GKI (arm64) relevant 87 out of 414 changes, affecting 112 files +738/-352
bdb71ee651 configfs: Do not override creating attribute file failure in populate_attrs() [1 file, +1/-1]
ba789be63d io_uring: account drain memory to cgroup [1 file, +1/-1]
c58b577cf7 io_uring/kbuf: account ring io_buffer_list memory [1 file, +1/-1]
f78b38af35 jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() [1 file, +3/-2]
2429bb9fad media: v4l2-dev: fix error handling in __video_register_device() [1 file, +7/-7]
5d8b057ed7 media: videobuf2: use sgtable-based scatterlist wrappers [1 file, +2/-2]
b52dc88361 media: uvcvideo: Return the number of processed controls [1 file, +10/-1]
6d2b12e7c5 media: uvcvideo: Send control events for partial succeeds [1 file, +9/-3]
aac91ae06c media: uvcvideo: Fix deferred probing error [1 file, +19/-8]
86d9837e46 arm64/mm: Close theoretical race where stale TLB entry remains valid [1 file, +5/-4]
5538af3843 block: use plug request list tail for one-shot backmerge attempt [1 file, +13/-13]
943801c380 block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion [1 file, +1/-0]
1c71f3cf5f cgroup,freezer: fix incomplete freezing when attaching tasks [1 file, +1/-2]
a0890b7805 bus: firewall: Fix missing static inline annotations for stubs [1 file, +9/-6]
5766da2237 ext4: inline: fix len overflow in ext4_prepare_inline_data [1 file, +1/-1]
796632e6f8 ext4: fix calculation of credits for extent tree modification [1 file, +6/-5]
4b36399711 ext4: ensure i_size is smaller than maxbytes [1 file, +2/-1]
be5f3061a6 ext4: only dirty folios when data journaling regular files [1 file, +6/-1]
a0b1c91ada Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() [1 file, +2/-0]
fed611bd8c f2fs: fix to do sanity check on ino and xnid [1 file, +6/-0]
aaa644e7ff f2fs: prevent kernel warning due to negative i_nlink from corrupted image [1 file, +9/-0]
ee1b421c46 f2fs: fix to do sanity check on sit_bitmap_size [1 file, +8/-0]
f16a797dce watchdog: fix watchdog may detect false positive of softlockup [1 file, +27/-14]
02137179ff mm: fix ratelimit_pages update error in dirty_ratio_handler() [1 file, +1/-1]
462eee6d42 firmware: arm_scmi: Ensure that the message-id supports fastchannel [2 files, +45/-33]
e3cf1ef571 dm-verity: fix a memory leak if some arguments are specified multiple times [3 files, +24/-5]
f2986bccf2 dm: lock limits when reading them [1 file, +7/-1]
ec5f0b4412 ovl: Fix nested backing file paths [1 file, +2/-2]
92776ca0cc remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() [1 file, +2/-3]
f4ef928ca5 remoteproc: core: Release rproc->clean_table after rproc_attach() fails [1 file, +1/-0]
68e58f5791 PCI: dwc: ep: Correct PBA offset in .set_msix() callback [1 file, +3/-2]
b20701d594 PCI: Add ACS quirk for Loongson PCIe [1 file, +23/-0]
be0cf75cbd PCI: Fix lock symmetry in pci_slot_unlock() [1 file, +2/-1]
7b45d2401d clocksource: Fix the CPUs' choice in the watchdog per CPU verification [1 file, +1/-1]
c05aba32a9 ACPICA: Avoid sequence overread in call to strncmp() [1 file, +1/-1]
66613b13cd ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case [1 file, +8/-1]
33cd650d38 pmdomain: core: Reset genpd->states to avoid freeing invalid data [1 file, +3/-1]
f34e0c1556 platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() [1 file, +1/-0]
c519f81e9c gpiolib: of: Add polarity quirk for s5m8767 [1 file, +9/-0]
1f152ae557 PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() [1 file, +1/-1]
6c1151d53c tipc: use kfree_sensitive() for aead cleanup [1 file, +1/-1]
b0e647442c f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx [2 files, +15/-13]
2d834477bb bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() [1 file, +2/-1]
77ff6aec7c cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs [1 file, +35/-1]
0a8446058c tcp: always seek for minimal rtt in tcp_rcv_rtt_update() [1 file, +8/-14]
f97085d365 tcp: remove zero TCP TS samples for autotuning [1 file, +5/-5]
89b20c406e tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows [1 file, +3/-3]
84c156a351 tcp: add receive queue awareness in tcp_rcv_space_adjust() [2 files, +5/-3]
3a9e74d158 ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT [1 file, +4/-0]
5eb9c50e0c net: page_pool: Don't recycle into cache on PREEMPT_RT [1 file, +4/-0]
8b0741b167 xfrm: validate assignment of maximal possible SEQ number [1 file, +42/-10]
8fdf2f79eb bpf: Pass the same orig_call value to trampoline functions [1 file, +1/-1]
f0023d7a2a f2fs: fix to bail out in get_new_segment() [2 files, +6/-1]
448dc45eea bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index [1 file, +2/-2]
78f768e36c net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions [1 file, +69/-8]
4b3383110b software node: Correct a OOB check in software_node_get_reference_args() [1 file, +1/-1]
b7129ef57d sock: Correct error checking condition for (assign|release)_proto_idx() [1 file, +2/-2]
a58f0a0e99 f2fs: fix to set atomic write status more clear [3 files, +12/-2]
b8b4b8bb34 bpf, sockmap: Fix data lost during EAGAIN retries [1 file, +2/-1]
7c41f73b64 fs/xattr.c: fix simple_xattr_list() [1 file, +1/-0]
2e10dc9c2a io_uring/kbuf: don't truncate end buffer for multiple buffer peeks [1 file, +4/-1]
1a4254ab06 io_uring: fix task leak issue in io_wq_create() [1 file, +3/-1]
4220cc0b98 nvme: always punt polled uring_cmd end_io work to task_work [1 file, +7/-14]
f9b97d466e net_sched: sch_sfq: reject invalid perturb period [1 file, +8/-2]
2a3ad42a57 net: clear the dst when changing skb protocol [1 file, +13/-6]
510a29d776 mm: close theoretical race where stale TLB entries could linger [1 file, +2/-0]
57ec081869 sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group() [3 files, +9/-2]
3d828519bd atm: Revert atm_account_tx() if copy_from_iter_full() fails. [3 files, +8/-1]
47f34289d1 arm64: Restrict pagetable teardown to avoid false warning [1 file, +2/-1]
9cf5b2a3b7 mm/hugetlb: unshare page tables during VMA split, not before [5 files, +57/-16]
dc5f0aef9e net: Fix checksum update for ILA adj-transport [4 files, +7/-7]
2516299184 bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE [3 files, +7/-2]
50189d9c5e erofs: remove unused trace event erofs_destroy_inode [1 file, +0/-18]
348e541fef ipv6: remove leftover ip6 cookie initializer [1 file, +0/-2]
3c44ebad5a ipv6: replace ipcm6_init calls with ipcm6_init_sk [4 files, +3/-29]
6b358b3adf io_uring/sqpoll: don't put task_struct on tctx setup failure [1 file, +1/-4]
8873080b88 workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() [1 file, +2/-1]
ac462a75fd net: netmem: fix skb_ensure_writable with unreadable skbs [1 file, +0/-3]
61b39e189d ptp: allow reading of currently dialed frequency to succeed on free-running clocks [1 file, +2/-1]
397c1faf8f tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior [1 file, +25/-12]
0d3d91c350 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer [1 file, +2/-2]
31d50dfe9c tcp: fix passive TFO socket having invalid NAPI ID [1 file, +3/-0]
0f8df5d6f2 ublk: santizize the arguments from userspace when adding a device [1 file, +3/-0]
456019adaa perf: Fix sample vs do_exit() [2 files, +16/-8]
7335c33d62 perf: Fix cgroup state vs ERROR [1 file, +30/-21]
fd199366bf perf/core: Fix WARN in perf_cgroup_switch() [1 file, +20/-2]
22f935bc86 arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() [1 file, +1/-1]
Changes in 6.12.35
configfs: Do not override creating attribute file failure in populate_attrs()
crypto: marvell/cesa - Do not chain submitted requests
gfs2: move msleep to sleepable context
crypto: qat - add shutdown handler to qat_c3xxx
crypto: qat - add shutdown handler to qat_420xx
crypto: qat - add shutdown handler to qat_4xxx
crypto: qat - add shutdown handler to qat_c62x
crypto: qat - add shutdown handler to qat_dh895xcc
ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
ASoC: amd: sof_amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()
io_uring: account drain memory to cgroup
io_uring/kbuf: account ring io_buffer_list memory
powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states
s390/pci: Remove redundant bus removal and disable from zpci_release_device()
s390/pci: Prevent self deletion in disable_slot()
s390/pci: Allow re-add of a reserved but not yet removed device
s390/pci: Serialize device addition and removal
regulator: max20086: Fix MAX200086 chip id
regulator: max20086: Change enable gpio to optional
net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr()
net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
wifi: mt76: mt7925: fix host interrupt register initialization
wifi: ath11k: fix rx completion meta data corruption
wifi: rtw88: usb: Upload the firmware in bigger chunks
wifi: ath11k: fix ring-buffer corruption
NFSD: unregister filesystem in case genl_register_family() fails
NFSD: fix race between nfsd registration and exports_proc
NFSD: Implement FATTR4_CLONE_BLKSIZE attribute
nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls
NFSv4: Don't check for OPEN feature support in v4.1
fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()
wifi: ath12k: fix ring-buffer corruption
jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
svcrdma: Unregister the device if svc_rdma_accept() fails
wifi: rtw88: usb: Reduce control message timeout to 500 ms
wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
media: ov8856: suppress probe deferral errors
media: ov5675: suppress probe deferral errors
media: imx335: Use correct register width for HNUM
media: nxp: imx8-isi: better handle the m2m usage_count
media: i2c: ds90ub913: Fix returned fmt from .set_fmt()
media: ccs-pll: Start VT pre-PLL multiplier search from correct value
media: ov2740: Move pm-runtime cleanup on probe-errors to proper place
media: ccs-pll: Start OP pre-PLL multiplier search from correct value
media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
media: cxusb: no longer judge rbuf when the write fails
media: davinci: vpif: Fix memory leak in probe error path
media: gspca: Add error handling for stv06xx_read_sensor()
media: i2c: imx335: Fix frame size enumeration
media: imagination: fix a potential memory leak in e5010_probe()
media: intel/ipu6: Fix dma mask for non-secure mode
media: ipu6: Remove workaround for Meteor Lake ES2
media: mediatek: vcodec: Correct vsi_core framebuffer size
media: omap3isp: use sgtable-based scatterlist wrappers
media: v4l2-dev: fix error handling in __video_register_device()
media: venus: Fix probe error handling
media: videobuf2: use sgtable-based scatterlist wrappers
media: vidtv: Terminating the subsequent process of initialization failure
media: vivid: Change the siize of the composing
media: imx-jpeg: Drop the first error frames
media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead
media: imx-jpeg: Reset slot data pointers when freed
media: imx-jpeg: Cleanup after an allocation error
media: uvcvideo: Return the number of processed controls
media: uvcvideo: Send control events for partial succeeds
media: uvcvideo: Fix deferred probing error
arm64/mm: Close theoretical race where stale TLB entry remains valid
ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
ASoC: codecs: wcd9375: Fix double free of regulator supplies
ASoC: codecs: wcd937x: Drop unused buck_supply
block: use plug request list tail for one-shot backmerge attempt
block: Clear BIO_EMULATES_ZONE_APPEND flag on BIO completion
bus: mhi: ep: Update read pointer only after buffer is written
bus: mhi: host: Fix conflict between power_up and SYSERR
can: kvaser_pciefd: refine error prone echo_skb_max handling logic
can: tcan4x5x: fix power regulator retrieval during probe
ceph: avoid kernel BUG for encrypted inode with unaligned file size
ceph: set superblock s_magic for IMA fsmagic matching
cgroup,freezer: fix incomplete freezing when attaching tasks
bus: firewall: Fix missing static inline annotations for stubs
ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard
ata: ahci: Disallow LPM for Asus B550-F motherboard
bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
bus: fsl-mc: fix GET/SET_TAILDROP command ids
ext4: inline: fix len overflow in ext4_prepare_inline_data
ext4: fix calculation of credits for extent tree modification
ext4: factor out ext4_get_maxbytes()
ext4: ensure i_size is smaller than maxbytes
ext4: only dirty folios when data journaling regular files
Input: ims-pcu - check record size in ims_pcu_flash_firmware()
Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer()
f2fs: fix to do sanity check on ino and xnid
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
f2fs: fix to do sanity check on sit_bitmap_size
hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
NFC: nci: uart: Set tty->disc_data only in success path
net/sched: fix use-after-free in taprio_dev_notifier
net: ftgmac100: select FIXED_PHY
iommu/vt-d: Restore context entry setup order for aliased devices
fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
EDAC/altera: Use correct write width with the INTTEST register
fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
parisc/unaligned: Fix hex output to show 8 hex chars
vgacon: Add check for vc_origin address range in vgacon_scroll()
parisc: fix building with gcc-15
clk: meson-g12a: add missing fclk_div2 to spicc
ipc: fix to protect IPCS lookups using RCU
watchdog: fix watchdog may detect false positive of softlockup
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
mm: fix ratelimit_pages update error in dirty_ratio_handler()
soc: qcom: pmic_glink_altmode: fix spurious DP hotplug events
configfs-tsm-report: Fix NULL dereference of tsm_ops
firmware: arm_scmi: Ensure that the message-id supports fastchannel
mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk
mtd: nand: sunxi: Add randomizer configuration before randomizer enable
KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs
KVM: VMX: Flush shadow VMCS on emergency reboot
dm-mirror: fix a tiny race condition
dm-verity: fix a memory leak if some arguments are specified multiple times
mtd: rawnand: qcom: Fix read len for onfi param page
ftrace: Fix UAF when lookup kallsym after ftrace disabled
dm: lock limits when reading them
phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property()
net: ch9200: fix uninitialised access during mii_nway_restart
KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY
sysfb: Fix screen_info type check for VGA
video: screen_info: Relocate framebuffers behind PCI bridges
pwm: axi-pwmgen: fix missing separate external clock
staging: iio: ad5933: Correct settling cycles encoding per datasheet
mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
ovl: Fix nested backing file paths
regulator: max14577: Add error check for max14577_read_reg()
remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach()
remoteproc: core: Release rproc->clean_table after rproc_attach() fails
remoteproc: k3-m4: Don't assert reset in detach routine
cifs: reset connections for all channels when reconnect requested
cifs: update dstaddr whenever channel iface is updated
cifs: dns resolution is needed only for primary channel
smb: client: add NULL check in automount_fullpath
Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
uio_hv_generic: Use correct size for interrupt and monitor pages
uio_hv_generic: Align ring size to system page
PCI: cadence-ep: Correct PBA offset in .set_msix() callback
PCI: dwc: ep: Correct PBA offset in .set_msix() callback
PCI: Add ACS quirk for Loongson PCIe
PCI: Fix lock symmetry in pci_slot_unlock()
PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up()
PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit()
iio: accel: fxls8962af: Fix temperature scan element sign
accel/ivpu: Improve buffer object logging
accel/ivpu: Use firmware names from upstream repo
accel/ivpu: Use dma_resv_lock() instead of a custom mutex
accel/ivpu: Fix warning in ivpu_gem_bo_free()
dummycon: Trigger redraw when switching consoles with deferred takeover
mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
iio: imu: inv_icm42600: Fix temperature calculation
iio: adc: ad7944: mask high bits on direct read
iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build
iio: adc: ad7606_spi: fix reg write value mask
ACPICA: fix acpi operand cache leak in dswstate.c
ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9
clocksource: Fix the CPUs' choice in the watchdog per CPU verification
power: supply: collie: Fix wakeup source leaks on device unbind
mmc: Add quirk to disable DDR50 tuning
ACPICA: Avoid sequence overread in call to strncmp()
ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init()
ACPI: bus: Bail out if acpi_kobj registration fails
ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case
ACPICA: fix acpi parse and parseext cache leaks
ACPICA: Apply pack(1) to union aml_resource
ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops
power: supply: bq27xxx: Retrieve again when busy
pmdomain: core: Reset genpd->states to avoid freeing invalid data
ACPICA: utilities: Fix overflow check in vsnprintf()
platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all()
ASoC: tegra210_ahub: Add check to of_device_get_match_data()
Make 'cc-option' work correctly for the -Wno-xyzzy pattern
gpiolib: of: Add polarity quirk for s5m8767
PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
power: supply: max17040: adjust thermal channel scaling
ACPI: battery: negate current when discharging
net: macb: Check return value of dma_set_mask_and_coherent()
net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
tipc: use kfree_sensitive() for aead cleanup
f2fs: use vmalloc instead of kvmalloc in .init_{,de}compress_ctx
bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922
i2c: designware: Invoke runtime suspend on quick slave re-registration
wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
emulex/benet: correct command version selection in be_cmd_get_stats()
Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925
wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
wifi: mt76: mt7921: add 160 MHz AP for mt7922 device
wifi: mt76: mt7925: introduce thermal protection
wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO
sctp: Do not wake readers in __sctp_write_space()
libbpf/btf: Fix string handling to support multi-split BTF
cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
i2c: tegra: check msg length in SMBUS block read
i2c: npcm: Add clock toggle recovery
clk: qcom: gcc-x1e80100: Set FORCE MEM CORE for UFS clocks
net: dlink: add synchronization for stats update
wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET
wifi: ath12k: fix a possible dead lock caused by ab->base_lock
wifi: ath11k: Fix QMI memory reuse logic
iommu/amd: Allow matching ACPI HID devices without matching UIDs
wifi: rtw89: leave idle mode when setting WEP encryption for AP mode
tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
tcp: remove zero TCP TS samples for autotuning
tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
tcp: add receive queue awareness in tcp_rcv_space_adjust()
x86/sgx: Prevent attempts to reclaim poisoned pages
ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
net: page_pool: Don't recycle into cache on PREEMPT_RT
xfrm: validate assignment of maximal possible SEQ number
net: atlantic: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()
bpf: Pass the same orig_call value to trampoline functions
net: stmmac: generate software timestamp just before the doorbell
pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()
libbpf: Check bpf_map_skeleton link for NULL
pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
net: vertexcom: mse102x: Return code for mse102x_rx_pkt_spi
wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn()
wifi: mac80211: do not offer a mesh path if forwarding is disabled
clk: rockchip: rk3036: mark ddrphy as critical
hid-asus: check ROG Ally MCU version and warn
wifi: iwlwifi: mvm: fix beacon CCK flag
f2fs: fix to bail out in get_new_segment()
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
libbpf: Add identical pointer detection to btf_dedup_is_equiv()
scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands
scsi: smartpqi: Add new PCI IDs
iommu/amd: Ensure GA log notifier callbacks finish running before module unload
wifi: iwlwifi: pcie: make sure to lock rxq->read
wifi: rtw89: 8922a: fix TX fail with wrong VCO setting
wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled
netdevsim: Mark NAPI ID on skb in nsim_rcv
net/mlx5: HWS, Fix IP version decision
bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index
wifi: mac80211: VLAN traffic in multicast path
Revert "mac80211: Dynamically set CoDel parameters per station"
wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0
net: bridge: mcast: update multicast contex when vlan state is changed
net: bridge: mcast: re-implement br_multicast_{enable, disable}_port functions
vxlan: Do not treat dst cache initialization errors as fatal
bnxt_en: Remove unused field "ref_count" in struct bnxt_ulp
wifi: ath12k: using msdu end descriptor to check for rx multicast packets
net: ethernet: ti: am65-cpsw: handle -EPROBE_DEFER
software node: Correct a OOB check in software_node_get_reference_args()
isofs: fix Y2038 and Y2156 issues in Rock Ridge TF entry
pinctrl: mcp23s08: Reset all pins to input at probe
wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping
scsi: lpfc: Use memcpy() for BIOS version
sock: Correct error checking condition for (assign|release)_proto_idx()
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
ixgbe: Fix unreachable retry logic in combined and byte I2C write functions
RDMA/hns: initialize db in update_srq_db()
ice: fix check for existing switch rule
usbnet: asix AX88772: leave the carrier control to phylink
f2fs: fix to set atomic write status more clear
bpf, sockmap: Fix data lost during EAGAIN retries
net: ethernet: cortina: Use TOE/TSO on all TCP
octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
wifi: ath11k: determine PM policy based on machine model
wifi: ath12k: fix link valid field initialization in the monitor Rx
wifi: ath12k: fix incorrect CE addresses
wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz
net/mlx5: HWS, Harden IP version definer checks
fbcon: Make sure modelist not set on unregistered console
watchdog: da9052_wdt: respect TWDMIN
bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
tee: Prevent size calculation wraparound on 32-bit kernels
Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first"
fs/xattr.c: fix simple_xattr_list()
platform/x86/amd: pmc: Clear metrics table at start of cycle
platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice
platform/x86: dell_rbu: Fix list usage
platform/x86: dell_rbu: Stop overwriting data buffer
powerpc/vdso: Fix build of VDSO32 with pcrel
powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
io_uring/kbuf: don't truncate end buffer for multiple buffer peeks
io_uring: fix task leak issue in io_wq_create()
drivers/rapidio/rio_cm.c: prevent possible heap overwrite
platform/loongarch: laptop: Get brightness setting from EC on probe
platform/loongarch: laptop: Unregister generic_sub_drivers on exit
platform/loongarch: laptop: Add backlight power control support
LoongArch: vDSO: Correctly use asm parameters in syscall wrappers
LoongArch: Avoid using $r0/$r1 as "mask" for csrxchg
LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
jffs2: check that raw node were preallocated before writing summary
jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
cifs: deal with the channel loading lag while picking channels
cifs: serialize other channels when query server interfaces is pending
cifs: do not disable interface polling on failure
smb: improve directory cache reuse for readdir operations
scsi: storvsc: Increase the timeouts to storvsc_timeout
scsi: s390: zfcp: Ensure synchronous unit_add
nvme: always punt polled uring_cmd end_io work to task_work
net_sched: sch_sfq: reject invalid perturb period
net: clear the dst when changing skb protocol
mm: close theoretical race where stale TLB entries could linger
udmabuf: use sgtable-based scatterlist wrappers
x86/virt/tdx: Avoid indirect calls to TDX assembly functions
selftests/x86: Add a test to detect infinite SIGTRAP handler loop
ksmbd: fix null pointer dereference in destroy_previous_session
platform/x86: ideapad-laptop: use usleep_range() for EC polling
selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL
sched_ext, sched/core: Don't call scx_group_set_weight() prematurely from sched_create_group()
atm: Revert atm_account_tx() if copy_from_iter_full() fails.
wifi: rtw89: phy: add dummy C2H event handler for report of TAS power
cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
Input: sparcspkr - avoid unannotated fall-through
wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
wifi: cfg80211: init wiphy_work before allocating rfkill fails
arm64: Restrict pagetable teardown to avoid false warning
ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card
ALSA: hda/intel: Add Thinkpad E15 to PM deny list
ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx
ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA
ALSA: hda/realtek: Add quirk for Asus GU605C
iio: accel: fxls8962af: Fix temperature calculation
mm/hugetlb: unshare page tables during VMA split, not before
drm/amdgpu: read back register after written for VCN v4.0.5
kbuild: rust: add rustc-min-version support function
rust: compile libcore with edition 2024 for 1.87+
net: Fix checksum update for ILA adj-transport
bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
erofs: remove unused trace event erofs_destroy_inode
nfsd: use threads array as-is in netlink interface
sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`
Kunit to check the longest symbol length
x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c
ipv6: remove leftover ip6 cookie initializer
ipv6: replace ipcm6_init calls with ipcm6_init_sk
smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels
drm/msm/disp: Correct porch timing for SDM845
drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names
drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
drm/ssd130x: fix ssd132x_clear_screen() columns
ionic: Prevent driver/fw getting out of sync on devcmd(s)
drm/nouveau/bl: increase buffer size to avoid truncate warning
drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled
hwmon: (occ) Rework attribute registration for stack usage
hwmon: (occ) fix unaligned accesses
hwmon: (ltc4282) avoid repeated register write
pldmfw: Select CRC32 when PLDMFW is selected
aoe: clean device rq_list in aoedev_downdev()
io_uring/sqpoll: don't put task_struct on tctx setup failure
net: ice: Perform accurate aRFS flow match
ice: fix eswitch code memory leak in reset scenario
e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
workqueue: Initialize wq_isolated_cpumask in workqueue_init_early()
ksmbd: add free_transport ops in ksmbd connection
net: netmem: fix skb_ensure_writable with unreadable skbs
bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
eth: bnxt: fix out-of-range access of vnic_info array
bnxt_en: Add a helper function to configure MRU and RSS
bnxt_en: Update MRU and RSS table of RSS contexts on queue reset
ptp: fix breakage after ptp_vclock_in_use() rework
ptp: allow reading of currently dialed frequency to succeed on free-running clocks
wifi: carl9170: do not ping device which has failed to load firmware
mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
atm: atmtcp: Free invalid length skb in atmtcp_c_send().
tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior
tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
tcp: fix passive TFO socket having invalid NAPI ID
eth: fbnic: avoid double free when failing to DMA-map FW msg
net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
ublk: santizize the arguments from userspace when adding a device
drm/xe: Wire up device shutdown handler
drm/xe/gt: Update handling of xe_force_wake_get return
drm/xe/bmg: Update Wa_16023588340
calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
mlxbf_gige: return EPROBE_DEFER if PHY IRQ is not available
net: atm: add lec_mutex
net: atm: fix /proc/net/atm/lec handling
EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh
dt-bindings: i2c: nvidia,tegra20-i2c: Specify the required properties
smb: Log an error when close_all_cached_dirs fails
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
serial: sh-sci: Increment the runtime usage counter for the earlycon device
smb: client: fix first command failure during re-negotiation
smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
s390/pci: Fix __pcilg_mio_inuser() inline assembly
perf: Fix sample vs do_exit()
perf: Fix cgroup state vs ERROR
perf/core: Fix WARN in perf_cgroup_switch()
arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()
scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
RISC-V: KVM: Fix the size parameter check in SBI SFENCE calls
RISC-V: KVM: Don't treat SBI HFENCE calls as NOPs
gpio: pca953x: fix wrong error probe return value
perf evsel: Missed close() when probing hybrid core PMUs
perf test: Directory file descriptor leak
gpio: mlxbf3: only get IRQ for device instance 0
cifs: Remove duplicate fattr->cf_dtype assignment from wsl_to_fattr() function
bpftool: Fix cgroup command to only show cgroup bpf programs
Linux 6.12.35
Change-Id: Ida57d269272a624bedb979bfad0b3c5e7df7e846
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 105 out of 506 changes, affecting 145 files +1290/-523
623074162b sched: Fix trace_sched_switch(.prev_state) [1 file, +4/-2]
781bbc8252 perf/core: Fix broken throttling when max_samples_per_tick=1 [1 file, +8/-8]
451a18d71b sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks [1 file, +6/-0]
5b814cde62 brd: fix aligned_sector from brd_do_discard() [1 file, +1/-1]
48e11bcee9 brd: fix discard end sector [1 file, +6/-3]
9cfca45aec erofs: fix file handle encoding for 64-bit NIDs [1 file, +36/-8]
65115472f7 erofs: avoid using multiple devices with different type [1 file, +4/-1]
58beaa1aee rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture [3 files, +10/-6]
5ed92ad1b7 crypto: xts - Only add ecb if it is not already there [1 file, +2/-2]
e9ecaeaf41 kunit: Fix wrong parameter to kunit_deactivate_static_stub() [1 file, +1/-1]
9c094deb6b crypto: api - Redo lookup on EEXIST [1 file, +11/-2]
81d72f9241 PM: EM: Fix potential division-by-zero error in em_compute_costs() [1 file, +4/-0]
0426e92970 PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() [1 file, +3/-0]
77d45ba1be PM: sleep: Print PM debug messages during hibernation [3 files, +11/-1]
45844a9403 ALSA: core: fix up bus match const issues. [4 files, +8/-8]
fa65c89f3f arm64/fpsimd: Avoid RES0 bits in the SME trap handler [2 files, +9/-7]
6103f9ba51 arm64/fpsimd: Discard stale CPU state when handling SME traps [1 file, +2/-0]
945d247d1c arm64/fpsimd: Don't corrupt FPMR when streaming mode changes [1 file, +3/-3]
55d52af498 arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP [1 file, +1/-1]
2756dac036 arm64/fpsimd: Reset FPMR upon exec() [1 file, +3/-0]
f5ffc750db arm64/fpsimd: Fix merging of FPSIMD state during signal return [1 file, +1/-1]
0860d48b70 firmware: psci: Fix refcount leak in psci_dt_init [1 file, +3/-1]
64a9ee6e11 arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused [1 file, +2/-2]
b3cfc1f9f5 arm64/fpsimd: Do not discard modified SVE state [3 files, +47/-17]
e55f46a11b overflow: Fix direct struct member initialization in _DEFINE_FLEX() [1 file, +3/-3]
671dd1fb87 bpf: Check link_create.flags parameter for multi_kprobe [1 file, +3/-0]
3a8e680f7d bpf, sockmap: fix duplicated data transmission [1 file, +9/-5]
3d25fa2d7f bpf, sockmap: Fix panic when calling skb_linearize [1 file, +16/-15]
44a51592ac f2fs: zone: fix to avoid inconsistence in between SIT and SSA [1 file, +3/-0]
4f51fb0d25 page_pool: Track DMA-mapped pages and unmap them when destroying the pool [5 files, +147/-18]
88f65bb66d iommu: Protect against overflow in iommu_pgsize() [1 file, +3/-1]
04daca6012 f2fs: clean up w/ fscrypt_is_bounce_page() [1 file, +1/-1]
4248ba53e4 f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() [1 file, +1/-1]
c1f418cc27 bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps [1 file, +16/-11]
e53a8dcd36 tracing: Move histogram trigger variables from stack to per CPU structure [1 file, +105/-15]
69a995644a efi/libstub: Describe missing 'out' parameter in efi_load_initrd [1 file, +1/-0]
709412b92a tracing: Fix error handling in event_trigger_parse() [1 file, +2/-2]
c98cdf6795 bpf: Fix WARN() in get_bpf_raw_tp_regs [1 file, +1/-1]
e0657136ae scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() [1 file, +0/-6]
6bfb154f95 kernfs: Relax constraint in draining guard [2 files, +5/-3]
df00f9147e Bluetooth: ISO: Fix not using SID from adv report [5 files, +75/-14]
1d249cc92d bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" [1 file, +2/-0]
1750c3f1d9 Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() [1 file, +1/-1]
15c0250dae bpf, sockmap: Avoid using sk_socket after free when sending [1 file, +8/-0]
30a9e834c7 net: usb: aqc111: fix error handling of usbnet read calls [1 file, +8/-2]
7893a41dea vsock/virtio: fix `rx_bytes` accounting for stream sockets [2 files, +17/-10]
2bc6dffb4b bpf: Avoid __bpf_prog_ret0_warn when jit fails [1 file, +1/-1]
ddc654e89a net: phy: clear phydev->devlink when the link is deleted [1 file, +3/-1]
f15ed37dd3 net: phy: fix up const issues in to_mdio_device() and to_phy_device() [2 files, +2/-8]
532601e783 f2fs: use d_inode(dentry) cleanup dentry->d_inode [2 files, +6/-6]
0befc3005d f2fs: fix to correct check conditions in f2fs_cross_rename [1 file, +1/-1]
2eeb181e76 dm: don't change md if dm_table_set_restrictions() fails [1 file, +12/-10]
48e0b54be4 dm: free table mempools if not used in __bind [1 file, +4/-4]
17e4b0fcd2 PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() [1 file, +1/-1]
0a3e2ec508 PCI: endpoint: Retain fixed-size BAR size as well as aligned size [2 files, +18/-7]
9f40ae8310 USB: gadget: udc: fix const issue in gadget_match_driver() [1 file, +1/-1]
4bd30962f3 USB: typec: fix const issue in typec_match() [1 file, +1/-1]
3091d4c0d0 loop: add file_start_write() and file_end_write() [1 file, +6/-2]
90891eadb8 Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated [1 file, +4/-4]
e869a85acc page_pool: Fix use-after-free in page_pool_recycle_in_ring [1 file, +14/-13]
c762fc79d7 net: tipc: fix refcount warning in tipc_aead_encrypt [1 file, +5/-1]
b788cebf72 Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION [1 file, +2/-1]
4399f59a94 net: fix udp gso skb_segment after pull from frag_list [1 file, +5/-0]
0cffc6e40d PM: sleep: Fix power.is_suspended cleanup for direct-complete devices [1 file, +2/-1]
f34dc858e6 netfilter: nf_nat: also check reverse tuple to obtain clashing entry [1 file, +9/-3]
4f0fcdb835 wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements [4 files, +83/-32]
933466fc50 wireguard: device: enable threaded NAPI [1 file, +1/-0]
1be1f3b848 iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec [1 file, +1/-1]
1d79230719 path_overmount(): avoid false negatives [1 file, +13/-6]
e1d02fe504 fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) [1 file, +1/-1]
9c1ddfeb66 do_change_type(): refuse to operate on unmounted/not ours mounts [1 file, +4/-0]
80f7c5be4f pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() [2 files, +42/-0]
3464a707d1 scsi: core: ufs: Fix a hang in the error handler [1 file, +6/-1]
99e3d69853 Bluetooth: hci_core: fix list_for_each_entry_rcu usage [1 file, +3/-8]
9df3e5e7f7 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete [3 files, +12/-30]
84ab1283eb Bluetooth: MGMT: Remove unused mgmt_pending_find_data [2 files, +0/-21]
4e83f2dbb2 Bluetooth: MGMT: Protect mgmt_pending list with its own lock [5 files, +80/-59]
d1bc80da75 net_sched: sch_sfq: fix a potential crash on gso_skb handling [1 file, +4/-1]
1e0de7582c net: Fix TOCTOU issue in sk_is_readable() [1 file, +5/-2]
78fa7b723e macsec: MACsec SCI assignment for ES = 0 [1 file, +34/-6]
b02d9d2732 net/mdiobus: Fix potential out-of-bounds read/write access [1 file, +6/-0]
31bf7b2b92 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access [1 file, +6/-0]
842f7c3154 Bluetooth: Fix NULL pointer deference on eir_get_service_data [1 file, +6/-4]
907ef6e12f Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance [1 file, +15/-5]
2af40d795d Bluetooth: eir: Fix possible crashes on eir_create_adv_data [3 files, +8/-6]
7a41744e38 Bluetooth: MGMT: Fix sparse errors [1 file, +2/-2]
e3f6745006 net_sched: prio: fix a race in prio_tune() [1 file, +1/-1]
180b12eafa net_sched: tbf: fix a race in tbf_change() [1 file, +1/-1]
0a2500782f fs/filesystems: Fix potential unsigned integer underflow in fs_name() [1 file, +9/-5]
f351bb3085 perf: Ensure bpf_perf_link path is properly serialized [1 file, +30/-4]
a5c7b61eed block: use q->elevator with ->elevator_lock held in elv_iosched_show() [1 file, +1/-2]
af8c13f9ee io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() [2 files, +14/-7]
0fccb6773b block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work [1 file, +5/-2]
48f33ec141 io_uring: consistently use rcu semantics with sqpoll thread [4 files, +38/-15]
a9022c8631 bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP [1 file, +1/-1]
4b1ef15ffd block: Fix bvec_set_folio() for very large folios [1 file, +5/-2]
84e9f0a2c2 ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 [1 file, +1/-0]
c29d531870 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() [1 file, +9/-0]
657003ced7 usb: Flush altsetting 0 endpoints before reinitializating them after reset. [1 file, +14/-2]
7bdd712abe usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work [1 file, +71/-20]
b8df8cb8f7 ring-buffer: Do not trigger WARN_ON() due to a commit_overrun [1 file, +18/-8]
e09c0600be ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() [1 file, +1/-3]
2d6a6cfe96 ring-buffer: Move cpus_read_lock() outside of buffer->mutex [1 file, +6/-5]
5ed1d7a700 net: usb: aqc111: debug info before sanitation [1 file, +4/-4]
ab20b0bdb0 overflow: Introduce __DEFINE_FLEX for having no initializer [1 file, +19/-6]
Changes in 6.12.34
tools/x86/kcpuid: Fix error handling
x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt()
crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run()
sched: Fix trace_sched_switch(.prev_state)
perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member
perf/x86/amd/uncore: Prevent UMC counters from saturating
gfs2: replace sd_aspace with sd_inode
gfs2: gfs2_create_inode error handling fix
perf/core: Fix broken throttling when max_samples_per_tick=1
crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions
powerpc: do not build ppc_save_regs.o always
powerpc/crash: Fix non-smp kexec preparation
sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks
x86/microcode/AMD: Do not return error when microcode update is not necessary
crypto: sun8i-ce - undo runtime PM changes during driver removal
x86/cpu: Sanitize CPUID(0x80000000) output
x86/insn: Fix opcode map (!REX2) superscript tags
brd: fix aligned_sector from brd_do_discard()
brd: fix discard end sector
kselftest: cpufreq: Get rid of double suspend in rtcwake case
crypto: marvell/cesa - Handle zero-length skcipher requests
crypto: marvell/cesa - Avoid empty transfer descriptor
erofs: fix file handle encoding for 64-bit NIDs
erofs: avoid using multiple devices with different type
powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view
btrfs: scrub: update device stats when an error is detected
btrfs: scrub: fix a wrong error type when metadata bytenr mismatches
btrfs: fix invalid data space release when truncating block in NOCOW mode
rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture
crypto: lrw - Only add ecb if it is not already there
crypto: xts - Only add ecb if it is not already there
crypto: sun8i-ce - move fallback ahash_request to the end of the struct
kunit: Fix wrong parameter to kunit_deactivate_static_stub()
crypto: api - Redo lookup on EEXIST
ACPICA: exserial: don't forget to handle FFixedHW opregions for reading
ASoC: tas2764: Enable main IRQs
ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()
EDAC/skx_common: Fix general protection fault
EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0
spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers
spi: tegra210-quad: remove redundant error handling code
spi: tegra210-quad: modify chip select (CS) deactivation
power: reset: at91-reset: Optimize at91_reset()
PM: EM: Fix potential division-by-zero error in em_compute_costs()
ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type
ASoC: SOF: amd: add missing acp descriptor field
PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[]
x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
PM: sleep: Print PM debug messages during hibernation
thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure
ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
spi: sh-msiof: Fix maximum DMA transfer size
ASoC: apple: mca: Constrain channels according to TDM mask
ALSA: core: fix up bus match const issues.
drm/vmwgfx: Add seqno waiter for sync_files
drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource
drm/vmwgfx: Fix dumb buffer leak
drm/xe/d3cold: Set power state to D3Cold during s2idle/s3
drm/vc4: tests: Use return instead of assert
drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table
media: rkvdec: Fix frame size enumeration
arm64/fpsimd: Avoid RES0 bits in the SME trap handler
arm64/fpsimd: Discard stale CPU state when handling SME traps
arm64/fpsimd: Don't corrupt FPMR when streaming mode changes
arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
arm64/fpsimd: Reset FPMR upon exec()
arm64/fpsimd: Fix merging of FPSIMD state during signal return
drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions
drm/panthor: Update panthor_mmu::irq::mask when needed
perf: arm-ni: Unregister PMUs on probe failure
perf: arm-ni: Fix missing platform_set_drvdata()
drm/panel: samsung-sofef00: Drop s6e3fc2x01 support
drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe()
fs/ntfs3: handle hdr_first_de() return value
fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr
kunit/usercopy: Disable u64 test on 32-bit SPARC
watchdog: exar: Shorten identity name to fit correctly
m68k: mac: Fix macintosh_config for Mac II
firmware: psci: Fix refcount leak in psci_dt_init
arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused
selftests/seccomp: fix syscall_restart test for arm compat
drm/msm/dpu: enable SmartDMA on SM8150
drm/msm/dpu: enable SmartDMA on SC8180X
drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
drm/vkms: Adjust vkms_state->active_planes allocation type
drm/tegra: rgb: Fix the unbound reference count
firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
arm64/fpsimd: Do not discard modified SVE state
overflow: Fix direct struct member initialization in _DEFINE_FLEX()
scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()
selftests/seccomp: fix negative_ENOSYS tracer tests on arm32
drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3
drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr
drm/mediatek: Fix kobject put for component sub-drivers
drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err
media: verisilicon: Free post processor buffers on error
svcrdma: Reduce the number of rdma_rw contexts per-QP
xen/x86: fix initial memory balloon target
wifi: ath11k: fix node corruption in ar->arvifs list
wifi: ath12k: Fix memory leak during vdev_id mismatch
wifi: ath12k: Fix invalid memory access while forming 802.11 header
IB/cm: use rwlock for MAD agent lock
bpf: Check link_create.flags parameter for multi_kprobe
selftests/bpf: Fix bpf_nf selftest failure
bpf: fix ktls panic with sockmap
bpf, sockmap: fix duplicated data transmission
bpf, sockmap: Fix panic when calling skb_linearize
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
wifi: ath12k: fix cleanup path after mhi init
wifi: ath12k: Fix WMI tag for EHT rate in peer assoc
wifi: ath12k: Fix buffer overflow in debugfs
f2fs: clean up unnecessary indentation
f2fs: prevent the current section from being selected as a victim during GC
f2fs: fix to do sanity check on sbi->total_valid_block_count
page_pool: Move pp_magic check into helper functions
page_pool: Track DMA-mapped pages and unmap them when destroying the pool
net: ncsi: Fix GCPS 64-bit member variables
libbpf: Fix buffer overflow in bpf_object__init_prog
net/mlx5: Avoid using xso.real_dev unnecessarily
xfrm: Use xdo.dev instead of xdo.real_dev
wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT
wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally
wifi: rtw88: do not ignore hardware read error during DPK
wifi: ath12k: fix invalid access to memory
wifi: ath12k: Add MSDU length validation for TKIP MIC error
wifi: ath12k: Fix the QoS control field offset to build QoS header
wifi: ath12k: fix node corruption in ar->arvifs list
RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
libbpf: Fix event name too long error
libbpf: Remove sample_period init in perf_buffer
Use thread-safe function pointer in libbpf_print
iommu: Protect against overflow in iommu_pgsize()
bonding: assign random address if device address is same as bond
f2fs: clean up w/ fscrypt_is_bounce_page()
f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels
libbpf: Use proper errno value in linker
bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps
netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it
netfilter: nft_quota: match correctly when the quota just depleted
netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
tracing: Move histogram trigger variables from stack to per CPU structure
clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs
bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels
clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
wifi: iwlfiwi: mvm: Fix the rate reporting
efi/libstub: Describe missing 'out' parameter in efi_load_initrd
selftests/bpf: Fix caps for __xlated/jited_unpriv
tracing: Rename event_trigger_alloc() to trigger_data_alloc()
tracing: Fix error handling in event_trigger_parse()
of: unittest: Unlock on error in unittest_data_add()
ktls, sockmap: Fix missing uncharge operation
libbpf: Use proper errno value in nlattr
pinctrl: at91: Fix possible out-of-boundary access
bpf: Fix WARN() in get_bpf_raw_tp_regs
dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference
clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz
s390/bpf: Store backchain even for leaf progs
wifi: rtw89: pci: enlarge retry times of RX tag to 1000
wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips
iommu: remove duplicate selection of DMAR_TABLE
wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
hisi_acc_vfio_pci: fix XQE dma address error
hisi_acc_vfio_pci: add eq and aeq interruption restore
hisi_acc_vfio_pci: bugfix live migration function without VF device driver
wifi: ath9k_htc: Abort software beacon handling if disabled
scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort()
kernfs: Relax constraint in draining guard
Bluetooth: ISO: Fix not using SID from adv report
wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()
wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
wifi: mt76: mt7925: prevent multiple scan commands
wifi: mt76: mt7925: refine the sniffer commnad
wifi: mt76: mt7925: ensure all MCU commands wait for response
wifi: mt76: mt7996: set EHT max ampdu length capability
wifi: mt76: mt7996: fix RX buffer size of MCU event
bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic"
netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds
netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
vfio/type1: Fix error unwind in migration dirty bitmap allocation
Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
Bluetooth: btintel: Check dsbr size from EFI variable
bpf, sockmap: Avoid using sk_socket after free when sending
netfilter: nf_tables: nft_fib: consistent l3mdev handling
netfilter: nft_tunnel: fix geneve_opt dump
RISC-V: KVM: lock the correct mp_state during reset
net: usb: aqc111: fix error handling of usbnet read calls
vsock/virtio: fix `rx_bytes` accounting for stream sockets
RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
net: lan966x: Fix 1-step timestamping over ipv4 or ipv6
net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit
bpf: Avoid __bpf_prog_ret0_warn when jit fails
net: phy: clear phydev->devlink when the link is deleted
net: phy: fix up const issues in to_mdio_device() and to_phy_device()
net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
net: lan743x: Fix PHY reset handling during initialization and WOL
net: phy: mscc: Fix memory leak when using one step timestamping
octeontx2-pf: QOS: Perform cache sync on send queue teardown
octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback
calipso: Don't call calipso functions for AF_INET sk.
net: openvswitch: Fix the dead loop of MPLS parse
net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
f2fs: use d_inode(dentry) cleanup dentry->d_inode
f2fs: fix to correct check conditions in f2fs_cross_rename
arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent
arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures
arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node
arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on
arm64: dts: qcom: sdm845-starqltechn: remove wifi
arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake
arm64: dts: qcom: sdm845-starqltechn: refactor node order
arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios
arm64: dts: qcom: sm8350: Reenable crypto & cryptobam
arm64: dts: qcom: sm8250: Fix CPU7 opp table
arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies
arm64: dts: qcom: ipq9574: Fix USB vdd info
arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588
ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
ARM: dts: at91: at91sam9263: fix NAND chip selects
arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
arm64: dts: mt8183: Add port node to mt8183.dtsi
arm64: dts: imx8mm-beacon: Fix RTC capacitive load
arm64: dts: imx8mn-beacon: Fix RTC capacitive load
arm64: dts: imx8mp-beacon: Fix RTC capacitive load
arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio
arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio
arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles
arm64: dts: mt6359: Add missing 'compatible' property to regulators node
arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply
arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning
arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c
arm64: dts: rockchip: Update eMMC for NanoPi R5 series
arm64: tegra: Drop remaining serial clock-names and reset-names
arm64: tegra: Add uartd serial alias for Jetson TX1 module
arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E
soc: qcom: smp2p: Fix fallback to qcom,ipc parse
Squashfs: check return result of sb_min_blocksize
ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
nilfs2: add pointer check for nilfs_direct_propagate()
nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
bus: fsl-mc: fix double-free on mc_dev
dt-bindings: vendor-prefixes: Add Liontron name
ARM: dts: qcom: apq8064: add missing clocks to the timer node
ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device
ARM: dts: qcom: apq8064: move replicator out of soc node
arm64: defconfig: mediatek: enable PHY drivers
arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou
arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects
arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups
arm64: dts: mt6359: Rename RTC node to match binding expectations
ARM: aspeed: Don't select SRAM
soc: aspeed: lpc: Fix impossible judgment condition
soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
randstruct: gcc-plugin: Remove bogus void member
randstruct: gcc-plugin: Fix attribute addition
perf build: Warn when libdebuginfod devel files are not available
perf ui browser hists: Set actions->thread before calling do_zoom_thread()
dm: don't change md if dm_table_set_restrictions() fails
dm: free table mempools if not used in __bind
backlight: pm8941: Add NULL check in wled_configure()
x86/irq: Ensure initial PIR loads are performed exactly once
mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
hwmon: (asus-ec-sensors) check sensor index in read_string()
perf symbol-minimal: Fix double free in filename__read_build_id
dm: fix dm_blk_report_zones
dm-flakey: error all IOs when num_features is absent
dm-flakey: make corrupting read bios work
perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids()
perf tests: Fix 'perf report' tests installation
perf intel-pt: Fix PEBS-via-PT data_src
perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3
remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick}
remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick}
rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe()
mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove()
mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
perf tests switch-tracking: Fix timestamp comparison
mailbox: imx: Fix TXDB_V2 sending
mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting
perf symbol: Fix use-after-free in filename__read_build_id
perf record: Fix incorrect --user-regs comments
perf trace: Always print return value for syscalls returning a pid
nfs: clear SB_RDONLY before getting superblock
nfs: ignore SB_RDONLY when remounting nfs
perf trace: Set errpid to false for rseq and set_robust_list
perf callchain: Always populate the addr_location map when adding IP
cifs: Fix validation of SMB1 query reparse point response
rust: alloc: add missing invariant in Vec::set_len()
rtc: sh: assign correct interrupts with DT
phy: rockchip: samsung-hdptx: Fix clock ratio setup
phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors
PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus()
PCI: rcar-gen4: set ep BAR4 fixed size
PCI: cadence: Fix runtime atomic count underflow
PCI: apple: Use gpiod_set_value_cansleep in probe flow
phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
dmaengine: ti: Add NULL check in udma_probe()
PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()
PCI/DPC: Initialize aer_err_info before using it
PCI/DPC: Log Error Source ID only when valid
rtc: loongson: Add missing alarm notifications for ACPI RTC events
PCI: endpoint: Retain fixed-size BAR size as well as aligned size
usb: renesas_usbhs: Reorder clock handling and power management in probe
serial: Fix potential null-ptr-deref in mlb_usio_probe()
thunderbolt: Fix a logic error in wake on connect
iio: filter: admv8818: fix band 4, state 15
iio: filter: admv8818: fix integer overflow
iio: filter: admv8818: fix range calculation
iio: filter: admv8818: Support frequencies >= 2^32
iio: adc: ad7124: Fix 3dB filter frequency reading
usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()
MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a
coresight: Fixes device's owner field for registered using coresight_init_driver()
coresight: catu: Introduce refcount and spinlock for enabling/disabling
counter: interrupt-cnt: Protect enable/disable OPs with mutex
fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
coresight: prevent deactivate active config while enabling the config
vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array()
iio: adc: PAC1934: fix typo in documentation link
iio: adc: mcp3911: fix device dependent mappings for conversion result registers
USB: gadget: udc: fix const issue in gadget_match_driver()
USB: typec: fix const issue in typec_match()
loop: add file_start_write() and file_end_write()
drm/xe: Make xe_gt_freq part of the Documentation
Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated
page_pool: Fix use-after-free in page_pool_recycle_in_ring
net: stmmac: platform: guarantee uniqueness of bus_id
gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
net: tipc: fix refcount warning in tipc_aead_encrypt
driver: net: ethernet: mtk_star_emac: fix suspend/resume issue
net/mlx4_en: Prevent potential integer overflow calculating Hz
net: lan966x: Make sure to insert the vlan tags also in host mode
spi: bcm63xx-spi: fix shared reset
spi: bcm63xx-hsspi: fix shared reset
Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
ice: fix Tx scheduler error handling in XDP callback
ice: create new Tx scheduler nodes for new queues only
ice: fix rebuilding the Tx scheduler tree for large queue counts
idpf: fix a race in txq wakeup
idpf: avoid mailbox timeout delays during reset
net: dsa: tag_brcm: legacy: fix pskb_may_pull length
net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
net: stmmac: make sure that ptp_rate is not 0 before configuring EST
drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h
drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP
drm/i915/guc: Handle race condition where wakeref count drops below 0
net: fix udp gso skb_segment after pull from frag_list
net: wwan: t7xx: Fix napi rx poll issue
vmxnet3: correctly report gso type for UDP tunnels
selftests: net: build net/lib dependency in all target
PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
nvme: fix command limits status code
gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
drm/panel-simple: fix the warnings for the Evervision VGG644804
netfilter: nf_set_pipapo_avx2: fix initial map fill
netfilter: nf_nat: also check reverse tuple to obtain clashing entry
net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces.
net: dsa: b53: do not enable RGMII delay on bcm63xx
net: dsa: b53: allow RGMII for bcm63xx RGMII ports
net: dsa: b53: do not touch DLL_IQQD on bcm53115
wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements
net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing
wireguard: device: enable threaded NAPI
seg6: Fix validation of nexthop addresses
riscv: misaligned: fix sleeping function called during misaligned access handling
scsi: ufs: qcom: Prevent calling phy_exit() before phy_init()
ASoC: codecs: hda: Fix RPM usage count underflow
ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX
ASoC: Intel: avs: Verify content returned by parse_int_array()
ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init
iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec
path_overmount(): avoid false negatives
fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
do_change_type(): refuse to operate on unmounted/not ours mounts
tools/power turbostat: Fix AMD package-energy reporting
ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315
ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247
ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA
ALSA: hda/realtek - Support mute led function for HP platform
ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
Input: synaptics-rmi - fix crash with unsupported versions of F34
pmdomain: core: Introduce dev_pm_genpd_rpm_always_on()
mmc: sdhci-of-dwcmshc: add PD workaround on RK3576
arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown
arm64: dts: qcom: x1e80100: Add GPU cooling
pinctrl: samsung: refactor drvdata suspend & resume callbacks
pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks
pinctrl: samsung: add gs101 specific eint suspend/resume callbacks
dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3
dt-bindings: pwm: Correct indentation and style in DTS example
dt-bindings: pwm: adi,axi-pwmgen: Fix clocks
serial: sh-sci: Move runtime PM enable to sci_probe_single()
scsi: core: ufs: Fix a hang in the error handler
Bluetooth: hci_core: fix list_for_each_entry_rcu usage
Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers
Bluetooth: btintel_pcie: Increase the tx and rx descriptor count
Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition
Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
Bluetooth: MGMT: Remove unused mgmt_pending_find_data
Bluetooth: MGMT: Protect mgmt_pending list with its own lock
net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0
ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
ath10k: snoc: fix unbalanced IRQ enable in crash recovery
wifi: ath11k: convert timeouts to secs_to_jiffies()
wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process()
wifi: ath11k: don't wait when there is no vdev started
wifi: ath11k: move some firmware stats related functions outside of debugfs
wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready
wifi: ath12k: refactor ath12k_hw_regs structure
wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message
spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted
pinctrl: qcom: pinctrl-qcm2290: Add missing pins
scsi: iscsi: Fix incorrect error path labels for flashnode operations
net_sched: sch_sfq: fix a potential crash on gso_skb handling
powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
drm/meson: use unsigned long long / Hz for frequency types
drm/meson: fix debug log statement when setting the HDMI clocks
drm/meson: use vclk_freq instead of pixel_freq in debug print
drm/meson: fix more rounding issues with 59.94Hz modes
i40e: return false from i40e_reset_vf if reset is in progress
i40e: retry VFLR handling if there is ongoing VF reset
ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
net: Fix TOCTOU issue in sk_is_readable()
macsec: MACsec SCI assignment for ES = 0
net/mdiobus: Fix potential out-of-bounds read/write access
net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
Bluetooth: Fix NULL pointer deference on eir_get_service_data
Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Bluetooth: MGMT: Fix sparse errors
net/mlx5: Ensure fw pages are always allocated on same NUMA
net/mlx5: Fix ECVF vports unload on shutdown flow
net/mlx5: Fix return value when searching for existing flow group
net/mlx5: HWS, fix missing ip_version handling in definer
net/mlx5e: Fix leak of Geneve TLV option object
net_sched: prio: fix a race in prio_tune()
net_sched: red: fix a race in __red_change()
net_sched: tbf: fix a race in tbf_change()
net_sched: ets: fix a race in ets_qdisc_change()
net: drv: netdevsim: don't napi_complete() from netpoll
btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
fs/filesystems: Fix potential unsigned integer underflow in fs_name()
gfs2: pass through holder from the VFS for freeze/thaw
btrfs: exit after state split error at set_extent_bit()
nvmet-fcloop: access fcpreq only when holding reqlock
perf: Ensure bpf_perf_link path is properly serialized
block: use q->elevator with ->elevator_lock held in elv_iosched_show()
io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo()
block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work
io_uring: consistently use rcu semantics with sqpoll thread
bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
block: Fix bvec_set_folio() for very large folios
objtool/rust: relax slice condition to cover more `noreturn` Rust functions
tools/resolve_btfids: Fix build when cross compiling kernel with clang.
Revert "wifi: mwifiex: Fix HT40 bandwidth issue."
ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
nvmem: zynqmp_nvmem: unbreak driver after cleanup
usb: usbtmc: Fix read_stb function and get_stb ioctl
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
tty: serial: 8250_omap: fix TX with DMA for am33xx
usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence
usb: cdnsp: Fix issue with detecting command completion event
usb: cdnsp: Fix issue with detecting USB 3.2 speed
usb: Flush altsetting 0 endpoints before reinitializating them after reset.
usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work
9p: Add a migrate_folio method
ring-buffer: Do not trigger WARN_ON() due to a commit_overrun
ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()
ring-buffer: Move cpus_read_lock() outside of buffer->mutex
xfs: don't assume perags are initialised when trimming AGs
xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
x86/iopl: Cure TIF_IO_BITMAP inconsistencies
x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler
calipso: unlock rcu before returning -EAFNOSUPPORT
regulator: dt-bindings: mt6357: Drop fixed compatible requirement
usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n
net: usb: aqc111: debug info before sanitation
overflow: Introduce __DEFINE_FLEX for having no initializer
gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add
drm/meson: Use 1000ULL when operating with mode->clock
thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit
Linux 6.12.34
Change-Id: I679f0f1ddcf9bf8a0b86089ccb7b78536f5bc441
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Steps on the way to 6.12.34
Resolves merge conflicts in:
kernel/sched/core.c
net/netfilter/xt_mark.c
Change-Id: I6df5e27c2a5bfa8b077b1f2814ad98b2a3dc0877
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 8 out of 25 changes, affecting 9 files +103/-61
db758487f3 tracing: Fix compilation warning on arm32 [1 file, +1/-1]
bf49527089 f2fs: fix to avoid accessing uninitialized curseg [2 files, +15/-1]
a6a55fe660 rtc: Make rtc_time64_to_tm() support dates before 1970 [1 file, +19/-5]
6b482b16f3 rtc: Fix offset calculation for .start_secs < 0 [1 file, +1/-1]
3c4fed940d PCI/ASPM: Disable L1 before disabling L1 PM Substates [1 file, +50/-42]
0c60158ff1 block: fix adding folio to bio [1 file, +7/-4]
23179d009c usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE [1 file, +3/-0]
e428b7e205 Bluetooth: hci_qca: move the SoC type check to the right place [1 file, +7/-7]
Changes in 6.12.33
tracing: Fix compilation warning on arm32
f2fs: fix to avoid accessing uninitialized curseg
pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31
pinctrl: armada-37xx: set GPIO output value before setting direction
acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
Documentation: ACPI: Use all-string data node references
rtc: Make rtc_time64_to_tm() support dates before 1970
rtc: Fix offset calculation for .start_secs < 0
accel/ivpu: Add initial Panther Lake support
accel/ivpu: Update power island delays
PCI/ASPM: Disable L1 before disabling L1 PM Substates
block: fix adding folio to bio
Revert "cpufreq: tegra186: Share policy per cluster"
usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
usb: typec: ucsi: fix Clang -Wsign-conversion warning
Bluetooth: hci_qca: move the SoC type check to the right place
serial: jsm: fix NPE during jsm_uart_port_init
usb: usbtmc: Fix timeout value in get_stb
thunderbolt: Do not double dequeue a configuration request
dt-bindings: usb: cypress,hx3: Add support for all variants
dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property
Revert "drm/amd/display: more liberal vmin/vmax update for freesync"
Linux 6.12.33
Change-Id: I7c7a2ac6d4c5733af81a449f838133d9da60cafe
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f914b52c379c12288b7623bb814d0508dbe7481d upstream.
The following issue happens with a buggy module:
BUG: unable to handle page fault for address: ffffffffc05d0218
PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0
Oops: Oops: 0000 [#1] SMP KASAN PTI
Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
RIP: 0010:sized_strscpy+0x81/0x2f0
RSP: 0018:ffff88812d76fa08 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffc0601010 RCX: dffffc0000000000
RDX: 0000000000000038 RSI: dffffc0000000000 RDI: ffff88812608da2d
RBP: 8080808080808080 R08: ffff88812608da2d R09: ffff88812608da68
R10: ffff88812608d82d R11: ffff88812608d810 R12: 0000000000000038
R13: ffff88812608da2d R14: ffffffffc05d0218 R15: fefefefefefefeff
FS: 00007fef552de740(0000) GS:ffff8884251c7000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffc05d0218 CR3: 00000001146f0000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ftrace_mod_get_kallsym+0x1ac/0x590
update_iter_mod+0x239/0x5b0
s_next+0x5b/0xa0
seq_read_iter+0x8c9/0x1070
seq_read+0x249/0x3b0
proc_reg_read+0x1b0/0x280
vfs_read+0x17f/0x920
ksys_read+0xf3/0x1c0
do_syscall_64+0x5f/0x2e0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The above issue may happen as follows:
(1) Add kprobe tracepoint;
(2) insmod test.ko;
(3) Module triggers ftrace disabled;
(4) rmmod test.ko;
(5) cat /proc/kallsyms; --> Will trigger UAF as test.ko already removed;
ftrace_mod_get_kallsym()
...
strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);
...
The problem is when a module triggers an issue with ftrace and
sets ftrace_disable. The ftrace_disable is set when an anomaly is
discovered and to prevent any more damage, ftrace stops all text
modification. The issue that happened was that the ftrace_disable stops
more than just the text modification.
When a module is loaded, its init functions can also be traced. Because
kallsyms deletes the init functions after a module has loaded, ftrace
saves them when the module is loaded and function tracing is enabled. This
allows the output of the function trace to show the init function names
instead of just their raw memory addresses.
When a module is removed, ftrace_release_mod() is called, and if
ftrace_disable is set, it just returns without doing anything more. The
problem here is that it leaves the mod_list still around and if kallsyms
is called, it will call into this code and access the module memory that
has already been freed as it will return:
strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);
Where the "mod" no longer exists and triggers a UAF bug.
Link: https://lore.kernel.org/all/20250523135452.626d8dcd@gandalf.local.home/
Cc: stable@vger.kernel.org
Fixes: aba4b5c22c ("ftrace: Save module init functions kallsyms symbols for tracing")
Link: https://lore.kernel.org/20250529111955.2349189-2-yebin@huaweicloud.com
Signed-off-by: Ye Bin <yebin10@huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4fc78a7c9ca994e1da5d3940704d4e8f0ea8c5e4 upstream.
When reading a memory mapped buffer the reader page is just swapped out
with the last page written in the write buffer. If the reader page is the
same as the commit buffer (the buffer that is currently being written to)
it was assumed that it should never have missed events. If it does, it
triggers a WARN_ON_ONCE().
But there just happens to be one scenario where this can legitimately
happen. That is on a commit_overrun. A commit overrun is when an interrupt
preempts an event being written to the buffer and then the interrupt adds
so many new events that it fills and wraps the buffer back to the commit.
Any new events would then be dropped and be reported as "missed_events".
In this case, the next page to read is the commit buffer and after the
swap of the reader page, the reader page will be the commit buffer, but
this time there will be missed events and this triggers the following
warning:
------------[ cut here ]------------
WARNING: CPU: 2 PID: 1127 at kernel/trace/ring_buffer.c:7357 ring_buffer_map_get_reader+0x49a/0x780
Modules linked in: kvm_intel kvm irqbypass
CPU: 2 UID: 0 PID: 1127 Comm: trace-cmd Not tainted 6.15.0-rc7-test-00004-g478bc2824b45-dirty #564 PREEMPT
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:ring_buffer_map_get_reader+0x49a/0x780
Code: 00 00 00 48 89 fe 48 c1 ee 03 80 3c 2e 00 0f 85 ec 01 00 00 4d 3b a6 a8 00 00 00 0f 85 8a fd ff ff 48 85 c0 0f 84 55 fe ff ff <0f> 0b e9 4e fe ff ff be 08 00 00 00 4c 89 54 24 58 48 89 54 24 50
RSP: 0018:ffff888121787dc0 EFLAGS: 00010002
RAX: 00000000000006a2 RBX: ffff888100062800 RCX: ffffffff8190cb49
RDX: ffff888126934c00 RSI: 1ffff11020200a15 RDI: ffff8881010050a8
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed1024d26982
R10: ffff888126934c17 R11: ffff8881010050a8 R12: ffff888126934c00
R13: ffff8881010050b8 R14: ffff888101005000 R15: ffff888126930008
FS: 00007f95c8cd7540(0000) GS:ffff8882b576e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95c8de4dc0 CR3: 0000000128452002 CR4: 0000000000172ef0
Call Trace:
<TASK>
? __pfx_ring_buffer_map_get_reader+0x10/0x10
tracing_buffers_ioctl+0x283/0x370
__x64_sys_ioctl+0x134/0x190
do_syscall_64+0x79/0x1c0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f95c8de48db
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
RSP: 002b:00007ffe037ba110 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffe037bb2b0 RCX: 00007f95c8de48db
RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000006
RBP: 00007ffe037ba180 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe037bb6f8 R14: 00007f95c9065000 R15: 00005575c7492c90
</TASK>
irq event stamp: 5080
hardirqs last enabled at (5079): [<ffffffff83e0adb0>] _raw_spin_unlock_irqrestore+0x50/0x70
hardirqs last disabled at (5080): [<ffffffff83e0aa83>] _raw_spin_lock_irqsave+0x63/0x70
softirqs last enabled at (4182): [<ffffffff81516122>] handle_softirqs+0x552/0x710
softirqs last disabled at (4159): [<ffffffff815163f7>] __irq_exit_rcu+0x107/0x210
---[ end trace 0000000000000000 ]---
The above was triggered by running on a kernel with both lockdep and KASAN
as well as kmemleak enabled and executing the following command:
# perf record -o perf-test.dat -a -- trace-cmd record --nosplice -e all -p function hackbench 50
With perf interjecting a lot of interrupts and trace-cmd enabling all
events as well as function tracing, with lockdep, KASAN and kmemleak
enabled, it could cause an interrupt preempting an event being written to
add enough events to wrap the buffer. trace-cmd was modified to have
--nosplice use mmap instead of reading the buffer.
The way to differentiate this case from the normal case of there only
being one page written to where the swap of the reader page received that
one page (which is the commit page), check if the tail page is on the
reader page. The difference between the commit page and the tail page is
that the tail page is where new writes go to, and the commit page holds
the first write that hasn't been committed yet. In the case of an
interrupt preempting the write of an event and filling the buffer, it
would move the tail page but not the commit page.
Have the warning only trigger if the tail page is also on the reader page,
and also print out the number of events dropped by a commit overrun as
that can not yet be safely added to the page so that the reader can see
there were events dropped.
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20250528121555.2066527e@gandalf.local.home
Fixes: fe832be05a ("ring-buffer: Have mmapped ring buffer keep track of missed events")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4e2e6841ff761cc15a54e8bebcf35d7325ec78a2 ]
This reverts commit 4a8f635a60.
Althought get_pid_task() internally already calls rcu_read_lock() and
rcu_read_unlock(), the find_vpid() was not.
The documentation for find_vpid() clearly states:
"Must be called with the tasklist_lock or rcu_read_lock() held."
Add proper rcu_read_lock/unlock() to protect the find_vpid().
Fixes: 4a8f635a60 ("bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic")
Reported-by: Xuewen Yan <xuewen.yan@unisoc.com>
Signed-off-by: Di Shen <di.shen@unisoc.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20250520054943.5002-1-xuewen.yan@unisoc.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f2947c4b7d0f235621c5daf78aecfbd6e22c05e5 ]
The function event_trigger_alloc() creates an event_trigger_data
descriptor and states that it needs to be freed via event_trigger_free().
This is incorrect, it needs to be freed by trigger_data_free() as
event_trigger_free() adds ref counting.
Rename event_trigger_alloc() to trigger_data_alloc() and state that it
needs to be freed via trigger_data_free(). This naming convention
was introducing bugs.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Link: https://lore.kernel.org/20250507145455.776436410@goodmis.org
Fixes: 86599dbe2c ("tracing: Add helper functions to simplify event_command.parse() callback handling")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 7ab0fc61ce73040f89b12d76a8279995ec283541 ]
The histogram trigger has three somewhat large arrays on the kernel stack:
unsigned long entries[HIST_STACKTRACE_DEPTH];
u64 var_ref_vals[TRACING_MAP_VARS_MAX];
char compound_key[HIST_KEY_SIZE_MAX];
Checking the function event_hist_trigger() stack frame size, it currently
uses 816 bytes for its stack frame due to these variables!
Instead, allocate a per CPU structure that holds these arrays for each
context level (normal, softirq, irq and NMI). That is, each CPU will have
4 of these structures. This will be allocated when the first histogram
trigger is enabled and freed when the last is disabled. When the
histogram callback triggers, it will request this structure. The request
will disable preemption, get the per CPU structure at the index of the
per CPU variable, and increment that variable.
The callback will use the arrays in this structure to perform its work and
then release the structure. That in turn will simply decrement the per CPU
index and enable preemption.
Moving the variables from the kernel stack to the per CPU structure brings
the stack frame of event_hist_trigger() down to just 112 bytes.
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Link: https://lore.kernel.org/20250407123851.74ea8d58@gandalf.local.home
Fixes: 067fe038e7 ("tracing: Add variable reference handling to hist triggers")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 243911982aa9faf4361aa952f879331ad66933fe ]
The link_create.flags are currently not used for multi-kprobes, so return
-EINVAL if it is set, same as for other attach APIs.
We allow target_fd, on the other hand, to have an arbitrary value for
multi-kprobe, as there are existing users (libbpf) relying on this.
Fixes: 0dcac27254 ("bpf: Add multi kprobe link")
Signed-off-by: Tao Chen <chen.dylane@linux.dev>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20250407035752.1108927-1-chen.dylane@linux.dev
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 2fbdb6d8e03b70668c0876e635506540ae92ab05 upstream.
On arm32, size_t is defined to be unsigned int, while PAGE_SIZE is
unsigned long. This hence triggers a compilation warning as min()
asserts the type of two operands to be equal. Casting PAGE_SIZE to size_t
solves this issue and works on other target architectures as well.
Compilation warning details:
kernel/trace/trace.c: In function 'tracing_splice_read_pipe':
./include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast
(!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
^
./include/linux/minmax.h:26:4: note: in expansion of macro '__typecheck'
(__typecheck(x, y) && __no_side_effects(x, y))
^~~~~~~~~~~
...
kernel/trace/trace.c:6771:8: note: in expansion of macro 'min'
min((size_t)trace_seq_used(&iter->seq),
^~~
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/20250526013731.1198030-1-pantaixi@huaweicloud.com
Fixes: f5178c41bb43 ("tracing: Fix oob write in trace_seq_to_buffer()")
Reviewed-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Pan Taixi <pantaixi@huaweicloud.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 18 out of 143 changes, affecting 32 files +213/-83
10d1496f85 fs/xattr.c: fix simple_xattr_list to always include security.* xattrs [1 file, +24/-0]
bc4c54cbb4 binfmt_elf: Move brk for static PIE even if ASLR disabled [1 file, +47/-24]
f0d70d8dca cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks [1 file, +4/-2]
517c11fe4f tracing: probes: Fix a possible race in trace_probe_log APIs [5 files, +27/-3]
94e7272b63 HID: uclogic: Add NULL check in uclogic_input_configured() [1 file, +4/-3]
28826a89fd Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags [1 file, +6/-3]
d1365ca80b net_sched: Flush gso_skb list too during ->change() [7 files, +21/-6]
ddfa034da3 nvme-pci: make nvme_pci_npages_prp() __always_inline [1 file, +1/-1]
a3c147040b nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable [1 file, +2/-0]
c88f4ff535 ALSA: usb-audio: Add sample rate quirk for Audioengine D1 [1 file, +2/-0]
93152dac0b ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera [1 file, +2/-0]
fe1bebd0ed dma-buf: insert memory barrier before updating num_fences [1 file, +3/-2]
7d353da580 ftrace: Fix preemption accounting for stacktrace trigger command [1 file, +1/-1]
bffc3038a2 scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer [3 files, +7/-2]
20d6e621be ring-buffer: Fix persistent buffer when commit page is the reader page [1 file, +5/-3]
fe0756daad mm: userfaultfd: correct dirty flags set for both present and swap pte [1 file, +10/-2]
74953f93f4 mm/page_alloc: fix race condition in unaccepted memory handling [1 file, +0/-23]
5924b32446 usb: typec: ucsi: displayport: Fix deadlock [3 files, +47/-8]
Changes in 6.12.30
arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588
fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies
drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
riscv: dts: sophgo: fix DMA data-width configuration for CV18xx
binfmt_elf: Move brk for static PIE even if ASLR disabled
platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL)
platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks
tracing: probes: Fix a possible race in trace_probe_log APIs
tpm: tis: Double the timeout B to 4s
uio_hv_generic: Fix sysfs creation path for ring buffer
KVM: Add member to struct kvm_gfn_range to indicate private/shared
KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing
iio: adc: ad7266: Fix potential timestamp alignment issue.
iio: chemical: pms7003: use aligned_s64 for timestamp
iio: pressure: mprls0025pa: use aligned_s64 for timestamp
drm/amd: Add Suspend/Hibernate notification callback support
Revert "drm/amd: Stop evicting resources on APUs in suspend"
xhci: dbc: Improve performance by removing delay in transfer event polling.
xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive.
iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
iio: chemical: sps30: use aligned_s64 for timestamp
virtio_ring: add a func argument 'recycle_done' to virtqueue_reset()
virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx
RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
HID: uclogic: Add NULL check in uclogic_input_configured()
nfs: handle failure of nfs_get_lock_context in unlock path
spi: loopback-test: Do not split 1024-byte hexdumps
RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
net_sched: Flush gso_skb list too during ->change()
tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
mctp: no longer rely on net->dev_index_head[]
net: mctp: Don't access ifa_index when missing
selftests: ncdevmem: Redirect all non-payload output to stderr
selftests: ncdevmem: Separate out dmabuf provider
selftests: ncdevmem: Unify error handling
selftests: ncdevmem: Make client_ip optional
selftests: ncdevmem: Switch to AF_INET6
tests/ncdevmem: Fix double-free of queue array
net: mctp: Ensure keys maintain only one ref to corresponding dev
ALSA: seq: Fix delivery of UMP events to group ports
ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
nvme-pci: make nvme_pci_npages_prp() __always_inline
nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
ALSA: sh: SND_AICA should depend on SH_DMA_API
net: dsa: b53: prevent standalone from trying to forward to other ports
vsock/test: Fix occasional failure in SIOCOUTQ tests
net/mlx5e: Disable MACsec offload for uplink representor profile
qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
regulator: max20086: fix invalid memory access
drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value
netlink: specs: tc: fix a couple of attribute names
netlink: specs: tc: all actions are indexed arrays
octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability
octeontx2-af: Fix CGX Receive counters
octeontx2-pf: Do not reallocate all ntuple filters
wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
net/tls: fix kernel panic when alloc_page failed
tsnep: fix timestamping with a stacked DSA driver
NFSv4/pnfs: Reset the layout state after a layoutreturn
dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted"
sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
udf: Make sure i_lenExtents is uptodate on inode eviction
HID: bpf: abort dispatch if device destroyed
LoongArch: Prevent cond_resched() occurring within kernel-fpu
LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
LoongArch: Save and restore CSR.CNTC for hibernation
LoongArch: Fix MAX_REG_OFFSET calculation
LoongArch: uprobes: Remove user_{en,dis}able_single_step()
LoongArch: uprobes: Remove redundant code about resume_era
btrfs: fix discard worker infinite loop after disabling discard
btrfs: fix folio leak in submit_one_async_extent()
btrfs: add back warning for mount option commit values exceeding 300
Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor"
drm/amdgpu: fix incorrect MALL size for GFX1151
drm/amdgpu: csa unmap use uninterruptible lock
drm/amd/display: Correct the reply value when AUX write incomplete
drm/amd/display: Avoid flooding unnecessary info messages
MAINTAINERS: Update Alexey Makhalov's email address
gpio: pca953x: fix IRQ storm on system wake up
ACPI: PPTT: Fix processor subtable walk
ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
ALSA: usb-audio: Add sample rate quirk for Audioengine D1
ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
dma-buf: insert memory barrier before updating num_fences
hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
hv_netvsc: Remove rmsg_pgcnt
arm64: dts: amlogic: dreambox: fix missing clkc_audio node
arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi
Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
kbuild: Disable -Wdefault-const-init-unsafe
ftrace: Fix preemption accounting for stacktrace trigger command
ftrace: Fix preemption accounting for stacktrace filter command
tracing: samples: Initialize trace_array_printk() with the correct function
phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
phy: Fix error handling in tegra_xusb_port_init
phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
phy: renesas: rcar-gen3-usb2: Set timing registers only once
scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
smb: client: fix memory leak during error handling for POSIX mkdir
spi: tegra114: Use value to check for invalid delays
tpm: Mask TPM RC in tpm2_start_auth_session()
wifi: mt76: disable napi on driver removal
ring-buffer: Fix persistent buffer when commit page is the reader page
net: qede: Initialize qede_ll_ops with designated initializer
mm: userfaultfd: correct dirty flags set for both present and swap pte
dmaengine: ti: k3-udma: Add missing locking
dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups
dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals
dmaengine: idxd: Add missing cleanups in cleanup internals
dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call
dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe
dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
CIFS: New mount option for cifs.upcall namespace resolution
drm/xe/gsc: do not flush the GSC worker from the reset path
mm/page_alloc: fix race condition in unaccepted memory handling
accel/ivpu: Rename ivpu_log_level to fw_log_level
accel/ivpu: Reset fw log on cold boot
accel/ivpu: Refactor functions in ivpu_fw_log.c
accel/ivpu: Fix fw log printing
iio: light: opt3001: fix deadlock due to concurrent flag access
Bluetooth: btnxpuart: Fix kernel panic during FW release
drm/fbdev-dma: Support struct drm_driver.fbdev_probe
drm/panel-mipi-dbi: Run DRM default client setup
drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()
usb: typec: ucsi: displayport: Fix deadlock
phy: tegra: xusb: remove a stray unlock
drm/amdgpu: fix pm notifier handling
Linux 6.12.30
Change-Id: I4fefed85c02f1ed826b7ee014700b80c10300bb5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In order to support dump on panic, the external writer might
fast-forward the reader-page to make sure the very last events can be
read.
Bug: 357781595
Bug: 391974813
Change-Id: I5b2473756a3350de8b0b808b54df662b8a77c6ad
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
[ Upstream commit 196a062641fe68d9bfe0ad36b6cd7628c99ad22c ]
Binary printing functions are using printf() type of format, and compiler
is not happy about them as is:
kernel/trace/trace.c:3292:9: error: function ‘trace_vbprintk’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
kernel/trace/trace_seq.c:182:9: error: function ‘trace_seq_bprintf’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
Fix the compilation errors by adding __printf() attribute.
While at it, move existing __printf() attributes from the implementations
to the declarations. IT also fixes incorrect attribute parameters that are
used for trace_array_printk().
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20250321144822.324050-4-andriy.shevchenko@linux.intel.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 33 out of 166 changes, affecting 52 files +454/-363
0aaae77be5 ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() [1 file, +7/-0]
fdf0ae5e9e ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset [1 file, +2/-1]
38d9ca7405 binder: fix offset calculation in debug log [1 file, +1/-1]
f1dfc94584 drm/fdinfo: Protect against driver unbind [1 file, +6/-0]
090c8714ef arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays [1 file, +2/-0]
eb9b72e4fe mm/memblock: pass size instead of end to memblock_set_node() [1 file, +1/-1]
9c4ddea497 mm/memblock: repeat setting reserved region nid if array is doubled [1 file, +10/-0]
0988dd0263 tracing: Do not take trace_event_sem in print_event_fields() [1 file, +2/-2]
f451082572 dm-bufio: don't schedule in atomic context [1 file, +8/-1]
510aea4ef0 dm: always update the array size in realloc_argv on success [1 file, +3/-2]
2e303d0107 iommu: Fix two issues in iommu_copy_struct_from_user() [1 file, +4/-4]
573b047229 cpufreq: Avoid using inconsistent policy->min and policy->max [1 file, +25/-7]
962d88304c cpufreq: Fix setting policy limits when frequency tables are used [4 files, +73/-41]
1f27a3e93b tracing: Fix oob write in trace_seq_to_buffer() [1 file, +3/-2]
220395054c ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties [1 file, +13/-19]
29a4a29112 ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence [1 file, +4/-1]
65d3c57061 xsk: Fix race condition in AF_XDP generic RX path [4 files, +6/-6]
fe81c26d2d Bluetooth: hci_conn: Remove alloc from critical section [1 file, +10/-18]
eb8b860e87 Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver [6 files, +95/-107]
620810ac1f Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync [7 files, +88/-109]
432572d536 Bluetooth: L2CAP: copy RX timestamp to new fragments [1 file, +3/-0]
6b1355860d scsi: ufs: core: Remove redundant query_complete trace [1 file, +0/-2]
5ad0b1b554 nvme-pci: fix queue unquiesce check on slot_reset [1 file, +1/-1]
6effe1c0fa net: ipv6: fix UDPv6 GSO segmentation with NAT [1 file, +60/-1]
c0dba059b1 net: use sock_gen_put() when sk_state is TCP_TIME_WAIT [2 files, +2/-2]
e10ec6e32b blk-mq: create correct map for fallback case [1 file, +1/-2]
dab2a13059 mm, slab: clean up slab->obj_exts always [1 file, +7/-20]
0a188c0e19 sch_htb: make htb_qlen_notify() idempotent [1 file, +2/-0]
969d8beaa2 firmware: arm_scmi: Balance device refcount when destroying devices [1 file, +3/-0]
3b41b5efae kernel: param: rename locate_module_kobject [1 file, +3/-3]
69113bf740 kernel: globalize lookup_or_create_module_kobject() [2 files, +3/-1]
e1eea69858 drivers: base: handle module_kobject creation [1 file, +5/-8]
db62809197 dm: fix copying after src array boundaries [1 file, +1/-1]
Changes in 6.12.28
Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x
Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x
Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x
Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x
Bluetooth: btusb: Add new VID/PID for WCN785x
Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x
Revert "rndis_host: Flag RNDIS modems as WWAN devices"
ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
binder: fix offset calculation in debug log
btrfs: adjust subpage bit start based on sectorsize
btrfs: fix COW handling in run_delalloc_nocow()
cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
drm/fdinfo: Protect against driver unbind
drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
EDAC/altera: Test the correct error reg offset
EDAC/altera: Set DDR and SDMMC interrupt mask before registration
i2c: imx-lpi2c: Fix clock count when probe defers
arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
parisc: Fix double SIGFPE crash
perf/x86/intel: Only check the group flag for X86 leader
perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.
amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload
irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
mm/memblock: pass size instead of end to memblock_set_node()
mm/memblock: repeat setting reserved region nid if array is doubled
mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
spi: tegra114: Don't fail set_cs_timing when delays are zero
tracing: Do not take trace_event_sem in print_event_fields()
wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
dm-bufio: don't schedule in atomic context
dm-integrity: fix a warning on invalid table line
dm: always update the array size in realloc_argv on success
drm/amdgpu: Fix offset for HDP remap in nbio v7.11
drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids
iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
iommu: Fix two issues in iommu_copy_struct_from_user()
platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles
platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug
ksmbd: fix use-after-free in ksmbd_session_rpc_open
ksmbd: fix use-after-free in kerberos authentication
ksmbd: fix use-after-free in session logoff
smb: client: fix zero length for mkdir POSIX create context
cpufreq: Avoid using inconsistent policy->min and policy->max
cpufreq: Fix setting policy limits when frequency tables are used
tracing: Fix oob write in trace_seq_to_buffer()
drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties
ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
book3s64/radix : Align section vmemmap start address to PAGE_SIZE
pinctrl: imx: Return NULL if no group is matched and found
powerpc/boot: Check for ld-option support
ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
ALSA: hda/realtek - Enable speaker for HP platform
drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions'
wifi: iwlwifi: don't warn if the NIC is gone in resume
wifi: iwlwifi: fix the check for the SCRATCH register upon resume
wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
powerpc/boot: Fix dash warning
vxlan: vnifilter: Fix unlocked deletion of default FDB entry
xsk: Fix race condition in AF_XDP generic RX path
net/mlx5e: Use custom tunnel header for vxlan gbp
net/mlx5: E-Switch, Initialize MAC Address for Default GID
net/mlx5e: TC, Continue the attr process even if encap entry is invalid
net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
net/mlx5: E-switch, Fix error handling for enabling roce
accel/ivpu: Correct DCT interrupt handling
ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
Bluetooth: hci_conn: Remove alloc from critical section
Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
Bluetooth: btintel_pcie: Avoid redundant buffer allocation
Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
Bluetooth: L2CAP: copy RX timestamp to new fragments
net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
octeon_ep_vf: Resolve netdevice usage count issue
bnxt_en: improve TX timestamping FIFO configuration
rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation
net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll
net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised
net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
pds_core: make pdsc_auxbus_dev_del() void
pds_core: specify auxiliary_device to be created
pds_core: remove write-after-free of client_id
net_sched: drr: Fix double list add in class with netem as child qdisc
net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
net_sched: ets: Fix double list add in class with netem as child qdisc
net_sched: qfq: Fix double list add in class with netem as child qdisc
ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
idpf: fix offloads support for encapsulated packets
scsi: ufs: core: Remove redundant query_complete trace
ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
nvme-pci: fix queue unquiesce check on slot_reset
drm/tests: shmem: Fix memleak
drm/mipi-dbi: Fix blanking for non-16 bit formats
net: dlink: Correct endianness handling of led_mode
net: mdio: mux-meson-gxl: set reversed bit when using internal phy
idpf: fix potential memory leak on kcalloc() failure
idpf: protect shutdown from reset
igc: fix lock order in igc_ptp_reset
net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
net: dsa: felix: fix broken taprio gate states after clock jump
net: ipv6: fix UDPv6 GSO segmentation with NAT
ALSA: hda/realtek: Fix built-mic regression on other ASUS models
bnxt_en: Fix error handling path in bnxt_init_chip()
bnxt_en: Fix ethtool selftest output in one of the failure cases
bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
bnxt_en: Fix coredump logic to free allocated buffer
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
bnxt_en: Fix ethtool -d byte order for 32-bit values
nvme-tcp: fix premature queue removal and I/O failover
nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction
bnxt_en: fix module unload sequence
net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
net: lan743x: Fix memleak issue when GSO enabled
net: fec: ERR007885 Workaround for conventional TX
octeon_ep: Fix host hang issue during device reboot
net: hns3: store rx VLAN tag offload state for VF
net: hns3: fix an interrupt residual problem
net: hns3: fixed debugfs tm_qset size
net: hns3: defer calling ptp_clock_register()
net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
net: vertexcom: mse102x: Fix LEN_MASK
net: vertexcom: mse102x: Add range check for CMD_RTS
net: vertexcom: mse102x: Fix RX error handling
blk-mq: create correct map for fallback case
mm, slab: clean up slab->obj_exts always
bcachefs: Remove incorrect __counted_by annotation
net: Fix the devmem sock opts and msgs for parisc
accel/ivpu: Make DB_ID and JOB_ID allocations incremental
accel/ivpu: Use xa_alloc_cyclic() instead of custom function
accel/ivpu: Fix a typo
accel/ivpu: Update VPU FW API headers
accel/ivpu: Abort all jobs after command queue unregister
accel/ivpu: Fix locking order in ivpu_job_submit
accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
sch_htb: make htb_qlen_notify() idempotent
sch_drr: make drr_qlen_notify() idempotent
sch_hfsc: make hfsc_qlen_notify() idempotent
sch_qfq: make qfq_qlen_notify() idempotent
sch_ets: make est_qlen_notify() idempotent
drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change
firmware: arm_scmi: Balance device refcount when destroying devices
firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
arm64: dts: imx95: Correct the range of PCIe app-reg region
ARM: dts: opos6ul: add ksz8081 phy properties
arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs
Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
kernel: param: rename locate_module_kobject
kernel: globalize lookup_or_create_module_kobject()
drivers: base: handle module_kobject creation
drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
drm/amd/display: Fix slab-use-after-free in hdcp
dm: fix copying after src array boundaries
Linux 6.12.28
Change-Id: I79f3d50a10acfe53f329b4b5a4af502f488c61f3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 1d6c39c89f617c9fec6bbae166e25b16a014f7c8 upstream.
The ring buffer is made up of sub buffers (sometimes called pages as they
are by default PAGE_SIZE). It has the following "pages":
"tail page" - this is the page that the next write will write to
"head page" - this is the page that the reader will swap the reader page with.
"reader page" - This belongs to the reader, where it will swap the head
page from the ring buffer so that the reader does not
race with the writer.
The writer may end up on the "reader page" if the ring buffer hasn't
written more than one page, where the "tail page" and the "head page" are
the same.
The persistent ring buffer has meta data that points to where these pages
exist so on reboot it can re-create the pointers to the cpu_buffer
descriptor. But when the commit page is on the reader page, the logic is
incorrect.
The check to see if the commit page is on the reader page checked if the
head page was the reader page, which would never happen, as the head page
is always in the ring buffer. The correct check would be to test if the
commit page is on the reader page. If that's the case, then it can exit
out early as the commit page is only on the reader page when there's only
one page of data in the buffer. There's no reason to iterate the ring
buffer pages to find the "commit page" as it is already found.
To trigger this bug:
# echo 1 > /sys/kernel/tracing/instances/boot_mapped/events/syscalls/sys_enter_fchownat/enable
# touch /tmp/x
# chown sshd /tmp/x
# reboot
On boot up, the dmesg will have:
Ring buffer meta [0] is from previous boot!
Ring buffer meta [1] is from previous boot!
Ring buffer meta [2] is from previous boot!
Ring buffer meta [3] is from previous boot!
Ring buffer meta [4] commit page not found
Ring buffer meta [5] is from previous boot!
Ring buffer meta [6] is from previous boot!
Ring buffer meta [7] is from previous boot!
Where the buffer on CPU 4 had a "commit page not found" error and that
buffer is cleared and reset causing the output to be empty and the data lost.
When it works correctly, it has:
# cat /sys/kernel/tracing/instances/boot_mapped/trace_pipe
<...>-1137 [004] ..... 998.205323: sys_enter_fchownat: __syscall_nr=0x104 (260) dfd=0xffffff9c (4294967196) filename=(0xffffc90000a0002c) user=0x3e8 (1000) group=0xffffffff (4294967295) flag=0x0 (0
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20250513115032.3e0b97f7@gandalf.local.home
Fixes: 5f3b6e839f ("ring-buffer: Validate boot range memory events")
Reported-by: Tasos Sahanidis <tasos@tasossah.com>
Tested-by: Tasos Sahanidis <tasos@tasossah.com>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e333332657f615ac2b55aa35565c4a882018bbe9 upstream.
When using the stacktrace trigger command to trace syscalls, the
preemption count was consistently reported as 1 when the system call
event itself had 0 (".").
For example:
root@ubuntu22-vm:/sys/kernel/tracing/events/syscalls/sys_enter_read
$ echo stacktrace > trigger
$ echo 1 > enable
sshd-416 [002] ..... 232.864910: sys_read(fd: a, buf: 556b1f3221d0, count: 8000)
sshd-416 [002] ...1. 232.864913: <stack trace>
=> ftrace_syscall_enter
=> syscall_trace_enter
=> do_syscall_64
=> entry_SYSCALL_64_after_hwframe
The root cause is that the trace framework disables preemption in __DO_TRACE before
invoking the trigger callback.
Use the tracing_gen_ctx_dec() that will accommodate for the increase of
the preemption count in __DO_TRACE when calling the callback. The result
is the accurate reporting of:
sshd-410 [004] ..... 210.117660: sys_read(fd: 4, buf: 559b725ba130, count: 40000)
sshd-410 [004] ..... 210.117662: <stack trace>
=> ftrace_syscall_enter
=> syscall_trace_enter
=> do_syscall_64
=> entry_SYSCALL_64_after_hwframe
Cc: stable@vger.kernel.org
Fixes: ce33c845b0 ("tracing: Dump stacktrace trigger to the corresponding instance")
Link: https://lore.kernel.org/20250512094246.1167956-1-dolinux.peng@gmail.com
Signed-off-by: pengdonglin <dolinux.peng@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit fd837de3c9cb1a162c69bc1fb1f438467fe7f2f5 ]
Since the shared trace_probe_log variable can be accessed and
modified via probe event create operation of kprobe_events,
uprobe_events, and dynamic_events, it should be protected.
In the dynamic_events, all operations are serialized by
`dyn_event_ops_mutex`. But kprobe_events and uprobe_events
interfaces are not serialized.
To solve this issue, introduces dyn_event_create(), which runs
create() operation under the mutex, for kprobe_events and
uprobe_events. This also uses lockdep to check the mutex is
held when using trace_probe_log* APIs.
Link: https://lore.kernel.org/all/174684868120.551552.3068655787654268804.stgit@devnote2/
Reported-by: Paul Cacheux <paulcacheux@gmail.com>
Closes: https://lore.kernel.org/all/20250510074456.805a16872b591e2971a4d221@kernel.org/
Fixes: ab105a4fb8 ("tracing: Use tracing error_log with probe events")
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 69 out of 278 changes, affecting 88 files +585/-290
0b603e7759 tracing: Add __print_dynamic_array() helper [3 files, +15/-1]
0312735402 tracing: Verify event formats that have "%*p.." [2 files, +13/-2]
1c9798bf81 mm/vmscan: don't try to reclaim hwpoison folio [1 file, +7/-0]
db3b3964af PM: EM: use kfree_rcu() to simplify the code [1 file, +1/-9]
9d5752b853 PM: EM: Address RCU-related sparse warnings [2 files, +26/-25]
3e12e8c273 block: remove the write_hint field from struct request [4 files, +13/-12]
ed7535b141 block: remove the ioprio field from struct request [4 files, +11/-15]
2afa5ea7c4 block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone [1 file, +1/-0]
46d3575209 PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends [1 file, +6/-12]
35ba7b2d4d PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads [2 files, +5/-0]
16c8aa5de1 dma/contiguous: avoid warning about unused size_bytes [1 file, +1/-2]
7ccfadfb25 cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() [1 file, +8/-2]
28fbd7b13b cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() [1 file, +10/-3]
7d002f5914 scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() [1 file, +5/-7]
5d92e582d1 cgroup/cpuset-v1: Add missing support for cpuset_v2_mode [1 file, +29/-0]
29daa63f2c scsi: core: Clear flags for scsi_cmnd that did not complete [1 file, +5/-1]
eeab661803 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() [1 file, +2/-0]
41143e7105 net: phy: leds: fix memory leak [1 file, +13/-10]
0ceef62a32 tipc: fix NULL pointer dereference in tipc_mon_reinit_self() [1 file, +2/-1]
a61afd5482 fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() [1 file, +36/-33]
7f24ea6a46 block: never reduce ra_pages in blk_apply_bdi_limits [1 file, +7/-1]
3decda1a3c splice: remove duplicate noinline from pipe_clear_nowait [1 file, +1/-1]
30c0d6e778 virtio_console: fix missing byte order handling for cols and rows [1 file, +4/-3]
c2a6b4d78c net: selftests: initialize TCP header and skb payload with zero [1 file, +13/-5]
3939d6f29d irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() [1 file, +1/-1]
7a8a6b627f io_uring: fix 'sync' handling of io_fallback_tw() [1 file, +7/-6]
1f439fe4d8 scsi: Improve CDL control [1 file, +24/-12]
3670dee376 char: misc: register chrdev region with all possible minors [1 file, +1/-1]
ea0d806b94 USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe [2 files, +7/-0]
1777714865 xhci: Limit time spent with xHC interrupts disabled during bus resume [3 files, +20/-16]
bce3055b08 usb: xhci: Fix invalid pointer dereference in Etron workaround [1 file, +1/-1]
52a7c9d930 usb: dwc3: gadget: check that event count does not exceed event buffer length [1 file, +6/-0]
9924ee1bcd usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive [1 file, +3/-0]
d85b7af3bd usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive [1 file, +3/-0]
3e52ae347e USB: VLI disk crashes if LPM is used [1 file, +3/-0]
0486de3c1b crypto: null - Use spin lock instead of mutex [1 file, +26/-13]
7758e308ae bpf: Fix kmemleak warning for percpu hashmap [1 file, +3/-3]
c5c833f637 bpf: Fix deadlock between rcu_tasks_trace and event_mutex. [1 file, +4/-3]
4139072087 clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() [1 file, +4/-0]
4131411f42 bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage [1 file, +6/-5]
b817d2bfd6 bpf: Reject attaching fexit/fmod_ret to __noreturn functions [1 file, +32/-0]
2ecae00138 usb: dwc3: gadget: Refactor loop to avoid NULL endpoints [1 file, +18/-4]
cbfa55bda1 usb: xhci: Complete 'error mid TD' transfers when handling Missed Service [1 file, +5/-1]
16a7a8e6c4 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling [1 file, +14/-6]
635be13606 xhci: Handle spurious events on Etron host isoc enpoints [2 files, +27/-13]
9ff59cb815 usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running [1 file, +7/-4]
0485bdf88f objtool, panic: Disable SMAP in __stack_chk_fail() [2 files, +10/-1]
c548f95688 9p/net: fix improper handling of bogus negative read/write replies [1 file, +16/-14]
18296b5951 9p/trans_fd: mark concurrent read and writes to p9_conn->err [1 file, +10/-7]
3568fd9e44 io_uring: always do atomic put from iowq [2 files, +8/-1]
90dc6c1e3b perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init [1 file, +3/-3]
24ede35eb2 nvme: requeue namespace scan on missed AENs [1 file, +4/-0]
b9c89c97d7 nvme: re-read ANA log page after ns scan completes [1 file, +5/-0]
ee5521176a nvme: multipath: fix return value of nvme_available_path [1 file, +1/-1]
5e58b93a12 gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment [1 file, +3/-3]
9f8eeac3a6 timekeeping: Add a lockdep override in tick_freeze() [1 file, +22/-0]
b14d986413 iommu: Clear iommu-dma ops on cleanup [1 file, +3/-0]
b626bc3c1d ext4: make block validity check resistent to sb bh corruption [2 files, +6/-6]
2ef6eea2ef netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS [1 file, +4/-0]
d53b2d49a8 iomap: skip unnecessary ifs_block_is_uptodate check [1 file, +1/-1]
bfc66c4c28 Revert "drivers: core: synchronize really_probe() and dev_uevent()" [1 file, +0/-3]
de7c24febd usb: typec: class: Fix NULL pointer access [2 files, +14/-2]
45314999f9 ext4: goto right label 'out_mmap_sem' in ext4_setattr() [1 file, +1/-1]
40966fc993 usb: typec: class: Invalidate USB device pointers on partner unregistration [1 file, +6/-2]
4833d0a92b iommu: Handle race with default domain setup [1 file, +5/-0]
1042d22942 nvme: fixup scan failure for non-ANA multipath controllers [1 file, +1/-1]
1b7647efad usb: xhci: Fix Short Packet handling rework ignoring errors [1 file, +1/-1]
ab5281d21e usb: typec: class: Unlocked on error in typec_register_partner() [1 file, +1/-0]
6b9ebcbd31 mq-deadline: don't call req_get_ioprio from the I/O completion handler [1 file, +4/-9]
Changes in 6.12.26
module: sign with sha512 instead of sha1 by default
tracing: Add __print_dynamic_array() helper
tracing: Verify event formats that have "%*p.."
mm/vmscan: don't try to reclaim hwpoison folio
soc: qcom: ice: introduce devm_of_qcom_ice_get
mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get
PM: EM: use kfree_rcu() to simplify the code
PM: EM: Address RCU-related sparse warnings
media: i2c: imx214: Use subdev active state
media: i2c: imx214: Simplify with dev_err_probe()
media: i2c: imx214: Convert to CCI register access helpers
media: i2c: imx214: Replace register addresses with macros
media: i2c: imx214: Check number of lanes from device tree
media: i2c: imx214: Fix link frequency validation
media: ov08x40: Move ov08x40_identify_module() function up
media: ov08x40: Add missing ov08x40_identify_module() call on stream-start
block: remove the write_hint field from struct request
block: remove the ioprio field from struct request
block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone
net: dsa: mv88e6xxx: fix VTU methods for 6320 family
iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check
iio: adc: ad7768-1: Fix conversion result sign
arm64: dts: ti: Refactor J784s4 SoC files to a common file
arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks
of: resolver: Simplify of_resolve_phandles() using __free()
of: resolver: Fix device node refcount leakage in of_resolve_phandles()
scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get
PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag
PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends
PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
accel/ivpu: Add auto selection logic for job scheduler
accel/ivpu: Fix the NPU's DPU frequency calculation
ksmbd: use __GFP_RETRY_MAYFAIL
ksmbd: add netdev-up/down event debug print
ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
ksmbd: fix use-after-free in __smb2_lease_break_noti()
scsi: ufs: exynos: Remove empty drv_init method
scsi: ufs: exynos: Remove superfluous function parameter
scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster
scsi: ufs: exynos: Move UFS shareability value to drvdata
scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
drm/xe/bmg: Add one additional PCI ID
drm/amd/display: Fix unnecessary cast warnings from checkpatch
drm/amd/display/dml2: use vzalloc rather than kzalloc
lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP
ceph: Fix incorrect flush end position calculation
cpufreq: sun50i: prevent out-of-bounds access
dma/contiguous: avoid warning about unused size_bytes
cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()
cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
cpufreq: cppc: Fix invalid return value in .get() callback
cpufreq: Do not enable by default during compile testing
cpufreq: fix compile-test defaults
btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
btrfs: zoned: return EIO on RAID1 block group write pointer mismatch
cgroup/cpuset-v1: Add missing support for cpuset_v2_mode
vhost-scsi: Add better resource allocation failure handling
vhost-scsi: Fix vhost_scsi_send_bad_target()
vhost-scsi: Fix vhost_scsi_send_status()
net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
net/mlx5: Move ttc allocation after switch case to prevent leaks
scsi: core: Clear flags for scsi_cmnd that did not complete
scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
net: lwtunnel: disable BHs when required
net: phy: leds: fix memory leak
tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration
fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
net_sched: hfsc: Fix a UAF vulnerability in class handling
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
net: dsa: mt7530: sync driver-specific behavior of MT7531 variants
pds_core: Prevent possible adminq overflow/stuck condition
pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
pds_core: Remove unnecessary check in pds_client_adminq_cmd()
pds_core: make wait_context part of q_info
block: never reduce ra_pages in blk_apply_bdi_limits
iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
riscv: Replace function-like macro by static inline function
riscv: uprobes: Add missing fence.i after building the XOL buffer
splice: remove duplicate noinline from pipe_clear_nowait
bpf: Add namespace to BPF internal symbols
perf/x86: Fix non-sampling (counting) events on certain x86 platforms
LoongArch: Select ARCH_USE_MEMTEST
LoongArch: Make regs_irqs_disabled() more clear
LoongArch: Make do_xyz() exception handlers more robust
KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature
netfilter: fib: avoid lookup if socket is available
virtio_console: fix missing byte order handling for cols and rows
sched_ext: Use kvzalloc for large exit_dump allocation
crypto: atmel-sha204a - Set hwrng quality to lowest possible
xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
net: selftests: initialize TCP header and skb payload with zero
net: phy: microchip: force IRQ polling mode for lan88xx
scsi: mpi3mr: Fix pending I/O counter
rust: firmware: Use `ffi::c_char` type in `FwFunc`
drm: panel: jd9365da: fix reset signal polarity in unprepare
drm/amd/display: Fix gpu reset in multidisplay config
drm/amd/display: Force full update in gpu reset
x86/insn: Fix CTEST instruction decoding
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
LoongArch: Handle fp, lsx, lasx and lbt assembly symbols
LoongArch: Return NULL from huge_pte_offset() for invalid PMD
LoongArch: Remove a bogus reference to ZONE_DMA
LoongArch: KVM: Fully clear some CSRs when VM reboot
LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally
io_uring: fix 'sync' handling of io_fallback_tw()
KVM: SVM: Allocate IR data using atomic allocation
cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports
mcb: fix a double free bug in chameleon_parse_gdd()
ata: libata-scsi: Improve CDL control
ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type
ata: libata-scsi: Fix ata_msense_control_ata_feature()
USB: storage: quirk for ADATA Portable HDD CH94
scsi: Improve CDL control
mei: me: add panther lake H DID
mei: vsc: Fix fortify-panic caused by invalid counted_by() use
KVM: x86: Explicitly treat routing entry type changes as changes
KVM: x86: Reset IRTE to host control if *new* route isn't postable
KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
char: misc: register chrdev region with all possible minors
misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration
misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack
firmware: stratix10-svc: Add of_platform_default_populate()
tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
serial: msm: Configure correct working mode before starting earlycon
serial: sifive: lock port in startup()/shutdown() callbacks
USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
USB: serial: option: add Sierra Wireless EM9291
USB: serial: simple: add OWON HDS200 series oscilloscope support
xhci: Limit time spent with xHC interrupts disabled during bus resume
usb: xhci: Fix invalid pointer dereference in Etron workaround
usb: cdns3: Fix deadlock when using NCM gadget
usb: chipidea: ci_hdrc_imx: fix usbmisc handling
usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
usb: dwc3: gadget: check that event count does not exceed event buffer length
usb: dwc3: xilinx: Prevent spike in reset signal
usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
USB: VLI disk crashes if LPM is used
USB: wdm: handle IO errors in wdm_wwan_port_start
USB: wdm: close race between wdm_open and wdm_wwan_port_stop
USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
USB: wdm: add annotation
selftests/bpf: Fix stdout race condition in traffic monitor
pinctrl: renesas: rza2: Fix potential NULL pointer dereference
pinctrl: mcp23s08: Get rid of spurious level interrupts
MIPS: cm: Detect CM quirks from device tree
crypto: ccp - Add support for PCI device 0x1134
crypto: lib/Kconfig - Fix lib built-in failure when arch is modular
crypto: null - Use spin lock instead of mutex
bpf: Fix kmemleak warning for percpu hashmap
bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
parisc: PDT: Fix missing prototype warning
s390/sclp: Add check for get_zeroed_page()
s390/tty: Fix a potential memory leak bug
bpf: bpftool: Setting error code in do_loader()
bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage
bpf: Reject attaching fexit/fmod_ret to __noreturn functions
mailbox: pcc: Fix the possible race in updation of chan_in_use flag
mailbox: pcc: Always clear the platform ack interrupt first
usb: host: max3421-hcd: Add missing spi_device_id table
fs/ntfs3: Keep write operations atomic
fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
usb: xhci: Complete 'error mid TD' transfers when handling Missed Service
usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
xhci: Handle spurious events on Etron host isoc enpoints
i3c: master: svc: Add support for Nuvoton npcm845 i3c
dmaengine: dmatest: Fix dmatest waiting less when interrupted
usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init
usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func
thunderbolt: Scan retimers after device router has been enumerated
um: work around sched_yield not yielding in time-travel mode
objtool: Silence more KCOV warnings
objtool, panic: Disable SMAP in __stack_chk_fail()
objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler()
objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc()
objtool, lkdtm: Obfuscate the do_nothing() pointer
qibfs: fix _another_ leak
ntb: reduce stack usage in idt_scan_mws
ntb_hw_amd: Add NTB PCI ID for new gen CPU
9p/net: fix improper handling of bogus negative read/write replies
9p/trans_fd: mark concurrent read and writes to p9_conn->err
rtc: pcf85063: do a SW reset if POR failed
io_uring: always do atomic put from iowq
kbuild: add dependency from vmlinux to sorttable
sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
KVM: s390: Don't use %pK through tracepoints
KVM: s390: Don't use %pK through debug printing
cgroup/cpuset: Don't allow creation of local partition over a remote one
selftests: ublk: fix test_stripe_04
perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
xen: Change xen-acpi-processor dom0 dependency
nvme: requeue namespace scan on missed AENs
ACPI: EC: Set ec_no_wakeup for Lenovo Go S
ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
drm/amdgpu: Increase KIQ invalidate_tlbs timeout
drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406
nvme: re-read ANA log page after ns scan completes
nvme: multipath: fix return value of nvme_available_path
objtool: Stop UNRET validation on UD2
gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment
x86/xen: disable CPU idle and frequency drivers for PVH dom0
selftests/mincore: Allow read-ahead pages to reach the end of the file
x86/bugs: Use SBPB in write_ibpb() if applicable
x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
x86/bugs: Don't fill RSB on context switch with eIBRS
nvmet-fc: take tgtport reference only once
nvmet-fc: put ref when assoc->del_work is already scheduled
cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode
timekeeping: Add a lockdep override in tick_freeze()
cifs: Fix querying of WSL CHR and BLK reparse points over SMB1
iommu: Clear iommu-dma ops on cleanup
ext4: make block validity check resistent to sb bh corruption
scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init()
scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO
scsi: ufs: exynos: Move phy calls to .exit() callback
scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend()
scsi: pm80xx: Set phy_attached to zero when device is gone
ASoC: fsl_asrc_dma: get codec or cpu dai from backend
x86/i8253: Call clockevent_i8253_disable() with interrupts disabled
netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
iomap: skip unnecessary ifs_block_is_uptodate check
riscv: Provide all alternative macros all the time
ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"
spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts
spi: tegra210-quad: add rate limiting and simplify timeout error message
ubsan: Fix panic from test_ubsan_out_of_bounds
x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores
md/raid1: Add check for missing source disk in process_checks()
drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4
drm/amdgpu: Use the right function for hdp flush
spi: spi-imx: Add check for spi_imx_setupxfer()
Revert "drivers: core: synchronize really_probe() and dev_uevent()"
driver core: introduce device_set_driver() helper
driver core: fix potential NULL pointer dereference in dev_uevent()
xfs: do not check NEEDSREPAIR if ro,norecovery mount.
xfs: Do not allow norecovery mount with quotacheck
xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate
xfs: flush inodegc before swapon
selftests/bpf: fix bpf_map_redirect call for cpu map test
selftests/bpf: make xdp_cpumap_attach keep redirect prog attached
selftests/bpf: check program redirect in xdp_cpumap_attach
selftests/bpf: Adjust data size to have ETH_HLEN
usb: typec: class: Fix NULL pointer access
vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
comedi: jr3_pci: Fix synchronous deletion of timer
ext4: goto right label 'out_mmap_sem' in ext4_setattr()
usb: typec: class: Invalidate USB device pointers on partner unregistration
Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family"
net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
net: dsa: mv88e6xxx: enable PVT for 6321 switch
net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
net: dsa: mv88e6xxx: enable STU methods for 6320 family
iommu: Handle race with default domain setup
crypto: lib/Kconfig - Hide arch options from user
media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl()
MIPS: cm: Fix warning if MIPS_CM is disabled
nvme: fixup scan failure for non-ANA multipath controllers
usb: xhci: Fix Short Packet handling rework ignoring errors
objtool: Ignore end-of-section jumps for KCOV/GCOV
objtool: Silence more KCOV warnings, part 2
usb: typec: class: Unlocked on error in typec_register_partner()
crypto: Kconfig - Select LIB generic option
arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size
mq-deadline: don't call req_get_ioprio from the I/O completion handler
Linux 6.12.26
Change-Id: Iff5be8c388b8b915652fafb787156a4653f060aa
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 33 out of 218 changes, affecting 50 files +373/-248
5ec9039702 driver core: bus: add irq_get_affinity callback to bus_type [1 file, +3/-0]
fe2bdefe86 blk-mq: introduce blk_mq_map_hw_queues [2 files, +39/-0]
6ad0acb56b Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address [1 file, +3/-2]
d49798ecd2 Bluetooth: l2cap: Check encryption key size on incoming connection [1 file, +2/-1]
b02c2ac2f3 ipv6: add exception routes to GC list in rt6_insert_exception [1 file, +1/-0]
61765e1b41 ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() [1 file, +1/-1]
41e43134dd block: fix resource leak in blk_register_queue() error path [1 file, +2/-0]
0175902f6e loop: aio inherit the ioprio of original request [1 file, +1/-1]
78253d44e9 loop: stop using vfs_iter_{read,write} for buffered I/O [1 file, +17/-95]
28da4dd840 writeback: fix false warning in inode_to_wb() [1 file, +1/-0]
f2e2926e9e Revert "PCI: Avoid reset when disabled via sysfs" [1 file, +0/-4]
569bbe2fc7 Bluetooth: l2cap: Process valid commands in too long frame [1 file, +17/-1]
694521cb3f loop: properly send KOBJ_CHANGED uevent for disk device [1 file, +2/-2]
c45ba83935 loop: LOOP_SET_FD: send uevents for partitions [1 file, +2/-1]
4f34d6f979 mm/compaction: fix bug in hugetlb handling pathway [1 file, +3/-3]
b609a60e31 mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() [1 file, +2/-2]
8338e0723f mm: fix filemap_get_folios_contig returning batches of identical folios [1 file, +1/-0]
029458063e mm: fix apply_to_existing_page_range() [1 file, +2/-2]
b9e3579213 ovl: don't allow datadir only [1 file, +5/-0]
8baa747193 slab: ensure slab->obj_exts is clear in a newly allocated slab page [1 file, +10/-0]
5f878db827 string: Add load_unaligned_zeropad() code path to sized_strscpy() [1 file, +10/-3]
5683eaf4ee tracing: Fix filter string testing [1 file, +2/-2]
c3e31d6139 virtiofs: add filesystem context source name check [1 file, +3/-0]
c1a485c46c cpufreq: Reference count policy in cpufreq_update_limits() [1 file, +8/-0]
5b34f40cda block: remove rq_list_move [1 file, +0/-17]
2ad0f19a4e block: add a rq_list type [11 files, +104/-88]
7e2d224939 block: don't reorder requests in blk_add_rq_to_plug [3 files, +4/-4]
b906c1ad25 mm/vma: add give_up_on_oom option on modify/merge, use in uffd release [3 files, +53/-7]
d30b9c5950 bpf: add find_containing_subprog() utility function [1 file, +24/-4]
1d572c6048 bpf: track changes_pkt_data property for global functions [2 files, +32/-1]
3846e2bea5 bpf: check changes_pkt_data property for extension programs [2 files, +13/-4]
f0946dcccb bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs [1 file, +5/-2]
f78507c1ef block: make struct rq_list available for !CONFIG_BLOCK [1 file, +1/-1]
Changes in 6.12.25
scsi: hisi_sas: Enable force phy when SATA disk directly connected
wifi: at76c50x: fix use after free access in at76_disconnect
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
wifi: wl1251: fix memory leak in wl1251_tx_work
scsi: iscsi: Fix missing scsi_host_put() in error path
driver core: bus: add irq_get_affinity callback to bus_type
blk-mq: introduce blk_mq_map_hw_queues
scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues
scsi: smartpqi: Use is_kdump_kernel() to check for kdump
md/raid10: fix missing discard IO accounting
md/md-bitmap: fix stats collection for external bitmaps
ASoC: dwc: always enable/disable i2s irqs
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
crypto: tegra - remove redundant error check on ret
crypto: tegra - Do not use fixed size buffers
crypto: tegra - Fix IV usage for AES ECB
ovl: remove unused forward declaration
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
RDMA/hns: Fix wrong maximum DMA segment size
ALSA: hda/cirrus_scodec_test: Don't select dependencies
ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA
ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
ASoC: cs42l43: Reset clamp override on jack removal
RDMA/core: Silence oversized kvmalloc() warning
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Bluetooth: btrtl: Prevent potential NULL dereference
Bluetooth: l2cap: Check encryption key size on incoming connection
ipv6: add exception routes to GC list in rt6_insert_exception
xen: fix multicall debug feature
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
igc: fix PTM cycle trigger logic
igc: increase wait time before retrying PTM
igc: move ktime snapshot into PTM retry loop
igc: handle the IGC_PTP_ENABLED flag correctly
igc: cleanup PTP module if probe fails
igc: add lock preventing multiple simultaneous PTM transactions
dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry
smc: Fix lockdep false-positive for IPPROTO_SMC.
test suite: use %zu to print size_t
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
net: mctp: Set SOCK_RCU_FREE
block: fix resource leak in blk_register_queue() error path
netlink: specs: ovs_vport: align with C codegen capabilities
net: openvswitch: fix nested key length validation in the set() action
can: rockchip_canfd: fix broken quirks checks
net: ngbe: fix memory leak in ngbe_probe() error path
net: ethernet: ti: am65-cpsw: fix port_np reference counting
eth: bnxt: fix missing ring index trim on error path
loop: aio inherit the ioprio of original request
loop: stop using vfs_iter_{read,write} for buffered I/O
ata: libata-sata: Save all fields from sense data descriptor
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
netlink: specs: rt-link: add an attr layer around alt-ifname
netlink: specs: rt-link: adjust mctp attribute naming
net: b53: enable BPDU reception for management port
net: bridge: switchdev: do not notify new brentries as changed
net: txgbe: fix memory leak in txgbe_probe() error path
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
net: dsa: clean up FDB, MDB, VLAN entries on unbind
net: dsa: free routing table on probe failure
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
net: ti: icss-iep: Add pwidth configuration for perout signal
net: ti: icss-iep: Add phase offset configuration for perout signal
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
net: ethernet: mtk_eth_soc: reapply mdc divider on reset
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
riscv: Use kvmalloc_array on relocation_hashtable
riscv: Properly export reserved regions in /proc/iomem
riscv: module: Fix out-of-bounds relocation access
riscv: module: Allocate PLT entries for R_RISCV_PLT32
kunit: qemu_configs: SH: Respect kunit cmdline
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0
rust: kasan/kbuild: fix missing flags on first build
rust: disable `clippy::needless_continue`
rust: kbuild: use `pound` to support GNU Make < 4.3
writeback: fix false warning in inode_to_wb()
Revert "PCI: Avoid reset when disabled via sysfs"
ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
asus-laptop: Fix an uninitialized variable
block: integrity: Do not call set_page_dirty_lock()
drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later
dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline()
nfs: add missing selections of CONFIG_CRC32
nfsd: decrease sc_count directly if fail to queue dl_recall
i2c: atr: Fix wrong include
ftrace: fix incorrect hash size in register_ftrace_direct()
drm/msm/a6xx+: Don't let IB_SIZE overflow
Bluetooth: l2cap: Process valid commands in too long frame
Bluetooth: vhci: Avoid needless snprintf() calls
btrfs: correctly escape subvol in btrfs_show_options()
cpufreq/sched: Explicitly synchronize limits_changed flag handling
crypto: caam/qi - Fix drv_ctx refcount bug
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
i2c: cros-ec-tunnel: defer probe if parent EC is not present
isofs: Prevent the use of too small fid
loop: properly send KOBJ_CHANGED uevent for disk device
loop: LOOP_SET_FD: send uevents for partitions
mm/compaction: fix bug in hugetlb handling pathway
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
mm: fix filemap_get_folios_contig returning batches of identical folios
mm: fix apply_to_existing_page_range()
ovl: don't allow datadir only
ksmbd: Fix dangling pointer in krb_authenticate
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
ksmbd: Prevent integer overflow in calculation of deadtime
ksmbd: fix the warning from __kernel_write_iter
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Revert "smb: client: fix TCP timers deadlock after rmmod"
riscv: Avoid fortify warning in syscall_get_arguments()
selftests/mm: generate a temporary mountpoint for cgroup filesystem
slab: ensure slab->obj_exts is clear in a newly allocated slab page
smb3 client: fix open hardlink on deferred close file error
string: Add load_unaligned_zeropad() code path to sized_strscpy()
tracing: Fix filter string testing
virtiofs: add filesystem context source name check
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
x86/cpu/amd: Fix workaround for erratum 1054
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
scsi: ufs: exynos: Ensure consistent phy reference counts
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
RAS/AMD/ATL: Include row[13] bit in row retirement
RAS/AMD/FMPM: Get masked address
platform/x86: amd: pmf: Fix STT limits
perf/x86/intel: Allow to update user space GPRs from PEBS records
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
drm/repaper: fix integer overflows in repeat functions
drm/ast: Fix ast_dp connection status
drm/msm/dsi: Add check for devm_kstrdup()
drm/msm/a6xx: Fix stale rpmh votes from GPU
drm/amdgpu: Prefer shadow rom when available
drm/amd/display: prevent hang on link training fail
drm/amd: Handle being compiled without SI or CIK support better
drm/amd/display: Actually do immediate vblank disable
drm/amd/display: Increase vblank offdelay for PSR panels
drm/amd/pm: Prevent division by zero
drm/amd/pm/powerplay: Prevent division by zero
drm/amd/pm/smu11: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
drm/amdgpu/mes12: optimize MES pipe FW version fetching
drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed
drm/xe: Use local fence in error path of xe_migrate_clear
drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1
drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()
drm/amd/display: Protect FPU in dml21_copy()
drm/amdgpu/mes11: optimize MES pipe FW version fetching
drm/amdgpu/dma_buf: fix page_link check
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
drm/imagination: fix firmware memory leaks
drm/imagination: take paired job reference
drm/sti: remove duplicate object names
drm/xe: Fix an out-of-bounds shift when invalidating TLB
drm/i915/gvt: fix unterminated-string-initialization warning
drm/amdgpu: immediately use GTT for new allocations
drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes()
drm/amd/display: Protect FPU in dml2_init()/dml21_init()
drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1
drm/xe/dma_buf: stop relying on placement in unmap
drm/xe/userptr: fix notifier vs folio deadlock
drm/xe: Set LRC addresses before guc load
drm/amdgpu: fix warning of drm_mm_clean
drm/mgag200: Fix value in <VBLKSTR> register
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
arm64/sysreg: Add register fields for HDFGRTR2_EL2
arm64/sysreg: Add register fields for HDFGWTR2_EL2
arm64/sysreg: Add register fields for HFGITR2_EL2
arm64/sysreg: Add register fields for HFGRTR2_EL2
arm64/sysreg: Add register fields for HFGWTR2_EL2
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
cpufreq: Reference count policy in cpufreq_update_limits()
scripts: generate_rust_analyzer: Add ffi crate
kbuild: Add '-fno-builtin-wcslen'
platform/x86: msi-wmi-platform: Rename "data" variable
platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug
md: fix mddev uaf while iterating all_mddevs list
selftests/bpf: Fix raw_tp null handling test
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
LoongArch: Eliminate superfluous get_numa_distances_cnt()
drm/amd/display: Temporarily disable hostvm on DCN31
nvmet-fc: Remove unused functions
block: remove rq_list_move
block: add a rq_list type
block: don't reorder requests in blk_add_rq_to_plug
mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"
MIPS: dec: Declare which_prom() as static
MIPS: cevt-ds1287: Add missing ds1287.h include
MIPS: ds1287: Match ds1287_set_base_clock() function types
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
bpf: add find_containing_subprog() utility function
bpf: track changes_pkt_data property for global functions
selftests/bpf: test for changing packet data from global functions
bpf: check changes_pkt_data property for extension programs
selftests/bpf: freplace tests for tracking of changes_packet_data
selftests/bpf: validate that tail call invalidates packet pointers
bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs
selftests/bpf: extend changes_pkt_data with cases w/o subprograms
block: make struct rq_list available for !CONFIG_BLOCK
Linux 6.12.25
Change-Id: Ib99b782fabf924c599a3c66bcac37febef9d422e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 98 out of 394 changes, affecting 131 files +1443/-762
40bc55e4fc cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() [1 file, +3/-3]
9701dcbf5f cgroup/cpuset: Fix error handling in remote_partition_disable() [1 file, +20/-9]
2dbd1b1660 cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in update_cpumasks_hier()" [1 file, +14/-25]
6b145f8b22 cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation [1 file, +33/-16]
1b06f00eda cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set [1 file, +19/-20]
cdb6e724e7 cgroup/cpuset: Fix race between newly created partition and dying one [4 files, +25/-4]
179ef2f810 gpiolib: of: Fix the choice for Ingenic NAND quirk [1 file, +2/-0]
cb8372e54f ublk: refactor recovery configuration flag helpers [1 file, +42/-20]
caa5c8a235 ublk: fix handling recovery & reissue in ublk_abort_queue() [1 file, +26/-4]
7c5957f790 tipc: fix memory leak in tipc_link_xmit [1 file, +1/-0]
4d55144b12 codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() [2 files, +3/-8]
b2f3c3d57a tc: Ensure we have enough buffer space when sending filter netlink notifications [1 file, +45/-21]
a065b99605 net: ethtool: Don't call .cleanup_data when prepare_data fails [1 file, +5/-3]
70449ca406 net_sched: sch_sfq: use a temporary work area for validating configuration [1 file, +44/-12]
f86293adce net_sched: sch_sfq: move the limit validation [1 file, +6/-4]
6d98cd6342 net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() [1 file, +13/-13]
a6ed6f8ec8 net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY [1 file, +29/-2]
cc16f7402a ipv6: Align behavior across nexthops during path selection [1 file, +4/-4]
c61feda373 perf/core: Add aux_pause, aux_resume, aux_start_paused [4 files, +110/-5]
7ef5aa081f perf/core: Simplify the perf_event_alloc() error path [2 files, +78/-76]
fa1827fa96 perf: Fix hang while freeing sigtrap event [2 files, +18/-47]
52535688c2 fs: consistently deref the files table with rcu_dereference_raw() [1 file, +17/-9]
67e85cfa95 umount: Allow superblock owners to force umount [1 file, +2/-1]
1b3ebfb15d perf: arm_pmu: Don't disable counter in armpmu_add() [1 file, +3/-5]
11ae4fec1f PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() [1 file, +3/-3]
ead1fc9f93 Flush console log from kernel_power_off() [3 files, +8/-3]
cb58e90920 arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD [1 file, +2/-0]
3c057a4904 media: uvcvideo: Add quirk for Actions UVC05 [1 file, +9/-0]
cb1c6cb110 ALSA: usb-audio: Fix CME quirk for UF series keyboards [1 file, +74/-6]
a6bf0fd322 net: page_pool: don't cast mp param to devmem [1 file, +1/-1]
c6e50cb8bf f2fs: don't retry IO for corrupted data scenario [1 file, +4/-0]
de94d0ca9e net: usb: asix_devices: add FiberGecko DeviceID [1 file, +17/-0]
7204335d19 page_pool: avoid infinite loop to schedule delayed worker [1 file, +7/-1]
ecc4613316 f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() [1 file, +8/-1]
5f815757e6 ext4: protect ext4_release_dquot against freezing [1 file, +17/-0]
aa39d45071 Revert "f2fs: rebuild nat_bits during umount" [3 files, +59/-95]
eb59cc31b6 ext4: ignore xattrs past end [1 file, +10/-1]
a8a8076210 cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk [3 files, +19/-0]
299d7d27af net: vlan: don't propagate flags on open [1 file, +4/-27]
40c70ff44b tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER [1 file, +3/-1]
6b7a32fa9b Bluetooth: hci_uart: fix race during initialization [1 file, +2/-1]
fe6f1f349d Bluetooth: hci_qca: use the power sequencer for wcn6750 [1 file, +1/-1]
feed98579d Bluetooth: qca: simplify WCN399x NVM loading [1 file, +6/-7]
035e1bffc0 Bluetooth: Add quirk for broken READ_VOICE_SETTING [3 files, +15/-0]
09246dfb5c Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE [2 files, +10/-1]
044c1b3528 drm: allow encoder mode_set even when connectors change for crtc [1 file, +1/-1]
df33b535f0 drm: panel-orientation-quirks: Add support for AYANEO 2S [1 file, +2/-2]
6fe4ed94ee drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB [1 file, +18/-0]
5dd6fdb889 drm: panel-orientation-quirks: Add quirk for AYA NEO Slide [1 file, +6/-0]
a64e097426 drm: panel-orientation-quirks: Add new quirk for GPD Win 2 [1 file, +6/-0]
ba5a998f84 drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) [1 file, +12/-0]
f04612890c drm/debugfs: fix printk format for bridge index [1 file, +1/-1]
b22cb42a5e drm/bridge: panel: forbid initializing a panel with unknown connector type [1 file, +4/-1]
1c38108a49 drivers: base: devres: Allow to release group on device release [1 file, +7/-0]
8feefd106a PCI: Enable Configuration RRS SV early [1 file, +5/-3]
73d2b96250 PCI: Check BAR index for validity [4 files, +57/-10]
9a6be23eb0 tracing: probe-events: Add comments about entry data storing code [1 file, +28/-0]
7b9bdd7059 erofs: set error to bio if file-backed IO fails [1 file, +2/-0]
806908d5d9 bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags [1 file, +44/-36]
dd3edffae8 ext4: don't treat fhandle lookup of ea_inode as FS corruption [1 file, +48/-20]
2ff58c5b26 arm64: cputype: Add MIDR_CORTEX_A76AE [1 file, +2/-0]
4af2858435 arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list [1 file, +1/-0]
3b0f2526c8 arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB [2 files, +102/-102]
20c105f587 arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list [1 file, +3/-0]
c322789613 KVM: arm64: Tear down vGIC on failed vCPU creation [1 file, +5/-1]
baea1762cd media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() [1 file, +2/-2]
0828d6e9ad io_uring/net: fix accept multishot handling [1 file, +2/-0]
b7c6d081c1 io_uring/net: fix io_req_post_cqe abuse by send bundle [3 files, +6/-2]
3e0356857e io_uring/kbuf: reject zero sized provided buffers [1 file, +2/-0]
16d9067f00 ext4: fix off-by-one error in do_split [1 file, +1/-1]
a1dde7457d f2fs: fix to avoid atomicity corruption of atomic file [2 files, +5/-3]
e6bba32857 i3c: Add NULL pointer check in i3c_master_queue_ibi() [1 file, +3/-0]
9eaec071f1 jbd2: remove wrong sb->s_sequence check [1 file, +0/-1]
eec737e17e arm64: mops: Do not dereference src reg for a set operation [1 file, +2/-2]
1dd288783d arm64: mm: Correct the update of max_pfn [1 file, +2/-1]
5f7f6abd92 net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. [2 files, +43/-2]
53dc6b00c0 mm/rmap: reject hugetlb folios in folio_make_device_exclusive() [1 file, +1/-1]
83b6b5061e mm: make page_mapped_in_vma() hugetlb walk aware [1 file, +9/-4]
6dd8d9440f mm: fix lazy mmu docs and usage [1 file, +8/-6]
2532df0a9b mm/mremap: correctly handle partial mremap() of VMA starting at 0 [1 file, +5/-5]
cc98577f91 mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock [1 file, +1/-1]
14936034de mm/userfaultfd: fix release hang over concurrent GUP [1 file, +25/-26]
65b259e3e0 mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper [3 files, +8/-4]
9e7c37fadb sctp: detect and prevent references to a freed transport in sendmsg [3 files, +18/-9]
474b3194c8 tracing: Do not add length to print format in synthetic events [1 file, +0/-1]
74f01c2ca8 dm-verity: fix prefetch-vs-suspend race [1 file, +8/-0]
fae0a8796c KVM: Allow building irqbypass.ko as as module when kvm.ko is a module [3 files, +7/-7]
dc83eccc93 of/irq: Fix device node refcount leakage in API of_irq_parse_one() [1 file, +27/-32]
3540164c75 of/irq: Fix device node refcount leakage in API of_irq_parse_raw() [1 file, +8/-0]
29cb94963c of/irq: Fix device node refcount leakages in of_irq_count() [1 file, +3/-1]
d0f25a9977 of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() [1 file, +5/-1]
712d84459a of/irq: Fix device node refcount leakages in of_irq_init() [1 file, +3/-0]
d69ad6e1a5 PCI: Fix reference leak in pci_alloc_child_bus() [1 file, +4/-1]
9707d0c932 PCI: Fix reference leak in pci_register_host_bridge() [1 file, +7/-2]
869202291a PCI: Fix wrong length of devres array [1 file, +1/-1]
92ca7270fe ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() [1 file, +3/-2]
9ca4fe3574 arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists [1 file, +14/-1]
281782d2c6 Bluetooth: hci_uart: Fix another race during initialization [2 files, +15/-6]
Changes in 6.12.24
ASoC: Intel: adl: add 2xrt1316 audio configuration
cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask()
cgroup/cpuset: Fix error handling in remote_partition_disable()
cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in update_cpumasks_hier()"
cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation
cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set
cgroup/cpuset: Fix race between newly created partition and dying one
gpiolib: of: Fix the choice for Ingenic NAND quirk
selftests/futex: futex_waitv wouldblock test should fail
ublk: refactor recovery configuration flag helpers
ublk: fix handling recovery & reissue in ublk_abort_queue()
drm/i915: Disable RPG during live selftest
x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI
drm/xe/hw_engine: define sysfs_ops on all directories
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
tipc: fix memory leak in tipc_link_xmit
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
net: tls: explicitly disallow disconnect
octeontx2-pf: qos: fix VF root node parent queue index
tc: Ensure we have enough buffer space when sending filter netlink notifications
net: ethtool: Don't call .cleanup_data when prepare_data fails
drm/tests: modeset: Fix drm_display_mode memory leak
drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
drm/tests: cmdline: Fix drm_display_mode memory leak
drm/tests: modes: Fix drm_display_mode memory leak
drm/tests: probe-helper: Fix drm_display_mode memory leak
net: libwx: handle page_pool_dev_alloc_pages error
ata: sata_sx4: Add error handling in pdc20621_i2c_read()
drm/i915/huc: Fix fence not released on early probe errors
nvmet-fcloop: swap list_add_tail arguments
net_sched: sch_sfq: use a temporary work area for validating configuration
net_sched: sch_sfq: move the limit validation
smb: client: fix UAF in decryption with multichannel
net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend()
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
ipv6: Align behavior across nexthops during path selection
net: ppp: Add bound checking for skb data on ppp_sync_txmung
nft_set_pipapo: fix incorrect avx2 match of 5th field octet
iommu/exynos: Fix suspend/resume with IDENTITY domain
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
perf/core: Add aux_pause, aux_resume, aux_start_paused
perf/core: Simplify the perf_event_alloc() error path
perf: Fix hang while freeing sigtrap event
fs: consistently deref the files table with rcu_dereference_raw()
umount: Allow superblock owners to force umount
pm: cpupower: bench: Prevent NULL dereference on malloc failure
x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW
x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2
x86/ia32: Leave NULL selector values 0~3 unchanged
x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
perf: arm_pmu: Don't disable counter in armpmu_add()
perf/dwc_pcie: fix some unreleased resources
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Flush console log from kernel_power_off()
arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
xen/mcelog: Add __nonstring annotations for unterminated strings
zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault
platform/chrome: cros_ec_lpc: Match on Framework ACPI device
ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
HID: pidff: Convert infinite length from Linux API to PID standard
HID: pidff: Do not send effect envelope if it's empty
HID: pidff: Add MISSING_DELAY quirk and its detection
HID: pidff: Add MISSING_PBO quirk and its detection
HID: pidff: Add PERMISSIVE_CONTROL quirk
HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol
HID: pidff: Add FIX_WHEEL_DIRECTION quirk
HID: Add hid-universal-pidff driver and supported device ids
HID: pidff: Add PERIODIC_SINE_ONLY quirk
HID: pidff: Fix null pointer dereference in pidff_find_fields
ASoC: amd: ps: use macro for ACP6.3 pci revision id
ALSA: hda: intel: Fix Optimus when GPU has no sound
ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
ASoC: fsl_audmix: register card device depends on 'dais' property
media: uvcvideo: Add quirk for Actions UVC05
media: s5p-mfc: Corrected NV12M/NV21M plane-sizes
mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
ALSA: usb-audio: Fix CME quirk for UF series keyboards
ASoC: amd: Add DMI quirk for ACP6X mic support
ASoC: amd: yc: update quirk data for new Lenovo model
platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig
wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues
wifi: ath11k: fix memory leak in ath11k_xxx_remove()
wifi: ath12k: fix memory leak in ath12k_pci_remove()
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
ata: libata-core: Add 'external' to the libata.force kernel parameter
scsi: mpi3mr: Avoid reply queue full condition
scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
net: page_pool: don't cast mp param to devmem
f2fs: don't retry IO for corrupted data scenario
wifi: mac80211: add strict mode disabling workarounds
wifi: mac80211: ensure sdata->work is canceled before initialized.
scsi: target: spc: Fix RSOC parameter data header size
net: usb: asix_devices: add FiberGecko DeviceID
page_pool: avoid infinite loop to schedule delayed worker
can: flexcan: Add quirk to handle separate interrupt lines for mailboxes
can: flexcan: add NXP S32G2/S32G3 SoC support
jfs: Fix uninit-value access of imap allocated in the diMount() function
fs/jfs: cast inactags to s64 to prevent potential overflow
fs/jfs: Prevent integer overflow in AG size calculation
jfs: Prevent copying of nlink with value 0 from disk inode
jfs: add sanity check for agwidth in dbMount
ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
net: sfp: add quirk for 2.5G OEM BX SFP
wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module
ahci: add PCI ID for Marvell 88SE9215 SATA Controller
ext4: protect ext4_release_dquot against freezing
Revert "f2fs: rebuild nat_bits during umount"
ext4: ignore xattrs past end
cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
scsi: st: Fix array overflow in st_setup()
ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI
btrfs: harden block_group::bg_list against list_del() races
wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
net: vlan: don't propagate flags on open
tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
Bluetooth: btintel_pcie: Add device id of Whale Peak
Bluetooth: hci_uart: fix race during initialization
Bluetooth: btusb: Add 2 HWIDs for MT7922
Bluetooth: hci_qca: use the power sequencer for wcn6750
Bluetooth: qca: simplify WCN399x NVM loading
Bluetooth: Add quirk for broken READ_VOICE_SETTING
Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE
drm: allow encoder mode_set even when connectors change for crtc
drm/xe/bmg: Add new PCI IDs
drm/xe/vf: Don't try to trigger a full GT reset if VF
drm/amd/display: Update Cursor request mode to the beginning prefetch always
drm/amdgpu: Unlocked unmap only clear page table leaves
drm: panel-orientation-quirks: Add support for AYANEO 2S
drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
drm: panel-orientation-quirks: Add new quirk for GPD Win 2
drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
drm/debugfs: fix printk format for bridge index
drm/bridge: panel: forbid initializing a panel with unknown connector type
drm/amd/display: stop DML2 from removing pipes based on planes
drivers: base: devres: Allow to release group on device release
drm/amdkfd: clamp queue size to minimum
drm/amdkfd: Fix mode1 reset crash issue
drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
drm/amdkfd: debugfs hang_hws skip GPU with MES
drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds
drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
PCI: Add Rockchip Vendor ID
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
PCI: Enable Configuration RRS SV early
drm/amdgpu: Fix the race condition for draining retry fault
PCI: Check BAR index for validity
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
drm/amdgpu: grab an additional reference on the gang fence v2
fbdev: omapfb: Add 'plane' value check
tracing: probe-events: Add comments about entry data storing code
ktest: Fix Test Failures Due to Missing LOG_FILE Directories
tpm, tpm_tis: Workaround failed command reception on Infineon devices
tpm: End any active auth session before shutdown
pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
pwm: rcar: Improve register calculation
pwm: fsl-ftm: Handle clk_get_rate() returning 0
erofs: set error to bio if file-backed IO fails
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
ext4: don't treat fhandle lookup of ea_inode as FS corruption
s390/pci: Fix s390_mmio_read/write syscall page fault handling
HID: pidff: Clamp PERIODIC effect period to device's logical range
HID: pidff: Stop all effects before enabling actuators
HID: pidff: Completely rework and fix pidff_reset function
HID: pidff: Simplify pidff_upload_effect function
HID: pidff: Define values used in pidff_find_special_fields
HID: pidff: Rescale time values to match field units
HID: pidff: Factor out code for setting gain
HID: pidff: Move all hid-pidff definitions to a dedicated header
HID: pidff: Simplify pidff_rescale_signed
HID: pidff: Use macros instead of hardcoded min/max values for shorts
HID: pidff: Factor out pool report fetch and remove excess declaration
HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
HID: hid-universal-pidff: Add Asetek wheelbases support
HID: pidff: Comment and code style update
HID: pidff: Support device error response from PID_BLOCK_LOAD
HID: pidff: Remove redundant call to pidff_find_special_keys
HID: pidff: Rename two functions to align them with naming convention
HID: pidff: Clamp effect playback LOOP_COUNT value
HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff
HID: pidff: Fix 90 degrees direction name North -> East
HID: pidff: Fix set_device_control()
auxdisplay: hd44780: Fix an API misuse in hd44780.c
dt-bindings: media: st,stmipid02: correct lane-polarities maxItems
media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
media: uapi: rkisp1-config: Fix typo in extensible params example
media: mgb4: Fix CMT registers update logic
media: i2c: adv748x: Fix test pattern selection mask
media: mgb4: Fix switched CMT frequency range "magic values" sets
media: intel/ipu6: set the dev_parent of video device to pdev
media: venus: hfi: add a check to handle OOB in sfr region
media: venus: hfi: add check to handle incorrect queue size
media: vim2m: print device name after registering device
media: siano: Fix error handling in smsdvb_module_init()
media: rockchip: rga: fix rga offset lookup
xenfs/xensyms: respect hypervisor's "next" indication
arm64: cputype: Add MIDR_CORTEX_A76AE
arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
KVM: arm64: Tear down vGIC on failed vCPU creation
spi: cadence-qspi: Fix probe on AM62A LP SK
mtd: rawnand: brcmnand: fix PM resume warning
tpm, tpm_tis: Fix timeout handling when waiting for TPM status
accel/ivpu: Fix PM related deadlocks in MS IOCTLs
media: streamzap: prevent processing IR data on URB failure
media: hi556: Fix memory leak (on error) in hi556_check_hwcfg()
media: visl: Fix ERANGE error when setting enum controls
media: platform: stm32: Add check for clk_enable()
media: imx219: Adjust PLL settings based on the number of MIPI lanes
media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
Revert "media: imx214: Fix the error handling in imx214_probe()"
media: i2c: ccs: Set the device's runtime PM status correctly in remove
media: i2c: ccs: Set the device's runtime PM status correctly in probe
media: i2c: ov7251: Set enable GPIO low in probe
media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
media: nuvoton: Fix reference handling of ece_node
media: nuvoton: Fix reference handling of ece_pdev
media: venus: hfi_parser: add check to avoid out of bound access
media: venus: hfi_parser: refactor hfi packet parsing logic
media: i2c: imx319: Rectify runtime PM handling probe and remove
media: i2c: imx219: Rectify runtime PM handling in probe and remove
media: i2c: imx214: Rectify probe error handling related to runtime PM
media: chips-media: wave5: Fix gray color on screen
media: chips-media: wave5: Avoid race condition in the interrupt handler
media: chips-media: wave5: Fix a hang after seeking
media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster
mptcp: sockopt: fix getting IPV6_V6ONLY
mptcp: sockopt: fix getting freebind & transparent
mtd: Add check for devm_kcalloc()
net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
mtd: Replace kcalloc() with devm_kcalloc()
clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
wifi: mt76: Add check for devm_kstrdup()
wifi: mac80211: fix integer overflow in hwmp_route_info_get()
wifi: mt76: mt7925: ensure wow pattern command align fw format
wifi: mt76: mt7925: fix country count limitation for CLC
wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present
wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO
io_uring/net: fix accept multishot handling
io_uring/net: fix io_req_post_cqe abuse by send bundle
io_uring/kbuf: reject zero sized provided buffers
ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()
ASoC: q6apm: add q6apm_get_hw_pointer helper
ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs
ASoC: q6apm-dai: make use of q6apm_get_hw_pointer
ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx
accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal()
accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
bus: mhi: host: Fix race between unprepare and queue_buf
ext4: fix off-by-one error in do_split
f2fs: fix to avoid atomicity corruption of atomic file
vdpa/mlx5: Fix oversized null mkey longer than 32bit
udf: Fix inode_getblk() return value
tpm: do not start chip while suspended
svcrdma: do not unregister device for listeners
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
smb311 client: fix missing tcon check when mounting with linux/posix extensions
ima: limit the number of open-writers integrity violations
ima: limit the number of ToMToU integrity violations
i3c: master: svc: Use readsb helper for reading MDB
i3c: Add NULL pointer check in i3c_master_queue_ibi()
jbd2: remove wrong sb->s_sequence check
kbuild: exclude .rodata.(cst|str)* when building ranges
leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs
mfd: ene-kb3930: Fix a potential NULL pointer dereference
mailbox: tegra-hsp: Define dimensioning masks in SoC data
locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
mptcp: fix NULL pointer in can_accept_new_subflow
mptcp: only inc MPJoinAckHMacFailure for HMAC failures
mtd: inftlcore: Add error check for inftl_read_oob()
mtd: rawnand: Add status chack in r852_ready()
arm64: mops: Do not dereference src reg for a set operation
arm64: tegra: Remove the Orin NX/Nano suspend key
arm64: mm: Correct the update of max_pfn
arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
arm64: dts: exynos: gs101: disable pinctrl_gsacore node
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
btrfs: tests: fix chunk map leak after failure to add it to the tree
btrfs: zoned: fix zone activation with missing devices
btrfs: zoned: fix zone finishing with missing devices
iommufd: Fix uninitialized rc in iommufd_access_rw()
iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()
iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled
iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes
iommu/vt-d: Fix possible circular locking dependency
iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs
sparc/mm: disable preemption in lazy mmu mode
sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
mm/damon/ops: have damon_get_folio return folio even for tail pages
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
mm: make page_mapped_in_vma() hugetlb walk aware
mm: fix lazy mmu docs and usage
mm/mremap: correctly handle partial mremap() of VMA starting at 0
mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
mm/userfaultfd: fix release hang over concurrent GUP
mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
mm/hugetlb: move hugetlb_sysctl_init() to the __init section
mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper
sctp: detect and prevent references to a freed transport in sendmsg
x86/xen: fix balloon target initialization for PVH dom0
tracing: fprobe events: Fix possible UAF on modules
tracing: Do not add length to print format in synthetic events
thermal/drivers/rockchip: Add missing rk3328 mapping entry
CIFS: Propagate min offload along with other parameters from primary to secondary channels.
cifs: avoid NULL pointer dereference in dbg call
cifs: fix integer overflow in match_server()
cifs: Ensure that all non-client-specific reparse points are processed by the server
clk: renesas: r9a07g043: Fix HP clock source for RZ/Five
clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks
clk: qcom: gdsc: Release pm subdomains in reverse add order
clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
crypto: ccp - Fix check for the primary ASP device
crypto: ccp - Fix uAPI definitions of PSP errors
dlm: fix error if inactive rsb is not hashed
dlm: fix error if active rsb is not hashed
dm-ebs: fix prefetch-vs-suspend race
dm-integrity: set ti->error on memory allocation failure
dm-integrity: fix non-constant-time tag verification
dm-verity: fix prefetch-vs-suspend race
dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'
dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg'
ftrace: Add cond_resched() to ftrace_graph_set_hash()
ftrace: Properly merge notrace hashes
gpio: tegra186: fix resource handling in ACPI probe path
gpio: zynq: Fix wakeup source leaks on device unbind
gve: handle overflow when reporting TX consumed descriptors
KVM: Allow building irqbypass.ko as as module when kvm.ko is a module
KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests
KVM: x86: Explicitly zero-initialize on-stack CPUID unions
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
landlock: Move code to ease future backports
landlock: Add the errata interface
landlock: Add erratum for TCP fix
landlock: Always allow signals between threads of the same process
landlock: Prepare to add second errata
selftests/landlock: Split signal_scoping_threads tests
selftests/landlock: Add a new test for setuid()
misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
net: mana: Switch to page pool for jumbo frames
ntb: use 64-bit arithmetic for the MSI doorbell mask
of/irq: Fix device node refcount leakage in API of_irq_parse_one()
of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
of/irq: Fix device node refcount leakages in of_irq_count()
of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
of/irq: Fix device node refcount leakages in of_irq_init()
PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4
PCI: pciehp: Avoid unnecessary device replacement check
PCI: Fix reference leak in pci_alloc_child_bus()
PCI: Fix reference leak in pci_register_host_bridge()
PCI: Fix wrong length of devres array
phy: freescale: imx8m-pcie: assert phy reset and perst in power off
pinctrl: qcom: Clear latched interrupt status when changing IRQ type
pinctrl: samsung: add support for eint_fltcon_offset
ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio()
s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs
s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues
s390: Fix linker error when -no-pie option is unavailable
sched_ext: create_dsq: Return -EEXIST on duplicate request
selftests: mptcp: close fd_in before returning in main_loop
selftests: mptcp: fix incorrect fd checks in main_loop
thermal/drivers/mediatek/lvts: Disable monitor mode during suspend
thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
iommufd: Make attach_handle generic than fault specific
iommufd: Fail replace if device has not been attached
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
NFSD: fix decoding in nfs4_xdr_dec_cb_getattr
NFSD: Fix CB_GETATTR status fix
nfsd: don't ignore the return code of svc_proc_register()
x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
libbpf: Prevent compiler warnings/errors
kbuild: Add '-fno-builtin-wcslen'
media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline
Bluetooth: hci_uart: Fix another race during initialization
s390/cpumf: Fix double free on error in cpumf_pmu_event_init()
HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
Linux 6.12.24
Change-Id: I272e8aac67399f2eb57ca25e05cded24172d2d76
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f5178c41bb43444a6008150fe6094497135d07cb upstream.
syzbot reported this bug:
==================================================================
BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]
BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822
Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260
CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xc3/0x670 mm/kasan/report.c:521
kasan_report+0xe0/0x110 mm/kasan/report.c:634
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
__asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106
trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]
tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822
....
==================================================================
It has been reported that trace_seq_to_buffer() tries to copy more data
than PAGE_SIZE to buf. Therefore, to prevent this, we should use the
smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.
Link: https://lore.kernel.org/20250422113026.13308-1-aha310510@gmail.com
Reported-by: syzbot+c8cd2d2c412b868263fb@syzkaller.appspotmail.com
Fixes: 3c56819b14 ("tracing: splice support for tracing_pipe")
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4580f4e0ebdf8dc8d506ae926b88510395a0c1d1 ]
Fix the following deadlock:
CPU A
_free_event()
perf_kprobe_destroy()
mutex_lock(&event_mutex)
perf_trace_event_unreg()
synchronize_rcu_tasks_trace()
There are several paths where _free_event() grabs event_mutex
and calls sync_rcu_tasks_trace. Above is one such case.
CPU B
bpf_prog_test_run_syscall()
rcu_read_lock_trace()
bpf_prog_run_pin_on_cpu()
bpf_prog_load()
bpf_tracing_func_proto()
trace_set_clr_event()
mutex_lock(&event_mutex)
Delegate trace_set_clr_event() to workqueue to avoid
such lock dependency.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20250224221637.4780-1-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ea8d7647f9ddf1f81e2027ed305299797299aa03 ]
The trace event verifier checks the formats of trace events to make sure
that they do not point at memory that is not in the trace event itself or
in data that will never be freed. If an event references data that was
allocated when the event triggered and that same data is freed before the
event is read, then the kernel can crash by reading freed memory.
The verifier runs at boot up (or module load) and scans the print formats
of the events and checks their arguments to make sure that dereferenced
pointers are safe. If the format uses "%*p.." the verifier will ignore it,
and that could be dangerous. Cover this case as well.
Also add to the sample code a use case of "%*pbl".
Link: https://lore.kernel.org/all/bcba4d76-2c3f-4d11-baf0-02905db953dd@oracle.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes: 5013f454a3 ("tracing: Add check of trace event print fmts for dereferencing pointers")
Link: https://lore.kernel.org/20250327195311.2d89ec66@gandalf.local.home
Reported-by: Libo Chen <libo.chen@oracle.com>
Reviewed-by: Libo Chen <libo.chen@oracle.com>
Tested-by: Libo Chen <libo.chen@oracle.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 77 out of 426 changes, affecting 93 files +851/-461
40426fc097 cpufreq: scpi: compare kHz instead of Hz [1 file, +3/-2]
7b1d2454d0 sched: Cancel the slice protection of the idle entity [1 file, +33/-13]
b576c4834d sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks [1 file, +4/-0]
f381c92ab4 cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() [1 file, +23/-22]
4d28c2ab2a lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock [1 file, +0/-2]
31d5665172 PM: sleep: Adjust check before setting power.must_resume [3 files, +9/-8]
864750968d watchdog/hardlockup/perf: Fix perf_event memory leak [4 files, +1/-61]
c3a4c91a40 PM: sleep: Fix handling devices with direct_complete set on errors [1 file, +4/-4]
345957c1cf lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() [1 file, +4/-4]
5108828fec perf/ring_buffer: Allow the EPOLLRDNORM flag for poll [1 file, +1/-1]
15291b561d ALSA: timer: Don't take register_mutex with copy_from/to_user() [1 file, +77/-70]
254f771c70 PCI: Use downstream bridges for distributing resources [1 file, +1/-2]
372e387c4f PCI: Remove add_align overwrite unrelated to size0 [1 file, +0/-1]
f556b6ba0a PCI/ASPM: Fix link state exit during switch upstream function removal [1 file, +9/-8]
8ba27aa512 PCI/ACS: Fix 'pci=config_acs=' parameter [1 file, +13/-5]
2a54a1a9c6 PCI/portdrv: Only disable pciehp interrupts early when needed [1 file, +5/-3]
bcb4842004 PCI: Avoid reset when disabled via sysfs [1 file, +4/-0]
362b5879a7 PCI: Remove stray put_device() in pci_register_host_bridge() [1 file, +2/-3]
b004cf517d PCI: dwc: ep: Return -ENOMEM for allocation failures [1 file, +1/-0]
e23dfb926f PCI: Fix BAR resizing when VF BARs are assigned [1 file, +2/-2]
057298d193 crypto: bpf - Add MODULE_DESCRIPTION for skcipher [1 file, +1/-0]
2df19f5f6f remoteproc: core: Clear table_sz when rproc_shutdown [1 file, +1/-0]
bfcca46f01 of: property: Increase NR_FWNODE_REFERENCE_ARGS [1 file, +1/-1]
8ed5381756 bpf: Use preempt_count() directly in bpf_send_signal_common() [1 file, +1/-1]
6d4e56e4c5 crypto: api - Fix larval relookup type and mask [1 file, +7/-10]
8ba426f170 rust: fix signature of rust_fmt_argument [2 files, +4/-5]
19e6817f84 bpf: Fix array bounds error with may_goto [2 files, +22/-4]
c2ddf2f576 leds: Fix LED_OFF brightness race [1 file, +18/-4]
8109f57613 usb: xhci: correct debug message page size calculation [1 file, +3/-3]
c42282a078 kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page() [1 file, +12/-1]
5b2b692804 tty: n_tty: use uint for space returned by tty_write_room() [1 file, +7/-6]
aba9189992 fs/procfs: fix the comment above proc_pid_wchan() [1 file, +1/-1]
456300be23 thermal: core: Remove duplicate struct declaration [1 file, +0/-2]
6a14075325 exfat: fix the infinite loop in exfat_find_last_cluster() [1 file, +1/-1]
4a9595eb02 exfat: fix missing shutdown check [1 file, +27/-2]
28b21ee8e8 rtnetlink: Allocate vfinfo size for VF GUIDs when supported [1 file, +3/-0]
2a6f8823ff ring-buffer: Fix bytes_dropped calculation issue [1 file, +2/-2]
8e49f912ae sched/smt: Always inline sched_smt_active() [1 file, +1/-1]
00911b416a context_tracking: Always inline ct_{nmi,irq}_{enter,exit}() [1 file, +4/-4]
d80168db5e rcu-tasks: Always inline rcu_irq_work_resched() [1 file, +1/-1]
63bd235de2 nvme-pci: clean up CMBMSC when registering CMB fails [1 file, +1/-0]
5eb8c8fee7 nvme-pci: skip CMB blocks incompatible with PCI P2P DMA [1 file, +12/-8]
7364420090 perf/core: Fix perf_pmu_register() vs. perf_init_event() [1 file, +26/-2]
9207575878 exfat: add a check for invalid data size [1 file, +5/-0]
ddf40162ac locking/semaphore: Use wake_q to wake up processes outside lock critical section [1 file, +9/-4]
3e6ce0d9ec nvme-pci: fix stuck reset on concurrent DPC and HP [1 file, +12/-1]
93c59b5548 net: devmem: do not WARN conditionally after netdev_rx_queue_restart() [1 file, +3/-1]
d840c84cdd can: statistics: use atomic access in hot path [3 files, +39/-31]
7a95b48873 netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int [1 file, +3/-3]
7e3497d7da ublk: make sure ubq->canceling is set when queue is frozen [1 file, +29/-10]
a3800b64f8 nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer [1 file, +1/-1]
94d5ad7b41 udp: Fix multiple wraparounds of sk->sk_rmem_alloc. [1 file, +17/-9]
a116b271bf udp: Fix memory accounting leak. [1 file, +7/-9]
47744d0d5f vsock: avoid timeout during connect() if the socket is closing [1 file, +5/-1]
9539c1721a tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu(). [2 files, +1/-7]
92a5c18513 net: decrease cached dst counters in dst_release [1 file, +8/-0]
de579015d1 ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS [1 file, +25/-12]
2952776c69 net: fix geneve_opt length integer overflow [4 files, +4/-4]
1eb36a2cdf ipv6: Start path selection from the first nexthop [1 file, +35/-3]
f4fea25f5c ipv6: Do not consider link down nexthops in path selection [1 file, +4/-2]
e9c9288072 perf/core: Fix child_total_time_enabled accounting bug at task exit [1 file, +9/-9]
387dc88c2c tracing: Switch trace_events_hist.c code over to use guard() [1 file, +10/-22]
fe87f8d3a5 tracing/hist: Add poll(POLLIN) support on hist file [3 files, +95/-3]
eecb62a24b tracing/hist: Support POLLPRI event for poll on histogram [1 file, +26/-3]
ef79f2dec7 tracing: Correct the refcount if the hist/hist_debug file fails to open [1 file, +18/-6]
39bc1484eb cgroup/rstat: Tracking cgroup-level niced CPU time [2 files, +15/-5]
3501677651 cgroup/rstat: Fix forceidle time in cpu.stat [1 file, +13/-16]
d689645cd1 usbnet:fix NPE during rx_complete [1 file, +3/-3]
49b0a6ab8e exfat: fix random stack corruption after get_block [1 file, +33/-6]
37c9875c17 exfat: fix potential wrong error return from get_block [1 file, +2/-0]
cffc2a6718 tracing: Ensure module defining synth event cannot be unloaded while tracing [1 file, +29/-1]
33052e7f52 tracing: Fix synth event printk format for str fields [1 file, +1/-1]
2e877ff349 mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs [1 file, +3/-0]
13d6f8ba50 ext4: don't over-report free space or inodes in statvfs [1 file, +17/-10]
b47584c556 ext4: fix OOB read when checking dotdot dir [1 file, +3/-0]
e2d8e7bd33 exec: fix the racy usage of fs_struct->in_exec [1 file, +9/-6]
625e9b91eb tracing: Do not use PERF enums when perf is not defined [1 file, +6/-2]
Changes in 6.12.23
watch_queue: fix pipe accounting mismatch
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
cpufreq: scpi: compare kHz instead of Hz
smack: dont compile ipv6 code unless ipv6 is configured
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
sched: Cancel the slice protection of the idle entity
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
x86/fpu: Fix guest FPU state buffer allocation size
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
x86/platform: Only allow CONFIG_EISA for 32-bit
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
PM: sleep: Adjust check before setting power.must_resume
cpufreq: tegra194: Allow building for Tegra234
RISC-V: KVM: Disable the kernel perf counter during configure
kunit/stackinit: Use fill byte different from Clang i386 pattern
watchdog/hardlockup/perf: Fix perf_event memory leak
selinux: Chain up tool resolving errors in install_policy.sh
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
thermal: int340x: Add NULL check for adev
PM: sleep: Fix handling devices with direct_complete set on errors
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
x86/traps: Make exc_double_fault() consistently noreturn
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
x86/entry: Add __init to ia32_emulation_override_cmdline()
regulator: pca9450: Fix enable register for LDO5
auxdisplay: MAX6959 should select BITREVERSE
media: verisilicon: HEVC: Initialize start_bit field
media: platform: allgro-dvt: unregister v4l2_device on the error path
auxdisplay: panel: Fix an API misuse in panel.c
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
platform/x86: dell-ddv: Fix temperature calculation
ASoC: cs35l41: check the return value from spi_setup()
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
dt-bindings: vendor-prefixes: add GOcontroll
ALSA: hda/realtek: Always honor no_shutup_pins
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
ALSA: timer: Don't take register_mutex with copy_from/to_user()
drm/bridge: ti-sn65dsi86: Fix multiple instances
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
drm/ssd130x: fix ssd132x encoding
drm/ssd130x: ensure ssd132x pitch is correct
drm/dp_mst: Fix drm RAD print
drm/bridge: it6505: fix HDCP V match check is not performed correctly
drm: xlnx: zynqmp: Fix max dma segment size
drm/vkms: Fix use after free and double free on init error
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
drm/amdgpu: refine smu send msg debug log format
drm/amdgpu/umsch: fix ucode check
PCI: Use downstream bridges for distributing resources
PCI: Remove add_align overwrite unrelated to size0
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
PCI/ASPM: Fix link state exit during switch upstream function removal
drm/panel: ilitek-ili9882t: fix GPIO name in error message
PCI/ACS: Fix 'pci=config_acs=' parameter
drm/amd/display: fix an indent issue in DML21
drm/msm/dpu: don't use active in atomic_check()
drm/msm/dsi/phy: Program clock inverters in correct register
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
PCI: brcmstb: Set generation limit before PCIe link up
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
PCI/portdrv: Only disable pciehp interrupts early when needed
PCI: Avoid reset when disabled via sysfs
drm/panthor: Update CS_STATUS_ defines to correct values
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
PCI: Remove stray put_device() in pci_register_host_bridge()
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
drm/mediatek: Fix config_updating flag never false when no mbox channel
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
drm/amd/display: avoid NPD when ASIC does not support DMUB
PCI: dwc: ep: Return -ENOMEM for allocation failures
PCI: histb: Fix an error handling path in histb_pcie_probe()
PCI: Fix BAR resizing when VF BARs are assigned
PCI: pciehp: Don't enable HPIE when resuming in poll mode
fbdev: au1100fb: Move a variable assignment behind a null pointer check
dummycon: fix default rows/cols
mdacon: rework dependency list
fbdev: sm501fb: Add some geometry checks.
crypto: iaa - Test the correct request flag
crypto: qat - set parity error mask for qat_420xx
crypto: tegra - Use separate buffer for setkey
crypto: tegra - check return value for hash do_one_req
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
crypto: tegra - Use HMAC fallback when keyslots are full
clk: amlogic: gxbb: drop incorrect flag on 32k clock
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
RDMA/mlx5: Fix page_size variable overflow
remoteproc: core: Clear table_sz when rproc_shutdown
of: property: Increase NR_FWNODE_REFERENCE_ARGS
pinctrl: renesas: rzg2l: Suppress binding attributes
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
selftests/bpf: Fix string read in strncmp benchmark
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
clk: samsung: Fix UBSAN panic in samsung_clk_init()
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
crypto: tegra - Fix CMAC intermediate result handling
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
s390: Remove ioremap_wt() and pgprot_writethrough()
RDMA/mana_ib: Ensure variable err is initialized
crypto: tegra - Set IV to NULL explicitly for AES ECB
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
bpf: Use preempt_count() directly in bpf_send_signal_common()
lib: 842: Improve error handling in sw842_compress()
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
RDMA/mlx5: Fix MR cache initialization error flow
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
RDMA/core: Don't expose hw_counters outside of init net namespace
RDMA/mlx5: Fix calculation of total invalidated pages
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
power: supply: bq27xxx_battery: do not update cached flags prematurely
crypto: api - Fix larval relookup type and mask
IB/mad: Check available slots before posting receive WRs
pinctrl: tegra: Set SFIO mode to Mux Register
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
selftests/bpf: Select NUMA_NO_NODE to create map
rust: fix signature of rust_fmt_argument
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
crypto: qat - remove access to parity register for QAT GEN4
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
clk: amlogic: g12a: fix mmc A peripheral clock
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
power: supply: max77693: Fix wrong conversion of charge input threshold value
crypto: nx - Fix uninitialised hv_nxc on error
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
bpf: Fix array bounds error with may_goto
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
mfd: sm501: Switch to BIT() to mitigate integer overflows
leds: Fix LED_OFF brightness race
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
RDMA/core: Fix use-after-free when rename device name
crypto: hisilicon/sec2 - fix for aead auth key length
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
perf stat: Fix find_stat for mixed legacy/non-legacy events
perf: Always feature test reallocarray
w1: fix NULL pointer dereference in probe
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
soundwire: slave: fix an OF node reference leak in soundwire slave device
perf report: Switch data file correctly in TUI
greybus: gb-beagleplay: Add error handling for gb_greybus_init
coresight: catu: Fix number of pages while using 64k pages
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
coresight-etm4x: add isb() before reading the TRCSTATR
perf pmu: Don't double count common sysfs and json events
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
perf build: Fix in-tree build due to symbolic link
ucsi_ccg: Don't show failed to get FW build information error
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
iio: backend: make sure to NULL terminate stack buffer
perf arm-spe: Fix load-store operation checking
perf bench: Fix perf bench syscall loop count
usb: xhci: correct debug message page size calculation
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
dmaengine: fsl-edma: free irq correctly in remove path
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
iio: adc: ad7173: Fix comparison of channel configs
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
iio: light: Add check for array bounds in veml6075_read_int_time_ms
perf debug: Avoid stack overflow in recursive error message
perf evlist: Add success path to evlist__create_syswide_maps
perf units: Fix insufficient array space
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
kexec: initialize ELF lowest address to ULONG_MAX
ocfs2: validate l_tree_depth to avoid out-of-bounds access
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
NFS: fix open_owner_id_maxsz and related fields.
fuse: fix dax truncate/punch_hole fault path
selftests/mm/cow: fix the incorrect error handling
um: Pass the correct Rust target and options with gcc
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
i3c: master: svc: Fix missing the IBI rules
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
perf dso: fix dso__is_kallsyms() check
perf: intel-tpebs: Fix incorrect usage of zfree()
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
staging: vchiq_arm: Register debugfs after cdev
staging: vchiq_arm: Fix possible NPR of keep-alive thread
tty: n_tty: use uint for space returned by tty_write_room()
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
fs/procfs: fix the comment above proc_pid_wchan()
perf tools: annotate asm_pure_loop.S
perf bpf-filter: Fix a parsing error with comma
thermal: core: Remove duplicate struct declaration
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
NFS: Shut down the nfs_client only after all the superblocks
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
exfat: fix the infinite loop in exfat_find_last_cluster()
exfat: fix missing shutdown check
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
rndis_host: Flag RNDIS modems as WWAN devices
ksmbd: use aead_request_free to match aead_request_alloc
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
net/mlx5e: SHAMPO, Make reserved size independent of page size
ring-buffer: Fix bytes_dropped calculation issue
objtool: Fix segfault in ignore_unreachable_insn()
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
LoongArch: Rework the arch_kgdb_breakpoint() implementation
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
net: phy: broadcom: Correct BCM5221 PHY model detection
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
objtool/loongarch: Add unwind hints in prepare_frametrace()
nfs: Add missing release on error in nfs_lock_and_join_requests()
wifi: mac80211: Cleanup sta TXQs on flush
wifi: mac80211: remove debugfs dir for virtual monitor
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: iwlwifi: mvm: use the right version of the rate API
nvme-tcp: fix possible UAF in nvme_tcp_poll
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
wifi: brcmfmac: keep power during suspend if board requires it
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
ALSA: hda/realtek: Fix Asus Z13 2025 audio
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
perf/core: Fix perf_pmu_register() vs. perf_init_event()
smb: common: change the data type of num_aces to le16
cifs: fix incorrect validation for num_aces field of smb_acl
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
platform/x86/intel/vsec: Add Diamond Rapids support
net: dsa: rtl8366rb: don't prompt users for LED control
HID: i2c-hid: improve i2c_hid_get_report error message
platform/x86/amd/pmf: Propagate PMF-TA return codes
platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA
exfat: add a check for invalid data size
ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
sched/deadline: Use online cpus for validating runtime
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius
ASoC: rt1320: set wake_capable = 0 explicitly
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
wifi: mac80211: fix SA Query processing in MLO
locking/semaphore: Use wake_q to wake up processes outside lock critical section
x86/hyperv: Fix output argument to hypercall that changes page visibility
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
nvme-pci: fix stuck reset on concurrent DPC and HP
drm/amd: Keep display off while going into S4
net: devmem: do not WARN conditionally after netdev_rx_queue_restart()
selftests: netfilter: skip br_netfilter queue tests if kernel is tainted
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
can: statistics: use atomic access in hot path
memory: omap-gpmc: drop no compatible check
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
fs/9p: fix NULL pointer dereference on mkdir
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
ntb: intel: Fix using link status DB's
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
RISC-V: errata: Use medany for relocatable builds
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
ublk: make sure ubq->canceling is set when queue is frozen
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
riscv/purgatory: 4B align purgatory_start
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
ASoC: imx-card: Add NULL check in imx_card_probe()
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
e1000e: change k1 configuration on MTP and later platforms
idpf: fix adapter NULL pointer dereference on reboot
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
netfilter: nf_tables: don't unregister hook when table is dormant
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
net_sched: skbprio: Remove overly strict queue assertions
sctp: add mutual exclusion in proc_sctp_do_udp_port()
net: mvpp2: Prevent parser TCAM memory corruption
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
udp: Fix memory accounting leak.
vsock: avoid timeout during connect() if the socket is closing
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
net: decrease cached dst counters in dst_release
netfilter: nft_tunnel: fix geneve_opt type confusion addition
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
net: fix geneve_opt length integer overflow
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
arcnet: Add NULL check in com20020pci_probe()
net: ibmveth: make veth_pool_store stop hanging
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
drm/amdgpu/gfx11: fix num_mec
drm/amdgpu/gfx12: fix num_mec
perf/core: Fix child_total_time_enabled accounting bug at task exit
tools/power turbostat: report CoreThr per measurement interval
tracing: Switch trace_events_hist.c code over to use guard()
tracing/hist: Add poll(POLLIN) support on hist file
tracing/hist: Support POLLPRI event for poll on histogram
tracing: Correct the refcount if the hist/hist_debug file fails to open
cgroup/rstat: Tracking cgroup-level niced CPU time
cgroup/rstat: Fix forceidle time in cpu.stat
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
tty: serial: fsl_lpuart: use port struct directly to simply code
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
wifi: mac80211: Fix sparse warning for monitor_sdata
usbnet:fix NPE during rx_complete
rust: Fix enabling Rust and building with GCC for LoongArch
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: Increase MAX_IO_PICS up to 8
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
x86/hyperv: Fix check of return value from snp_set_vmsa()
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
x86/mce: use is_copy_from_user() to determine copy-from-user context
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
platform/x86: ISST: Correct command storage data length
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
perf/x86/intel: Apply static call for drain_pebs
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
uprobes/x86: Harden uretprobe syscall trampoline check
idpf: Don't hard code napi_struct size
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
wifi: mt76: mt7925: remove unused acpi function for clc
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
media: omap3isp: Handle ARM dma_iommu_mapping
Remove unnecessary firmware version check for gc v9_4_2
mmc: omap: Fix memory leak in mmc_omap_new_slot
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
ksmbd: add bounds check for durable handle context
ksmbd: add bounds check for create lease context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: fix overflow in dacloffset bounds check
ksmbd: validate zero num_subauth before sub_auth is accessed
ksmbd: fix null pointer dereference in alloc_preauth_hash()
exfat: fix random stack corruption after get_block
exfat: fix potential wrong error return from get_block
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
arm64: Don't call NULL in do_compat_alignment_fixup()
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
ext4: don't over-report free space or inodes in statvfs
ext4: fix OOB read when checking dotdot dir
jfs: fix slab-out-of-bounds read in ea_get()
jfs: add index corruption check to DT_GETPAGE()
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
exec: fix the racy usage of fs_struct->in_exec
media: vimc: skip .s_stream() for stopped entities
media: streamzap: fix race between device disconnection and urb callback
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
nfsd: put dl_stid if fail to queue dl_recall
nfsd: fix management of listener transports
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
tracing: Do not use PERF enums when perf is not defined
platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
Linux 6.12.23
Change-Id: I007dc80a847f3232a2d12c056a74d16d2ab92b29
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Steps on the way to 6.12.23
Resolves merge conflicts in:
net/ipv4/udp.c
Change-Id: Ida343c74a69a3f4c3f358486ef6339b55a5e6afe
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 42ea22e754ba4f2b86f8760ca27f6f71da2d982c upstream.
When the kernel contains a large number of functions that can be traced,
the loop in ftrace_graph_set_hash() may take a lot of time to execute.
This may trigger the softlockup watchdog.
Add cond_resched() within the loop to allow the kernel to remain
responsive even when processing a large number of functions.
This matches the cond_resched() that is used in other locations of the
code that iterates over all functions that can be traced.
Cc: stable@vger.kernel.org
Fixes: b9b0c831be ("ftrace: Convert graph filter to use hash tables")
Link: https://lore.kernel.org/tencent_3E06CE338692017B5809534B9C5C03DA7705@qq.com
Signed-off-by: zhoumin <teczm@foxmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e1a453a57bc76be678bd746f84e3d73f378a9511 upstream.
The following causes a vsnprintf fault:
# echo 's:wake_lat char[] wakee; u64 delta;' >> /sys/kernel/tracing/dynamic_events
# echo 'hist:keys=pid:ts=common_timestamp.usecs if !(common_flags & 0x18)' > /sys/kernel/tracing/events/sched/sched_waking/trigger
# echo 'hist:keys=next_pid:delta=common_timestamp.usecs-$ts:onmatch(sched.sched_waking).trace(wake_lat,next_comm,$delta)' > /sys/kernel/tracing/events/sched/sched_switch/trigger
Because the synthetic event's "wakee" field is created as a dynamic string
(even though the string copied is not). The print format to print the
dynamic string changed from "%*s" to "%s" because another location
(__set_synth_event_print_fmt()) exported this to user space, and user
space did not need that. But it is still used in print_synth_event(), and
the output looks like:
<idle>-0 [001] d..5. 193.428167: wake_lat: wakee=(efault)sshd-sessiondelta=155
sshd-session-879 [001] d..5. 193.811080: wake_lat: wakee=(efault)kworker/u34:5delta=58
<idle>-0 [002] d..5. 193.811198: wake_lat: wakee=(efault)bashdelta=91
bash-880 [002] d..5. 193.811371: wake_lat: wakee=(efault)kworker/u35:2delta=21
<idle>-0 [001] d..5. 193.811516: wake_lat: wakee=(efault)sshd-sessiondelta=129
sshd-session-879 [001] d..5. 193.967576: wake_lat: wakee=(efault)kworker/u34:5delta=50
The length isn't needed as the string is always nul terminated. Just print
the string and not add the length (which was hard coded to the max string
length anyway).
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: Douglas Raillard <douglas.raillard@arm.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Link: https://lore.kernel.org/20250407154139.69955768@gandalf.local.home
Fixes: 4d38328eb442d ("tracing: Fix synth event printk format for str fields");
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dd941507a9486252d6fcf11814387666792020f3 upstream.
Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module
refcount") moved try_module_get() from __find_tracepoint_module_cb()
to find_tracepoint() caller, but that introduced a possible UAF
because the module can be unloaded before try_module_get(). In this
case, the module object should be freed too. Thus, try_module_get()
does not only fail but may access to the freed object.
To avoid that, try_module_get() in __find_tracepoint_module_cb()
again.
Link: https://lore.kernel.org/all/174342990779.781946.9138388479067729366.stgit@devnote2/
Fixes: ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of module refcount")
Cc: stable@vger.kernel.org
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 0c588ac0ca6c22b774d9ad4a6594681fdfa57d9d ]
When __ftrace_event_enable_disable invokes the class callback to
unregister the event, the return value is not reported up to the
caller, hence leading to event unregister failures being silently
ignored.
This patch assigns the ret variable to the invocation of the
event unregister callback, so that its return value is stored
and reported to the caller, and it raises a warning in case
of error.
Link: https://lore.kernel.org/20250321170821.101403-1-gpaoloni@redhat.com
Signed-off-by: Gabriele Paoloni <gpaoloni@redhat.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 48 out of 271 changes, affecting 92 files +576/-223
5b414ed3bb Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" [1 file, +2/-2]
48a934fc47 Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone" [1 file, +1/-2]
88310caff6 Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() [1 file, +2/-0]
7841180342 Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() [1 file, +3/-0]
2d448dbd47 userfaultfd: do not block on locking a large folio with raised refcount [1 file, +16/-1]
f57e89c1cb block: fix conversion of GPT partition name to 7-bit [1 file, +1/-1]
9426f38372 mm/page_alloc: fix uninitialized variable [1 file, +1/-0]
79636d2981 mm: abort vma_modify() on merge out of memory failure [1 file, +8/-4]
605f53f13b mm: don't skip arch_sync_kernel_mappings() in error paths [2 files, +6/-4]
9ed33c7bac mm: fix finish_fault() handling for large folios [1 file, +10/-5]
576a2f4c43 hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio [1 file, +4/-1]
2e66d69941 mm: memory-hotplug: check folio ref count first in do_migrate_range [1 file, +7/-13]
3c63fb6ef7 nvme-pci: use sgls for all user requests if possible [2 files, +13/-4]
9dedafd86e nvme-ioctl: fix leaked requests on mapping error [1 file, +8/-4]
084819b0d8 net: gso: fix ownership in __udp_gso_segment [1 file, +6/-2]
1688acf477 perf/core: Fix pmus_lock vs. pmus_srcu ordering [1 file, +2/-2]
a899adf706 HID: hid-steam: Fix use-after-free when detaching device [1 file, +1/-1]
8aa8a40c76 ppp: Fix KMSAN uninit-value warning with bpf [1 file, +19/-9]
b71cd95764 ethtool: linkstate: migrate linkstate functions to support multi-PHY setups [1 file, +15/-8]
9c1d09cdbc net: ethtool: plumb PHY stats to PHY drivers [7 files, +167/-2]
639c703529 net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device [9 files, +19/-18]
30e8aee778 vlan: enforce underlying device type [1 file, +2/-1]
5d609f0d2f exfat: fix just enough dentries but allocate a new cluster to dir [1 file, +1/-1]
c897b8ec46 exfat: fix soft lockup in exfat_clear_bitmap [3 files, +16/-7]
611015122d exfat: short-circuit zero-byte writes in exfat_file_write_iter [1 file, +1/-1]
2b484789e9 net-timestamp: support TCP GSO case for a few missing flags [1 file, +7/-4]
b08e290324 ublk: set_params: properly check if parameters can be applied [1 file, +5/-2]
b5741e4b9e sched/fair: Fix potential memory corruption in child_cfs_rq_on_list [1 file, +4/-2]
39c2b2767e xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts [1 file, +8/-0]
4ea3319f3e usb: hub: lack of clearing xHC resources [1 file, +33/-0]
0cab185c73 usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader [1 file, +4/-0]
079a3e52f3 usb: typec: ucsi: Fix NULL pointer access [1 file, +7/-6]
840afbea3f usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails [1 file, +2/-2]
ced69d88eb usb: dwc3: Set SUSPENDENABLE soon after phy init [3 files, +45/-30]
35db1f1829 usb: dwc3: gadget: Prevent irq storm when TH re-executes [2 files, +13/-13]
b387312527 usb: typec: ucsi: increase timeout for PPM reset operations [1 file, +1/-1]
4bf6c57a89 usb: gadget: Set self-powered based on MaxPower and bmAttributes [1 file, +11/-5]
dcd7ffdefb usb: gadget: Fix setting self-powered state on suspend [1 file, +2/-1]
395011ee82 usb: gadget: Check bmAttributes only if configuration is valid [1 file, +1/-1]
012b98cdb5 acpi: typec: ucsi: Introduce a ->poll_cci method [7 files, +25/-12]
d7015bb3c5 xhci: pci: Fix indentation in the PCI device ID definitions [1 file, +4/-4]
ea39f99864 usb: xhci: Enable the TRB overfetch quirk on VIA VL805 [3 files, +10/-5]
4e8df56636 char: misc: deallocate static minor in error path [1 file, +1/-1]
b50e18791f drivers: core: fix device leak in __fw_devlink_relax_cycles() [1 file, +1/-0]
a684bad77e mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() [16 files, +46/-28]
6ad9643aa5 fs/netfs/read_pgpriv2: skip folio queues without `marks3` [1 file, +3/-2]
5bc6e5b10f fs/netfs/read_collect: fix crash due to uninitialized `prev` variable [1 file, +11/-10]
86b7ebddab uprobes: Fix race in uprobe_free_utask [1 file, +1/-1]
Changes in 6.12.19
x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
rust: block: fix formatting in GenDisk doc
drm/i915/dsi: convert to struct intel_display
drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro
gpio: vf610: use generic device_get_match_data()
gpio: vf610: add locking to gpio direction functions
cifs: Remove symlink member from cifs_open_info_data union
smb311: failure to open files of length 1040 when mounting with SMB3.1.1 POSIX extensions
btrfs: fix data overwriting bug during buffered write when block size < page size
x86/microcode/AMD: Add some forgotten models to the SHA check
loongarch: Use ASM_REACHABLE
rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]`
rust: sort global Rust flags
rust: types: avoid repetition in `{As,From}Bytes` impls
rust: enable `clippy::undocumented_unsafe_blocks` lint
rust: enable `clippy::unnecessary_safety_comment` lint
rust: enable `clippy::unnecessary_safety_doc` lint
rust: enable `clippy::ignored_unit_patterns` lint
rust: enable `rustdoc::unescaped_backticks` lint
rust: init: remove unneeded `#[allow(clippy::disallowed_names)]`
rust: sync: remove unneeded `#[allow(clippy::non_send_fields_in_send_ty)]`
rust: introduce `.clippy.toml`
rust: replace `clippy::dbg_macro` with `disallowed_macros`
rust: provide proper code documentation titles
rust: enable Clippy's `check-private-items`
Documentation: rust: add coding guidelines on lints
rust: start using the `#[expect(...)]` attribute
Documentation: rust: discuss `#[expect(...)]` in the guidelines
rust: error: make conversion functions public
rust: error: optimize error type to use nonzero
rust: alloc: add `Allocator` trait
rust: alloc: separate `aligned_size` from `krealloc_aligned`
rust: alloc: rename `KernelAllocator` to `Kmalloc`
rust: alloc: implement `ReallocFunc`
rust: alloc: make `allocator` module public
rust: alloc: implement `Allocator` for `Kmalloc`
rust: alloc: add module `allocator_test`
rust: alloc: implement `Vmalloc` allocator
rust: alloc: implement `KVmalloc` allocator
rust: alloc: add __GFP_NOWARN to `Flags`
rust: alloc: implement kernel `Box`
rust: treewide: switch to our kernel `Box` type
rust: alloc: remove extension of std's `Box`
rust: alloc: add `Box` to prelude
rust: alloc: introduce `ArrayLayout`
rust: alloc: implement kernel `Vec` type
rust: alloc: implement `IntoIterator` for `Vec`
rust: alloc: implement `collect` for `IntoIter`
rust: treewide: switch to the kernel `Vec` type
rust: alloc: remove `VecExt` extension
rust: alloc: add `Vec` to prelude
rust: error: use `core::alloc::LayoutError`
rust: error: check for config `test` in `Error::name`
rust: alloc: implement `contains` for `Flags`
rust: alloc: implement `Cmalloc` in module allocator_test
rust: str: test: replace `alloc::format`
rust: alloc: update module comment of alloc.rs
kbuild: rust: remove the `alloc` crate and `GlobalAlloc`
MAINTAINERS: add entry for the Rust `alloc` module
drm/panic: avoid reimplementing Iterator::find
drm/panic: remove unnecessary borrow in alignment_pattern
drm/panic: prefer eliding lifetimes
drm/panic: remove redundant field when assigning value
drm/panic: correctly indent continuation of line in list item
drm/panic: allow verbose boolean for clarity
drm/panic: allow verbose version check
rust: kbuild: expand rusttest target for macros
rust: fix size_t in bindgen prototypes of C builtins
rust: map `__kernel_size_t` and friends also to usize/isize
rust: use custom FFI integer types
rust: alloc: Fix `ArrayLayout` allocations
Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'"
tracing: tprobe-events: Fix a memory leak when tprobe with $retval
tracing: tprobe-events: Reject invalid tracepoint name
stmmac: loongson: Pass correct arg to PCI function
LoongArch: Convert unreachable() to BUG()
LoongArch: Use polling play_dead() when resuming from hibernation
LoongArch: Set max_pfn with the PFN of the last page
LoongArch: KVM: Add interrupt checking for AVEC
LoongArch: KVM: Reload guest CSR registers after sleep
LoongArch: KVM: Fix GPA size issue about VM
HID: appleir: Fix potential NULL dereference at raw event handle
ksmbd: fix type confusion via race condition when using ipc_msg_send_request
ksmbd: fix out-of-bounds in parse_sec_desc()
ksmbd: fix use-after-free in smb2_lock
ksmbd: fix bug on trap in smb2_lock
gpio: rcar: Use raw_spinlock to protect register access
gpio: aggregator: protect driver attr handlers against module unload
ALSA: seq: Avoid module auto-load handling at event delivery
ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform
ALSA: hda/realtek: update ALC222 depop optimize
btrfs: fix a leaked chunk map issue in read_one_chunk()
hwmon: (peci/dimmtemp) Do not provide fake thresholds data
drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
drm/amdkfd: Fix NULL Pointer Dereference in KFD queue
drm/amd/pm: always allow ih interrupt from fw
drm/imagination: avoid deadlock on fence release
drm/imagination: Hold drm_gem_gpuva lock for unmap
drm/imagination: only init job done fences once
drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
Revert "mm/page_alloc.c: don't show protection in zone's ->lowmem_reserve[] for empty zone"
Revert "selftests/mm: remove local __NR_* definitions"
platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
x86/boot: Sanitize boot params before parsing command line
x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
x86/cpu: Validate CPUID leaf 0x2 EDX output
x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
drm/xe: Add staging tree for VM binds
drm/xe/hmm: Style- and include fixes
drm/xe/hmm: Don't dereference struct page pointers without notifier lock
drm/xe/vm: Fix a misplaced #endif
drm/xe/vm: Validate userptr during gpu vma prefetching
mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
drm/xe: Fix GT "for each engine" workarounds
drm/xe: Fix fault mode invalidation with unbind
drm/xe/userptr: properly setup pfn_flags_mask
drm/xe/userptr: Unmap userptrs in the mmu notifier
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
wifi: cfg80211: regulatory: improve invalid hints checking
wifi: nl80211: reject cooked mode if it is set along with other flags
selftests/damon/damos_quota_goal: handle minimum quota that cannot be further reduced
selftests/damon/damos_quota: make real expectation of quota exceeds
selftests/damon/damon_nr_regions: set ops update for merge results check to 100ms
selftests/damon/damon_nr_regions: sort collected regiosn before checking with min/max boundaries
rapidio: add check for rio_add_net() in rio_scan_alloc_net()
rapidio: fix an API misues when rio_add_net() fails
dma: kmsan: export kmsan_handle_dma() for modules
s390/traps: Fix test_monitor_call() inline assembly
NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback
userfaultfd: do not block on locking a large folio with raised refcount
block: fix conversion of GPT partition name to 7-bit
mm/page_alloc: fix uninitialized variable
mm: abort vma_modify() on merge out of memory failure
mm: memory-failure: update ttu flag inside unmap_poisoned_folio
mm: don't skip arch_sync_kernel_mappings() in error paths
mm: fix finish_fault() handling for large folios
hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
mm: memory-hotplug: check folio ref count first in do_migrate_range
wifi: iwlwifi: mvm: clean up ROC on failure
wifi: iwlwifi: mvm: don't try to talk to a dead firmware
wifi: iwlwifi: limit printed string from FW file
wifi: iwlwifi: Free pages allocated when failing to build A-MSDU
wifi: iwlwifi: Fix A-MSDU TSO preparation
HID: google: fix unused variable warning under !CONFIG_ACPI
HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
coredump: Only sort VMAs when core_sort_vma sysctl is set
nvme-pci: add support for sgl metadata
nvme-pci: use sgls for all user requests if possible
nvme-ioctl: fix leaked requests on mapping error
wifi: mac80211: Support parsing EPCS ML element
wifi: mac80211: fix MLE non-inheritance parsing
wifi: mac80211: fix vendor-specific inheritance
drm/fbdev-helper: Move color-mode lookup into 4CC format helper
drm/fbdev: Add memory-agnostic fbdev client
drm: Add client-agnostic setup helper
drm/fbdev-ttm: Support struct drm_driver.fbdev_probe
drm/nouveau: Run DRM default client setup
drm/nouveau: select FW caching
bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
nvme-tcp: add basic support for the C2HTermReq PDU
nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
ALSA: hda/realtek: Remove (revert) duplicate Ally X config
net: gso: fix ownership in __udp_gso_segment
caif_virtio: fix wrong pointer check in cfv_probe()
perf/core: Fix pmus_lock vs. pmus_srcu ordering
hwmon: (pmbus) Initialise page count in pmbus_identify()
hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
hwmon: (ad7314) Validate leading zero bits and return error
tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro
drm/imagination: Fix timestamps in firmware traces
ALSA: usx2y: validate nrpacks module parameter on probe
llc: do not use skb_get() before dev_queue_xmit()
hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
drm/sched: Fix preprocessor guard
be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error
drm/i915/color: Extract intel_color_modeset()
drm/i915: Plumb 'dsb' all way to the plane hooks
drm/xe: Remove double pageflip
HID: hid-steam: Fix use-after-free when detaching device
net: ipa: Fix v4.7 resource group names
net: ipa: Fix QSB data for v4.7
net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7
ppp: Fix KMSAN uninit-value warning with bpf
ethtool: linkstate: migrate linkstate functions to support multi-PHY setups
net: ethtool: plumb PHY stats to PHY drivers
net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
vlan: enforce underlying device type
x86/sgx: Fix size overflows in sgx_encl_create()
exfat: fix just enough dentries but allocate a new cluster to dir
exfat: fix soft lockup in exfat_clear_bitmap
exfat: short-circuit zero-byte writes in exfat_file_write_iter
net-timestamp: support TCP GSO case for a few missing flags
ublk: set_params: properly check if parameters can be applied
sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
nvme-tcp: fix signedness bug in nvme_tcp_init_connection()
net: dsa: mt7530: Fix traffic flooding for MMIO devices
mctp i3c: handle NULL header address
net: ipv6: fix dst ref loop in ila lwtunnel
net: ipv6: fix missing dst ref drop in ila lwtunnel
gpio: rcar: Fix missing of_node_put() call
Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
usb: renesas_usbhs: Call clk_put()
xhci: Restrict USB4 tunnel detection for USB3 devices to Intel hosts
usb: renesas_usbhs: Use devm_usb_get_phy()
usb: hub: lack of clearing xHC resources
usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
usb: typec: ucsi: Fix NULL pointer access
usb: renesas_usbhs: Flush the notify_hotplug_work
usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails
usb: atm: cxacru: fix a flaw in existing endpoint checks
usb: dwc3: Set SUSPENDENABLE soon after phy init
usb: dwc3: gadget: Prevent irq storm when TH re-executes
usb: typec: ucsi: increase timeout for PPM reset operations
usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
usb: gadget: Set self-powered based on MaxPower and bmAttributes
usb: gadget: Fix setting self-powered state on suspend
usb: gadget: Check bmAttributes only if configuration is valid
kbuild: userprogs: use correct lld when linking through clang
acpi: typec: ucsi: Introduce a ->poll_cci method
rust: finish using custom FFI integer types
rust: map `long` to `isize` and `char` to `u8`
xhci: pci: Fix indentation in the PCI device ID definitions
usb: xhci: Enable the TRB overfetch quirk on VIA VL805
KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow
KVM: SVM: Save host DR masks on CPUs with DebugSwap
KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
KVM: SVM: Suppress DEBUGCTL.BTF on AMD
KVM: x86: Snapshot the host's DEBUGCTL in common x86
KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is disabled
KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM
cdx: Fix possible UAF error in driver_override_show()
mei: me: add panther lake P DID
mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO
intel_th: pci: Add Arrow Lake support
intel_th: pci: Add Panther Lake-H support
intel_th: pci: Add Panther Lake-P/U support
char: misc: deallocate static minor in error path
drivers: core: fix device leak in __fw_devlink_relax_cycles()
slimbus: messaging: Free transaction ID in delayed interrupt scenario
bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
eeprom: digsy_mtc: Make GPIO lookup table match the device
drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
iio: filter: admv8818: Force initialization of SDO
iio: light: apds9306: fix max_scale_nano values
iio: dac: ad3552r: clear reset status flag
iio: adc: ad7192: fix channel select
iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()
arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes
fs/netfs/read_pgpriv2: skip folio queues without `marks3`
fs/netfs/read_collect: fix crash due to uninitialized `prev` variable
kbuild: hdrcheck: fix cross build with clang
ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
nvme-tcp: Fix a C2HTermReq error message
docs: rust: remove spurious item in `expect` list
Revert "KVM: e500: always restore irqs"
Revert "KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults"
Revert "KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock"
Revert "KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()"
KVM: e500: always restore irqs
uprobes: Fix race in uprobe_free_utask
selftests/bpf: Clean up open-coded gettid syscall invocations
x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
wifi: iwlwifi: pcie: Fix TSO preparation
Linux 6.12.19
Change-Id: Ia0c2b2c6a95b53a66e21505ed6ba756c6b0a2388
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 7e6b3fcc9c5294aeafed0dbe1a09a1bc899bd0f2 upstream.
Lockdep reports this deadlock log:
osnoise: could not start sampling thread
============================================
WARNING: possible recursive locking detected
--------------------------------------------
CPU0
----
lock(cpu_hotplug_lock);
lock(cpu_hotplug_lock);
Call Trace:
<TASK>
print_deadlock_bug+0x282/0x3c0
__lock_acquire+0x1610/0x29a0
lock_acquire+0xcb/0x2d0
cpus_read_lock+0x49/0x120
stop_per_cpu_kthreads+0x7/0x60
start_kthread+0x103/0x120
osnoise_hotplug_workfn+0x5e/0x90
process_one_work+0x44f/0xb30
worker_thread+0x33e/0x5e0
kthread+0x206/0x3b0
ret_from_fork+0x31/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
This is the deadlock scenario:
osnoise_hotplug_workfn()
guard(cpus_read_lock)(); // first lock call
start_kthread(cpu)
if (IS_ERR(kthread)) {
stop_per_cpu_kthreads(); {
cpus_read_lock(); // second lock call. Cause the AA deadlock
}
}
It is not necessary to call stop_per_cpu_kthreads() which stops osnoise
kthread for every other CPUs in the system if a failure occurs during
hotplug of a certain CPU.
For start_per_cpu_kthreads(), if the start_kthread() call fails,
this function calls stop_per_cpu_kthreads() to handle the error.
Therefore, similarly, there is no need to call stop_per_cpu_kthreads()
again within start_kthread().
So just remove stop_per_cpu_kthreads() from start_kthread to solve this issue.
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/20250321095249.2739397-1-ranxiaokai627@163.com
Fixes: c8895e271f ("trace/osnoise: Support hotplug operations")
Signed-off-by: Ran Xiaokai <ran.xiaokai@zte.com.cn>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman
Ye Bin
Steven Rostedt
Dmitry Antipov
Di Shen
Tao Chen
Miaoqian Lin
Pan Taixi
Vincent Donnefort
Andy Shevchenko
pengdonglin
Masami Hiramatsu (Google)
Jeongjun Park
Alexei Starovoitov
Menglong Dong
Andy Chiu
zhoumin
Gabriele Paoloni
Ran Xiaokai