GKI (arm64) relevant 8 out of 25 changes, affecting 9 files +103/-61
db758487f3 tracing: Fix compilation warning on arm32 [1 file, +1/-1]
bf49527089 f2fs: fix to avoid accessing uninitialized curseg [2 files, +15/-1]
a6a55fe660 rtc: Make rtc_time64_to_tm() support dates before 1970 [1 file, +19/-5]
6b482b16f3 rtc: Fix offset calculation for .start_secs < 0 [1 file, +1/-1]
3c4fed940d PCI/ASPM: Disable L1 before disabling L1 PM Substates [1 file, +50/-42]
0c60158ff1 block: fix adding folio to bio [1 file, +7/-4]
23179d009c usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE [1 file, +3/-0]
e428b7e205 Bluetooth: hci_qca: move the SoC type check to the right place [1 file, +7/-7]
Changes in 6.12.33
tracing: Fix compilation warning on arm32
f2fs: fix to avoid accessing uninitialized curseg
pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31
pinctrl: armada-37xx: set GPIO output value before setting direction
acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
Documentation: ACPI: Use all-string data node references
rtc: Make rtc_time64_to_tm() support dates before 1970
rtc: Fix offset calculation for .start_secs < 0
accel/ivpu: Add initial Panther Lake support
accel/ivpu: Update power island delays
PCI/ASPM: Disable L1 before disabling L1 PM Substates
block: fix adding folio to bio
Revert "cpufreq: tegra186: Share policy per cluster"
usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
usb: typec: ucsi: fix Clang -Wsign-conversion warning
Bluetooth: hci_qca: move the SoC type check to the right place
serial: jsm: fix NPE during jsm_uart_port_init
usb: usbtmc: Fix timeout value in get_stb
thunderbolt: Do not double dequeue a configuration request
dt-bindings: usb: cypress,hx3: Add support for all variants
dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property
Revert "drm/amd/display: more liberal vmin/vmax update for freesync"
Linux 6.12.33
Change-Id: I7c7a2ac6d4c5733af81a449f838133d9da60cafe
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 2fbdb6d8e03b70668c0876e635506540ae92ab05 upstream.
On arm32, size_t is defined to be unsigned int, while PAGE_SIZE is
unsigned long. This hence triggers a compilation warning as min()
asserts the type of two operands to be equal. Casting PAGE_SIZE to size_t
solves this issue and works on other target architectures as well.
Compilation warning details:
kernel/trace/trace.c: In function 'tracing_splice_read_pipe':
./include/linux/minmax.h:20:28: warning: comparison of distinct pointer types lacks a cast
(!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
^
./include/linux/minmax.h:26:4: note: in expansion of macro '__typecheck'
(__typecheck(x, y) && __no_side_effects(x, y))
^~~~~~~~~~~
...
kernel/trace/trace.c:6771:8: note: in expansion of macro 'min'
min((size_t)trace_seq_used(&iter->seq),
^~~
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/20250526013731.1198030-1-pantaixi@huaweicloud.com
Fixes: f5178c41bb43 ("tracing: Fix oob write in trace_seq_to_buffer()")
Reviewed-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Pan Taixi <pantaixi@huaweicloud.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 196a062641fe68d9bfe0ad36b6cd7628c99ad22c ]
Binary printing functions are using printf() type of format, and compiler
is not happy about them as is:
kernel/trace/trace.c:3292:9: error: function ‘trace_vbprintk’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
kernel/trace/trace_seq.c:182:9: error: function ‘trace_seq_bprintf’ might be a candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
Fix the compilation errors by adding __printf() attribute.
While at it, move existing __printf() attributes from the implementations
to the declarations. IT also fixes incorrect attribute parameters that are
used for trace_array_printk().
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20250321144822.324050-4-andriy.shevchenko@linux.intel.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 33 out of 166 changes, affecting 52 files +454/-363
0aaae77be5 ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() [1 file, +7/-0]
fdf0ae5e9e ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset [1 file, +2/-1]
38d9ca7405 binder: fix offset calculation in debug log [1 file, +1/-1]
f1dfc94584 drm/fdinfo: Protect against driver unbind [1 file, +6/-0]
090c8714ef arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays [1 file, +2/-0]
eb9b72e4fe mm/memblock: pass size instead of end to memblock_set_node() [1 file, +1/-1]
9c4ddea497 mm/memblock: repeat setting reserved region nid if array is doubled [1 file, +10/-0]
0988dd0263 tracing: Do not take trace_event_sem in print_event_fields() [1 file, +2/-2]
f451082572 dm-bufio: don't schedule in atomic context [1 file, +8/-1]
510aea4ef0 dm: always update the array size in realloc_argv on success [1 file, +3/-2]
2e303d0107 iommu: Fix two issues in iommu_copy_struct_from_user() [1 file, +4/-4]
573b047229 cpufreq: Avoid using inconsistent policy->min and policy->max [1 file, +25/-7]
962d88304c cpufreq: Fix setting policy limits when frequency tables are used [4 files, +73/-41]
1f27a3e93b tracing: Fix oob write in trace_seq_to_buffer() [1 file, +3/-2]
220395054c ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties [1 file, +13/-19]
29a4a29112 ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence [1 file, +4/-1]
65d3c57061 xsk: Fix race condition in AF_XDP generic RX path [4 files, +6/-6]
fe81c26d2d Bluetooth: hci_conn: Remove alloc from critical section [1 file, +10/-18]
eb8b860e87 Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver [6 files, +95/-107]
620810ac1f Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync [7 files, +88/-109]
432572d536 Bluetooth: L2CAP: copy RX timestamp to new fragments [1 file, +3/-0]
6b1355860d scsi: ufs: core: Remove redundant query_complete trace [1 file, +0/-2]
5ad0b1b554 nvme-pci: fix queue unquiesce check on slot_reset [1 file, +1/-1]
6effe1c0fa net: ipv6: fix UDPv6 GSO segmentation with NAT [1 file, +60/-1]
c0dba059b1 net: use sock_gen_put() when sk_state is TCP_TIME_WAIT [2 files, +2/-2]
e10ec6e32b blk-mq: create correct map for fallback case [1 file, +1/-2]
dab2a13059 mm, slab: clean up slab->obj_exts always [1 file, +7/-20]
0a188c0e19 sch_htb: make htb_qlen_notify() idempotent [1 file, +2/-0]
969d8beaa2 firmware: arm_scmi: Balance device refcount when destroying devices [1 file, +3/-0]
3b41b5efae kernel: param: rename locate_module_kobject [1 file, +3/-3]
69113bf740 kernel: globalize lookup_or_create_module_kobject() [2 files, +3/-1]
e1eea69858 drivers: base: handle module_kobject creation [1 file, +5/-8]
db62809197 dm: fix copying after src array boundaries [1 file, +1/-1]
Changes in 6.12.28
Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x
Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x
Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x
Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x
Bluetooth: btusb: Add new VID/PID for WCN785x
Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x
Revert "rndis_host: Flag RNDIS modems as WWAN devices"
ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
binder: fix offset calculation in debug log
btrfs: adjust subpage bit start based on sectorsize
btrfs: fix COW handling in run_delalloc_nocow()
cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
drm/fdinfo: Protect against driver unbind
drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
EDAC/altera: Test the correct error reg offset
EDAC/altera: Set DDR and SDMMC interrupt mask before registration
i2c: imx-lpi2c: Fix clock count when probe defers
arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
parisc: Fix double SIGFPE crash
perf/x86/intel: Only check the group flag for X86 leader
perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.
amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload
irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
mm/memblock: pass size instead of end to memblock_set_node()
mm/memblock: repeat setting reserved region nid if array is doubled
mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
spi: tegra114: Don't fail set_cs_timing when delays are zero
tracing: Do not take trace_event_sem in print_event_fields()
wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
dm-bufio: don't schedule in atomic context
dm-integrity: fix a warning on invalid table line
dm: always update the array size in realloc_argv on success
drm/amdgpu: Fix offset for HDP remap in nbio v7.11
drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids
iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
iommu: Fix two issues in iommu_copy_struct_from_user()
platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles
platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug
ksmbd: fix use-after-free in ksmbd_session_rpc_open
ksmbd: fix use-after-free in kerberos authentication
ksmbd: fix use-after-free in session logoff
smb: client: fix zero length for mkdir POSIX create context
cpufreq: Avoid using inconsistent policy->min and policy->max
cpufreq: Fix setting policy limits when frequency tables are used
tracing: Fix oob write in trace_seq_to_buffer()
drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties
ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
book3s64/radix : Align section vmemmap start address to PAGE_SIZE
pinctrl: imx: Return NULL if no group is matched and found
powerpc/boot: Check for ld-option support
ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
ALSA: hda/realtek - Enable speaker for HP platform
drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions'
wifi: iwlwifi: don't warn if the NIC is gone in resume
wifi: iwlwifi: fix the check for the SCRATCH register upon resume
wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
powerpc/boot: Fix dash warning
vxlan: vnifilter: Fix unlocked deletion of default FDB entry
xsk: Fix race condition in AF_XDP generic RX path
net/mlx5e: Use custom tunnel header for vxlan gbp
net/mlx5: E-Switch, Initialize MAC Address for Default GID
net/mlx5e: TC, Continue the attr process even if encap entry is invalid
net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
net/mlx5: E-switch, Fix error handling for enabling roce
accel/ivpu: Correct DCT interrupt handling
ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
Bluetooth: hci_conn: Remove alloc from critical section
Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
Bluetooth: btintel_pcie: Avoid redundant buffer allocation
Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
Bluetooth: L2CAP: copy RX timestamp to new fragments
net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
octeon_ep_vf: Resolve netdevice usage count issue
bnxt_en: improve TX timestamping FIFO configuration
rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation
net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll
net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised
net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
pds_core: make pdsc_auxbus_dev_del() void
pds_core: specify auxiliary_device to be created
pds_core: remove write-after-free of client_id
net_sched: drr: Fix double list add in class with netem as child qdisc
net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
net_sched: ets: Fix double list add in class with netem as child qdisc
net_sched: qfq: Fix double list add in class with netem as child qdisc
ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
idpf: fix offloads support for encapsulated packets
scsi: ufs: core: Remove redundant query_complete trace
ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
nvme-pci: fix queue unquiesce check on slot_reset
drm/tests: shmem: Fix memleak
drm/mipi-dbi: Fix blanking for non-16 bit formats
net: dlink: Correct endianness handling of led_mode
net: mdio: mux-meson-gxl: set reversed bit when using internal phy
idpf: fix potential memory leak on kcalloc() failure
idpf: protect shutdown from reset
igc: fix lock order in igc_ptp_reset
net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
net: dsa: felix: fix broken taprio gate states after clock jump
net: ipv6: fix UDPv6 GSO segmentation with NAT
ALSA: hda/realtek: Fix built-mic regression on other ASUS models
bnxt_en: Fix error handling path in bnxt_init_chip()
bnxt_en: Fix ethtool selftest output in one of the failure cases
bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
bnxt_en: Fix coredump logic to free allocated buffer
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
bnxt_en: Fix ethtool -d byte order for 32-bit values
nvme-tcp: fix premature queue removal and I/O failover
nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction
bnxt_en: fix module unload sequence
net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
net: lan743x: Fix memleak issue when GSO enabled
net: fec: ERR007885 Workaround for conventional TX
octeon_ep: Fix host hang issue during device reboot
net: hns3: store rx VLAN tag offload state for VF
net: hns3: fix an interrupt residual problem
net: hns3: fixed debugfs tm_qset size
net: hns3: defer calling ptp_clock_register()
net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
net: vertexcom: mse102x: Fix LEN_MASK
net: vertexcom: mse102x: Add range check for CMD_RTS
net: vertexcom: mse102x: Fix RX error handling
blk-mq: create correct map for fallback case
mm, slab: clean up slab->obj_exts always
bcachefs: Remove incorrect __counted_by annotation
net: Fix the devmem sock opts and msgs for parisc
accel/ivpu: Make DB_ID and JOB_ID allocations incremental
accel/ivpu: Use xa_alloc_cyclic() instead of custom function
accel/ivpu: Fix a typo
accel/ivpu: Update VPU FW API headers
accel/ivpu: Abort all jobs after command queue unregister
accel/ivpu: Fix locking order in ivpu_job_submit
accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
sch_htb: make htb_qlen_notify() idempotent
sch_drr: make drr_qlen_notify() idempotent
sch_hfsc: make hfsc_qlen_notify() idempotent
sch_qfq: make qfq_qlen_notify() idempotent
sch_ets: make est_qlen_notify() idempotent
drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change
firmware: arm_scmi: Balance device refcount when destroying devices
firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
arm64: dts: imx95: Correct the range of PCIe app-reg region
ARM: dts: opos6ul: add ksz8081 phy properties
arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs
Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
kernel: param: rename locate_module_kobject
kernel: globalize lookup_or_create_module_kobject()
drivers: base: handle module_kobject creation
drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
drm/amd/display: Fix slab-use-after-free in hdcp
dm: fix copying after src array boundaries
Linux 6.12.28
Change-Id: I79f3d50a10acfe53f329b4b5a4af502f488c61f3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f5178c41bb43444a6008150fe6094497135d07cb upstream.
syzbot reported this bug:
==================================================================
BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]
BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822
Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260
CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xc3/0x670 mm/kasan/report.c:521
kasan_report+0xe0/0x110 mm/kasan/report.c:634
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189
__asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106
trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]
tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822
....
==================================================================
It has been reported that trace_seq_to_buffer() tries to copy more data
than PAGE_SIZE to buf. Therefore, to prevent this, we should use the
smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.
Link: https://lore.kernel.org/20250422113026.13308-1-aha310510@gmail.com
Reported-by: syzbot+c8cd2d2c412b868263fb@syzkaller.appspotmail.com
Fixes: 3c56819b14 ("tracing: splice support for tracing_pipe")
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 39 out of 154 changes, affecting 57 files +585/-415
93745f5f23 arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings [1 file, +6/-3]
065215ef00 Bluetooth: qca: Update firmware-name to support board specific nvm [1 file, +85/-28]
4a679448ef Bluetooth: qca: Fix poor RF performance for WCN6855 [1 file, +3/-2]
3e0686bc60 Input: serio - define serio_pause_rx guard to pause and resume serio ports [1 file, +3/-0]
1711fd7bd9 PCI: Make pcim_request_all_regions() a public function [2 files, +3/-1]
969c54c82d PCI: Export pci_intx_unmanaged() and pcim_intx() [3 files, +34/-21]
ed020100b6 PCI: Remove devres from pci_intx() [3 files, +4/-44]
75334c9cd6 PCI: Restore original INTX_DISABLE bit by pcim_intx() [1 file, +19/-15]
3284fbfa87 tracing: Switch trace.c code over to use guard() [1 file, +94/-172]
1e6419b1a4 tracing: Have the error of __tracing_resize_ring_buffer() passed to user [1 file, +1/-7]
e9fec6f42c USB: gadget: f_midi: f_midi_complete to call queue_work [1 file, +1/-1]
4381a4fab3 vsock/virtio: fix variables initialization during resuming [1 file, +7/-3]
3e4c56cf41 net/sched: cls_api: fix error handling causing NULL dereference [1 file, +1/-1]
22b683217a sockmap, vsock: For connectible sockets allow only connected [1 file, +3/-0]
478a46f112 vsock/bpf: Warn on socket without transport [2 files, +4/-1]
997ef6117e tcp: adjust rcvq_space after updating scaling ratio [1 file, +9/-3]
90c7f5cd59 flow_dissector: Fix handling of mixed port and port-range keys [1 file, +19/-12]
cbd75b9136 flow_dissector: Fix port range key handling in BPF conversion [1 file, +10/-8]
36d5616bc5 net: Add non-RCU dev_getbyhwaddr() helper [2 files, +36/-3]
c4a0f11532 arp: switch to dev_getbyhwaddr() in arp_req_set_public() [1 file, +1/-1]
cd34a07f74 tcp: drop secpath at the same time as we currently drop dst [4 files, +21/-7]
ed0ca7d212 net: allow small head cache usage with large MAX_SKB_FRAGS values [3 files, +10/-6]
972bafed67 bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() [1 file, +1/-4]
1c81ba1913 bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic [2 files, +8/-6]
d95607a5f2 bpf: avoid holding freeze_mutex during mmap operation [1 file, +10/-7]
6798f428d8 bpf: Fix wrong copied_seq calculation [5 files, +77/-5]
f91716d5fa bpf: Disable non stream socket for strparser [1 file, +4/-1]
fac674d2bd bpf: Fix deadlock when freeing cgroup storage [1 file, +1/-1]
f579afacd0 net: Add rx_skb of kfree_skb to raw_tp_null_args[]. [1 file, +2/-0]
c1f3f3892d bpf: Fix softlockup in arena_map_free on 64k page kernel [1 file, +1/-1]
d2d5fe4c64 nvme/ioctl: add missing space in err message [1 file, +1/-2]
7b8894ef03 bpf: skip non exist keys in generic_map_lookup_batch [1 file, +5/-13]
79151b47bf io_uring/rw: forbid multishot async reads [1 file, +11/-2]
506b9b5e8c io_uring: prevent opcode speculation [1 file, +2/-0]
6f3edf2d50 gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set [2 files, +35/-17]
cd1c4113ba lib/iov_iter: fix import_iovec_ubuf iovec management [1 file, +2/-1]
ff673b71f0 mm,madvise,hugetlb: check for 0-length range after end address adjustment [1 file, +10/-1]
ada54b2e81 irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled [1 file, +40/-13]
384c8291f7 tracing: Fix using ret variable in tracing_set_tracer() [1 file, +1/-2]
Changes in 6.12.17
arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
drm/xe/oa: Separate batch submission from waiting for completion
drm/xe/oa/uapi: Define and parse OA sync properties
drm/xe/oa: Add input fence dependencies
xe/oa: Fix query mode of operation for OAR/OAC
btrfs: do not assume the full page range is not dirty in extent_writepage_io()
btrfs: move the delalloc range bitmap search into extent_io.c
btrfs: mark all dirty sectors as locked inside writepage_delalloc()
btrfs: remove unused btrfs_folio_start_writer_lock()
btrfs: unify to use writer locks for subpage locking
btrfs: rename btrfs_folio_(set|start|end)_writer_lock()
btrfs: use btrfs_inode in extent_writepage()
btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
btrfs: fix double accounting race when extent_writepage_io() failed
KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base()
KVM: x86: Inline kvm_get_apic_mode() in lapic.h
KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER
drm/amd/display: update dcn351 used clock offset
drm/amd/display: Correct register address in dcn35
Bluetooth: qca: Update firmware-name to support board specific nvm
Bluetooth: qca: Fix poor RF performance for WCN6855
Input: serio - define serio_pause_rx guard to pause and resume serio ports
Input: synaptics - fix crash when enabling pass-through port
ASoC: renesas: rz-ssi: Terminate all the DMA transactions
ASoC: renesas: rz-ssi: Add a check for negative sample_space
PCI: Make pcim_request_all_regions() a public function
PCI: Export pci_intx_unmanaged() and pcim_intx()
PCI: Remove devres from pci_intx()
PCI: Restore original INTX_DISABLE bit by pcim_intx()
arm64: dts: mediatek: mt8183-pumpkin: add HDMI support
arm64: dts: mediatek: mt8183: Disable DSI display output by default
accel/ivpu: Limit FW version string length
accel/ivpu: Add coredump support
accel/ivpu: Add FW state dump on TDR
accel/ivpu: Fix error handling in recovery/reset
drm/amdkfd: Move gfx12 trap handler to separate file
drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler
tracing: Switch trace.c code over to use guard()
tracing: Have the error of __tracing_resize_ring_buffer() passed to user
USB: gadget: f_midi: f_midi_complete to call queue_work
sched_ext: Factor out move_task_between_dsqs() from scx_dispatch_from_dsq()
sched_ext: Fix migration disabled handling in targeted dispatches
ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB]
ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
powerpc/code-patching: Disable KASAN report during patching via temporary mm
powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
ALSA: hda/realtek: Fixup ALC225 depop procedure
powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device
vsock/virtio: fix variables initialization during resuming
geneve: Fix use-after-free in geneve_find_dev().
ALSA: hda/cirrus: Correct the full scale volume set logic
net/sched: cls_api: fix error handling causing NULL dereference
ALSA: seq: Drop UMP events when no UMP-conversion is set
s390/ism: add release function for struct device
ibmvnic: Add stat for tx direct vs tx batched
ibmvnic: Don't reference skb after sending to VIOS
sockmap, vsock: For connectible sockets allow only connected
vsock/bpf: Warn on socket without transport
tcp: adjust rcvq_space after updating scaling ratio
net: pse-pd: Avoid setting max_uA in regulator constraints
net: pse-pd: Use power limit at driver side instead of current limit
net: pse-pd: pd692x0: Fix power limit retrieval
gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
geneve: Suppress list corruption splat in geneve_destroy_tunnels().
flow_dissector: Fix handling of mixed port and port-range keys
flow_dissector: Fix port range key handling in BPF conversion
net: Add non-RCU dev_getbyhwaddr() helper
arp: switch to dev_getbyhwaddr() in arp_req_set_public()
net: axienet: Set mac_managed_pm
tcp: drop secpath at the same time as we currently drop dst
net: allow small head cache usage with large MAX_SKB_FRAGS values
bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic
bpf: avoid holding freeze_mutex during mmap operation
strparser: Add read_sock callback
bpf: Fix wrong copied_seq calculation
bpf: Disable non stream socket for strparser
bpf: Fix deadlock when freeing cgroup storage
arm64: dts: rockchip: Fix lcdpwr_en pin for Cool Pi GenBook
power: supply: da9150-fg: fix potential overflow
power: supply: axp20x_battery: Fix fault handling for AXP717
selftests/bpf: Add tests for raw_tp null handling
net: Add rx_skb of kfree_skb to raw_tp_null_args[].
bpf: Fix softlockup in arena_map_free on 64k page kernel
arm64: dts: rockchip: adjust SMMU interrupt type on rk3588
firmware: arm_scmi: imx: Correct tx size of scmi_imx_misc_ctrl_set
md/raid*: Fix the set_queue_limits implementations
firmware: imx: IMX_SCMI_MISC_DRV should depend on ARCH_MXC
platform: cznic: CZNIC_PLATFORMS should depend on ARCH_MVEBU
nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range()
drm/msm: Avoid rounding up to one jiffy
drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450
drm/msm/dpu: enable DPU_WB_INPUT_CTRL for DPU 5.x
drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields
drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side
drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver
drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk source
nvme: tcp: Fix compilation warning with W=1
nvme-tcp: fix connect failure on receiving partial ICResp PDU
nvme/ioctl: add missing space in err message
bpf: skip non exist keys in generic_map_lookup_batch
drm/nouveau/pmu: Fix gp10b firmware guard
irqchip/jcore-aic, clocksource/drivers/jcore: Fix jcore-pit interrupt request
drm: panel: jd9365da-h3: fix reset signal polarity
drm/msm/dpu: Disable dither in phys encoder cleanup
drm/i915: Make sure all planes in use by the joiner have their crtc included
drm/i915/dp: Fix error handling during 128b/132b link training
drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL
drm/i915/gt: Use spin_lock_irqsave() in interruptible context
io_uring/rw: forbid multishot async reads
io_uring: prevent opcode speculation
gpiolib: protect gpio_chip with SRCU in array_info paths in multi get/set
tee: optee: Fix supplicant wait loop
drop_monitor: fix incorrect initialization order
mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588
arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM
arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck
soc: loongson: loongson2_guts: Add check for devm_kstrdup()
s390/boot: Fix ESSA detection
xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n
lib/iov_iter: fix import_iovec_ubuf iovec management
smb: client: fix chmod(2) regression with ATTR_READONLY
nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
gve: set xdp redirect target only when it is available
ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
ASoC: fsl_micfil: Enable default case in micfil_set_quality()
ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls()
ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
acct: perform last write from workqueue
acct: block access to kernel internal filesystems
mm,madvise,hugetlb: check for 0-length range after end address adjustment
mtd: spi-nor: sst: Fix SST write failure
mtd: rawnand: cadence: fix error code in cadence_nand_init()
mtd: rawnand: cadence: use dma_map_resource for sdma address
mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
perf/x86/intel: Fix event constraints for LNC
irqchip/gic-v3: Fix rk3399 workaround when secure interrupts are enabled
smb: client: Add check for next_buffer in receive_encrypted_standard()
EDAC/qcom: Correct interrupt enable register configuration
ftrace: Correct preemption accounting for function tracing.
ftrace: Fix accounting of adding subops to a manager ops
ftrace: Do not add duplicate entries in subops manager ops
tracing: Fix using ret variable in tracing_set_tracer()
net: pse-pd: Fix deadlock in current limit functions
sched_ext: Fix incorrect assumption about migration disabled tasks in task_can_run_on_remote_rq()
selftests/mm: build with -O2
arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1 plus lts
drm/amdgpu/gfx9: manually control gfxoff for CS on RV
drm/amdgpu: bump version for RV/PCO compute fix
Linux 6.12.17
Change-Id: I5ee898299270b3b8a7d037d4b060ab803a3cc8db
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 22bec11a569983f39c6061cb82279e7de9e3bdfc upstream.
When the function tracing_set_tracer() switched over to using the guard()
infrastructure, it did not need to save the 'ret' variable and would just
return the value when an error arised, instead of setting ret and jumping
to an out label.
When CONFIG_TRACER_SNAPSHOT is enabled, it had code that expected the
"ret" variable to be initialized to zero and had set 'ret' while holding
an arch_spin_lock() (not used by guard), and then upon releasing the lock
it would check 'ret' and exit if set. But because ret was only set when an
error occurred while holding the locks, 'ret' would be used uninitialized
if there was no error. The code in the CONFIG_TRACER_SNAPSHOT block should
be self contain. Make sure 'ret' is also set when no error occurred.
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20250106111143.2f90ff65@gandalf.local.home
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202412271654.nJVBuwmF-lkp@intel.com/
Fixes: d33b10c0c73ad ("tracing: Switch trace.c code over to use guard()")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 60b8f711143de7cd9c0f55be0fe7eb94b19eb5c7 ]
Currently if __tracing_resize_ring_buffer() returns an error, the
tracing_resize_ringbuffer() returns -ENOMEM. But it may not be a memory
issue that caused the function to fail. If the ring buffer is memory
mapped, then the resizing of the ring buffer will be disabled. But if the
user tries to resize the buffer, it will get an -ENOMEM returned, which is
confusing because there is plenty of memory. The actual error returned was
-EBUSY, which would make much more sense to the user.
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20250213134132.7e4505d7@gandalf.local.home
Fixes: 117c39200d ("ring-buffer: Introducing ring-buffer mapping functions")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d33b10c0c73adca00f72bf4a153a07b7f5f34715 ]
There are several functions in trace.c that have "goto out;" or
equivalent on error in order to release locks or free values that were
allocated. This can be error prone or just simply make the code more
complex.
Switch every location that ends with unlocking a mutex or freeing on error
over to using the guard(mutex)() and __free() infrastructure to let the
compiler worry about releasing locks. This makes the code easier to read
and understand.
There's one place that should probably return an error but instead return
0. This does not change the return as the only changes are to do the
conversion without changing the logic. Fixing that location will have to
come later.
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Link: https://lore.kernel.org/20241224221413.7b8c68c3@batman.local.home
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Stable-dep-of: 60b8f711143d ("tracing: Have the error of __tracing_resize_ring_buffer() passed to user")
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 76 out of 226 changes, affecting 86 files +761/-318
aa879ef6d3 HID: multitouch: Add NULL check in mt_input_configured [1 file, +4/-1]
ba6ab3f04d pinctrl: pinconf-generic: Print unsigned value if a format is registered [1 file, +4/-4]
36fd8f1c73 HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context [1 file, +1/-1]
889e6b42a4 net: fib_rules: annotate data-races around rule->[io]ifindex [1 file, +13/-11]
18e77fccfc ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() [1 file, +1/-1]
022cac1c69 vrf: use RCU protection in l3mdev_l3_out() [1 file, +2/-0]
e7c16028a4 workqueue: Put the pwq after detaching the rescuer from the pool [1 file, +6/-6]
715eb1af64 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array [1 file, +7/-5]
c3e39d6acb cgroup: Remove steal time from usage_usec [1 file, +0/-1]
9d32212b99 io_uring/waitid: don't abuse io_tw_state [1 file, +2/-2]
98d6ee3e30 io_uring/uring_cmd: remove dead req_has_async_data() check [1 file, +0/-3]
9e6d70a910 block: cleanup and fix batch completion adding conditions [1 file, +14/-4]
a7052afa9e gpiolib: Fix crash on error in gpiochip_get_ngpios() [1 file, +3/-3]
1b259a5df5 media: uvcvideo: Implement dual stream quirk to fix loss of usb packets [2 files, +27/-1]
7706d1edb9 media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera [1 file, +9/-0]
24407a7584 media: uvcvideo: Add Kurokesu C1 PRO camera [1 file, +9/-0]
2290d3bd96 PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P [1 file, +1/-0]
551df35e4f PCI: switchtec: Add Microchip PCI100X device IDs [2 files, +37/-0]
88a01e9c9a scsi: ufs: bsg: Set bsg_queue to NULL after removal [1 file, +1/-0]
c58e0d2d04 serial: 8250_pci: Resolve WCH vendor ID ambiguity [1 file, +41/-41]
14a2a8ec50 kunit: platform: Resolve 'struct completion' warning [1 file, +1/-0]
abb99f28b4 ring-buffer: Unlock resize on mmap error [1 file, +1/-0]
e8dff5f739 tracing: Do not allow mmap() of persistent ring buffer [1 file, +4/-0]
3ec743d558 ring-buffer: Validate the persistent meta data subbuf array [1 file, +20/-2]
9f837ea922 ring-buffer: Update pages_touched to reflect persistent buffer content [1 file, +5/-0]
a5852836e5 usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries [1 file, +9/-0]
5fead36e09 usb: dwc3: Fix timeout issue during controller enter/exit from halt state [1 file, +34/-0]
69f27580e8 usb: roles: set switch registered flag early on [1 file, +3/-2]
f3b755022f usb: xhci: Restore xhci_pci support for Renesas HCs [1 file, +4/-3]
9c91296e2d USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI [1 file, +9/-0]
847fff8e20 usb: core: fix pipe creation for get_bMaxPacketSize0 [1 file, +1/-2]
6c4fce1b16 USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist [1 file, +3/-0]
f4e1cebbfa USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone [1 file, +3/-0]
6b16761a92 usb: gadget: f_midi: fix MIDI Streaming descriptor lengths [1 file, +4/-4]
62d8f4c545 USB: hub: Ignore non-compliant devices with too many configs or interfaces [1 file, +11/-0]
165fac6ceb USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk [1 file, +6/-3]
f64079bef6 usb: cdc-acm: Check control transfer buffer size before access [1 file, +14/-3]
a5b205ceef usb: cdc-acm: Fix handling of oversized fragments [1 file, +1/-1]
f894448f39 usb: gadget: core: flush gadget workqueue after device removal [1 file, +1/-1]
ce526e1b29 PCI: Avoid FLR for Mediatek MT7922 WiFi [1 file, +2/-1]
3ed642e80c efi: Avoid cold plugged memory for placing the kernel [4 files, +11/-2]
edd4084445 cgroup: fix race between fork and cgroup.kill [3 files, +16/-11]
29c04864fb serial: port: Assign ->iotype correctly when ->iobase is set [1 file, +2/-1]
010eb5fe22 serial: port: Always update ->iotype in __uart_read_properties() [1 file, +1/-1]
eeb64f9637 regmap-irq: Add missing kfree() [1 file, +2/-0]
9a1c65ff5e include: net: add static inline dst_dev_overhead() to dst.h [1 file, +9/-0]
ebf0ac02e2 clocksource: Use pr_info() for "Checking clocksource synchronization" message [1 file, +2/-1]
cc3d79e7c8 clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context [1 file, +4/-2]
f7015dcac2 scsi: ufs: core: Introduce ufshcd_has_pending_tasks() [1 file, +9/-4]
9ece41a0d7 scsi: ufs: core: Prepare to introduce a new clock_gating lock [1 file, +7/-4]
f453c45152 scsi: ufs: core: Introduce a new clock_gating lock [2 files, +59/-59]
7d46869aa7 scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed [1 file, +1/-1]
cb4d7fbc93 ipv4: add RCU protection to ip4_dst_hoplimit() [1 file, +7/-2]
dfe542e745 ipv4: use RCU protection in ip_dst_mtu_maybe_forward() [1 file, +10/-3]
ec9af76451 net: add dev_net_rcu() helper [2 files, +7/-1]
f4ba5e65c9 ipv4: use RCU protection in ipv4_default_advmss() [1 file, +8/-3]
77096420be ipv4: use RCU protection in rt_is_expired() [1 file, +7/-1]
ad66c7c4d8 ipv4: use RCU protection in inet_select_addr() [1 file, +2/-1]
7f5005457b net: ipv4: Cache pmtu for all packet paths if multipath enabled [2 files, +108/-17]
4583748b65 ipv4: use RCU protection in __ip_rt_update_pmtu() [1 file, +6/-5]
3c925321a5 ipv4: icmp: convert to dev_net_rcu() [1 file, +17/-14]
a575827791 flow_dissector: use RCU protection to fetch dev_net() [1 file, +11/-10]
713a40c892 ipv6: use RCU protection in ip6_default_advmss() [1 file, +6/-1]
653bb5225c ipv6: icmp: convert to dev_net_rcu() [1 file, +23/-19]
2152b417be HID: hid-steam: Make sure rumble work is canceled on removal [1 file, +1/-0]
3e38cbbfa0 HID: hid-steam: Move hidraw input (un)registering to work [1 file, +31/-7]
bbec88e410 ndisc: use RCU protection in ndisc_alloc_skb() [1 file, +4/-6]
cdd5c2a12d neighbour: use RCU protection in __neigh_notify() [1 file, +6/-2]
01d1b5c9ab arp: use RCU protection in arp_xmit() [1 file, +3/-1]
789230e5a8 ndisc: extend RCU protection in ndisc_send_skb() [1 file, +8/-4]
0bf8e2f376 ipv6: mcast: extend RCU protection in igmp6_send() [1 file, +15/-16]
25195f9d5f ipv6: mcast: add RCU protection to mld_newpack() [1 file, +10/-4]
13129b1fbf scsi: ufs: core: Ensure clk_gating.lock is used only after initialization [1 file, +6/-2]
7d0dc28dae io_uring/kbuf: reallocate buf lists on upgrade [1 file, +11/-4]
645ce25aa0 vsock: Keep the binding until socket destruction [1 file, +6/-2]
3a866f8376 vsock: Orphan socket after transport release [1 file, +7/-1]
Changes in 6.12.16
nfsd: clear acl_access/acl_default after releasing them
NFSD: fix hang in nfsd4_shutdown_callback
nfsd: validate the nfsd_serv pointer before calling svc_wake_up
x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
pinctrl: cy8c95x0: Avoid accessing reserved registers
pinctrl: cy8c95x0: Enable regmap locking for debug
pinctrl: cy8c95x0: Rename PWMSEL to SELPWM
pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
HID: winwing: Add NULL check in winwing_init_led()
HID: multitouch: Add NULL check in mt_input_configured
scripts/Makefile.extrawarn: Do not show clang's non-kprintf warnings at W=1
pinctrl: pinconf-generic: Print unsigned value if a format is registered
HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context
spi: sn-f-ospi: Fix division by zero
ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
net: fib_rules: annotate data-races around rule->[io]ifindex
Documentation/networking: fix basic node example document ISO 15765-2
ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
vrf: use RCU protection in l3mdev_l3_out()
idpf: fix handling rsc packet with a single segment
idpf: record rx queue in skb for RSC packets
idpf: call set_real_num_queues in idpf_open
igc: Fix HW RX timestamp when passed by ZC XDP
vxlan: check vxlan_vnigroup_init() return value
LoongArch: Fix idle VS timer enqueue
LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
LoongArch: KVM: Fix typo issue about GCFG feature detection
net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases
net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case
Bluetooth: btintel_pcie: Fix a potential race condition
team: better TEAM_OPTION_TYPE_STRING validation
workqueue: Put the pwq after detaching the rescuer from the pool
sched_ext: Fix lock imbalance in dispatch_to_local_dsq()
drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
gpu: host1x: Fix a use of uninitialized mutex
cgroup: Remove steal time from usage_usec
perf/x86/intel: Clean up PEBS-via-PT on hybrid
drm/xe/client: bo->client does not need bos_lock
drm/i915/selftests: avoid using uninitialized context
gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
gpio: bcm-kona: Add missing newline to dev_err format string
io_uring/waitid: don't abuse io_tw_state
io_uring/uring_cmd: remove dead req_has_async_data() check
amdkfd: properly free gang_ctx_bo when failed to init user queue
drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
drm: Fix DSC BPP increment decoding
xen/swiotlb: relax alignment requirements
x86/xen: allow larger contiguous memory regions in PV guests
block: cleanup and fix batch completion adding conditions
sched_ext: Fix the incorrect bpf_list kfunc API in common.bpf.h.
sched_ext: Use SCX_CALL_OP_TASK in task_tick_scx
gpiolib: Fix crash on error in gpiochip_get_ngpios()
iommu/amd: Expicitly enable CNTRL.EPHEn bit in resume path
tools: fix annoying "mkdir -p ..." logs when building tools in parallel
RDMA/efa: Reset device on probe failure
firmware: qcom: scm: smc: Handle missing SCM device
fbdev: omap: use threaded IRQ for LCD DMA
soc/tegra: fuse: Update Tegra234 nvmem keepout list
i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming
i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus
media: cxd2841er: fix 64-bit division on gcc-9
media: i2c: ds90ub913: Add error handling to ub913_hw_init()
media: i2c: ds90ub953: Add error handling for i2c reads/writes
media: bcm2835-unicam: Disable trigger mode operation
media: uvcvideo: Implement dual stream quirk to fix loss of usb packets
media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera
media: uvcvideo: Add Kurokesu C1 PRO camera
media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
PCI: switchtec: Add Microchip PCI100X device IDs
scsi: ufs: bsg: Set bsg_queue to NULL after removal
rtla/timerlat_hist: Abort event processing on second signal
rtla/timerlat_top: Abort event processing on second signal
serial: 8250_pci: Resolve WCH vendor ID ambiguity
serial: 8250_pci: Share WCH IDs with parport_serial driver
8250: microchip: pci1xxxx: Add workaround for RTS bit toggle
kunit: platform: Resolve 'struct completion' warning
vfio/pci: Enable iowrite64 and ioread64 for vfio pci
NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
vfio/nvgrace-gpu: Read dvsec register to determine need for uncached resmem
vfio/nvgrace-gpu: Expose the blackwell device PF BAR1 to the VM
fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode()
Grab mm lock before grabbing pt lock
selftests: gpio: gpio-sim: Fix missing chip disablements
ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V
x86/mm/tlb: Only trim the mm_cpumask once a second
orangefs: fix a oob in orangefs_debug_write
kbuild: suppress stdout from merge_config for silent builds
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
kbuild: Use -fzero-init-padding-bits=all
batman-adv: fix panic during interface removal
batman-adv: Ignore neighbor throughput metrics in error case
batman-adv: Drop unmanaged ELP metric worker
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
KVM: nSVM: Enter guest mode before initializing nested NPT MMU
perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF
perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
ring-buffer: Unlock resize on mmap error
tracing: Do not allow mmap() of persistent ring buffer
ring-buffer: Validate the persistent meta data subbuf array
ring-buffer: Update pages_touched to reflect persistent buffer content
usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries
usb: dwc3: Fix timeout issue during controller enter/exit from halt state
usb: roles: set switch registered flag early on
usb: gadget: udc: renesas_usb3: Fix compiler warning
usb: dwc2: gadget: remove of_node reference upon udc_stop
usb: xhci: Restore xhci_pci support for Renesas HCs
USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
usb: core: fix pipe creation for get_bMaxPacketSize0
USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
USB: hub: Ignore non-compliant devices with too many configs or interfaces
USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
usb: cdc-acm: Check control transfer buffer size before access
usb: cdc-acm: Fix handling of oversized fragments
usb: gadget: core: flush gadget workqueue after device removal
USB: serial: option: add MeiG Smart SLM828
USB: serial: option: add Telit Cinterion FN990B compositions
USB: serial: option: fix Telit Cinterion FN990A name
USB: serial: option: drop MeiG Smart defines
can: ctucanfd: handle skb allocation failure
can: c_can: fix unbalanced runtime PM disable in error path
can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero
can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated
can: etas_es58x: fix potential NULL pointer dereference on udev->serial
alpha: make stack 16-byte aligned (most cases)
wifi: ath12k: fix handling of 6 GHz rules
PCI: Avoid FLR for Mediatek MT7922 WiFi
kbuild: userprogs: fix bitsize and target detection on clang
efi: Avoid cold plugged memory for placing the kernel
arm64: rust: clean Rust 1.85.0 warning using softfloat target
objtool/rust: add one more `noreturn` Rust function
rust: rbtree: fix overindented list item
cgroup: fix race between fork and cgroup.kill
serial: port: Assign ->iotype correctly when ->iobase is set
serial: port: Always update ->iotype in __uart_read_properties()
serial: 8250: Fix fifo underflow on flush
alpha: replace hardcoded stack offsets with autogenerated ones
alpha: align stack for page fault and user unaligned trap handlers
s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn()
s390/pci: Fix handling of isolated VFs
gpiolib: acpi: Add a quirk for Acer Nitro ANV14
gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock
partitions: mac: fix handling of bogus partition table
sched_ext: Fix incorrect autogroup migration detection
regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
iommu: Fix potential memory leak in iopf_queue_remove_device()
regmap-irq: Add missing kfree()
arm64: Handle .ARM.attributes section in linker scripts
mmc: mtk-sd: Fix register settings for hs400(es) mode
igc: Set buffer type for empty frames in igc_init_empty_frame
cifs: pick channels for individual subrequests
mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
btrfs: fix hole expansion when writing at an offset beyond EOF
include: net: add static inline dst_dev_overhead() to dst.h
net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue
net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
clocksource: Use pr_info() for "Checking clocksource synchronization" message
clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context
scsi: ufs: core: Introduce ufshcd_has_pending_tasks()
scsi: ufs: core: Prepare to introduce a new clock_gating lock
scsi: ufs: core: Introduce a new clock_gating lock
scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed
rust: kbuild: add -fzero-init-padding-bits to bindgen_skip_cflags
cpufreq/amd-pstate: Call cppc_set_epp_perf in the reenable function
cpufreq/amd-pstate: Align offline flow of shared memory and MSR based systems
cpufreq/amd-pstate: Refactor amd_pstate_epp_reenable() and amd_pstate_epp_offline()
cpufreq/amd-pstate: Remove the cppc_state check in offline/online functions
cpufreq/amd-pstate: Merge amd_pstate_epp_cpu_offline() and amd_pstate_epp_offline()
cpufreq/amd-pstate: convert mutex use to guard()
cpufreq/amd-pstate: Fix cpufreq_policy ref counting
ipv4: add RCU protection to ip4_dst_hoplimit()
ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
net: add dev_net_rcu() helper
ipv4: use RCU protection in ipv4_default_advmss()
ipv4: use RCU protection in rt_is_expired()
ipv4: use RCU protection in inet_select_addr()
net: ipv4: Cache pmtu for all packet paths if multipath enabled
ipv4: use RCU protection in __ip_rt_update_pmtu()
ipv4: icmp: convert to dev_net_rcu()
flow_dissector: use RCU protection to fetch dev_net()
ipv6: use RCU protection in ip6_default_advmss()
ipv6: icmp: convert to dev_net_rcu()
HID: hid-steam: Make sure rumble work is canceled on removal
HID: hid-steam: Move hidraw input (un)registering to work
ndisc: use RCU protection in ndisc_alloc_skb()
neighbour: use RCU protection in __neigh_notify()
arp: use RCU protection in arp_xmit()
openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
ndisc: extend RCU protection in ndisc_send_skb()
ipv6: mcast: extend RCU protection in igmp6_send()
btrfs: rename __get_extent_map() and pass btrfs_inode
btrfs: fix stale page cache after race between readahead and direct IO write
ipv6: mcast: add RCU protection to mld_newpack()
drm/tidss: Fix issue in irq handling causing irq-flood issue
drm/tidss: Fix race condition while handling interrupt registers
drm/tidss: Clear the interrupt status for interrupts being disabled
drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
drm/rcar-du: dsi: Fix PHY lock bit check
drm/msm/dpu: fix x1e80100 intf_6 underrun/vsync interrupt
drm/msm/dpu1: don't choke on disabling the writeback connector
drm/v3d: Stop active perfmon if it is being destroyed
drm/xe/tracing: Fix a potential TP_printk UAF
drm: renesas: rz-du: Increase supported resolutions
netdevsim: print human readable IP address
selftests: rtnetlink: update netdevsim ipsec output format
x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
bpf: handle implicit declaration of function gettid in bpf_iter.c
selftests/bpf: Fix uprobe consumer test
wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
cpufreq/amd-pstate: Remove the goto label in amd_pstate_update_limits
net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
scsi: ufs: core: Ensure clk_gating.lock is used only after initialization
io_uring/kbuf: reallocate buf lists on upgrade
vsock: Keep the binding until socket destruction
vsock: Orphan socket after transport release
Revert "vfio/platform: check the bounds of read/write syscalls"
Linux 6.12.16
Change-Id: I84e354ffa6aeb0323a95046630310c3d2185a069
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 129fe718819cc5e24ea2f489db9ccd4371f0c6f6 upstream.
When trying to mmap a trace instance buffer that is attached to
reserve_mem, it would crash:
BUG: unable to handle page fault for address: ffffe97bd00025c8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 2862f3067 P4D 2862f3067 PUD 0
Oops: Oops: 0000 [#1] PREEMPT_RT SMP PTI
CPU: 4 UID: 0 PID: 981 Comm: mmap-rb Not tainted 6.14.0-rc2-test-00003-g7f1a5e3fbf9e-dirty #233
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:validate_page_before_insert+0x5/0xb0
Code: e2 01 89 d0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <48> 8b 46 08 a8 01 75 67 66 90 48 89 f0 8b 50 34 85 d2 74 76 48 89
RSP: 0018:ffffb148c2f3f968 EFLAGS: 00010246
RAX: ffff9fa5d3322000 RBX: ffff9fa5ccff9c08 RCX: 00000000b879ed29
RDX: ffffe97bd00025c0 RSI: ffffe97bd00025c0 RDI: ffff9fa5ccff9c08
RBP: ffffb148c2f3f9f0 R08: 0000000000000004 R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000200 R12: 0000000000000000
R13: 00007f16a18d5000 R14: ffff9fa5c48db6a8 R15: 0000000000000000
FS: 00007f16a1b54740(0000) GS:ffff9fa73df00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe97bd00025c8 CR3: 00000001048c6006 CR4: 0000000000172ef0
Call Trace:
<TASK>
? __die_body.cold+0x19/0x1f
? __die+0x2e/0x40
? page_fault_oops+0x157/0x2b0
? search_module_extables+0x53/0x80
? validate_page_before_insert+0x5/0xb0
? kernelmode_fixup_or_oops.isra.0+0x5f/0x70
? __bad_area_nosemaphore+0x16e/0x1b0
? bad_area_nosemaphore+0x16/0x20
? do_kern_addr_fault+0x77/0x90
? exc_page_fault+0x22b/0x230
? asm_exc_page_fault+0x2b/0x30
? validate_page_before_insert+0x5/0xb0
? vm_insert_pages+0x151/0x400
__rb_map_vma+0x21f/0x3f0
ring_buffer_map+0x21b/0x2f0
tracing_buffers_mmap+0x70/0xd0
__mmap_region+0x6f0/0xbd0
mmap_region+0x7f/0x130
do_mmap+0x475/0x610
vm_mmap_pgoff+0xf2/0x1d0
ksys_mmap_pgoff+0x166/0x200
__x64_sys_mmap+0x37/0x50
x64_sys_call+0x1670/0x1d70
do_syscall_64+0xbb/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The reason was that the code that maps the ring buffer pages to user space
has:
page = virt_to_page((void *)cpu_buffer->subbuf_ids[s]);
And uses that in:
vm_insert_pages(vma, vma->vm_start, pages, &nr_pages);
But virt_to_page() does not work with vmap()'d memory which is what the
persistent ring buffer has. It is rather trivial to allow this, but for
now just disable mmap() of instances that have their ring buffer from the
reserve_mem option.
If an mmap() is performed on a persistent buffer it will return -ENODEV
just like it would if the .mmap field wasn't defined in the
file_operations structure.
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20250214115547.0d7287d3@gandalf.local.home
Fixes: 9b7bdf6f6e ("tracing: Have trace_printk not use binary prints if boot buffer")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 24 out of 115 changes, affecting 34 files +169/-94
f4ab7d7424 bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP [1 file, +5/-1]
8cdfb06569 fork: avoid inappropriate uprobe access to invalid mm [1 file, +6/-7]
2175b66c7f mm/vmstat: fix a W=1 clang compiler warning [1 file, +1/-1]
35727f4506 tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() [2 files, +9/-3]
4aa5dcb389 tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection [3 files, +16/-5]
997cf2d8c2 bpf: Check negative offsets in __bpf_skb_min_len() [1 file, +15/-6]
a817e938a0 phy: core: Fix an OF node refcount leakage in _of_phy_get() [1 file, +5/-2]
479b6c2a5f phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() [1 file, +3/-1]
09f17bfb36 phy: core: Fix that API devm_phy_put() fails to release the phy [1 file, +1/-1]
f797151e84 phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider [1 file, +3/-3]
7e7c8ffc01 phy: core: Fix that API devm_phy_destroy() fails to destroy the phy [1 file, +1/-1]
c180c3f42d ALSA: memalloc: prefer dma_mapping_error() over explicit address checking [1 file, +1/-1]
a39ff5bf23 stddef: make __struct_group() UAPI C++-friendly [2 files, +21/-7]
68662d78af tracing/kprobe: Make trace_kprobe's module callback called after jump_label update [1 file, +1/-1]
ca5995f805 regmap: Use correct format specifier for logging range errors [1 file, +2/-2]
fdaaf92943 bpf: Zero index arg error string for dynptr and iter [6 files, +29/-29]
92d5139b91 virtio-blk: don't keep queue frozen during system suspend [1 file, +5/-2]
16b54ee81d blk-mq: register cpuhp callback after hctx is added to xarray table [1 file, +7/-8]
7d680f2f76 ublk: detach gendisk from ublk device if add_disk() fails [1 file, +17/-9]
79a47fd0f1 freezer, sched: Report frozen tasks as 'D' instead of 'R' [1 file, +2/-1]
a744146969 tracing: Constify string literal data member in struct trace_event_call [1 file, +1/-1]
1cca920af1 tracing: Prevent bad count for tracing_cpumask_write [1 file, +3/-0]
8e8494c83c io_uring/sqpoll: fix sqpoll error handling races [1 file, +6/-0]
aed157301c PCI/MSI: Handle lack of irqdomain gracefully [2 files, +9/-2]
Changes in 6.12.8
media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
ceph: allocate sparse_ext map only for sparse reads
arm64: dts: broadcom: Fix L2 linesize for Raspberry Pi 5
bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
fork: avoid inappropriate uprobe access to invalid mm
mm/vmstat: fix a W=1 clang compiler warning
selftests/bpf: Fix compilation error in get_uprobe_offset()
smb: client: Deduplicate "select NETFS_SUPPORT" in Kconfig
smb: fix bytes written value in /proc/fs/cifs/Stats
tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
bpf: Check negative offsets in __bpf_skb_min_len()
nfsd: Revert "nfsd: release svc_expkey/svc_export with rcu_work"
nfsd: restore callback functionality for NFSv4.0
mtd: diskonchip: Cast an operand to prevent potential overflow
mtd: rawnand: arasan: Fix double assertion of chip-select
mtd: rawnand: arasan: Fix missing de-registration of NAND
phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP
phy: core: Fix an OF node refcount leakage in _of_phy_get()
phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
phy: core: Fix that API devm_phy_put() fails to release the phy
phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider
phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
phy: usb: Toggle the PHY power during init
phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM
phy: rockchip: naneng-combphy: fix phy reset
ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
dmaengine: mv_xor: fix child node refcount handling in early exit
dmaengine: dw: Select only supported masters for ACPI devices
dmaengine: tegra: Return correct DMA status when paused
dmaengine: amd: qdma: Remove using the private get and set dma_ops APIs
dmaengine: fsl-edma: implement the cleanup path of fsl_edma3_attach_pd()
dmaengine: apple-admac: Avoid accessing registers in probe
dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP
platform/chrome: cros_ec_lpc: fix product identity for early Framework Laptops
mtd: rawnand: fix double free in atmel_pmecc_create_user()
ASoC: amd: ps: Fix for enabling DMIC on acp63 platform via _DSD entry
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21QA and 21QB
ASoC: dt-bindings: realtek,rt5645: Fix CPVDD voltage comment
ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 21Q6 and 21Q7
powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
power: supply: bq24190: Fix BQ24296 Vbus regulator support
stddef: make __struct_group() UAPI C++-friendly
tracing/kprobe: Make trace_kprobe's module callback called after jump_label update
watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler
Revert "watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for PMU regs"
watchdog: mediatek: Add support for MT6735 TOPRGU/WDT
scsi: qla1280: Fix hw revision numbering for ISP1020/1040
scsi: megaraid_sas: Fix for a potential deadlock
udf: Skip parent dir link count update if corrupted
udf: Verify inode link counts before performing rename
ALSA: ump: Don't open legacy substream for an inactive group
ALSA: ump: Indicate the inactive group in legacy substream names
ALSA: ump: Update legacy substream names upon FB info update
ALSA: hda/conexant: fix Z60MR100 startup pop issue
ALSA: sh: Use standard helper for buffer accesses
smb: server: Fix building with GCC 15
regmap: Use correct format specifier for logging range errors
LoongArch: Fix reserving screen info memory for above-4G firmware
LoongArch: BPF: Adjust the parameter of emit_jirl()
platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
bpf: Zero index arg error string for dynptr and iter
spi: intel: Add Panther Lake SPI controller support
scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time
scsi: mpi3mr: Synchronize access to ioctl data buffer
scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
scsi: mpi3mr: Start controller indexing from 0
scsi: mpi3mr: Handling of fault code for insufficient power
scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error
ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A
spi: omap2-mcspi: Fix the IS_ERR() bug for devm_clk_get_optional_enabled()
drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()
virtio-blk: don't keep queue frozen during system suspend
blk-mq: register cpuhp callback after hctx is added to xarray table
wifi: iwlwifi: be less noisy if the NIC is dead in S3
ublk: detach gendisk from ublk device if add_disk() fails
drm/xe: Take PM ref in delayed snapshot capture worker
drm/xe: Move the coredump registration to the worker thread
objtool: Add bch2_trans_unlocked_error() to bcachefs noreturns
freezer, sched: Report frozen tasks as 'D' instead of 'R'
dmaengine: loongson2-apb: Change GENMASK to GENMASK_ULL
perf/x86/intel/uncore: Add Clearwater Forest support
tracing: Constify string literal data member in struct trace_event_call
tracing: Prevent bad count for tracing_cpumask_write
rtla/timerlat: Fix histogram ALL for zero samples
io_uring/sqpoll: fix sqpoll error handling races
i2c: microchip-core: actually use repeated sends
x86/fred: Clear WFE in missing-ENDBRANCH #CPs
virt: tdx-guest: Just leak decrypted memory on unrecoverable errors
PCI/MSI: Handle lack of irqdomain gracefully
perf/x86/intel: Fix bitmask of OCR and FRONTEND events for LNC
i2c: imx: add imx7d compatible string for applying erratum ERR007805
i2c: microchip-core: fix "ghost" detections
perf/x86/intel/ds: Add PEBS format 6
power: supply: cros_charge-control: add mutex for driver data
power: supply: cros_charge-control: allow start_threshold == end_threshold
power: supply: cros_charge-control: hide start threshold on v2 cmd
power: supply: gpio-charger: Fix set charge current limits
btrfs: fix race with memory mapped writes when activating swap file
btrfs: avoid monopolizing a core when activating a swap file
btrfs: fix swap file activation failure due to extents that used to be shared
btrfs: fix transaction atomicity bug when enabling simple quotas
btrfs: sysfs: fix direct super block member reads
btrfs: fix use-after-free when COWing tree bock and tracing is enabled
btrfs: check folio mapping after unlock in put_file_data()
btrfs: check folio mapping after unlock in relocate_one_folio()
Bluetooth: btusb: mediatek: move Bluetooth power off command position
Bluetooth: btusb: mediatek: add callback function in btusb_disconnect
Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
Bluetooth: btusb: mediatek: change the conditions for ISO interface
ALSA: ump: Shut up truncated string warning
ALSA: sh: Fix wrong argument order for copy_from_iter()
Linux 6.12.8
Change-Id: I2f5b46453984dde6ed8c381109655261a6bc3596
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 43 out of 161 changes, affecting 62 files +519/-460
5dbe6816c4 sched/fair: Fix NEXT_BUDDY [1 file, +2/-5]
0ee98301f1 sched/fair: Fix sched_can_stop_tick() for fair tasks [1 file, +1/-1]
0653fa6ee0 erofs: fix PSI memstall accounting [1 file, +2/-2]
bdd68033d1 sched/dlserver: Fix dlserver double enqueue [3 files, +18/-2]
baedaacee1 sched/dlserver: Fix dlserver time accounting [1 file, +9/-6]
910798ecd3 erofs: add erofs_sb_free() helper [1 file, +19/-17]
3e0d81efcb erofs: use `struct erofs_device_info` for the primary device [4 files, +22/-31]
f067d3f69d erofs: reference `struct erofs_device_info` for erofs_map_dev [4 files, +15/-23]
3042448109 erofs: use buffered I/O for file-backed mounts by default [3 files, +21/-10]
d924c8afe6 netdev: fix repeated netlink messages in queue dump [1 file, +4/-7]
b38e858ab0 netdev: fix repeated netlink messages in queue stats [1 file, +2/-2]
57ed6505ba netdev-genl: avoid empty messages in queue dump [1 file, +2/-2]
aa9e573145 net: mdiobus: fix an OF node reference leak [1 file, +10/-3]
20bf32f482 irqchip/gic-v3: Work around insecure GIC integrations [1 file, +16/-1]
ea78f77f78 KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden [1 file, +2/-1]
4f393ea1e2 net: tun: fix tun_napi_alloc_frags() [1 file, +1/-1]
97701315e3 block: Revert "block: Fix potential deadlock while freezing queue and acquiring sysfs_lock" [3 files, +23/-26]
7ccad1ee83 xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic [1 file, +0/-2]
47c8b6cf1d drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() [1 file, +7/-4]
c8395bfcd0 dma-buf: Fix __dma_buf_debugfs_list_del argument for !CONFIG_DEBUG_FS [1 file, +1/-1]
b5792c162d block: avoid to reuse `hctx` not removed from cpuhp callback list [1 file, +10/-1]
1828714c09 trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers [1 file, +9/-0]
6d91e90cfc zram: refuse to use zero sized block device as backing device [1 file, +6/-0]
6fb92e9a52 zram: fix uninitialized ZRAM not releasing backing device [1 file, +4/-5]
ad7c9f1f43 vmalloc: fix accounting with i915 [1 file, +4/-2]
4234ca9884 mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() [1 file, +4/-2]
ec12f30fe5 ring-buffer: Fix overflow in __rb_map_vma [1 file, +5/-1]
9667c91464 alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG [1 file, +6/-1]
3985cd3047 tracing: Fix test_event_printk() to process entire print argument [1 file, +53/-29]
71a613ceac tracing: Add missing helper functions in event pointer dereference check [1 file, +19/-2]
683eccacc0 tracing: Add "%s" check in test_event_printk() [1 file, +89/-15]
d3e73fe7ca tracing: Check "%s" dereference via the field and not the TP_printk format [5 files, +88/-217]
06eb089489 io_uring: Fix registered ring file refcount leak [2 files, +2/-3]
4f95a2186b io_uring: check if iowq is killed before queuing [1 file, +5/-1]
2976661ed4 of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent() [1 file, +1/-0]
e30e72844c of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() [1 file, +1/-0]
e0d9c581ac of: property: fw_devlink: Do not use interrupt-parent directly [1 file, +0/-2]
501d686391 of: address: Preserve the flags portion on 1:1 dma-ranges mapping [1 file, +2/-1]
c62318587c of: Fix error path in of_parse_phandle_with_args_map() [1 file, +10/-5]
adc4b70fb6 of: Fix refcount leakage for OF node returned by __of_get_dma_parent() [1 file, +1/-1]
a095090b70 mm: shmem: fix ShmemHugePages at swapout [1 file, +12/-10]
a086c8d7f2 mm: convert partially_mapped set/clear operations to be atomic [2 files, +6/-14]
2d129beb8d epoll: Add synchronous wakeup support for ep_poll_callback [2 files, +5/-1]
Changes in 6.12.7
net: sched: fix ordering of qlen adjustment
net: stmmac: fix TSO DMA API usage causing oops
firmware: arm_scmi: Fix i.MX build dependency
firmware: arm_ffa: Fix the race around setting ffa_dev->properties
RISC-V: KVM: Fix csr_write -> csr_set for HVIEN PMU overflow bit
sched/fair: Fix NEXT_BUDDY
sched/fair: Fix sched_can_stop_tick() for fair tasks
sched/eevdf: More PELT vs DELAYED_DEQUEUE
p2sb: Factor out p2sb_read_from_cache()
p2sb: Introduce the global flag p2sb_hidden_by_bios
p2sb: Move P2SB hide and unhide code to p2sb_scan_and_cache()
p2sb: Do not scan and remove the P2SB device when it is unhidden
i2c: pnx: Fix timeout in wait functions
s390/ipl: Fix never less than zero warning
erofs: fix PSI memstall accounting
sched/dlserver: Fix dlserver double enqueue
sched/dlserver: Fix dlserver time accounting
s390/mm: Consider KMSAN modules metadata for paging levels
erofs: add erofs_sb_free() helper
erofs: use `struct erofs_device_info` for the primary device
erofs: reference `struct erofs_device_info` for erofs_map_dev
erofs: use buffered I/O for file-backed mounts by default
xfs: sb_spino_align is not verified
xfs: fix sparse inode limits on runt AG
xfs: fix off-by-one error in fsmap's end_daddr usage
xfs: fix sb_spino_align checks for large fsblock sizes
xfs: fix zero byte checking in the superblock scrubber
tools: hv: change permissions of NetworkManager configuration file
cxl/pci: Fix potential bogus return value upon successful probing
cxl/region: Fix region creation for greater than x2 switches
net/smc: protect link down work from execute after lgr freed
net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg
net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
net/smc: check smcd_v2_ext_offset when receiving proposal msg
net/smc: check return value of sock_recvmsg when draining clc data
net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()
netdevsim: prevent bad user input in nsim_dev_health_break_write()
tools/net/ynl: fix sub-message key lookup for nested attributes
ionic: Fix netdev notifier unregister on failure
ionic: no double destroy workqueue
ionic: use ee->offset when returning sprom data
net: renesas: rswitch: rework ts tags management
ksmbd: count all requests in req_running counter
ksmbd: fix broken transfers when exceeding max simultaneous operations
netdev: fix repeated netlink messages in queue dump
netdev: fix repeated netlink messages in queue stats
team: Fix feature exposure when no ports are present
net: hinic: Fix cleanup in create_rxqs/txqs()
net: ethernet: oa_tc6: fix infinite loop error when tx credits becomes 0
net: ethernet: oa_tc6: fix tx skb race condition between reference pointers
net: ethernet: bgmac-platform: fix an OF node reference leak
net: netdevsim: fix nsim_pp_hold_write()
can: m_can: set init flag earlier in probe
can: m_can: fix missed interrupts with m_can_pci
ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems
netfilter: ipset: Fix for recursive locking warning
selftests: openvswitch: fix tcpdump execution
net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic
netdev-genl: avoid empty messages in queue dump
psample: adjust size if rate_as_probability is set
net: mdiobus: fix an OF node reference leak
mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
mmc: mtk-sd: disable wakeup in .remove() and in the error path of .probe()
irqchip/gic-v3: Work around insecure GIC integrations
EDAC/amd64: Simplify ECC check on unified memory controllers
KVM: arm64: Do not allow ID_AA64MMFR0_EL1.ASIDbits to be overridden
KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
net: tun: fix tun_napi_alloc_frags()
chelsio/chtls: prevent potential integer overflow on 32bit
net: mctp: handle skb cleanup on sock_queue failures
block: Revert "block: Fix potential deadlock while freezing queue and acquiring sysfs_lock"
i2c: riic: Always round-up when calculating bus period
efivarfs: Fix error on non-existent file
hexagon: Disable constant extender optimization for LLVM prior to 19.1.0
USB: serial: option: add TCL IK512 MBIM & ECM
USB: serial: option: add MeiG Smart SLM770A
USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
USB: serial: option: add MediaTek T7XX compositions
USB: serial: option: add Telit FE910C04 rmnet compositions
xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
thunderbolt: Add support for Intel Panther Lake-M/P
thunderbolt: Improve redrive mode handling
thunderbolt: Don't display nvm_version unless upgrade supported
drm/display: use ERR_PTR on DP tunnel manager creation fail
drm/amd: Update strapping for NBIO 2.5.0
drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
drm/amdgpu: fix amdgpu_coredump
drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
udmabuf: udmabuf_create pin folio codestyle cleanup
udmabuf: fix memory leak on last export_udmabuf() error path
dma-buf: Fix __dma_buf_debugfs_list_del argument for !CONFIG_DEBUG_FS
drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference
drm/panel: novatek-nt35950: fix return value check in nt35950_probe()
drm/panel: st7701: Add prepare_prev_first flag to drm_panel
drm/panel: synaptics-r63353: Fix regulator unbalance
i915/guc: Reset engine utilization buffer before registration
i915/guc: Ensure busyness counter increases motonically
i915/guc: Accumulate active runtime on gt reset
drm/amdgpu: don't access invalid sched
hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers
hwmon: (tmp513) Fix Current Register value interpretation
hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers
block: avoid to reuse `hctx` not removed from cpuhp callback list
trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers
drm/amdgpu/nbio7.11: fix IP version check
drm/amdgpu/nbio7.7: fix IP version check
drm/amdgpu/smu14.0.2: fix IP version check
zram: refuse to use zero sized block device as backing device
zram: fix uninitialized ZRAM not releasing backing device
vmalloc: fix accounting with i915
mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()
ring-buffer: Fix overflow in __rb_map_vma
alloc_tag: fix set_codetag_empty() when !CONFIG_MEM_ALLOC_PROFILING_DEBUG
btrfs: split bios to the fs sector size boundary
btrfs: fix improper generation check in snapshot delete
btrfs: tree-checker: reject inline extent items with 0 ref count
s390/mm: Fix DirectMap accounting
drm/amdgpu/nbio7.0: fix IP version check
drm/amdgpu/gfx12: fix IP version check
drm/amdgpu/mmhub4.1: fix IP version check
fgraph: Still initialize idle shadow stacks when starting
Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
tools: hv: Fix a complier warning in the fcopy uio daemon
x86/hyperv: Fix hv tsc page based sched_clock for hibernation
KVM: x86: Play nice with protected guests in complete_hypercall_exit()
smb: client: fix TCP timers deadlock after rmmod
accel/ivpu: Fix general protection fault in ivpu_bo_list()
accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()
tracing: Fix test_event_printk() to process entire print argument
tracing: Add missing helper functions in event pointer dereference check
tracing: Add "%s" check in test_event_printk()
tracing: Check "%s" dereference via the field and not the TP_printk format
selftests/memfd: run sysctl tests when PID namespace support is enabled
selftests/bpf: Use asm constraint "m" for LoongArch
io_uring: Fix registered ring file refcount leak
io_uring: check if iowq is killed before queuing
NFS/pnfs: Fix a live lock between recalled layouts and layoutget
KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits
of/irq: Fix interrupt-map cell length check in of_irq_parse_imap_parent()
of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
ocfs2: fix the space leak in LA when releasing LA
nilfs2: fix buffer head leaks in calls to truncate_inode_pages()
nilfs2: prevent use of deleted inode
udmabuf: fix racy memfd sealing check
udmabuf: also check for F_SEAL_FUTURE_WRITE
of: property: fw_devlink: Do not use interrupt-parent directly
of: address: Preserve the flags portion on 1:1 dma-ranges mapping
of: Fix error path in of_parse_phandle_with_args_map()
of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
ceph: give up on paths longer than PATH_MAX
ceph: validate snapdirname option length when mounting
ceph: improve error handling and short/overflow-read logic in __ceph_sync_read()
ceph: fix memory leaks in __ceph_sync_read()
ceph: fix memory leak in ceph_direct_read_write()
mm: use aligned address in clear_gigantic_page()
mm: use aligned address in copy_user_gigantic_page()
mm: shmem: fix ShmemHugePages at swapout
mm: convert partially_mapped set/clear operations to be atomic
epoll: Add synchronous wakeup support for ep_poll_callback
Linux 6.12.7
Change-Id: I139753dbdf8a7e4c9a1d0381d0f14830965acd1a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit afd2627f727b89496d79a6b934a025fc916d4ded upstream.
The TP_printk() portion of a trace event is executed at the time a event
is read from the trace. This can happen seconds, minutes, hours, days,
months, years possibly later since the event was recorded. If the print
format contains a dereference to a string via "%s", and that string was
allocated, there's a chance that string could be freed before it is read
by the trace file.
To protect against such bugs, there are two functions that verify the
event. The first one is test_event_printk(), which is called when the
event is created. It reads the TP_printk() format as well as its arguments
to make sure nothing may be dereferencing a pointer that was not copied
into the ring buffer along with the event. If it is, it will trigger a
WARN_ON().
For strings that use "%s", it is not so easy. The string may not reside in
the ring buffer but may still be valid. Strings that are static and part
of the kernel proper which will not be freed for the life of the running
system, are safe to dereference. But to know if it is a pointer to a
static string or to something on the heap can not be determined until the
event is triggered.
This brings us to the second function that tests for the bad dereferencing
of strings, trace_check_vprintf(). It would walk through the printf format
looking for "%s", and when it finds it, it would validate that the pointer
is safe to read. If not, it would produces a WARN_ON() as well and write
into the ring buffer "[UNSAFE-MEMORY]".
The problem with this is how it used va_list to have vsnprintf() handle
all the cases that it didn't need to check. Instead of re-implementing
vsnprintf(), it would make a copy of the format up to the %s part, and
call vsnprintf() with the current va_list ap variable, where the ap would
then be ready to point at the string in question.
For architectures that passed va_list by reference this was possible. For
architectures that passed it by copy it was not. A test_can_verify()
function was used to differentiate between the two, and if it wasn't
possible, it would disable it.
Even for architectures where this was feasible, it was a stretch to rely
on such a method that is undocumented, and could cause issues later on
with new optimizations of the compiler.
Instead, the first function test_event_printk() was updated to look at
"%s" as well. If the "%s" argument is a pointer outside the event in the
ring buffer, it would find the field type of the event that is the problem
and mark the structure with a new flag called "needs_test". The event
itself will be marked by TRACE_EVENT_FL_TEST_STR to let it be known that
this event has a field that needs to be verified before the event can be
printed using the printf format.
When the event fields are created from the field type structure, the
fields would copy the field type's "needs_test" value.
Finally, before being printed, a new function ignore_event() is called
which will check if the event has the TEST_STR flag set (if not, it
returns false). If the flag is set, it then iterates through the events
fields looking for the ones that have the "needs_test" flag set.
Then it uses the offset field from the field structure to find the pointer
in the ring buffer event. It runs the tests to make sure that pointer is
safe to print and if not, it triggers the WARN_ON() and also adds to the
trace output that the event in question has an unsafe memory access.
The ignore_event() makes the trace_check_vprintf() obsolete so it is
removed.
Link: https://lore.kernel.org/all/CAHk-=wh3uOnqnZPpR0PeLZZtyWbZLboZ7cHLCKRWsocvs9Y7hQ@mail.gmail.com/
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/20241217024720.848621576@goodmis.org
Fixes: 5013f454a3 ("tracing: Add check of trace event print fmts for dereferencing pointers")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8cd63406d08110c8098e1efda8aef7ddab4db348 upstream.
The TP_printk() of a TRACE_EVENT() is a generic printf format that any
developer can create for their event. It may include pointers to strings
and such. A boot mapped buffer may contain data from a previous kernel
where the strings addresses are different.
One solution is to copy the event content and update the pointers by the
recorded delta, but a simpler solution (for now) is to just use the
print_fields() function to print these events. The print_fields() function
just iterates the fields and prints them according to what type they are,
and ignores the TP_printk() format from the event itself.
To understand the difference, when printing via TP_printk() the output
looks like this:
4582.696626: kmem_cache_alloc: call_site=getname_flags+0x47/0x1f0 ptr=00000000e70e10e0 bytes_req=4096 bytes_alloc=4096 gfp_flags=GFP_KERNEL node=-1 accounted=false
4582.696629: kmem_cache_alloc: call_site=alloc_empty_file+0x6b/0x110 ptr=0000000095808002 bytes_req=360 bytes_alloc=384 gfp_flags=GFP_KERNEL node=-1 accounted=false
4582.696630: kmem_cache_alloc: call_site=security_file_alloc+0x24/0x100 ptr=00000000576339c3 bytes_req=16 bytes_alloc=16 gfp_flags=GFP_KERNEL|__GFP_ZERO node=-1 accounted=false
4582.696653: kmem_cache_free: call_site=do_sys_openat2+0xa7/0xd0 ptr=00000000e70e10e0 name=names_cache
But when printing via print_fields() (echo 1 > /sys/kernel/tracing/options/fields)
the same event output looks like this:
4582.696626: kmem_cache_alloc: call_site=0xffffffff92d10d97 (-1831793257) ptr=0xffff9e0e8571e000 (-107689771147264) bytes_req=0x1000 (4096) bytes_alloc=0x1000 (4096) gfp_flags=0xcc0 (3264) node=0xffffffff (-1) accounted=(0)
4582.696629: kmem_cache_alloc: call_site=0xffffffff92d0250b (-1831852789) ptr=0xffff9e0e8577f800 (-107689770747904) bytes_req=0x168 (360) bytes_alloc=0x180 (384) gfp_flags=0xcc0 (3264) node=0xffffffff (-1) accounted=(0)
4582.696630: kmem_cache_alloc: call_site=0xffffffff92efca74 (-1829778828) ptr=0xffff9e0e8d35d3b0 (-107689640864848) bytes_req=0x10 (16) bytes_alloc=0x10 (16) gfp_flags=0xdc0 (3520) node=0xffffffff (-1) accounted=(0)
4582.696653: kmem_cache_free: call_site=0xffffffff92cfbea7 (-1831879001) ptr=0xffff9e0e8571e000 (-107689771147264) name=names_cache
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/20241218141507.28389a1d@gandalf.local.home
Fixes: 07714b4bb3 ("tracing: Handle old buffer mappings for event strings and functions")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
GKI (arm64) relevant 129 out of 468 changes, affecting 180 files +1843/-980
e0964a5778 ptp: Add error handling for adjfine callback in ptp_clock_adjtime [1 file, +2/-1]
a007f8895f net/sched: tbf: correct backlog statistic for GSO packets [1 file, +12/-6]
9545011e7b net: Fix icmp host relookup triggering ip_rt_bug [1 file, +3/-0]
01f95357e4 ipv6: avoid possible NULL deref in modify_prefix_route() [1 file, +7/-6]
8b591bd522 net/ipv6: release expired exception dst cached in socket [1 file, +3/-3]
e48b211c4c tipc: Fix use-after-free of kernel socket in cleanup_bearer(). [1 file, +1/-1]
da5cc778e7 netfilter: nft_inner: incorrect percpu area handling under softirq [2 files, +46/-12]
a36a6d7037 Revert "udp: avoid calling sock_def_readable() if possible" [1 file, +3/-11]
22074dc1d4 ethtool: Fix wrong mod state in case of verbose and no_mask bitset [1 file, +44/-4]
316183d583 net: avoid potential UAF in default_operstate() [1 file, +6/-1]
c00372e41b mmc: sd: SDUC Support Recognition [7 files, +27/-15]
19e22f1e68 mmc: core: Adjust ACMD22 to SDUC [1 file, +18/-6]
42311846d3 mmc: core: Use GFP_NOIO in ACMD22 [1 file, +4/-0]
4e51552bc5 zram: do not mark idle slots that cannot be idle [1 file, +18/-7]
0ab037634b zram: clear IDLE flag in mark_idle() [1 file, +2/-0]
405b6d5f90 ntp: Remove invalid cast in time offset math [1 file, +1/-1]
6358df316d f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK} [1 file, +29/-39]
e6a91ed4b9 f2fs: fix to adjust appropriate length for fiemap [2 files, +4/-3]
8e9fec7f79 f2fs: fix to requery extent which cross boundary of inquiry [1 file, +15/-5]
815d8f0e52 i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS [2 files, +5/-3]
c3806cf647 i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED [2 files, +59/-13]
1117462773 i3c: master: Fix dynamic address leak when 'assigned-address' is present [1 file, +5/-10]
7d4e5e33ea scsi: ufs: core: Always initialize the UIC done completion [1 file, +4/-7]
3ad69f2f08 scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG [3 files, +38/-1]
47f4ad956b bpf, vsock: Fix poll() missing a queue [1 file, +3/-0]
a222e48fea bpf, vsock: Invoke proto::close on close() [1 file, +40/-27]
dabaf26846 xsk: always clear DMA mapping information when unmapping the pool [1 file, +2/-3]
5c9e3bb43a tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg [1 file, +4/-7]
7bc37dd9ea ALSA: usb-audio: Notify xrun for low-latency mode [1 file, +11/-3]
a78af11806 pmdomain: core: Add missing put_device() [1 file, +1/-0]
913a3f1c06 pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails [1 file, +19/-17]
5548887987 nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported [1 file, +2/-1]
bdbf87486d bpf: Ensure reg is PTR_TO_STACK in process_iter_arg [2 files, +7/-2]
2459a0b149 drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails [1 file, +1/-5]
0da7d4b7ca bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc [1 file, +6/-3]
f9f2a2739e bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots [1 file, +1/-0]
845cc4ee8e nvme-fabrics: handle zero MAXCMD without closing the connection [1 file, +3/-2]
c2277e2859 scatterlist: fix incorrect func name in kernel-doc [1 file, +1/-1]
81ec3c6ceb bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie [1 file, +20/-3]
6dc076a257 bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem [1 file, +1/-3]
7218e441ad bpf: Handle in-place update for full LPM trie correctly [1 file, +21/-23]
412bf01fd5 bpf: Fix exact match conditions in trie_get_next_key() [1 file, +2/-2]
e689bc6697 HID: wacom: fix when get product name maybe null pointer [1 file, +2/-1]
3b0c5bb437 can: dev: can_set_termination(): allow sleeping GPIOs [1 file, +1/-1]
ba0ee489cd tracing: Fix cmp_entries_dup() to respect sort() comparison rules [1 file, +1/-5]
ec643064ab arm64: mm: Fix zone_dma_limit calculation [1 file, +8/-9]
34b6197867 arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs [1 file, +2/-2]
abd614bbfc arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL [1 file, +5/-1]
8ab73c34e3 arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR [1 file, +2/-0]
4105dd76bc arm64: ptrace: fix partial SETREGSET for NT_ARM_POE [1 file, +2/-0]
7f1292f8d4 ALSA: usb-audio: Fix a DMA to stack memory bug [1 file, +27/-15]
39c5d89b56 ALSA: usb-audio: Add extra PID for RME Digiface USB [3 files, +176/-168]
9c191055c7 scsi: ufs: core: sysfs: Prevent div by zero [1 file, +6/-0]
2e7a3bb033 scsi: ufs: core: Cancel RTC work during ufshcd_remove() [1 file, +1/-0]
5a717f43c2 scsi: ufs: core: Add missing post notify for power mode change [2 files, +10/-7]
793e560a6b io_uring: Change res2 parameter type in io_uring_cmd_done [2 files, +3/-3]
85351e4941 Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" [1 file, +2/-3]
95e197354e cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU [1 file, +8/-6]
bc031095d1 modpost: Add .irqentry.text to OTHER_SECTIONS [1 file, +1/-1]
178e31df1f bpf: fix OOB devmap writes when deleting elements [1 file, +3/-3]
3dcc20418e dma-buf: fix dma_fence_array_signaled v4 [1 file, +27/-1]
f3dbb097d6 dma-fence: Fix reference leak on fence merge failure path [1 file, +2/-0]
4715555964 dma-fence: Use kernel's sort for merging fences [1 file, +61/-67]
d486b5741d xsk: fix OOB map writes when deleting elements [1 file, +1/-1]
14258211d6 regmap: detach regmap from dev on regmap_exit [1 file, +12/-0]
d562b457e1 mmc: core: Further prevent card detect during shutdown [2 files, +5/-0]
9bfeeeff2c stackdepot: fix stack_depot_save_flags() in NMI context [2 files, +12/-4]
a71ddd5b87 sched/numa: fix memory leak due to the overwritten vma->numab_state [1 file, +9/-3]
835ca042df kasan: make report_lock a raw spinlock [1 file, +3/-3]
69d319450d mm/gup: handle NULL pages in unpin_user_pages() [1 file, +10/-1]
1dde3fde62 mm: open-code PageTail in folio_flags() and const_folio_flags() [1 file, +2/-2]
bd4d2333a3 mm: open-code page_folio() in dump_page() [1 file, +5/-2]
536ffb4014 mm: fix vrealloc()'s KASAN poisoning logic [1 file, +2/-1]
fe1a34e92a mm: respect mmap hint address when aligning for THP [1 file, +1/-0]
5c63e24b1b scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() [6 files, +2/-5]
2cec2d916a memblock: allow zero threshold in validate_numa_converage() [1 file, +2/-2]
d222934627 epoll: annotate racy check [2 files, +5/-3]
493326c4f1 block: RCU protect disk->conv_zones_bitmap [2 files, +32/-13]
b6ce2dbe98 ext4: partial zero eof block on unaligned inode size extension [2 files, +42/-16]
ff599ad2d2 cleanup: Adjust scoped_guard() macros to avoid potential warning [1 file, +42/-10]
3946e07552 gpio: free irqs that are still requested when the chip is being removed [1 file, +41/-0]
ea74e9675b HID: add per device quirk to force bind to hid-generic [3 files, +8/-2]
17db6ed5a3 media: uvcvideo: RealSense D421 Depth module metadata [1 file, +9/-0]
0c20fadfd0 media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera [1 file, +11/-0]
3cc5228d5b media: uvcvideo: Force UVC version to 1.0a for 0408:4033 [1 file, +11/-0]
4150f22342 drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model [1 file, +6/-0]
5d7f35ed5f drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition [1 file, +6/-0]
187d5ff497 drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK [1 file, +6/-0]
fd09880b16 af_packet: avoid erroring out after sock_init_data() in packet_create() [1 file, +6/-6]
61686abc2f Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() [1 file, +1/-0]
32df687e12 Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() [1 file, +5/-5]
8df832e6b9 net: af_can: do not leave a dangling sk pointer in can_create() [1 file, +1/-0]
03caa9bfb9 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() [1 file, +7/-5]
691d6d816f net: inet: do not leave a dangling sk pointer in inet_create() [1 file, +10/-12]
f44fceb71d net: inet6: do not leave a dangling sk pointer in inet6_create() [1 file, +10/-12]
987aa730ba bpf: Prevent tailcall infinite loop caused by freplace [5 files, +81/-17]
051f49d517 net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals [4 files, +29/-23]
920159e1bf ALSA: usb-audio: Make mic volume workarounds globally applicable [3 files, +45/-48]
a50b4aa300 bpf: Call free_htab_elem() after htab_unlock_bucket() [1 file, +39/-17]
da561d5fb6 Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions [1 file, +3/-10]
c55a4c5a04 Bluetooth: hci_conn: Use disable_delayed_work_sync [1 file, +3/-3]
93a6160dc1 Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet [1 file, +9/-4]
b04b4fb91d Bluetooth: Add new quirks for ATS2851 [2 files, +20/-4]
359fc41e3c Bluetooth: Support new quirks for ATS2851 [2 files, +15/-1]
166cf43070 net/neighbor: clear error in case strict check is not set [1 file, +1/-0]
f63a1caae9 tracing/ftrace: disable preemption in syscall probe [2 files, +44/-4]
d1133dd57e tracing: Use atomic64_inc_return() in trace_clock_counter() [1 file, +1/-1]
09c083fbea ring-buffer: Limit time with disabled interrupts in rb_check_pages() [1 file, +72/-26]
c11e2ec9a7 pinmux: Use sequential access to access desc->pinmux data [3 files, +100/-77]
b865d4e569 scsi: ufs: core: Make DMA mask configuration more flexible [3 files, +13/-9]
2fcb921c27 bpf: put bpf_link's program when link is safe to be deallocated [1 file, +17/-5]
bb4a6236a4 leds: class: Protect brightness_show() with led_cdev->led_access mutex [2 files, +12/-4]
7214d3a64e tracing: Fix function name for trampoline [3 files, +36/-8]
9e28513fd2 f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. [1 file, +3/-1]
b51aa6a07e PCI: qcom: Add support for IPQ9574 [1 file, +1/-0]
617bd1e6c3 PCI: Add ACS quirk for Wangxun FF5xxx NICs [1 file, +9/-6]
1f51ae217d i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock [1 file, +2/-1]
6d41a2d5c1 f2fs: print message if fscorrupted was found in f2fs_new_node_page() [1 file, +6/-1]
924f7dd1e8 f2fs: fix to shrink read extent node in batches [1 file, +41/-28]
1648c7000f serial: 8250_dw: Add Sophgo SG2044 quirk [1 file, +3/-2]
950210c9c7 Revert "nvme: make keep-alive synchronous operation" [1 file, +10/-7]
d5b2ddf1f9 io_uring/tctx: work around xa_store() allocation error issue [1 file, +12/-1]
cd188519d2 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() [1 file, +1/-0]
a39ad4f507 sched/core: Remove the unnecessary need_resched() check in nohz_csd_func() [1 file, +1/-1]
f9e144a544 sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy [1 file, +1/-1]
b4ec68868c sched/core: Prevent wakeup of ksoftirqd during idle load balance [1 file, +1/-1]
364dc8070b tracing/eprobe: Fix to release eprobe when failed to add dyn_event [1 file, +5/-0]
1a678f6829 clocksource: Make negative motion detection more robust [4 files, +20/-7]
6aeef0214d softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel [1 file, +11/-4]
Changes in 6.12.5
iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
watchdog: xilinx_wwdt: Calculate max_hw_heartbeat_ms using clock frequency
watchdog: apple: Actually flush writes after requesting watchdog restart
watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart()
can: gs_usb: add usb endpoint address detection at driver probe step
can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails
can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
can: hi311x: hi3110_can_ist(): fix potential use-after-free
can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics
can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics
can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
can: f81604: f81604_handle_can_bus_errors(): fix {rx,tx}_errors statistics
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
netfilter: x_tables: fix LED ID check in led_tg_check()
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
selftests: hid: fix typo and exit code
net: enetc: Do not configure preemptible TCs if SIs do not support
ptp: Add error handling for adjfine callback in ptp_clock_adjtime
net/sched: tbf: correct backlog statistic for GSO packets
net: hsr: avoid potential out-of-bound access in fill_frame_info()
bnxt_en: ethtool: Supply ntuple rss context action
net: Fix icmp host relookup triggering ip_rt_bug
ipv6: avoid possible NULL deref in modify_prefix_route()
can: j1939: j1939_session_new(): fix skb reference counting
platform/x86: asus-wmi: Ignore return value when writing thermal policy
net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on LAN7800/7850
net/ipv6: release expired exception dst cached in socket
dccp: Fix memory leak in dccp_feat_change_recv
tipc: Fix use-after-free of kernel socket in cleanup_bearer().
net/smc: initialize close_work early to avoid warning
net/smc: fix LGR and link use-after-free issue
net/qed: allow old cards not supporting "num_images" to work
net: hsr: must allocate more bytes for RedBox support
ice: fix PHY Clock Recovery availability check
ice: fix PHY timestamp extraction for ETH56G
ice: Fix VLAN pruning in switchdev mode
idpf: set completion tag for "empty" bufs associated with a packet
ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5
ixgbe: downgrade logging of unsupported VF API version to debug
ixgbe: Correct BASE-BX10 compliance code
igb: Fix potential invalid memory access in igb_init_module()
netfilter: nft_inner: incorrect percpu area handling under softirq
Revert "udp: avoid calling sock_def_readable() if possible"
net: sched: fix erspan_opt settings in cls_flower
netfilter: ipset: Hold module reference while requesting a module
netfilter: nft_set_hash: skip duplicated elements pending gc run
ethtool: Fix wrong mod state in case of verbose and no_mask bitset
mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst
mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4
geneve: do not assume mac header is set in geneve_xmit_skb()
net/mlx5: HWS: Fix memory leak in mlx5hws_definer_calc_layout
net/mlx5: HWS: Properly set bwc queue locks lock classes
net/mlx5e: SD, Use correct mdev to build channel param
net/mlx5e: Remove workaround to avoid syndrome for internal port
vsock/test: fix failures due to wrong SO_RCVLOWAT parameter
vsock/test: fix parameter types in SO_VM_SOCKETS_* calls
net: avoid potential UAF in default_operstate()
gpio: grgpio: use a helper variable to store the address of ofdev->dev
gpio: grgpio: Add NULL check in grgpio_probe
mmc: mtk-sd: use devm_mmc_alloc_host
mmc: mtk-sd: Fix error handle of probe function
mmc: mtk-sd: fix devm_clk_get_optional usage
mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting
mmc: sd: SDUC Support Recognition
mmc: core: Adjust ACMD22 to SDUC
mmc: core: Use GFP_NOIO in ACMD22
zram: do not mark idle slots that cannot be idle
zram: clear IDLE flag in mark_idle()
ntp: Remove invalid cast in time offset math
f2fs: clean up w/ F2FS_{BLK_TO_BYTES,BTYES_TO_BLK}
f2fs: fix to adjust appropriate length for fiemap
f2fs: fix to requery extent which cross boundary of inquiry
i3c: master: Replace hard code 2 with macro I3C_ADDR_SLOT_STATUS_BITS
i3c: master: Extend address status bit to 4 and add I3C_ADDR_SLOT_EXT_DESIRED
i3c: master: Fix dynamic address leak when 'assigned-address' is present
drm/amd/display: calculate final viewport before TAP optimization
drm/amd/display: Ignore scalar validation failure if pipe is phantom
scsi: ufs: core: Always initialize the UIC done completion
scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG
bpf, vsock: Fix poll() missing a queue
bpf, vsock: Invoke proto::close on close()
xsk: always clear DMA mapping information when unmapping the pool
bpftool: fix potential NULL pointer dereferencing in prog_dump()
drm/sti: Add __iomem for mixer_dbg_mxn's parameter
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
ALSA: seq: ump: Fix seq port updates per FB info notify
ALSA: usb-audio: Notify xrun for low-latency mode
tools: Override makefile ARCH variable if defined, but empty
spi: mpc52xx: Add cancel_work_sync before module remove
ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index
ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai()
pmdomain: core: Add missing put_device()
pmdomain: core: Fix error path in pm_genpd_init() when ida alloc fails
nvme: don't apply NVME_QUIRK_DEALLOCATE_ZEROES when DSM is not supported
x86/pkeys: Change caller of update_pkru_in_sigframe()
x86/pkeys: Ensure updated PKRU value is XRSTOR'd
bpf: Ensure reg is PTR_TO_STACK in process_iter_arg
irqchip/stm32mp-exti: CONFIG_STM32MP_EXTI should not default to y when compile-testing
drivers/virt: pkvm: Don't fail ioremap() call if MMIO_GUARD fails
bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots
nvme-fabrics: handle zero MAXCMD without closing the connection
nvme-tcp: fix the memleak while create new ctrl failed
nvme-rdma: unquiesce admin_q before destroy it
scsi: sg: Fix slab-use-after-free read in sg_release()
scsi: scsi_debug: Fix hrtimer support for ndelay
ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec
drm/v3d: Enable Performance Counters before clearing them
ocfs2: free inode when ocfs2_get_init_inode() fails
scatterlist: fix incorrect func name in kernel-doc
iio: magnetometer: yas530: use signed integer type for clamp limits
smb: client: fix potential race in cifs_put_tcon()
bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
bpf: Remove unnecessary kfree(im_node) in lpm_trie_update_elem
bpf: Handle in-place update for full LPM trie correctly
bpf: Fix exact match conditions in trie_get_next_key()
x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails
rust: allow `clippy::needless_lifetimes`
HID: i2c-hid: Revert to using power commands to wake on resume
HID: wacom: fix when get product name maybe null pointer
LoongArch: Add architecture specific huge_pte_clear()
LoongArch: KVM: Protect kvm_check_requests() with SRCU
ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
watchdog: rti: of: honor timeout-sec property
can: dev: can_set_termination(): allow sleeping GPIOs
can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6.
tracing: Fix cmp_entries_dup() to respect sort() comparison rules
net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
iommufd: Fix out_fput in iommufd_fault_alloc()
arm64: mm: Fix zone_dma_limit calculation
arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit ASIDs
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
ALSA: usb-audio: Fix a DMA to stack memory bug
ALSA: usb-audio: Add extra PID for RME Digiface USB
ALSA: hda/realtek: fix micmute LEDs don't work on HP Laptops
ALSA: usb-audio: add mixer mapping for Corsair HS80
ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
scsi: qla2xxx: Fix abort in bsg timeout
scsi: qla2xxx: Fix NVMe and NPIV connect issue
scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
scsi: qla2xxx: Fix use after free on unload
scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
scsi: ufs: core: sysfs: Prevent div by zero
scsi: ufs: core: Cancel RTC work during ufshcd_remove()
scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers
scsi: ufs: core: Add missing post notify for power mode change
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
fs/smb/client: avoid querying SMB2_OP_QUERY_WSL_EA for SMB3 POSIX
fs/smb/client: Implement new SMB3 POSIX type
fs/smb/client: cifs_prime_dcache() for SMB3 POSIX reparse points
smb3.1.1: fix posix mounts to older servers
io_uring: Change res2 parameter type in io_uring_cmd_done
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"
pmdomain: imx: gpcv2: Adjust delay after power up handshake
selftests/damon: add _damon_sysfs.py to TEST_FILES
selftest: hugetlb_dio: fix test naming
cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
x86/cacheinfo: Delete global num_cache_leaves
drm/amdkfd: hard-code cacheline for gc943,gc944
drm/dp_mst: Fix MST sideband message body length check
drm/amdkfd: add MEC version that supports no PCIe atomics for GFX12
drm/amd/pm: fix and simplify workload handling
drm/dp_mst: Verify request type in the corresponding down message reply
drm/dp_mst: Fix resetting msg rx state after topology removal
drm/amd/display: Correct prefetch calculation
drm/amd/display: Limit VTotal range to max hw cap minus fp
drm/amd/display: Add a left edge pixel if in YCbCr422 or YCbCr420 and odm
drm/amdgpu/hdp6.0: do a posting read when flushing HDP
drm/amdgpu/hdp4.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.0: do a posting read when flushing HDP
drm/amdgpu/hdp7.0: do a posting read when flushing HDP
drm/amdgpu/hdp5.2: do a posting read when flushing HDP
modpost: Add .irqentry.text to OTHER_SECTIONS
x86/kexec: Restore GDT on return from ::preserve_context kexec
bpf: fix OOB devmap writes when deleting elements
dma-buf: fix dma_fence_array_signaled v4
dma-fence: Fix reference leak on fence merge failure path
dma-fence: Use kernel's sort for merging fences
xsk: fix OOB map writes when deleting elements
regmap: detach regmap from dev on regmap_exit
arch_numa: Restore nid checks before registering a memblock with a node
mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet
mmc: core: Further prevent card detect during shutdown
x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
ocfs2: update seq_file index in ocfs2_dlm_seq_next
stackdepot: fix stack_depot_save_flags() in NMI context
lib: stackinit: hide never-taken branch from compiler
sched/numa: fix memory leak due to the overwritten vma->numab_state
kasan: make report_lock a raw spinlock
mm/gup: handle NULL pages in unpin_user_pages()
mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC
x86/mm: Add _PAGE_NOPTISHADOW bit to avoid updating userspace page tables
mm/damon: fix order of arguments in damos_before_apply tracepoint
mm: memcg: declare do_memsw_account inline
mm: open-code PageTail in folio_flags() and const_folio_flags()
mm: open-code page_folio() in dump_page()
mm: fix vrealloc()'s KASAN poisoning logic
mm: respect mmap hint address when aligning for THP
scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove()
memblock: allow zero threshold in validate_numa_converage()
rust: enable arbitrary_self_types and remove `Receiver`
s390/pci: Sort PCI functions prior to creating virtual busses
s390/pci: Use topology ID for multi-function devices
s390/pci: Ignore RID for isolated VFs
epoll: annotate racy check
kselftest/arm64: Log fp-stress child startup errors to stdout
s390/cpum_sf: Handle CPU hotplug remove during sampling
block: RCU protect disk->conv_zones_bitmap
btrfs: don't take dev_replace rwsem on task already holding it
btrfs: avoid unnecessary device path update for the same device
btrfs: canonicalize the device path before adding it
btrfs: do not clear read-only when adding sprout device
kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
ext4: partial zero eof block on unaligned inode size extension
crypto: ecdsa - Avoid signed integer overflow on signature decoding
kcsan: Turn report_filterlist_lock into a raw_spinlock
hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list
ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID
ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
ACPI: video: force native for Apple MacbookPro11,2 and Air7,2
perf/x86/amd: Warn only on new bits set
cleanup: Adjust scoped_guard() macros to avoid potential warning
iio: magnetometer: fix if () scoped_guard() formatting
timekeeping: Always check for negative motion
gpio: free irqs that are still requested when the chip is being removed
spi: spi-fsl-lpspi: Adjust type of scldiv
soc: qcom: llcc: Use designated initializers for LLC settings
HID: add per device quirk to force bind to hid-generic
firmware: qcom: scm: Allow QSEECOM on Lenovo Yoga Slim 7x
soc: qcom: pd-mapper: Add QCM6490 PD maps
media: uvcvideo: RealSense D421 Depth module metadata
media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
media: uvcvideo: Force UVC version to 1.0a for 0408:4033
media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
mmc: core: Add SD card quirk for broken poweroff notification
mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED
firmware: qcom: scm: Allow QSEECOM on Dell XPS 13 9345
soc: imx8m: Probe the SoC driver as platform driver
regmap: maple: Provide lockdep (sub)class for maple tree's internal lock
selftests/resctrl: Protect against array overflow when reading strings
sched_ext: add a missing rcu_read_lock/unlock pair at scx_select_cpu_dfl()
HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support
drm/xe/pciids: separate RPL-U and RPL-P PCI IDs
drm/xe/pciids: separate ARL and MTL PCI IDs
drm/vc4: hdmi: Avoid log spam for audio start failure
drm/vc4: hvs: Set AXI panic modes for the HVS
drm/xe/pciids: Add PVC's PCI device ID macros
wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
drm/xe/pciid: Add new PCI id for ARL
drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition
drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK
drm/bridge: it6505: Enable module autoloading
drm/mcde: Enable module autoloading
wifi: rtw89: check return value of ieee80211_probereq_get() for RNR
drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for MTL.
dlm: fix possible lkb_resource null dereference
drm/amd/display: skip disable CRTC in seemless bootup case
drm/amd/display: Fix garbage or black screen when resetting otg
drm/amd/display: disable SG displays on cyan skillfish
drm/xe/ptl: L3bank mask is not available on the media GT
drm/xe/xe3: Add initial set of workarounds
drm/display: Fix building with GCC 15
ALSA: hda: Use own quirk lookup helper
ALSA: hda/conexant: Use the new codec SSID matching
ALSA: hda/realtek: Use codec SSID matching for Lenovo devices
r8169: don't apply UDP padding quirk on RTL8126A
samples/bpf: Fix a resource leak
wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
accel/qaic: Add AIC080 support
drm/amd/display: Full exit out of IPS2 when all allow signals have been cleared
net: fec_mpc52xx_phy: Use %pa to format resource_size_t
net: ethernet: fs_enet: Use %pa to format resource_size_t
net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
af_packet: avoid erroring out after sock_init_data() in packet_create()
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
net: af_can: do not leave a dangling sk pointer in can_create()
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
net: inet: do not leave a dangling sk pointer in inet_create()
net: inet6: do not leave a dangling sk pointer in inet6_create()
wifi: ath10k: avoid NULL pointer error during sdio remove
wifi: ath5k: add PCI ID for SX76X
wifi: ath5k: add PCI ID for Arcadyan devices
fanotify: allow reporting errors on failure to open fd
bpf: Prevent tailcall infinite loop caused by freplace
ASoC: sdw_utils: Add support for exclusion DAI quirks
ASoC: sdw_utils: Add a quirk to allow the cs42l43 mic DAI to be ignored
ASoC: Intel: sof_sdw: Add quirk for cs42l43 system using host DMICs
ASoC: Intel: sof_sdw: Add quirks for some new Lenovo laptops
drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout
drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
net: sfp: change quirks for Alcatel Lucent G-010S-P
net: stmmac: Programming sequence for VLAN packets with split header
drm/sched: memset() 'job' in drm_sched_job_init()
drm/amd/display: Adding array index check to prevent memory corruption
drm/amdgpu/gfx9: Add cleaner shader for GFX9.4.2
drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
drm/amdgpu: Dereference the ATCS ACPI buffer
netlink: specs: Add missing bitset attrs to ethtool spec
drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
ASoC: sdw_utils: Add quirk to exclude amplifier function
ASoC: Intel: soc-acpi-intel-arl-match: Add rt722 and rt1320 support
drm/amd/display: Fix underflow when playing 8K video in full screen mode
mptcp: annotate data-races around subflow->fully_established
dma-debug: fix a possible deadlock on radix_lock
jfs: array-index-out-of-bounds fix in dtReadFirst
jfs: fix shift-out-of-bounds in dbSplit
jfs: fix array-index-out-of-bounds in jfs_readdir
jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
fsl/fman: Validate cell-index value obtained from Device Tree
net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals
drm/panic: Add ABGR2101010 support
drm/amd/display: Remove hw w/a toggle if on DP2/HPO
drm/amd/display: parse umc_info or vram_info based on ASIC
drm/amd/display: Prune Invalid Modes For HDMI Output
drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
virtio-net: fix overflow inside virtnet_rq_alloc
ALSA: usb-audio: Make mic volume workarounds globally applicable
drm/amdgpu: set the right AMDGPU sg segment limitation
wifi: ipw2x00: libipw_rx_any(): fix bad alignment
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
bpf: Call free_htab_elem() after htab_unlock_bucket()
mptcp: fix possible integer overflow in mptcp_reset_tout_timer
dsa: qca8k: Use nested lock to avoid splat
i2c: i801: Add support for Intel Panther Lake
Bluetooth: hci_conn: Reduce hci_conn_drop() calls in two functions
Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925
Bluetooth: hci_conn: Use disable_delayed_work_sync
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
Bluetooth: Add new quirks for ATS2851
Bluetooth: Support new quirks for ATS2851
Bluetooth: Set quirks for ATS2851
Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925
Bluetooth: btusb: Add new VID/PID 0489/e124 for MT7925
Bluetooth: btusb: Add 3 HWIDs for MT7925
ASoC: hdmi-codec: reorder channel allocation list
rocker: fix link status detection in rocker_carrier_init()
net/neighbor: clear error in case strict check is not set
netpoll: Use rcu_access_pointer() in __netpoll_setup
pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
rtla: Fix consistency in getopt_long for timerlat_hist
tracing/ftrace: disable preemption in syscall probe
tracing: Use atomic64_inc_return() in trace_clock_counter()
tools/rtla: fix collision with glibc sched_attr/sched_set_attr
rtla/timerlat: Make timerlat_top_cpu->*_count unsigned long long
rtla/timerlat: Make timerlat_hist_cpu->*_count unsigned long long
scsi: hisi_sas: Add cond_resched() for no forced preemption model
scsi: hisi_sas: Create all dump files during debugfs initialization
ring-buffer: Limit time with disabled interrupts in rb_check_pages()
pinmux: Use sequential access to access desc->pinmux data
scsi: ufs: core: Make DMA mask configuration more flexible
iommu/amd: Fix corruption when mapping large pages from 0
bpf: put bpf_link's program when link is safe to be deallocated
scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths
scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI
scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback
clk: qcom: rcg2: add clk_rcg2_shared_floor_ops
clk: qcom: rpmh: add support for SAR2130P
clk: qcom: tcsrcc-sm8550: add SAR2130P support
clk: qcom: dispcc-sm8550: enable support for SAR2130P
clk: qcom: clk-alpha-pll: Add NSS HUAYRA ALPHA PLL support for ipq9574
leds: class: Protect brightness_show() with led_cdev->led_access mutex
scsi: st: Don't modify unknown block number in MTIOCGET
scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
pinctrl: qcom-pmic-gpio: add support for PM8937
pinctrl: qcom: spmi-mpp: Add PM8937 compatible
thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens
nvdimm: rectify the illogical code within nd_dax_probe()
smb: client: memcpy() with surrounding object base address
tracing: Fix function name for trampoline
tools/rtla: Enhance argument parsing in timerlat_load.py
verification/dot2: Improve dot parser robustness
mailbox: pcc: Check before sending MCTP PCC response ACK
f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
KMSAN: uninit-value in inode_go_dump (5)
i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
PCI: qcom: Add support for IPQ9574
PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs
PCI: vmd: Set devices to D0 before enabling PM L1 Substates
PCI: Detect and trust built-in Thunderbolt chips
PCI: starfive: Enable controller runtime PM before probing host bridge
PCI: Add 'reset_subordinate' to reset hierarchy below bridge
PCI: Add ACS quirk for Wangxun FF5xxx NICs
remoteproc: qcom: pas: enable SAR2130P audio DSP support
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
f2fs: print message if fscorrupted was found in f2fs_new_node_page()
f2fs: fix to shrink read extent node in batches
f2fs: add a sysfs node to limit max read extent count per-inode
ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840
ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[]
LoongArch: Fix sleeping in atomic context for PREEMPT_RT
fs/ntfs3: Fix warning in ni_fiemap
fs/ntfs3: Fix case when unmarked clusters intersect with zone
regulator: qcom-rpmh: Update ranges for FTSMPS525
usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag
usb: chipidea: udc: limit usb request length to max 16KB
usb: chipidea: udc: create bounce buffer for problem sglist entries if possible
usb: chipidea: udc: handle USB Error Interrupt if IOC not set
usb: typec: ucsi: Do not call ACPI _DSM method for UCSI read operations
iio: adc: ad7192: properly check spi_get_device_match_data()
iio: light: ltr501: Add LTER0303 to the supported devices
usb: typec: ucsi: glink: be more precise on orientation-aware ports
ASoC: amd: yc: fix internal mic on Redmi G 2022
drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3
MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW
powerpc/prom_init: Fixup missing powermac #size-cells
misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
rtc: cmos: avoid taking rtc_lock for extended period of time
serial: 8250_dw: Add Sophgo SG2044 quirk
Revert "nvme: make keep-alive synchronous operation"
irqchip/gicv3-its: Add workaround for hip09 ITS erratum 162100801
smb: client: don't try following DFS links in cifs_tree_connect()
setlocalversion: work around "git describe" performance
io_uring/tctx: work around xa_store() allocation error issue
scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
drm/xe/devcoredump: Use drm_puts and already cached local variables
drm/xe/devcoredump: Improve section headings and add tile info
drm/xe/devcoredump: Add ASCII85 dump helper function
drm/xe/guc: Copy GuC log prior to dumping
drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()
drm/xe/devcoredump: Update handling of xe_force_wake_get return
drm/amd/display: Add option to retrieve detile buffer size
sched: fix warning in sched_setaffinity
sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning busy
sched/core: Prevent wakeup of ksoftirqd during idle load balance
sched/deadline: Fix warning in migrate_enable for boosted tasks
btrfs: drop unused parameter options from open_ctree()
btrfs: drop unused parameter data from btrfs_fill_super()
btrfs: fix mount failure due to remount races
btrfs: fix missing snapshot drew unlock when root is dead during swap activation
clk: en7523: Initialize num before accessing hws in en7523_register_clocks()
tracing/eprobe: Fix to release eprobe when failed to add dyn_event
x86: Fix build regression with CONFIG_KEXEC_JUMP enabled
Revert "unicode: Don't special case ignorable code points"
vfio/mlx5: Align the page tracking max message size with the device capability
selftests/ftrace: adjust offset for kprobe syntax error test
KVM: x86/mmu: Ensure that kvm_release_pfn_clean() takes exact pfn from kvm_faultin_pfn()
jffs2: Prevent rtime decompress memory corruption
jffs2: Fix rtime decompressor
media: ipu6: use the IPU6 DMA mapping APIs to do mapping
ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
net/mlx5: unique names for per device caches
ASoC: Intel: avs: Fix return status of avs_pcm_hw_constraints_init()
drm/amdgpu: rework resume handling for display (v2)
ALSA: hda: Fix build error without CONFIG_SND_DEBUG
Revert "drm/amd/display: parse umc_info or vram_info based on ASIC"
s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
ALSA: hda/realtek: Fix spelling mistake "Firelfy" -> "Firefly"
timekeeping: Remove CONFIG_DEBUG_TIMEKEEPING
clocksource: Make negative motion detection more robust
softirq: Allow raising SCHED_SOFTIRQ from SMP-call-function on RT kernel
Linux 6.12.5
Change-Id: If1b834954ed2ee1a16886f9a9909c6ca62d93b6c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 6ce5a6f0a07d37cc377df08a8d8a9c283420f323 ]
The issue that unrelated function name is shown on stack trace like
following even though it should be trampoline code address is caused by
the creation of trampoline code in the area where .init.text section
of module was freed after module is loaded.
bash-1344 [002] ..... 43.644608: <stack trace>
=> (MODULE INIT FUNCTION)
=> vfs_write
=> ksys_write
=> do_syscall_64
=> entry_SYSCALL_64_after_hwframe
To resolve this, when function address of stack trace entry is in
trampoline, output without looking up symbol name.
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241021071454.34610-2-tatsuya.s2862@gmail.com
Signed-off-by: Tatsuya S <tatsuya.s2862@gmail.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This catches up android16-6.12 with android-mainline to 6.12-rc7.
Bug: 367265496
Change-Id: I072760fe7a0f14fcfb67d4e4992939db4b810b63
Signed-off-by: Matthias Maennich <maennich@google.com>
Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
Pull ring buffer fixes from Steven Rostedt:
- Revert: "ring-buffer: Do not have boot mapped buffers hook to CPU
hotplug"
A crash that happened on cpu hotplug was actually caused by the
incorrect ref counting that was fixed by commit 2cf9733891
("ring-buffer: Fix refcount setting of boot mapped buffers"). The
removal of calling cpu hotplug callbacks on memory mapped buffers was
not an issue even though the tests at the time pointed toward it. But
in fact, there's a check in that code that tests to see if the
buffers are already allocated or not, and will not allocate them
again if they are. Not calling the cpu hotplug callbacks ended up not
initializing the non boot CPU buffers.
Simply remove that change.
- Clear all CPU buffers when starting tracing in a boot mapped buffer
To properly process events from a previous boot, the address space
needs to be accounted for due to KASLR and the events in the buffer
are updated accordingly when read. This also requires that when the
buffer has tracing enabled again in the current boot that the buffers
are reset so that events from the previous boot do not interact with
the events of the current boot and cause confusing due to not having
the proper meta data.
It was found that if a CPU is taken offline, that its per CPU buffer
is not reset when tracing starts. This allows for events to be from
both the previous boot and the current boot to be in the buffer at
the same time. Clear all CPU buffers when tracing is started in a
boot mapped buffer.
* tag 'trace-ringbuffer-v6.12-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
tracing/ring-buffer: Clear all memory mapped CPU ring buffers on first recording
Revert: "ring-buffer: Do not have boot mapped buffers hook to CPU hotplug"
The events of a memory mapped ring buffer from the previous boot should
not be mixed in with events from the current boot. There's meta data that
is used to handle KASLR so that function names can be shown properly.
Also, since the timestamps of the previous boot have no meaning to the
timestamps of the current boot, having them intermingled in a buffer can
also cause confusion because there could possibly be events in the future.
When a trace is activated the meta data is reset so that the pointers of
are now processed for the new address space. The trace buffers are reset
when tracing starts for the first time. The problem here is that the reset
only happens on online CPUs. If a CPU is offline, it does not get reset.
To demonstrate the issue, a previous boot had tracing enabled in the boot
mapped ring buffer on reboot. On the following boot, tracing has not been
started yet so the function trace from the previous boot is still visible.
# trace-cmd show -B boot_mapped -c 3 | tail
<idle>-0 [003] d.h2. 156.462395: __rcu_read_lock <-cpu_emergency_disable_virtualization
<idle>-0 [003] d.h2. 156.462396: vmx_emergency_disable_virtualization_cpu <-cpu_emergency_disable_virtualization
<idle>-0 [003] d.h2. 156.462396: __rcu_read_unlock <-__sysvec_reboot
<idle>-0 [003] d.h2. 156.462397: stop_this_cpu <-__sysvec_reboot
<idle>-0 [003] d.h2. 156.462397: set_cpu_online <-stop_this_cpu
<idle>-0 [003] d.h2. 156.462397: disable_local_APIC <-stop_this_cpu
<idle>-0 [003] d.h2. 156.462398: clear_local_APIC <-disable_local_APIC
<idle>-0 [003] d.h2. 156.462574: mcheck_cpu_clear <-stop_this_cpu
<idle>-0 [003] d.h2. 156.462575: mce_intel_feature_clear <-stop_this_cpu
<idle>-0 [003] d.h2. 156.462575: lmce_supported <-mce_intel_feature_clear
Now, if CPU 3 is taken offline, and tracing is started on the memory
mapped ring buffer, the events from the previous boot in the CPU 3 ring
buffer is not reset. Now those events are using the meta data from the
current boot and produces just hex values.
# echo 0 > /sys/devices/system/cpu/cpu3/online
# trace-cmd start -B boot_mapped -p function
# trace-cmd show -B boot_mapped -c 3 | tail
<idle>-0 [003] d.h2. 156.462395: 0xffffffff9a1e3194 <-0xffffffff9a0f655e
<idle>-0 [003] d.h2. 156.462396: 0xffffffff9a0a1d24 <-0xffffffff9a0f656f
<idle>-0 [003] d.h2. 156.462396: 0xffffffff9a1e6bc4 <-0xffffffff9a0f7323
<idle>-0 [003] d.h2. 156.462397: 0xffffffff9a0d12b4 <-0xffffffff9a0f732a
<idle>-0 [003] d.h2. 156.462397: 0xffffffff9a1458d4 <-0xffffffff9a0d12e2
<idle>-0 [003] d.h2. 156.462397: 0xffffffff9a0faed4 <-0xffffffff9a0d12e7
<idle>-0 [003] d.h2. 156.462398: 0xffffffff9a0faaf4 <-0xffffffff9a0faef2
<idle>-0 [003] d.h2. 156.462574: 0xffffffff9a0e3444 <-0xffffffff9a0d12ef
<idle>-0 [003] d.h2. 156.462575: 0xffffffff9a0e4964 <-0xffffffff9a0d12ef
<idle>-0 [003] d.h2. 156.462575: 0xffffffff9a0e3fb0 <-0xffffffff9a0e496f
Reset all CPUs when starting a boot mapped ring buffer for the first time,
and not just the online CPUs.
Fixes: 7a1d1e4b96 ("tracing/ring-buffer: Add last_boot_info file to boot instance")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The aosp/1562075 add the following vendor hooks in ftrace oops path
to allow vendor modules to get ftrace buffer data.
1) android_vh_ftrace_oops_enter
2) android_vh_ftrace_size_check
3) android_vh_ftrace_format_check
4) android_vh_ftrace_dump_buffer
5) android_vh_ftrace_oops_exit
Ftrace dump on oops can be controlled with kernel command
line parameter ftrace_dump_on_oops.
However the commit b8e1f899fc6b ("ANDROID: ftrace: vendor hook for ftrace dump on oops")
only cherry-pick android_vh_ftrace_format_check vh.
But following vendor hooks in ftrace oops path was not added.
1) android_vh_ftrace_oops_enter
2) android_vh_ftrace_size_check
3) android_vh_ftrace_dump_buffer
4) android_vh_ftrace_oops_exit
So add these to allow vendor modules to get ftrace buffer data.
Bug: 177387994
Signed-off-by: Prateek Sood <prsood@codeaurora.org>
Signed-off-by: Mukesh Ojha <mojha@codeaurora.org>
[xuewen: minor conflicts fixups]
Change-Id: I00328101bc7e1092ce7a0b50c2d47ab8288e0067
Signed-off-by: Xuewen Yan <xuewen.yan@unisoc.com>
(cherry picked from commit fbbc48ef18)
This catches up android16-6.12 with android-mainline to 6.12-rc5.
Bug: 367265496
Change-Id: I21a79f239099636302f4ad879323b19676a5a593
Signed-off-by: Matthias Maennich <maennich@google.com>
Signed-off-by: Will McVicker <willmcvicker@google.com>
A ring buffer which has its buffered mapped at boot up to fixed memory
should not be freed. Other buffers can be. The ref counting setup was
wrong for both. It made the not mapped buffers ref count have zero, and the
boot mapped buffer a ref count of 1. But an normally allocated buffer
should be 1, where it can be removed.
Keep the ref count of a normal boot buffer with its setup ref count (do
not decrement it), and increment the fixed memory boot mapped buffer's ref
count.
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241011165224.33dd2624@gandalf.local.home
Fixes: e645535a95 ("tracing: Add option to use memmapped memory for trace boot instance")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Steps on the way to 6.12-rc1
Bug: 367265496
Change-Id: Ib569bda9755b5b910b27f8ff620a29d74fe7d375
Signed-off-by: Matthias Maennich <maennich@google.com>
When the tp_printk kernel command line is used, the trace events go
directly to printk(). It is still checked via the trace_check_vprintf()
function to make sure the pointers of the trace event are legit.
The addition of reading buffers from previous boots required adding a
delta between the addresses of the previous boot and the current boot so
that the pointers in the old buffer can still be used. But this required
adding a trace_array pointer to acquire the delta offsets.
The tp_printk code does not provide a trace_array (tr) pointer, so when
the offsets were examined, a NULL pointer dereference happened and the
kernel crashed.
If the trace_array does not exist, just default the delta offsets to zero,
as that also means the trace event is not being read from a previous boot.
Link: https://lore.kernel.org/all/Zv3z5UsG_jsO9_Tb@aschofie-mobl2.lan/
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Link: https://lore.kernel.org/20241003104925.4e1b1fd9@gandalf.local.home
Fixes: 07714b4bb3 ("tracing: Handle old buffer mappings for event strings and functions")
Reported-by: Alison Schofield <alison.schofield@intel.com>
Tested-by: Alison Schofield <alison.schofield@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Steps on the way to 6.12-rc1
Bug: 367265496
Change-Id: Ifd47581e267cffcb07297153a2a3cf3b0a93d575
Signed-off-by: Matthias Maennich <maennich@google.com>
no_llseek had been defined to NULL two years ago, in commit 868941b144
("fs: remove no_llseek")
To quote that commit,
At -rc1 we'll need do a mechanical removal of no_llseek -
git grep -l -w no_llseek | grep -v porting.rst | while read i; do
sed -i '/\<no_llseek\>/d' $i
done
would do it.
Unfortunately, that hadn't been done. Linus, could you do that now, so
that we could finally put that thing to rest? All instances are of the
form
.llseek = no_llseek,
so it's obviously safe.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull ring-buffer updates from Steven Rostedt:
- tracing/ring-buffer: persistent buffer across reboots
This allows for the tracing instance ring buffer to stay persistent
across reboots. The way this is done is by adding to the kernel
command line:
trace_instance=boot_map@0x285400000:12M
This will reserve 12 megabytes at the address 0x285400000, and then
map the tracing instance "boot_map" ring buffer to that memory. This
will appear as a normal instance in the tracefs system:
/sys/kernel/tracing/instances/boot_map
A user could enable tracing in that instance, and on reboot or kernel
crash, if the memory is not wiped by the firmware, it will recreate
the trace in that instance. For example, if one was debugging a
shutdown of a kernel reboot:
# cd /sys/kernel/tracing
# echo function > instances/boot_map/current_tracer
# reboot
[..]
# cd /sys/kernel/tracing
# tail instances/boot_map/trace
swapper/0-1 [000] d..1. 164.549800: restore_boot_irq_mode <-native_machine_shutdown
swapper/0-1 [000] d..1. 164.549801: native_restore_boot_irq_mode <-native_machine_shutdown
swapper/0-1 [000] d..1. 164.549802: disconnect_bsp_APIC <-native_machine_shutdown
swapper/0-1 [000] d..1. 164.549811: hpet_disable <-native_machine_shutdown
swapper/0-1 [000] d..1. 164.549812: iommu_shutdown_noop <-native_machine_restart
swapper/0-1 [000] d..1. 164.549813: native_machine_emergency_restart <-__do_sys_reboot
swapper/0-1 [000] d..1. 164.549813: tboot_shutdown <-native_machine_emergency_restart
swapper/0-1 [000] d..1. 164.549820: acpi_reboot <-native_machine_emergency_restart
swapper/0-1 [000] d..1. 164.549821: acpi_reset <-acpi_reboot
swapper/0-1 [000] d..1. 164.549822: acpi_os_write_port <-acpi_reboot
On reboot, the buffer is examined to make sure it is valid. The
validation check even steps through every event to make sure the meta
data of the event is correct. If any test fails, it will simply reset
the buffer, and the buffer will be empty on boot.
- Allow the tracing persistent boot buffer to use the "reserve_mem"
option
Instead of having the admin find a physical address to store the
persistent buffer, which can be very tedious if they have to
administrate several different machines, allow them to use the
"reserve_mem" option that will find a location for them. It is not as
reliable because of KASLR, as the loading of the kernel in different
locations can cause the memory allocated to be inconsistent. Booting
with "nokaslr" can make reserve_mem more reliable.
- Have function graph tracer handle offsets from a previous boot.
The ring buffer output from a previous boot may have different
addresses due to kaslr. Have the function graph tracer handle these
by using the delta from the previous boot to the new boot address
space.
- Only reset the saved meta offset when the buffer is started or reset
In the persistent memory meta data, it holds the previous address
space information, so that it can calculate the delta to have
function tracing work. But this gets updated after being read to hold
the new address space. But if the buffer isn't used for that boot, on
reboot, the delta is now calculated from the previous boot and not
the boot that holds the data in the ring buffer. This causes the
functions not to be shown. Do not save the address space information
of the current kernel until it is being recorded.
- Add a magic variable to test the valid meta data
Add a magic variable in the meta data that can also be used for
validation. The validator of the previous buffer doesn't need this
magic data, but it can be used if the meta data is changed by a new
kernel, which may have the same format that passes the validator but
is used differently. This magic number can also be used as a
"versioning" of the meta data.
- Align user space mapped ring buffer sub buffers to improve TLB
entries
Linus mentioned that the mapped ring buffer sub buffers were
misaligned between the meta page and the sub-buffers, so that if the
sub-buffers were bigger than PAGE_SIZE, it wouldn't allow the TLB to
use bigger entries.
- Add new kernel command line "traceoff" to disable tracing on boot for
instances
If tracing is enabled for a boot instance, there needs a way to be
able to disable it on boot so that new events do not get entered into
the ring buffer and be mixed with events from a previous boot, as
that can be confusing.
- Allow trace_printk() to go to other instances
Currently, trace_printk() can only go to the top level instance. When
debugging with a persistent buffer, it is really useful to be able to
add trace_printk() to go to that buffer, so that you have access to
them after a crash.
- Do not use "bin_printk()" for traces to a boot instance
The bin_printk() saves only a pointer to the printk format in the
ring buffer, as the reader of the buffer can still have access to it.
But this is not the case if the buffer is from a previous boot. If
the trace_printk() is going to a "persistent" buffer, it will use the
slower version that writes the printk format into the buffer.
- Add command line option to allow trace_printk() to go to an instance
Allow the kernel command line to define which instance the
trace_printk() goes to, instead of forcing the admin to set it for
every boot via the tracefs options.
- Start a document that explains how to use tracefs to debug the kernel
- Add some more kernel selftests to test user mapped ring buffer
* tag 'trace-ring-buffer-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: (28 commits)
selftests/ring-buffer: Handle meta-page bigger than the system
selftests/ring-buffer: Verify the entire meta-page padding
tracing/Documentation: Start a document on how to debug with tracing
tracing: Add option to set an instance to be the trace_printk destination
tracing: Have trace_printk not use binary prints if boot buffer
tracing: Allow trace_printk() to go to other instance buffers
tracing: Add "traceoff" flag to boot time tracing instances
ring-buffer: Align meta-page to sub-buffers for improved TLB usage
ring-buffer: Add magic and struct size to boot up meta data
ring-buffer: Don't reset persistent ring-buffer meta saved addresses
tracing/fgraph: Have fgraph handle previous boot function addresses
tracing: Allow boot instances to use reserve_mem boot memory
tracing: Fix ifdef of snapshots to not prevent last_boot_info file
ring-buffer: Use vma_pages() helper function
tracing: Fix NULL vs IS_ERR() check in enable_instances()
tracing: Add last boot delta offset for stack traces
tracing: Update function tracing output for previous boot buffer
tracing: Handle old buffer mappings for event strings and functions
tracing/ring-buffer: Add last_boot_info file to boot instance
ring-buffer: Save text and data locations in mapped meta data
...
In __tracing_open(), when max latency tracers took place on the cpu,
the time start of its buffer would be updated, then event entries with
timestamps being earlier than start of the buffer would be skipped
(see tracing_iter_reset()).
Softlockup will occur if the kernel is non-preemptible and too many
entries were skipped in the loop that reset every cpu buffer, so add
cond_resched() to avoid it.
Cc: stable@vger.kernel.org
Fixes: 2f26ebd549 ("tracing: use timestamp to determine start of latency traces")
Link: https://lore.kernel.org/20240827124654.3817443-1-zhengyejian@huaweicloud.com
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Zheng Yejian <zhengyejian@huaweicloud.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Allow boot instances to use memory reserved by the reserve_mem boot
option.
reserve_mem=12M:4096:trace trace_instance=boot_mapped@trace
The above will allocate 12 megs with 4096 alignment and label it "trace".
The second parameter will create a "boot_mapped" instance and use the
memory reserved and labeled as "trace" as the memory for the ring buffer.
That will create an instance called "boot_mapped":
/sys/kernel/tracing/instances/boot_mapped
Note, because the ring buffer is using a defined memory ranged, it will
act just like a memory mapped ring buffer. It will not have a snapshot
buffer, as it can't swap out the buffer. The snapshot files as well as any
tracers that uses a snapshot will not be present in the boot_mapped
instance.
Also note that reserve_mem is not reliable in acquiring the same physical
memory at each soft reboot. It is possible that KALSR could map the kernel
at the previous boot memory location forcing the reserve_mem to return a
different memory location. In this case, the previous ring buffer will be
lost.
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ross Zwisler <zwisler@google.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Link: https://lore.kernel.org/20240815082811.669f7d8c@gandalf.local.home
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The mapping of the ring buffer to memory allocated at boot up will also
expose a "last_boot_info" to help tooling to read the raw data from the
last boot. As instances that have their ring buffer mapped to fixed
memory cannot perform snapshots, they can either have the "snapshot" file
or the "last_boot_info" file, but not both.
The code that added the "last_boot_info" file failed to notice that the
"snapshot" creation was inside a "#ifdef CONFIG_TRACER_SNAPSHOT" and
incorrectly placed the creation of the "last_boot_info" file within the
ifdef block. Not only does it cause a warning when CONFIG_TRACER_SNAPSHOT
is not enabled, it also incorrectly prevents the file from appearing.
Link: https://lore.kernel.org/all/20240719102640.718554-1-arnd@kernel.org/
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Reported-by: Arnd Bergmann <arnd@kernel.org>
Link: https://lore.kernel.org/20240719101312.3d4ac707@rorschach.local.home
Fixes: 7a1d1e4b96 ("tracing/ring-buffer: Add last_boot_info file to boot instance")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
The "reserve_mem" kernel command line parameter has been pulled into
v6.11. Merge the latest -rc3 to allow the persistent ring buffer memory to
be able to be mapped at the address specified by the "reserve_mem" command
line parameter.
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Greg Kroah-Hartman
Pan Taixi
Andy Shevchenko
Jeongjun Park
Steven Rostedt
Lizhi Xu
Tatsuya S
Aleksei Vetrov
Linus Torvalds
Prateek Sood
Kalesh Singh
Will McVicker
Matthias Maennich
Al Viro
Zheng Yejian
Lee Jones