GKI (arm64) relevant 105 out of 506 changes, affecting 145 files +1290/-523
623074162b sched: Fix trace_sched_switch(.prev_state) [1 file, +4/-2]
781bbc8252 perf/core: Fix broken throttling when max_samples_per_tick=1 [1 file, +8/-8]
451a18d71b sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks [1 file, +6/-0]
5b814cde62 brd: fix aligned_sector from brd_do_discard() [1 file, +1/-1]
48e11bcee9 brd: fix discard end sector [1 file, +6/-3]
9cfca45aec erofs: fix file handle encoding for 64-bit NIDs [1 file, +36/-8]
65115472f7 erofs: avoid using multiple devices with different type [1 file, +4/-1]
58beaa1aee rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture [3 files, +10/-6]
5ed92ad1b7 crypto: xts - Only add ecb if it is not already there [1 file, +2/-2]
e9ecaeaf41 kunit: Fix wrong parameter to kunit_deactivate_static_stub() [1 file, +1/-1]
9c094deb6b crypto: api - Redo lookup on EEXIST [1 file, +11/-2]
81d72f9241 PM: EM: Fix potential division-by-zero error in em_compute_costs() [1 file, +4/-0]
0426e92970 PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() [1 file, +3/-0]
77d45ba1be PM: sleep: Print PM debug messages during hibernation [3 files, +11/-1]
45844a9403 ALSA: core: fix up bus match const issues. [4 files, +8/-8]
fa65c89f3f arm64/fpsimd: Avoid RES0 bits in the SME trap handler [2 files, +9/-7]
6103f9ba51 arm64/fpsimd: Discard stale CPU state when handling SME traps [1 file, +2/-0]
945d247d1c arm64/fpsimd: Don't corrupt FPMR when streaming mode changes [1 file, +3/-3]
55d52af498 arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP [1 file, +1/-1]
2756dac036 arm64/fpsimd: Reset FPMR upon exec() [1 file, +3/-0]
f5ffc750db arm64/fpsimd: Fix merging of FPSIMD state during signal return [1 file, +1/-1]
0860d48b70 firmware: psci: Fix refcount leak in psci_dt_init [1 file, +3/-1]
64a9ee6e11 arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused [1 file, +2/-2]
b3cfc1f9f5 arm64/fpsimd: Do not discard modified SVE state [3 files, +47/-17]
e55f46a11b overflow: Fix direct struct member initialization in _DEFINE_FLEX() [1 file, +3/-3]
671dd1fb87 bpf: Check link_create.flags parameter for multi_kprobe [1 file, +3/-0]
3a8e680f7d bpf, sockmap: fix duplicated data transmission [1 file, +9/-5]
3d25fa2d7f bpf, sockmap: Fix panic when calling skb_linearize [1 file, +16/-15]
44a51592ac f2fs: zone: fix to avoid inconsistence in between SIT and SSA [1 file, +3/-0]
4f51fb0d25 page_pool: Track DMA-mapped pages and unmap them when destroying the pool [5 files, +147/-18]
88f65bb66d iommu: Protect against overflow in iommu_pgsize() [1 file, +3/-1]
04daca6012 f2fs: clean up w/ fscrypt_is_bounce_page() [1 file, +1/-1]
4248ba53e4 f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() [1 file, +1/-1]
c1f418cc27 bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps [1 file, +16/-11]
e53a8dcd36 tracing: Move histogram trigger variables from stack to per CPU structure [1 file, +105/-15]
69a995644a efi/libstub: Describe missing 'out' parameter in efi_load_initrd [1 file, +1/-0]
709412b92a tracing: Fix error handling in event_trigger_parse() [1 file, +2/-2]
c98cdf6795 bpf: Fix WARN() in get_bpf_raw_tp_regs [1 file, +1/-1]
e0657136ae scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() [1 file, +0/-6]
6bfb154f95 kernfs: Relax constraint in draining guard [2 files, +5/-3]
df00f9147e Bluetooth: ISO: Fix not using SID from adv report [5 files, +75/-14]
1d249cc92d bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" [1 file, +2/-0]
1750c3f1d9 Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() [1 file, +1/-1]
15c0250dae bpf, sockmap: Avoid using sk_socket after free when sending [1 file, +8/-0]
30a9e834c7 net: usb: aqc111: fix error handling of usbnet read calls [1 file, +8/-2]
7893a41dea vsock/virtio: fix `rx_bytes` accounting for stream sockets [2 files, +17/-10]
2bc6dffb4b bpf: Avoid __bpf_prog_ret0_warn when jit fails [1 file, +1/-1]
ddc654e89a net: phy: clear phydev->devlink when the link is deleted [1 file, +3/-1]
f15ed37dd3 net: phy: fix up const issues in to_mdio_device() and to_phy_device() [2 files, +2/-8]
532601e783 f2fs: use d_inode(dentry) cleanup dentry->d_inode [2 files, +6/-6]
0befc3005d f2fs: fix to correct check conditions in f2fs_cross_rename [1 file, +1/-1]
2eeb181e76 dm: don't change md if dm_table_set_restrictions() fails [1 file, +12/-10]
48e0b54be4 dm: free table mempools if not used in __bind [1 file, +4/-4]
17e4b0fcd2 PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() [1 file, +1/-1]
0a3e2ec508 PCI: endpoint: Retain fixed-size BAR size as well as aligned size [2 files, +18/-7]
9f40ae8310 USB: gadget: udc: fix const issue in gadget_match_driver() [1 file, +1/-1]
4bd30962f3 USB: typec: fix const issue in typec_match() [1 file, +1/-1]
3091d4c0d0 loop: add file_start_write() and file_end_write() [1 file, +6/-2]
90891eadb8 Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated [1 file, +4/-4]
e869a85acc page_pool: Fix use-after-free in page_pool_recycle_in_ring [1 file, +14/-13]
c762fc79d7 net: tipc: fix refcount warning in tipc_aead_encrypt [1 file, +5/-1]
b788cebf72 Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION [1 file, +2/-1]
4399f59a94 net: fix udp gso skb_segment after pull from frag_list [1 file, +5/-0]
0cffc6e40d PM: sleep: Fix power.is_suspended cleanup for direct-complete devices [1 file, +2/-1]
f34dc858e6 netfilter: nf_nat: also check reverse tuple to obtain clashing entry [1 file, +9/-3]
4f0fcdb835 wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements [4 files, +83/-32]
933466fc50 wireguard: device: enable threaded NAPI [1 file, +1/-0]
1be1f3b848 iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec [1 file, +1/-1]
1d79230719 path_overmount(): avoid false negatives [1 file, +13/-6]
e1d02fe504 fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) [1 file, +1/-1]
9c1ddfeb66 do_change_type(): refuse to operate on unmounted/not ours mounts [1 file, +4/-0]
80f7c5be4f pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() [2 files, +42/-0]
3464a707d1 scsi: core: ufs: Fix a hang in the error handler [1 file, +6/-1]
99e3d69853 Bluetooth: hci_core: fix list_for_each_entry_rcu usage [1 file, +3/-8]
9df3e5e7f7 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete [3 files, +12/-30]
84ab1283eb Bluetooth: MGMT: Remove unused mgmt_pending_find_data [2 files, +0/-21]
4e83f2dbb2 Bluetooth: MGMT: Protect mgmt_pending list with its own lock [5 files, +80/-59]
d1bc80da75 net_sched: sch_sfq: fix a potential crash on gso_skb handling [1 file, +4/-1]
1e0de7582c net: Fix TOCTOU issue in sk_is_readable() [1 file, +5/-2]
78fa7b723e macsec: MACsec SCI assignment for ES = 0 [1 file, +34/-6]
b02d9d2732 net/mdiobus: Fix potential out-of-bounds read/write access [1 file, +6/-0]
31bf7b2b92 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access [1 file, +6/-0]
842f7c3154 Bluetooth: Fix NULL pointer deference on eir_get_service_data [1 file, +6/-4]
907ef6e12f Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance [1 file, +15/-5]
2af40d795d Bluetooth: eir: Fix possible crashes on eir_create_adv_data [3 files, +8/-6]
7a41744e38 Bluetooth: MGMT: Fix sparse errors [1 file, +2/-2]
e3f6745006 net_sched: prio: fix a race in prio_tune() [1 file, +1/-1]
180b12eafa net_sched: tbf: fix a race in tbf_change() [1 file, +1/-1]
0a2500782f fs/filesystems: Fix potential unsigned integer underflow in fs_name() [1 file, +9/-5]
f351bb3085 perf: Ensure bpf_perf_link path is properly serialized [1 file, +30/-4]
a5c7b61eed block: use q->elevator with ->elevator_lock held in elv_iosched_show() [1 file, +1/-2]
af8c13f9ee io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() [2 files, +14/-7]
0fccb6773b block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work [1 file, +5/-2]
48f33ec141 io_uring: consistently use rcu semantics with sqpoll thread [4 files, +38/-15]
a9022c8631 bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP [1 file, +1/-1]
4b1ef15ffd block: Fix bvec_set_folio() for very large folios [1 file, +5/-2]
84e9f0a2c2 ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 [1 file, +1/-0]
c29d531870 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() [1 file, +9/-0]
657003ced7 usb: Flush altsetting 0 endpoints before reinitializating them after reset. [1 file, +14/-2]
7bdd712abe usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work [1 file, +71/-20]
b8df8cb8f7 ring-buffer: Do not trigger WARN_ON() due to a commit_overrun [1 file, +18/-8]
e09c0600be ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() [1 file, +1/-3]
2d6a6cfe96 ring-buffer: Move cpus_read_lock() outside of buffer->mutex [1 file, +6/-5]
5ed1d7a700 net: usb: aqc111: debug info before sanitation [1 file, +4/-4]
ab20b0bdb0 overflow: Introduce __DEFINE_FLEX for having no initializer [1 file, +19/-6]
Changes in 6.12.34
tools/x86/kcpuid: Fix error handling
x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt()
crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run()
sched: Fix trace_sched_switch(.prev_state)
perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member
perf/x86/amd/uncore: Prevent UMC counters from saturating
gfs2: replace sd_aspace with sd_inode
gfs2: gfs2_create_inode error handling fix
perf/core: Fix broken throttling when max_samples_per_tick=1
crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions
powerpc: do not build ppc_save_regs.o always
powerpc/crash: Fix non-smp kexec preparation
sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks
x86/microcode/AMD: Do not return error when microcode update is not necessary
crypto: sun8i-ce - undo runtime PM changes during driver removal
x86/cpu: Sanitize CPUID(0x80000000) output
x86/insn: Fix opcode map (!REX2) superscript tags
brd: fix aligned_sector from brd_do_discard()
brd: fix discard end sector
kselftest: cpufreq: Get rid of double suspend in rtcwake case
crypto: marvell/cesa - Handle zero-length skcipher requests
crypto: marvell/cesa - Avoid empty transfer descriptor
erofs: fix file handle encoding for 64-bit NIDs
erofs: avoid using multiple devices with different type
powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view
btrfs: scrub: update device stats when an error is detected
btrfs: scrub: fix a wrong error type when metadata bytenr mismatches
btrfs: fix invalid data space release when truncating block in NOCOW mode
rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture
crypto: lrw - Only add ecb if it is not already there
crypto: xts - Only add ecb if it is not already there
crypto: sun8i-ce - move fallback ahash_request to the end of the struct
kunit: Fix wrong parameter to kunit_deactivate_static_stub()
crypto: api - Redo lookup on EEXIST
ACPICA: exserial: don't forget to handle FFixedHW opregions for reading
ASoC: tas2764: Enable main IRQs
ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()
EDAC/skx_common: Fix general protection fault
EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0
spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers
spi: tegra210-quad: remove redundant error handling code
spi: tegra210-quad: modify chip select (CS) deactivation
power: reset: at91-reset: Optimize at91_reset()
PM: EM: Fix potential division-by-zero error in em_compute_costs()
ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type
ASoC: SOF: amd: add missing acp descriptor field
PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[]
x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
PM: sleep: Print PM debug messages during hibernation
thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure
ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
spi: sh-msiof: Fix maximum DMA transfer size
ASoC: apple: mca: Constrain channels according to TDM mask
ALSA: core: fix up bus match const issues.
drm/vmwgfx: Add seqno waiter for sync_files
drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource
drm/vmwgfx: Fix dumb buffer leak
drm/xe/d3cold: Set power state to D3Cold during s2idle/s3
drm/vc4: tests: Use return instead of assert
drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table
media: rkvdec: Fix frame size enumeration
arm64/fpsimd: Avoid RES0 bits in the SME trap handler
arm64/fpsimd: Discard stale CPU state when handling SME traps
arm64/fpsimd: Don't corrupt FPMR when streaming mode changes
arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
arm64/fpsimd: Reset FPMR upon exec()
arm64/fpsimd: Fix merging of FPSIMD state during signal return
drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions
drm/panthor: Update panthor_mmu::irq::mask when needed
perf: arm-ni: Unregister PMUs on probe failure
perf: arm-ni: Fix missing platform_set_drvdata()
drm/panel: samsung-sofef00: Drop s6e3fc2x01 support
drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe()
fs/ntfs3: handle hdr_first_de() return value
fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr
kunit/usercopy: Disable u64 test on 32-bit SPARC
watchdog: exar: Shorten identity name to fit correctly
m68k: mac: Fix macintosh_config for Mac II
firmware: psci: Fix refcount leak in psci_dt_init
arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused
selftests/seccomp: fix syscall_restart test for arm compat
drm/msm/dpu: enable SmartDMA on SM8150
drm/msm/dpu: enable SmartDMA on SC8180X
drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
drm/vkms: Adjust vkms_state->active_planes allocation type
drm/tegra: rgb: Fix the unbound reference count
firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
arm64/fpsimd: Do not discard modified SVE state
overflow: Fix direct struct member initialization in _DEFINE_FLEX()
scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()
selftests/seccomp: fix negative_ENOSYS tracer tests on arm32
drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3
drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr
drm/mediatek: Fix kobject put for component sub-drivers
drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err
media: verisilicon: Free post processor buffers on error
svcrdma: Reduce the number of rdma_rw contexts per-QP
xen/x86: fix initial memory balloon target
wifi: ath11k: fix node corruption in ar->arvifs list
wifi: ath12k: Fix memory leak during vdev_id mismatch
wifi: ath12k: Fix invalid memory access while forming 802.11 header
IB/cm: use rwlock for MAD agent lock
bpf: Check link_create.flags parameter for multi_kprobe
selftests/bpf: Fix bpf_nf selftest failure
bpf: fix ktls panic with sockmap
bpf, sockmap: fix duplicated data transmission
bpf, sockmap: Fix panic when calling skb_linearize
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
wifi: ath12k: fix cleanup path after mhi init
wifi: ath12k: Fix WMI tag for EHT rate in peer assoc
wifi: ath12k: Fix buffer overflow in debugfs
f2fs: clean up unnecessary indentation
f2fs: prevent the current section from being selected as a victim during GC
f2fs: fix to do sanity check on sbi->total_valid_block_count
page_pool: Move pp_magic check into helper functions
page_pool: Track DMA-mapped pages and unmap them when destroying the pool
net: ncsi: Fix GCPS 64-bit member variables
libbpf: Fix buffer overflow in bpf_object__init_prog
net/mlx5: Avoid using xso.real_dev unnecessarily
xfrm: Use xdo.dev instead of xdo.real_dev
wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT
wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally
wifi: rtw88: do not ignore hardware read error during DPK
wifi: ath12k: fix invalid access to memory
wifi: ath12k: Add MSDU length validation for TKIP MIC error
wifi: ath12k: Fix the QoS control field offset to build QoS header
wifi: ath12k: fix node corruption in ar->arvifs list
RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
libbpf: Fix event name too long error
libbpf: Remove sample_period init in perf_buffer
Use thread-safe function pointer in libbpf_print
iommu: Protect against overflow in iommu_pgsize()
bonding: assign random address if device address is same as bond
f2fs: clean up w/ fscrypt_is_bounce_page()
f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels
libbpf: Use proper errno value in linker
bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps
netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it
netfilter: nft_quota: match correctly when the quota just depleted
netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
tracing: Move histogram trigger variables from stack to per CPU structure
clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs
bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels
clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
wifi: iwlfiwi: mvm: Fix the rate reporting
efi/libstub: Describe missing 'out' parameter in efi_load_initrd
selftests/bpf: Fix caps for __xlated/jited_unpriv
tracing: Rename event_trigger_alloc() to trigger_data_alloc()
tracing: Fix error handling in event_trigger_parse()
of: unittest: Unlock on error in unittest_data_add()
ktls, sockmap: Fix missing uncharge operation
libbpf: Use proper errno value in nlattr
pinctrl: at91: Fix possible out-of-boundary access
bpf: Fix WARN() in get_bpf_raw_tp_regs
dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference
clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz
s390/bpf: Store backchain even for leaf progs
wifi: rtw89: pci: enlarge retry times of RX tag to 1000
wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips
iommu: remove duplicate selection of DMAR_TABLE
wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
hisi_acc_vfio_pci: fix XQE dma address error
hisi_acc_vfio_pci: add eq and aeq interruption restore
hisi_acc_vfio_pci: bugfix live migration function without VF device driver
wifi: ath9k_htc: Abort software beacon handling if disabled
scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort()
kernfs: Relax constraint in draining guard
Bluetooth: ISO: Fix not using SID from adv report
wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()
wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
wifi: mt76: mt7925: prevent multiple scan commands
wifi: mt76: mt7925: refine the sniffer commnad
wifi: mt76: mt7925: ensure all MCU commands wait for response
wifi: mt76: mt7996: set EHT max ampdu length capability
wifi: mt76: mt7996: fix RX buffer size of MCU event
bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic"
netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds
netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
vfio/type1: Fix error unwind in migration dirty bitmap allocation
Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
Bluetooth: btintel: Check dsbr size from EFI variable
bpf, sockmap: Avoid using sk_socket after free when sending
netfilter: nf_tables: nft_fib: consistent l3mdev handling
netfilter: nft_tunnel: fix geneve_opt dump
RISC-V: KVM: lock the correct mp_state during reset
net: usb: aqc111: fix error handling of usbnet read calls
vsock/virtio: fix `rx_bytes` accounting for stream sockets
RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
net: lan966x: Fix 1-step timestamping over ipv4 or ipv6
net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit
bpf: Avoid __bpf_prog_ret0_warn when jit fails
net: phy: clear phydev->devlink when the link is deleted
net: phy: fix up const issues in to_mdio_device() and to_phy_device()
net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
net: lan743x: Fix PHY reset handling during initialization and WOL
net: phy: mscc: Fix memory leak when using one step timestamping
octeontx2-pf: QOS: Perform cache sync on send queue teardown
octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback
calipso: Don't call calipso functions for AF_INET sk.
net: openvswitch: Fix the dead loop of MPLS parse
net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
f2fs: use d_inode(dentry) cleanup dentry->d_inode
f2fs: fix to correct check conditions in f2fs_cross_rename
arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent
arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures
arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node
arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on
arm64: dts: qcom: sdm845-starqltechn: remove wifi
arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake
arm64: dts: qcom: sdm845-starqltechn: refactor node order
arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios
arm64: dts: qcom: sm8350: Reenable crypto & cryptobam
arm64: dts: qcom: sm8250: Fix CPU7 opp table
arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies
arm64: dts: qcom: ipq9574: Fix USB vdd info
arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588
ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
ARM: dts: at91: at91sam9263: fix NAND chip selects
arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
arm64: dts: mt8183: Add port node to mt8183.dtsi
arm64: dts: imx8mm-beacon: Fix RTC capacitive load
arm64: dts: imx8mn-beacon: Fix RTC capacitive load
arm64: dts: imx8mp-beacon: Fix RTC capacitive load
arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio
arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio
arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles
arm64: dts: mt6359: Add missing 'compatible' property to regulators node
arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply
arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning
arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c
arm64: dts: rockchip: Update eMMC for NanoPi R5 series
arm64: tegra: Drop remaining serial clock-names and reset-names
arm64: tegra: Add uartd serial alias for Jetson TX1 module
arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E
soc: qcom: smp2p: Fix fallback to qcom,ipc parse
Squashfs: check return result of sb_min_blocksize
ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
nilfs2: add pointer check for nilfs_direct_propagate()
nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
bus: fsl-mc: fix double-free on mc_dev
dt-bindings: vendor-prefixes: Add Liontron name
ARM: dts: qcom: apq8064: add missing clocks to the timer node
ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device
ARM: dts: qcom: apq8064: move replicator out of soc node
arm64: defconfig: mediatek: enable PHY drivers
arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou
arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects
arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups
arm64: dts: mt6359: Rename RTC node to match binding expectations
ARM: aspeed: Don't select SRAM
soc: aspeed: lpc: Fix impossible judgment condition
soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
randstruct: gcc-plugin: Remove bogus void member
randstruct: gcc-plugin: Fix attribute addition
perf build: Warn when libdebuginfod devel files are not available
perf ui browser hists: Set actions->thread before calling do_zoom_thread()
dm: don't change md if dm_table_set_restrictions() fails
dm: free table mempools if not used in __bind
backlight: pm8941: Add NULL check in wled_configure()
x86/irq: Ensure initial PIR loads are performed exactly once
mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
hwmon: (asus-ec-sensors) check sensor index in read_string()
perf symbol-minimal: Fix double free in filename__read_build_id
dm: fix dm_blk_report_zones
dm-flakey: error all IOs when num_features is absent
dm-flakey: make corrupting read bios work
perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids()
perf tests: Fix 'perf report' tests installation
perf intel-pt: Fix PEBS-via-PT data_src
perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3
remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick}
remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick}
rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe()
mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove()
mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
perf tests switch-tracking: Fix timestamp comparison
mailbox: imx: Fix TXDB_V2 sending
mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting
perf symbol: Fix use-after-free in filename__read_build_id
perf record: Fix incorrect --user-regs comments
perf trace: Always print return value for syscalls returning a pid
nfs: clear SB_RDONLY before getting superblock
nfs: ignore SB_RDONLY when remounting nfs
perf trace: Set errpid to false for rseq and set_robust_list
perf callchain: Always populate the addr_location map when adding IP
cifs: Fix validation of SMB1 query reparse point response
rust: alloc: add missing invariant in Vec::set_len()
rtc: sh: assign correct interrupts with DT
phy: rockchip: samsung-hdptx: Fix clock ratio setup
phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors
PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus()
PCI: rcar-gen4: set ep BAR4 fixed size
PCI: cadence: Fix runtime atomic count underflow
PCI: apple: Use gpiod_set_value_cansleep in probe flow
phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
dmaengine: ti: Add NULL check in udma_probe()
PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()
PCI/DPC: Initialize aer_err_info before using it
PCI/DPC: Log Error Source ID only when valid
rtc: loongson: Add missing alarm notifications for ACPI RTC events
PCI: endpoint: Retain fixed-size BAR size as well as aligned size
usb: renesas_usbhs: Reorder clock handling and power management in probe
serial: Fix potential null-ptr-deref in mlb_usio_probe()
thunderbolt: Fix a logic error in wake on connect
iio: filter: admv8818: fix band 4, state 15
iio: filter: admv8818: fix integer overflow
iio: filter: admv8818: fix range calculation
iio: filter: admv8818: Support frequencies >= 2^32
iio: adc: ad7124: Fix 3dB filter frequency reading
usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()
MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a
coresight: Fixes device's owner field for registered using coresight_init_driver()
coresight: catu: Introduce refcount and spinlock for enabling/disabling
counter: interrupt-cnt: Protect enable/disable OPs with mutex
fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
coresight: prevent deactivate active config while enabling the config
vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array()
iio: adc: PAC1934: fix typo in documentation link
iio: adc: mcp3911: fix device dependent mappings for conversion result registers
USB: gadget: udc: fix const issue in gadget_match_driver()
USB: typec: fix const issue in typec_match()
loop: add file_start_write() and file_end_write()
drm/xe: Make xe_gt_freq part of the Documentation
Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated
page_pool: Fix use-after-free in page_pool_recycle_in_ring
net: stmmac: platform: guarantee uniqueness of bus_id
gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
net: tipc: fix refcount warning in tipc_aead_encrypt
driver: net: ethernet: mtk_star_emac: fix suspend/resume issue
net/mlx4_en: Prevent potential integer overflow calculating Hz
net: lan966x: Make sure to insert the vlan tags also in host mode
spi: bcm63xx-spi: fix shared reset
spi: bcm63xx-hsspi: fix shared reset
Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
ice: fix Tx scheduler error handling in XDP callback
ice: create new Tx scheduler nodes for new queues only
ice: fix rebuilding the Tx scheduler tree for large queue counts
idpf: fix a race in txq wakeup
idpf: avoid mailbox timeout delays during reset
net: dsa: tag_brcm: legacy: fix pskb_may_pull length
net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
net: stmmac: make sure that ptp_rate is not 0 before configuring EST
drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h
drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP
drm/i915/guc: Handle race condition where wakeref count drops below 0
net: fix udp gso skb_segment after pull from frag_list
net: wwan: t7xx: Fix napi rx poll issue
vmxnet3: correctly report gso type for UDP tunnels
selftests: net: build net/lib dependency in all target
PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
nvme: fix command limits status code
gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
drm/panel-simple: fix the warnings for the Evervision VGG644804
netfilter: nf_set_pipapo_avx2: fix initial map fill
netfilter: nf_nat: also check reverse tuple to obtain clashing entry
net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces.
net: dsa: b53: do not enable RGMII delay on bcm63xx
net: dsa: b53: allow RGMII for bcm63xx RGMII ports
net: dsa: b53: do not touch DLL_IQQD on bcm53115
wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements
net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing
wireguard: device: enable threaded NAPI
seg6: Fix validation of nexthop addresses
riscv: misaligned: fix sleeping function called during misaligned access handling
scsi: ufs: qcom: Prevent calling phy_exit() before phy_init()
ASoC: codecs: hda: Fix RPM usage count underflow
ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX
ASoC: Intel: avs: Verify content returned by parse_int_array()
ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init
iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec
path_overmount(): avoid false negatives
fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
do_change_type(): refuse to operate on unmounted/not ours mounts
tools/power turbostat: Fix AMD package-energy reporting
ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315
ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247
ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA
ALSA: hda/realtek - Support mute led function for HP platform
ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
Input: synaptics-rmi - fix crash with unsupported versions of F34
pmdomain: core: Introduce dev_pm_genpd_rpm_always_on()
mmc: sdhci-of-dwcmshc: add PD workaround on RK3576
arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown
arm64: dts: qcom: x1e80100: Add GPU cooling
pinctrl: samsung: refactor drvdata suspend & resume callbacks
pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks
pinctrl: samsung: add gs101 specific eint suspend/resume callbacks
dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3
dt-bindings: pwm: Correct indentation and style in DTS example
dt-bindings: pwm: adi,axi-pwmgen: Fix clocks
serial: sh-sci: Move runtime PM enable to sci_probe_single()
scsi: core: ufs: Fix a hang in the error handler
Bluetooth: hci_core: fix list_for_each_entry_rcu usage
Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers
Bluetooth: btintel_pcie: Increase the tx and rx descriptor count
Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition
Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
Bluetooth: MGMT: Remove unused mgmt_pending_find_data
Bluetooth: MGMT: Protect mgmt_pending list with its own lock
net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0
ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
ath10k: snoc: fix unbalanced IRQ enable in crash recovery
wifi: ath11k: convert timeouts to secs_to_jiffies()
wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process()
wifi: ath11k: don't wait when there is no vdev started
wifi: ath11k: move some firmware stats related functions outside of debugfs
wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready
wifi: ath12k: refactor ath12k_hw_regs structure
wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message
spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted
pinctrl: qcom: pinctrl-qcm2290: Add missing pins
scsi: iscsi: Fix incorrect error path labels for flashnode operations
net_sched: sch_sfq: fix a potential crash on gso_skb handling
powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
drm/meson: use unsigned long long / Hz for frequency types
drm/meson: fix debug log statement when setting the HDMI clocks
drm/meson: use vclk_freq instead of pixel_freq in debug print
drm/meson: fix more rounding issues with 59.94Hz modes
i40e: return false from i40e_reset_vf if reset is in progress
i40e: retry VFLR handling if there is ongoing VF reset
ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
net: Fix TOCTOU issue in sk_is_readable()
macsec: MACsec SCI assignment for ES = 0
net/mdiobus: Fix potential out-of-bounds read/write access
net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
Bluetooth: Fix NULL pointer deference on eir_get_service_data
Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Bluetooth: MGMT: Fix sparse errors
net/mlx5: Ensure fw pages are always allocated on same NUMA
net/mlx5: Fix ECVF vports unload on shutdown flow
net/mlx5: Fix return value when searching for existing flow group
net/mlx5: HWS, fix missing ip_version handling in definer
net/mlx5e: Fix leak of Geneve TLV option object
net_sched: prio: fix a race in prio_tune()
net_sched: red: fix a race in __red_change()
net_sched: tbf: fix a race in tbf_change()
net_sched: ets: fix a race in ets_qdisc_change()
net: drv: netdevsim: don't napi_complete() from netpoll
btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
fs/filesystems: Fix potential unsigned integer underflow in fs_name()
gfs2: pass through holder from the VFS for freeze/thaw
btrfs: exit after state split error at set_extent_bit()
nvmet-fcloop: access fcpreq only when holding reqlock
perf: Ensure bpf_perf_link path is properly serialized
block: use q->elevator with ->elevator_lock held in elv_iosched_show()
io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo()
block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work
io_uring: consistently use rcu semantics with sqpoll thread
bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
block: Fix bvec_set_folio() for very large folios
objtool/rust: relax slice condition to cover more `noreturn` Rust functions
tools/resolve_btfids: Fix build when cross compiling kernel with clang.
Revert "wifi: mwifiex: Fix HT40 bandwidth issue."
ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
nvmem: zynqmp_nvmem: unbreak driver after cleanup
usb: usbtmc: Fix read_stb function and get_stb ioctl
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
tty: serial: 8250_omap: fix TX with DMA for am33xx
usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence
usb: cdnsp: Fix issue with detecting command completion event
usb: cdnsp: Fix issue with detecting USB 3.2 speed
usb: Flush altsetting 0 endpoints before reinitializating them after reset.
usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work
9p: Add a migrate_folio method
ring-buffer: Do not trigger WARN_ON() due to a commit_overrun
ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()
ring-buffer: Move cpus_read_lock() outside of buffer->mutex
xfs: don't assume perags are initialised when trimming AGs
xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
x86/iopl: Cure TIF_IO_BITMAP inconsistencies
x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler
calipso: unlock rcu before returning -EAFNOSUPPORT
regulator: dt-bindings: mt6357: Drop fixed compatible requirement
usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n
net: usb: aqc111: debug info before sanitation
overflow: Introduce __DEFINE_FLEX for having no initializer
gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add
drm/meson: Use 1000ULL when operating with mode->clock
thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit
Linux 6.12.34
Change-Id: I679f0f1ddcf9bf8a0b86089ccb7b78536f5bc441
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4fc78a7c9ca994e1da5d3940704d4e8f0ea8c5e4 upstream.
When reading a memory mapped buffer the reader page is just swapped out
with the last page written in the write buffer. If the reader page is the
same as the commit buffer (the buffer that is currently being written to)
it was assumed that it should never have missed events. If it does, it
triggers a WARN_ON_ONCE().
But there just happens to be one scenario where this can legitimately
happen. That is on a commit_overrun. A commit overrun is when an interrupt
preempts an event being written to the buffer and then the interrupt adds
so many new events that it fills and wraps the buffer back to the commit.
Any new events would then be dropped and be reported as "missed_events".
In this case, the next page to read is the commit buffer and after the
swap of the reader page, the reader page will be the commit buffer, but
this time there will be missed events and this triggers the following
warning:
------------[ cut here ]------------
WARNING: CPU: 2 PID: 1127 at kernel/trace/ring_buffer.c:7357 ring_buffer_map_get_reader+0x49a/0x780
Modules linked in: kvm_intel kvm irqbypass
CPU: 2 UID: 0 PID: 1127 Comm: trace-cmd Not tainted 6.15.0-rc7-test-00004-g478bc2824b45-dirty #564 PREEMPT
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:ring_buffer_map_get_reader+0x49a/0x780
Code: 00 00 00 48 89 fe 48 c1 ee 03 80 3c 2e 00 0f 85 ec 01 00 00 4d 3b a6 a8 00 00 00 0f 85 8a fd ff ff 48 85 c0 0f 84 55 fe ff ff <0f> 0b e9 4e fe ff ff be 08 00 00 00 4c 89 54 24 58 48 89 54 24 50
RSP: 0018:ffff888121787dc0 EFLAGS: 00010002
RAX: 00000000000006a2 RBX: ffff888100062800 RCX: ffffffff8190cb49
RDX: ffff888126934c00 RSI: 1ffff11020200a15 RDI: ffff8881010050a8
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed1024d26982
R10: ffff888126934c17 R11: ffff8881010050a8 R12: ffff888126934c00
R13: ffff8881010050b8 R14: ffff888101005000 R15: ffff888126930008
FS: 00007f95c8cd7540(0000) GS:ffff8882b576e000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95c8de4dc0 CR3: 0000000128452002 CR4: 0000000000172ef0
Call Trace:
<TASK>
? __pfx_ring_buffer_map_get_reader+0x10/0x10
tracing_buffers_ioctl+0x283/0x370
__x64_sys_ioctl+0x134/0x190
do_syscall_64+0x79/0x1c0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f95c8de48db
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
RSP: 002b:00007ffe037ba110 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffe037bb2b0 RCX: 00007f95c8de48db
RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000006
RBP: 00007ffe037ba180 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe037bb6f8 R14: 00007f95c9065000 R15: 00005575c7492c90
</TASK>
irq event stamp: 5080
hardirqs last enabled at (5079): [<ffffffff83e0adb0>] _raw_spin_unlock_irqrestore+0x50/0x70
hardirqs last disabled at (5080): [<ffffffff83e0aa83>] _raw_spin_lock_irqsave+0x63/0x70
softirqs last enabled at (4182): [<ffffffff81516122>] handle_softirqs+0x552/0x710
softirqs last disabled at (4159): [<ffffffff815163f7>] __irq_exit_rcu+0x107/0x210
---[ end trace 0000000000000000 ]---
The above was triggered by running on a kernel with both lockdep and KASAN
as well as kmemleak enabled and executing the following command:
# perf record -o perf-test.dat -a -- trace-cmd record --nosplice -e all -p function hackbench 50
With perf interjecting a lot of interrupts and trace-cmd enabling all
events as well as function tracing, with lockdep, KASAN and kmemleak
enabled, it could cause an interrupt preempting an event being written to
add enough events to wrap the buffer. trace-cmd was modified to have
--nosplice use mmap instead of reading the buffer.
The way to differentiate this case from the normal case of there only
being one page written to where the swap of the reader page received that
one page (which is the commit page), check if the tail page is on the
reader page. The difference between the commit page and the tail page is
that the tail page is where new writes go to, and the commit page holds
the first write that hasn't been committed yet. In the case of an
interrupt preempting the write of an event and filling the buffer, it
would move the tail page but not the commit page.
Have the warning only trigger if the tail page is also on the reader page,
and also print out the number of events dropped by a commit overrun as
that can not yet be safely added to the page so that the reader can see
there were events dropped.
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20250528121555.2066527e@gandalf.local.home
Fixes: fe832be05a ("ring-buffer: Have mmapped ring buffer keep track of missed events")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 18 out of 143 changes, affecting 32 files +213/-83
10d1496f85 fs/xattr.c: fix simple_xattr_list to always include security.* xattrs [1 file, +24/-0]
bc4c54cbb4 binfmt_elf: Move brk for static PIE even if ASLR disabled [1 file, +47/-24]
f0d70d8dca cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks [1 file, +4/-2]
517c11fe4f tracing: probes: Fix a possible race in trace_probe_log APIs [5 files, +27/-3]
94e7272b63 HID: uclogic: Add NULL check in uclogic_input_configured() [1 file, +4/-3]
28826a89fd Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags [1 file, +6/-3]
d1365ca80b net_sched: Flush gso_skb list too during ->change() [7 files, +21/-6]
ddfa034da3 nvme-pci: make nvme_pci_npages_prp() __always_inline [1 file, +1/-1]
a3c147040b nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable [1 file, +2/-0]
c88f4ff535 ALSA: usb-audio: Add sample rate quirk for Audioengine D1 [1 file, +2/-0]
93152dac0b ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera [1 file, +2/-0]
fe1bebd0ed dma-buf: insert memory barrier before updating num_fences [1 file, +3/-2]
7d353da580 ftrace: Fix preemption accounting for stacktrace trigger command [1 file, +1/-1]
bffc3038a2 scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer [3 files, +7/-2]
20d6e621be ring-buffer: Fix persistent buffer when commit page is the reader page [1 file, +5/-3]
fe0756daad mm: userfaultfd: correct dirty flags set for both present and swap pte [1 file, +10/-2]
74953f93f4 mm/page_alloc: fix race condition in unaccepted memory handling [1 file, +0/-23]
5924b32446 usb: typec: ucsi: displayport: Fix deadlock [3 files, +47/-8]
Changes in 6.12.30
arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588
fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies
drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
riscv: dts: sophgo: fix DMA data-width configuration for CV18xx
binfmt_elf: Move brk for static PIE even if ASLR disabled
platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL)
platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks
tracing: probes: Fix a possible race in trace_probe_log APIs
tpm: tis: Double the timeout B to 4s
uio_hv_generic: Fix sysfs creation path for ring buffer
KVM: Add member to struct kvm_gfn_range to indicate private/shared
KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing
iio: adc: ad7266: Fix potential timestamp alignment issue.
iio: chemical: pms7003: use aligned_s64 for timestamp
iio: pressure: mprls0025pa: use aligned_s64 for timestamp
drm/amd: Add Suspend/Hibernate notification callback support
Revert "drm/amd: Stop evicting resources on APUs in suspend"
xhci: dbc: Improve performance by removing delay in transfer event polling.
xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive.
iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
iio: chemical: sps30: use aligned_s64 for timestamp
virtio_ring: add a func argument 'recycle_done' to virtqueue_reset()
virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx
RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
HID: uclogic: Add NULL check in uclogic_input_configured()
nfs: handle failure of nfs_get_lock_context in unlock path
spi: loopback-test: Do not split 1024-byte hexdumps
RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
net_sched: Flush gso_skb list too during ->change()
tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
mctp: no longer rely on net->dev_index_head[]
net: mctp: Don't access ifa_index when missing
selftests: ncdevmem: Redirect all non-payload output to stderr
selftests: ncdevmem: Separate out dmabuf provider
selftests: ncdevmem: Unify error handling
selftests: ncdevmem: Make client_ip optional
selftests: ncdevmem: Switch to AF_INET6
tests/ncdevmem: Fix double-free of queue array
net: mctp: Ensure keys maintain only one ref to corresponding dev
ALSA: seq: Fix delivery of UMP events to group ports
ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
nvme-pci: make nvme_pci_npages_prp() __always_inline
nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
ALSA: sh: SND_AICA should depend on SH_DMA_API
net: dsa: b53: prevent standalone from trying to forward to other ports
vsock/test: Fix occasional failure in SIOCOUTQ tests
net/mlx5e: Disable MACsec offload for uplink representor profile
qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
regulator: max20086: fix invalid memory access
drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value
netlink: specs: tc: fix a couple of attribute names
netlink: specs: tc: all actions are indexed arrays
octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability
octeontx2-af: Fix CGX Receive counters
octeontx2-pf: Do not reallocate all ntuple filters
wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
net/tls: fix kernel panic when alloc_page failed
tsnep: fix timestamping with a stacked DSA driver
NFSv4/pnfs: Reset the layout state after a layoutreturn
dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted"
sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
udf: Make sure i_lenExtents is uptodate on inode eviction
HID: bpf: abort dispatch if device destroyed
LoongArch: Prevent cond_resched() occurring within kernel-fpu
LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
LoongArch: Save and restore CSR.CNTC for hibernation
LoongArch: Fix MAX_REG_OFFSET calculation
LoongArch: uprobes: Remove user_{en,dis}able_single_step()
LoongArch: uprobes: Remove redundant code about resume_era
btrfs: fix discard worker infinite loop after disabling discard
btrfs: fix folio leak in submit_one_async_extent()
btrfs: add back warning for mount option commit values exceeding 300
Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor"
drm/amdgpu: fix incorrect MALL size for GFX1151
drm/amdgpu: csa unmap use uninterruptible lock
drm/amd/display: Correct the reply value when AUX write incomplete
drm/amd/display: Avoid flooding unnecessary info messages
MAINTAINERS: Update Alexey Makhalov's email address
gpio: pca953x: fix IRQ storm on system wake up
ACPI: PPTT: Fix processor subtable walk
ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
ALSA: usb-audio: Add sample rate quirk for Audioengine D1
ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
dma-buf: insert memory barrier before updating num_fences
hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
hv_netvsc: Remove rmsg_pgcnt
arm64: dts: amlogic: dreambox: fix missing clkc_audio node
arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi
Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
kbuild: Disable -Wdefault-const-init-unsafe
ftrace: Fix preemption accounting for stacktrace trigger command
ftrace: Fix preemption accounting for stacktrace filter command
tracing: samples: Initialize trace_array_printk() with the correct function
phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
phy: Fix error handling in tegra_xusb_port_init
phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
phy: renesas: rcar-gen3-usb2: Set timing registers only once
scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
smb: client: fix memory leak during error handling for POSIX mkdir
spi: tegra114: Use value to check for invalid delays
tpm: Mask TPM RC in tpm2_start_auth_session()
wifi: mt76: disable napi on driver removal
ring-buffer: Fix persistent buffer when commit page is the reader page
net: qede: Initialize qede_ll_ops with designated initializer
mm: userfaultfd: correct dirty flags set for both present and swap pte
dmaengine: ti: k3-udma: Add missing locking
dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups
dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals
dmaengine: idxd: Add missing cleanups in cleanup internals
dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call
dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe
dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
CIFS: New mount option for cifs.upcall namespace resolution
drm/xe/gsc: do not flush the GSC worker from the reset path
mm/page_alloc: fix race condition in unaccepted memory handling
accel/ivpu: Rename ivpu_log_level to fw_log_level
accel/ivpu: Reset fw log on cold boot
accel/ivpu: Refactor functions in ivpu_fw_log.c
accel/ivpu: Fix fw log printing
iio: light: opt3001: fix deadlock due to concurrent flag access
Bluetooth: btnxpuart: Fix kernel panic during FW release
drm/fbdev-dma: Support struct drm_driver.fbdev_probe
drm/panel-mipi-dbi: Run DRM default client setup
drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()
usb: typec: ucsi: displayport: Fix deadlock
phy: tegra: xusb: remove a stray unlock
drm/amdgpu: fix pm notifier handling
Linux 6.12.30
Change-Id: I4fefed85c02f1ed826b7ee014700b80c10300bb5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In order to support dump on panic, the external writer might
fast-forward the reader-page to make sure the very last events can be
read.
Bug: 357781595
Bug: 391974813
Change-Id: I5b2473756a3350de8b0b808b54df662b8a77c6ad
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
commit 1d6c39c89f617c9fec6bbae166e25b16a014f7c8 upstream.
The ring buffer is made up of sub buffers (sometimes called pages as they
are by default PAGE_SIZE). It has the following "pages":
"tail page" - this is the page that the next write will write to
"head page" - this is the page that the reader will swap the reader page with.
"reader page" - This belongs to the reader, where it will swap the head
page from the ring buffer so that the reader does not
race with the writer.
The writer may end up on the "reader page" if the ring buffer hasn't
written more than one page, where the "tail page" and the "head page" are
the same.
The persistent ring buffer has meta data that points to where these pages
exist so on reboot it can re-create the pointers to the cpu_buffer
descriptor. But when the commit page is on the reader page, the logic is
incorrect.
The check to see if the commit page is on the reader page checked if the
head page was the reader page, which would never happen, as the head page
is always in the ring buffer. The correct check would be to test if the
commit page is on the reader page. If that's the case, then it can exit
out early as the commit page is only on the reader page when there's only
one page of data in the buffer. There's no reason to iterate the ring
buffer pages to find the "commit page" as it is already found.
To trigger this bug:
# echo 1 > /sys/kernel/tracing/instances/boot_mapped/events/syscalls/sys_enter_fchownat/enable
# touch /tmp/x
# chown sshd /tmp/x
# reboot
On boot up, the dmesg will have:
Ring buffer meta [0] is from previous boot!
Ring buffer meta [1] is from previous boot!
Ring buffer meta [2] is from previous boot!
Ring buffer meta [3] is from previous boot!
Ring buffer meta [4] commit page not found
Ring buffer meta [5] is from previous boot!
Ring buffer meta [6] is from previous boot!
Ring buffer meta [7] is from previous boot!
Where the buffer on CPU 4 had a "commit page not found" error and that
buffer is cleared and reset causing the output to be empty and the data lost.
When it works correctly, it has:
# cat /sys/kernel/tracing/instances/boot_mapped/trace_pipe
<...>-1137 [004] ..... 998.205323: sys_enter_fchownat: __syscall_nr=0x104 (260) dfd=0xffffff9c (4294967196) filename=(0xffffc90000a0002c) user=0x3e8 (1000) group=0xffffffff (4294967295) flag=0x0 (0
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20250513115032.3e0b97f7@gandalf.local.home
Fixes: 5f3b6e839f ("ring-buffer: Validate boot range memory events")
Reported-by: Tasos Sahanidis <tasos@tasossah.com>
Tested-by: Tasos Sahanidis <tasos@tasossah.com>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 98 out of 394 changes, affecting 131 files +1443/-762
40bc55e4fc cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask() [1 file, +3/-3]
9701dcbf5f cgroup/cpuset: Fix error handling in remote_partition_disable() [1 file, +20/-9]
2dbd1b1660 cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in update_cpumasks_hier()" [1 file, +14/-25]
6b145f8b22 cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation [1 file, +33/-16]
1b06f00eda cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set [1 file, +19/-20]
cdb6e724e7 cgroup/cpuset: Fix race between newly created partition and dying one [4 files, +25/-4]
179ef2f810 gpiolib: of: Fix the choice for Ingenic NAND quirk [1 file, +2/-0]
cb8372e54f ublk: refactor recovery configuration flag helpers [1 file, +42/-20]
caa5c8a235 ublk: fix handling recovery & reissue in ublk_abort_queue() [1 file, +26/-4]
7c5957f790 tipc: fix memory leak in tipc_link_xmit [1 file, +1/-0]
4d55144b12 codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() [2 files, +3/-8]
b2f3c3d57a tc: Ensure we have enough buffer space when sending filter netlink notifications [1 file, +45/-21]
a065b99605 net: ethtool: Don't call .cleanup_data when prepare_data fails [1 file, +5/-3]
70449ca406 net_sched: sch_sfq: use a temporary work area for validating configuration [1 file, +44/-12]
f86293adce net_sched: sch_sfq: move the limit validation [1 file, +6/-4]
6d98cd6342 net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() [1 file, +13/-13]
a6ed6f8ec8 net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY [1 file, +29/-2]
cc16f7402a ipv6: Align behavior across nexthops during path selection [1 file, +4/-4]
c61feda373 perf/core: Add aux_pause, aux_resume, aux_start_paused [4 files, +110/-5]
7ef5aa081f perf/core: Simplify the perf_event_alloc() error path [2 files, +78/-76]
fa1827fa96 perf: Fix hang while freeing sigtrap event [2 files, +18/-47]
52535688c2 fs: consistently deref the files table with rcu_dereference_raw() [1 file, +17/-9]
67e85cfa95 umount: Allow superblock owners to force umount [1 file, +2/-1]
1b3ebfb15d perf: arm_pmu: Don't disable counter in armpmu_add() [1 file, +3/-5]
11ae4fec1f PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() [1 file, +3/-3]
ead1fc9f93 Flush console log from kernel_power_off() [3 files, +8/-3]
cb58e90920 arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD [1 file, +2/-0]
3c057a4904 media: uvcvideo: Add quirk for Actions UVC05 [1 file, +9/-0]
cb1c6cb110 ALSA: usb-audio: Fix CME quirk for UF series keyboards [1 file, +74/-6]
a6bf0fd322 net: page_pool: don't cast mp param to devmem [1 file, +1/-1]
c6e50cb8bf f2fs: don't retry IO for corrupted data scenario [1 file, +4/-0]
de94d0ca9e net: usb: asix_devices: add FiberGecko DeviceID [1 file, +17/-0]
7204335d19 page_pool: avoid infinite loop to schedule delayed worker [1 file, +7/-1]
ecc4613316 f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() [1 file, +8/-1]
5f815757e6 ext4: protect ext4_release_dquot against freezing [1 file, +17/-0]
aa39d45071 Revert "f2fs: rebuild nat_bits during umount" [3 files, +59/-95]
eb59cc31b6 ext4: ignore xattrs past end [1 file, +10/-1]
a8a8076210 cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk [3 files, +19/-0]
299d7d27af net: vlan: don't propagate flags on open [1 file, +4/-27]
40c70ff44b tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER [1 file, +3/-1]
6b7a32fa9b Bluetooth: hci_uart: fix race during initialization [1 file, +2/-1]
fe6f1f349d Bluetooth: hci_qca: use the power sequencer for wcn6750 [1 file, +1/-1]
feed98579d Bluetooth: qca: simplify WCN399x NVM loading [1 file, +6/-7]
035e1bffc0 Bluetooth: Add quirk for broken READ_VOICE_SETTING [3 files, +15/-0]
09246dfb5c Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE [2 files, +10/-1]
044c1b3528 drm: allow encoder mode_set even when connectors change for crtc [1 file, +1/-1]
df33b535f0 drm: panel-orientation-quirks: Add support for AYANEO 2S [1 file, +2/-2]
6fe4ed94ee drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB [1 file, +18/-0]
5dd6fdb889 drm: panel-orientation-quirks: Add quirk for AYA NEO Slide [1 file, +6/-0]
a64e097426 drm: panel-orientation-quirks: Add new quirk for GPD Win 2 [1 file, +6/-0]
ba5a998f84 drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) [1 file, +12/-0]
f04612890c drm/debugfs: fix printk format for bridge index [1 file, +1/-1]
b22cb42a5e drm/bridge: panel: forbid initializing a panel with unknown connector type [1 file, +4/-1]
1c38108a49 drivers: base: devres: Allow to release group on device release [1 file, +7/-0]
8feefd106a PCI: Enable Configuration RRS SV early [1 file, +5/-3]
73d2b96250 PCI: Check BAR index for validity [4 files, +57/-10]
9a6be23eb0 tracing: probe-events: Add comments about entry data storing code [1 file, +28/-0]
7b9bdd7059 erofs: set error to bio if file-backed IO fails [1 file, +2/-0]
806908d5d9 bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags [1 file, +44/-36]
dd3edffae8 ext4: don't treat fhandle lookup of ea_inode as FS corruption [1 file, +48/-20]
2ff58c5b26 arm64: cputype: Add MIDR_CORTEX_A76AE [1 file, +2/-0]
4af2858435 arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list [1 file, +1/-0]
3b0f2526c8 arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB [2 files, +102/-102]
20c105f587 arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list [1 file, +3/-0]
c322789613 KVM: arm64: Tear down vGIC on failed vCPU creation [1 file, +5/-1]
baea1762cd media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() [1 file, +2/-2]
0828d6e9ad io_uring/net: fix accept multishot handling [1 file, +2/-0]
b7c6d081c1 io_uring/net: fix io_req_post_cqe abuse by send bundle [3 files, +6/-2]
3e0356857e io_uring/kbuf: reject zero sized provided buffers [1 file, +2/-0]
16d9067f00 ext4: fix off-by-one error in do_split [1 file, +1/-1]
a1dde7457d f2fs: fix to avoid atomicity corruption of atomic file [2 files, +5/-3]
e6bba32857 i3c: Add NULL pointer check in i3c_master_queue_ibi() [1 file, +3/-0]
9eaec071f1 jbd2: remove wrong sb->s_sequence check [1 file, +0/-1]
eec737e17e arm64: mops: Do not dereference src reg for a set operation [1 file, +2/-2]
1dd288783d arm64: mm: Correct the update of max_pfn [1 file, +2/-1]
5f7f6abd92 net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. [2 files, +43/-2]
53dc6b00c0 mm/rmap: reject hugetlb folios in folio_make_device_exclusive() [1 file, +1/-1]
83b6b5061e mm: make page_mapped_in_vma() hugetlb walk aware [1 file, +9/-4]
6dd8d9440f mm: fix lazy mmu docs and usage [1 file, +8/-6]
2532df0a9b mm/mremap: correctly handle partial mremap() of VMA starting at 0 [1 file, +5/-5]
cc98577f91 mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock [1 file, +1/-1]
14936034de mm/userfaultfd: fix release hang over concurrent GUP [1 file, +25/-26]
65b259e3e0 mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper [3 files, +8/-4]
9e7c37fadb sctp: detect and prevent references to a freed transport in sendmsg [3 files, +18/-9]
474b3194c8 tracing: Do not add length to print format in synthetic events [1 file, +0/-1]
74f01c2ca8 dm-verity: fix prefetch-vs-suspend race [1 file, +8/-0]
fae0a8796c KVM: Allow building irqbypass.ko as as module when kvm.ko is a module [3 files, +7/-7]
dc83eccc93 of/irq: Fix device node refcount leakage in API of_irq_parse_one() [1 file, +27/-32]
3540164c75 of/irq: Fix device node refcount leakage in API of_irq_parse_raw() [1 file, +8/-0]
29cb94963c of/irq: Fix device node refcount leakages in of_irq_count() [1 file, +3/-1]
d0f25a9977 of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() [1 file, +5/-1]
712d84459a of/irq: Fix device node refcount leakages in of_irq_init() [1 file, +3/-0]
d69ad6e1a5 PCI: Fix reference leak in pci_alloc_child_bus() [1 file, +4/-1]
9707d0c932 PCI: Fix reference leak in pci_register_host_bridge() [1 file, +7/-2]
869202291a PCI: Fix wrong length of devres array [1 file, +1/-1]
92ca7270fe ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio() [1 file, +3/-2]
9ca4fe3574 arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists [1 file, +14/-1]
281782d2c6 Bluetooth: hci_uart: Fix another race during initialization [2 files, +15/-6]
Changes in 6.12.24
ASoC: Intel: adl: add 2xrt1316 audio configuration
cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask()
cgroup/cpuset: Fix error handling in remote_partition_disable()
cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in update_cpumasks_hier()"
cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call per operation
cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set
cgroup/cpuset: Fix race between newly created partition and dying one
gpiolib: of: Fix the choice for Ingenic NAND quirk
selftests/futex: futex_waitv wouldblock test should fail
ublk: refactor recovery configuration flag helpers
ublk: fix handling recovery & reissue in ublk_abort_queue()
drm/i915: Disable RPG during live selftest
x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI
drm/xe/hw_engine: define sysfs_ops on all directories
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
tipc: fix memory leak in tipc_link_xmit
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
net: tls: explicitly disallow disconnect
octeontx2-pf: qos: fix VF root node parent queue index
tc: Ensure we have enough buffer space when sending filter netlink notifications
net: ethtool: Don't call .cleanup_data when prepare_data fails
drm/tests: modeset: Fix drm_display_mode memory leak
drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
drm/tests: cmdline: Fix drm_display_mode memory leak
drm/tests: modes: Fix drm_display_mode memory leak
drm/tests: probe-helper: Fix drm_display_mode memory leak
net: libwx: handle page_pool_dev_alloc_pages error
ata: sata_sx4: Add error handling in pdc20621_i2c_read()
drm/i915/huc: Fix fence not released on early probe errors
nvmet-fcloop: swap list_add_tail arguments
net_sched: sch_sfq: use a temporary work area for validating configuration
net_sched: sch_sfq: move the limit validation
smb: client: fix UAF in decryption with multichannel
net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend()
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
ipv6: Align behavior across nexthops during path selection
net: ppp: Add bound checking for skb data on ppp_sync_txmung
nft_set_pipapo: fix incorrect avx2 match of 5th field octet
iommu/exynos: Fix suspend/resume with IDENTITY domain
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
perf/core: Add aux_pause, aux_resume, aux_start_paused
perf/core: Simplify the perf_event_alloc() error path
perf: Fix hang while freeing sigtrap event
fs: consistently deref the files table with rcu_dereference_raw()
umount: Allow superblock owners to force umount
pm: cpupower: bench: Prevent NULL dereference on malloc failure
x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW
x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2
x86/ia32: Leave NULL selector values 0~3 unchanged
x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
perf: arm_pmu: Don't disable counter in armpmu_add()
perf/dwc_pcie: fix some unreleased resources
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Flush console log from kernel_power_off()
arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
xen/mcelog: Add __nonstring annotations for unterminated strings
zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault
platform/chrome: cros_ec_lpc: Match on Framework ACPI device
ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
HID: pidff: Convert infinite length from Linux API to PID standard
HID: pidff: Do not send effect envelope if it's empty
HID: pidff: Add MISSING_DELAY quirk and its detection
HID: pidff: Add MISSING_PBO quirk and its detection
HID: pidff: Add PERMISSIVE_CONTROL quirk
HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol
HID: pidff: Add FIX_WHEEL_DIRECTION quirk
HID: Add hid-universal-pidff driver and supported device ids
HID: pidff: Add PERIODIC_SINE_ONLY quirk
HID: pidff: Fix null pointer dereference in pidff_find_fields
ASoC: amd: ps: use macro for ACP6.3 pci revision id
ALSA: hda: intel: Fix Optimus when GPU has no sound
ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
ASoC: fsl_audmix: register card device depends on 'dais' property
media: uvcvideo: Add quirk for Actions UVC05
media: s5p-mfc: Corrected NV12M/NV21M plane-sizes
mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
ALSA: usb-audio: Fix CME quirk for UF series keyboards
ASoC: amd: Add DMI quirk for ACP6X mic support
ASoC: amd: yc: update quirk data for new Lenovo model
platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig
wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues
wifi: ath11k: fix memory leak in ath11k_xxx_remove()
wifi: ath12k: fix memory leak in ath12k_pci_remove()
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
ata: libata-core: Add 'external' to the libata.force kernel parameter
scsi: mpi3mr: Avoid reply queue full condition
scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
net: page_pool: don't cast mp param to devmem
f2fs: don't retry IO for corrupted data scenario
wifi: mac80211: add strict mode disabling workarounds
wifi: mac80211: ensure sdata->work is canceled before initialized.
scsi: target: spc: Fix RSOC parameter data header size
net: usb: asix_devices: add FiberGecko DeviceID
page_pool: avoid infinite loop to schedule delayed worker
can: flexcan: Add quirk to handle separate interrupt lines for mailboxes
can: flexcan: add NXP S32G2/S32G3 SoC support
jfs: Fix uninit-value access of imap allocated in the diMount() function
fs/jfs: cast inactags to s64 to prevent potential overflow
fs/jfs: Prevent integer overflow in AG size calculation
jfs: Prevent copying of nlink with value 0 from disk inode
jfs: add sanity check for agwidth in dbMount
ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
net: sfp: add quirk for 2.5G OEM BX SFP
wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module
ahci: add PCI ID for Marvell 88SE9215 SATA Controller
ext4: protect ext4_release_dquot against freezing
Revert "f2fs: rebuild nat_bits during umount"
ext4: ignore xattrs past end
cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
scsi: st: Fix array overflow in st_setup()
ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI
btrfs: harden block_group::bg_list against list_del() races
wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
net: vlan: don't propagate flags on open
tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
Bluetooth: btintel_pcie: Add device id of Whale Peak
Bluetooth: hci_uart: fix race during initialization
Bluetooth: btusb: Add 2 HWIDs for MT7922
Bluetooth: hci_qca: use the power sequencer for wcn6750
Bluetooth: qca: simplify WCN399x NVM loading
Bluetooth: Add quirk for broken READ_VOICE_SETTING
Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE
drm: allow encoder mode_set even when connectors change for crtc
drm/xe/bmg: Add new PCI IDs
drm/xe/vf: Don't try to trigger a full GT reset if VF
drm/amd/display: Update Cursor request mode to the beginning prefetch always
drm/amdgpu: Unlocked unmap only clear page table leaves
drm: panel-orientation-quirks: Add support for AYANEO 2S
drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
drm: panel-orientation-quirks: Add new quirk for GPD Win 2
drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
drm/debugfs: fix printk format for bridge index
drm/bridge: panel: forbid initializing a panel with unknown connector type
drm/amd/display: stop DML2 from removing pipes based on planes
drivers: base: devres: Allow to release group on device release
drm/amdkfd: clamp queue size to minimum
drm/amdkfd: Fix mode1 reset crash issue
drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
drm/amdkfd: debugfs hang_hws skip GPU with MES
drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds
drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
PCI: Add Rockchip Vendor ID
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
PCI: Enable Configuration RRS SV early
drm/amdgpu: Fix the race condition for draining retry fault
PCI: Check BAR index for validity
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
drm/amdgpu: grab an additional reference on the gang fence v2
fbdev: omapfb: Add 'plane' value check
tracing: probe-events: Add comments about entry data storing code
ktest: Fix Test Failures Due to Missing LOG_FILE Directories
tpm, tpm_tis: Workaround failed command reception on Infineon devices
tpm: End any active auth session before shutdown
pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
pwm: rcar: Improve register calculation
pwm: fsl-ftm: Handle clk_get_rate() returning 0
erofs: set error to bio if file-backed IO fails
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
ext4: don't treat fhandle lookup of ea_inode as FS corruption
s390/pci: Fix s390_mmio_read/write syscall page fault handling
HID: pidff: Clamp PERIODIC effect period to device's logical range
HID: pidff: Stop all effects before enabling actuators
HID: pidff: Completely rework and fix pidff_reset function
HID: pidff: Simplify pidff_upload_effect function
HID: pidff: Define values used in pidff_find_special_fields
HID: pidff: Rescale time values to match field units
HID: pidff: Factor out code for setting gain
HID: pidff: Move all hid-pidff definitions to a dedicated header
HID: pidff: Simplify pidff_rescale_signed
HID: pidff: Use macros instead of hardcoded min/max values for shorts
HID: pidff: Factor out pool report fetch and remove excess declaration
HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
HID: hid-universal-pidff: Add Asetek wheelbases support
HID: pidff: Comment and code style update
HID: pidff: Support device error response from PID_BLOCK_LOAD
HID: pidff: Remove redundant call to pidff_find_special_keys
HID: pidff: Rename two functions to align them with naming convention
HID: pidff: Clamp effect playback LOOP_COUNT value
HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff
HID: pidff: Fix 90 degrees direction name North -> East
HID: pidff: Fix set_device_control()
auxdisplay: hd44780: Fix an API misuse in hd44780.c
dt-bindings: media: st,stmipid02: correct lane-polarities maxItems
media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
media: uapi: rkisp1-config: Fix typo in extensible params example
media: mgb4: Fix CMT registers update logic
media: i2c: adv748x: Fix test pattern selection mask
media: mgb4: Fix switched CMT frequency range "magic values" sets
media: intel/ipu6: set the dev_parent of video device to pdev
media: venus: hfi: add a check to handle OOB in sfr region
media: venus: hfi: add check to handle incorrect queue size
media: vim2m: print device name after registering device
media: siano: Fix error handling in smsdvb_module_init()
media: rockchip: rga: fix rga offset lookup
xenfs/xensyms: respect hypervisor's "next" indication
arm64: cputype: Add MIDR_CORTEX_A76AE
arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
KVM: arm64: Tear down vGIC on failed vCPU creation
spi: cadence-qspi: Fix probe on AM62A LP SK
mtd: rawnand: brcmnand: fix PM resume warning
tpm, tpm_tis: Fix timeout handling when waiting for TPM status
accel/ivpu: Fix PM related deadlocks in MS IOCTLs
media: streamzap: prevent processing IR data on URB failure
media: hi556: Fix memory leak (on error) in hi556_check_hwcfg()
media: visl: Fix ERANGE error when setting enum controls
media: platform: stm32: Add check for clk_enable()
media: imx219: Adjust PLL settings based on the number of MIPI lanes
media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
Revert "media: imx214: Fix the error handling in imx214_probe()"
media: i2c: ccs: Set the device's runtime PM status correctly in remove
media: i2c: ccs: Set the device's runtime PM status correctly in probe
media: i2c: ov7251: Set enable GPIO low in probe
media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
media: nuvoton: Fix reference handling of ece_node
media: nuvoton: Fix reference handling of ece_pdev
media: venus: hfi_parser: add check to avoid out of bound access
media: venus: hfi_parser: refactor hfi packet parsing logic
media: i2c: imx319: Rectify runtime PM handling probe and remove
media: i2c: imx219: Rectify runtime PM handling in probe and remove
media: i2c: imx214: Rectify probe error handling related to runtime PM
media: chips-media: wave5: Fix gray color on screen
media: chips-media: wave5: Avoid race condition in the interrupt handler
media: chips-media: wave5: Fix a hang after seeking
media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster
mptcp: sockopt: fix getting IPV6_V6ONLY
mptcp: sockopt: fix getting freebind & transparent
mtd: Add check for devm_kcalloc()
net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
mtd: Replace kcalloc() with devm_kcalloc()
clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
wifi: mt76: Add check for devm_kstrdup()
wifi: mac80211: fix integer overflow in hwmp_route_info_get()
wifi: mt76: mt7925: ensure wow pattern command align fw format
wifi: mt76: mt7925: fix country count limitation for CLC
wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present
wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO
io_uring/net: fix accept multishot handling
io_uring/net: fix io_req_post_cqe abuse by send bundle
io_uring/kbuf: reject zero sized provided buffers
ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()
ASoC: q6apm: add q6apm_get_hw_pointer helper
ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs
ASoC: q6apm-dai: make use of q6apm_get_hw_pointer
ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx
accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal()
accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
bus: mhi: host: Fix race between unprepare and queue_buf
ext4: fix off-by-one error in do_split
f2fs: fix to avoid atomicity corruption of atomic file
vdpa/mlx5: Fix oversized null mkey longer than 32bit
udf: Fix inode_getblk() return value
tpm: do not start chip while suspended
svcrdma: do not unregister device for listeners
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
smb311 client: fix missing tcon check when mounting with linux/posix extensions
ima: limit the number of open-writers integrity violations
ima: limit the number of ToMToU integrity violations
i3c: master: svc: Use readsb helper for reading MDB
i3c: Add NULL pointer check in i3c_master_queue_ibi()
jbd2: remove wrong sb->s_sequence check
kbuild: exclude .rodata.(cst|str)* when building ranges
leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs
mfd: ene-kb3930: Fix a potential NULL pointer dereference
mailbox: tegra-hsp: Define dimensioning masks in SoC data
locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
mptcp: fix NULL pointer in can_accept_new_subflow
mptcp: only inc MPJoinAckHMacFailure for HMAC failures
mtd: inftlcore: Add error check for inftl_read_oob()
mtd: rawnand: Add status chack in r852_ready()
arm64: mops: Do not dereference src reg for a set operation
arm64: tegra: Remove the Orin NX/Nano suspend key
arm64: mm: Correct the update of max_pfn
arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
arm64: dts: exynos: gs101: disable pinctrl_gsacore node
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
btrfs: tests: fix chunk map leak after failure to add it to the tree
btrfs: zoned: fix zone activation with missing devices
btrfs: zoned: fix zone finishing with missing devices
iommufd: Fix uninitialized rc in iommufd_access_rw()
iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()
iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled
iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes
iommu/vt-d: Fix possible circular locking dependency
iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs
sparc/mm: disable preemption in lazy mmu mode
sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
mm/damon/ops: have damon_get_folio return folio even for tail pages
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
mm: make page_mapped_in_vma() hugetlb walk aware
mm: fix lazy mmu docs and usage
mm/mremap: correctly handle partial mremap() of VMA starting at 0
mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
mm/userfaultfd: fix release hang over concurrent GUP
mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
mm/hugetlb: move hugetlb_sysctl_init() to the __init section
mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper
sctp: detect and prevent references to a freed transport in sendmsg
x86/xen: fix balloon target initialization for PVH dom0
tracing: fprobe events: Fix possible UAF on modules
tracing: Do not add length to print format in synthetic events
thermal/drivers/rockchip: Add missing rk3328 mapping entry
CIFS: Propagate min offload along with other parameters from primary to secondary channels.
cifs: avoid NULL pointer dereference in dbg call
cifs: fix integer overflow in match_server()
cifs: Ensure that all non-client-specific reparse points are processed by the server
clk: renesas: r9a07g043: Fix HP clock source for RZ/Five
clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks
clk: qcom: gdsc: Release pm subdomains in reverse add order
clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
crypto: ccp - Fix check for the primary ASP device
crypto: ccp - Fix uAPI definitions of PSP errors
dlm: fix error if inactive rsb is not hashed
dlm: fix error if active rsb is not hashed
dm-ebs: fix prefetch-vs-suspend race
dm-integrity: set ti->error on memory allocation failure
dm-integrity: fix non-constant-time tag verification
dm-verity: fix prefetch-vs-suspend race
dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'
dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg'
ftrace: Add cond_resched() to ftrace_graph_set_hash()
ftrace: Properly merge notrace hashes
gpio: tegra186: fix resource handling in ACPI probe path
gpio: zynq: Fix wakeup source leaks on device unbind
gve: handle overflow when reporting TX consumed descriptors
KVM: Allow building irqbypass.ko as as module when kvm.ko is a module
KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests
KVM: x86: Explicitly zero-initialize on-stack CPUID unions
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
landlock: Move code to ease future backports
landlock: Add the errata interface
landlock: Add erratum for TCP fix
landlock: Always allow signals between threads of the same process
landlock: Prepare to add second errata
selftests/landlock: Split signal_scoping_threads tests
selftests/landlock: Add a new test for setuid()
misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
net: mana: Switch to page pool for jumbo frames
ntb: use 64-bit arithmetic for the MSI doorbell mask
of/irq: Fix device node refcount leakage in API of_irq_parse_one()
of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
of/irq: Fix device node refcount leakages in of_irq_count()
of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
of/irq: Fix device node refcount leakages in of_irq_init()
PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4
PCI: pciehp: Avoid unnecessary device replacement check
PCI: Fix reference leak in pci_alloc_child_bus()
PCI: Fix reference leak in pci_register_host_bridge()
PCI: Fix wrong length of devres array
phy: freescale: imx8m-pcie: assert phy reset and perst in power off
pinctrl: qcom: Clear latched interrupt status when changing IRQ type
pinctrl: samsung: add support for eint_fltcon_offset
ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio()
s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs
s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues
s390: Fix linker error when -no-pie option is unavailable
sched_ext: create_dsq: Return -EEXIST on duplicate request
selftests: mptcp: close fd_in before returning in main_loop
selftests: mptcp: fix incorrect fd checks in main_loop
thermal/drivers/mediatek/lvts: Disable monitor mode during suspend
thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
iommufd: Make attach_handle generic than fault specific
iommufd: Fail replace if device has not been attached
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
NFSD: fix decoding in nfs4_xdr_dec_cb_getattr
NFSD: Fix CB_GETATTR status fix
nfsd: don't ignore the return code of svc_proc_register()
x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
libbpf: Prevent compiler warnings/errors
kbuild: Add '-fno-builtin-wcslen'
media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline
Bluetooth: hci_uart: Fix another race during initialization
s390/cpumf: Fix double free on error in cpumf_pmu_event_init()
HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
Linux 6.12.24
Change-Id: I272e8aac67399f2eb57ca25e05cded24172d2d76
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 76 out of 226 changes, affecting 86 files +761/-318
aa879ef6d3 HID: multitouch: Add NULL check in mt_input_configured [1 file, +4/-1]
ba6ab3f04d pinctrl: pinconf-generic: Print unsigned value if a format is registered [1 file, +4/-4]
36fd8f1c73 HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context [1 file, +1/-1]
889e6b42a4 net: fib_rules: annotate data-races around rule->[io]ifindex [1 file, +13/-11]
18e77fccfc ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() [1 file, +1/-1]
022cac1c69 vrf: use RCU protection in l3mdev_l3_out() [1 file, +2/-0]
e7c16028a4 workqueue: Put the pwq after detaching the rescuer from the pool [1 file, +6/-6]
715eb1af64 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array [1 file, +7/-5]
c3e39d6acb cgroup: Remove steal time from usage_usec [1 file, +0/-1]
9d32212b99 io_uring/waitid: don't abuse io_tw_state [1 file, +2/-2]
98d6ee3e30 io_uring/uring_cmd: remove dead req_has_async_data() check [1 file, +0/-3]
9e6d70a910 block: cleanup and fix batch completion adding conditions [1 file, +14/-4]
a7052afa9e gpiolib: Fix crash on error in gpiochip_get_ngpios() [1 file, +3/-3]
1b259a5df5 media: uvcvideo: Implement dual stream quirk to fix loss of usb packets [2 files, +27/-1]
7706d1edb9 media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera [1 file, +9/-0]
24407a7584 media: uvcvideo: Add Kurokesu C1 PRO camera [1 file, +9/-0]
2290d3bd96 PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P [1 file, +1/-0]
551df35e4f PCI: switchtec: Add Microchip PCI100X device IDs [2 files, +37/-0]
88a01e9c9a scsi: ufs: bsg: Set bsg_queue to NULL after removal [1 file, +1/-0]
c58e0d2d04 serial: 8250_pci: Resolve WCH vendor ID ambiguity [1 file, +41/-41]
14a2a8ec50 kunit: platform: Resolve 'struct completion' warning [1 file, +1/-0]
abb99f28b4 ring-buffer: Unlock resize on mmap error [1 file, +1/-0]
e8dff5f739 tracing: Do not allow mmap() of persistent ring buffer [1 file, +4/-0]
3ec743d558 ring-buffer: Validate the persistent meta data subbuf array [1 file, +20/-2]
9f837ea922 ring-buffer: Update pages_touched to reflect persistent buffer content [1 file, +5/-0]
a5852836e5 usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries [1 file, +9/-0]
5fead36e09 usb: dwc3: Fix timeout issue during controller enter/exit from halt state [1 file, +34/-0]
69f27580e8 usb: roles: set switch registered flag early on [1 file, +3/-2]
f3b755022f usb: xhci: Restore xhci_pci support for Renesas HCs [1 file, +4/-3]
9c91296e2d USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI [1 file, +9/-0]
847fff8e20 usb: core: fix pipe creation for get_bMaxPacketSize0 [1 file, +1/-2]
6c4fce1b16 USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist [1 file, +3/-0]
f4e1cebbfa USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone [1 file, +3/-0]
6b16761a92 usb: gadget: f_midi: fix MIDI Streaming descriptor lengths [1 file, +4/-4]
62d8f4c545 USB: hub: Ignore non-compliant devices with too many configs or interfaces [1 file, +11/-0]
165fac6ceb USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk [1 file, +6/-3]
f64079bef6 usb: cdc-acm: Check control transfer buffer size before access [1 file, +14/-3]
a5b205ceef usb: cdc-acm: Fix handling of oversized fragments [1 file, +1/-1]
f894448f39 usb: gadget: core: flush gadget workqueue after device removal [1 file, +1/-1]
ce526e1b29 PCI: Avoid FLR for Mediatek MT7922 WiFi [1 file, +2/-1]
3ed642e80c efi: Avoid cold plugged memory for placing the kernel [4 files, +11/-2]
edd4084445 cgroup: fix race between fork and cgroup.kill [3 files, +16/-11]
29c04864fb serial: port: Assign ->iotype correctly when ->iobase is set [1 file, +2/-1]
010eb5fe22 serial: port: Always update ->iotype in __uart_read_properties() [1 file, +1/-1]
eeb64f9637 regmap-irq: Add missing kfree() [1 file, +2/-0]
9a1c65ff5e include: net: add static inline dst_dev_overhead() to dst.h [1 file, +9/-0]
ebf0ac02e2 clocksource: Use pr_info() for "Checking clocksource synchronization" message [1 file, +2/-1]
cc3d79e7c8 clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context [1 file, +4/-2]
f7015dcac2 scsi: ufs: core: Introduce ufshcd_has_pending_tasks() [1 file, +9/-4]
9ece41a0d7 scsi: ufs: core: Prepare to introduce a new clock_gating lock [1 file, +7/-4]
f453c45152 scsi: ufs: core: Introduce a new clock_gating lock [2 files, +59/-59]
7d46869aa7 scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed [1 file, +1/-1]
cb4d7fbc93 ipv4: add RCU protection to ip4_dst_hoplimit() [1 file, +7/-2]
dfe542e745 ipv4: use RCU protection in ip_dst_mtu_maybe_forward() [1 file, +10/-3]
ec9af76451 net: add dev_net_rcu() helper [2 files, +7/-1]
f4ba5e65c9 ipv4: use RCU protection in ipv4_default_advmss() [1 file, +8/-3]
77096420be ipv4: use RCU protection in rt_is_expired() [1 file, +7/-1]
ad66c7c4d8 ipv4: use RCU protection in inet_select_addr() [1 file, +2/-1]
7f5005457b net: ipv4: Cache pmtu for all packet paths if multipath enabled [2 files, +108/-17]
4583748b65 ipv4: use RCU protection in __ip_rt_update_pmtu() [1 file, +6/-5]
3c925321a5 ipv4: icmp: convert to dev_net_rcu() [1 file, +17/-14]
a575827791 flow_dissector: use RCU protection to fetch dev_net() [1 file, +11/-10]
713a40c892 ipv6: use RCU protection in ip6_default_advmss() [1 file, +6/-1]
653bb5225c ipv6: icmp: convert to dev_net_rcu() [1 file, +23/-19]
2152b417be HID: hid-steam: Make sure rumble work is canceled on removal [1 file, +1/-0]
3e38cbbfa0 HID: hid-steam: Move hidraw input (un)registering to work [1 file, +31/-7]
bbec88e410 ndisc: use RCU protection in ndisc_alloc_skb() [1 file, +4/-6]
cdd5c2a12d neighbour: use RCU protection in __neigh_notify() [1 file, +6/-2]
01d1b5c9ab arp: use RCU protection in arp_xmit() [1 file, +3/-1]
789230e5a8 ndisc: extend RCU protection in ndisc_send_skb() [1 file, +8/-4]
0bf8e2f376 ipv6: mcast: extend RCU protection in igmp6_send() [1 file, +15/-16]
25195f9d5f ipv6: mcast: add RCU protection to mld_newpack() [1 file, +10/-4]
13129b1fbf scsi: ufs: core: Ensure clk_gating.lock is used only after initialization [1 file, +6/-2]
7d0dc28dae io_uring/kbuf: reallocate buf lists on upgrade [1 file, +11/-4]
645ce25aa0 vsock: Keep the binding until socket destruction [1 file, +6/-2]
3a866f8376 vsock: Orphan socket after transport release [1 file, +7/-1]
Changes in 6.12.16
nfsd: clear acl_access/acl_default after releasing them
NFSD: fix hang in nfsd4_shutdown_callback
nfsd: validate the nfsd_serv pointer before calling svc_wake_up
x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
pinctrl: cy8c95x0: Avoid accessing reserved registers
pinctrl: cy8c95x0: Enable regmap locking for debug
pinctrl: cy8c95x0: Rename PWMSEL to SELPWM
pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
HID: winwing: Add NULL check in winwing_init_led()
HID: multitouch: Add NULL check in mt_input_configured
scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1
pinctrl: pinconf-generic: Print unsigned value if a format is registered
HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context
spi: sn-f-ospi: Fix division by zero
ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
net: fib_rules: annotate data-races around rule->[io]ifindex
Documentation/networking: fix basic node example document ISO 15765-2
ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
vrf: use RCU protection in l3mdev_l3_out()
idpf: fix handling rsc packet with a single segment
idpf: record rx queue in skb for RSC packets
idpf: call set_real_num_queues in idpf_open
igc: Fix HW RX timestamp when passed by ZC XDP
vxlan: check vxlan_vnigroup_init() return value
LoongArch: Fix idle VS timer enqueue
LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
LoongArch: KVM: Fix typo issue about GCFG feature detection
net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases
net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case
Bluetooth: btintel_pcie: Fix a potential race condition
team: better TEAM_OPTION_TYPE_STRING validation
workqueue: Put the pwq after detaching the rescuer from the pool
sched_ext: Fix lock imbalance in dispatch_to_local_dsq()
drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
gpu: host1x: Fix a use of uninitialized mutex
cgroup: Remove steal time from usage_usec
perf/x86/intel: Clean up PEBS-via-PT on hybrid
drm/xe/client: bo->client does not need bos_lock
drm/i915/selftests: avoid using uninitialized context
gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
gpio: bcm-kona: Add missing newline to dev_err format string
io_uring/waitid: don't abuse io_tw_state
io_uring/uring_cmd: remove dead req_has_async_data() check
amdkfd: properly free gang_ctx_bo when failed to init user queue
drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
drm: Fix DSC BPP increment decoding
xen/swiotlb: relax alignment requirements
x86/xen: allow larger contiguous memory regions in PV guests
block: cleanup and fix batch completion adding conditions
sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h.
sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx
gpiolib: Fix crash on error in gpiochip_get_ngpios()
iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path
tools: fix annoying "mkdir -p ..." logs when building tools in parallel
RDMA/efa: Reset device on probe failure
firmware: qcom: scm: smc: Handle missing SCM device
fbdev: omap: use threaded IRQ for LCD DMA
soc/tegra: fuse: Update Tegra234 nvmem keepout list
i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming
i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus
media: cxd2841er: fix 64-bit division on gcc-9
media: i2c: ds90ub913: Add error handling to ub913_hw_init()
media: i2c: ds90ub953: Add error handling for i2c reads/writes
media: bcm2835-unicam: Disable trigger mode operation
media: uvcvideo: Implement dual stream quirk to fix loss of usb packets
media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera
media: uvcvideo: Add Kurokesu C1 PRO camera
media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
PCI: switchtec: Add Microchip PCI100X device IDs
scsi: ufs: bsg: Set bsg_queue to NULL after removal
rtla/timerlat_hist: Abort event processing on second signal
rtla/timerlat_top: Abort event processing on second signal
serial: 8250_pci: Resolve WCH vendor ID ambiguity
serial: 8250_pci: Share WCH IDs with parport_serial driver
8250: microchip: pci1xxxx: Add workaround for RTS bit toggle
kunit: platform: Resolve 'struct completion' warning
vfio/pci: Enable iowrite64 and ioread64 for vfio pci
NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem
vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM
fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode()
Grab mm lock before grabbing pt lock
selftests: gpio: gpio-sim: Fix missing chip disablements
ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V
x86/mm/tlb: Only trim the mm_cpumask once a second
orangefs: fix a oob in orangefs_debug_write
kbuild: suppress stdout from merge_config for silent builds
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
kbuild: Use -fzero-init-padding-bits=all
batman-adv: fix panic during interface removal
batman-adv: Ignore neighbor throughput metrics in error case
batman-adv: Drop unmanaged ELP metric worker
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
KVM: nSVM: Enter guest mode before initializing nested NPT MMU
perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF
perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
ring-buffer: Unlock resize on mmap error
tracing: Do not allow mmap() of persistent ring buffer
ring-buffer: Validate the persistent meta data subbuf array
ring-buffer: Update pages_touched to reflect persistent buffer content
usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries
usb: dwc3: Fix timeout issue during controller enter/exit from halt state
usb: roles: set switch registered flag early on
usb: gadget: udc: renesas_usb3: Fix compiler warning
usb: dwc2: gadget: remove of_node reference upon udc_stop
usb: xhci: Restore xhci_pci support for Renesas HCs
USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
usb: core: fix pipe creation for get_bMaxPacketSize0
USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
USB: hub: Ignore non-compliant devices with too many configs or interfaces
USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
usb: cdc-acm: Check control transfer buffer size before access
usb: cdc-acm: Fix handling of oversized fragments
usb: gadget: core: flush gadget workqueue after device removal
USB: serial: option: add MeiG Smart SLM828
USB: serial: option: add Telit Cinterion FN990B compositions
USB: serial: option: fix Telit Cinterion FN990A name
USB: serial: option: drop MeiG Smart defines
can: ctucanfd: handle skb allocation failure
can: c_can: fix unbalanced runtime PM disable in error path
can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero
can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
can: etas_es58x: fix potential NULL pointer dereference on udev->serial
alpha: make stack 16-byte aligned (most cases)
wifi: ath12k: fix handling of 6 GHz rules
PCI: Avoid FLR for Mediatek MT7922 WiFi
kbuild: userprogs: fix bitsize and target detection on clang
efi: Avoid cold plugged memory for placing the kernel
arm64: rust: clean Rust 1.85.0 warning using softfloat target
objtool/rust: add one more `noreturn` Rust function
rust: rbtree: fix overindented list item
cgroup: fix race between fork and cgroup.kill
serial: port: Assign ->iotype correctly when ->iobase is set
serial: port: Always update ->iotype in __uart_read_properties()
serial: 8250: Fix fifo underflow on flush
alpha: replace hardcoded stack offsets with autogenerated ones
alpha: align stack for page fault and user unaligned trap handlers
s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn()
s390/pci: Fix handling of isolated VFs
gpiolib: acpi: Add a quirk for Acer Nitro ANV14
gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock
partitions: mac: fix handling of bogus partition table
sched_ext: Fix incorrect autogroup migration detection
regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
iommu: Fix potential memory leak in iopf_queue_remove_device()
regmap-irq: Add missing kfree()
arm64: Handle .ARM.attributes section in linker scripts
mmc: mtk-sd: Fix register settings for hs400(es) mode
igc: Set buffer type for empty frames in igc_init_empty_frame
cifs: pick channels for individual subrequests
mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
btrfs: fix hole expansion when writing at an offset beyond EOF
include: net: add static inline dst_dev_overhead() to dst.h
net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue
net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
clocksource: Use pr_info() for "Checking clocksource synchronization" message
clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
scsi: ufs: core: Introduce ufshcd_has_pending_tasks()
scsi: ufs: core: Prepare to introduce a new clock_gating lock
scsi: ufs: core: Introduce a new clock_gating lock
scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed
rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags
cpufreq/amd-pstate: Call cppc_set_epp_perf in the reenable function
cpufreq/amd-pstate: Align offline flow of shared memory and MSR based systems
cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline()
cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions
cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline()
cpufreq/amd-pstate: convert mutex use to guard()
cpufreq/amd-pstate: Fix cpufreq_policy ref counting
ipv4: add RCU protection to ip4_dst_hoplimit()
ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
net: add dev_net_rcu() helper
ipv4: use RCU protection in ipv4_default_advmss()
ipv4: use RCU protection in rt_is_expired()
ipv4: use RCU protection in inet_select_addr()
net: ipv4: Cache pmtu for all packet paths if multipath enabled
ipv4: use RCU protection in __ip_rt_update_pmtu()
ipv4: icmp: convert to dev_net_rcu()
flow_dissector: use RCU protection to fetch dev_net()
ipv6: use RCU protection in ip6_default_advmss()
ipv6: icmp: convert to dev_net_rcu()
HID: hid-steam: Make sure rumble work is canceled on removal
HID: hid-steam: Move hidraw input (un)registering to work
ndisc: use RCU protection in ndisc_alloc_skb()
neighbour: use RCU protection in __neigh_notify()
arp: use RCU protection in arp_xmit()
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
ndisc: extend RCU protection in ndisc_send_skb()
ipv6: mcast: extend RCU protection in igmp6_send()
btrfs: rename __get_extent_map() and pass btrfs_inode
btrfs: fix stale page cache after race between readahead and direct IO write
ipv6: mcast: add RCU protection to mld_newpack()
drm/tidss: Fix issue in irq handling causing irq-flood issue
drm/tidss: Fix race condition while handling interrupt registers
drm/tidss: Clear the interrupt status for interrupts being disabled
drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
drm/rcar-du: dsi: Fix PHY lock bit check
drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt
drm/msm/dpu1: don't choke on disabling the writeback connector
drm/v3d: Stop active perfmon if it is being destroyed
drm/xe/tracing: Fix a potential TP_printk UAF
drm: renesas: rz-du: Increase supported resolutions
netdevsim: print human readable IP address
selftests: rtnetlink: update netdevsim ipsec output format
x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
bpf: handle implicit declaration of function gettid in bpf_iter.c
selftests/bpf: Fix uprobe consumer test
wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits
net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
scsi: ufs: core: Ensure clk_gating.lock is used only after initialization
io_uring/kbuf: reallocate buf lists on upgrade
vsock: Keep the binding until socket destruction
vsock: Orphan socket after transport release
Revert "vfio/platform: check the bounds of read/write syscalls"
Linux 6.12.16
Change-Id: I84e354ffa6aeb0323a95046630310c3d2185a069
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 75 out of 419 changes, affecting 91 files +700/-304
38a1aa02b9 exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case [2 files, +29/-4]
e5ff8d825d sched: Don't try to catch up excess steal time. [1 file, +4/-2]
404e5fd918 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX [1 file, +1/-1]
b006aadf72 drm/connector: add mutex to protect ELD from concurrent access [3 files, +11/-1]
22a1a75818 ring-buffer: Make reading page consistent with the code logic [1 file, +3/-1]
5c2b1d9386 tun: fix group permission check [1 file, +9/-5]
f4b8bac3cf mmc: core: Respect quirk_max_rate for non-UHS SDIO card [1 file, +2/-0]
e557b15ea2 HID: multitouch: Add quirk for Hantick 5288 touchpad [1 file, +5/-0]
adcb8ce68d HID: Wacom: Add PCI Wacom device support [1 file, +5/-0]
ebb90f23f0 Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync [1 file, +11/-1]
c257c15845 tipc: re-order conditions in tipc_crypto_key_rcv() [1 file, +2/-2]
90778f31ef ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback [1 file, +28/-4]
33a4a9f54a Input: allocate keycode for phone linking [1 file, +1/-0]
57e07d10b3 sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue [1 file, +19/-0]
bc85817e6b nvme: handle connectivity loss in nvme_set_queue_count [1 file, +7/-1]
5eba53a9ea nvme: make nvme_tls_attrs_group static [1 file, +1/-1]
83ebf741aa udp: gso: do not drop small packets when PMTU reduces [3 files, +30/-4]
3139a7024e ethtool: rss: fix hiding unsupported fields in dumps [1 file, +2/-1]
e40cb34b7f pfifo_tail_enqueue: Drop new packet when sch->limit == 0 [1 file, +3/-0]
6312555249 netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() [1 file, +1/-1]
e36364d5d4 tun: revert fix group permission check [1 file, +5/-9]
181b23ca2e net: sched: Fix truncation of offloaded action statistics [1 file, +1/-1]
ac7b5f3e4d drm/client: Handle tiled displays better [1 file, +9/-0]
f735c9d4dc fs/proc: do_task_stat: Fix ESP not readable during coredump [1 file, +1/-1]
5a6520493c arm64/kvm: Configure HYP TCR.PS/DS based on host stage1 [1 file, +4/-4]
c66e5205fd arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() [2 files, +10/-13]
e5251ae5d3 arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled [3 files, +11/-7]
de3ffeb212 KVM: arm64: timer: Always evaluate the need for a soft timer [1 file, +1/-3]
f2f805ada6 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() [1 file, +9/-0]
691218a50c Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc [1 file, +2/-1]
ddfc234761 Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection [1 file, +2/-2]
5a262628f4 seccomp: passthrough uretprobe systemcall without filtering [1 file, +12/-0]
2ce09aabe0 blk-cgroup: Fix class @block_class's subsystem refcount leakage [1 file, +1/-0]
ae959ab075 scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions [1 file, +2/-2]
45ad3c7d62 of: Correct child specifier used as input of the 2nd nexus node [1 file, +1/-1]
e62c630810 of: address: Fix empty resource handling in __of_address_resource_bounds() [1 file, +5/-7]
4e4b3d4926 of: Fix of_find_node_opts_by_path() handling of alias+path+options [1 file, +3/-3]
5b91440ebe of: reserved-memory: Fix using wrong number of cells to get property 'alignment' [1 file, +2/-2]
ed0ad04c68 ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() [1 file, +7/-2]
d0b81ea5a5 dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit() [1 file, +3/-11]
68a25ceb11 dm-crypt: track tag_offset in convert_context [1 file, +7/-6]
68f16d3034 block: don't revert iter for -EIOCBQUEUED [1 file, +3/-2]
0a14a2b841 Revert "media: uvcvideo: Require entities to have a non-zero unique ID" [1 file, +27/-43]
3d17a4bbf2 PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() [1 file, +1/-0]
36786d1a45 PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() [1 file, +15/-13]
b5cacfd067 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() [1 file, +21/-1]
9fbac83100 nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk [1 file, +2/-1]
2c4cda456e nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk [1 file, +1/-0]
0c77c0d754 scsi: ufs: core: Fix use-after free in init error and remove paths [4 files, +30/-32]
8db25d4c4a scsi: core: Do not retry I/Os during depopulation [1 file, +7/-2]
c287f18f64 rv: Reset per-task monitors also for idle tasks [1 file, +4/-0]
e456a88bdd hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING [2 files, +83/-21]
2a54e8f118 kfence: skip __GFP_THISNODE allocations on NUMA systems [1 file, +2/-0]
b64b773087 soc: qcom: smem_state: fix missing of_node_put in error path [1 file, +2/-1]
5100391aca media: mc: fix endpoint iteration [1 file, +1/-1]
d2eac8b14a media: uvcvideo: Fix crash during unbind if gpio unit is in use [2 files, +22/-7]
4f534dd576 media: uvcvideo: Fix event flags in uvc_ctrl_send_events [1 file, +2/-2]
ac7737ed9a media: uvcvideo: Support partial control reads [1 file, +21/-0]
34fb9eb31d media: uvcvideo: Only save async fh if success [1 file, +11/-7]
e8a650dbc7 media: uvcvideo: Remove redundant NULL assignment [1 file, +1/-3]
438bda062b media: uvcvideo: Remove dangling pointers [3 files, +67/-3]
a403eca86c mm: gup: fix infinite loop within __get_longterm_locked [1 file, +4/-10]
4b69308314 mm/vmscan: accumulate nr_demoted for accurate demotion statistics [1 file, +4/-3]
4491159774 mm/compaction: fix UBSAN shift-out-of-bounds warning [1 file, +2/-1]
2c3109dcda nvmem: core: improve range check for nvmem_cell_write() [1 file, +2/-0]
35ae7910c3 io_uring: fix multishots with selected buffers [1 file, +2/-0]
be985aea92 io_uring/net: don't retry connect operation on EPOLLERR [2 files, +7/-0]
e398619920 i3c: master: Fix missing 'ret' assignment in set_speed() [1 file, +1/-1]
8b4120b3e0 misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors [1 file, +30/-9]
19fc795e9d maple_tree: simplify split calculation [1 file, +6/-17]
8441aea464 ptp: Ensure info->enable callback is always set [1 file, +8/-0]
c6dd70e5b4 timers/migration: Fix off-by-one root mis-connection [1 file, +9/-1]
45439a8b11 fs: prepend statmount.mnt_opts string with security_sb_mnt_opts() [1 file, +4/-0]
7db0365ee6 fs: fix adding security options to statmount.mnt_opt [1 file, +14/-15]
d49c64c1d7 statmount: let unset strings be empty [1 file, +12/-4]
Changes in 6.12.14
irqchip/lan966x-oic: Make CONFIG_LAN966X_OIC depend on CONFIG_MCHP_LAN966X_PCI
btrfs: fix assertion failure when splitting ordered extent after transaction abort
btrfs: do not output error message if a qgroup has been already cleaned up
btrfs: fix use-after-free when attempting to join an aborted transaction
arm64/mm: Ensure adequate HUGE_MAX_HSTATE
exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
s390/stackleak: Use exrl instead of ex in __stackleak_poison()
btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents()
btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
sched: Don't try to catch up excess steal time.
x86: Convert unreachable() to BUG()
locking/ww_mutex/test: Use swap() macro
lockdep: Fix upper limit for LOCKDEP_*_BITS configs
x86/amd_nb: Restrict init function to AMD-based systems
drm/virtio: New fence for every plane update
drm: Add panel backlight quirks
drm: panel-backlight-quirks: Add Framework 13 matte panel
drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels
nvkm/gsp: correctly advance the read pointer of GSP message queue
nvkm: correctly calculate the available space of the GSP cmdq buffer
drm/tests: hdmi: handle empty modes in find_preferred_mode()
drm/tests: hdmi: return meaningful value from set_connector_edid()
drm/amd/display: Populate chroma prefetch parameters, DET buffer fix
drm/amd/display: Overwriting dualDPP UBF values before usage
printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
drm/connector: add mutex to protect ELD from concurrent access
drm/bridge: anx7625: use eld_mutex to protect access to connector->eld
drm/bridge: ite-it66121: use eld_mutex to protect access to connector->eld
drm/amd/display: use eld_mutex to protect access to connector->eld
drm/exynos: hdmi: use eld_mutex to protect access to connector->eld
drm/radeon: use eld_mutex to protect access to connector->eld
drm/sti: hdmi: use eld_mutex to protect access to connector->eld
drm/vc4: hdmi: use eld_mutex to protect access to connector->eld
drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt
drm/amdkfd: Queue interrupt work to different CPU
drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
drm/bridge: it6505: fix HDCP Bstatus check
drm/bridge: it6505: fix HDCP encryption when R0 ready
drm/bridge: it6505: fix HDCP CTS compare V matching
drm/bridge: it6505: fix HDCP CTS KSV list wait timer
safesetid: check size of policy writes
drm/amd/display: Increase sanitizer frame larger than limit when compile testing with clang
drm/amd/display: Limit Scaling Ratio on DCN3.01
ring-buffer: Make reading page consistent with the code logic
wifi: rtw89: add crystal_cap check to avoid setting as overflow value
tun: fix group permission check
mmc: core: Respect quirk_max_rate for non-UHS SDIO card
mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G
wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
tomoyo: don't emit warning in tomoyo_write_control()
mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
wifi: rtw88: add __packed attribute to efuse layout struct
clk: qcom: Make GCC_8150 depend on QCOM_GDSC
HID: multitouch: Add quirk for Hantick 5288 touchpad
HID: Wacom: Add PCI Wacom device support
net/mlx5: use do_aux_work for PHC overflow checks
wifi: brcmfmac: Check the return value of of_property_read_string_index()
wifi: iwlwifi: pcie: Add support for new device ids
wifi: iwlwifi: avoid memory leak
i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
APEI: GHES: Have GHES honor the panic= setting
Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922
Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925
Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
net: wwan: iosm: Fix hibernation by re-binding the driver around it
HID: hid-asus: Disable OOBE mode on the ProArt P16
mmc: sdhci-msm: Correctly set the load for the regulator
octeon_ep: update tx/rx stats locally for persistence
octeon_ep_vf: update tx/rx stats locally for persistence
tipc: re-order conditions in tipc_crypto_key_rcv()
selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
net: ethernet: ti: am65-cpsw: ensure proper channel cleanup in error path
ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
x86/kexec: Allocate PGD for x86_64 transition page tables separately
ASoC: Intel: sof_sdw: Correct quirk for Lenovo Yoga Slim 7
iommu/arm-smmu-qcom: add sdm670 adreno iommu compatible
iommu/arm-smmu-v3: Clean up more on probe failure
platform/x86: int3472: Check for adev == NULL
platform/x86: acer-wmi: Add support for Acer PH14-51
ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
platform/x86: acer-wmi: Add support for Acer Predator PH16-72
ASoC: amd: Add ACPI dependency to fix build error
Input: allocate keycode for phone linking
platform/x86: acer-wmi: add support for Acer Nitro AN515-58
platform/x86: acer-wmi: Ignore AC events
KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()
KVM: PPC: e500: Mark "struct page" pfn accessed before dropping mmu_lock
KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
KVM: e500: always restore irqs
drm/amdgpu: Fix Circular Locking Dependency in AMDGPU GFX Isolation
xfs: report realtime block quota limits on realtime directories
xfs: don't over-report free space or inodes in statvfs
tty: xilinx_uartps: split sysrq handling
tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN
platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL
sched/fair: Fix inaccurate h_nr_runnable accounting with delayed dequeue
nvme: handle connectivity loss in nvme_set_queue_count
firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
gpu: drm_dp_cec: fix broken CEC adapter properties check
ice: put Rx buffers after being done with current frame
ice: gather page_count()'s of each frag right before XDP prog call
ice: stop storing XDP verdict within ice_rx_buf
nvme: make nvme_tls_attrs_group static
nvme-fc: use ctrl state getter
net: bcmgenet: Correct overlaying of PHY and MAC Wake-on-LAN
ice: Add check for devm_kzalloc()
vmxnet3: Fix tx queue race condition with XDP
tg3: Disable tg3 PCIe AER on system reboot
udp: gso: do not drop small packets when PMTU reduces
drm/i915/dp: fix the Adaptive sync Operation mode for SDP
ethtool: rss: fix hiding unsupported fields in dumps
rxrpc: Fix the rxrpc_connection attend queue handling
gpio: pca953x: Improve interrupt support
net: atlantic: fix warning during hot unplug
net: rose: lock the socket in rose_bind()
gpio: sim: lock hog configfs items if present
x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
x86/xen: add FRAME_END to xen_hypercall_hvm()
ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
pfifo_tail_enqueue: Drop new packet when sch->limit == 0
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
tun: revert fix group permission check
net: sched: Fix truncation of offloaded action statistics
rxrpc: Fix call state set to not include the SERVER_SECURING state
cpufreq: fix using cpufreq-dt as module
cpufreq: s3c64xx: Fix compilation warning
leds: lp8860: Write full EEPROM, not only half of it
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx
cifs: Remove intermediate object of failed create SFU call
drm/modeset: Handle tiled displays in pan_display_atomic.
drm/client: Handle tiled displays better
smb: client: fix order of arguments of tracepoints
smb: client: change lease epoch type from unsigned int to __u16
md: reintroduce md-linear
s390/futex: Fix FUTEX_OP_ANDN implementation
arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented
m68k: vga: Fix I/O defines
fs/proc: do_task_stat: Fix ESP not readable during coredump
binfmt_flat: Fix integer overflow bug on 32 bit systems
accel/ivpu: Fix Qemu crash when running in passthrough
arm64/kvm: Configure HYP TCR.PS/DS based on host stage1
arm64/mm: Override PARange for !LPA2 and use it consistently
arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu()
arm64/mm: Reduce PA space to 48 bits when LPA2 is not enabled
KVM: arm64: timer: Always evaluate the need for a soft timer
drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
remoteproc: omap: Handle ARM dma_iommu_mapping
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
kvm: defer huge page recovery vhost task to later
KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
ksmbd: fix integer overflows on 32 bit systems
drm/amd/display: Optimize cursor position updates
drm/amd/pm: Mark MM activity as unsupported
drm/amd/amdgpu: change the config of cgcg on gfx12
drm/amdkfd: only flush the validate MES contex
drm/amdkfd: Block per-queue reset when halt_if_hws_hang=1
Revert "drm/amd/display: Use HW lock mgr for PSR1"
drm/i915/guc: Debug print LRC state entries only if the context is pinned
drm/i915: Fix page cleanup on DMA remap failure
drm/komeda: Add check for komeda_get_layer_fourcc_list()
drm/xe/devcoredump: Move exec queue snapshot to Contexts section
drm/i915/dp: Iterate DSC BPP from high to low on all platforms
drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
drm/amdgpu: add a BO metadata flag to disable write compression for Vulkan
drm/amd/display: Fix seamless boot sequence
Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y
clk: sunxi-ng: a100: enable MMC clock reparenting
clk: mmp2: call pm_genpd_init() only after genpd.name is set
media: i2c: ds90ub960: Fix UB9702 refclk register access
clk: clk-loongson2: Fix the number count of clk provider
clk: qcom: clk-alpha-pll: fix alpha mode configuration
clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable()
clk: qcom: gcc-sm8650: Do not turn off PCIe GDSCs during gdsc_disable()
clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
clk: qcom: dispcc-sm6350: Add missing parent_map for a clock
clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe
clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe
clk: mediatek: mt2701-bdp: add missing dummy clk
clk: mediatek: mt2701-img: add missing dummy clk
clk: mediatek: mt2701-mm: add missing dummy clk
seccomp: passthrough uretprobe systemcall without filtering
blk-cgroup: Fix class @block_class's subsystem refcount leakage
efi: libstub: Use '-std=gnu11' to fix build with GCC 15
perf bench: Fix undefined behavior in cmpworker()
scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions
of: Correct child specifier used as input of the 2nd nexus node
of: address: Fix empty resource handling in __of_address_resource_bounds()
of: Fix of_find_node_opts_by_path() handling of alias+path+options
of: reserved-memory: Fix using wrong number of cells to get property 'alignment'
Input: bbnsm_pwrkey - add remove hook
HID: hid-sensor-hub: don't use stale platform-data on remove
ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg()
atomic64: Use arch_spin_locks instead of raw_spin_locks
wifi: rtlwifi: rtl8821ae: Fix media status report
wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH
wifi: rtw88: sdio: Fix disconnection after beacon loss
wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916
wifi: rtw88: 8703b: Fix RX/TX issues
usb: gadget: f_tcm: Translate error to sense
usb: gadget: f_tcm: Decrement command ref count on cleanup
usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
usb: gadget: f_tcm: Don't prepare BOT write request twice
usbnet: ipheth: fix possible overflow in DPE length check
usbnet: ipheth: use static NDP16 location in URB
usbnet: ipheth: check that DPE points past NCM header
usbnet: ipheth: refactor NCM datagram loop
usbnet: ipheth: break up NCM header size computation
usbnet: ipheth: fix DPE OoB read
usbnet: ipheth: document scope of NCM implementation
arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-qcp: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e78100-lenovo-thinkpad-t14s: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-crd: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100-microsoft-romulus: Fix USB QMP PHY supplies
arm64: dts: qcom: x1e80100: Fix usb_2 controller interrupts
ASoC: acp: Support microphone from Lenovo Go S
soc: qcom: socinfo: Avoid out of bounds read of serial number
serial: sh-sci: Drop __initdata macro for port_cfg
serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use
MIPS: Loongson64: remove ROM Size unit in boardinfo
LoongArch: Extend the maximum number of watchpoints
powerpc/pseries/eeh: Fix get PE state translation
dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
dm-crypt: track tag_offset in convert_context
mips/math-emu: fix emulation of the prefx instruction
MIPS: pci-legacy: Override pci_address_to_pio
Revert "MIPS: csrc-r4k: Select HAVE_UNSTABLE_SCHED_CLOCK if SMP && 64BIT"
block: don't revert iter for -EIOCBQUEUED
Revert "media: uvcvideo: Require entities to have a non-zero unique ID"
firmware: qcom: scm: Fix missing read barrier in qcom_scm_is_available()
firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool()
ALSA: hda/realtek: Enable headset mic on Positivo C6400
ALSA: hda/realtek: Fix quirk matching for Legion Pro 7
ALSA: hda: Fix headset detection failure due to unstable sort
arm64: tegra: Fix Tegra234 PCIe interrupt-map
s390/pci: Fix SR-IOV for PFs initially in standby
PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1
PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar()
PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
KVM: x86/mmu: Ensure NX huge page recovery thread is alive before waking
scsi: st: Don't set pos_unknown just after device recognition
scsi: qla2xxx: Move FCE Trace buffer allocation to user control
scsi: ufs: qcom: Fix crypto key eviction
scsi: ufs: core: Fix use-after free in init error and remove paths
scsi: storvsc: Set correct data length for sending SCSI command without payload
scsi: core: Do not retry I/Os during depopulation
kbuild: Move -Wenum-enum-conversion to W=2
rust: init: use explicit ABI to clean warning in future compilers
x86: rust: set rustc-abi=x86-softfloat on rustc>=1.86.0
x86/acpi: Fix LAPIC/x2APIC parsing order
x86/boot: Use '-std=gnu11' to fix build with GCC 15
ubi: Add a check for ubi_num
ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
ARM: dts: ti/omap: gta04: fix pm issues caused by spi module
arm64: dts: mediatek: mt8183: Disable DPI display output by default
arm64: dts: qcom: sdx75: Fix MPSS memory length
arm64: dts: qcom: x1e80100: Fix ADSP memory base and length
arm64: dts: qcom: x1e80100: Fix CDSP memory length
arm64: dts: qcom: sm6115: Fix MPSS memory length
arm64: dts: qcom: sm6115: Fix CDSP memory length
arm64: dts: qcom: sm6115: Fix ADSP memory base and length
arm64: dts: qcom: sm6350: Fix ADSP memory length
arm64: dts: qcom: sm6350: Fix MPSS memory length
arm64: dts: qcom: sm6350: Fix uart1 interconnect path
arm64: dts: qcom: sm6375: Fix ADSP memory length
arm64: dts: qcom: sm6375: Fix CDSP memory base and length
arm64: dts: qcom: sm6375: Fix MPSS memory base and length
arm64: dts: qcom: sm8350: Fix ADSP memory base and length
arm64: dts: qcom: sm8350: Fix CDSP memory base and length
arm64: dts: qcom: sm8350: Fix MPSS memory length
arm64: dts: qcom: sm8450: Fix ADSP memory base and length
arm64: dts: qcom: sm8450: Fix CDSP memory length
arm64: dts: qcom: sm8450: Fix MPSS memory length
arm64: dts: qcom: sm8550: Fix ADSP memory base and length
arm64: dts: qcom: sm8550: Fix CDSP memory length
arm64: dts: qcom: sm8550: Fix MPSS memory length
arm64: dts: qcom: sm8650: Fix ADSP memory base and length
arm64: dts: qcom: sm8650: Fix CDSP memory length
arm64: dts: qcom: sm8650: Fix MPSS memory length
arm64: dts: qcom: sm8550: correct MDSS interconnects
arm64: dts: qcom: sm8650: correct MDSS interconnects
crypto: qce - fix priority to be less than ARMv8 CE
arm64: tegra: Fix typo in Tegra234 dce-fabric compatible
arm64: tegra: Disable Tegra234 sce-fabric node
parisc: Temporarily disable jump label support
pwm: microchip-core: fix incorrect comparison with max period
xfs: don't call remap_verify_area with sb write protection held
xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end
xfs: Add error handling for xfs_reflink_cancel_cow_range
accel/ivpu: Clear runtime_error after pm_runtime_resume_and_get() fails
ACPI: PRM: Remove unnecessary strict handler address checks
tpm: Change to kvalloc() in eventlog/acpi.c
rv: Reset per-task monitors also for idle tasks
hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING
iommufd: Fix struct iommu_hwpt_pgfault init and padding
kfence: skip __GFP_THISNODE allocations on NUMA systems
media: ccs: Clean up parsed CCS static data on parse failure
mm/hugetlb: fix avoid_reserve to allow taking folio from subpool
iio: light: as73211: fix channel handling in only-color triggered buffer
iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding
iommufd/fault: Destroy response and mutex in iommufd_fault_destroy()
iommufd/fault: Use a separate spinlock to protect fault->deliver list
soc: samsung: exynos-pmu: Fix uninitialized ret in tensor_set_bits_atomic()
soc: mediatek: mtk-devapc: Fix leaking IO map on error paths
soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove
soc: qcom: llcc: Enable LLCC_WRCACHE at boot on X1
soc: qcom: smem_state: fix missing of_node_put in error path
media: mmp: Bring back registration of the device
media: mc: fix endpoint iteration
media: nuvoton: Fix an error check in npcm_video_ece_init()
media: imx296: Add standby delay during probe
media: intel/ipu6: remove cpu latency qos request on error
media: ov5640: fix get_light_freq on auto
media: stm32: dcmipp: correct dma_set_mask_and_coherent mask value
media: ccs: Fix CCS static data parsing for large block sizes
media: ccs: Fix cleanup order in ccs_probe()
media: i2c: ds90ub9x3: Fix extra fwnode_handle_put()
media: i2c: ds90ub960: Fix use of non-existing registers on UB9702
media: i2c: ds90ub960: Fix UB9702 VC map
media: i2c: ds90ub960: Fix logging SP & EQ status only for UB9702
media: uvcvideo: Fix crash during unbind if gpio unit is in use
media: uvcvideo: Fix event flags in uvc_ctrl_send_events
media: uvcvideo: Support partial control reads
media: uvcvideo: Only save async fh if success
media: uvcvideo: Remove redundant NULL assignment
media: uvcvideo: Remove dangling pointers
mm: kmemleak: fix upper boundary check for physical address objects
mm: gup: fix infinite loop within __get_longterm_locked
mm/vmscan: accumulate nr_demoted for accurate demotion statistics
mm/hugetlb: fix hugepage allocation for interleaved memory nodes
mm/compaction: fix UBSAN shift-out-of-bounds warning
ata: libata-sff: Ensure that we cannot write outside the allocated buffer
irqchip/irq-mvebu-icu: Fix access to msi_data from irq_domain::host_data
crypto: qce - fix goto jump in error path
crypto: qce - unregister previously registered algos in error path
ceph: fix memory leak in ceph_mds_auth_match()
nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
nvmem: core: improve range check for nvmem_cell_write()
nvmem: imx-ocotp-ele: simplify read beyond device check
nvmem: imx-ocotp-ele: fix MAC address byte order
nvmem: imx-ocotp-ele: fix reading from non zero offset
nvmem: imx-ocotp-ele: set word length to 1
io_uring: fix multishots with selected buffers
io_uring/net: don't retry connect operation on EPOLLERR
vfio/platform: check the bounds of read/write syscalls
selftests: mptcp: connect: -f: no reconnect
pnfs/flexfiles: retry getting layout segment for reads
ocfs2: fix incorrect CPU endianness conversion causing mount failure
ocfs2: handle a symlink read error correctly
nilfs2: fix possible int overflows in nilfs_fiemap()
nfs: Make NFS_FSCACHE select NETFS_SUPPORT instead of depending on it
NFSD: Encode COMPOUND operation status on page boundaries
mailbox: tegra-hsp: Clear mailbox before using message
mailbox: zynqmp: Remove invalid __percpu annotation in zynqmp_ipi_probe()
NFC: nci: Add bounds checking in nci_hci_create_pipe()
fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT
i3c: master: Fix missing 'ret' assignment in set_speed()
irqchip/apple-aic: Only handle PMC interrupt as FIQ when configured so
mtd: onenand: Fix uninitialized retlen in do_otp_read()
misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors
misc: fastrpc: Deregister device nodes properly in error scenarios
misc: fastrpc: Fix registered buffer page address
misc: fastrpc: Fix copy buffer page size
net/ncsi: wait for the last response to Deselect Package before configuring channel
net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
maple_tree: simplify split calculation
scripts/gdb: fix aarch64 userspace detection in get_current_task
tracing/osnoise: Fix resetting of tracepoints
rtla/osnoise: Distinguish missing workload option
rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads
rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads
rtla: Add trace_instance_stop
rtla/timerlat_hist: Stop timerlat tracer on signal
rtla/timerlat_top: Stop timerlat tracer on signal
pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails
pinctrl: renesas: rzg2l: Fix PFC_MASK for RZ/V2H and RZ/G3E
ptp: Ensure info->enable callback is always set
RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
rtc: zynqmp: Fix optional clock name property
timers/migration: Fix off-by-one root mis-connection
s390/fpu: Add fpc exception handler / remove fixup section again
MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
xfs: avoid nested calls to __xfs_trans_commit
xfs: don't lose solo superblock counter update transactions
xfs: separate dquot buffer reads from xfs_dqflush
xfs: clean up log item accesses in xfs_qm_dqflush{,_done}
xfs: attach dquot buffer to dquot log item buffer
xfs: convert quotacheck to attach dquot buffers
xfs: release the dquot buf outside of qli_lock
xfs: lock dquot buffer before detaching dquot from b_li_list
xfs: fix mount hang during primary superblock recovery failure
spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families
spi: atmel-qspi: Memory barriers after memory-mapped I/O
Revert "btrfs: avoid monopolizing a core when activating a swap file"
btrfs: avoid monopolizing a core when activating a swap file
mptcp: prevent excessive coalescing on receive
x86/mm: Convert unreachable() to BUG()
md/md-linear: Fix a NULL vs IS_ERR() bug in linear_add()
md: Fix linear_set_limits()
Revert "selftests/sched_ext: fix build after renames in sched_ext API"
Revert "drm/amd/display: Fix green screen issue after suspend"
drm/xe: Fix and re-enable xe_print_blob_ascii85()
fs: prepend statmount.mnt_opts string with security_sb_mnt_opts()
fs: fix adding security options to statmount.mnt_opt
statmount: let unset strings be empty
arm64: dts: rockchip: add reset-names for combphy on rk3568
ocfs2: check dir i_size in ocfs2_find_entry
Linux 6.12.14
Change-Id: Id4141bfc8ee9a6320b056561aa528228e7a3f1df
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 97937834ae876f29565415ab15f1284666dc6be3 upstream.
The pages_touched field represents the number of subbuffers in the ring
buffer that have content that can be read. This is used in accounting of
"dirty_pages" and "buffer_percent" to allow the user to wait for the
buffer to be filled to a certain amount before it reads the buffer in
blocking mode.
The persistent buffer never updated this value so it was set to zero, and
this accounting would take it as it had no content. This would cause user
space to wait for content even though there's enough content in the ring
buffer that satisfies the buffer_percent.
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20250214123512.0631436e@gandalf.local.home
Fixes: 5f3b6e839f ("ring-buffer: Validate boot range memory events")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f5b95f1fa2ef3a03f49eeec658ba97e721412b32 upstream.
The meta data for a mapped ring buffer contains an array of indexes of all
the subbuffers. The first entry is the reader page, and the rest of the
entries lay out the order of the subbuffers in how the ring buffer link
list is to be created.
The validator currently makes sure that all the entries are within the
range of 0 and nr_subbufs. But it does not check if there are any
duplicates.
While working on the ring buffer, I corrupted this array, where I added
duplicates. The validator did not catch it and created the ring buffer
link list on top of it. Luckily, the corruption was only that the reader
page was also in the writer path and only presented corrupted data but did
not crash the kernel. But if there were duplicates in the writer side,
then it could corrupt the ring buffer link list and cause a crash.
Create a bitmask array with the size of the number of subbuffers. Then
clear it. When walking through the subbuf array checking to see if the
entries are within the range, test if its bit is already set in the
subbuf_mask. If it is, then there is duplicates and fail the validation.
If not, set the corresponding bit and continue.
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20250214102820.7509ddea@gandalf.local.home
Fixes: c76883f18e ("ring-buffer: Add test if range of boot buffer is valid")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 6e31b759b076eebb4184117234f0c4eb9e4bc460 ]
In the loop of __rb_map_vma(), the 's' variable is calculated from the
same logic that nr_pages is and they both come from nr_subbufs. But the
relationship is not obvious and there's a WARN_ON_ONCE() around the 's'
variable to make sure it never becomes equal to nr_subbufs within the
loop. If that happens, then the code is buggy and needs to be fixed.
The 'page' variable is calculated from cpu_buffer->subbuf_ids[s] which is
an array of 'nr_subbufs' entries. If the code becomes buggy and 's'
becomes equal to or greater than 'nr_subbufs' then this will be an out of
bounds hit before the WARN_ON() is triggered and the code exiting safely.
Make the 'page' initialization consistent with the code logic and assign
it after the out of bounds check.
Link: https://lore.kernel.org/20250110162612.13983-1-aha310510@gmail.com
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
[ sdr: rewrote change log ]
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
When using an external writer, timestamp and read fields were not reset
properly. That might lead to a corrupted trace following a "echo 0 >
trace".
Bug: 357781595
Fixes: 162c11d25b ("FROMLIST: ring-buffer: Introducing ring-buffer writer")
Change-Id: Ic879b45b76e551c3e6052393bd2a1f0ceb2bea96
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
The fast-path for the proper CPU in rb_page_desc() was wrong due to a
missing cast. In practice, we only have trace descriptors with the same
number of pages per CPU, but nonetheless the structure doesn't really
enforce it. Proper support would need a MAGIC in the header of each CPU
as well as a complete struct size in the global header. We do not
anticipate any gain here from this optimization in a first place, so
let's get rid of it entirely.
Bug: 357781595
Fixes: 162c11d25b ("FROMLIST: ring-buffer: Introducing ring-buffer writer")
Change-Id: Idf226cc96e4d1cf5ed959f87c4612f8a24d68cd0
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
GKI (arm64) relevant 43 out of 161 changes, affecting 62 files +519/-460
5dbe6816c4 sched/fair: Fix NEXT_BUDDY [1 file, +2/-5]
0ee98301f1 sched/fair: Fix sched_can_stop_tick() for fair tasks [1 file, +1/-1]
0653fa6ee0 erofs: fix PSI memstall accounting [1 file, +2/-2]
bdd68033d1 sched/dlserver: Fix dlserver double enqueue [3 files, +18/-2]
baedaacee1 sched/dlserver: Fix dlserver time accounting [1 file, +9/-6]
910798ecd3 erofs: add erofs_sb_free() helper [1 file, +19/-17]
3e0d81efcb erofs: use `struct erofs_device_info` for the primary device [4 files, +22/-31]
f067d3f69d erofs: reference `struct erofs_device_info` for erofs_map_dev [4 files, +15/-23]
3042448109 erofs: use buffered I/O for file-backed mounts by default [3 files, +21/-10]
d924c8afe6 netdev: fix repeated netlink messages in queue dump [1 file, +4/-7]
b38e858ab0 netdev: fix repeated netlink messages in queue stats [1 file, +2/-2]
57ed6505ba netdev-genl: avoid empty messages in queue dump [1 file, +2/-2]
aa9e573145 net: mdiobus: fix an OF node reference leak [1 file, +10/-3]
20bf32f482 irqchip/gic-v3: Work around insecure GIC integrations [1 file, +16/-1]
ea78f77f78 KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden [1 file, +2/-1]
4f393ea1e2 net: tun: fix tun_napi_alloc_frags() [1 file, +1/-1]
97701315e3 block: Revert "block: Fix potential deadlock while freezing queue and acquiring sysfs_lock" [3 files, +23/-26]
7ccad1ee83 xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic [1 file, +0/-2]
47c8b6cf1d drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() [1 file, +7/-4]
c8395bfcd0 dma-buf: Fix __dma_buf_debugfs_list_del argument for !CONFIG_DEBUG_FS [1 file, +1/-1]
b5792c162d block: avoid to reuse `hctx` not removed from cpuhp callback list [1 file, +10/-1]
1828714c09 trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers [1 file, +9/-0]
6d91e90cfc zram: refuse to use zero sized block device as backing device [1 file, +6/-0]
6fb92e9a52 zram: fix uninitialized ZRAM not releasing backing device [1 file, +4/-5]
ad7c9f1f43 vmalloc: fix accounting with i915 [1 file, +4/-2]
4234ca9884 mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() [1 file, +4/-2]
ec12f30fe5 ring-buffer: Fix overflow in __rb_map_vma [1 file, +5/-1]
9667c91464 alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG [1 file, +6/-1]
3985cd3047 tracing: Fix test_event_printk() to process entire print argument [1 file, +53/-29]
71a613ceac tracing: Add missing helper functions in event pointer dereference check [1 file, +19/-2]
683eccacc0 tracing: Add "%s" check in test_event_printk() [1 file, +89/-15]
d3e73fe7ca tracing: Check "%s" dereference via the field and not the TP_printk format [5 files, +88/-217]
06eb089489 io_uring: Fix registered ring file refcount leak [2 files, +2/-3]
4f95a2186b io_uring: check if iowq is killed before queuing [1 file, +5/-1]
2976661ed4 of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent() [1 file, +1/-0]
e30e72844c of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() [1 file, +1/-0]
e0d9c581ac of: property: fw_devlink: Do not use interrupt-parent directly [1 file, +0/-2]
501d686391 of: address: Preserve the flags portion on 1:1 dma-ranges mapping [1 file, +2/-1]
c62318587c of: Fix error path in of_parse_phandle_with_args_map() [1 file, +10/-5]
adc4b70fb6 of: Fix refcount leakage for OF node returned by __of_get_dma_parent() [1 file, +1/-1]
a095090b70 mm: shmem: fix ShmemHugePages at swapout [1 file, +12/-10]
a086c8d7f2 mm: convert partially_mapped set/clear operations to be atomic [2 files, +6/-14]
2d129beb8d epoll: Add synchronous wakeup support for ep_poll_callback [2 files, +5/-1]
Changes in 6.12.7
net: sched: fix ordering of qlen adjustment
net: stmmac: fix TSO DMA API usage causing oops
firmware: arm_scmi: Fix i.MX build dependency
firmware: arm_ffa: Fix the race around setting ffa_dev->properties
RISC-V: KVM: Fix csr_write -> csr_set for HVIEN PMU overflow bit
sched/fair: Fix NEXT_BUDDY
sched/fair: Fix sched_can_stop_tick() for fair tasks
sched/eevdf: More PELT vs DELAYED_DEQUEUE
p2sb: Factor out p2sb_read_from_cache()
p2sb: Introduce the global flag p2sb_hidden_by_bios
p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
p2sb: Do not scan and remove the P2SB device when it is unhidden
i2c: pnx: Fix timeout in wait functions
s390/ipl: Fix never less than zero warning
erofs: fix PSI memstall accounting
sched/dlserver: Fix dlserver double enqueue
sched/dlserver: Fix dlserver time accounting
s390/mm: Consider KMSAN modules metadata for paging levels
erofs: add erofs_sb_free() helper
erofs: use `struct erofs_device_info` for the primary device
erofs: reference `struct erofs_device_info` for erofs_map_dev
erofs: use buffered I/O for file-backed mounts by default
xfs: sb_spino_align is not verified
xfs: fix sparse inode limits on runt AG
xfs: fix off-by-one error in fsmap's end_daddr usage
xfs: fix sb_spino_align checks for large fsblock sizes
xfs: fix zero byte checking in the superblock scrubber
tools: hv: change permissions of NetworkManager configuration file
cxl/pci: Fix potential bogus return value upon successful probing
cxl/region: Fix region creation for greater than x2 switches
net/smc: protect link down work from execute after lgr freed
net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg
net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
net/smc: check smcd_v2_ext_offset when receiving proposal msg
net/smc: check return value of sock_recvmsg when draining clc data
net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()
netdevsim: prevent bad user input in nsim_dev_health_break_write()
tools/net/ynl: fix sub-message key lookup for nested attributes
ionic: Fix netdev notifier unregister on failure
ionic: no double destroy workqueue
ionic: use ee->offset when returning sprom data
net: renesas: rswitch: rework ts tags management
ksmbd: count all requests in req_running counter
ksmbd: fix broken transfers when exceeding max simultaneous operations
netdev: fix repeated netlink messages in queue dump
netdev: fix repeated netlink messages in queue stats
team: Fix feature exposure when no ports are present
net: hinic: Fix cleanup in create_rxqs/txqs()
net: ethernet: oa_tc6: fix infinite loop error when tx credits becomes 0
net: ethernet: oa_tc6: fix tx skb race condition between reference pointers
net: ethernet: bgmac-platform: fix an OF node reference leak
net: netdevsim: fix nsim_pp_hold_write()
can: m_can: set init flag earlier in probe
can: m_can: fix missed interrupts with m_can_pci
ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems
netfilter: ipset: Fix for recursive locking warning
selftests: openvswitch: fix tcpdump execution
net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic
netdev-genl: avoid empty messages in queue dump
psample: adjust size if rate_as_probability is set
net: mdiobus: fix an OF node reference leak
mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
mmc: mtk-sd: disable wakeup in .remove() and in the error path of .probe()
irqchip/gic-v3: Work around insecure GIC integrations
EDAC/amd64: Simplify ECC check on unified memory controllers
KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden
KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
net: tun: fix tun_napi_alloc_frags()
chelsio/chtls: prevent potential integer overflow on 32bit
net: mctp: handle skb cleanup on sock_queue failures
block: Revert "block: Fix potential deadlock while freezing queue and acquiring sysfs_lock"
i2c: riic: Always round-up when calculating bus period
efivarfs: Fix error on non-existent file
hexagon: Disable constant extender optimization for LLVM prior to 19.1.0
USB: serial: option: add TCL IK512 MBIM & ECM
USB: serial: option: add MeiG Smart SLM770A
USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
USB: serial: option: add MediaTek T7XX compositions
USB: serial: option: add Telit FE910C04 rmnet compositions
xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
thunderbolt: Add support for Intel Panther Lake-M/P
thunderbolt: Improve redrive mode handling
thunderbolt: Don't display nvm_version unless upgrade supported
drm/display: use ERR_PTR on DP tunnel manager creation fail
drm/amd: Update strapping for NBIO 2.5.0
drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
drm/amdgpu: fix amdgpu_coredump
drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
udmabuf: udmabuf_create pin folio codestyle cleanup
udmabuf: fix memory leak on last export_udmabuf() error path
dma-buf: Fix __dma_buf_debugfs_list_del argument for !CONFIG_DEBUG_FS
drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference
drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
drm/panel: st7701: Add prepare_prev_first flag to drm_panel
drm/panel: synaptics-r63353: Fix regulator unbalance
i915/guc: Reset engine utilization buffer before registration
i915/guc: Ensure busyness counter increases motonically
i915/guc: Accumulate active runtime on gt reset
drm/amdgpu: don't access invalid sched
hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers
hwmon: (tmp513) Fix Current Register value interpretation
hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers
block: avoid to reuse `hctx` not removed from cpuhp callback list
trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers
drm/amdgpu/nbio7.11: fix IP version check
drm/amdgpu/nbio7.7: fix IP version check
drm/amdgpu/smu14.0.2: fix IP version check
zram: refuse to use zero sized block device as backing device
zram: fix uninitialized ZRAM not releasing backing device
vmalloc: fix accounting with i915
mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()
ring-buffer: Fix overflow in __rb_map_vma
alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG
btrfs: split bios to the fs sector size boundary
btrfs: fix improper generation check in snapshot delete
btrfs: tree-checker: reject inline extent items with 0 ref count
s390/mm: Fix DirectMap accounting
drm/amdgpu/nbio7.0: fix IP version check
drm/amdgpu/gfx12: fix IP version check
drm/amdgpu/mmhub4.1: fix IP version check
fgraph: Still initialize idle shadow stacks when starting
Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
tools: hv: Fix a complier warning in the fcopy uio daemon
x86/hyperv: Fix hv tsc page based sched_clock for hibernation
KVM: x86: Play nice with protected guests in complete_hypercall_exit()
smb: client: fix TCP timers deadlock after rmmod
accel/ivpu: Fix general protection fault in ivpu_bo_list()
accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()
tracing: Fix test_event_printk() to process entire print argument
tracing: Add missing helper functions in event pointer dereference check
tracing: Add "%s" check in test_event_printk()
tracing: Check "%s" dereference via the field and not the TP_printk format
selftests/memfd: run sysctl tests when PID namespace support is enabled
selftests/bpf: Use asm constraint "m" for LoongArch
io_uring: Fix registered ring file refcount leak
io_uring: check if iowq is killed before queuing
NFS/pnfs: Fix a live lock between recalled layouts and layoutget
KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits
of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
ocfs2: fix the space leak in LA when releasing LA
nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
nilfs2: prevent use of deleted inode
udmabuf: fix racy memfd sealing check
udmabuf: also check for F_SEAL_FUTURE_WRITE
of: property: fw_devlink: Do not use interrupt-parent directly
of: address: Preserve the flags portion on 1:1 dma-ranges mapping
of: Fix error path in of_parse_phandle_with_args_map()
of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
ceph: give up on paths longer than PATH_MAX
ceph: validate snapdirname option length when mounting
ceph: improve error handling and short/overflow-read logic in __ceph_sync_read()
ceph: fix memory leaks in __ceph_sync_read()
ceph: fix memory leak in ceph_direct_read_write()
mm: use aligned address in clear_gigantic_page()
mm: use aligned address in copy_user_gigantic_page()
mm: shmem: fix ShmemHugePages at swapout
mm: convert partially_mapped set/clear operations to be atomic
epoll: Add synchronous wakeup support for ep_poll_callback
Linux 6.12.7
Change-Id: I139753dbdf8a7e4c9a1d0381d0f14830965acd1a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 129 out of 468 changes, affecting 180 files +1843/-980
e0964a5778 ptp: Add error handling for adjfine callback in ptp_clock_adjtime [1 file, +2/-1]
a007f8895f net/sched: tbf: correct backlog statistic for GSO packets [1 file, +12/-6]
9545011e7b net: Fix icmp host relookup triggering ip_rt_bug [1 file, +3/-0]
01f95357e4 ipv6: avoid possible NULL deref in modify_prefix_route() [1 file, +7/-6]
8b591bd522 net/ipv6: release expired exception dst cached in socket [1 file, +3/-3]
e48b211c4c tipc: Fix use-after-free of kernel socket in cleanup_bearer(). [1 file, +1/-1]
da5cc778e7 netfilter: nft_inner: incorrect percpu area handling under softirq [2 files, +46/-12]
a36a6d7037 Revert "udp: avoid calling sock_def_readable() if possible" [1 file, +3/-11]
22074dc1d4 ethtool: Fix wrong mod state in case of verbose and no_mask bitset [1 file, +44/-4]
316183d583 net: avoid potential UAF in default_operstate() [1 file, +6/-1]
c00372e41b mmc: sd: SDUC Support Recognition [7 files, +27/-15]
19e22f1e68 mmc: core: Adjust ACMD22 to SDUC [1 file, +18/-6]
42311846d3 mmc: core: Use GFP_NOIO in ACMD22 [1 file, +4/-0]
4e51552bc5 zram: do not mark idle slots that cannot be idle [1 file, +18/-7]
0ab037634b zram: clear IDLE flag in mark_idle() [1 file, +2/-0]
405b6d5f90 ntp: Remove invalid cast in time offset math [1 file, +1/-1]
6358df316d f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK} [1 file, +29/-39]
e6a91ed4b9 f2fs: fix to adjust appropriate length for fiemap [2 files, +4/-3]
8e9fec7f79 f2fs: fix to requery extent which cross boundary of inquiry [1 file, +15/-5]
815d8f0e52 i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS [2 files, +5/-3]
c3806cf647 i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED [2 files, +59/-13]
1117462773 i3c: master: Fix dynamic address leak when 'assigned-address' is present [1 file, +5/-10]
7d4e5e33ea scsi: ufs: core: Always initialize the UIC done completion [1 file, +4/-7]
3ad69f2f08 scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG [3 files, +38/-1]
47f4ad956b bpf, vsock: Fix poll() missing a queue [1 file, +3/-0]
a222e48fea bpf, vsock: Invoke proto::close on close() [1 file, +40/-27]
dabaf26846 xsk: always clear DMA mapping information when unmapping the pool [1 file, +2/-3]
5c9e3bb43a tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg [1 file, +4/-7]
7bc37dd9ea ALSA: usb-audio: Notify xrun for low-latency mode [1 file, +11/-3]
a78af11806 pmdomain: core: Add missing put_device() [1 file, +1/-0]
913a3f1c06 pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails [1 file, +19/-17]
5548887987 nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported [1 file, +2/-1]
bdbf87486d bpf: Ensure reg is PTR_TO_STACK in process_iter_arg [2 files, +7/-2]
2459a0b149 drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails [1 file, +1/-5]
0da7d4b7ca bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc [1 file, +6/-3]
f9f2a2739e bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots [1 file, +1/-0]
845cc4ee8e nvme-fabrics: handle zero MAXCMD without closing the connection [1 file, +3/-2]
c2277e2859 scatterlist: fix incorrect func name in kernel-doc [1 file, +1/-1]
81ec3c6ceb bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie [1 file, +20/-3]
6dc076a257 bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem [1 file, +1/-3]
7218e441ad bpf: Handle in-place update for full LPM trie correctly [1 file, +21/-23]
412bf01fd5 bpf: Fix exact match conditions in trie_get_next_key() [1 file, +2/-2]
e689bc6697 HID: wacom: fix when get product name maybe null pointer [1 file, +2/-1]
3b0c5bb437 can: dev: can_set_termination(): allow sleeping GPIOs [1 file, +1/-1]
ba0ee489cd tracing: Fix cmp_entries_dup() to respect sort() comparison rules [1 file, +1/-5]
ec643064ab arm64: mm: Fix zone_dma_limit calculation [1 file, +8/-9]
34b6197867 arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs [1 file, +2/-2]
abd614bbfc arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL [1 file, +5/-1]
8ab73c34e3 arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR [1 file, +2/-0]
4105dd76bc arm64: ptrace: fix partial SETREGSET for NT_ARM_POE [1 file, +2/-0]
7f1292f8d4 ALSA: usb-audio: Fix a DMA to stack memory bug [1 file, +27/-15]
39c5d89b56 ALSA: usb-audio: Add extra PID for RME Digiface USB [3 files, +176/-168]
9c191055c7 scsi: ufs: core: sysfs: Prevent div by zero [1 file, +6/-0]
2e7a3bb033 scsi: ufs: core: Cancel RTC work during ufshcd_remove() [1 file, +1/-0]
5a717f43c2 scsi: ufs: core: Add missing post notify for power mode change [2 files, +10/-7]
793e560a6b io_uring: Change res2 parameter type in io_uring_cmd_done [2 files, +3/-3]
85351e4941 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" [1 file, +2/-3]
95e197354e cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU [1 file, +8/-6]
bc031095d1 modpost: Add .irqentry.text to OTHER_SECTIONS [1 file, +1/-1]
178e31df1f bpf: fix OOB devmap writes when deleting elements [1 file, +3/-3]
3dcc20418e dma-buf: fix dma_fence_array_signaled v4 [1 file, +27/-1]
f3dbb097d6 dma-fence: Fix reference leak on fence merge failure path [1 file, +2/-0]
4715555964 dma-fence: Use kernel's sort for merging fences [1 file, +61/-67]
d486b5741d xsk: fix OOB map writes when deleting elements [1 file, +1/-1]
14258211d6 regmap: detach regmap from dev on regmap_exit [1 file, +12/-0]
d562b457e1 mmc: core: Further prevent card detect during shutdown [2 files, +5/-0]
9bfeeeff2c stackdepot: fix stack_depot_save_flags() in NMI context [2 files, +12/-4]
a71ddd5b87 sched/numa: fix memory leak due to the overwritten vma->numab_state [1 file, +9/-3]
835ca042df kasan: make report_lock a raw spinlock [1 file, +3/-3]
69d319450d mm/gup: handle NULL pages in unpin_user_pages() [1 file, +10/-1]
1dde3fde62 mm: open-code PageTail in folio_flags() and const_folio_flags() [1 file, +2/-2]
bd4d2333a3 mm: open-code page_folio() in dump_page() [1 file, +5/-2]
536ffb4014 mm: fix vrealloc()'s KASAN poisoning logic [1 file, +2/-1]
fe1a34e92a mm: respect mmap hint address when aligning for THP [1 file, +1/-0]
5c63e24b1b scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() [6 files, +2/-5]
2cec2d916a memblock: allow zero threshold in validate_numa_converage() [1 file, +2/-2]
d222934627 epoll: annotate racy check [2 files, +5/-3]
493326c4f1 block: RCU protect disk->conv_zones_bitmap [2 files, +32/-13]
b6ce2dbe98 ext4: partial zero eof block on unaligned inode size extension [2 files, +42/-16]
ff599ad2d2 cleanup: Adjust scoped_guard() macros to avoid potential warning [1 file, +42/-10]
3946e07552 gpio: free irqs that are still requested when the chip is being removed [1 file, +41/-0]
ea74e9675b HID: add per device quirk to force bind to hid-generic [3 files, +8/-2]
17db6ed5a3 media: uvcvideo: RealSense D421 Depth module metadata [1 file, +9/-0]
0c20fadfd0 media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera [1 file, +11/-0]
3cc5228d5b media: uvcvideo: Force UVC version to 1.0a for 0408:4033 [1 file, +11/-0]
4150f22342 drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model [1 file, +6/-0]
5d7f35ed5f drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition [1 file, +6/-0]
187d5ff497 drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK [1 file, +6/-0]
fd09880b16 af_packet: avoid erroring out after sock_init_data() in packet_create() [1 file, +6/-6]
61686abc2f Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() [1 file, +1/-0]
32df687e12 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() [1 file, +5/-5]
8df832e6b9 net: af_can: do not leave a dangling sk pointer in can_create() [1 file, +1/-0]
03caa9bfb9 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() [1 file, +7/-5]
691d6d816f net: inet: do not leave a dangling sk pointer in inet_create() [1 file, +10/-12]
f44fceb71d net: inet6: do not leave a dangling sk pointer in inet6_create() [1 file, +10/-12]
987aa730ba bpf: Prevent tailcall infinite loop caused by freplace [5 files, +81/-17]
051f49d517 net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals [4 files, +29/-23]
920159e1bf ALSA: usb-audio: Make mic volume workarounds globally applicable [3 files, +45/-48]
a50b4aa300 bpf: Call free_htab_elem() after htab_unlock_bucket() [1 file, +39/-17]
da561d5fb6 Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions [1 file, +3/-10]
c55a4c5a04 Bluetooth: hci_conn: Use disable_delayed_work_sync [1 file, +3/-3]
93a6160dc1 Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet [1 file, +9/-4]
b04b4fb91d Bluetooth: Add new quirks for ATS2851 [2 files, +20/-4]
359fc41e3c Bluetooth: Support new quirks for ATS2851 [2 files, +15/-1]
166cf43070 net/neighbor: clear error in case strict check is not set [1 file, +1/-0]
f63a1caae9 tracing/ftrace: disable preemption in syscall probe [2 files, +44/-4]
d1133dd57e tracing: Use atomic64_inc_return() in trace_clock_counter() [1 file, +1/-1]
09c083fbea ring-buffer: Limit time with disabled interrupts in rb_check_pages() [1 file, +72/-26]
c11e2ec9a7 pinmux: Use sequential access to access desc->pinmux data [3 files, +100/-77]
b865d4e569 scsi: ufs: core: Make DMA mask configuration more flexible [3 files, +13/-9]
2fcb921c27 bpf: put bpf_link's program when link is safe to be deallocated [1 file, +17/-5]
bb4a6236a4 leds: class: Protect brightness_show() with led_cdev->led_access mutex [2 files, +12/-4]
7214d3a64e tracing: Fix function name for trampoline [3 files, +36/-8]
9e28513fd2 f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. [1 file, +3/-1]
b51aa6a07e PCI: qcom: Add support for IPQ9574 [1 file, +1/-0]
617bd1e6c3 PCI: Add ACS quirk for Wangxun FF5xxx NICs [1 file, +9/-6]
1f51ae217d i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock [1 file, +2/-1]
6d41a2d5c1 f2fs: print message if fscorrupted was found in f2fs_new_node_page() [1 file, +6/-1]
924f7dd1e8 f2fs: fix to shrink read extent node in batches [1 file, +41/-28]
1648c7000f serial: 8250_dw: Add Sophgo SG2044 quirk [1 file, +3/-2]
950210c9c7 Revert "nvme: make keep-alive synchronous operation" [1 file, +10/-7]
d5b2ddf1f9 io_uring/tctx: work around xa_store() allocation error issue [1 file, +12/-1]
cd188519d2 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() [1 file, +1/-0]
a39ad4f507 sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() [1 file, +1/-1]
f9e144a544 sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy [1 file, +1/-1]
b4ec68868c sched/core: Prevent wakeup of ksoftirqd during idle load balance [1 file, +1/-1]
364dc8070b tracing/eprobe: Fix to release eprobe when failed to add dyn_event [1 file, +5/-0]
1a678f6829 clocksource: Make negative motion detection more robust [4 files, +20/-7]
6aeef0214d softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel [1 file, +11/-4]
Changes in 6.12.5
iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
watchdog: apple: Actually flush writes after requesting watchdog restart
watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart()
can: gs_usb: add usb endpoint address detection at driver probe step
can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails
can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
can: hi311x: hi3110_can_ist(): fix potential use-after-free
can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
netfilter: x_tables: fix LED ID check in led_tg_check()
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
selftests: hid: fix typo and exit code
net: enetc: Do not configure preemptible TCs if SIs do not support
ptp: Add error handling for adjfine callback in ptp_clock_adjtime
net/sched: tbf: correct backlog statistic for GSO packets
net: hsr: avoid potential out-of-bound access in fill_frame_info()
bnxt_en: ethtool: Supply ntuple rss context action
net: Fix icmp host relookup triggering ip_rt_bug
ipv6: avoid possible NULL deref in modify_prefix_route()
can: j1939: j1939_session_new(): fix skb reference counting
platform/x86: asus-wmi: Ignore return value when writing thermal policy
net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on LAN7800/7850
net/ipv6: release expired exception dst cached in socket
dccp: Fix memory leak in dccp_feat_change_recv
tipc: Fix use-after-free of kernel socket in cleanup_bearer().
net/smc: initialize close_work early to avoid warning
net/smc: fix LGR and link use-after-free issue
net/qed: allow old cards not supporting "num_images" to work
net: hsr: must allocate more bytes for RedBox support
ice: fix PHY Clock Recovery availability check
ice: fix PHY timestamp extraction for ETH56G
ice: Fix VLAN pruning in switchdev mode
idpf: set completion tag for "empty" bufs associated with a packet
ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
ixgbe: downgrade logging of unsupported VF API version to debug
ixgbe: Correct BASE-BX10 compliance code
igb: Fix potential invalid memory access in igb_init_module()
netfilter: nft_inner: incorrect percpu area handling under softirq
Revert "udp: avoid calling sock_def_readable() if possible"
net: sched: fix erspan_opt settings in cls_flower
netfilter: ipset: Hold module reference while requesting a module
netfilter: nft_set_hash: skip duplicated elements pending gc run
ethtool: Fix wrong mod state in case of verbose and no_mask bitset
mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
geneve: do not assume mac header is set in geneve_xmit_skb()
net/mlx5: HWS: Fix memory leak in mlx5hws_definer_calc_layout
net/mlx5: HWS: Properly set bwc queue locks lock classes
net/mlx5e: SD, Use correct mdev to build channel param
net/mlx5e: Remove workaround to avoid syndrome for internal port
vsock/test: fix failures due to wrong SO_RCVLOWAT parameter
vsock/test: fix parameter types in SO_VM_SOCKETS_* calls
net: avoid potential UAF in default_operstate()
gpio: grgpio: use a helper variable to store the address of ofdev->dev
gpio: grgpio: Add NULL check in grgpio_probe
mmc: mtk-sd: use devm_mmc_alloc_host
mmc: mtk-sd: Fix error handle of probe function
mmc: mtk-sd: fix devm_clk_get_optional usage
mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
mmc: sd: SDUC Support Recognition
mmc: core: Adjust ACMD22 to SDUC
mmc: core: Use GFP_NOIO in ACMD22
zram: do not mark idle slots that cannot be idle
zram: clear IDLE flag in mark_idle()
ntp: Remove invalid cast in time offset math
f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK}
f2fs: fix to adjust appropriate length for fiemap
f2fs: fix to requery extent which cross boundary of inquiry
i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED
i3c: master: Fix dynamic address leak when 'assigned-address' is present
drm/amd/display: calculate final viewport before TAP optimization
drm/amd/display: Ignore scalar validation failure if pipe is phantom
scsi: ufs: core: Always initialize the UIC done completion
scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
bpf, vsock: Fix poll() missing a queue
bpf, vsock: Invoke proto::close on close()
xsk: always clear DMA mapping information when unmapping the pool
bpftool: fix potential NULL pointer dereferencing in prog_dump()
drm/sti: Add __iomem for mixer_dbg_mxn's parameter
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
ALSA: seq: ump: Fix seq port updates per FB info notify
ALSA: usb-audio: Notify xrun for low-latency mode
tools: Override makefile ARCH variable if defined, but empty
spi: mpc52xx: Add cancel_work_sync before module remove
ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai()
pmdomain: core: Add missing put_device()
pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails
nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported
x86/pkeys: Change caller of update_pkru_in_sigframe()
x86/pkeys: Ensure updated PKRU value is XRSTOR'd
bpf: Ensure reg is PTR_TO_STACK in process_iter_arg
irqchip/stm32mp-exti: CONFIG_STM32MP_EXTI should not default to y when compile-testing
drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails
bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
nvme-fabrics: handle zero MAXCMD without closing the connection
nvme-tcp: fix the memleak while create new ctrl failed
nvme-rdma: unquiesce admin_q before destroy it
scsi: sg: Fix slab-use-after-free read in sg_release()
scsi: scsi_debug: Fix hrtimer support for ndelay
ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
drm/v3d: Enable Performance Counters before clearing them
ocfs2: free inode when ocfs2_get_init_inode() fails
scatterlist: fix incorrect func name in kernel-doc
iio: magnetometer: yas530: use signed integer type for clamp limits
smb: client: fix potential race in cifs_put_tcon()
bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
bpf: Handle in-place update for full LPM trie correctly
bpf: Fix exact match conditions in trie_get_next_key()
x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails
rust: allow `clippy::needless_lifetimes`
HID: i2c-hid: Revert to using power commands to wake on resume
HID: wacom: fix when get product name maybe null pointer
LoongArch: Add architecture specific huge_pte_clear()
LoongArch: KVM: Protect kvm_check_requests() with SRCU
ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
watchdog: rti: of: honor timeout-sec property
can: dev: can_set_termination(): allow sleeping GPIOs
can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6.
tracing: Fix cmp_entries_dup() to respect sort() comparison rules
net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
iommufd: Fix out_fput in iommufd_fault_alloc()
arm64: mm: Fix zone_dma_limit calculation
arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
ALSA: usb-audio: Fix a DMA to stack memory bug
ALSA: usb-audio: Add extra PID for RME Digiface USB
ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
ALSA: usb-audio: add mixer mapping for Corsair HS80
ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
scsi: qla2xxx: Fix abort in bsg timeout
scsi: qla2xxx: Fix NVMe and NPIV connect issue
scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
scsi: qla2xxx: Fix use after free on unload
scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
scsi: ufs: core: sysfs: Prevent div by zero
scsi: ufs: core: Cancel RTC work during ufshcd_remove()
scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers
scsi: ufs: core: Add missing post notify for power mode change
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX
fs/smb/client: Implement new SMB3 POSIX type
fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points
smb3.1.1: fix posix mounts to older servers
io_uring: Change res2 parameter type in io_uring_cmd_done
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"
pmdomain: imx: gpcv2: Adjust delay after power up handshake
selftests/damon: add _damon_sysfs.py to TEST_FILES
selftest: hugetlb_dio: fix test naming
cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
x86/cacheinfo: Delete global num_cache_leaves
drm/amdkfd: hard-code cacheline for gc943,gc944
drm/dp_mst: Fix MST sideband message body length check
drm/amdkfd: add MEC version that supports no PCIe atomics for GFX12
drm/amd/pm: fix and simplify workload handling
drm/dp_mst: Verify request type in the corresponding down message reply
drm/dp_mst: Fix resetting msg rx state after topology removal
drm/amd/display: Correct prefetch calculation
drm/amd/display: Limit VTotal range to max hw cap minus fp
drm/amd/display: Add a left edge pixel if in YCbCr422 or YCbCr420 and odm
drm/amdgpu/hdp6.0: do a posting read when flushing HDP
drm/amdgpu/hdp4.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.0: do a posting read when flushing HDP
drm/amdgpu/hdp7.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.2: do a posting read when flushing HDP
modpost: Add .irqentry.text to OTHER_SECTIONS
x86/kexec: Restore GDT on return from ::preserve_context kexec
bpf: fix OOB devmap writes when deleting elements
dma-buf: fix dma_fence_array_signaled v4
dma-fence: Fix reference leak on fence merge failure path
dma-fence: Use kernel's sort for merging fences
xsk: fix OOB map writes when deleting elements
regmap: detach regmap from dev on regmap_exit
arch_numa: Restore nid checks before registering a memblock with a node
mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet
mmc: core: Further prevent card detect during shutdown
x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
ocfs2: update seq_file index in ocfs2_dlm_seq_next
stackdepot: fix stack_depot_save_flags() in NMI context
lib: stackinit: hide never-taken branch from compiler
sched/numa: fix memory leak due to the overwritten vma->numab_state
kasan: make report_lock a raw spinlock
mm/gup: handle NULL pages in unpin_user_pages()
mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC
x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
mm/damon: fix order of arguments in damos_before_apply tracepoint
mm: memcg: declare do_memsw_account inline
mm: open-code PageTail in folio_flags() and const_folio_flags()
mm: open-code page_folio() in dump_page()
mm: fix vrealloc()'s KASAN poisoning logic
mm: respect mmap hint address when aligning for THP
scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove()
memblock: allow zero threshold in validate_numa_converage()
rust: enable arbitrary_self_types and remove `Receiver`
s390/pci: Sort PCI functions prior to creating virtual busses
s390/pci: Use topology ID for multi-function devices
s390/pci: Ignore RID for isolated VFs
epoll: annotate racy check
kselftest/arm64: Log fp-stress child startup errors to stdout
s390/cpum_sf: Handle CPU hotplug remove during sampling
block: RCU protect disk->conv_zones_bitmap
btrfs: don't take dev_replace rwsem on task already holding it
btrfs: avoid unnecessary device path update for the same device
btrfs: canonicalize the device path before adding it
btrfs: do not clear read-only when adding sprout device
kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
ext4: partial zero eof block on unaligned inode size extension
crypto: ecdsa - Avoid signed integer overflow on signature decoding
kcsan: Turn report_filterlist_lock into a raw_spinlock
hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list
ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID
ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
ACPI: video: force native for Apple MacbookPro11,2 and Air7,2
perf/x86/amd: Warn only on new bits set
cleanup: Adjust scoped_guard() macros to avoid potential warning
iio: magnetometer: fix if () scoped_guard() formatting
timekeeping: Always check for negative motion
gpio: free irqs that are still requested when the chip is being removed
spi: spi-fsl-lpspi: Adjust type of scldiv
soc: qcom: llcc: Use designated initializers for LLC settings
HID: add per device quirk to force bind to hid-generic
firmware: qcom: scm: Allow QSEECOM on Lenovo Yoga Slim 7x
soc: qcom: pd-mapper: Add QCM6490 PD maps
media: uvcvideo: RealSense D421 Depth module metadata
media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
media: uvcvideo: Force UVC version to 1.0a for 0408:4033
media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
mmc: core: Add SD card quirk for broken poweroff notification
mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED
firmware: qcom: scm: Allow QSEECOM on Dell XPS 13 9345
soc: imx8m: Probe the SoC driver as platform driver
regmap: maple: Provide lockdep (sub)class for maple tree's internal lock
selftests/resctrl: Protect against array overflow when reading strings
sched_ext: add a missing rcu_read_lock/unlock pair at scx_select_cpu_dfl()
HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
drm/xe/pciids: separate RPL-U and RPL-P PCI IDs
drm/xe/pciids: separate ARL and MTL PCI IDs
drm/vc4: hdmi: Avoid log spam for audio start failure
drm/vc4: hvs: Set AXI panic modes for the HVS
drm/xe/pciids: Add PVC's PCI device ID macros
wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
drm/xe/pciid: Add new PCI id for ARL
drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
drm/bridge: it6505: Enable module autoloading
drm/mcde: Enable module autoloading
wifi: rtw89: check return value of ieee80211_probereq_get() for RNR
drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL.
dlm: fix possible lkb_resource null dereference
drm/amd/display: skip disable CRTC in seemless bootup case
drm/amd/display: Fix garbage or black screen when resetting otg
drm/amd/display: disable SG displays on cyan skillfish
drm/xe/ptl: L3bank mask is not available on the media GT
drm/xe/xe3: Add initial set of workarounds
drm/display: Fix building with GCC 15
ALSA: hda: Use own quirk lookup helper
ALSA: hda/conexant: Use the new codec SSID matching
ALSA: hda/realtek: Use codec SSID matching for Lenovo devices
r8169: don't apply UDP padding quirk on RTL8126A
samples/bpf: Fix a resource leak
wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
accel/qaic: Add AIC080 support
drm/amd/display: Full exit out of IPS2 when all allow signals have been cleared
net: fec_mpc52xx_phy: Use %pa to format resource_size_t
net: ethernet: fs_enet: Use %pa to format resource_size_t
net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
af_packet: avoid erroring out after sock_init_data() in packet_create()
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
net: af_can: do not leave a dangling sk pointer in can_create()
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
net: inet: do not leave a dangling sk pointer in inet_create()
net: inet6: do not leave a dangling sk pointer in inet6_create()
wifi: ath10k: avoid NULL pointer error during sdio remove
wifi: ath5k: add PCI ID for SX76X
wifi: ath5k: add PCI ID for Arcadyan devices
fanotify: allow reporting errors on failure to open fd
bpf: Prevent tailcall infinite loop caused by freplace
ASoC: sdw_utils: Add support for exclusion DAI quirks
ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored
ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs
ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops
drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout
drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
net: sfp: change quirks for Alcatel Lucent G-010S-P
net: stmmac: Programming sequence for VLAN packets with split header
drm/sched: memset() 'job' in drm_sched_job_init()
drm/amd/display: Adding array index check to prevent memory corruption
drm/amdgpu/gfx9: Add cleaner shader for GFX9.4.2
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
drm/amdgpu: Dereference the ATCS ACPI buffer
netlink: specs: Add missing bitset attrs to ethtool spec
drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
ASoC: sdw_utils: Add quirk to exclude amplifier function
ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support
drm/amd/display: Fix underflow when playing 8K video in full screen mode
mptcp: annotate data-races around subflow->fully_established
dma-debug: fix a possible deadlock on radix_lock
jfs: array-index-out-of-bounds fix in dtReadFirst
jfs: fix shift-out-of-bounds in dbSplit
jfs: fix array-index-out-of-bounds in jfs_readdir
jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
fsl/fman: Validate cell-index value obtained from Device Tree
net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
drm/panic: Add ABGR2101010 support
drm/amd/display: Remove hw w/a toggle if on DP2/HPO
drm/amd/display: parse umc_info or vram_info based on ASIC
drm/amd/display: Prune Invalid Modes For HDMI Output
drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
virtio-net: fix overflow inside virtnet_rq_alloc
ALSA: usb-audio: Make mic volume workarounds globally applicable
drm/amdgpu: set the right AMDGPU sg segment limitation
wifi: ipw2x00: libipw_rx_any(): fix bad alignment
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
bpf: Call free_htab_elem() after htab_unlock_bucket()
mptcp: fix possible integer overflow in mptcp_reset_tout_timer
dsa: qca8k: Use nested lock to avoid splat
i2c: i801: Add support for Intel Panther Lake
Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925
Bluetooth: hci_conn: Use disable_delayed_work_sync
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
Bluetooth: Add new quirks for ATS2851
Bluetooth: Support new quirks for ATS2851
Bluetooth: Set quirks for ATS2851
Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925
Bluetooth: btusb: Add 3 HWIDs for MT7925
ASoC: hdmi-codec: reorder channel allocation list
rocker: fix link status detection in rocker_carrier_init()
net/neighbor: clear error in case strict check is not set
netpoll: Use rcu_access_pointer() in __netpoll_setup
pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
rtla: Fix consistency in getopt_long for timerlat_hist
tracing/ftrace: disable preemption in syscall probe
tracing: Use atomic64_inc_return() in trace_clock_counter()
tools/rtla: fix collision with glibc sched_attr/sched_set_attr
rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long
rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long
scsi: hisi_sas: Add cond_resched() for no forced preemption model
scsi: hisi_sas: Create all dump files during debugfs initialization
ring-buffer: Limit time with disabled interrupts in rb_check_pages()
pinmux: Use sequential access to access desc->pinmux data
scsi: ufs: core: Make DMA mask configuration more flexible
iommu/amd: Fix corruption when mapping large pages from 0
bpf: put bpf_link's program when link is safe to be deallocated
scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths
scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI
scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback
clk: qcom: rcg2: add clk_rcg2_shared_floor_ops
clk: qcom: rpmh: add support for SAR2130P
clk: qcom: tcsrcc-sm8550: add SAR2130P support
clk: qcom: dispcc-sm8550: enable support for SAR2130P
clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
leds: class: Protect brightness_show() with led_cdev->led_access mutex
scsi: st: Don't modify unknown block number in MTIOCGET
scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
pinctrl: qcom-pmic-gpio: add support for PM8937
pinctrl: qcom: spmi-mpp: Add PM8937 compatible
thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens
nvdimm: rectify the illogical code within nd_dax_probe()
smb: client: memcpy() with surrounding object base address
tracing: Fix function name for trampoline
tools/rtla: Enhance argument parsing in timerlat_load.py
verification/dot2: Improve dot parser robustness
mailbox: pcc: Check before sending MCTP PCC response ACK
f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
KMSAN: uninit-value in inode_go_dump (5)
i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
PCI: qcom: Add support for IPQ9574
PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
PCI: vmd: Set devices to D0 before enabling PM L1 Substates
PCI: Detect and trust built-in Thunderbolt chips
PCI: starfive: Enable controller runtime PM before probing host bridge
PCI: Add 'reset_subordinate' to reset hierarchy below bridge
PCI: Add ACS quirk for Wangxun FF5xxx NICs
remoteproc: qcom: pas: enable SAR2130P audio DSP support
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
f2fs: print message if fscorrupted was found in f2fs_new_node_page()
f2fs: fix to shrink read extent node in batches
f2fs: add a sysfs node to limit max read extent count per-inode
ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840
ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[]
LoongArch: Fix sleeping in atomic context for PREEMPT_RT
fs/ntfs3: Fix warning in ni_fiemap
fs/ntfs3: Fix case when unmarked clusters intersect with zone
regulator: qcom-rpmh: Update ranges for FTSMPS525
usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
usb: chipidea: udc: limit usb request length to max 16KB
usb: chipidea: udc: create bounce buffer for problem sglist entries if possible
usb: chipidea: udc: handle USB Error Interrupt if IOC not set
usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations
iio: adc: ad7192: properly check spi_get_device_match_data()
iio: light: ltr501: Add LTER0303 to the supported devices
usb: typec: ucsi: glink: be more precise on orientation-aware ports
ASoC: amd: yc: fix internal mic on Redmi G 2022
drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3
MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW
powerpc/prom_init: Fixup missing powermac #size-cells
misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
rtc: cmos: avoid taking rtc_lock for extended period of time
serial: 8250_dw: Add Sophgo SG2044 quirk
Revert "nvme: make keep-alive synchronous operation"
irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801
smb: client: don't try following DFS links in cifs_tree_connect()
setlocalversion: work around "git describe" performance
io_uring/tctx: work around xa_store() allocation error issue
scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
drm/xe/devcoredump: Use drm_puts and already cached local variables
drm/xe/devcoredump: Improve section headings and add tile info
drm/xe/devcoredump: Add ASCII85 dump helper function
drm/xe/guc: Copy GuC log prior to dumping
drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()
drm/xe/devcoredump: Update handling of xe_force_wake_get return
drm/amd/display: Add option to retrieve detile buffer size
sched: fix warning in sched_setaffinity
sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy
sched/core: Prevent wakeup of ksoftirqd during idle load balance
sched/deadline: Fix warning in migrate_enable for boosted tasks
btrfs: drop unused parameter options from open_ctree()
btrfs: drop unused parameter data from btrfs_fill_super()
btrfs: fix mount failure due to remount races
btrfs: fix missing snapshot drew unlock when root is dead during swap activation
clk: en7523: Initialize num before accessing hws in en7523_register_clocks()
tracing/eprobe: Fix to release eprobe when failed to add dyn_event
x86: Fix build regression with CONFIG_KEXEC_JUMP enabled
Revert "unicode: Don't special case ignorable code points"
vfio/mlx5: Align the page tracking max message size with the device capability
selftests/ftrace: adjust offset for kprobe syntax error test
KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn()
jffs2: Prevent rtime decompress memory corruption
jffs2: Fix rtime decompressor
media: ipu6: use the IPU6 DMA mapping APIs to do mapping
ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
net/mlx5: unique names for per device caches
ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
drm/amdgpu: rework resume handling for display (v2)
ALSA: hda: Fix build error without CONFIG_SND_DEBUG
Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
timekeeping: Remove CONFIG_DEBUG_TIMEKEEPING
clocksource: Make negative motion detection more robust
softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
Linux 6.12.5
Change-Id: If1b834954ed2ee1a16886f9a9909c6ca62d93b6c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit b237e1f7d2273fdcffac20100b72c002bdd770dd ]
The function rb_check_pages() validates the integrity of a specified
per-CPU tracing ring buffer. It does so by traversing the underlying
linked list and checking its next and prev links.
To guarantee that the list isn't modified during the check, a caller
typically needs to take cpu_buffer->reader_lock. This prevents the check
from running concurrently, for example, with a potential reader which
can make the list temporarily inconsistent when swapping its old reader
page into the buffer.
A problem with this approach is that the time when interrupts are
disabled is non-deterministic, dependent on the ring buffer size. This
particularly affects PREEMPT_RT because the reader_lock is a raw
spinlock which doesn't become sleepable on PREEMPT_RT kernels.
Modify the check so it still attempts to traverse the entire list, but
gives up the reader_lock between checking individual pages. Introduce
for this purpose a new variable ring_buffer_per_cpu.cnt which is bumped
any time the list is modified. The value is used by rb_check_pages() to
detect such a change and restart the check.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241015112810.27203-1-petr.pavlu@suse.com
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This catches up android16-6.12 with android-mainline to 6.12-rc7.
Bug: 367265496
Change-Id: I072760fe7a0f14fcfb67d4e4992939db4b810b63
Signed-off-by: Matthias Maennich <maennich@google.com>
Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
In preparation for allowing the write of ring-buffer compliant pages
outside of ring_buffer.c, move to the header, struct buffer_data_page and
timestamp encoding functions into the publicly available ring_buffer.h.
Bug: 357781595
Link: https://lore.kernel.org/all/20240911093029.3279154-4-vdonnefort@google.com/
Change-Id: If5f9609a06d5f5b89c8f56d51506f5ac00ab656a
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
A ring-buffer writer is an entity outside of the kernel (most likely a
firmware or a hypervisor) capable of writing events in a ring-buffer
following the same format as the tracefs ring-buffer.
To setup the ring-buffer on the kernel side, a description of the pages
(struct trace_page_desc) is necessary. A callback (get_reader_page) must
also be provided. It is called whenever it is done reading the previous
reader page.
It is expected from the writer to keep the meta-page updated.
Bug: 357781595
Link: https://lore.kernel.org/all/20240911093029.3279154-3-vdonnefort@google.com/
Change-Id: Ib006ff19d79a5b2559b09661fba7bcd426ef8cba
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Currently there are two ways of identifying an empty ring-buffer. One
relying on the current status of the commit / reader page
(rb_per_cpu_empty()) and the other on the write and read counters
(rb_num_of_entries() used in rb_get_reader_page()).
with rb_num_of_entries(). This intends to ease later
introduction of ring-buffer writers which are out of the kernel control
and with whom, the only information available is through the meta-page
counters.
Bug: 357781595
Link: https://lore.kernel.org/all/20240911093029.3279154-2-vdonnefort@google.com/
Change-Id: I143019bdaee564bddb23b5c2cb472e89d54509f1
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
A crash happened when testing cpu hotplug with respect to the memory
mapped ring buffers. It was assumed that the hot plug code was adding a
per CPU buffer that was already created that caused the crash. The real
problem was due to ref counting and was fixed by commit 2cf9733891
("ring-buffer: Fix refcount setting of boot mapped buffers").
When a per CPU buffer is created, it will not be created again even with
CPU hotplug, so the fix to not use CPU hotplug was a red herring. In fact,
it caused only the boot CPU buffer to be created, leaving the other CPU
per CPU buffers disabled.
Revert that change as it was not the culprit of the fix it was intended to
be.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241113230839.6c03640f@gandalf.local.home
Fixes: 912da2c384 ("ring-buffer: Do not have boot mapped buffers hook to CPU hotplug")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The boot mapped ring buffer has its buffer mapped at a fixed location
found at boot up. It is not dynamic. It cannot grow or be expanded when
new CPUs come online.
Do not hook fixed memory mapped ring buffers to the CPU hotplug callback,
otherwise it can cause a crash when it tries to add the buffer to the
memory that is already fully occupied.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241008143242.25e20801@gandalf.local.home
Fixes: be68d63a13 ("ring-buffer: Add ring_buffer_alloc_range()")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Previously, the mapped ring-buffer layout caused misalignment between
the meta-page and sub-buffers when the sub-buffer size was not a
multiple of PAGE_SIZE. This prevented hardware with larger TLB entries
from utilizing them effectively.
Add a padding with the zero-page between the meta-page and sub-buffers.
Also update the ring-buffer map_test to verify that padding.
Link: https://lore.kernel.org/20240628104611.1443542-1-vdonnefort@google.com
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The text and data address is saved in the meta data so that it can be used
to know the delta of the text and data addresses of the last boot compared
to the text and data addresses of the current boot. The delta is used to
convert function pointer entries in the ring buffer to something that can
be used by kallsyms (note this only works for built-in functions).
But the saved addresses get reset on boot up. If the buffer is not used
and there's another reboot, then the saved text and data addresses will be
of the last boot and not that of the boot that created the content in the
ring buffer.
To get an idea of the issue:
# trace-cmd start -B boot_mapped -p function
# reboot
# trace-cmd show -B boot_mapped | tail
<...>-1 [000] d..1. 461.983243: native_apic_msr_write <-native_kick_ap
<...>-1 [000] d..1. 461.983244: __pfx_native_apic_msr_eoi <-native_kick_ap
<...>-1 [000] d..1. 461.983244: reserve_irq_vector_locked <-native_kick_ap
<...>-1 [000] d..1. 461.983262: branch_emulate_op <-native_kick_ap
<...>-1 [000] d..1. 461.983262: __ia32_sys_ia32_pread64 <-native_kick_ap
<...>-1 [000] d..1. 461.983263: native_kick_ap <-__smpboot_create_thread
<...>-1 [000] d..1. 461.983263: store_cache_disable <-native_kick_ap
<...>-1 [000] d..1. 461.983279: acpi_power_off_prepare <-native_kick_ap
<...>-1 [000] d..1. 461.983280: __pfx_acpi_ns_delete_node <-acpi_suspend_enter
<...>-1 [000] d..1. 461.983280: __pfx_acpi_os_release_lock <-acpi_suspend_enter
# reboot
# trace-cmd show -B boot_mapped |tail
<...>-1 [000] d..1. 461.983243: 0xffffffffa9669220 <-0xffffffffa965f3db
<...>-1 [000] d..1. 461.983244: 0xffffffffa96690f0 <-0xffffffffa965f3db
<...>-1 [000] d..1. 461.983244: 0xffffffffa9663fa0 <-0xffffffffa965f3db
<...>-1 [000] d..1. 461.983262: 0xffffffffa9672e80 <-0xffffffffa965f3e0
<...>-1 [000] d..1. 461.983262: 0xffffffffa962b940 <-0xffffffffa965f3ec
<...>-1 [000] d..1. 461.983263: 0xffffffffa965f540 <-0xffffffffa96e1362
<...>-1 [000] d..1. 461.983263: 0xffffffffa963c940 <-0xffffffffa965f55b
<...>-1 [000] d..1. 461.983279: 0xffffffffa9ee30c0 <-0xffffffffa965f59b
<...>-1 [000] d..1. 461.983280: 0xffffffffa9f16c10 <-0xffffffffa9ee3157
<...>-1 [000] d..1. 461.983280: 0xffffffffa9ee02e0 <-0xffffffffa9ee3157
By not updating the saved text and data addresses in the meta data at
every boot up and only updating them when the buffer is reset, it
allows multiple boots to see the same data.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20240815113629.0dc90af8@rorschach.local.home
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The "reserve_mem" kernel command line parameter has been pulled into
v6.11. Merge the latest -rc3 to allow the persistent ring buffer memory to
be able to be mapped at the address specified by the "reserve_mem" command
line parameter.
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The reader code in rb_get_reader_page() swaps a new reader page into the
ring buffer by doing cmpxchg on old->list.prev->next to point it to the
new page. Following that, if the operation is successful,
old->list.next->prev gets updated too. This means the underlying
doubly-linked list is temporarily inconsistent, page->prev->next or
page->next->prev might not be equal back to page for some page in the
ring buffer.
The resize operation in ring_buffer_resize() can be invoked in parallel.
It calls rb_check_pages() which can detect the described inconsistency
and stop further tracing:
[ 190.271762] ------------[ cut here ]------------
[ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0
[ 190.271789] Modules linked in: [...]
[ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1
[ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f
[ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014
[ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0
[ 190.272023] Code: [...]
[ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206
[ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80
[ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700
[ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000
[ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720
[ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000
[ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000
[ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0
[ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 190.272077] Call Trace:
[ 190.272098] <TASK>
[ 190.272189] ring_buffer_resize+0x2ab/0x460
[ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0
[ 190.272206] tracing_resize_ring_buffer+0x65/0x90
[ 190.272216] tracing_entries_write+0x74/0xc0
[ 190.272225] vfs_write+0xf5/0x420
[ 190.272248] ksys_write+0x67/0xe0
[ 190.272256] do_syscall_64+0x82/0x170
[ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 190.272373] RIP: 0033:0x7f1bd657d263
[ 190.272381] Code: [...]
[ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263
[ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001
[ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000
[ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500
[ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002
[ 190.272412] </TASK>
[ 190.272414] ---[ end trace 0000000000000000 ]---
Note that ring_buffer_resize() calls rb_check_pages() only if the parent
trace_buffer has recording disabled. Recent commit d78ab79270
("tracing: Stop current tracer when resizing buffer") causes that it is
now always the case which makes it more likely to experience this issue.
The window to hit this race is nonetheless very small. To help
reproducing it, one can add a delay loop in rb_get_reader_page():
ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
if (!ret)
goto spin;
for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */
__asm__ __volatile__ ("" : : : "memory");
rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
.. and then run the following commands on the target system:
echo 1 > /sys/kernel/tracing/events/sched/sched_switch/enable
while true; do
echo 16 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
echo 8 > /sys/kernel/tracing/buffer_size_kb; sleep 0.1
done &
while true; do
for i in /sys/kernel/tracing/per_cpu/*; do
timeout 0.1 cat $i/trace_pipe; sleep 0.2
done
done
To fix the problem, make sure ring_buffer_resize() doesn't invoke
rb_check_pages() concurrently with a reader operating on the same
ring_buffer_per_cpu by taking its cpu_buffer->reader_lock.
Link: https://lore.kernel.org/linux-trace-kernel/20240517134008.24529-3-petr.pavlu@suse.com
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes: 659f451ff2 ("ring-buffer: Add integrity check at end of iter read")
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
[ Fixed whitespace ]
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Adjust the following code documentation:
* Kernel-doc comments for ring_buffer_read_prepare() and
ring_buffer_read_finish() mention that recording to the ring buffer is
disabled when the read is active. Remove mention of this restriction
because it was already lifted in commit 1039221cc2 ("ring-buffer: Do
not disable recording when there is an iterator").
* Function ring_buffer_read_finish() performs a self-check of the
ring-buffer by locking cpu_buffer->reader_lock and then calling
rb_check_pages(). The preceding comment explains that the lock is
needed because rb_check_pages() clears the HEAD flag required by
readers which might be running in parallel. Remove this explanation
because commit 8843e06f67 ("ring-buffer: Handle race between
rb_move_tail and rb_check_pages") simplified the function so it no
longer resets the mentioned flag. Nonetheless, the lock is still
needed because a reader swapping a page into the ring buffer can make
the underlying doubly-linked list temporarily inconsistent.
This is a non-functional change.
Link: https://lore.kernel.org/linux-trace-kernel/20240517134008.24529-2-petr.pavlu@suse.com
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
While testing libtracefs on the mmapped ring buffer, the test that checks
if missed events are accounted for failed when using the mapped buffer.
This is because the mapped page does not update the missed events that
were dropped because the writer filled up the ring buffer before the
reader could catch it.
Add the missed events to the reader page/sub-buffer when the IOCTL is done
and a new reader page is acquired.
Note that all accesses to the reader_page via rb_page_commit() had to be
switched to rb_page_size(), and rb_page_size() which was just a copy of
rb_page_commit() but now it masks out the RB_MISSED bits. This is needed
as the mapped reader page is still active in the ring buffer code and
where it reads the commit field of the bpage for the size, it now must
mask it otherwise the missed bits that are now set will corrupt the size
returned.
Link: https://lore.kernel.org/linux-trace-kernel/20240312175405.12fb6726@gandalf.local.home
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Greg Kroah-Hartman
Steven Rostedt
Dmitry Antipov
Vincent Donnefort
Feng Yang
Jeongjun Park
Edward Adam Davis
Petr Pavlu
Aleksei Vetrov
Jianhui Zhou
Thorsten Blum