ALSA: usb-audio: Add extra PID for RME Digiface USB [3 files, +176/-168]
9c191055c7 scsi: ufs: core: sysfs: Prevent div by zero [1 file, +6/-0]
2e7a3bb033 scsi: ufs: core: Cancel RTC work during ufshcd_remove() [1 file, +1/-0]
5a717f43c2 scsi: ufs: core: Add missing post notify for power mode change [2 files, +10/-7]
793e560a6b io_uring: Change res2 parameter type in io_uring_cmd_done [2 files, +3/-3]
85351e4941 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" [1 file, +2/-3]
95e197354e cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU [1 file, +8/-6]
bc031095d1 modpost: Add .irqentry.text to OTHER_SECTIONS [1 file, +1/-1]
178e31df1f bpf: fix OOB devmap writes when deleting elements [1 file, +3/-3]
3dcc20418e dma-buf: fix dma_fence_array_signaled v4 [1 file, +27/-1]
f3dbb097d6 dma-fence: Fix reference leak on fence merge failure path [1 file, +2/-0]
4715555964 dma-fence: Use kernel's sort for merging fences [1 file, +61/-67]
d486b5741d xsk: fix OOB map writes when deleting elements [1 file, +1/-1]
14258211d6 regmap: detach regmap from dev on regmap_exit [1 file, +12/-0]
d562b457e1 mmc: core: Further prevent card detect during shutdown [2 files, +5/-0]
9bfeeeff2c stackdepot: fix stack_depot_save_flags() in NMI context [2 files, +12/-4]
a71ddd5b87 sched/numa: fix memory leak due to the overwritten vma->numab_state [1 file, +9/-3]
835ca042df kasan: make report_lock a raw spinlock [1 file, +3/-3]
69d319450d mm/gup: handle NULL pages in unpin_user_pages() [1 file, +10/-1]
1dde3fde62 mm: open-code PageTail in folio_flags() and const_folio_flags() [1 file, +2/-2]
bd4d2333a3 mm: open-code page_folio() in dump_page() [1 file, +5/-2]
536ffb4014 mm: fix vrealloc()'s KASAN poisoning logic [1 file, +2/-1]
fe1a34e92a mm: respect mmap hint address when aligning for THP [1 file, +1/-0]
5c63e24b1b scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() [6 files, +2/-5]
2cec2d916a memblock: allow zero threshold in validate_numa_converage() [1 file, +2/-2]
d222934627 epoll: annotate racy check [2 files, +5/-3]
493326c4f1 block: RCU protect disk->conv_zones_bitmap [2 files, +32/-13]
b6ce2dbe98 ext4: partial zero eof block on unaligned inode size extension [2 files, +42/-16]
ff599ad2d2 cleanup: Adjust scoped_guard() macros to avoid potential warning [1 file, +42/-10]
3946e07552 gpio: free irqs that are still requested when the chip is being removed [1 file, +41/-0]
ea74e9675b HID: add per device quirk to force bind to hid-generic [3 files, +8/-2]
17db6ed5a3 media: uvcvideo: RealSense D421 Depth module metadata [1 file, +9/-0]
0c20fadfd0 media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera [1 file, +11/-0]
3cc5228d5b media: uvcvideo: Force UVC version to 1.0a for 0408:4033 [1 file, +11/-0]
4150f22342 drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model [1 file, +6/-0]
5d7f35ed5f drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition [1 file, +6/-0]
187d5ff497 drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK [1 file, +6/-0]
fd09880b16 af_packet: avoid erroring out after sock_init_data() in packet_create() [1 file, +6/-6]
61686abc2f Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() [1 file, +1/-0]
32df687e12 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() [1 file, +5/-5]
8df832e6b9 net: af_can: do not leave a dangling sk pointer in can_create() [1 file, +1/-0]
03caa9bfb9 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() [1 file, +7/-5]
691d6d816f net: inet: do not leave a dangling sk pointer in inet_create() [1 file, +10/-12]
f44fceb71d net: inet6: do not leave a dangling sk pointer in inet6_create() [1 file, +10/-12]
987aa730ba bpf: Prevent tailcall infinite loop caused by freplace [5 files, +81/-17]
051f49d517 net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals [4 files, +29/-23]
920159e1bf ALSA: usb-audio: Make mic volume workarounds globally applicable [3 files, +45/-48]
a50b4aa300 bpf: Call free_htab_elem() after htab_unlock_bucket() [1 file, +39/-17]
da561d5fb6 Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions [1 file, +3/-10]
c55a4c5a04 Bluetooth: hci_conn: Use disable_delayed_work_sync [1 file, +3/-3]
93a6160dc1 Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet [1 file, +9/-4]
b04b4fb91d Bluetooth: Add new quirks for ATS2851 [2 files, +20/-4]
359fc41e3c Bluetooth: Support new quirks for ATS2851 [2 files, +15/-1]
166cf43070 net/neighbor: clear error in case strict check is not set [1 file, +1/-0]
f63a1caae9 tracing/ftrace: disable preemption in syscall probe [2 files, +44/-4]
d1133dd57e tracing: Use atomic64_inc_return() in trace_clock_counter() [1 file, +1/-1]
09c083fbea ring-buffer: Limit time with disabled interrupts in rb_check_pages() [1 file, +72/-26]
c11e2ec9a7 pinmux: Use sequential access to access desc->pinmux data [3 files, +100/-77]
b865d4e569 scsi: ufs: core: Make DMA mask configuration more flexible [3 files, +13/-9]
2fcb921c27 bpf: put bpf_link's program when link is safe to be deallocated [1 file, +17/-5]
bb4a6236a4 leds: class: Protect brightness_show() with led_cdev->led_access mutex [2 files, +12/-4]
7214d3a64e tracing: Fix function name for trampoline [3 files, +36/-8]
9e28513fd2 f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. [1 file, +3/-1]
b51aa6a07e PCI: qcom: Add support for IPQ9574 [1 file, +1/-0]
617bd1e6c3 PCI: Add ACS quirk for Wangxun FF5xxx NICs [1 file, +9/-6]
1f51ae217d i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock [1 file, +2/-1]
6d41a2d5c1 f2fs: print message if fscorrupted was found in f2fs_new_node_page() [1 file, +6/-1]
924f7dd1e8 f2fs: fix to shrink read extent node in batches [1 file, +41/-28]
1648c7000f serial: 8250_dw: Add Sophgo SG2044 quirk [1 file, +3/-2]
950210c9c7 Revert "nvme: make keep-alive synchronous operation" [1 file, +10/-7]
d5b2ddf1f9 io_uring/tctx: work around xa_store() allocation error issue [1 file, +12/-1]
cd188519d2 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() [1 file, +1/-0]
a39ad4f507 sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() [1 file, +1/-1]
f9e144a544 sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy [1 file, +1/-1]
b4ec68868c sched/core: Prevent wakeup of ksoftirqd during idle load balance [1 file, +1/-1]
364dc8070b tracing/eprobe: Fix to release eprobe when failed to add dyn_event [1 file, +5/-0]
1a678f6829 clocksource: Make negative motion detection more robust [4 files, +20/-7]
6aeef0214d softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel [1 file, +11/-4]
Changes in 6.12.5
iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
watchdog: apple: Actually flush writes after requesting watchdog restart
watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart()
can: gs_usb: add usb endpoint address detection at driver probe step
can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails
can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
can: hi311x: hi3110_can_ist(): fix potential use-after-free
can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
netfilter: x_tables: fix LED ID check in led_tg_check()
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
selftests: hid: fix typo and exit code
net: enetc: Do not configure preemptible TCs if SIs do not support
ptp: Add error handling for adjfine callback in ptp_clock_adjtime
net/sched: tbf: correct backlog statistic for GSO packets
net: hsr: avoid potential out-of-bound access in fill_frame_info()
bnxt_en: ethtool: Supply ntuple rss context action
net: Fix icmp host relookup triggering ip_rt_bug
ipv6: avoid possible NULL deref in modify_prefix_route()
can: j1939: j1939_session_new(): fix skb reference counting
platform/x86: asus-wmi: Ignore return value when writing thermal policy
net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on LAN7800/7850
net/ipv6: release expired exception dst cached in socket
dccp: Fix memory leak in dccp_feat_change_recv
tipc: Fix use-after-free of kernel socket in cleanup_bearer().
net/smc: initialize close_work early to avoid warning
net/smc: fix LGR and link use-after-free issue
net/qed: allow old cards not supporting "num_images" to work
net: hsr: must allocate more bytes for RedBox support
ice: fix PHY Clock Recovery availability check
ice: fix PHY timestamp extraction for ETH56G
ice: Fix VLAN pruning in switchdev mode
idpf: set completion tag for "empty" bufs associated with a packet
ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
ixgbe: downgrade logging of unsupported VF API version to debug
ixgbe: Correct BASE-BX10 compliance code
igb: Fix potential invalid memory access in igb_init_module()
netfilter: nft_inner: incorrect percpu area handling under softirq
Revert "udp: avoid calling sock_def_readable() if possible"
net: sched: fix erspan_opt settings in cls_flower
netfilter: ipset: Hold module reference while requesting a module
netfilter: nft_set_hash: skip duplicated elements pending gc run
ethtool: Fix wrong mod state in case of verbose and no_mask bitset
mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
geneve: do not assume mac header is set in geneve_xmit_skb()
net/mlx5: HWS: Fix memory leak in mlx5hws_definer_calc_layout
net/mlx5: HWS: Properly set bwc queue locks lock classes
net/mlx5e: SD, Use correct mdev to build channel param
net/mlx5e: Remove workaround to avoid syndrome for internal port
vsock/test: fix failures due to wrong SO_RCVLOWAT parameter
vsock/test: fix parameter types in SO_VM_SOCKETS_* calls
net: avoid potential UAF in default_operstate()
gpio: grgpio: use a helper variable to store the address of ofdev->dev
gpio: grgpio: Add NULL check in grgpio_probe
mmc: mtk-sd: use devm_mmc_alloc_host
mmc: mtk-sd: Fix error handle of probe function
mmc: mtk-sd: fix devm_clk_get_optional usage
mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
mmc: sd: SDUC Support Recognition
mmc: core: Adjust ACMD22 to SDUC
mmc: core: Use GFP_NOIO in ACMD22
zram: do not mark idle slots that cannot be idle
zram: clear IDLE flag in mark_idle()
ntp: Remove invalid cast in time offset math
f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK}
f2fs: fix to adjust appropriate length for fiemap
f2fs: fix to requery extent which cross boundary of inquiry
i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED
i3c: master: Fix dynamic address leak when 'assigned-address' is present
drm/amd/display: calculate final viewport before TAP optimization
drm/amd/display: Ignore scalar validation failure if pipe is phantom
scsi: ufs: core: Always initialize the UIC done completion
scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
bpf, vsock: Fix poll() missing a queue
bpf, vsock: Invoke proto::close on close()
xsk: always clear DMA mapping information when unmapping the pool
bpftool: fix potential NULL pointer dereferencing in prog_dump()
drm/sti: Add __iomem for mixer_dbg_mxn's parameter
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
ALSA: seq: ump: Fix seq port updates per FB info notify
ALSA: usb-audio: Notify xrun for low-latency mode
tools: Override makefile ARCH variable if defined, but empty
spi: mpc52xx: Add cancel_work_sync before module remove
ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai()
pmdomain: core: Add missing put_device()
pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails
nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported
x86/pkeys: Change caller of update_pkru_in_sigframe()
x86/pkeys: Ensure updated PKRU value is XRSTOR'd
bpf: Ensure reg is PTR_TO_STACK in process_iter_arg
irqchip/stm32mp-exti: CONFIG_STM32MP_EXTI should not default to y when compile-testing
drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails
bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
nvme-fabrics: handle zero MAXCMD without closing the connection
nvme-tcp: fix the memleak while create new ctrl failed
nvme-rdma: unquiesce admin_q before destroy it
scsi: sg: Fix slab-use-after-free read in sg_release()
scsi: scsi_debug: Fix hrtimer support for ndelay
ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
drm/v3d: Enable Performance Counters before clearing them
ocfs2: free inode when ocfs2_get_init_inode() fails
scatterlist: fix incorrect func name in kernel-doc
iio: magnetometer: yas530: use signed integer type for clamp limits
smb: client: fix potential race in cifs_put_tcon()
bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
bpf: Handle in-place update for full LPM trie correctly
bpf: Fix exact match conditions in trie_get_next_key()
x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails
rust: allow `clippy::needless_lifetimes`
HID: i2c-hid: Revert to using power commands to wake on resume
HID: wacom: fix when get product name maybe null pointer
LoongArch: Add architecture specific huge_pte_clear()
LoongArch: KVM: Protect kvm_check_requests() with SRCU
ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
watchdog: rti: of: honor timeout-sec property
can: dev: can_set_termination(): allow sleeping GPIOs
can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6.
tracing: Fix cmp_entries_dup() to respect sort() comparison rules
net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
iommufd: Fix out_fput in iommufd_fault_alloc()
arm64: mm: Fix zone_dma_limit calculation
arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
ALSA: usb-audio: Fix a DMA to stack memory bug
ALSA: usb-audio: Add extra PID for RME Digiface USB
ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
ALSA: usb-audio: add mixer mapping for Corsair HS80
ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
scsi: qla2xxx: Fix abort in bsg timeout
scsi: qla2xxx: Fix NVMe and NPIV connect issue
scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
scsi: qla2xxx: Fix use after free on unload
scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
scsi: ufs: core: sysfs: Prevent div by zero
scsi: ufs: core: Cancel RTC work during ufshcd_remove()
scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers
scsi: ufs: core: Add missing post notify for power mode change
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX
fs/smb/client: Implement new SMB3 POSIX type
fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points
smb3.1.1: fix posix mounts to older servers
io_uring: Change res2 parameter type in io_uring_cmd_done
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"
pmdomain: imx: gpcv2: Adjust delay after power up handshake
selftests/damon: add _damon_sysfs.py to TEST_FILES
selftest: hugetlb_dio: fix test naming
cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
x86/cacheinfo: Delete global num_cache_leaves
drm/amdkfd: hard-code cacheline for gc943,gc944
drm/dp_mst: Fix MST sideband message body length check
drm/amdkfd: add MEC version that supports no PCIe atomics for GFX12
drm/amd/pm: fix and simplify workload handling
drm/dp_mst: Verify request type in the corresponding down message reply
drm/dp_mst: Fix resetting msg rx state after topology removal
drm/amd/display: Correct prefetch calculation
drm/amd/display: Limit VTotal range to max hw cap minus fp
drm/amd/display: Add a left edge pixel if in YCbCr422 or YCbCr420 and odm
drm/amdgpu/hdp6.0: do a posting read when flushing HDP
drm/amdgpu/hdp4.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.0: do a posting read when flushing HDP
drm/amdgpu/hdp7.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.2: do a posting read when flushing HDP
modpost: Add .irqentry.text to OTHER_SECTIONS
x86/kexec: Restore GDT on return from ::preserve_context kexec
bpf: fix OOB devmap writes when deleting elements
dma-buf: fix dma_fence_array_signaled v4
dma-fence: Fix reference leak on fence merge failure path
dma-fence: Use kernel's sort for merging fences
xsk: fix OOB map writes when deleting elements
regmap: detach regmap from dev on regmap_exit
arch_numa: Restore nid checks before registering a memblock with a node
mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet
mmc: core: Further prevent card detect during shutdown
x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
ocfs2: update seq_file index in ocfs2_dlm_seq_next
stackdepot: fix stack_depot_save_flags() in NMI context
lib: stackinit: hide never-taken branch from compiler
sched/numa: fix memory leak due to the overwritten vma->numab_state
kasan: make report_lock a raw spinlock
mm/gup: handle NULL pages in unpin_user_pages()
mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC
x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
mm/damon: fix order of arguments in damos_before_apply tracepoint
mm: memcg: declare do_memsw_account inline
mm: open-code PageTail in folio_flags() and const_folio_flags()
mm: open-code page_folio() in dump_page()
mm: fix vrealloc()'s KASAN poisoning logic
mm: respect mmap hint address when aligning for THP
scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove()
memblock: allow zero threshold in validate_numa_converage()
rust: enable arbitrary_self_types and remove `Receiver`
s390/pci: Sort PCI functions prior to creating virtual busses
s390/pci: Use topology ID for multi-function devices
s390/pci: Ignore RID for isolated VFs
epoll: annotate racy check
kselftest/arm64: Log fp-stress child startup errors to stdout
s390/cpum_sf: Handle CPU hotplug remove during sampling
block: RCU protect disk->conv_zones_bitmap
btrfs: don't take dev_replace rwsem on task already holding it
btrfs: avoid unnecessary device path update for the same device
btrfs: canonicalize the device path before adding it
btrfs: do not clear read-only when adding sprout device
kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
ext4: partial zero eof block on unaligned inode size extension
crypto: ecdsa - Avoid signed integer overflow on signature decoding
kcsan: Turn report_filterlist_lock into a raw_spinlock
hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list
ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID
ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
ACPI: video: force native for Apple MacbookPro11,2 and Air7,2
perf/x86/amd: Warn only on new bits set
cleanup: Adjust scoped_guard() macros to avoid potential warning
iio: magnetometer: fix if () scoped_guard() formatting
timekeeping: Always check for negative motion
gpio: free irqs that are still requested when the chip is being removed
spi: spi-fsl-lpspi: Adjust type of scldiv
soc: qcom: llcc: Use designated initializers for LLC settings
HID: add per device quirk to force bind to hid-generic
firmware: qcom: scm: Allow QSEECOM on Lenovo Yoga Slim 7x
soc: qcom: pd-mapper: Add QCM6490 PD maps
media: uvcvideo: RealSense D421 Depth module metadata
media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
media: uvcvideo: Force UVC version to 1.0a for 0408:4033
media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
mmc: core: Add SD card quirk for broken poweroff notification
mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED
firmware: qcom: scm: Allow QSEECOM on Dell XPS 13 9345
soc: imx8m: Probe the SoC driver as platform driver
regmap: maple: Provide lockdep (sub)class for maple tree's internal lock
selftests/resctrl: Protect against array overflow when reading strings
sched_ext: add a missing rcu_read_lock/unlock pair at scx_select_cpu_dfl()
HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
drm/xe/pciids: separate RPL-U and RPL-P PCI IDs
drm/xe/pciids: separate ARL and MTL PCI IDs
drm/vc4: hdmi: Avoid log spam for audio start failure
drm/vc4: hvs: Set AXI panic modes for the HVS
drm/xe/pciids: Add PVC's PCI device ID macros
wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
drm/xe/pciid: Add new PCI id for ARL
drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
drm/bridge: it6505: Enable module autoloading
drm/mcde: Enable module autoloading
wifi: rtw89: check return value of ieee80211_probereq_get() for RNR
drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL.
dlm: fix possible lkb_resource null dereference
drm/amd/display: skip disable CRTC in seemless bootup case
drm/amd/display: Fix garbage or black screen when resetting otg
drm/amd/display: disable SG displays on cyan skillfish
drm/xe/ptl: L3bank mask is not available on the media GT
drm/xe/xe3: Add initial set of workarounds
drm/display: Fix building with GCC 15
ALSA: hda: Use own quirk lookup helper
ALSA: hda/conexant: Use the new codec SSID matching
ALSA: hda/realtek: Use codec SSID matching for Lenovo devices
r8169: don't apply UDP padding quirk on RTL8126A
samples/bpf: Fix a resource leak
wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
accel/qaic: Add AIC080 support
drm/amd/display: Full exit out of IPS2 when all allow signals have been cleared
net: fec_mpc52xx_phy: Use %pa to format resource_size_t
net: ethernet: fs_enet: Use %pa to format resource_size_t
net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
af_packet: avoid erroring out after sock_init_data() in packet_create()
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
net: af_can: do not leave a dangling sk pointer in can_create()
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
net: inet: do not leave a dangling sk pointer in inet_create()
net: inet6: do not leave a dangling sk pointer in inet6_create()
wifi: ath10k: avoid NULL pointer error during sdio remove
wifi: ath5k: add PCI ID for SX76X
wifi: ath5k: add PCI ID for Arcadyan devices
fanotify: allow reporting errors on failure to open fd
bpf: Prevent tailcall infinite loop caused by freplace
ASoC: sdw_utils: Add support for exclusion DAI quirks
ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored
ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs
ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops
drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout
drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
net: sfp: change quirks for Alcatel Lucent G-010S-P
net: stmmac: Programming sequence for VLAN packets with split header
drm/sched: memset() 'job' in drm_sched_job_init()
drm/amd/display: Adding array index check to prevent memory corruption
drm/amdgpu/gfx9: Add cleaner shader for GFX9.4.2
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
drm/amdgpu: Dereference the ATCS ACPI buffer
netlink: specs: Add missing bitset attrs to ethtool spec
drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
ASoC: sdw_utils: Add quirk to exclude amplifier function
ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support
drm/amd/display: Fix underflow when playing 8K video in full screen mode
mptcp: annotate data-races around subflow->fully_established
dma-debug: fix a possible deadlock on radix_lock
jfs: array-index-out-of-bounds fix in dtReadFirst
jfs: fix shift-out-of-bounds in dbSplit
jfs: fix array-index-out-of-bounds in jfs_readdir
jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
fsl/fman: Validate cell-index value obtained from Device Tree
net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
drm/panic: Add ABGR2101010 support
drm/amd/display: Remove hw w/a toggle if on DP2/HPO
drm/amd/display: parse umc_info or vram_info based on ASIC
drm/amd/display: Prune Invalid Modes For HDMI Output
drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
virtio-net: fix overflow inside virtnet_rq_alloc
ALSA: usb-audio: Make mic volume workarounds globally applicable
drm/amdgpu: set the right AMDGPU sg segment limitation
wifi: ipw2x00: libipw_rx_any(): fix bad alignment
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
bpf: Call free_htab_elem() after htab_unlock_bucket()
mptcp: fix possible integer overflow in mptcp_reset_tout_timer
dsa: qca8k: Use nested lock to avoid splat
i2c: i801: Add support for Intel Panther Lake
Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925
Bluetooth: hci_conn: Use disable_delayed_work_sync
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
Bluetooth: Add new quirks for ATS2851
Bluetooth: Support new quirks for ATS2851
Bluetooth: Set quirks for ATS2851
Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925
Bluetooth: btusb: Add 3 HWIDs for MT7925
ASoC: hdmi-codec: reorder channel allocation list
rocker: fix link status detection in rocker_carrier_init()
net/neighbor: clear error in case strict check is not set
netpoll: Use rcu_access_pointer() in __netpoll_setup
pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
rtla: Fix consistency in getopt_long for timerlat_hist
tracing/ftrace: disable preemption in syscall probe
tracing: Use atomic64_inc_return() in trace_clock_counter()
tools/rtla: fix collision with glibc sched_attr/sched_set_attr
rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long
rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long
scsi: hisi_sas: Add cond_resched() for no forced preemption model
scsi: hisi_sas: Create all dump files during debugfs initialization
ring-buffer: Limit time with disabled interrupts in rb_check_pages()
pinmux: Use sequential access to access desc->pinmux data
scsi: ufs: core: Make DMA mask configuration more flexible
iommu/amd: Fix corruption when mapping large pages from 0
bpf: put bpf_link's program when link is safe to be deallocated
scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths
scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI
scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback
clk: qcom: rcg2: add clk_rcg2_shared_floor_ops
clk: qcom: rpmh: add support for SAR2130P
clk: qcom: tcsrcc-sm8550: add SAR2130P support
clk: qcom: dispcc-sm8550: enable support for SAR2130P
clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
leds: class: Protect brightness_show() with led_cdev->led_access mutex
scsi: st: Don't modify unknown block number in MTIOCGET
scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
pinctrl: qcom-pmic-gpio: add support for PM8937
pinctrl: qcom: spmi-mpp: Add PM8937 compatible
thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens
nvdimm: rectify the illogical code within nd_dax_probe()
smb: client: memcpy() with surrounding object base address
tracing: Fix function name for trampoline
tools/rtla: Enhance argument parsing in timerlat_load.py
verification/dot2: Improve dot parser robustness
mailbox: pcc: Check before sending MCTP PCC response ACK
f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
KMSAN: uninit-value in inode_go_dump (5)
i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
PCI: qcom: Add support for IPQ9574
PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
PCI: vmd: Set devices to D0 before enabling PM L1 Substates
PCI: Detect and trust built-in Thunderbolt chips
PCI: starfive: Enable controller runtime PM before probing host bridge
PCI: Add 'reset_subordinate' to reset hierarchy below bridge
PCI: Add ACS quirk for Wangxun FF5xxx NICs
remoteproc: qcom: pas: enable SAR2130P audio DSP support
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
f2fs: print message if fscorrupted was found in f2fs_new_node_page()
f2fs: fix to shrink read extent node in batches
f2fs: add a sysfs node to limit max read extent count per-inode
ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840
ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[]
LoongArch: Fix sleeping in atomic context for PREEMPT_RT
fs/ntfs3: Fix warning in ni_fiemap
fs/ntfs3: Fix case when unmarked clusters intersect with zone
regulator: qcom-rpmh: Update ranges for FTSMPS525
usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
usb: chipidea: udc: limit usb request length to max 16KB
usb: chipidea: udc: create bounce buffer for problem sglist entries if possible
usb: chipidea: udc: handle USB Error Interrupt if IOC not set
usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations
iio: adc: ad7192: properly check spi_get_device_match_data()
iio: light: ltr501: Add LTER0303 to the supported devices
usb: typec: ucsi: glink: be more precise on orientation-aware ports
ASoC: amd: yc: fix internal mic on Redmi G 2022
drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3
MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW
powerpc/prom_init: Fixup missing powermac #size-cells
misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
rtc: cmos: avoid taking rtc_lock for extended period of time
serial: 8250_dw: Add Sophgo SG2044 quirk
Revert "nvme: make keep-alive synchronous operation"
irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801
smb: client: don't try following DFS links in cifs_tree_connect()
setlocalversion: work around "git describe" performance
io_uring/tctx: work around xa_store() allocation error issue
scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
drm/xe/devcoredump: Use drm_puts and already cached local variables
drm/xe/devcoredump: Improve section headings and add tile info
drm/xe/devcoredump: Add ASCII85 dump helper function
drm/xe/guc: Copy GuC log prior to dumping
drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()
drm/xe/devcoredump: Update handling of xe_force_wake_get return
drm/amd/display: Add option to retrieve detile buffer size
sched: fix warning in sched_setaffinity
sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy
sched/core: Prevent wakeup of ksoftirqd during idle load balance
sched/deadline: Fix warning in migrate_enable for boosted tasks
btrfs: drop unused parameter options from open_ctree()
btrfs: drop unused parameter data from btrfs_fill_super()
btrfs: fix mount failure due to remount races
btrfs: fix missing snapshot drew unlock when root is dead during swap activation
clk: en7523: Initialize num before accessing hws in en7523_register_clocks()
tracing/eprobe: Fix to release eprobe when failed to add dyn_event
x86: Fix build regression with CONFIG_KEXEC_JUMP enabled
Revert "unicode: Don't special case ignorable code points"
vfio/mlx5: Align the page tracking max message size with the device capability
selftests/ftrace: adjust offset for kprobe syntax error test
KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn()
jffs2: Prevent rtime decompress memory corruption
jffs2: Fix rtime decompressor
media: ipu6: use the IPU6 DMA mapping APIs to do mapping
ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
net/mlx5: unique names for per device caches
ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
drm/amdgpu: rework resume handling for display (v2)
ALSA: hda: Fix build error without CONFIG_SND_DEBUG
Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
timekeeping: Remove CONFIG_DEBUG_TIMEKEEPING
clocksource: Make negative motion detection more robust
softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
Linux 6.12.5
Change-Id: If1b834954ed2ee1a16886f9a9909c6ca62d93b6c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit c7fc0366c65628fd69bfc310affec4918199aae2 ]
Using mapped writes, it's technically possible to expose stale
post-eof data on a truncate up operation. Consider the following
example:
$ xfs_io -fc "pwrite 0 2k" -c "mmap 0 4k" -c "mwrite 2k 2k" \
-c "truncate 8k" -c "pread -v 2k 16" <file>
...
00000800: 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 XXXXXXXXXXXXXXXX
...
This shows that the post-eof data written via mwrite lands within
EOF after a truncate up. While this is deliberate of the test case,
behavior is somewhat unpredictable because writeback does post-eof
zeroing, and writeback can occur at any time in the background. For
example, an fsync inserted between the mwrite and truncate causes
the subsequent read to instead return zeroes. This basically means
that there is a race window in this situation between any subsequent
extending operation and writeback that dictates whether post-eof
data is exposed to the file or zeroed.
To prevent this problem, perform partial block zeroing as part of
the various inode size extending operations that are susceptible to
it. For truncate extension, zero around the original eof similar to
how truncate down does partial zeroing of the new eof. For extension
via writes and fallocate related operations, zero the newly exposed
range of the file to cover any partial zeroing that must occur at
the original and new eof blocks.
Signed-off-by: Brian Foster <bfoster@redhat.com>
Link: https://patch.msgid.link/20240919160741.208162-2-bfoster@redhat.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Steps on the way to 6.12.2
Resolves merge conflicts in:
fs/f2fs/data.c
include/linux/f2fs_fs.h
Change-Id: I4903837fe6be213c3eb5a9091f24e2838efc660b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Steps on the way to 6.12.2
Resolves merge conflicts in:
fs/fuse/fuse_i.h
Change-Id: If765bb10099fb7efad53a0a4bcda888cd571ac97
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4a622e4d477bb12ad5ed4abbc7ad1365de1fa347 upstream.
The original implementation ext4's FS_IOC_GETFSMAP handling only
worked when the range of queried blocks included at least one free
(unallocated) block range. This is because how the metadata blocks
were emitted was as a side effect of ext4_mballoc_query_range()
calling ext4_getfsmap_datadev_helper(), and that function was only
called when a free block range was identified. As a result, this
caused generic/365 to fail.
Fix this by creating a new function ext4_getfsmap_meta_helper() which
gets called so that blocks before the first free block range in a
block group can get properly reported.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 902cc179c931a033cd7f4242353aa2733bf8524c upstream.
find_group_other() and find_group_orlov() read *_lo, *_hi with
ext4_free_inodes_count without additional locking. This can cause
data-race warning, but since the lock is held for most writes and free
inodes value is generally not a problem even if it is incorrect, it is
more appropriate to use READ_ONCE()/WRITE_ONCE() than to add locking.
==================================================================
BUG: KCSAN: data-race in ext4_free_inodes_count / ext4_free_inodes_set
write to 0xffff88810404300e of 2 bytes by task 6254 on cpu 1:
ext4_free_inodes_set+0x1f/0x80 fs/ext4/super.c:405
__ext4_new_inode+0x15ca/0x2200 fs/ext4/ialloc.c:1216
ext4_symlink+0x242/0x5a0 fs/ext4/namei.c:3391
vfs_symlink+0xca/0x1d0 fs/namei.c:4615
do_symlinkat+0xe3/0x340 fs/namei.c:4641
__do_sys_symlinkat fs/namei.c:4657 [inline]
__se_sys_symlinkat fs/namei.c:4654 [inline]
__x64_sys_symlinkat+0x5e/0x70 fs/namei.c:4654
x64_sys_call+0x1dda/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:267
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x76/0x7e
read to 0xffff88810404300e of 2 bytes by task 6257 on cpu 0:
ext4_free_inodes_count+0x1c/0x80 fs/ext4/super.c:349
find_group_other fs/ext4/ialloc.c:594 [inline]
__ext4_new_inode+0x6ec/0x2200 fs/ext4/ialloc.c:1017
ext4_symlink+0x242/0x5a0 fs/ext4/namei.c:3391
vfs_symlink+0xca/0x1d0 fs/namei.c:4615
do_symlinkat+0xe3/0x340 fs/namei.c:4641
__do_sys_symlinkat fs/namei.c:4657 [inline]
__se_sys_symlinkat fs/namei.c:4654 [inline]
__x64_sys_symlinkat+0x5e/0x70 fs/namei.c:4654
x64_sys_call+0x1dda/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:267
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Cc: stable@vger.kernel.org
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Link: https://patch.msgid.link/20241003125337.47283-1-aha310510@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2f3d93e210b9c2866c8b3662adae427d5bf511ec ]
When I enabled ext4 debug for fault injection testing, I encountered the
following warning:
EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:
Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051
WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0
The root cause of the issue lies in the improper implementation of ext4's
buffer_head read fault injection. The actual completion of buffer_head
read and the buffer_head fault injection are not atomic, which can lead
to the uptodate flag being cleared on normally used buffer_heads in race
conditions.
[CPU0] [CPU1] [CPU2]
ext4_read_inode_bitmap
ext4_read_bh()
<bh read complete>
ext4_read_inode_bitmap
if (buffer_uptodate(bh))
return bh
jbd2_journal_commit_transaction
__jbd2_journal_refile_buffer
__jbd2_journal_unfile_buffer
__jbd2_journal_temp_unlink_buffer
ext4_simulate_fail_bh()
clear_buffer_uptodate
mark_buffer_dirty
<report warning>
WARN_ON_ONCE(!buffer_uptodate(bh))
The best approach would be to perform fault injection in the IO completion
callback function, rather than after IO completion. However, the IO
completion callback function cannot get the fault injection code in sb.
Fix it by passing the result of fault injection into the bh read function,
we simulate faults within the bh read function itself. This requires adding
an extra parameter to the bh read functions that need fault injection.
Fixes: 46f870d690 ("ext4: simulate various I/O and checksum errors when reading metadata")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Link: https://patch.msgid.link/20240906091746.510163-1-leo.lilong@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 76486b104168ae59703190566e372badf433314b ]
When we remount filesystem with 'abort' mount option while changing
other mount options as well (as is LTP test doing), we can return error
from the system call after commit d3476f3dad ("ext4: don't set
SB_RDONLY after filesystem errors") because the application of mount
option changes detects shutdown filesystem and refuses to do anything.
The behavior of application of other mount options in presence of
'abort' mount option is currently rather arbitary as some mount option
changes are handled before 'abort' and some after it.
Move aborting of the filesystem to the end of remount handling so all
requested changes are properly applied before the filesystem is shutdown
to have a reasonably consistent behavior.
Fixes: d3476f3dad ("ext4: don't set SB_RDONLY after filesystem errors")
Reported-by: Jan Stancek <jstancek@redhat.com>
Link: https://lore.kernel.org/all/Zvp6L+oFnfASaoHl@t14s
Signed-off-by: Jan Kara <jack@suse.cz>
Tested-by: Jan Stancek <jstancek@redhat.com>
Link: https://patch.msgid.link/20241004221556.19222-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Calling ext4_fc_mark_ineligible() with a NULL handle is racy and may result
in a fast-commit being done before the filesystem is effectively marked as
ineligible. This patch moves the call to this function so that an handle
can be used. If a transaction fails to start, then there's not point in
trying to mark the filesystem as ineligible, and an error will eventually be
returned to user-space.
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Luis Henriques (SUSE) <luis.henriques@linux.dev>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20240923104909.18342-3-luis.henriques@linux.dev
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Pull 'struct fd' updates from Al Viro:
"Just the 'struct fd' layout change, with conversion to accessor
helpers"
* tag 'pull-stable-struct_fd' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
add struct fd constructors, get rid of __to_fd()
struct fd: representation change
introduce fd_file(), convert all accessors to it.
Pull ext4 updates from Ted Ts'o:
"Lots of cleanups and bug fixes this cycle, primarily in the block
allocation, extent management, fast commit, and journalling"
* tag 'ext4_for_linus-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (93 commits)
ext4: convert EXT4_B2C(sbi->s_stripe) users to EXT4_NUM_B2C
ext4: check stripe size compatibility on remount as well
ext4: fix i_data_sem unlock order in ext4_ind_migrate()
ext4: remove the special buffer dirty handling in do_journal_get_write_access
ext4: fix a potential assertion failure due to improperly dirtied buffer
ext4: hoist ext4_block_write_begin and replace the __block_write_begin
ext4: persist the new uptodate buffers in ext4_journalled_zero_new_buffers
ext4: dax: keep orphan list before truncate overflow allocated blocks
ext4: fix error message when rejecting the default hash
ext4: save unnecessary indentation in ext4_ext_create_new_leaf()
ext4: make some fast commit functions reuse extents path
ext4: refactor ext4_swap_extents() to reuse extents path
ext4: get rid of ppath in convert_initialized_extent()
ext4: get rid of ppath in ext4_ext_handle_unwritten_extents()
ext4: get rid of ppath in ext4_ext_convert_to_initialized()
ext4: get rid of ppath in ext4_convert_unwritten_extents_endio()
ext4: get rid of ppath in ext4_split_convert_extents()
ext4: get rid of ppath in ext4_split_extent()
ext4: get rid of ppath in ext4_force_split_extent_at()
ext4: get rid of ppath in ext4_split_extent_at()
...
Pull vfs file updates from Christian Brauner:
"This is the work to cleanup and shrink struct file significantly.
Right now, (focusing on x86) struct file is 232 bytes. After this
series struct file will be 184 bytes aka 3 cacheline and a spare 8
bytes for future extensions at the end of the struct.
With struct file being as ubiquitous as it is this should make a
difference for file heavy workloads and allow further optimizations in
the future.
- struct fown_struct was embedded into struct file letting it take up
32 bytes in total when really it shouldn't even be embedded in
struct file in the first place. Instead, actual users of struct
fown_struct now allocate the struct on demand. This frees up 24
bytes.
- Move struct file_ra_state into the union containg the cleanup hooks
and move f_iocb_flags out of the union. This closes a 4 byte hole
we created earlier and brings struct file to 192 bytes. Which means
struct file is 3 cachelines and we managed to shrink it by 40
bytes.
- Reorder struct file so that nothing crosses a cacheline.
I suspect that in the future we will end up reordering some members
to mitigate false sharing issues or just because someone does
actually provide really good perf data.
- Shrinking struct file to 192 bytes is only part of the work.
Files use a slab that is SLAB_TYPESAFE_BY_RCU and when a kmem cache
is created with SLAB_TYPESAFE_BY_RCU the free pointer must be
located outside of the object because the cache doesn't know what
part of the memory can safely be overwritten as it may be needed to
prevent object recycling.
That has the consequence that SLAB_TYPESAFE_BY_RCU may end up
adding a new cacheline.
So this also contains work to add a new kmem_cache_create_rcu()
function that allows the caller to specify an offset where the
freelist pointer is supposed to be placed. Thus avoiding the
implicit addition of a fourth cacheline.
- And finally this removes the f_version member in struct file.
The f_version member isn't particularly well-defined. It is mainly
used as a cookie to detect concurrent seeks when iterating
directories. But it is also abused by some subsystems for
completely unrelated things.
It is mostly a directory and filesystem specific thing that doesn't
really need to live in struct file and with its wonky semantics it
really lacks a specific function.
For pipes, f_version is (ab)used to defer poll notifications until
a write has happened. And struct pipe_inode_info is used by
multiple struct files in their ->private_data so there's no chance
of pushing that down into file->private_data without introducing
another pointer indirection.
But pipes don't rely on f_pos_lock so this adds a union into struct
file encompassing f_pos_lock and a pipe specific f_pipe member that
pipes can use. This union of course can be extended to other file
types and is similar to what we do in struct inode already"
* tag 'vfs-6.12.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (26 commits)
fs: remove f_version
pipe: use f_pipe
fs: add f_pipe
ubifs: store cookie in private data
ufs: store cookie in private data
udf: store cookie in private data
proc: store cookie in private data
ocfs2: store cookie in private data
input: remove f_version abuse
ext4: store cookie in private data
ext2: store cookie in private data
affs: store cookie in private data
fs: add generic_llseek_cookie()
fs: use must_set_pos()
fs: add must_set_pos()
fs: add vfs_setpos_cookie()
s390: remove unused f_version
ceph: remove unused f_version
adi: remove unused f_version
mm: Removed @freeptr_offset to prevent doc warning
...
Although we have checks to make sure s_stripe is a multiple of cluster
size, in case we accidentally end up with a scenario where this is not
the case, use EXT4_NUM_B2C() so that we don't end up with unexpected
cases where EXT4_B2C(stripe) becomes 0.
Also make the is_stripe_aligned check in regular_allocator a bit more
robust while we are at it. This should ideally have no functional change
unless we have a bug somewhere causing (stripe % cluster_size != 0)
Reviewed-by: Kemeng Shi <shikemeng@huaweicloud.com>
Signed-off-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://patch.msgid.link/e0c0a3b58a40935a1361f668851d041575861411.1725002410.git.ojaswin@linux.ibm.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fuzzing reports a possible deadlock in jbd2_log_wait_commit.
This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require
synchronous updates because the file descriptor is opened with O_SYNC.
This can lead to the jbd2_journal_stop() function calling
jbd2_might_wait_for_commit(), potentially causing a deadlock if the
EXT4_IOC_MIGRATE call races with a write(2) system call.
This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this
case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the
jbd2_journal_stop function while i_data_sem is locked. This triggers
lockdep because the jbd2_journal_start function might also lock the same
jbd2_handle simultaneously.
Found by Linux Verification Center (linuxtesting.org) with syzkaller.
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Co-developed-by: Mikhail Ukhin <mish.uxin2012@yandex.ru>
Signed-off-by: Mikhail Ukhin <mish.uxin2012@yandex.ru>
Signed-off-by: Artem Sadovnikov <ancowi69@gmail.com>
Rule: add
Link: https://lore.kernel.org/stable/20240404095000.5872-1-mish.uxin2012%40yandex.ru
Link: https://patch.msgid.link/20240829152210.2754-1-ancowi69@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
On an old kernel version(4.19, ext3, data=journal, pagesize=64k),
an assertion failure will occasionally be triggered by the line below:
-----------
jbd2_journal_commit_transaction
{
...
J_ASSERT_BH(bh, !buffer_dirty(bh));
/*
* The buffer on BJ_Forget list and not jbddirty means
...
}
-----------
The same condition may also be applied to the lattest kernel version.
When blocksize < pagesize and we truncate a file, there can be buffers in
the mapping tail page beyond i_size. These buffers will be filed to
transaction's BJ_Forget list by ext4_journalled_invalidatepage() during
truncation. When the transaction doing truncate starts committing, we can
grow the file again. This calls __block_write_begin() which allocates new
blocks under these buffers in the tail page we go through the branch:
if (buffer_new(bh)) {
clean_bdev_bh_alias(bh);
if (folio_test_uptodate(folio)) {
clear_buffer_new(bh);
set_buffer_uptodate(bh);
mark_buffer_dirty(bh);
continue;
}
...
}
Hence buffers on BJ_Forget list of the committing transaction get marked
dirty and this triggers the jbd2 assertion.
Teach ext4_block_write_begin() to properly handle files with data
journalling by avoiding dirtying them directly. Instead of
folio_zero_new_buffers() we use ext4_journalled_zero_new_buffers() which
takes care of handling journalling. We also don't need to mark new uptodate
buffers as dirty in ext4_block_write_begin(). That will be either done
either by block_commit_write() in case of success or by
folio_zero_new_buffers() in case of failure.
Reported-by: Baolin Liu <liubaolin@kylinos.cn>
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Shida Zhang <zhangshida@kylinos.cn>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20240830053739.3588573-4-zhangshida@kylinos.cn
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Greg Kroah-Hartman
Brian Foster
Zhang Yi
Jan Kara
Thadeu Lima de Souza Cascardo
Baokun Li
Christian Göttsche
Nicolas Bretz
Davidlohr Bueso
Ojaswin Mujoo
Artem Sadovnikov
Jann Horn
Bhupesh
Acs, Jakub
Theodore Ts'o
Pankaj Raghav
Jeongjun Park
Long Li
Suren Baghdasaryan
Luis Henriques (SUSE)
Linus Torvalds
Christian Brauner
Artem Sadovnikov
Shida Zhang