GKI (arm64) relevant 35 out of 230 changes, affecting 67 files +612/-427
ec9be081c5 Revert "mmc: sdhci: Disable SD card clock before changing parameters" [1 file, +2/-7]
0698a2eb7d Bluetooth: HCI: Set extended advertising data synchronously [2 files, +130/-113]
3672fe9d1e Bluetooth: hci_sync: revert some mesh modifications [1 file, +4/-12]
44bb1e13b4 Bluetooth: MGMT: set_mesh: update LE scan interval and window [1 file, +22/-0]
a99f80c88a Bluetooth: MGMT: mesh_send: check instances prior disabling advertising [1 file, +2/-1]
5581e694d3 usb: typec: altmodes/displayport: do not index invalid pin_assignments [2 files, +2/-1]
b1abc5ab47 scsi: sd: Fix VPD page 0xb7 length check [1 file, +1/-1]
381c1c1219 Bluetooth: Prevent unintended pause by checking if advertising is active [1 file, +4/-0]
f0fee863a7 nvme: Fix incorrect cdw15 value in passthru error logging [1 file, +1/-1]
50c86c0945 netfs: Fix i_size updating [2 files, +8/-2]
a553afd91f net/sched: Always pass notifications when child class becomes empty [1 file, +5/-14]
d78f79a2c1 spinlock: extend guard with spinlock_bh variants [1 file, +13/-0]
0cc4721a71 sched/fair: Rename h_nr_running into h_nr_queued [5 files, +53/-53]
a2562bdd35 sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE [1 file, +11/-2]
5833026221 f2fs: decrease spare area for pinned files for zoned devices [3 files, +5/-2]
8912b139a8 f2fs: zone: fix to calculate first_zoned_segno correctly [4 files, +69/-20]
c5474a7b04 bpf: use common instruction history across all states [2 files, +63/-63]
4265682c29 bpf: Do not include stack ptr register in precision backtracking bookkeeping [2 files, +24/-6]
e0fefe9bc0 netfs: Fix oops in write-retry from mis-resetting the subreq iterator [1 file, +3/-2]
acf9ab15ec selinux: change security_compute_sid to return the ssid or tsid on match [1 file, +11/-5]
42c5a4b47d rcu: Return early if callback is not specified [1 file, +4/-0]
e036efbe58 add a string-to-qstr constructor [10 files, +13/-23]
f94c422157 fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass [3 files, +21/-13]
8caccd2eac usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed [1 file, +4/-1]
9f75893189 Revert "usb: xhci: Implement xhci_handshake_check_state() helper" [3 files, +3/-30]
fbebc2254a usb: xhci: quirk for data loss in ISOC transfers [3 files, +30/-0]
195597e0be xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS [1 file, +2/-1]
dbdd2a2320 Input: xpad - support Acer NGR 200 Controller [1 file, +2/-0]
3b1407caac usb: dwc3: Abort suspend on soft disconnect failure [2 files, +16/-15]
7cb8750160 usb: acpi: fix device link removal [3 files, +8/-1]
c745744a82 dma-buf: fix timeout handling in dma_resv_wait_timeout v2 [1 file, +7/-5]
ccdc472b4d Logitech C-270 even more broken [1 file, +2/-1]
c782f98eef usb: typec: displayport: Fix potential deadlock [1 file, +1/-2]
ead91de35d mm/vmalloc: fix data race in show_numa_info() [1 file, +35/-28]
4c443046d8 mm: userfaultfd: fix race of userfaultfd_move and swap cache [1 file, +31/-2]
Changes in 6.12.37
rtc: pcf2127: add missing semicolon after statement
rtc: pcf2127: fix SPI command byte for PCF2131
rtc: cmos: use spin_lock_irqsave in cmos_interrupt
virtio-net: xsk: rx: fix the frame's length check
virtio-net: ensure the received length does not exceed allocated size
s390/pci: Fix stale function handles in error handling
s390/pci: Do not try re-enabling load/store if device is disabled
net: txgbe: request MISC IRQ in ndo_open
vsock/vmci: Clear the vmci transport packet properly when initializing it
net: libwx: fix the incorrect display of the queue number
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
Revert "mmc: sdhci: Disable SD card clock before changing parameters"
mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier
Bluetooth: HCI: Set extended advertising data synchronously
Bluetooth: hci_sync: revert some mesh modifications
Bluetooth: MGMT: set_mesh: update LE scan interval and window
Bluetooth: MGMT: mesh_send: check instances prior disabling advertising
iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt()
usb: typec: altmodes/displayport: do not index invalid pin_assignments
mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
mtk-sd: Prevent memory corruption from DMA map failure
mtk-sd: reset host->mrq on prepare_data() error
drm/v3d: Disable interrupts before resetting the GPU
firmware: arm_ffa: Fix memory leak by freeing notifier callback node
firmware: arm_ffa: Move memory allocation outside the mutex locking
firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context
arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling
RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
scsi: sd: Fix VPD page 0xb7 length check
scsi: ufs: core: Fix spelling of a sysfs attribute name
RDMA/mlx5: Fix HW counters query for non-representor devices
RDMA/mlx5: Fix CC counters query for MPV
RDMA/mlx5: Fix vport loopback for MPV device
platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1
platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message
Bluetooth: Prevent unintended pause by checking if advertising is active
btrfs: fix missing error handling when searching for inode refs during log replay
btrfs: fix iteration of extrefs during log replay
btrfs: return a btrfs_inode from btrfs_iget_logging()
btrfs: return a btrfs_inode from read_one_inode()
btrfs: fix invalid inode pointer dereferences during log replay
btrfs: fix inode lookup error handling during log replay
btrfs: record new subvolume in parent dir earlier to avoid dir logging races
btrfs: propagate last_unlink_trans earlier when doing a rmdir
btrfs: use btrfs_record_snapshot_destroy() during rmdir
ethernet: atl1: Add missing DMA mapping error checks and count errors
dpaa2-eth: fix xdp_rxq_info leak
drm/exynos: fimd: Guard display clock control with runtime PM calls
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
drm/i915/selftests: Change mock_request() to return error pointers
nvme: Fix incorrect cdw15 value in passthru error logging
nvmet: fix memory leak of bio integrity
platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks
platform/x86: hp-bioscfg: Directly use firmware_attributes_class
platform/x86: hp-bioscfg: Fix class device unregistration
platform/x86: firmware_attributes_class: Move include linux/device/class.h
platform/x86: firmware_attributes_class: Simplify API
platform/x86: think-lmi: Directly use firmware_attributes_class
platform/x86: think-lmi: Fix class device unregistration
platform/x86: dell-sysman: Directly use firmware_attributes_class
platform/x86: dell-wmi-sysman: Fix class device unregistration
platform/mellanox: mlxreg-lc: Fix logic error in power state check
drm/bridge: aux-hpd-bridge: fix assignment of the of_node
smb: client: fix warning when reconnecting channel
net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect
drm/i915/gt: Fix timeline left held on VMA alloc error
drm/i915/gsc: mei interrupt top half should be in irq disabled context
idpf: return 0 size for RSS key if not supported
idpf: convert control queue mutex to a spinlock
igc: disable L1.2 PCI-E link substate to avoid performance issue
smb: client: set missing retry flag in smb2_writev_callback()
smb: client: set missing retry flag in cifs_readv_callback()
smb: client: set missing retry flag in cifs_writev_callback()
netfs: Fix i_size updating
lib: test_objagg: Set error message in check_expect_hints_stats()
amd-xgbe: align CL37 AN sequence as per databook
enic: fix incorrect MTU comparison in enic_change_mtu()
rose: fix dangling neighbour pointers in rose_rt_device_down()
nui: Fix dma_mapping_error() check
net/sched: Always pass notifications when child class becomes empty
amd-xgbe: do not double read link status
smb: client: fix race condition in negotiate timeout by using more precise timing
arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma
crypto: iaa - Remove dst_null support
crypto: iaa - Do not clobber req->base.data
spinlock: extend guard with spinlock_bh variants
crypto: zynqmp-sha - Add locking
kunit: qemu_configs: sparc: use Zilog console
kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y
kunit: qemu_configs: Disable faulting tests on 32-bit SPARC
gfs2: Initialize gl_no_formal_ino earlier
gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE
gfs2: Rename dinode_demise to evict_behavior
gfs2: Prevent inode creation race
gfs2: Decode missing glock flags in tracepoints
gfs2: Add GLF_PENDING_REPLY flag
gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE
gfs2: Move gfs2_dinode_dealloc
gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc
gfs2: deallocate inodes in gfs2_create_inode
btrfs: prepare btrfs_page_mkwrite() for large folios
btrfs: fix wrong start offset for delalloc space release during mmap write
sched/fair: Rename h_nr_running into h_nr_queued
sched/fair: Add new cfs_rq.h_nr_runnable
sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE
gfs2: Move gfs2_trans_add_databufs
gfs2: Don't start unnecessary transactions during log flush
ASoC: tas2764: Extend driver to SN012776
ASoC: tas2764: Reinit cache on part reset
ACPI: thermal: Fix stale comment regarding trip points
ACPI: thermal: Execute _SCP before reading trip points
bonding: Mark active offloaded xfrm_states
wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path
wifi: ath12k: Handle error cases during extended skb allocation
wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers
RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug
iommu: ipmmu-vmsa: avoid Wformat-security warning
f2fs: decrease spare area for pinned files for zoned devices
f2fs: zone: introduce first_zoned_segno in f2fs_sb_info
f2fs: zone: fix to calculate first_zoned_segno correctly
scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure
scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask
scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk
hisi_acc_vfio_pci: bugfix cache write-back issue
hisi_acc_vfio_pci: bugfix the problem of uninstalling driver
bpf: use common instruction history across all states
bpf: Do not include stack ptr register in precision backtracking bookkeeping
arm64: dts: qcom: sm8650: change labels to lower-case
arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2
arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs
arm64: dts: renesas: Factor out White Hawk Single board support
arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description
arm64: dts: qcom: sm8650: add the missing l2 cache node
ubsan: integer-overflow: depend on BROKEN to keep this out of CI
remoteproc: k3: Call of_node_put(rmem_np) only once in three functions
remoteproc: k3-r5: Add devm action to release reserved memory
remoteproc: k3-r5: Use devm_kcalloc() helper
remoteproc: k3-r5: Use devm_ioremap_wc() helper
remoteproc: k3-r5: Use devm_rproc_add() helper
remoteproc: k3-r5: Refactor sequential core power up/down operations
netfs: Fix oops in write-retry from mis-resetting the subreq iterator
mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe()
drm/xe: Fix DSB buffer coherency
drm/xe: Move DSB l2 flush to a more sensible place
drm/xe: add interface to request physical alignment for buffer objects
drm/xe: Allow bo mapping on multiple ggtts
drm/xe: move DPT l2 flush to a more sensible place
drm/xe: Replace double space with single space after comma
drm/xe/guc: Dead CT helper
drm/xe/guc: Explicitly exit CT safe mode on unwind
selinux: change security_compute_sid to return the ssid or tsid on match
drm/simpledrm: Do not upcast in release helpers
drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause
drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read
drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13
drm/amd/display: Add more checks for DSC / HUBP ONO guarantees
arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on
drm/amdgpu/mes: add missing locking in helper functions
sched_ext: Make scx_group_set_weight() always update tg->scx.weight
scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag
drm/msm: Fix a fence leak in submit error path
drm/msm: Fix another leak in the submit error path
ALSA: sb: Don't allow changing the DMA mode during operations
ALSA: sb: Force to disable DMAs once when DMA mode is changed
ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled
ata: pata_cs5536: fix build on 32-bit UML
ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic
platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list
genirq/irq_sim: Initialize work context pointers properly
powerpc: Fix struct termio related ioctl macros
ASoC: amd: yc: update quirk data for HP Victus
regulator: fan53555: add enable_time support and soft-start times
scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
aoe: defer rexmit timer downdev work to workqueue
wifi: mac80211: drop invalid source address OCB frames
wifi: ath6kl: remove WARN on bad firmware input
ACPICA: Refuse to evaluate a method if arguments are missing
mtd: spinand: fix memory leak of ECC engine conf
rcu: Return early if callback is not specified
add a string-to-qstr constructor
module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper
fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass
RDMA/mlx5: Fix cache entry update on dereg error
IB/mlx5: Fix potential deadlock in MR deregistration
drm/xe/bmg: Update Wa_22019338487
drm/xe: Allow dropping kunit dependency as built-in
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed
Revert "usb: xhci: Implement xhci_handshake_check_state() helper"
usb: xhci: quirk for data loss in ISOC transfers
xhci: dbctty: disable ECHO flag by default
xhci: dbc: Flush queued requests before stopping dbc
xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
Input: xpad - support Acer NGR 200 Controller
Input: iqs7222 - explicitly define number of external channels
usb: cdnsp: do not disable slot for disabled slot
usb: cdnsp: Fix issue with CV Bad Descriptor test
usb: dwc3: Abort suspend on soft disconnect failure
usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume
usb: acpi: fix device link removal
smb: client: fix readdir returning wrong type with POSIX extensions
cifs: all initializations for tcon should happen in tcon_info_alloc
dma-buf: fix timeout handling in dma_resv_wait_timeout v2
i2c/designware: Fix an initialization issue
Logitech C-270 even more broken
optee: ffa: fix sleep in atomic context
iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU
powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed
riscv: cpu_ops_sbi: Use static array for boot_data
platform/x86: think-lmi: Create ksets consecutively
platform/x86: think-lmi: Fix kobject cleanup
platform/x86: think-lmi: Fix sysfs group cleanup
usb: typec: displayport: Fix potential deadlock
powerpc/kernel: Fix ppc_save_regs inclusion in build
mm/vmalloc: fix data race in show_numa_info()
mm: userfaultfd: fix race of userfaultfd_move and swap cache
x86/bugs: Rename MDS machinery to something more generic
x86/bugs: Add a Transient Scheduler Attacks mitigation
KVM: SVM: Advertise TSA CPUID bits to guests
x86/microcode/AMD: Add TSA microcode SHAs
x86/process: Move the buffer clearing before MONITOR
Linux 6.12.37
Change-Id: If1d8d0f83e11df1540bebaf0fb136fe340f25dcb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit ce23b73f0f which is
commit 1d6123102e9fbedc8d25bf4731da6d513173e49e upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Id61431c9decd8e97b69d0a3871b2658242c092ee
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 43 out of 213 changes, affecting 47 files +324/-116
8a997e1ab5 mailbox: Not protect module_put with spin_lock_irqsave [1 file, +1/-1]
dcd5b32139 leds: multicolor: Fix intensity setting while SW blinking [1 file, +2/-1]
3a0f33c420 fuse: fix race between concurrent setattrs from multiple nodes [1 file, +11/-0]
9f0fa01811 PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane [1 file, +1/-4]
53809d38ec usb: Add checks for snprintf() calls in usb_alloc_dev() [1 file, +10/-4]
cf69fedbb1 usb: gadget: f_hid: wake up readers on disable/unbind [1 file, +17/-2]
10cc2cfd3e usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode [1 file, +4/-0]
1ef2737432 usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set [1 file, +2/-2]
1818fc3602 ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock [1 file, +2/-0]
ae2353d862 scsi: ufs: core: Don't perform UFS clkscaling during host async scan [1 file, +3/-0]
0437390086 ovl: Check for NULL d_inode() in ovl_dentry_upper() [1 file, +3/-1]
4149f0ee5e f2fs: don't over-report free space or inodes in statvfs [1 file, +18/-12]
61a9ad7b69 af_unix: Don't leave consecutive consumed OOB skbs. [1 file, +11/-2]
93abf5e0d5 fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio [1 file, +1/-1]
29d39e0d5f lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() [1 file, +8/-1]
a4f182ffa3 HID: wacom: fix crash in wacom_aes_battery_handler() [1 file, +1/-0]
ce23b73f0f Bluetooth: hci_core: Fix use-after-free in vhci_flush() [2 files, +32/-4]
0ee87c2814 ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() [1 file, +2/-0]
b10a795364 attach_recursive_mnt(): do not lock the covering tree when sliding something under it [1 file, +4/-4]
949060a623 af_unix: Don't set -ECONNRESET for consumed OOB skb. [1 file, +12/-6]
dbcd546400 vsock/uapi: fix linux/vm_sockets.h userspace compilation errors [1 file, +4/-0]
104048a4a4 net: selftests: fix TCP packet checksum [1 file, +3/-2]
2b8788496f serial: core: restore of_node information in sysfs [1 file, +1/-0]
5a8400ebc2 Bluetooth: L2CAP: Fix L2CAP MTU negotiation [1 file, +8/-1]
cf95f8426f maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() [1 file, +3/-1]
7b4ac8433c mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" [1 file, +10/-4]
c465f52333 f2fs: fix to zero post-eof page [1 file, +38/-0]
a85999b987 HID: wacom: fix memory leak on kobject creation failure [1 file, +3/-1]
2746d02066 HID: wacom: fix memory leak on sysfs attribute creation failure [1 file, +1/-0]
70017f56b1 HID: wacom: fix kobject reference count leak [1 file, +1/-0]
6a87e79404 scsi: ufs: core: Fix clk scaling to be conditional in reset and restore [1 file, +2/-1]
0519b61075 media: uvcvideo: Rollback non processed entities on error [1 file, +23/-11]
8b8a366e8c io_uring: fix potential page leak in io_sqe_buffer_register() [1 file, +5/-4]
53fd75f25b io_uring/rsrc: fix folio unpinning [1 file, +9/-4]
50998b0ae7 io_uring/rsrc: don't rely on user vaddr alignment [2 files, +5/-1]
399214d703 io_uring/net: improve recv bundles [1 file, +18/-0]
0c07f2bf49 io_uring/net: only retry recv bundle for a full transfer [1 file, +10/-4]
725fcba8bd io_uring/net: only consider msg_inq if larger than 1 [1 file, +2/-2]
b8be3ae062 io_uring/net: always use current transfer count for buffer put [1 file, +1/-1]
c8d152b8c1 io_uring/net: mark iov as dynamically allocated even for single segments [1 file, +6/-5]
560c3b51c7 io_uring/kbuf: flag partial buffer mappings [3 files, +17/-8]
1f4b030e08 mm/vma: reset VMA iterator on commit_merge() OOM failure [1 file, +8/-19]
287b9cec2e usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY [1 file, +1/-2]
Changes in 6.12.36
cifs: Correctly set SMB1 SessionKey field in Session Setup Request
cifs: Fix cifs_query_path_info() for Windows NT servers
cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode
NFSv4: Always set NLINK even if the server doesn't support it
NFSv4.2: fix listxattr to return selinux security label
NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated
mailbox: Not protect module_put with spin_lock_irqsave
mfd: max14577: Fix wakeup source leaks on device unbind
sunrpc: don't immediately retransmit on seqno miss
dm vdo indexer: don't read request structure after enqueuing
leds: multicolor: Fix intensity setting while SW blinking
fuse: fix race between concurrent setattrs from multiple nodes
cxl/region: Add a dev_err() on missing target list entries
NFSv4: xattr handlers should check for absent nfs filehandles
hwmon: (pmbus/max34440) Fix support for max34451
ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension
ksmbd: provide zero as a unique ID to the Mac client
rust: module: place cleanup_module() in .exit.text section
rust: arm: fix unknown (to Clang) argument '-mno-fdpic'
dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using
dmaengine: xilinx_dma: Set dma_device directions
PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane
PCI: apple: Fix missing OF node reference in apple_pcie_setup_port
PCI: imx6: Add workaround for errata ERR051624
nvme-tcp: fix I/O stalls on congested sockets
nvme-tcp: sanitize request list handling
md/md-bitmap: fix dm-raid max_write_behind setting
amd/amdkfd: fix a kfd_process ref leak
bcache: fix NULL pointer in cache_set_flush()
drm/amdgpu: seq64 memory unmap uses uninterruptible lock
drm/scheduler: signal scheduled fence when kill job
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
um: use proper care when taking mmap lock during segfault
8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices
coresight: Only check bottom two claim bits
usb: dwc2: also exit clock_gating when stopping udc while suspended
iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos
misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()
usb: potential integer overflow in usbg_make_tpg()
tty: serial: uartlite: register uart driver in init
usb: common: usb-conn-gpio: use a unique name for usb connector device
usb: Add checks for snprintf() calls in usb_alloc_dev()
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
usb: gadget: f_hid: wake up readers on disable/unbind
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set
riscv: add a data fence for CMODX in the kernel mode
ALSA: hda: Ignore unsol events for cards being shut down
ALSA: hda: Add new pci id for AMD GPU display HD audio controller
ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
ASoC: rt1320: fix speaker noise when volume bar is 100%
ceph: fix possible integer overflow in ceph_zero_objects()
scsi: ufs: core: Don't perform UFS clkscaling during host async scan
ovl: Check for NULL d_inode() in ovl_dentry_upper()
btrfs: handle csum tree error with rescue=ibadroots correctly
drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1
Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1"
btrfs: factor out nocow ordered extent and extent map generation into a helper
btrfs: use unsigned types for constants defined as bit shifts
btrfs: fix qgroup reservation leak on failure to allocate ordered extent
fs/jfs: consolidate sanity checking in dbMount
jfs: validate AG parameters in dbMount() to prevent crashes
ASoC: codec: wcd9335: Convert to GPIO descriptors
ASoC: codecs: wcd9335: Fix missing free of regulator supplies
f2fs: don't over-report free space or inodes in statvfs
PCI: apple: Use helper function for_each_child_of_node_scoped()
PCI: apple: Set only available ports up
accel/ivpu: Do not fail on cmdq if failed to allocate preemption buffers
accel/ivpu: Remove copy engine support
accel/ivpu: Make command queue ID allocated on XArray
accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation
accel/ivpu: Add debugfs interface for setting HWS priority bands
accel/ivpu: Trigger device recovery on engine reset/resume failure
af_unix: Don't leave consecutive consumed OOB skbs.
i2c: tiny-usb: disable zero-length read messages
i2c: robotfuzz-osif: disable zero-length read messages
ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk
smb: client: remove \t from TP_printk statements
mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write
ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15
s390/pkey: Prevent overflow in size calculation for memdup_user()
fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio
lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()
Revert "riscv: Define TASK_SIZE_MAX for __access_ok()"
Revert "riscv: misaligned: fix sleeping function called during misaligned access handling"
drm/xe/display: Add check for alloc_ordered_workqueue()
HID: wacom: fix crash in wacom_aes_battery_handler()
atm: clip: prevent NULL deref in clip_push()
Bluetooth: hci_core: Fix use-after-free in vhci_flush()
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
attach_recursive_mnt(): do not lock the covering tree when sliding something under it
libbpf: Fix null pointer dereference in btf_dump__free on allocation failure
ethernet: ionic: Fix DMA mapping tests
wifi: mac80211: fix beacon interval calculation overflow
af_unix: Don't set -ECONNRESET for consumed OOB skb.
wifi: mac80211: Add link iteration macro for link data
wifi: mac80211: Create separate links for VLAN interfaces
wifi: mac80211: finish link init before RCU publish
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
bnxt: properly flush XDP redirect lists
um: ubd: Add missing error check in start_io_thread()
libbpf: Fix possible use-after-free for externs
net: enetc: Correct endianness handling in _enetc_rd_reg64
netlink: specs: tc: replace underscores with dashes in names
atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR
net: selftests: fix TCP packet checksum
drm/amdgpu/discovery: optionally use fw based ip discovery
drm/amd: Adjust output for discovery error handling
drm/i915: fix build error some more
drm/bridge: ti-sn65dsi86: make use of debugfs_init callback
drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type
drm/xe: Process deferred GGTT node removals on device unwind
smb: client: fix potential deadlock when reconnecting channels
smb: smbdirect: add smbdirect_pdu.h with protocol definitions
smb: client: make use of common smbdirect_pdu.h
smb: smbdirect: add smbdirect.h with public structures
smb: smbdirect: add smbdirect_socket.h
smb: client: make use of common smbdirect_socket
smb: smbdirect: introduce smbdirect_socket_parameters
smb: client: make use of common smbdirect_socket_parameters
cifs: Fix the smbd_response slab to allow usercopy
cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code
EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs
x86/traps: Initialize DR6 by writing its architectural reset value
staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
serial: core: restore of_node information in sysfs
serial: imx: Restore original RXTL for console to fix data loss
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
dm-raid: fix variable in journal device check
btrfs: fix a race between renames and directory logging
btrfs: update superblock's device bytes_used when dropping chunk
spi: spi-cadence-quadspi: Fix pm runtime unbalance
net: libwx: fix the creation of page_pool
maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked"
f2fs: fix to zero post-eof page
HID: lenovo: Restrict F7/9/11 mode to compact keyboards only
HID: wacom: fix memory leak on kobject creation failure
HID: wacom: fix memory leak on sysfs attribute creation failure
HID: wacom: fix kobject reference count leak
scsi: megaraid_sas: Fix invalid node index
scsi: ufs: core: Fix clk scaling to be conditional in reset and restore
drm/ast: Fix comment on modeset lock
drm/cirrus-qemu: Fix pitch programming
drm/etnaviv: Protect the scheduler's pending list with its lock
drm/tegra: Assign plane type before registration
drm/tegra: Fix a possible null pointer dereference
drm/udl: Unregister device before cleaning up on disconnect
drm/msm/gpu: Fix crash when throttling GPU immediately during boot
drm/amdkfd: Fix race in GWS queue scheduling
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
drm/bridge: cdns-dsi: Fix phy de-init and flag it so
drm/bridge: cdns-dsi: Fix connecting to next bridge
drm/bridge: cdns-dsi: Check return value when getting default PHY config
drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
drm/amd/display: Add null pointer check for get_first_active_display()
drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram
drm/amd/display: Correct non-OLED pre_T11_delay.
drm/xe/vm: move rebind_work init earlier
drm/xe/sched: stop re-submitting signalled jobs
drm/xe/guc_submit: add back fix
drm/amd/display: Fix RMCM programming seq errors
drm/amdgpu: Add kicker device detection
drm/amd/display: Check dce_hwseq before dereferencing it
drm/xe: Fix memset on iomem
drm/xe: Fix taking invalid lock on wedge
drm/xe: Fix early wedge on GuC load failure
drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL
drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences
drm/amdgpu: switch job hw_fence to amdgpu_fence
drm/amd/display: Fix mpv playback corruption on weston
media: uvcvideo: Rollback non processed entities on error
x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE
x86/pkeys: Simplify PKRU update in signal frame
net: libwx: fix Tx L4 checksum
io_uring: fix potential page leak in io_sqe_buffer_register()
io_uring/rsrc: fix folio unpinning
io_uring/rsrc: don't rely on user vaddr alignment
io_uring/net: improve recv bundles
io_uring/net: only retry recv bundle for a full transfer
io_uring/net: only consider msg_inq if larger than 1
io_uring/net: always use current transfer count for buffer put
io_uring/net: mark iov as dynamically allocated even for single segments
io_uring/kbuf: flag partial buffer mappings
mm/vma: reset VMA iterator on commit_merge() OOM failure
r8169: add support for RTL8125D
net: phy: realtek: merge the drivers for internal NBase-T PHY's
net: phy: realtek: add RTL8125D-internal PHY
btrfs: do proper folio cleanup when cow_file_range() failed
iio: dac: ad3552r: changes to use FIELD_PREP
iio: dac: ad3552r: extract common code (no changes in behavior intended)
iio: dac: ad3552r-common: fix ad3541/2r ranges
drm/xe: Carve out wopcm portion from the stolen memory
usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY
drm/msm/dp: account for widebus and yuv420 during mode validation
drm/fbdev-dma: Add shadow buffering for deferred I/O
btrfs: skip inodes without loaded extent maps when shrinking extent maps
btrfs: make the extent map shrinker run asynchronously as a work queue job
btrfs: do regular iput instead of delayed iput during extent map shrinking
riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg
arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi
ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA
drm/amdkfd: remove gfx 12 trap handler page size cap
drm/amdkfd: Fix instruction hazard in gfx12 trap handler
net: stmmac: Fix accessing freed irq affinity_hint
spi: fsl-qspi: use devm function instead of driver remove
btrfs: zoned: fix extent range end unlock in cow_file_range()
btrfs: fix use-after-free on inode when scanning root during em shrinking
spi: fsl-qspi: Fix double cleanup in probe error path
Linux 6.12.36
Change-Id: Ie7748fa6d766a9cf7800e67297e404cb90bd359c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f3cb5676e5c11c896ba647ee309a993e73531588 upstream.
The unconditional call of hci_disable_advertising_sync() in
mesh_send_done_sync() also disables other LE advertisings (non mesh
related).
I am not sure whether this call is required at all, but checking the
adv_instances list (like done at other places) seems to solve the
problem.
Fixes: b338d91703 ("Bluetooth: Implement support for Mesh")
Cc: stable@vger.kernel.org
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 46c0d947b64ac8efcf89dd754213dab5d1bd00aa upstream.
This reverts minor parts of the changes made in commit b338d91703
("Bluetooth: Implement support for Mesh"). It looks like these changes
were only made for development purposes but shouldn't have been part of
the commit.
Fixes: b338d91703 ("Bluetooth: Implement support for Mesh")
Cc: stable@vger.kernel.org
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 89fb8acc38852116d38d721ad394aad7f2871670 upstream.
Currently, for controllers with extended advertising, the advertising
data is set in the asynchronous response handler for extended
adverstising params. As most advertising settings are performed in a
synchronous context, the (asynchronous) setting of the advertising data
is done too late (after enabling the advertising).
Move setting of adverstising data from asynchronous response handler
into synchronous context to fix ordering of HCI commands.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Fixes: a0fb3726ba ("Bluetooth: Use Set ext adv/scan rsp data if controller supports")
Cc: stable@vger.kernel.org
v2: https://lore.kernel.org/linux-bluetooth/20250626115209.17839-1-ceggers@arri.de/
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 4e83f2dbb2 which is
commit 6fe26f694c824b8a4dbf50c635bee1302e3f099c upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: Ia71be8ae26f83011527d07fbbfdf9d6d282f23a4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 105 out of 506 changes, affecting 145 files +1290/-523
623074162b sched: Fix trace_sched_switch(.prev_state) [1 file, +4/-2]
781bbc8252 perf/core: Fix broken throttling when max_samples_per_tick=1 [1 file, +8/-8]
451a18d71b sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks [1 file, +6/-0]
5b814cde62 brd: fix aligned_sector from brd_do_discard() [1 file, +1/-1]
48e11bcee9 brd: fix discard end sector [1 file, +6/-3]
9cfca45aec erofs: fix file handle encoding for 64-bit NIDs [1 file, +36/-8]
65115472f7 erofs: avoid using multiple devices with different type [1 file, +4/-1]
58beaa1aee rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture [3 files, +10/-6]
5ed92ad1b7 crypto: xts - Only add ecb if it is not already there [1 file, +2/-2]
e9ecaeaf41 kunit: Fix wrong parameter to kunit_deactivate_static_stub() [1 file, +1/-1]
9c094deb6b crypto: api - Redo lookup on EEXIST [1 file, +11/-2]
81d72f9241 PM: EM: Fix potential division-by-zero error in em_compute_costs() [1 file, +4/-0]
0426e92970 PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() [1 file, +3/-0]
77d45ba1be PM: sleep: Print PM debug messages during hibernation [3 files, +11/-1]
45844a9403 ALSA: core: fix up bus match const issues. [4 files, +8/-8]
fa65c89f3f arm64/fpsimd: Avoid RES0 bits in the SME trap handler [2 files, +9/-7]
6103f9ba51 arm64/fpsimd: Discard stale CPU state when handling SME traps [1 file, +2/-0]
945d247d1c arm64/fpsimd: Don't corrupt FPMR when streaming mode changes [1 file, +3/-3]
55d52af498 arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP [1 file, +1/-1]
2756dac036 arm64/fpsimd: Reset FPMR upon exec() [1 file, +3/-0]
f5ffc750db arm64/fpsimd: Fix merging of FPSIMD state during signal return [1 file, +1/-1]
0860d48b70 firmware: psci: Fix refcount leak in psci_dt_init [1 file, +3/-1]
64a9ee6e11 arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused [1 file, +2/-2]
b3cfc1f9f5 arm64/fpsimd: Do not discard modified SVE state [3 files, +47/-17]
e55f46a11b overflow: Fix direct struct member initialization in _DEFINE_FLEX() [1 file, +3/-3]
671dd1fb87 bpf: Check link_create.flags parameter for multi_kprobe [1 file, +3/-0]
3a8e680f7d bpf, sockmap: fix duplicated data transmission [1 file, +9/-5]
3d25fa2d7f bpf, sockmap: Fix panic when calling skb_linearize [1 file, +16/-15]
44a51592ac f2fs: zone: fix to avoid inconsistence in between SIT and SSA [1 file, +3/-0]
4f51fb0d25 page_pool: Track DMA-mapped pages and unmap them when destroying the pool [5 files, +147/-18]
88f65bb66d iommu: Protect against overflow in iommu_pgsize() [1 file, +3/-1]
04daca6012 f2fs: clean up w/ fscrypt_is_bounce_page() [1 file, +1/-1]
4248ba53e4 f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() [1 file, +1/-1]
c1f418cc27 bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps [1 file, +16/-11]
e53a8dcd36 tracing: Move histogram trigger variables from stack to per CPU structure [1 file, +105/-15]
69a995644a efi/libstub: Describe missing 'out' parameter in efi_load_initrd [1 file, +1/-0]
709412b92a tracing: Fix error handling in event_trigger_parse() [1 file, +2/-2]
c98cdf6795 bpf: Fix WARN() in get_bpf_raw_tp_regs [1 file, +1/-1]
e0657136ae scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() [1 file, +0/-6]
6bfb154f95 kernfs: Relax constraint in draining guard [2 files, +5/-3]
df00f9147e Bluetooth: ISO: Fix not using SID from adv report [5 files, +75/-14]
1d249cc92d bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" [1 file, +2/-0]
1750c3f1d9 Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() [1 file, +1/-1]
15c0250dae bpf, sockmap: Avoid using sk_socket after free when sending [1 file, +8/-0]
30a9e834c7 net: usb: aqc111: fix error handling of usbnet read calls [1 file, +8/-2]
7893a41dea vsock/virtio: fix `rx_bytes` accounting for stream sockets [2 files, +17/-10]
2bc6dffb4b bpf: Avoid __bpf_prog_ret0_warn when jit fails [1 file, +1/-1]
ddc654e89a net: phy: clear phydev->devlink when the link is deleted [1 file, +3/-1]
f15ed37dd3 net: phy: fix up const issues in to_mdio_device() and to_phy_device() [2 files, +2/-8]
532601e783 f2fs: use d_inode(dentry) cleanup dentry->d_inode [2 files, +6/-6]
0befc3005d f2fs: fix to correct check conditions in f2fs_cross_rename [1 file, +1/-1]
2eeb181e76 dm: don't change md if dm_table_set_restrictions() fails [1 file, +12/-10]
48e0b54be4 dm: free table mempools if not used in __bind [1 file, +4/-4]
17e4b0fcd2 PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() [1 file, +1/-1]
0a3e2ec508 PCI: endpoint: Retain fixed-size BAR size as well as aligned size [2 files, +18/-7]
9f40ae8310 USB: gadget: udc: fix const issue in gadget_match_driver() [1 file, +1/-1]
4bd30962f3 USB: typec: fix const issue in typec_match() [1 file, +1/-1]
3091d4c0d0 loop: add file_start_write() and file_end_write() [1 file, +6/-2]
90891eadb8 Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated [1 file, +4/-4]
e869a85acc page_pool: Fix use-after-free in page_pool_recycle_in_ring [1 file, +14/-13]
c762fc79d7 net: tipc: fix refcount warning in tipc_aead_encrypt [1 file, +5/-1]
b788cebf72 Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION [1 file, +2/-1]
4399f59a94 net: fix udp gso skb_segment after pull from frag_list [1 file, +5/-0]
0cffc6e40d PM: sleep: Fix power.is_suspended cleanup for direct-complete devices [1 file, +2/-1]
f34dc858e6 netfilter: nf_nat: also check reverse tuple to obtain clashing entry [1 file, +9/-3]
4f0fcdb835 wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements [4 files, +83/-32]
933466fc50 wireguard: device: enable threaded NAPI [1 file, +1/-0]
1be1f3b848 iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec [1 file, +1/-1]
1d79230719 path_overmount(): avoid false negatives [1 file, +13/-6]
e1d02fe504 fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) [1 file, +1/-1]
9c1ddfeb66 do_change_type(): refuse to operate on unmounted/not ours mounts [1 file, +4/-0]
80f7c5be4f pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() [2 files, +42/-0]
3464a707d1 scsi: core: ufs: Fix a hang in the error handler [1 file, +6/-1]
99e3d69853 Bluetooth: hci_core: fix list_for_each_entry_rcu usage [1 file, +3/-8]
9df3e5e7f7 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete [3 files, +12/-30]
84ab1283eb Bluetooth: MGMT: Remove unused mgmt_pending_find_data [2 files, +0/-21]
4e83f2dbb2 Bluetooth: MGMT: Protect mgmt_pending list with its own lock [5 files, +80/-59]
d1bc80da75 net_sched: sch_sfq: fix a potential crash on gso_skb handling [1 file, +4/-1]
1e0de7582c net: Fix TOCTOU issue in sk_is_readable() [1 file, +5/-2]
78fa7b723e macsec: MACsec SCI assignment for ES = 0 [1 file, +34/-6]
b02d9d2732 net/mdiobus: Fix potential out-of-bounds read/write access [1 file, +6/-0]
31bf7b2b92 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access [1 file, +6/-0]
842f7c3154 Bluetooth: Fix NULL pointer deference on eir_get_service_data [1 file, +6/-4]
907ef6e12f Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance [1 file, +15/-5]
2af40d795d Bluetooth: eir: Fix possible crashes on eir_create_adv_data [3 files, +8/-6]
7a41744e38 Bluetooth: MGMT: Fix sparse errors [1 file, +2/-2]
e3f6745006 net_sched: prio: fix a race in prio_tune() [1 file, +1/-1]
180b12eafa net_sched: tbf: fix a race in tbf_change() [1 file, +1/-1]
0a2500782f fs/filesystems: Fix potential unsigned integer underflow in fs_name() [1 file, +9/-5]
f351bb3085 perf: Ensure bpf_perf_link path is properly serialized [1 file, +30/-4]
a5c7b61eed block: use q->elevator with ->elevator_lock held in elv_iosched_show() [1 file, +1/-2]
af8c13f9ee io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() [2 files, +14/-7]
0fccb6773b block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work [1 file, +5/-2]
48f33ec141 io_uring: consistently use rcu semantics with sqpoll thread [4 files, +38/-15]
a9022c8631 bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP [1 file, +1/-1]
4b1ef15ffd block: Fix bvec_set_folio() for very large folios [1 file, +5/-2]
84e9f0a2c2 ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 [1 file, +1/-0]
c29d531870 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() [1 file, +9/-0]
657003ced7 usb: Flush altsetting 0 endpoints before reinitializating them after reset. [1 file, +14/-2]
7bdd712abe usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work [1 file, +71/-20]
b8df8cb8f7 ring-buffer: Do not trigger WARN_ON() due to a commit_overrun [1 file, +18/-8]
e09c0600be ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() [1 file, +1/-3]
2d6a6cfe96 ring-buffer: Move cpus_read_lock() outside of buffer->mutex [1 file, +6/-5]
5ed1d7a700 net: usb: aqc111: debug info before sanitation [1 file, +4/-4]
ab20b0bdb0 overflow: Introduce __DEFINE_FLEX for having no initializer [1 file, +19/-6]
Changes in 6.12.34
tools/x86/kcpuid: Fix error handling
x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt()
crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run()
sched: Fix trace_sched_switch(.prev_state)
perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member
perf/x86/amd/uncore: Prevent UMC counters from saturating
gfs2: replace sd_aspace with sd_inode
gfs2: gfs2_create_inode error handling fix
perf/core: Fix broken throttling when max_samples_per_tick=1
crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions
powerpc: do not build ppc_save_regs.o always
powerpc/crash: Fix non-smp kexec preparation
sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks
x86/microcode/AMD: Do not return error when microcode update is not necessary
crypto: sun8i-ce - undo runtime PM changes during driver removal
x86/cpu: Sanitize CPUID(0x80000000) output
x86/insn: Fix opcode map (!REX2) superscript tags
brd: fix aligned_sector from brd_do_discard()
brd: fix discard end sector
kselftest: cpufreq: Get rid of double suspend in rtcwake case
crypto: marvell/cesa - Handle zero-length skcipher requests
crypto: marvell/cesa - Avoid empty transfer descriptor
erofs: fix file handle encoding for 64-bit NIDs
erofs: avoid using multiple devices with different type
powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view
btrfs: scrub: update device stats when an error is detected
btrfs: scrub: fix a wrong error type when metadata bytenr mismatches
btrfs: fix invalid data space release when truncating block in NOCOW mode
rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture
crypto: lrw - Only add ecb if it is not already there
crypto: xts - Only add ecb if it is not already there
crypto: sun8i-ce - move fallback ahash_request to the end of the struct
kunit: Fix wrong parameter to kunit_deactivate_static_stub()
crypto: api - Redo lookup on EEXIST
ACPICA: exserial: don't forget to handle FFixedHW opregions for reading
ASoC: tas2764: Enable main IRQs
ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()
EDAC/skx_common: Fix general protection fault
EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0
spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers
spi: tegra210-quad: remove redundant error handling code
spi: tegra210-quad: modify chip select (CS) deactivation
power: reset: at91-reset: Optimize at91_reset()
PM: EM: Fix potential division-by-zero error in em_compute_costs()
ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type
ASoC: SOF: amd: add missing acp descriptor field
PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()
ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[]
x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
PM: sleep: Print PM debug messages during hibernation
thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure
ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
spi: sh-msiof: Fix maximum DMA transfer size
ASoC: apple: mca: Constrain channels according to TDM mask
ALSA: core: fix up bus match const issues.
drm/vmwgfx: Add seqno waiter for sync_files
drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource
drm/vmwgfx: Fix dumb buffer leak
drm/xe/d3cold: Set power state to D3Cold during s2idle/s3
drm/vc4: tests: Use return instead of assert
drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table
media: rkvdec: Fix frame size enumeration
arm64/fpsimd: Avoid RES0 bits in the SME trap handler
arm64/fpsimd: Discard stale CPU state when handling SME traps
arm64/fpsimd: Don't corrupt FPMR when streaming mode changes
arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP
arm64/fpsimd: Reset FPMR upon exec()
arm64/fpsimd: Fix merging of FPSIMD state during signal return
drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions
drm/panthor: Update panthor_mmu::irq::mask when needed
perf: arm-ni: Unregister PMUs on probe failure
perf: arm-ni: Fix missing platform_set_drvdata()
drm/panel: samsung-sofef00: Drop s6e3fc2x01 support
drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe()
fs/ntfs3: handle hdr_first_de() return value
fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr
kunit/usercopy: Disable u64 test on 32-bit SPARC
watchdog: exar: Shorten identity name to fit correctly
m68k: mac: Fix macintosh_config for Mac II
firmware: psci: Fix refcount leak in psci_dt_init
arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX
arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused
selftests/seccomp: fix syscall_restart test for arm compat
drm/msm/dpu: enable SmartDMA on SM8150
drm/msm/dpu: enable SmartDMA on SC8180X
drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
drm/vkms: Adjust vkms_state->active_planes allocation type
drm/tegra: rgb: Fix the unbound reference count
firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
arm64/fpsimd: Do not discard modified SVE state
overflow: Fix direct struct member initialization in _DEFINE_FLEX()
scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create()
selftests/seccomp: fix negative_ENOSYS tracer tests on arm32
drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3
drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr
drm/mediatek: Fix kobject put for component sub-drivers
drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err
media: verisilicon: Free post processor buffers on error
svcrdma: Reduce the number of rdma_rw contexts per-QP
xen/x86: fix initial memory balloon target
wifi: ath11k: fix node corruption in ar->arvifs list
wifi: ath12k: Fix memory leak during vdev_id mismatch
wifi: ath12k: Fix invalid memory access while forming 802.11 header
IB/cm: use rwlock for MAD agent lock
bpf: Check link_create.flags parameter for multi_kprobe
selftests/bpf: Fix bpf_nf selftest failure
bpf: fix ktls panic with sockmap
bpf, sockmap: fix duplicated data transmission
bpf, sockmap: Fix panic when calling skb_linearize
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
wifi: ath12k: fix cleanup path after mhi init
wifi: ath12k: Fix WMI tag for EHT rate in peer assoc
wifi: ath12k: Fix buffer overflow in debugfs
f2fs: clean up unnecessary indentation
f2fs: prevent the current section from being selected as a victim during GC
f2fs: fix to do sanity check on sbi->total_valid_block_count
page_pool: Move pp_magic check into helper functions
page_pool: Track DMA-mapped pages and unmap them when destroying the pool
net: ncsi: Fix GCPS 64-bit member variables
libbpf: Fix buffer overflow in bpf_object__init_prog
net/mlx5: Avoid using xso.real_dev unnecessarily
xfrm: Use xdo.dev instead of xdo.real_dev
wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT
wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally
wifi: rtw88: do not ignore hardware read error during DPK
wifi: ath12k: fix invalid access to memory
wifi: ath12k: Add MSDU length validation for TKIP MIC error
wifi: ath12k: Fix the QoS control field offset to build QoS header
wifi: ath12k: fix node corruption in ar->arvifs list
RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
libbpf: Fix event name too long error
libbpf: Remove sample_period init in perf_buffer
Use thread-safe function pointer in libbpf_print
iommu: Protect against overflow in iommu_pgsize()
bonding: assign random address if device address is same as bond
f2fs: clean up w/ fscrypt_is_bounce_page()
f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels
libbpf: Use proper errno value in linker
bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps
netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it
netfilter: nft_quota: match correctly when the quota just depleted
netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
tracing: Move histogram trigger variables from stack to per CPU structure
clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs
clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs
bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels
clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
wifi: iwlfiwi: mvm: Fix the rate reporting
efi/libstub: Describe missing 'out' parameter in efi_load_initrd
selftests/bpf: Fix caps for __xlated/jited_unpriv
tracing: Rename event_trigger_alloc() to trigger_data_alloc()
tracing: Fix error handling in event_trigger_parse()
of: unittest: Unlock on error in unittest_data_add()
ktls, sockmap: Fix missing uncharge operation
libbpf: Use proper errno value in nlattr
pinctrl: at91: Fix possible out-of-boundary access
bpf: Fix WARN() in get_bpf_raw_tp_regs
dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference
clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz
s390/bpf: Store backchain even for leaf progs
wifi: rtw89: pci: enlarge retry times of RX tag to 1000
wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips
iommu: remove duplicate selection of DMAR_TABLE
wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
hisi_acc_vfio_pci: fix XQE dma address error
hisi_acc_vfio_pci: add eq and aeq interruption restore
hisi_acc_vfio_pci: bugfix live migration function without VF device driver
wifi: ath9k_htc: Abort software beacon handling if disabled
scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort()
kernfs: Relax constraint in draining guard
Bluetooth: ISO: Fix not using SID from adv report
wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init()
wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
wifi: mt76: mt7925: prevent multiple scan commands
wifi: mt76: mt7925: refine the sniffer commnad
wifi: mt76: mt7925: ensure all MCU commands wait for response
wifi: mt76: mt7996: set EHT max ampdu length capability
wifi: mt76: mt7996: fix RX buffer size of MCU event
bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic"
netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds
netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
vfio/type1: Fix error unwind in migration dirty bitmap allocation
Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach()
Bluetooth: btintel: Check dsbr size from EFI variable
bpf, sockmap: Avoid using sk_socket after free when sending
netfilter: nf_tables: nft_fib: consistent l3mdev handling
netfilter: nft_tunnel: fix geneve_opt dump
RISC-V: KVM: lock the correct mp_state during reset
net: usb: aqc111: fix error handling of usbnet read calls
vsock/virtio: fix `rx_bytes` accounting for stream sockets
RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work
net: lan966x: Fix 1-step timestamping over ipv4 or ipv6
net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit
bpf: Avoid __bpf_prog_ret0_warn when jit fails
net: phy: clear phydev->devlink when the link is deleted
net: phy: fix up const issues in to_mdio_device() and to_phy_device()
net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
net: lan743x: Fix PHY reset handling during initialization and WOL
net: phy: mscc: Fix memory leak when using one step timestamping
octeontx2-pf: QOS: Perform cache sync on send queue teardown
octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback
calipso: Don't call calipso functions for AF_INET sk.
net: openvswitch: Fix the dead loop of MPLS parse
net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
f2fs: use d_inode(dentry) cleanup dentry->d_inode
f2fs: fix to correct check conditions in f2fs_cross_rename
arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent
arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures
arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node
arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on
arm64: dts: qcom: sdm845-starqltechn: remove wifi
arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake
arm64: dts: qcom: sdm845-starqltechn: refactor node order
arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios
arm64: dts: qcom: sm8350: Reenable crypto & cryptobam
arm64: dts: qcom: sm8250: Fix CPU7 opp table
arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies
arm64: dts: qcom: ipq9574: Fix USB vdd info
arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588
ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
ARM: dts: at91: at91sam9263: fix NAND chip selects
arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains
arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO
arm64: dts: mt8183: Add port node to mt8183.dtsi
arm64: dts: imx8mm-beacon: Fix RTC capacitive load
arm64: dts: imx8mn-beacon: Fix RTC capacitive load
arm64: dts: imx8mp-beacon: Fix RTC capacitive load
arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio
arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio
arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles
arm64: dts: mt6359: Add missing 'compatible' property to regulators node
arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply
arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning
arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c
arm64: dts: rockchip: Update eMMC for NanoPi R5 series
arm64: tegra: Drop remaining serial clock-names and reset-names
arm64: tegra: Add uartd serial alias for Jetson TX1 module
arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E
soc: qcom: smp2p: Fix fallback to qcom,ipc parse
Squashfs: check return result of sb_min_blocksize
ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
nilfs2: add pointer check for nilfs_direct_propagate()
nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
bus: fsl-mc: fix double-free on mc_dev
dt-bindings: vendor-prefixes: Add Liontron name
ARM: dts: qcom: apq8064: add missing clocks to the timer node
ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device
ARM: dts: qcom: apq8064: move replicator out of soc node
arm64: defconfig: mediatek: enable PHY drivers
arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou
arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects
arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups
arm64: dts: mt6359: Rename RTC node to match binding expectations
ARM: aspeed: Don't select SRAM
soc: aspeed: lpc: Fix impossible judgment condition
soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
randstruct: gcc-plugin: Remove bogus void member
randstruct: gcc-plugin: Fix attribute addition
perf build: Warn when libdebuginfod devel files are not available
perf ui browser hists: Set actions->thread before calling do_zoom_thread()
dm: don't change md if dm_table_set_restrictions() fails
dm: free table mempools if not used in __bind
backlight: pm8941: Add NULL check in wled_configure()
x86/irq: Ensure initial PIR loads are performed exactly once
mtd: nand: ecc-mxic: Fix use of uninitialized variable ret
hwmon: (asus-ec-sensors) check sensor index in read_string()
perf symbol-minimal: Fix double free in filename__read_build_id
dm: fix dm_blk_report_zones
dm-flakey: error all IOs when num_features is absent
dm-flakey: make corrupting read bios work
perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids()
perf tests: Fix 'perf report' tests installation
perf intel-pt: Fix PEBS-via-PT data_src
perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3
remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick}
remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick}
rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe()
mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove()
mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
perf tests switch-tracking: Fix timestamp comparison
mailbox: imx: Fix TXDB_V2 sending
mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting
perf symbol: Fix use-after-free in filename__read_build_id
perf record: Fix incorrect --user-regs comments
perf trace: Always print return value for syscalls returning a pid
nfs: clear SB_RDONLY before getting superblock
nfs: ignore SB_RDONLY when remounting nfs
perf trace: Set errpid to false for rseq and set_robust_list
perf callchain: Always populate the addr_location map when adding IP
cifs: Fix validation of SMB1 query reparse point response
rust: alloc: add missing invariant in Vec::set_len()
rtc: sh: assign correct interrupts with DT
phy: rockchip: samsung-hdptx: Fix clock ratio setup
phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors
PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus()
PCI: rcar-gen4: set ep BAR4 fixed size
PCI: cadence: Fix runtime atomic count underflow
PCI: apple: Use gpiod_set_value_cansleep in probe flow
phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
dmaengine: ti: Add NULL check in udma_probe()
PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()
PCI/DPC: Initialize aer_err_info before using it
PCI/DPC: Log Error Source ID only when valid
rtc: loongson: Add missing alarm notifications for ACPI RTC events
PCI: endpoint: Retain fixed-size BAR size as well as aligned size
usb: renesas_usbhs: Reorder clock handling and power management in probe
serial: Fix potential null-ptr-deref in mlb_usio_probe()
thunderbolt: Fix a logic error in wake on connect
iio: filter: admv8818: fix band 4, state 15
iio: filter: admv8818: fix integer overflow
iio: filter: admv8818: fix range calculation
iio: filter: admv8818: Support frequencies >= 2^32
iio: adc: ad7124: Fix 3dB filter frequency reading
usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink()
MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a
coresight: Fixes device's owner field for registered using coresight_init_driver()
coresight: catu: Introduce refcount and spinlock for enabling/disabling
counter: interrupt-cnt: Protect enable/disable OPs with mutex
fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
coresight: prevent deactivate active config while enabling the config
vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array()
iio: adc: PAC1934: fix typo in documentation link
iio: adc: mcp3911: fix device dependent mappings for conversion result registers
USB: gadget: udc: fix const issue in gadget_match_driver()
USB: typec: fix const issue in typec_match()
loop: add file_start_write() and file_end_write()
drm/xe: Make xe_gt_freq part of the Documentation
Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated
page_pool: Fix use-after-free in page_pool_recycle_in_ring
net: stmmac: platform: guarantee uniqueness of bus_id
gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
net: tipc: fix refcount warning in tipc_aead_encrypt
driver: net: ethernet: mtk_star_emac: fix suspend/resume issue
net/mlx4_en: Prevent potential integer overflow calculating Hz
net: lan966x: Make sure to insert the vlan tags also in host mode
spi: bcm63xx-spi: fix shared reset
spi: bcm63xx-hsspi: fix shared reset
Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
ice: fix Tx scheduler error handling in XDP callback
ice: create new Tx scheduler nodes for new queues only
ice: fix rebuilding the Tx scheduler tree for large queue counts
idpf: fix a race in txq wakeup
idpf: avoid mailbox timeout delays during reset
net: dsa: tag_brcm: legacy: fix pskb_may_pull length
net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
net: stmmac: make sure that ptp_rate is not 0 before configuring EST
drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h
drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP
drm/i915/guc: Handle race condition where wakeref count drops below 0
net: fix udp gso skb_segment after pull from frag_list
net: wwan: t7xx: Fix napi rx poll issue
vmxnet3: correctly report gso type for UDP tunnels
selftests: net: build net/lib dependency in all target
PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
nvme: fix command limits status code
gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
drm/panel-simple: fix the warnings for the Evervision VGG644804
netfilter: nf_set_pipapo_avx2: fix initial map fill
netfilter: nf_nat: also check reverse tuple to obtain clashing entry
net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces.
net: dsa: b53: do not enable RGMII delay on bcm63xx
net: dsa: b53: allow RGMII for bcm63xx RGMII ports
net: dsa: b53: do not touch DLL_IQQD on bcm53115
wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements
net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing
wireguard: device: enable threaded NAPI
seg6: Fix validation of nexthop addresses
riscv: misaligned: fix sleeping function called during misaligned access handling
scsi: ufs: qcom: Prevent calling phy_exit() before phy_init()
ASoC: codecs: hda: Fix RPM usage count underflow
ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX
ASoC: Intel: avs: Verify content returned by parse_int_array()
ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init
iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec
path_overmount(): avoid false negatives
fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
do_change_type(): refuse to operate on unmounted/not ours mounts
tools/power turbostat: Fix AMD package-energy reporting
ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315
ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247
ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA
ALSA: hda/realtek - Support mute led function for HP platform
ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
Input: synaptics-rmi - fix crash with unsupported versions of F34
pmdomain: core: Introduce dev_pm_genpd_rpm_always_on()
mmc: sdhci-of-dwcmshc: add PD workaround on RK3576
arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown
arm64: dts: qcom: x1e80100: Add GPU cooling
pinctrl: samsung: refactor drvdata suspend & resume callbacks
pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks
pinctrl: samsung: add gs101 specific eint suspend/resume callbacks
dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3
dt-bindings: pwm: Correct indentation and style in DTS example
dt-bindings: pwm: adi,axi-pwmgen: Fix clocks
serial: sh-sci: Move runtime PM enable to sci_probe_single()
scsi: core: ufs: Fix a hang in the error handler
Bluetooth: hci_core: fix list_for_each_entry_rcu usage
Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers
Bluetooth: btintel_pcie: Increase the tx and rx descriptor count
Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition
Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
Bluetooth: MGMT: Remove unused mgmt_pending_find_data
Bluetooth: MGMT: Protect mgmt_pending list with its own lock
net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0
ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
ath10k: snoc: fix unbalanced IRQ enable in crash recovery
wifi: ath11k: convert timeouts to secs_to_jiffies()
wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request()
wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process()
wifi: ath11k: don't wait when there is no vdev started
wifi: ath11k: move some firmware stats related functions outside of debugfs
wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready
wifi: ath12k: refactor ath12k_hw_regs structure
wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt()
spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message
spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted
pinctrl: qcom: pinctrl-qcm2290: Add missing pins
scsi: iscsi: Fix incorrect error path labels for flashnode operations
net_sched: sch_sfq: fix a potential crash on gso_skb handling
powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
drm/meson: use unsigned long long / Hz for frequency types
drm/meson: fix debug log statement when setting the HDMI clocks
drm/meson: use vclk_freq instead of pixel_freq in debug print
drm/meson: fix more rounding issues with 59.94Hz modes
i40e: return false from i40e_reset_vf if reset is in progress
i40e: retry VFLR handling if there is ongoing VF reset
ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
net: Fix TOCTOU issue in sk_is_readable()
macsec: MACsec SCI assignment for ES = 0
net/mdiobus: Fix potential out-of-bounds read/write access
net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
Bluetooth: Fix NULL pointer deference on eir_get_service_data
Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance
Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Bluetooth: MGMT: Fix sparse errors
net/mlx5: Ensure fw pages are always allocated on same NUMA
net/mlx5: Fix ECVF vports unload on shutdown flow
net/mlx5: Fix return value when searching for existing flow group
net/mlx5: HWS, fix missing ip_version handling in definer
net/mlx5e: Fix leak of Geneve TLV option object
net_sched: prio: fix a race in prio_tune()
net_sched: red: fix a race in __red_change()
net_sched: tbf: fix a race in tbf_change()
net_sched: ets: fix a race in ets_qdisc_change()
net: drv: netdevsim: don't napi_complete() from netpoll
btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
fs/filesystems: Fix potential unsigned integer underflow in fs_name()
gfs2: pass through holder from the VFS for freeze/thaw
btrfs: exit after state split error at set_extent_bit()
nvmet-fcloop: access fcpreq only when holding reqlock
perf: Ensure bpf_perf_link path is properly serialized
block: use q->elevator with ->elevator_lock held in elv_iosched_show()
io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo()
block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work
io_uring: consistently use rcu semantics with sqpoll thread
bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP
block: Fix bvec_set_folio() for very large folios
objtool/rust: relax slice condition to cover more `noreturn` Rust functions
tools/resolve_btfids: Fix build when cross compiling kernel with clang.
Revert "wifi: mwifiex: Fix HT40 bandwidth issue."
ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
nvmem: zynqmp_nvmem: unbreak driver after cleanup
usb: usbtmc: Fix read_stb function and get_stb ioctl
VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
tty: serial: 8250_omap: fix TX with DMA for am33xx
usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence
usb: cdnsp: Fix issue with detecting command completion event
usb: cdnsp: Fix issue with detecting USB 3.2 speed
usb: Flush altsetting 0 endpoints before reinitializating them after reset.
usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work
9p: Add a migrate_folio method
ring-buffer: Do not trigger WARN_ON() due to a commit_overrun
ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set()
ring-buffer: Move cpus_read_lock() outside of buffer->mutex
xfs: don't assume perags are initialised when trimming AGs
xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
x86/iopl: Cure TIF_IO_BITMAP inconsistencies
x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler
calipso: unlock rcu before returning -EAFNOSUPPORT
regulator: dt-bindings: mt6357: Drop fixed compatible requirement
usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n
net: usb: aqc111: debug info before sanitation
overflow: Introduce __DEFINE_FLEX for having no initializer
gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add
drm/meson: Use 1000ULL when operating with mode->clock
thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit
Linux 6.12.34
Change-Id: I679f0f1ddcf9bf8a0b86089ccb7b78536f5bc441
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 042bb9603c44620dce98717a2d23235ca57a00d7 upstream.
OBEX download from iPhone is currently slow due to small packet size
used to transfer data which doesn't follow the MTU negotiated during
L2CAP connection, i.e. 672 bytes instead of 32767:
< ACL Data TX: Handle 11 flags 0x00 dlen 12
L2CAP: Connection Request (0x02) ident 18 len 4
PSM: 4103 (0x1007)
Source CID: 72
> ACL Data RX: Handle 11 flags 0x02 dlen 16
L2CAP: Connection Response (0x03) ident 18 len 8
Destination CID: 14608
Source CID: 72
Result: Connection successful (0x0000)
Status: No further information available (0x0000)
< ACL Data TX: Handle 11 flags 0x00 dlen 27
L2CAP: Configure Request (0x04) ident 20 len 19
Destination CID: 14608
Flags: 0x0000
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 63
Max transmit: 3
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
> ACL Data RX: Handle 11 flags 0x02 dlen 26
L2CAP: Configure Request (0x04) ident 72 len 18
Destination CID: 72
Flags: 0x0000
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 32
Max transmit: 255
Retransmission timeout: 0
Monitor timeout: 0
Maximum PDU size: 65527
Option: Frame Check Sequence (0x05) [mandatory]
FCS: 16-bit FCS (0x01)
< ACL Data TX: Handle 11 flags 0x00 dlen 29
L2CAP: Configure Response (0x05) ident 72 len 21
Source CID: 14608
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 672
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 32
Max transmit: 255
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
> ACL Data RX: Handle 11 flags 0x02 dlen 32
L2CAP: Configure Response (0x05) ident 20 len 24
Source CID: 72
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 63
Max transmit: 3
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
Option: Frame Check Sequence (0x05) [mandatory]
FCS: 16-bit FCS (0x01)
...
> ACL Data RX: Handle 11 flags 0x02 dlen 680
Channel: 72 len 676 ctrl 0x0202 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 1 ReqSeq 2
< ACL Data TX: Handle 11 flags 0x00 dlen 13
Channel: 14608 len 9 ctrl 0x0204 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 2 ReqSeq 2
> ACL Data RX: Handle 11 flags 0x02 dlen 680
Channel: 72 len 676 ctrl 0x0304 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Unsegmented TxSeq 2 ReqSeq 3
The MTUs are negotiated for each direction. In this traces 32767 for
iPhone->localhost and no MTU for localhost->iPhone, which based on
'4.4 L2CAP_CONFIGURATION_REQ' (Core specification v5.4, Vol. 3, Part
A):
The only parameters that should be included in the
L2CAP_CONFIGURATION_REQ packet are those that require different
values than the default or previously agreed values.
...
Any missing configuration parameters are assumed to have their
most recently explicitly or implicitly accepted values.
and '5.1 Maximum transmission unit (MTU)':
If the remote device sends a positive L2CAP_CONFIGURATION_RSP
packet it should include the actual MTU to be used on this channel
for traffic flowing into the local device.
...
The default value is 672 octets.
is set by BlueZ to 672 bytes.
It seems that the iPhone used the lowest negotiated value to transfer
data to the localhost instead of the negotiated one for the incoming
direction.
This could be fixed by using the MTU negotiated for the other
direction, if exists, in the L2CAP_CONFIGURATION_RSP.
This allows to use segmented packets as in the following traces:
< ACL Data TX: Handle 11 flags 0x00 dlen 12
L2CAP: Connection Request (0x02) ident 22 len 4
PSM: 4103 (0x1007)
Source CID: 72
< ACL Data TX: Handle 11 flags 0x00 dlen 27
L2CAP: Configure Request (0x04) ident 24 len 19
Destination CID: 2832
Flags: 0x0000
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 63
Max transmit: 3
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
> ACL Data RX: Handle 11 flags 0x02 dlen 26
L2CAP: Configure Request (0x04) ident 15 len 18
Destination CID: 72
Flags: 0x0000
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 32
Max transmit: 255
Retransmission timeout: 0
Monitor timeout: 0
Maximum PDU size: 65527
Option: Frame Check Sequence (0x05) [mandatory]
FCS: 16-bit FCS (0x01)
< ACL Data TX: Handle 11 flags 0x00 dlen 29
L2CAP: Configure Response (0x05) ident 15 len 21
Source CID: 2832
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 32
Max transmit: 255
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
> ACL Data RX: Handle 11 flags 0x02 dlen 32
L2CAP: Configure Response (0x05) ident 24 len 24
Source CID: 72
Flags: 0x0000
Result: Success (0x0000)
Option: Maximum Transmission Unit (0x01) [mandatory]
MTU: 32767
Option: Retransmission and Flow Control (0x04) [mandatory]
Mode: Enhanced Retransmission (0x03)
TX window size: 63
Max transmit: 3
Retransmission timeout: 2000
Monitor timeout: 12000
Maximum PDU size: 1009
Option: Frame Check Sequence (0x05) [mandatory]
FCS: 16-bit FCS (0x01)
...
> ACL Data RX: Handle 11 flags 0x02 dlen 1009
Channel: 72 len 1005 ctrl 0x4202 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Start (len 21884) TxSeq 1 ReqSeq 2
> ACL Data RX: Handle 11 flags 0x02 dlen 1009
Channel: 72 len 1005 ctrl 0xc204 [PSM 4103 mode Enhanced Retransmission (0x03)] {chan 8}
I-frame: Continuation TxSeq 2 ReqSeq 2
This has been tested with kernel 5.4 and BlueZ 5.77.
Cc: stable@vger.kernel.org
Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 1d6123102e9fbedc8d25bf4731da6d513173e49e ]
syzbot reported use-after-free in vhci_flush() without repro. [0]
From the splat, a thread close()d a vhci file descriptor while
its device was being used by iotcl() on another thread.
Once the last fd refcnt is released, vhci_release() calls
hci_unregister_dev(), hci_free_dev(), and kfree() for struct
vhci_data, which is set to hci_dev->dev->driver_data.
The problem is that there is no synchronisation after unlinking
hdev from hci_dev_list in hci_unregister_dev(). There might be
another thread still accessing the hdev which was fetched before
the unlink operation.
We can use SRCU for such synchronisation.
Let's run hci_dev_reset() under SRCU and wait for its completion
in hci_unregister_dev().
Another option would be to restore hci_dev->destruct(), which was
removed in commit 587ae086f6 ("Bluetooth: Remove unused
hci-destruct cb"). However, this would not be a good solution, as
we should not run hci_unregister_dev() while there are in-flight
ioctl() requests, which could lead to another data-race KCSAN splat.
Note that other drivers seem to have the same problem, for exmaple,
virtbt_remove().
[0]:
BUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]
BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937
Read of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718
CPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
<TASK>
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:408 [inline]
print_report+0xd2/0x2b0 mm/kasan/report.c:521
kasan_report+0x118/0x150 mm/kasan/report.c:634
skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]
skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937
skb_queue_purge include/linux/skbuff.h:3368 [inline]
vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69
hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]
hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592
sock_do_ioctl+0xd9/0x300 net/socket.c:1190
sock_ioctl+0x576/0x790 net/socket.c:1311
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcf5b98e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929
RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009
RBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528
</TASK>
Allocated by task 6535:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359
kmalloc_noprof include/linux/slab.h:905 [inline]
kzalloc_noprof include/linux/slab.h:1039 [inline]
vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635
misc_open+0x2bc/0x330 drivers/char/misc.c:161
chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414
do_dentry_open+0xdf0/0x1970 fs/open.c:964
vfs_open+0x3b/0x340 fs/open.c:1094
do_open fs/namei.c:3887 [inline]
path_openat+0x2ee5/0x3830 fs/namei.c:4046
do_filp_open+0x1fa/0x410 fs/namei.c:4073
do_sys_openat2+0x121/0x1c0 fs/open.c:1437
do_sys_open fs/open.c:1452 [inline]
__do_sys_openat fs/open.c:1468 [inline]
__se_sys_openat fs/open.c:1463 [inline]
__x64_sys_openat+0x138/0x170 fs/open.c:1463
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 6535:
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x62/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2381 [inline]
slab_free mm/slub.c:4643 [inline]
kfree+0x18e/0x440 mm/slub.c:4842
vhci_release+0xbc/0xd0 drivers/bluetooth/hci_vhci.c:671
__fput+0x44c/0xa70 fs/file_table.c:465
task_work_run+0x1d1/0x260 kernel/task_work.c:227
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x6ad/0x22e0 kernel/exit.c:955
do_group_exit+0x21c/0x2d0 kernel/exit.c:1104
__do_sys_exit_group kernel/exit.c:1115 [inline]
__se_sys_exit_group kernel/exit.c:1113 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1113
x64_sys_call+0x21ba/0x21c0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff88807cb8d800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 88 bytes inside of
freed 1024-byte region [ffff88807cb8d800, ffff88807cb8dc00)
Fixes: bf18c7118c ("Bluetooth: vhci: Free driver_data on file release")
Reported-by: syzbot+2faa4825e556199361f9@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f62d64848fc4c7c30cd6
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Acked-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Steps on the way to 6.12.34
Resolves merge conflicts in:
kernel/sched/core.c
net/netfilter/xt_mark.c
Change-Id: I6df5e27c2a5bfa8b077b1f2814ad98b2a3dc0877
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 137 out of 624 changes, affecting 192 files +1647/-1035
a4f865ecdb nvmem: core: fix bit offsets of more than one byte [1 file, +17/-7]
4327479e55 nvmem: core: verify cell's raw_len [1 file, +12/-0]
410f8b72e0 nvmem: core: update raw_len if the bit reading is required [1 file, +3/-1]
7aea1517fb scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices [2 files, +35/-0]
b730cb1096 virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN [1 file, +1/-1]
2998813177 dma/mapping.c: dev_dbg support for dma_addressing_limited [1 file, +10/-1]
3eec42a17a dma-mapping: avoid potential unused data compilation warning [1 file, +8/-4]
97edaa0ec6 cgroup: Fix compilation issue due to cgroup_mutex not being exported [1 file, +1/-1]
f93675793b vhost_task: fix vhost_task_create() documentation [1 file, +1/-1]
e22034cbee dma-mapping: Fix warning reported for missing prototype [1 file, +8/-8]
4f5553a08f fs/buffer: split locking for pagecache lookups [1 file, +25/-16]
e138fc2316 fs/buffer: introduce sleeping flavors for pagecache lookups [2 files, +17/-0]
a49a4a87ce fs/buffer: use sleeping version of __find_get_block() [1 file, +9/-2]
f1c5aa614b fs/jbd2: use sleeping version of __find_get_block() [1 file, +9/-6]
9ece099e95 fs/ext4: use sleeping version of sb_find_get_block() [1 file, +2/-1]
64f505b08e block: fix race between set_blocksize and read paths [4 files, +43/-1]
218c838d03 io_uring: don't duplicate flushing in io_req_post_cqe [1 file, +8/-3]
8014d3e56e bpf: fix possible endless loop in BPF map iteration [1 file, +1/-1]
d40ca27602 fuse: Return EPERM rather than ENOSYS from link() [1 file, +2/-0]
bab0bd1389 exfat: call bh_read in get_block only when necessary [1 file, +77/-82]
01677e7ee1 io_uring/msg: initialise msg request opcode [1 file, +1/-0]
e506751b7d arm64: Add support for HIP09 Spectre-BHB mitigation [2 files, +3/-0]
4f427ca9ed tracing: Mark binary printing functions with __printf() attribute [4 files, +18/-21]
15787ab82a mailbox: use error ret code of of_parse_phandle_with_args() [1 file, +4/-3]
f48ee562c0 Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken [1 file, +3/-0]
44b79041c4 dql: Fix dql->limit value when reset. [1 file, +1/-1]
ac30595154 lockdep: Fix wait context check on softirq for PREEMPT_RT [1 file, +18/-0]
e63b634806 PCI: dwc: ep: Ensure proper iteration over outbound map windows [1 file, +1/-1]
37ac2434aa ext4: on a remount, only log the ro or r/w state when it has changed [1 file, +4/-3]
1d1e1efad1 libnvdimm/labels: Fix divide error in nd_label_data_init() [1 file, +2/-1]
123bcd8f42 pidfs: improve multi-threaded exec and premature thread-group leader exit polling [3 files, +9/-9]
8f82cf305e cgroup/rstat: avoid disabling irqs for O(num_cpu) [1 file, +5/-7]
a5a507fa5f blk-cgroup: improve policy registration error handling [1 file, +12/-10]
94c3cbc69a ext4: reorder capability check last [1 file, +2/-2]
e658f2d94a bpf: Return prog btf_id without capable check [1 file, +2/-2]
e2520cc19b PCI: dwc: Use resource start as ioremap() input in dw_pcie_pme_turn_off() [1 file, +1/-1]
50452704ec jbd2: do not try to recover wiped journal [1 file, +6/-5]
dab35f4921 tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() [1 file, +32/-24]
555c0b713c bpf: Allow pre-ordering for bpf cgroup progs [5 files, +30/-9]
572ed3fb99 kconfig: do not clear SYMBOL_VALID when reading include/config/auto.conf [1 file, +12/-7]
174dedce64 dm: restrict dm device size to 2^63-512 bytes [1 file, +4/-0]
2f5f326214 ext4: reject the 'data_err=abort' option in nojournal mode [1 file, +12/-0]
d0dc233fe2 posix-timers: Add cond_resched() to posix_timer_add() search loop [1 file, +1/-0]
ae22452d15 posix-timers: Ensure that timer initialization is fully visible [1 file, +14/-7]
3fb9ee05ec timer_list: Don't use %pK through printk() [1 file, +2/-2]
21153e0974 netfilter: conntrack: Bound nf_conntrack sysctl writes [1 file, +9/-3]
236a87e9d2 PNP: Expand length of fixup id string [1 file, +1/-1]
6215143ad3 arm64/mm: Check pmd_table() in pmd_trans_huge() [1 file, +12/-12]
8ad58a7eba arm64/mm: Check PUD_TYPE_TABLE in pud_bad() [1 file, +2/-1]
28306c58da mmc: sdhci: Disable SD card clock before changing parameters [1 file, +7/-2]
3a75fe58a1 usb: xhci: Don't change the status of stalled TDs on failed Stop EP [1 file, +11/-1]
101a3b9920 printk: Check CON_SUSPEND when unblanking a console [1 file, +12/-2]
faba68a86a wifi: cfg80211: allow IR in 20 MHz configurations [5 files, +46/-25]
c1502fc84d ipv6: save dontfrag in cork [2 files, +6/-4]
75ae2a3553 badblocks: Fix a nonsense WARN_ON() which checks whether a u64 variable < 0 [1 file, +3/-2]
7caad075ac crypto: lzo - Fix compression buffer overrun [6 files, +106/-28]
73d01bcbf2 tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() [1 file, +26/-11]
1c17190880 usb: xhci: set page size to the xHCI-supported size [2 files, +22/-20]
93f581d763 drm/gem: Test for imported GEM buffers with helper [2 files, +16/-2]
c4525b513d net: phylink: use pl->link_interface in phylink_expects_phy() [1 file, +1/-1]
f29c876d72 perf/core: Clean up perf_try_init_event() [1 file, +38/-27]
af73c8fd73 ublk: enforce ublks_max only for unprivileged devices [1 file, +27/-15]
592ba27580 perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type [1 file, +3/-2]
3de322a98b scsi: logging: Fix scsi_logging_level bounds [1 file, +3/-1]
f33b310eac ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). [2 files, +16/-24]
564f03a797 block: mark bounce buffering as incompatible with integrity [2 files, +5/-2]
82209faa87 ublk: complete command synchronously on error [1 file, +6/-5]
b98aad5e5e media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map [1 file, +6/-0]
2d6231d5ce media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value [1 file, +32/-45]
e359d62886 perf: arm_pmuv3: Call kvm_vcpu_pmu_resync_el0() before enabling counters [1 file, +2/-2]
673dde8d3c bpf: Search and add kfuncs in struct_ops prologue and epilogue [1 file, +24/-1]
083383aba0 cpuidle: menu: Avoid discarding useful information [1 file, +12/-1]
20a53c3689 loop: check in LO_FLAGS_DIRECT_IO in loop_default_blocksize [1 file, +1/-1]
b55a97d1bd dm: fix unconditional IO throttle caused by REQ_PREFLUSH [1 file, +6/-2]
9f27b38771 crypto: ahash - Set default reqsize from ahash_alg [2 files, +7/-0]
897c98fb32 crypto: skcipher - Zap type in crypto_alloc_sync_skcipher [1 file, +1/-0]
4d9fa2ebc0 net: ipv6: Init tunnel link-netns before registering dev [4 files, +9/-7]
53f42776e4 genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie [2 files, +25/-36]
2b129e89b8 bpf: don't do clean_live_states when state->loop_entry->branches > 0 [1 file, +4/-0]
46ba5757a7 bpf: copy_verifier_state() should copy 'loop_entry' field [1 file, +3/-0]
82b54455b6 PCI: Fix old_size lower bound in calculate_iosize() too [1 file, +2/-4]
dc5f5c9d2b hrtimers: Replace hrtimer_clock_to_base_table with switch-case [1 file, +12/-17]
000dd6e344 ASoC: ops: Enforce platform maximum on initial value [1 file, +28/-1]
c4260bf83b ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() [1 file, +5/-3]
5b1b4cb46d pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map [1 file, +8/-2]
69689d1138 media: v4l: Memset argument to 0 before calling get_mbus_config pad op [2 files, +5/-1]
e6e31b0182 sched: Reduce the default slice to avoid tasks getting an extra tick [1 file, +3/-3]
ef31dc41cf phy: core: don't require set_mode() callback for phy_get_mode() to work [1 file, +4/-3]
06daedb443 xfrm: prevent high SEQ input in non-ESN mode [1 file, +12/-0]
9f2911868a ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). [2 files, +4/-4]
7fea5a9140 r8152: add vendor/device ID pair for Dell Alienware AW1022z [2 files, +2/-0]
16ddd67bb5 pstore: Change kmsg_bytes storage size to u32 [3 files, +9/-8]
73733c2fdb ext4: don't write back data before punch hole in nojournal mode [1 file, +5/-13]
1d15319323 f2fs: introduce f2fs_base_attr for global sysfs entries [1 file, +52/-22]
ded26f9e4c ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only [1 file, +10/-6]
76e56dbe50 net: flush_backlog() small changes [1 file, +8/-4]
58cdd1ee65 bridge: mdb: Allow replace of a host-joined group [2 files, +2/-2]
fcabb69674 rcu: handle unstable rdp in rcu_read_unlock_strict() [2 files, +11/-2]
d402437cde rcu: fix header guard for rcu_all_qs() [1 file, +1/-1]
887e39ac47 perf: Avoid the read if the count is already updated [3 files, +24/-18]
c80b2d159c bpf: Use kallsyms to find the function name of a struct_ops's stub function [1 file, +44/-54]
46f1c2b508 firmware: arm_scmi: Relax duplicate name constraint across protocol ids [1 file, +6/-13]
1351052877 drm/atomic: clarify the rules around drm_atomic_state->allow_modeset [1 file, +21/-2]
9fddd1f154 drm: Add valid clones check [1 file, +28/-0]
ff214b079d nvme-pci: add quirks for device 126f:1001 [1 file, +3/-0]
6d196cae4b nvme-pci: add quirks for WDC Blue SN550 15b7:5009 [1 file, +3/-0]
6a09b6bad0 ALSA: usb-audio: Fix duplicated name in MIDI substream names [1 file, +12/-4]
ad3e83a6c8 io_uring/fdinfo: annotate racy sq/cq head/tail reads [1 file, +2/-2]
7f7c8c03fe btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref [1 file, +1/-1]
8cafd7266f __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock [1 file, +1/-5]
28756f22de espintcp: fix skb leaks [3 files, +9/-3]
9cbca30102 espintcp: remove encap socket caching to avoid reference leak [4 files, +8/-94]
b1a687eb15 xfrm: Fix UDP GRO handling for some corner cases [2 files, +20/-16]
447c8f0c06 kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() [1 file, +5/-4]
252f78a931 xfrm: Sanitize marks before insert [2 files, +6/-0]
7207effe47 driver core: Split devres APIs to device/devres.h [2 files, +125/-118]
1e8b7e96f7 Bluetooth: L2CAP: Fix not checking l2cap_chan security level [1 file, +8/-7]
cd7f022296 loop: don't require ->write_iter for writable files in loop_configure [1 file, +0/-3]
873ebaf3c1 io_uring: fix overflow resched cqe reordering [1 file, +1/-0]
689a205cd9 net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done [1 file, +5/-0]
adb05149a9 can: slcan: allow reception of short error messages [1 file, +20/-6]
cc55dd28c2 can: bcm: add locking for bcm_op runtime updates [1 file, +45/-21]
63567ecd99 can: bcm: add missing rcu read protection for procfs content [1 file, +9/-4]
bf85e49aaf ALSA: pcm: Fix race of buffer access at PCM OSS layer [3 files, +14/-2]
e78908caf1 pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() [1 file, +1/-1]
dc9bdfb9b0 drm/edid: fixed the bug that hdr metadata was not reset [1 file, +1/-0]
cb9a1019a6 Input: xpad - add more controllers [1 file, +3/-0]
9b8263cae6 highmem: add folio_test_partial_kmap() [2 files, +12/-5]
314bf771cb memcg: always call cond_resched() after fn() [1 file, +2/-4]
9da33ce114 mm/page_alloc.c: avoid infinite retries caused by cpuset race [1 file, +8/-0]
9f9517f156 mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled [1 file, +2/-0]
94efb0d656 mm: vmalloc: actually use the in-place vrealloc region [1 file, +1/-0]
483ac74183 mm: vmalloc: only zero-init on vrealloc shrink [1 file, +7/-5]
1d45e0170c spi: use container_of_cont() for to_spi_device() [1 file, +1/-4]
d28b0305f7 err.h: move IOMEM_ERR_PTR() to err.h [2 files, +3/-2]
80eb73778d bpf: abort verification if env->cur_state->loop_entry != NULL [1 file, +4/-2]
85fb1edd05 drm/gem: Internally test import_attach for imported objects [1 file, +1/-2]
Changes in 6.12.31
drm/amd/display: Configure DTBCLK_P with OPTC only for dcn401
drm/amd/display: Do not enable replay when vtotal update is pending.
drm/amd/display: Correct timing_adjust_pending flag setting.
drm/amd/display: Defer BW-optimization-blocked DRR adjustments
i2c: designware: Use temporary variable for struct device
i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
phy: renesas: rcar-gen3-usb2: Move IRQ request in probe
phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data
phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off
cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist
nvmem: rockchip-otp: Move read-offset into variant-data
nvmem: rockchip-otp: add rk3576 variant data
nvmem: core: fix bit offsets of more than one byte
nvmem: core: verify cell's raw_len
nvmem: core: update raw_len if the bit reading is required
nvmem: qfprom: switch to 4-byte aligned reads
scsi: target: iscsi: Fix timeout on deleted connection
scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices
virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
dma/mapping.c: dev_dbg support for dma_addressing_limited
intel_th: avoid using deprecated page->mapping, index fields
mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type
dma-mapping: avoid potential unused data compilation warning
cgroup: Fix compilation issue due to cgroup_mutex not being exported
vhost_task: fix vhost_task_create() documentation
vhost-scsi: protect vq->log_used with vq->mutex
scsi: mpi3mr: Add level check to control event logging
net: enetc: refactor bulk flipping of RX buffers to separate function
dma-mapping: Fix warning reported for missing prototype
ima: process_measurement() needlessly takes inode_lock() on MAY_READ
fs/buffer: split locking for pagecache lookups
fs/buffer: introduce sleeping flavors for pagecache lookups
fs/buffer: use sleeping version of __find_get_block()
fs/ocfs2: use sleeping version of __find_get_block()
fs/jbd2: use sleeping version of __find_get_block()
fs/ext4: use sleeping version of sb_find_get_block()
drm/amd/display: Enable urgent latency adjustment on DCN35
drm/amdgpu: Allow P2P access through XGMI
selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure
block: fix race between set_blocksize and read paths
io_uring: don't duplicate flushing in io_req_post_cqe
bpf: fix possible endless loop in BPF map iteration
samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
kconfig: merge_config: use an empty file as initfile
x86/fred: Fix system hang during S4 resume with FRED enabled
s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log
cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES
cifs: Fix querying and creating MF symlinks over SMB1
cifs: Fix negotiate retry functionality
smb: client: Store original IO parameters and prevent zero IO sizes
fuse: Return EPERM rather than ENOSYS from link()
exfat: call bh_read in get_block only when necessary
io_uring/msg: initialise msg request opcode
NFSv4: Check for delegation validity in nfs_start_delegation_return_locked()
NFS: Don't allow waiting for exiting tasks
SUNRPC: Don't allow waiting for exiting tasks
arm64: Add support for HIP09 Spectre-BHB mitigation
iommufd: Extend IOMMU_GET_HW_INFO to report PASID capability
tracing: Mark binary printing functions with __printf() attribute
ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list
tpm: Convert warn to dbg in tpm2_start_auth_session()
mailbox: pcc: Use acpi_os_ioremap() instead of ioremap()
mailbox: use error ret code of of_parse_phandle_with_args()
riscv: Allow NOMMU kernels to access all of RAM
fbdev: fsl-diu-fb: add missing device_remove_file()
fbcon: Use correct erase colour for clearing in fbcon
fbdev: core: tileblit: Implement missing margin clearing for tileblit
cifs: Set default Netbios RFC1001 server name to hostname in UNC
cifs: add validation check for the fields in smb_aces
cifs: Fix establishing NetBIOS session for SMB2+ connection
NFSv4: Treat ENETUNREACH errors as fatal for state recovery
SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
SUNRPC: rpcbind should never reset the port to the value '0'
spi-rockchip: Fix register out of bounds access
ASoC: codecs: wsa884x: Correct VI sense channel mask
ASoC: codecs: wsa883x: Correct VI sense channel mask
mctp: Fix incorrect tx flow invalidation condition in mctp-i2c
net: tn40xx: add pci-id of the aqr105-based Tehuti TN4010 cards
net: tn40xx: create swnode for mdio and aqr105 phy and add to mdiobus
thermal/drivers/mediatek/lvts: Start sensor interrupts disabled
thermal/drivers/qoriq: Power down TMU on system suspend
Bluetooth: btmtksdio: Prevent enabling interrupts after IRQ handler removal
Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken
dql: Fix dql->limit value when reset.
lockdep: Fix wait context check on softirq for PREEMPT_RT
objtool: Properly disable uaccess validation
PCI: dwc: ep: Ensure proper iteration over outbound map windows
r8169: disable RTL8126 ZRX-DC timeout
tools/build: Don't pass test log files to linker
pNFS/flexfiles: Report ENETDOWN as a connection error
drm/amdgpu/discovery: check ip_discovery fw file available
drm/amdkfd: set precise mem ops caps to disabled for gfx 11 and 12
PCI: vmd: Disable MSI remapping bypass under Xen
xen/pci: Do not register devices with segments >= 0x10000
ext4: on a remount, only log the ro or r/w state when it has changed
libnvdimm/labels: Fix divide error in nd_label_data_init()
pidfs: improve multi-threaded exec and premature thread-group leader exit polling
staging: vchiq_arm: Create keep-alive thread during probe
mmc: host: Wait for Vdd to settle on card power off
drm/amdgpu: Skip pcie_replay_count sysfs creation for VF
cgroup/rstat: avoid disabling irqs for O(num_cpu)
wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2
wifi: mt76: mt7996: fix SER reset trigger on WED reset
wifi: mt76: mt7996: revise TXS size
wifi: mt76: mt7925: load the appropriate CLC data based on hardware type
wifi: mt76: mt7925: fix fails to enter low power mode in suspend state
x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers
x86/stackprotector/64: Only export __ref_stack_chk_guard on CONFIG_SMP
x86/smpboot: Fix INIT delay assignment for extended Intel Families
x86/microcode: Update the Intel processor flag scan check
x86/mm: Check return value from memblock_phys_alloc_range()
i2c: qup: Vote for interconnect bandwidth to DRAM
i2c: pxa: fix call balance of i2c->clk handling routines
btrfs: make btrfs_discard_workfn() block_group ref explicit
btrfs: avoid linker error in btrfs_find_create_tree_block()
btrfs: run btrfs_error_commit_super() early
btrfs: fix non-empty delayed iputs list on unmount due to async workers
btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work()
btrfs: send: return -ENAMETOOLONG when attempting a path that is too long
blk-cgroup: improve policy registration error handling
drm/amdgpu: release xcp_mgr on exit
drm/amd/display: Guard against setting dispclk low for dcn31x
drm/amdgpu: adjust drm_firmware_drivers_only() handling
i3c: master: svc: Fix missing STOP for master request
s390/tlb: Use mm_has_pgste() instead of mm_alloc_pgste()
dlm: make tcp still work in multi-link env
clocksource/drivers/timer-riscv: Stop stimecmp when cpu hotplug
um: Store full CSGSFS and SS register from mcontext
um: Update min_low_pfn to match changes in uml_reserved
wifi: mwifiex: Fix HT40 bandwidth issue.
bnxt_en: Query FW parameters when the CAPS_CHANGE bit is set
riscv: Call secondary mmu notifier when flushing the tlb
ext4: reorder capability check last
hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure
scsi: st: Tighten the page format heuristics with MODE SELECT
scsi: st: ERASE does not change tape location
vfio/pci: Handle INTx IRQ_NOTCONNECTED
bpf: Return prog btf_id without capable check
PCI: dwc: Use resource start as ioremap() input in dw_pcie_pme_turn_off()
jbd2: do not try to recover wiped journal
tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
rtc: rv3032: fix EERD location
objtool: Fix error handling inconsistencies in check()
thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer
erofs: initialize decompression early
spi: spi-mux: Fix coverity issue, unchecked return value
ASoC: pcm6240: Drop bogus code handling IRQ as GPIO
ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect
bpf: Allow pre-ordering for bpf cgroup progs
kbuild: fix argument parsing in scripts/config
kconfig: do not clear SYMBOL_VALID when reading include/config/auto.conf
crypto: octeontx2 - suppress auth failure screaming due to negative tests
dm: restrict dm device size to 2^63-512 bytes
net/smc: use the correct ndev to find pnetid by pnetid table
xen: Add support for XenServer 6.1 platform device
pinctrl-tegra: Restore SFSEL bit when freeing pins
mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check
drm/amdgpu/gfx12: don't read registers in mqd init
drm/amdgpu/gfx11: don't read registers in mqd init
drm/amdgpu: Update SRIOV video codec caps
ASoC: sun4i-codec: support hp-det-gpios property
clk: qcom: lpassaudiocc-sc7280: Add support for LPASS resets for QCM6490
ext4: reject the 'data_err=abort' option in nojournal mode
ext4: do not convert the unwritten extents if data writeback fails
RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
posix-timers: Add cond_resched() to posix_timer_add() search loop
posix-timers: Ensure that timer initialization is fully visible
net: stmmac: dwmac-rk: Validate GRF and peripheral GRF during probe
net: hsr: Fix PRP duplicate detection
timer_list: Don't use %pK through printk()
wifi: rtw89: set force HE TB mode when connecting to 11ax AP
netfilter: conntrack: Bound nf_conntrack sysctl writes
PNP: Expand length of fixup id string
phy: rockchip: usbdp: Only verify link rates/lanes/voltage when the corresponding set flags are set
arm64/mm: Check pmd_table() in pmd_trans_huge()
arm64/mm: Check PUD_TYPE_TABLE in pud_bad()
mmc: dw_mmc: add exynos7870 DW MMC support
mmc: sdhci: Disable SD card clock before changing parameters
usb: xhci: Don't change the status of stalled TDs on failed Stop EP
wifi: iwlwifi: mvm: fix setting the TK when associated
hwmon: (dell-smm) Increment the number of fans
iommu: Keep dev->iommu state consistent
printk: Check CON_SUSPEND when unblanking a console
wifi: iwlwifi: don't warn when if there is a FW error
wifi: iwlwifi: w/a FW SMPS mode selection
wifi: iwlwifi: fix debug actions order
wifi: iwlwifi: mark Br device not integrated
wifi: iwlwifi: fix the ECKV UEFI variable name
wifi: mac80211: fix warning on disconnect during failed ML reconf
wifi: mac80211_hwsim: Fix MLD address translation
wifi: cfg80211: allow IR in 20 MHz configurations
ipv6: save dontfrag in cork
drm/amd/display: remove minimum Dispclk and apply oem panel timing.
drm/amd/display: calculate the remain segments for all pipes
drm/amd/display: not abort link train when bw is low
drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch
gfs2: Check for empty queue in run_queue
auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common"
ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup()
badblocks: Fix a nonsense WARN_ON() which checks whether a u64 variable < 0
coresight-etb10: change etb_drvdata spinlock's type to raw_spinlock_t
iommu/amd/pgtbl_v2: Improve error handling
cpufreq: tegra186: Share policy per cluster
watchdog: aspeed: Update bootstatus handling
PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops
misc: pci_endpoint_test: Give disabled BARs a distinct error code
crypto: lzo - Fix compression buffer overrun
crypto: mxs-dcp - Only set OTP_KEY bit for OTP key
drm/amdkfd: Set per-process flags only once for gfx9/10/11/12
drm/amdkfd: Set per-process flags only once cik/vi
drm/amdgpu: Fix missing drain retry fault the last entry
arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator
arm64: tegra: Resize aperture for the IGX PCIe C5 slot
powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
ALSA: seq: Improve data consistency at polling
tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
rtc: ds1307: stop disabling alarms on probe
ieee802154: ca8210: Use proper setters and getters for bitwise types
drm/xe: Nuke VM's mapping upon close
drm/xe: Retry BO allocation
soc: samsung: include linux/array_size.h where needed
ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe()
usb: xhci: set page size to the xHCI-supported size
dm cache: prevent BUG_ON by blocking retries on failed device resumes
soc: mediatek: mtk-mutex: Add DPI1 SOF/EOF to MT8188 mutex tables
orangefs: Do not truncate file size
drm/gem: Test for imported GEM buffers with helper
net: phylink: use pl->link_interface in phylink_expects_phy()
blk-throttle: don't take carryover for prioritized processing of metadata
remoteproc: qcom_wcnss: Handle platforms with only single power domain
drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
drm/amd/display: Ensure DMCUB idle before reset on DCN31/DCN35
drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination
drm/amd/display: Fix DMUB reset sequence for DCN401
drm/amd/display: Fix p-state type when p-state is unsupported
drm/amd/display: Request HW cursor on DCN3.2 with SubVP
perf/core: Clean up perf_try_init_event()
media: cx231xx: set device_caps for 417
pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
rcu: Fix get_state_synchronize_rcu_full() GP-start detection
net: ethernet: ti: cpsw_new: populate netdev of_node
net: phy: nxp-c45-tja11xx: add match_phy_device to TJA1103/TJA1104
dpll: Add an assertion to check freq_supported_num
ublk: enforce ublks_max only for unprivileged devices
iommufd: Disallow allocating nested parent domain with fault ID
media: imx335: Set vblank immediately
net: pktgen: fix mpls maximum labels list parsing
perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type
ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7
scsi: logging: Fix scsi_logging_level bounds
ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
drm/rockchip: vop2: Add uv swap for cluster window
block: mark bounce buffering as incompatible with integrity
ublk: complete command synchronously on error
media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value
clk: imx8mp: inform CCF of maximum frequency of clocks
x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
hwmon: (gpio-fan) Add missing mutex locks
ARM: at91: pm: fix at91_suspend_finish for ZQ calibration
drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
fpga: altera-cvp: Increase credit timeout
perf: arm_pmuv3: Call kvm_vcpu_pmu_resync_el0() before enabling counters
soc: apple: rtkit: Use high prio work queue
soc: apple: rtkit: Implement OSLog buffers properly
wifi: ath12k: Report proper tx completion status to mac80211
PCI: brcmstb: Expand inbound window size up to 64GB
PCI: brcmstb: Add a softdep to MIP MSI-X driver
firmware: arm_ffa: Set dma_mask for ffa devices
drm/xe/vf: Retry sending MMIO request to GUC on timeout error
drm/xe/pf: Create a link between PF and VF devices
net/mlx5: Avoid report two health errors on same syndrome
selftests/net: have `gro.sh -t` return a correct exit code
pinctrl: sophgo: avoid to modify untouched bit when setting cv1800 pinconf
drm/amdkfd: KFD release_work possible circular locking
drm/xe: xe_gen_wa_oob: replace program_invocation_short_name
leds: pwm-multicolor: Add check for fwnode_property_read_u32
net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only
net: xgene-v2: remove incorrect ACPI_PTR annotation
bonding: report duplicate MAC address in all situations
wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band
soc: ti: k3-socinfo: Do not use syscon helper to build regmap
bpf: Search and add kfuncs in struct_ops prologue and epilogue
Octeontx2-af: RPM: Register driver with PCI subsys IDs
x86/build: Fix broken copy command in genimage.sh when making isoimage
drm/amd/display: handle max_downscale_src_width fail check
drm/amd/display: fix dcn4x init failed
drm/amd/display: Fix mismatch type comparison
ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile
ASoC: mediatek: mt8188: Add reference for dmic clocks
x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus()
vhost-scsi: Return queue full for page alloc failures during copy
vdpa/mlx5: Fix mlx5_vdpa_get_config() endianness on big-endian machines
cpuidle: menu: Avoid discarding useful information
media: adv7180: Disable test-pattern control on adv7180
media: tc358746: improve calculation of the D-PHY timing registers
net/mlx5e: Add correct match to check IPSec syndromes for switchdev mode
scsi: mpi3mr: Update timestamp only for supervisor IOCs
loop: check in LO_FLAGS_DIRECT_IO in loop_default_blocksize
libbpf: Fix out-of-bound read
dm: fix unconditional IO throttle caused by REQ_PREFLUSH
scsi: scsi_debug: First fixes for tapes
net/mlx5: Change POOL_NEXT_SIZE define value and make it global
x86/kaslr: Reduce KASLR entropy on most x86 systems
crypto: ahash - Set default reqsize from ahash_alg
crypto: skcipher - Zap type in crypto_alloc_sync_skcipher
net: ipv6: Init tunnel link-netns before registering dev
drm/xe/oa: Ensure that polled read returns latest data
MIPS: Use arch specific syscall name match function
drm/amdgpu: remove all KFD fences from the BO on release
x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op()
genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core
clocksource: mips-gic-timer: Enable counter when CPUs start
PCI: epf-mhi: Update device ID for SA8775P
scsi: mpt3sas: Send a diag reset if target reset fails
wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
wifi: rtw89: fw: propagate error code from rtw89_h2c_tx()
wifi: rtw89: fw: get sb_sel_ver via get_unaligned_le32()
wifi: rtw89: fw: add blacklist to avoid obsolete secure firmware
wifi: rtw89: 8922a: fix incorrect STA-ID in EHT MU PPDU
net: pktgen: fix access outside of user given buffer in pktgen_thread_write()
power: supply: axp20x_battery: Update temp sensor for AXP717 from device tree
EDAC/ie31200: work around false positive build warning
i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA)
mfd: axp20x: AXP717: Add AXP717_TS_PIN_CFG to writeable regs
eeprom: ee1004: Check chip before probing
irqchip/riscv-imsic: Separate next and previous pointers in IMSIC vector
drm/amd/pm: Fetch current power limit from PMFW
drm/amd/display: Add support for disconnected eDP streams
drm/amd/display: Guard against setting dispclk low when active
drm/amd/display: Fix BT2020 YCbCr limited/full range input
drm/amd/display: Read LTTPR ALPM caps during link cap retrieval
Revert "drm/amd/display: Request HW cursor on DCN3.2 with SubVP"
drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink
serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
RDMA/core: Fix best page size finding when it can cross SG entries
pmdomain: imx: gpcv2: use proper helper for property detection
can: c_can: Use of_property_present() to test existence of DT property
bpf: don't do clean_live_states when state->loop_entry->branches > 0
bpf: copy_verifier_state() should copy 'loop_entry' field
eth: mlx4: don't try to complete XDP frames in netpoll
PCI: Fix old_size lower bound in calculate_iosize() too
ACPI: HED: Always initialize before evged
vxlan: Join / leave MC group after remote changes
hrtimers: Replace hrtimer_clock_to_base_table with switch-case
irqchip/riscv-imsic: Set irq_set_affinity() for IMSIC base
media: test-drivers: vivid: don't call schedule in loop
net/mlx5: Modify LSB bitmask in temperature event to include only the first bit
net/mlx5: Apply rate-limiting to high temperature warning
firmware: arm_ffa: Reject higher major version as incompatible
firmware: arm_ffa: Handle the presence of host partition in the partition info
firmware: xilinx: Dont send linux address to get fpga config get status
ASoC: ops: Enforce platform maximum on initial value
ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG
ASoC: tas2764: Mark SW_RESET as volatile
ASoC: tas2764: Power up/down amp on mute ops
ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map
smack: recognize ipv4 CIPSO w/o categories
smack: Revert "smackfs: Added check catlen"
kunit: tool: Use qboot on QEMU x86_64
media: i2c: imx219: Correct the minimum vblanking value
media: v4l: Memset argument to 0 before calling get_mbus_config pad op
net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
drm/xe: Stop ignoring errors from xe_ttm_stolen_mgr_init()
drm/xe: Fix xe_tile_init_noalloc() error propagation
clk: qcom: ipq5018: allow it to be bulid on arm32
clk: qcom: clk-alpha-pll: Do not use random stack value for recalc rate
drm/xe/debugfs: fixed the return value of wedged_mode_set
drm/xe/debugfs: Add missing xe_pm_runtime_put in wedge_mode_set
x86/ibt: Handle FineIBT in handle_cfi_failure()
x86/traps: Cleanup and robustify decode_bug()
sched: Reduce the default slice to avoid tasks getting an extra tick
serial: sh-sci: Update the suspend/resume support
pinctrl: renesas: rzg2l: Add suspend/resume support for pull up/down
phy: phy-rockchip-samsung-hdptx: Swap the definitions of LCPLL_REF and ROPLL_REF
phy: core: don't require set_mode() callback for phy_get_mode() to work
phy: exynos5-usbdrd: fix EDS distribution tuning (gs101)
soundwire: amd: change the soundwire wake enable/disable sequence
soundwire: cadence_master: set frame shape and divider based on actual clk freq
net: stmmac: dwmac-loongson: Set correct {tx,rx}_fifo_size
drm/amdgpu/mes11: fix set_hw_resources_1 calculation
drm/amdkfd: fix missing L2 cache info in topology
drm/amdgpu: Set snoop bit for SDMA for MI series
drm/amd/display: pass calculated dram_speed_mts to dml2
drm/amd/display: Don't try AUX transactions on disconnected link
drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
drm/amd/pm: Skip P2S load for SMU v13.0.12
drm/amd/display: Support multiple options during psr entry.
Revert "drm/amd/display: Exit idle optimizations before attempt to access PHY"
drm/amd/display: Update CR AUX RD interval interpretation
drm/amd/display: Initial psr_version with correct setting
drm/amd/display: Increase block_sequence array size
drm/amd/display: Use Nominal vBlank If Provided Instead Of Capping It
drm/amd/display: Populate register address for dentist for dcn401
drm/amdgpu: Use active umc info from discovery
drm/amdgpu: enlarge the VBIOS binary size limit
drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer()
scsi: target: spc: Fix loop traversal in spc_rsoc_get_descr()
net/mlx5: XDP, Enable TX side XDP multi-buffer support
net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
net/mlx5e: set the tx_queue_len for pfifo_fast
net/mlx5e: reduce rep rxq depth to 256 for ECPF
net/mlx5e: reduce the max log mpwrq sz for ECPF and reps
drm/v3d: Add clock handling
xfrm: prevent high SEQ input in non-ESN mode
wifi: ath12k: fix the ampdu id fetch in the HAL_RX_MPDU_START TLV
mptcp: pm: userspace: flags: clearer msg if no remote addr
wifi: iwlwifi: use correct IMR dump variable
wifi: iwlwifi: don't warn during reprobe
wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
wifi: mac80211: set ieee80211_prep_tx_info::link_id upon Auth Rx
net: fec: Refactor MAC reset to function
powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory
powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits
arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src
ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
r8152: add vendor/device ID pair for Dell Alienware AW1022z
iio: adc: ad7944: don't use storagebits for sizing
pstore: Change kmsg_bytes storage size to u32
leds: trigger: netdev: Configure LED blink interval for HW offload
ext4: don't write back data before punch hole in nojournal mode
ext4: remove writable userspace mappings before truncating page cache
wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU
wifi: rtw89: coex: Assign value over than 0 to avoid firmware timer hang
wifi: rtw89: fw: validate multi-firmware header before getting its size
wifi: rtw89: fw: validate multi-firmware header before accessing
wifi: rtw89: call power_on ahead before selecting firmware
clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs
net: page_pool: avoid false positive warning if NAPI was never added
tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options
hwmon: (xgene-hwmon) use appropriate type for the latency value
f2fs: introduce f2fs_base_attr for global sysfs entries
media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available
media: qcom: camss: Add default case in vfe_src_pad_code
drm/rockchip: vop2: Improve display modes handling on RK3588 HDMI0
eth: fbnic: set IFF_UNICAST_FLT to avoid enabling promiscuous mode when adding unicast addrs
tools: ynl-gen: don't output external constants
net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost
vxlan: Annotate FDB data races
ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only
r8169: don't scan PHY addresses > 0
net: flush_backlog() small changes
bridge: mdb: Allow replace of a host-joined group
ice: init flow director before RDMA
ice: treat dyn_allowed only as suggestion
rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
rcu: handle unstable rdp in rcu_read_unlock_strict()
rcu: fix header guard for rcu_all_qs()
perf: Avoid the read if the count is already updated
ice: count combined queues using Rx/Tx count
drm/xe/relay: Don't use GFP_KERNEL for new transactions
net/mana: fix warning in the writer of client oob
scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk
scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails
scsi: st: Restore some drive settings after reset
wifi: ath12k: Avoid napi_sync() before napi_enable()
HID: usbkbd: Fix the bit shift number for LED_KANA
arm64: zynqmp: add clock-output-names property in clock nodes
ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode
ASoC: rt722-sdca: Add some missing readable registers
irqchip/riscv-aplic: Add support for hart indexes
dm vdo indexer: prevent unterminated string warning
dm vdo: use a short static string for thread name prefix
drm/ast: Find VBIOS mode from regular display size
bpf: Use kallsyms to find the function name of a struct_ops's stub function
bpftool: Fix readlink usage in get_fd_type
firmware: arm_scmi: Relax duplicate name constraint across protocol ids
perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
perf/amd/ibs: Fix ->config to sample period calculation for OP PMU
clk: renesas: rzg2l-cpg: Refactor Runtime PM clock validation
wifi: rtl8xxxu: retry firmware download on error
wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate
wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet
spi: zynqmp-gqspi: Always acknowledge interrupts
regulator: ad5398: Add device tree support
wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override
accel/qaic: Mask out SR-IOV PCI resources
drm/xe/pf: Reset GuC VF config when unprovisioning critical resource
wifi: ath9k: return by of_get_mac_address
wifi: ath12k: Fetch regdb.bin file from board-2.bin
wifi: ath12k: Fix end offset bit definition in monitor ring descriptor
drm: bridge: adv7511: fill stream capabilities
drm/nouveau: fix the broken marco GSP_MSG_MAX_SIZE
wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation
drm/xe: Move suballocator init to after display init
drm/xe: Do not attempt to bootstrap VF in execlists mode
wifi: rtw89: coex: Separated Wi-Fi connecting event from Wi-Fi scan event
drm/xe/sa: Always call drm_suballoc_manager_fini()
drm/xe: Reject BO eviction if BO is bound to current VM
drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
drm/buddy: fix issue that force_merge cannot free all roots
drm/panel-edp: Add Starry 116KHD024006
drm: Add valid clones check
ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()
book3s64/radix: Fix compile errors when CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=n
pinctrl: meson: define the pull up/down resistor value as 60 kOhm
smb: server: smb2pdu: check return value of xa_store()
platform/x86/intel: hid: Add Pantherlake support
platform/x86: asus-wmi: Disable OOBE state after resume from hibernation
platform/x86: ideapad-laptop: add support for some new buttons
ASoC: cs42l43: Disable headphone clamps during type detection
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
nvme-pci: add quirks for device 126f:1001
nvme-pci: add quirks for WDC Blue SN550 15b7:5009
ALSA: usb-audio: Fix duplicated name in MIDI substream names
nvmet-tcp: don't restore null sk_state_change
io_uring/fdinfo: annotate racy sq/cq head/tail reads
cifs: Fix and improve cifs_query_path_info() and cifs_query_file_info()
cifs: Fix changing times and read-only attr over SMB1 smb_set_file_info() function
ASoC: intel/sdw_utils: Add volume limit to cs42l43 speakers
btrfs: compression: adjust cb->compressed_folios allocation type
btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
btrfs: handle empty eb->folios in num_extent_folios()
btrfs: avoid NULL pointer dereference if no valid csum tree
tools: ynl-gen: validate 0 len strings from kernel
block: only update request sector if needed
wifi: iwlwifi: add support for Killer on MTL
x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88
xenbus: Allow PVH dom0 a non-local xenstore
drm/amd/display: Call FP Protect Before Mode Programming/Mode Support
__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
soundwire: bus: Fix race on the creation of the IRQ domain
espintcp: fix skb leaks
espintcp: remove encap socket caching to avoid reference leak
xfrm: Fix UDP GRO handling for some corner cases
dmaengine: idxd: Fix allowing write() from different address spaces
x86/sev: Fix operator precedence in GHCB_MSR_VMPL_REQ_LEVEL macro
kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork()
remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
clk: sunxi-ng: d1: Add missing divider for MMC mod clocks
xfrm: Sanitize marks before insert
dmaengine: idxd: Fix ->poll() return value
dmaengine: fsl-edma: Fix return code for unhandled interrupts
driver core: Split devres APIs to device/devres.h
devres: Introduce devm_kmemdup_array()
ASoC: SOF: Intel: hda: Fix UAF when reloading module
irqchip/riscv-imsic: Start local sync timer on correct CPU
perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq
Bluetooth: L2CAP: Fix not checking l2cap_chan security level
Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling
ptp: ocp: Limit signal/freq counts in summary output functions
bridge: netfilter: Fix forwarding of fragmented packets
ice: fix vf->num_mac count with port representors
ice: Fix LACP bonds without SRIOV environment
idpf: fix null-ptr-deref in idpf_features_check
loop: don't require ->write_iter for writable files in loop_configure
pinctrl: qcom: switch to devm_register_sys_off_handler()
net: dwmac-sun8i: Use parsed internal PHY address instead of 1
net: lan743x: Restore SGMII CTRL register on resume
io_uring: fix overflow resched cqe reordering
idpf: fix idpf_vport_splitq_napi_poll()
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
octeontx2-pf: Add AF_XDP non-zero copy support
net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
octeontx2-af: Set LMT_ENA bit for APR table entries
octeontx2-af: Fix APR entry mapping based on APR_LMT_CFG
clk: s2mps11: initialise clk_hw_onecell_data::num before accessing ::hws[] in probe()
crypto: algif_hash - fix double free in hash_accept
padata: do not leak refcount in reorder_work
can: slcan: allow reception of short error messages
can: bcm: add locking for bcm_op runtime updates
can: bcm: add missing rcu read protection for procfs content
ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext
ASoC: SOF: Intel: hda-bus: Use PIO mode on ACE2+ platforms
ASoc: SOF: topology: connect DAI to a single DAI link
ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction
ALSA: pcm: Fix race of buffer access at PCM OSS layer
ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10
llc: fix data loss when reading from a socket in llc_ui_recvmsg()
can: kvaser_pciefd: Continue parsing DMA buf after dropped RX
can: kvaser_pciefd: Fix echo_skb race
net: dsa: microchip: linearize skb for tail-tagging switches
vmxnet3: update MTU after device quiesce
pmdomain: renesas: rcar: Remove obsolete nullify checks
pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()
thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature
drm/edid: fixed the bug that hdr metadata was not reset
smb: client: Fix use-after-free in cifs_fill_dirent
arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs
smb: client: Reset all search buffer pointers when releasing buffer
Revert "drm/amd: Keep display off while going into S4"
Input: xpad - add more controllers
highmem: add folio_test_partial_kmap()
memcg: always call cond_resched() after fn()
mm/page_alloc.c: avoid infinite retries caused by cpuset race
mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled
mm: vmalloc: actually use the in-place vrealloc region
mm: vmalloc: only zero-init on vrealloc shrink
nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs()
Bluetooth: btmtksdio: Check function enabled before doing close
Bluetooth: btmtksdio: Do close if SDIO card removed without close
Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
ksmbd: fix stream write failure
platform/x86: think-lmi: Fix attribute name usage for non-compliant items
spi: use container_of_cont() for to_spi_device()
spi: spi-fsl-dspi: restrict register range for regmap access
spi: spi-fsl-dspi: Halt the module after a new message transfer
spi: spi-fsl-dspi: Reset SR flags before sending a new message
err.h: move IOMEM_ERR_PTR() to err.h
gcc-15: make 'unterminated string initialization' just a warning
gcc-15: disable '-Wunterminated-string-initialization' entirely for now
Fix mis-uses of 'cc-option' for warning disablement
kbuild: Properly disable -Wunterminated-string-initialization for clang
drm/amd/display: Exit idle optimizations before accessing PHY
bpf: abort verification if env->cur_state->loop_entry != NULL
serial: sh-sci: Save and restore more registers
drm/amdkfd: Correct F8_MODE for gfx950
watchdog: aspeed: fix 64-bit division
pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group()
i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work()
x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers bounce buffers
drm/gem: Internally test import_attach for imported objects
Linux 6.12.31
Change-Id: I017795966fb764f9320a6a0df1571d19e5e631fe
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 5725bc608252050ed8a4d47d59225b7dd73474c8 ]
When using and existing adv_info instance for broadcast source it
needs to be updated to periodic first before it can be reused, also in
case the existing instance already have data hci_set_adv_instance_data
cannot be used directly since it would overwrite the existing data so
this reappend the original data after the Broadcast ID, if one was
generated.
Example:
bluetoothctl># Add PBP to EA so it can be later referenced as the BIS ID
bluetoothctl> advertise.service 0x1856 0x00 0x00
bluetoothctl> advertise on
...
< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 13
Handle: 0x01
Operation: Complete extended advertising data (0x03)
Fragment preference: Minimize fragmentation (0x01)
Data length: 0x09
Service Data: Public Broadcast Announcement (0x1856)
Data[2]: 0000
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
...
bluetoothctl># Attempt to acquire Broadcast Source transport
bluetoothctl>transport.acquire /org/bluez/hci0/pac_bcast0/fd0
...
< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 255
Handle: 0x01
Operation: Complete extended advertising data (0x03)
Fragment preference: Minimize fragmentation (0x01)
Data length: 0x0e
Service Data: Broadcast Audio Announcement (0x1852)
Broadcast ID: 11371620 (0xad8464)
Service Data: Public Broadcast Announcement (0x1856)
Data[2]: 0000
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
Link: https://github.com/bluez/bluez/issues/1117
Fixes: eca0ae4aea ("Bluetooth: Add initial implementation of BIS connections")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 20a2aa01f5aeb6daad9aeaa7c33dd512c58d81eb ]
The len parameter is considered optional so it can be NULL so it cannot
be used for skipping to next entry of EIR_SERVICE_DATA.
Fixes: 8f9ae5b3ae ("Bluetooth: eir: Add helpers for managing service data")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 276af34d82f13bda0b2a4d9786c90b8bbf1cd064 ]
mgmt_pending_find_data() last use was removed in 2021 by
commit 5a75013746 ("Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO")
Remove it.
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Stable-dep-of: 6fe26f694c82 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 308a3a8ce8ea41b26c46169f3263e50f5997c28e ]
Releasing + re-acquiring RCU lock inside list_for_each_entry_rcu() loop
body is not correct.
Fix by taking the update-side hdev->lock instead.
Fixes: c7eaf80bfb ("Bluetooth: Fix hci_link_tx_to RCU lock usage")
Signed-off-by: Pauli Virtanen <pav@iki.fi>
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 03dba9cea72f977e873e4e60e220fa596959dd8f ]
Depending on the security set the response to L2CAP_LE_CONN_REQ shall be
just L2CAP_CR_LE_ENCRYPTION if only encryption when BT_SECURITY_MEDIUM
is selected since that means security mode 2 which doesn't require
authentication which is something that is covered in the qualification
test L2CAP/LE/CFC/BV-25-C.
Link: https://github.com/bluez/bluez/issues/1270
Fixes: 27e2d4c8d2 ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 3bb88524b7d030160bb3c9b35f928b2778092111 ]
In 'mgmt_mesh_foreach()', iterate over mesh commands
rather than generic mgmt ones. Compile tested only.
Fixes: b338d91703 ("Bluetooth: Implement support for Mesh")
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e2d471b7806b09744d65a64bcf41337468f2443b ]
Up until now it has been assumed that the application would be able to
enter the advertising SID in sockaddr_iso_bc.bc_sid, but userspace has
no access to SID since the likes of MGMT_EV_DEVICE_FOUND cannot carry
it, so it was left unset (0x00) which means it would be unable to
synchronize if the broadcast source is using a different SID e.g. 0x04:
> HCI Event: LE Meta Event (0x3e) plen 57
LE Extended Advertising Report (0x0d)
Num reports: 1
Entry 0
Event type: 0x0000
Props: 0x0000
Data status: Complete
Address type: Random (0x01)
Address: 0B:82:E8:50:6D:C8 (Non-Resolvable)
Primary PHY: LE 1M
Secondary PHY: LE 2M
SID: 0x04
TX power: 127 dBm
RSSI: -55 dBm (0xc9)
Periodic advertising interval: 180.00 msec (0x0090)
Direct address type: Public (0x00)
Direct address: 00:00:00:00:00:00 (OUI 00-00-00)
Data length: 0x1f
06 16 52 18 5b 0b e1 05 16 56 18 04 00 11 30 4c ..R.[....V....0L
75 69 7a 27 73 20 53 32 33 20 55 6c 74 72 61 uiz's S23 Ultra
Service Data: Broadcast Audio Announcement (0x1852)
Broadcast ID: 14748507 (0xe10b5b)
Service Data: Public Broadcast Announcement (0x1856)
Data[2]: 0400
Unknown EIR field 0x30[16]: 4c75697a27732053323320556c747261
< HCI Command: LE Periodic Advertising Create Sync (0x08|0x0044) plen 14
Options: 0x0000
Use advertising SID, Advertiser Address Type and address
Reporting initially enabled
SID: 0x00 (<- Invalid)
Adv address type: Random (0x01)
Adv address: 0B:82:E8:50:6D:C8 (Non-Resolvable)
Skip: 0x0000
Sync timeout: 20000 msec (0x07d0)
Sync CTE type: 0x0000
So instead this changes now allow application to set HCI_SID_INVALID
which will make hci_le_pa_create_sync to wait for a report, update the
conn->sid using the report SID and only then issue PA create sync
command:
< HCI Command: LE Periodic Advertising Create Sync
Options: 0x0000
Use advertising SID, Advertiser Address Type and address
Reporting initially enabled
SID: 0x04
Adv address type: Random (0x01)
Adv address: 0B:82:E8:50:6D:C8 (Non-Resolvable)
Skip: 0x0000
Sync timeout: 20000 msec (0x07d0)
Sync CTE type: 0x0000
> HCI Event: LE Meta Event (0x3e) plen 16
LE Periodic Advertising Sync Established (0x0e)
Status: Success (0x00)
Sync handle: 64
Advertising SID: 0x04
Advertiser address type: Random (0x01)
Advertiser address: 0B:82:E8:50:6D:C8 (Non-Resolvable)
Advertiser PHY: LE 2M (0x02)
Periodic advertising interval: 180.00 msec (0x0090)
Advertiser clock accuracy: 0x05
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 18 out of 143 changes, affecting 32 files +213/-83
10d1496f85 fs/xattr.c: fix simple_xattr_list to always include security.* xattrs [1 file, +24/-0]
bc4c54cbb4 binfmt_elf: Move brk for static PIE even if ASLR disabled [1 file, +47/-24]
f0d70d8dca cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks [1 file, +4/-2]
517c11fe4f tracing: probes: Fix a possible race in trace_probe_log APIs [5 files, +27/-3]
94e7272b63 HID: uclogic: Add NULL check in uclogic_input_configured() [1 file, +4/-3]
28826a89fd Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags [1 file, +6/-3]
d1365ca80b net_sched: Flush gso_skb list too during ->change() [7 files, +21/-6]
ddfa034da3 nvme-pci: make nvme_pci_npages_prp() __always_inline [1 file, +1/-1]
a3c147040b nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable [1 file, +2/-0]
c88f4ff535 ALSA: usb-audio: Add sample rate quirk for Audioengine D1 [1 file, +2/-0]
93152dac0b ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera [1 file, +2/-0]
fe1bebd0ed dma-buf: insert memory barrier before updating num_fences [1 file, +3/-2]
7d353da580 ftrace: Fix preemption accounting for stacktrace trigger command [1 file, +1/-1]
bffc3038a2 scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer [3 files, +7/-2]
20d6e621be ring-buffer: Fix persistent buffer when commit page is the reader page [1 file, +5/-3]
fe0756daad mm: userfaultfd: correct dirty flags set for both present and swap pte [1 file, +10/-2]
74953f93f4 mm/page_alloc: fix race condition in unaccepted memory handling [1 file, +0/-23]
5924b32446 usb: typec: ucsi: displayport: Fix deadlock [3 files, +47/-8]
Changes in 6.12.30
arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588
fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies
drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
riscv: dts: sophgo: fix DMA data-width configuration for CV18xx
binfmt_elf: Move brk for static PIE even if ASLR disabled
platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL)
platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks
tracing: probes: Fix a possible race in trace_probe_log APIs
tpm: tis: Double the timeout B to 4s
uio_hv_generic: Fix sysfs creation path for ring buffer
KVM: Add member to struct kvm_gfn_range to indicate private/shared
KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing
iio: adc: ad7266: Fix potential timestamp alignment issue.
iio: chemical: pms7003: use aligned_s64 for timestamp
iio: pressure: mprls0025pa: use aligned_s64 for timestamp
drm/amd: Add Suspend/Hibernate notification callback support
Revert "drm/amd: Stop evicting resources on APUs in suspend"
xhci: dbc: Improve performance by removing delay in transfer event polling.
xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive.
iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
iio: chemical: sps30: use aligned_s64 for timestamp
virtio_ring: add a func argument 'recycle_done' to virtqueue_reset()
virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx
RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
HID: uclogic: Add NULL check in uclogic_input_configured()
nfs: handle failure of nfs_get_lock_context in unlock path
spi: loopback-test: Do not split 1024-byte hexdumps
RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
net_sched: Flush gso_skb list too during ->change()
tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
mctp: no longer rely on net->dev_index_head[]
net: mctp: Don't access ifa_index when missing
selftests: ncdevmem: Redirect all non-payload output to stderr
selftests: ncdevmem: Separate out dmabuf provider
selftests: ncdevmem: Unify error handling
selftests: ncdevmem: Make client_ip optional
selftests: ncdevmem: Switch to AF_INET6
tests/ncdevmem: Fix double-free of queue array
net: mctp: Ensure keys maintain only one ref to corresponding dev
ALSA: seq: Fix delivery of UMP events to group ports
ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
nvme-pci: make nvme_pci_npages_prp() __always_inline
nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
ALSA: sh: SND_AICA should depend on SH_DMA_API
net: dsa: b53: prevent standalone from trying to forward to other ports
vsock/test: Fix occasional failure in SIOCOUTQ tests
net/mlx5e: Disable MACsec offload for uplink representor profile
qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
regulator: max20086: fix invalid memory access
drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value
netlink: specs: tc: fix a couple of attribute names
netlink: specs: tc: all actions are indexed arrays
octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability
octeontx2-af: Fix CGX Receive counters
octeontx2-pf: Do not reallocate all ntuple filters
wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
net/tls: fix kernel panic when alloc_page failed
tsnep: fix timestamping with a stacked DSA driver
NFSv4/pnfs: Reset the layout state after a layoutreturn
dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted"
sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
udf: Make sure i_lenExtents is uptodate on inode eviction
HID: bpf: abort dispatch if device destroyed
LoongArch: Prevent cond_resched() occurring within kernel-fpu
LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
LoongArch: Save and restore CSR.CNTC for hibernation
LoongArch: Fix MAX_REG_OFFSET calculation
LoongArch: uprobes: Remove user_{en,dis}able_single_step()
LoongArch: uprobes: Remove redundant code about resume_era
btrfs: fix discard worker infinite loop after disabling discard
btrfs: fix folio leak in submit_one_async_extent()
btrfs: add back warning for mount option commit values exceeding 300
Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor"
drm/amdgpu: fix incorrect MALL size for GFX1151
drm/amdgpu: csa unmap use uninterruptible lock
drm/amd/display: Correct the reply value when AUX write incomplete
drm/amd/display: Avoid flooding unnecessary info messages
MAINTAINERS: Update Alexey Makhalov's email address
gpio: pca953x: fix IRQ storm on system wake up
ACPI: PPTT: Fix processor subtable walk
ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
ALSA: usb-audio: Add sample rate quirk for Audioengine D1
ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
dma-buf: insert memory barrier before updating num_fences
hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
hv_netvsc: Remove rmsg_pgcnt
arm64: dts: amlogic: dreambox: fix missing clkc_audio node
arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi
Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
kbuild: Disable -Wdefault-const-init-unsafe
ftrace: Fix preemption accounting for stacktrace trigger command
ftrace: Fix preemption accounting for stacktrace filter command
tracing: samples: Initialize trace_array_printk() with the correct function
phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
phy: Fix error handling in tegra_xusb_port_init
phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
phy: renesas: rcar-gen3-usb2: Set timing registers only once
scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
smb: client: fix memory leak during error handling for POSIX mkdir
spi: tegra114: Use value to check for invalid delays
tpm: Mask TPM RC in tpm2_start_auth_session()
wifi: mt76: disable napi on driver removal
ring-buffer: Fix persistent buffer when commit page is the reader page
net: qede: Initialize qede_ll_ops with designated initializer
mm: userfaultfd: correct dirty flags set for both present and swap pte
dmaengine: ti: k3-udma: Add missing locking
dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines
dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups
dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals
dmaengine: idxd: Add missing cleanups in cleanup internals
dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call
dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe
dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
CIFS: New mount option for cifs.upcall namespace resolution
drm/xe/gsc: do not flush the GSC worker from the reset path
mm/page_alloc: fix race condition in unaccepted memory handling
accel/ivpu: Rename ivpu_log_level to fw_log_level
accel/ivpu: Reset fw log on cold boot
accel/ivpu: Refactor functions in ivpu_fw_log.c
accel/ivpu: Fix fw log printing
iio: light: opt3001: fix deadlock due to concurrent flag access
Bluetooth: btnxpuart: Fix kernel panic during FW release
drm/fbdev-dma: Support struct drm_driver.fbdev_probe
drm/panel-mipi-dbi: Run DRM default client setup
drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()
usb: typec: ucsi: displayport: Fix deadlock
phy: tegra: xusb: remove a stray unlock
drm/amdgpu: fix pm notifier handling
Linux 6.12.30
Change-Id: I4fefed85c02f1ed826b7ee014700b80c10300bb5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 7af8479d9eb4319b4ba7b47a8c4d2c55af1c31e1 ]
l2cap_check_enc_key_size shall check the security level of the
l2cap_chan rather than the hci_conn since for incoming connection
request that may be different as hci_conn may already been
encrypted using a different security level.
Fixes: 522e9ed157e3 ("Bluetooth: l2cap: Check encryption key size on incoming connection")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 14d17c78a4b1660c443bae9d38c814edea506f62 ]
A SCO connection without the proper voice_setting can cause
the controller to lock up.
Signed-off-by: Pedro Nishiyama <nishiyama.pedro@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 33 out of 166 changes, affecting 52 files +454/-363
0aaae77be5 ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() [1 file, +7/-0]
fdf0ae5e9e ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset [1 file, +2/-1]
38d9ca7405 binder: fix offset calculation in debug log [1 file, +1/-1]
f1dfc94584 drm/fdinfo: Protect against driver unbind [1 file, +6/-0]
090c8714ef arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays [1 file, +2/-0]
eb9b72e4fe mm/memblock: pass size instead of end to memblock_set_node() [1 file, +1/-1]
9c4ddea497 mm/memblock: repeat setting reserved region nid if array is doubled [1 file, +10/-0]
0988dd0263 tracing: Do not take trace_event_sem in print_event_fields() [1 file, +2/-2]
f451082572 dm-bufio: don't schedule in atomic context [1 file, +8/-1]
510aea4ef0 dm: always update the array size in realloc_argv on success [1 file, +3/-2]
2e303d0107 iommu: Fix two issues in iommu_copy_struct_from_user() [1 file, +4/-4]
573b047229 cpufreq: Avoid using inconsistent policy->min and policy->max [1 file, +25/-7]
962d88304c cpufreq: Fix setting policy limits when frequency tables are used [4 files, +73/-41]
1f27a3e93b tracing: Fix oob write in trace_seq_to_buffer() [1 file, +3/-2]
220395054c ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties [1 file, +13/-19]
29a4a29112 ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence [1 file, +4/-1]
65d3c57061 xsk: Fix race condition in AF_XDP generic RX path [4 files, +6/-6]
fe81c26d2d Bluetooth: hci_conn: Remove alloc from critical section [1 file, +10/-18]
eb8b860e87 Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver [6 files, +95/-107]
620810ac1f Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync [7 files, +88/-109]
432572d536 Bluetooth: L2CAP: copy RX timestamp to new fragments [1 file, +3/-0]
6b1355860d scsi: ufs: core: Remove redundant query_complete trace [1 file, +0/-2]
5ad0b1b554 nvme-pci: fix queue unquiesce check on slot_reset [1 file, +1/-1]
6effe1c0fa net: ipv6: fix UDPv6 GSO segmentation with NAT [1 file, +60/-1]
c0dba059b1 net: use sock_gen_put() when sk_state is TCP_TIME_WAIT [2 files, +2/-2]
e10ec6e32b blk-mq: create correct map for fallback case [1 file, +1/-2]
dab2a13059 mm, slab: clean up slab->obj_exts always [1 file, +7/-20]
0a188c0e19 sch_htb: make htb_qlen_notify() idempotent [1 file, +2/-0]
969d8beaa2 firmware: arm_scmi: Balance device refcount when destroying devices [1 file, +3/-0]
3b41b5efae kernel: param: rename locate_module_kobject [1 file, +3/-3]
69113bf740 kernel: globalize lookup_or_create_module_kobject() [2 files, +3/-1]
e1eea69858 drivers: base: handle module_kobject creation [1 file, +5/-8]
db62809197 dm: fix copying after src array boundaries [1 file, +1/-1]
Changes in 6.12.28
Bluetooth: btusb: add Foxconn 0xe0fc for Qualcomm WCN785x
Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x
Bluetooth: btusb: Add one more ID 0x13d3:0x3623 for Qualcomm WCN785x
Bluetooth: btusb: Add ID 0x2c7c:0x0130 for Qualcomm WCN785x
Bluetooth: btusb: Add new VID/PID for WCN785x
Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x
Revert "rndis_host: Flag RNDIS modems as WWAN devices"
ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
binder: fix offset calculation in debug log
btrfs: adjust subpage bit start based on sectorsize
btrfs: fix COW handling in run_delalloc_nocow()
cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
drm/fdinfo: Protect against driver unbind
drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
EDAC/altera: Test the correct error reg offset
EDAC/altera: Set DDR and SDMMC interrupt mask before registration
i2c: imx-lpi2c: Fix clock count when probe defers
arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
parisc: Fix double SIGFPE crash
perf/x86/intel: Only check the group flag for X86 leader
perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.
amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload
irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
mm/memblock: pass size instead of end to memblock_set_node()
mm/memblock: repeat setting reserved region nid if array is doubled
mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
spi: tegra114: Don't fail set_cs_timing when delays are zero
tracing: Do not take trace_event_sem in print_event_fields()
wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
dm-bufio: don't schedule in atomic context
dm-integrity: fix a warning on invalid table line
dm: always update the array size in realloc_argv on success
drm/amdgpu: Fix offset for HDP remap in nbio v7.11
drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids
iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
iommu: Fix two issues in iommu_copy_struct_from_user()
platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles
platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug
ksmbd: fix use-after-free in ksmbd_session_rpc_open
ksmbd: fix use-after-free in kerberos authentication
ksmbd: fix use-after-free in session logoff
smb: client: fix zero length for mkdir POSIX create context
cpufreq: Avoid using inconsistent policy->min and policy->max
cpufreq: Fix setting policy limits when frequency tables are used
tracing: Fix oob write in trace_seq_to_buffer()
drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties
ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
book3s64/radix : Align section vmemmap start address to PAGE_SIZE
pinctrl: imx: Return NULL if no group is matched and found
powerpc/boot: Check for ld-option support
ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
ALSA: hda/realtek - Enable speaker for HP platform
drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions'
wifi: iwlwifi: don't warn if the NIC is gone in resume
wifi: iwlwifi: fix the check for the SCRATCH register upon resume
wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
powerpc/boot: Fix dash warning
vxlan: vnifilter: Fix unlocked deletion of default FDB entry
xsk: Fix race condition in AF_XDP generic RX path
net/mlx5e: Use custom tunnel header for vxlan gbp
net/mlx5: E-Switch, Initialize MAC Address for Default GID
net/mlx5e: TC, Continue the attr process even if encap entry is invalid
net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
net/mlx5: E-switch, Fix error handling for enabling roce
accel/ivpu: Correct DCT interrupt handling
ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
Bluetooth: hci_conn: Remove alloc from critical section
Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
Bluetooth: btintel_pcie: Avoid redundant buffer allocation
Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
Bluetooth: L2CAP: copy RX timestamp to new fragments
net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
octeon_ep_vf: Resolve netdevice usage count issue
bnxt_en: improve TX timestamping FIFO configuration
rtase: Modify the condition used to detect overflow in rtase_calc_time_mitigation
net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll
net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised
net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
pds_core: make pdsc_auxbus_dev_del() void
pds_core: specify auxiliary_device to be created
pds_core: remove write-after-free of client_id
net_sched: drr: Fix double list add in class with netem as child qdisc
net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
net_sched: ets: Fix double list add in class with netem as child qdisc
net_sched: qfq: Fix double list add in class with netem as child qdisc
ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
idpf: fix offloads support for encapsulated packets
scsi: ufs: core: Remove redundant query_complete trace
ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
nvme-pci: fix queue unquiesce check on slot_reset
drm/tests: shmem: Fix memleak
drm/mipi-dbi: Fix blanking for non-16 bit formats
net: dlink: Correct endianness handling of led_mode
net: mdio: mux-meson-gxl: set reversed bit when using internal phy
idpf: fix potential memory leak on kcalloc() failure
idpf: protect shutdown from reset
igc: fix lock order in igc_ptp_reset
net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
net: dsa: felix: fix broken taprio gate states after clock jump
net: ipv6: fix UDPv6 GSO segmentation with NAT
ALSA: hda/realtek: Fix built-mic regression on other ASUS models
bnxt_en: Fix error handling path in bnxt_init_chip()
bnxt_en: Fix ethtool selftest output in one of the failure cases
bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
bnxt_en: Fix coredump logic to free allocated buffer
bnxt_en: Fix out-of-bound memcpy() during ethtool -w
bnxt_en: Fix ethtool -d byte order for 32-bit values
nvme-tcp: fix premature queue removal and I/O failover
nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
ASoC: simple-card-utils: Fix pointer check in graph_util_parse_link_direction
bnxt_en: fix module unload sequence
net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
net: lan743x: Fix memleak issue when GSO enabled
net: fec: ERR007885 Workaround for conventional TX
octeon_ep: Fix host hang issue during device reboot
net: hns3: store rx VLAN tag offload state for VF
net: hns3: fix an interrupt residual problem
net: hns3: fixed debugfs tm_qset size
net: hns3: defer calling ptp_clock_register()
net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
net: vertexcom: mse102x: Fix LEN_MASK
net: vertexcom: mse102x: Add range check for CMD_RTS
net: vertexcom: mse102x: Fix RX error handling
blk-mq: create correct map for fallback case
mm, slab: clean up slab->obj_exts always
bcachefs: Remove incorrect __counted_by annotation
net: Fix the devmem sock opts and msgs for parisc
accel/ivpu: Make DB_ID and JOB_ID allocations incremental
accel/ivpu: Use xa_alloc_cyclic() instead of custom function
accel/ivpu: Fix a typo
accel/ivpu: Update VPU FW API headers
accel/ivpu: Abort all jobs after command queue unregister
accel/ivpu: Fix locking order in ivpu_job_submit
accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
sch_htb: make htb_qlen_notify() idempotent
sch_drr: make drr_qlen_notify() idempotent
sch_hfsc: make hfsc_qlen_notify() idempotent
sch_qfq: make qfq_qlen_notify() idempotent
sch_ets: make est_qlen_notify() idempotent
drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change
firmware: arm_scmi: Balance device refcount when destroying devices
firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
arm64: dts: imx95: Correct the range of PCIe app-reg region
ARM: dts: opos6ul: add ksz8081 phy properties
arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
arm64: dts: st: Use 128kB size for aliased GIC400 register access on stm32mp25 SoCs
Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
kernel: param: rename locate_module_kobject
kernel: globalize lookup_or_create_module_kobject()
drivers: base: handle module_kobject creation
drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
drm/amd/display: Fix slab-use-after-free in hdcp
dm: fix copying after src array boundaries
Linux 6.12.28
Change-Id: I79f3d50a10acfe53f329b4b5a4af502f488c61f3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 1e2e3044c1bc64a64aa0eaf7c17f7832c26c9775 ]
Device flags could be updated in the meantime while MGMT_OP_ADD_DEVICE
is pending on hci_update_passive_scan_sync so instead of setting the
current_flags as cmd->user_data just do a lookup using
hci_conn_params_lookup and use the latest stored flags.
Fixes: a182d9c84f9c ("Bluetooth: MGMT: Fix Add Device to responding before completing")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
GKI (arm64) relevant 33 out of 218 changes, affecting 50 files +373/-248
5ec9039702 driver core: bus: add irq_get_affinity callback to bus_type [1 file, +3/-0]
fe2bdefe86 blk-mq: introduce blk_mq_map_hw_queues [2 files, +39/-0]
6ad0acb56b Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address [1 file, +3/-2]
d49798ecd2 Bluetooth: l2cap: Check encryption key size on incoming connection [1 file, +2/-1]
b02c2ac2f3 ipv6: add exception routes to GC list in rt6_insert_exception [1 file, +1/-0]
61765e1b41 ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() [1 file, +1/-1]
41e43134dd block: fix resource leak in blk_register_queue() error path [1 file, +2/-0]
0175902f6e loop: aio inherit the ioprio of original request [1 file, +1/-1]
78253d44e9 loop: stop using vfs_iter_{read,write} for buffered I/O [1 file, +17/-95]
28da4dd840 writeback: fix false warning in inode_to_wb() [1 file, +1/-0]
f2e2926e9e Revert "PCI: Avoid reset when disabled via sysfs" [1 file, +0/-4]
569bbe2fc7 Bluetooth: l2cap: Process valid commands in too long frame [1 file, +17/-1]
694521cb3f loop: properly send KOBJ_CHANGED uevent for disk device [1 file, +2/-2]
c45ba83935 loop: LOOP_SET_FD: send uevents for partitions [1 file, +2/-1]
4f34d6f979 mm/compaction: fix bug in hugetlb handling pathway [1 file, +3/-3]
b609a60e31 mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() [1 file, +2/-2]
8338e0723f mm: fix filemap_get_folios_contig returning batches of identical folios [1 file, +1/-0]
029458063e mm: fix apply_to_existing_page_range() [1 file, +2/-2]
b9e3579213 ovl: don't allow datadir only [1 file, +5/-0]
8baa747193 slab: ensure slab->obj_exts is clear in a newly allocated slab page [1 file, +10/-0]
5f878db827 string: Add load_unaligned_zeropad() code path to sized_strscpy() [1 file, +10/-3]
5683eaf4ee tracing: Fix filter string testing [1 file, +2/-2]
c3e31d6139 virtiofs: add filesystem context source name check [1 file, +3/-0]
c1a485c46c cpufreq: Reference count policy in cpufreq_update_limits() [1 file, +8/-0]
5b34f40cda block: remove rq_list_move [1 file, +0/-17]
2ad0f19a4e block: add a rq_list type [11 files, +104/-88]
7e2d224939 block: don't reorder requests in blk_add_rq_to_plug [3 files, +4/-4]
b906c1ad25 mm/vma: add give_up_on_oom option on modify/merge, use in uffd release [3 files, +53/-7]
d30b9c5950 bpf: add find_containing_subprog() utility function [1 file, +24/-4]
1d572c6048 bpf: track changes_pkt_data property for global functions [2 files, +32/-1]
3846e2bea5 bpf: check changes_pkt_data property for extension programs [2 files, +13/-4]
f0946dcccb bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs [1 file, +5/-2]
f78507c1ef block: make struct rq_list available for !CONFIG_BLOCK [1 file, +1/-1]
Changes in 6.12.25
scsi: hisi_sas: Enable force phy when SATA disk directly connected
wifi: at76c50x: fix use after free access in at76_disconnect
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
wifi: wl1251: fix memory leak in wl1251_tx_work
scsi: iscsi: Fix missing scsi_host_put() in error path
driver core: bus: add irq_get_affinity callback to bus_type
blk-mq: introduce blk_mq_map_hw_queues
scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues
scsi: smartpqi: Use is_kdump_kernel() to check for kdump
md/raid10: fix missing discard IO accounting
md/md-bitmap: fix stats collection for external bitmaps
ASoC: dwc: always enable/disable i2s irqs
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
crypto: tegra - remove redundant error check on ret
crypto: tegra - Do not use fixed size buffers
crypto: tegra - Fix IV usage for AES ECB
ovl: remove unused forward declaration
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
RDMA/hns: Fix wrong maximum DMA segment size
ALSA: hda/cirrus_scodec_test: Don't select dependencies
ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA
ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
ASoC: cs42l43: Reset clamp override on jack removal
RDMA/core: Silence oversized kvmalloc() warning
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Bluetooth: btrtl: Prevent potential NULL dereference
Bluetooth: l2cap: Check encryption key size on incoming connection
ipv6: add exception routes to GC list in rt6_insert_exception
xen: fix multicall debug feature
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
igc: fix PTM cycle trigger logic
igc: increase wait time before retrying PTM
igc: move ktime snapshot into PTM retry loop
igc: handle the IGC_PTP_ENABLED flag correctly
igc: cleanup PTP module if probe fails
igc: add lock preventing multiple simultaneous PTM transactions
dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry
smc: Fix lockdep false-positive for IPPROTO_SMC.
test suite: use %zu to print size_t
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
net: mctp: Set SOCK_RCU_FREE
block: fix resource leak in blk_register_queue() error path
netlink: specs: ovs_vport: align with C codegen capabilities
net: openvswitch: fix nested key length validation in the set() action
can: rockchip_canfd: fix broken quirks checks
net: ngbe: fix memory leak in ngbe_probe() error path
net: ethernet: ti: am65-cpsw: fix port_np reference counting
eth: bnxt: fix missing ring index trim on error path
loop: aio inherit the ioprio of original request
loop: stop using vfs_iter_{read,write} for buffered I/O
ata: libata-sata: Save all fields from sense data descriptor
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
netlink: specs: rt-link: add an attr layer around alt-ifname
netlink: specs: rt-link: adjust mctp attribute naming
net: b53: enable BPDU reception for management port
net: bridge: switchdev: do not notify new brentries as changed
net: txgbe: fix memory leak in txgbe_probe() error path
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
net: dsa: clean up FDB, MDB, VLAN entries on unbind
net: dsa: free routing table on probe failure
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
net: ti: icss-iep: Add pwidth configuration for perout signal
net: ti: icss-iep: Add phase offset configuration for perout signal
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
net: ethernet: mtk_eth_soc: reapply mdc divider on reset
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
riscv: Use kvmalloc_array on relocation_hashtable
riscv: Properly export reserved regions in /proc/iomem
riscv: module: Fix out-of-bounds relocation access
riscv: module: Allocate PLT entries for R_RISCV_PLT32
kunit: qemu_configs: SH: Respect kunit cmdline
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0
rust: kasan/kbuild: fix missing flags on first build
rust: disable `clippy::needless_continue`
rust: kbuild: use `pound` to support GNU Make < 4.3
writeback: fix false warning in inode_to_wb()
Revert "PCI: Avoid reset when disabled via sysfs"
ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
asus-laptop: Fix an uninitialized variable
block: integrity: Do not call set_page_dirty_lock()
drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later
dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline()
nfs: add missing selections of CONFIG_CRC32
nfsd: decrease sc_count directly if fail to queue dl_recall
i2c: atr: Fix wrong include
ftrace: fix incorrect hash size in register_ftrace_direct()
drm/msm/a6xx+: Don't let IB_SIZE overflow
Bluetooth: l2cap: Process valid commands in too long frame
Bluetooth: vhci: Avoid needless snprintf() calls
btrfs: correctly escape subvol in btrfs_show_options()
cpufreq/sched: Explicitly synchronize limits_changed flag handling
crypto: caam/qi - Fix drv_ctx refcount bug
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
i2c: cros-ec-tunnel: defer probe if parent EC is not present
isofs: Prevent the use of too small fid
loop: properly send KOBJ_CHANGED uevent for disk device
loop: LOOP_SET_FD: send uevents for partitions
mm/compaction: fix bug in hugetlb handling pathway
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
mm: fix filemap_get_folios_contig returning batches of identical folios
mm: fix apply_to_existing_page_range()
ovl: don't allow datadir only
ksmbd: Fix dangling pointer in krb_authenticate
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
ksmbd: Prevent integer overflow in calculation of deadtime
ksmbd: fix the warning from __kernel_write_iter
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Revert "smb: client: fix TCP timers deadlock after rmmod"
riscv: Avoid fortify warning in syscall_get_arguments()
selftests/mm: generate a temporary mountpoint for cgroup filesystem
slab: ensure slab->obj_exts is clear in a newly allocated slab page
smb3 client: fix open hardlink on deferred close file error
string: Add load_unaligned_zeropad() code path to sized_strscpy()
tracing: Fix filter string testing
virtiofs: add filesystem context source name check
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
x86/cpu/amd: Fix workaround for erratum 1054
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
scsi: ufs: exynos: Ensure consistent phy reference counts
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
RAS/AMD/ATL: Include row[13] bit in row retirement
RAS/AMD/FMPM: Get masked address
platform/x86: amd: pmf: Fix STT limits
perf/x86/intel: Allow to update user space GPRs from PEBS records
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
drm/repaper: fix integer overflows in repeat functions
drm/ast: Fix ast_dp connection status
drm/msm/dsi: Add check for devm_kstrdup()
drm/msm/a6xx: Fix stale rpmh votes from GPU
drm/amdgpu: Prefer shadow rom when available
drm/amd/display: prevent hang on link training fail
drm/amd: Handle being compiled without SI or CIK support better
drm/amd/display: Actually do immediate vblank disable
drm/amd/display: Increase vblank offdelay for PSR panels
drm/amd/pm: Prevent division by zero
drm/amd/pm/powerplay: Prevent division by zero
drm/amd/pm/smu11: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
drm/amdgpu/mes12: optimize MES pipe FW version fetching
drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed
drm/xe: Use local fence in error path of xe_migrate_clear
drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1
drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()
drm/amd/display: Protect FPU in dml21_copy()
drm/amdgpu/mes11: optimize MES pipe FW version fetching
drm/amdgpu/dma_buf: fix page_link check
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
drm/imagination: fix firmware memory leaks
drm/imagination: take paired job reference
drm/sti: remove duplicate object names
drm/xe: Fix an out-of-bounds shift when invalidating TLB
drm/i915/gvt: fix unterminated-string-initialization warning
drm/amdgpu: immediately use GTT for new allocations
drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes()
drm/amd/display: Protect FPU in dml2_init()/dml21_init()
drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1
drm/xe/dma_buf: stop relying on placement in unmap
drm/xe/userptr: fix notifier vs folio deadlock
drm/xe: Set LRC addresses before guc load
drm/amdgpu: fix warning of drm_mm_clean
drm/mgag200: Fix value in <VBLKSTR> register
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
arm64/sysreg: Add register fields for HDFGRTR2_EL2
arm64/sysreg: Add register fields for HDFGWTR2_EL2
arm64/sysreg: Add register fields for HFGITR2_EL2
arm64/sysreg: Add register fields for HFGRTR2_EL2
arm64/sysreg: Add register fields for HFGWTR2_EL2
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
cpufreq: Reference count policy in cpufreq_update_limits()
scripts: generate_rust_analyzer: Add ffi crate
kbuild: Add '-fno-builtin-wcslen'
platform/x86: msi-wmi-platform: Rename "data" variable
platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug
md: fix mddev uaf while iterating all_mddevs list
selftests/bpf: Fix raw_tp null handling test
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
LoongArch: Eliminate superfluous get_numa_distances_cnt()
drm/amd/display: Temporarily disable hostvm on DCN31
nvmet-fc: Remove unused functions
block: remove rq_list_move
block: add a rq_list type
block: don't reorder requests in blk_add_rq_to_plug
mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"
MIPS: dec: Declare which_prom() as static
MIPS: cevt-ds1287: Add missing ds1287.h include
MIPS: ds1287: Match ds1287_set_base_clock() function types
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
bpf: add find_containing_subprog() utility function
bpf: track changes_pkt_data property for global functions
selftests/bpf: test for changing packet data from global functions
bpf: check changes_pkt_data property for extension programs
selftests/bpf: freplace tests for tracking of changes_packet_data
selftests/bpf: validate that tail call invalidates packet pointers
bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs
selftests/bpf: extend changes_pkt_data with cases w/o subprograms
block: make struct rq_list available for !CONFIG_BLOCK
Linux 6.12.25
Change-Id: Ib99b782fabf924c599a3c66bcac37febef9d422e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3908feb1bd7f319a10e18d84369a48163264cc7d ]
Copy timestamp too when allocating new skb for received fragment.
Fixes missing RX timestamps with fragmentation.
Fixes: 4d7ea8ee90 ("Bluetooth: L2CAP: Fix handling fragmented length")
Signed-off-by: Pauli Virtanen <pav@iki.fi>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 024421cf39923927ab2b5fe895d1d922b9abe67f ]
BIG Create Sync requires the command to just generates a status so this
makes use of __hci_cmd_sync_status_sk to wait for
HCI_EVT_LE_BIG_SYNC_ESTABLISHED, also because of this chance it is not
longer necessary to use a custom method to serialize the process of
creating the BIG sync since the cmd_work_sync itself ensures only one
command would be pending which now awaits for
HCI_EVT_LE_BIG_SYNC_ESTABLISHED before proceeding to next connection.
Fixes: 42ecf1947135 ("Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6d0417e4e1cf66fd917f06f0454958362714ef7d ]
Broadcast Receiver requires creating PA sync but the command just
generates a status so this makes use of __hci_cmd_sync_status_sk to wait
for HCI_EV_LE_PA_SYNC_ESTABLISHED, also because of this chance it is not
longer necessary to use a custom method to serialize the process of
creating the PA sync since the cmd_work_sync itself ensures only one
command would be pending which now awaits for
HCI_EV_LE_PA_SYNC_ESTABLISHED before proceeding to next connection.
Fixes: 4a5e0ba68676 ("Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 25ab2db3e60e0e84d7cdc740ea6ae3c10fe61eaa ]
This removes the kzalloc memory allocation inside critical section in
create_pa_sync, fixing the following message that appears when the kernel
is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled:
BUG: sleeping function called from invalid context at
include/linux/sched/mm.h:321
Signed-off-by: Iulia Tanasescu <iulia.tanasescu@nxp.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Stable-dep-of: 6d0417e4e1cf ("Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ab6ab707a4d060a51c45fc13e3b2228d5f7c0b87 ]
This reverts commit 4d94f05558271654670d18c26c912da0c1c15549 which has
problems (see [1]) and is no longer needed since 581dd2dc168f
("Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating")
has reworked the code where the original bug has been found.
[1] Link: https://lore.kernel.org/linux-bluetooth/877c55ci1r.wl-tiwai@suse.de/T/#t
Fixes: 4d94f0555827 ("Bluetooth: hci_core: Fix sleeping function called from invalid context")
Change-Id: If816d3b42cb7b1c18e250c0a5ee266cdd48b4b01
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 55b098a2be)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Although commit 75ddcd5ad40e ("Bluetooth: btusb: Configure altsetting
for HCI_USER_CHANNEL") has enabled the HCI_USER_CHANNEL user to send out
SCO data through USB Bluetooth chips, it's observed that with the patch
HFP is flaky on most of the existing USB Bluetooth controllers: Intel
chips sometimes send out no packet for Transparent codec; MTK chips may
generate SCO data with a wrong handle for CVSD codec; RTK could split
the data with a wrong packet size for Transparent codec; ... etc.
To address the issue above one needs to reset the altsetting back to
zero when there is no active SCO connection, which is the same as the
BlueZ behavior, and another benefit is the bus doesn't need to reserve
bandwidth when no SCO connection.
This patch adds the infrastructure that allow the user space program to
talk to Bluetooth drivers directly:
- Define the new packet type HCI_DRV_PKT which is specifically used for
communication between the user space program and the Bluetooth drviers
- hci_send_frame intercepts the packets and invokes drivers' HCI Drv
callbacks (so far only defined for btusb)
- 2 kinds of events to user space: Command Status and Command Complete,
the former simply returns the status while the later may contain
additional response data.
Cc: chromeos-bluetooth-upstreaming@chromium.org
Fixes: b16b327edb4d ("Bluetooth: btusb: add sysfs attribute to control USB alt setting")
Signed-off-by: Hsin-chen Chuang <chharry@chromium.org>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bug: 387425332
(cherry picked from commit 4a740b78ddf3ce6894779f4526007ad24fbc049a
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master)
Change-Id: I226c67c4230cf6d0f324c2d8c00327ae875283c7
Signed-off-by: Hsin-chen Chuang <chharry@google.com>
commit e2e49e214145a8f6ece6ecd52fec63ebc2b27ce9 upstream.
This is required for passing PTS test cases:
- L2CAP/COS/CED/BI-14-C
Multiple Signaling Command in one PDU, Data Truncated, BR/EDR,
Connection Request
- L2CAP/COS/CED/BI-15-C
Multiple Signaling Command in one PDU, Data Truncated, BR/EDR,
Disconnection Request
The test procedure defined in L2CAP.TS.p39 for both tests is:
1. The Lower Tester sends a C-frame to the IUT with PDU Length set
to 8 and Channel ID set to the correct signaling channel for the
logical link. The Information payload contains one L2CAP_ECHO_REQ
packet with Data Length set to 0 with 0 octets of echo data and
one command packet and Data Length set as specified in Table 4.6
and the correct command data.
2. The IUT sends an L2CAP_ECHO_RSP PDU to the Lower Tester.
3. Perform alternative 3A, 3B, 3C, or 3D depending on the IUT’s
response.
Alternative 3A (IUT terminates the link):
3A.1 The IUT terminates the link.
3A.2 The test ends with a Pass verdict.
Alternative 3B (IUT discards the frame):
3B.1 The IUT does not send a reply to the Lower Tester.
Alternative 3C (IUT rejects PDU):
3C.1 The IUT sends an L2CAP_COMMAND_REJECT_RSP PDU to the
Lower Tester.
Alternative 3D (Any other IUT response):
3D.1 The Upper Tester issues a warning and the test ends.
4. The Lower Tester sends a C-frame to the IUT with PDU Length set
to 4 and Channel ID set to the correct signaling channel for the
logical link. The Information payload contains Data Length set to
0 with an L2CAP_ECHO_REQ packet with 0 octets of echo data.
5. The IUT sends an L2CAP_ECHO_RSP PDU to the Lower Tester.
With expected outcome:
In Steps 2 and 5, the IUT responds with an L2CAP_ECHO_RSP.
In Step 3A.1, the IUT terminates the link.
In Step 3B.1, the IUT does not send a reply to the Lower Tester.
In Step 3C.1, the IUT rejects the PDU.
In Step 3D.1, the IUT sends any valid response.
Currently PTS fails with the following logs:
Failed to receive ECHO RESPONSE.
And HCI logs:
> ACL Data RX: Handle 11 flags 0x02 dlen 20
L2CAP: Information Response (0x0b) ident 2 len 12
Type: Fixed channels supported (0x0003)
Result: Success (0x0000)
Channels: 0x000000000000002e
L2CAP Signaling (BR/EDR)
Connectionless reception
AMP Manager Protocol
L2CAP Signaling (LE)
> ACL Data RX: Handle 11 flags 0x02 dlen 13
frame too long
08 01 00 00 08 02 01 00 aa .........
Cc: stable@vger.kernel.org
Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit eb73b5a9157221f405b4fe32751da84ee46b7a25 ]
This fixes sending MGMT_EV_DEVICE_FOUND for invalid address
(00:00:00:00:00:00) which is a regression introduced by
a2ec905d1e ("Bluetooth: fix kernel oops in store_pending_adv_report")
since in the attempt to skip storing data for extended advertisement it
actually made the code to skip the entire if statement supposed to send
MGMT_EV_DEVICE_FOUND without attempting to use the last_addr_adv which
is garanteed to be invalid for extended advertisement since we never
store anything on it.
Link: https://github.com/bluez/bluez/issues/1157
Link: https://github.com/bluez/bluez/issues/1149#issuecomment-2767215658
Fixes: a2ec905d1e ("Bluetooth: fix kernel oops in store_pending_adv_report")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This reverts commit f87271d21d which is
commit ab4eedb790cae44313759b50fe47da285e2519d5 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I3ee05b3e7584529cb41ab496d14e7391cbf73260
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
GKI (arm64) relevant 45 out of 232 changes, affecting 66 files +537/-357
a74979dce9 mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq [1 file, +10/-4]
4e95072462 mm: fix kernel BUG when userfaultfd_move encounters swapcache [1 file, +66/-9]
99012b24ca userfaultfd: fix PTE unmapping stack-allocated PTE copies [1 file, +10/-10]
a5396ee0f5 netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around [1 file, +2/-2]
0befa32ac3 netfilter: nf_tables: make destruction work queue pernet [3 files, +21/-15]
0677a4f3c0 Bluetooth: hci_event: Fix enabling passive scanning [1 file, +22/-15]
55b098a2be Revert "Bluetooth: hci_core: Fix sleeping function called from invalid context" [6 files, +57/-97]
db1e0c0856 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() [1 file, +2/-0]
5c3ca9cb48 net_sched: Prevent creation of classes with TC_H_ROOT [1 file, +6/-0]
a4d42b5901 gre: Fix IPv6 link-local address generation. [1 file, +9/-6]
ae5716b463 hrtimers: Mark is_migration_base() with __always_inline [1 file, +12/-10]
ccdec7ea9a powercap: call put_device() on an error path in powercap_register_control_type() [1 file, +1/-2]
aa189c3941 futex: Pass in task to futex_queue() [5 files, +15/-9]
1207e5d1a2 scsi: core: Use GFP_NOIO to avoid circular locking dependency [1 file, +1/-1]
3be0408451 scsi: ufs: core: Fix error return with query response [1 file, +6/-1]
705f251518 HID: hid-steam: Fix issues with disabling both gamepad mode and lizard mode [1 file, +3/-3]
024d7e006a HID: hid-apple: Apple Magic Keyboard a3203 USB-C support [2 files, +6/-0]
3ceaafa26f HID: apple: fix up the F6 key on the Omoton KB066 keyboard [1 file, +3/-0]
30a40b5925 sched: Clarify wake_up_q()'s write to task->wake_q.next [1 file, +3/-2]
a91922e9ea thermal/cpufreq_cooling: Remove structure member documentation [1 file, +0/-2]
aa3b0ea474 arm64: amu: Delay allocating cpumask for AMU FIE support [1 file, +10/-12]
f8094625a5 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd [1 file, +34/-5]
4ed43c26b7 PCI: pci_ids: add INTEL_HDA_PTL_H [1 file, +1/-0]
b349a3d1b1 io-wq: backoff when retrying worker creation [1 file, +18/-5]
fd903dd301 nvme-pci: quirk Acer FA100 for non-uniqueue identifiers [1 file, +2/-0]
bfe7f298ee nvme: only allow entering LIVE from CONNECTING state [1 file, +0/-2]
df2ae00d96 fuse: don't truncate cached, mutated symlink [3 files, +22/-6]
d1ceef54b2 net: Handle napi_schedule() calls from non-interrupt [1 file, +1/-1]
7184e99610 block: fix 'kmem_cache of name 'bio-108' already exists' [1 file, +1/-1]
1936b189fa Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers [1 file, +8/-5]
e2304bbf87 Input: xpad - add multiple supported devices [1 file, +19/-1]
d91dd818f1 Input: xpad - add support for ZOTAC Gaming Zone [1 file, +2/-0]
f7ccf4eb4b Input: xpad - add support for TECNO Pocket Go [1 file, +2/-0]
0ff93d8956 Input: xpad - rename QH controller to Legion Go S [1 file, +2/-2]
87ede08ef2 USB: serial: ftdi_sio: add support for Altera USB Blaster 3 [2 files, +27/-0]
962912aaf8 drm/atomic: Filter out redundant DPMS calls [2 files, +8/-0]
454825019d netmem: prevent TX of unreadable skbs [1 file, +3/-0]
f6bbea2ffe arm64: mm: Populate vmemmap at the page level if not section aligned [1 file, +4/-1]
608bbf7ff5 Fix mmu notifiers for range-based invalidates [1 file, +12/-10]
a46a9371f8 ASoC: ops: Consistently treat platform_max as control value [2 files, +11/-9]
77213a424a nvme: move error logging from nvme_end_req() to __nvme_end_req() [1 file, +6/-6]
f415148282 mm/hugetlb: wait for hugetlb folios to be freed [3 files, +23/-0]
f87271d21d Bluetooth: L2CAP: Fix corrupted list in hci_chan_del [3 files, +58/-98]
8f324d9930 HID: apple: disable Fn key handling on the Omoton KB066 [1 file, +7/-4]
62b9ad7e52 fs/netfs/read_collect: add to next->prev_donated [1 file, +1/-1]
Changes in 6.12.20
mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq
mm: fix kernel BUG when userfaultfd_move encounters swapcache
userfaultfd: fix PTE unmapping stack-allocated PTE copies
fbdev: hyperv_fb: iounmap() the correct memory when removing a device
pinctrl: bcm281xx: Fix incorrect regmap max_registers value
pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw
netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
ice: do not configure destination override for switchdev
ice: fix memory leak in aRFS after reset
ice: Fix switchdev slow-path in LAG
netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around
netfilter: nf_tables: make destruction work queue pernet
sched: address a potential NULL pointer dereference in the GRED scheduler.
wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms
wifi: mac80211: don't queue sdata::work for a non-running sdata
wifi: cfg80211: cancel wiphy_work before freeing wiphy
Bluetooth: hci_event: Fix enabling passive scanning
Revert "Bluetooth: hci_core: Fix sleeping function called from invalid context"
net/mlx5: Fill out devlink dev info only for PFs
net: dsa: mv88e6xxx: Verify after ATU Load ops
net: mctp i3c: Copy headers if cloned
net: mctp i2c: Copy headers if cloned
netpoll: hold rcu read lock in __netpoll_send_skb()
drm/hyperv: Fix address space leak when Hyper-V DRM device is removed
fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs
fbdev: hyperv_fb: Simplify hvfb_putmem
fbdev: hyperv_fb: Allow graceful removal of framebuffer
Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
net/mlx5: handle errors in mlx5_chains_create_table()
eth: bnxt: fix truesize for mb-xdp-pass case
eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc()
eth: bnxt: do not use BNXT_VNIC_NTUPLE unconditionally in queue restart logic
eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
eth: bnxt: fix kernel panic in the bnxt_get_queue_stats{rx | tx}
eth: bnxt: use page pool for head frags
bnxt_en: refactor tpa_info alloc/free into helpers
bnxt_en: handle tpa_info in queue API implementation
eth: bnxt: fix memory leak in queue reset
net: switchdev: Convert blocking notification chain to a raw one
net: mctp: unshare packets when reassembling
bonding: fix incorrect MAC address setting to receive NS messages
selftests: bonding: fix incorrect mac address
rtase: Fix improper release of ring list entries in rtase_sw_reset
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
net_sched: Prevent creation of classes with TC_H_ROOT
netfilter: nft_exthdr: fix offset with ipv4_find_option()
gre: Fix IPv6 link-local address generation.
net: openvswitch: remove misbehaving actions length check
Revert "openvswitch: switch to per-action label counting in conntrack"
net/mlx5: HWS, Rightsize bwc matcher priority
net/mlx5: Fix incorrect IRQ pool usage when releasing IRQs
net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch
net/mlx5: Bridge, fix the crash caused by LAG state check
net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
nvme-fc: go straight to connecting state when initializing
nvme-fc: do not ignore connectivity loss during connecting
hrtimers: Mark is_migration_base() with __always_inline
powercap: call put_device() on an error path in powercap_register_control_type()
btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop
futex: Pass in task to futex_queue()
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
sched/debug: Provide slice length for fair tasks
platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show()
drm/amd/display: Fix out-of-bound accesses
scsi: core: Use GFP_NOIO to avoid circular locking dependency
scsi: ufs: core: Fix error return with query response
scsi: qla1280: Fix kernel oops when debug level > 2
ACPI: resource: IRQ override for Eluktronics MECH-17
smb: client: fix noisy when tree connecting to DFS interlink targets
alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
vboxsf: fix building with GCC 15
selftests: always check mask returned by statmount(2)
sched_ext: selftests/dsp_local_on: Fix sporadic failures
HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
HID: intel-ish-hid: Send clock sync message immediately after reset
HID: ignore non-functional sensor in HP 5MP Camera
HID: hid-steam: Fix issues with disabling both gamepad mode and lizard mode
usb: phy: generic: Use proper helper for property detection
HID: intel-ish-hid: ipc: Add Panther Lake PCI device IDs
HID: topre: Fix n-key rollover on Realforce R3S TKL boards
selftests/cgroup: use bash in test_cpuset_v1_hp.sh
HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
HID: apple: fix up the F6 key on the Omoton KB066 keyboard
btrfs: fix two misuses of folio_shift()
objtool: Ignore dangling jump table entries
sched: Clarify wake_up_q()'s write to task->wake_q.next
platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
platform/x86: int3472: Use correct type for "polarity", call it gpio_flags
platform/x86: int3472: Call "reset" GPIO "enable" for INT347E
s390/cio: Fix CHPID "configure" attribute caching
thermal/cpufreq_cooling: Remove structure member documentation
LoongArch: Fix kernel_page_present() for KPRANGE/XKPRANGE
LoongArch: KVM: Set host with kernel mode when switch to VM mode
arm64: amu: Delay allocating cpumask for AMU FIE support
Xen/swiotlb: mark xen_swiotlb_fixup() __init
Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
drm/tests: hdmi: Remove redundant assignments
drm/tests: hdmi: Reorder DRM entities variables assignment
drm/tests: hdmi: Fix recursive locking
selftests/bpf: Fix invalid flag of recv()
ASoC: Intel: sof_sdw: Add lookup of quirk using PCI subsystem ID
ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S14
ASoC: Intel: soc-acpi-intel-mtl-match: declare adr as ull
ASoC: simple-card-utils.c: add missing dlc->of_node
ALSA: hda/realtek: Limit mic boost on Positivo ARN50
ASoC: rsnd: indicate unsupported clock rate
ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
ASoC: rsnd: adjust convert rate limitation
ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
PCI: pci_ids: add INTEL_HDA_PTL_H
ALSA: hda: intel-dsp-config: Add PTL-H support
ASoC: SOF: Intel: pci-ptl: Add support for PTL-H
ALSA: hda: hda-intel: add Panther Lake-H support
ASoC: SOF: amd: Add post_fw_run_delay ACP quirk
ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE
net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
io-wq: backoff when retrying worker creation
nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
nvmet-rdma: recheck queue state is LIVE in state lock in recv done
apple-nvme: Release power domains when probe fails
cifs: Treat unhandled directory name surrogate reparse points as mount directory nodes
sctp: Fix undefined behavior in left shift operation
nvme: only allow entering LIVE from CONNECTING state
phy: ti: gmii-sel: Do not use syscon helper to build regmap
ASoC: tas2770: Fix volume scale
ASoC: tas2764: Fix power control mask
ASoC: tas2764: Set the SDOUT polarity correctly
fuse: don't truncate cached, mutated symlink
ASoC: dapm-graph: set fill colour of turned on nodes
ASoC: SOF: Intel: don't check number of sdw links when set dmic_fixup
drm/vkms: Round fixp2int conversion in lerp_u16
perf/x86/intel: Use better start period for frequency mode
x86/of: Don't use DTB for SMP setup if ACPI is enabled
x86/irq: Define trace events conditionally
perf/x86/rapl: Add support for Intel Arrow Lake U
mptcp: safety check before fallback
drm/nouveau: Do not override forced connector status
net: Handle napi_schedule() calls from non-interrupt
block: fix 'kmem_cache of name 'bio-108' already exists'
vhost: return task creation error instead of NULL
cifs: Validate content of WSL reparse point buffers
cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from parse_reparse_point()
Input: goodix-berlin - fix vddio regulator references
Input: ads7846 - fix gpiod allocation
Input: iqs7222 - preserve system status register
Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers
Input: xpad - add multiple supported devices
Input: xpad - add support for ZOTAC Gaming Zone
Input: xpad - add support for TECNO Pocket Go
Input: xpad - rename QH controller to Legion Go S
Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ
Input: i8042 - add required quirks for missing old boardnames
Input: i8042 - swap old quirk combination with new quirk for several devices
Input: i8042 - swap old quirk combination with new quirk for more devices
USB: serial: ftdi_sio: add support for Altera USB Blaster 3
USB: serial: option: add Telit Cinterion FE990B compositions
USB: serial: option: fix Telit Cinterion FE990A name
USB: serial: option: match on interface class for Telit FN990B
rust: lockdep: Remove support for dynamically allocated LockClassKeys
rust: remove leftover mentions of the `alloc` crate
rust: alloc: satisfy POSIX alignment requirement
rust: Disallow BTF generation with Rust + LTO
rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and `Option<KBox<T>>`
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
spi: microchip-core: prevent RX overflows when transmit size > FIFO size
drm/i915/cdclk: Do cdclk post plane programming later
drm/panic: use `div_ceil` to clean Clippy warning
drm/panic: fix overindented list items in documentation
drm/atomic: Filter out redundant DPMS calls
drm/dp_mst: Fix locking when skipping CSN before topology probing
drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags
drm/amd/amdkfd: Evict all queues even HWS remove queue failed
drm/amdgpu/display: Allow DCC for video formats on GFX12
drm/amd/display: Disable unneeded hpd interrupts during dm_init
drm/amd/display: fix default brightness
drm/amd/display: fix missing .is_two_pixels_per_container
drm/amd/display: Restore correct backlight brightness after a GPU reset
drm/amd/display: Assign normalized_pix_clk when color depth = 14
drm/amd/display: Fix slab-use-after-free on hdcp_work
ksmbd: fix use-after-free in ksmbd_free_work_struct
ksmbd: prevent connection release during oplock break notification
clk: samsung: update PLL locktime for PLL142XX used on FSD platform
clk: samsung: gs101: fix synchronous external abort in samsung_clk_save()
ASoC: Intel: sof_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()
ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model
netmem: prevent TX of unreadable skbs
dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature
arm64: mm: Populate vmemmap at the page level if not section aligned
Fix mmu notifiers for range-based invalidates
qlcnic: fix memory leak issues in qlcnic_sriov_common.c
smb: client: fix regression with guest option
net: phy: nxp-c45-tja11xx: add TJA112X PHY configuration errata
net: phy: nxp-c45-tja11xx: add TJA112XB SGMII PCS restart errata
sched_ext: Validate prev_cpu in scx_bpf_select_cpu_dfl()
ASoC: ops: Consistently treat platform_max as control value
rust: error: add missing newline to pr_warn! calls
drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
ASoC: cs42l43: Fix maximum ADC Volume
rust: init: add missing newline to pr_info! calls
ASoC: rt722-sdca: add missing readable registers
drm/xe: cancel pending job timer before freeing scheduler
drm/xe: Release guc ids before cancelling work
drm/xe/userptr: Fix an incorrect assert
drm/xe/pm: Temporarily disable D3Cold on BMG
nvme: move error logging from nvme_end_req() to __nvme_end_req()
ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
drm/i915: Increase I915_PARAM_MMAP_GTT_VERSION version to indicate support for partial mmaps
scripts: generate_rust_analyzer: add missing macros deps
scripts: generate_rust_analyzer: add missing include_dirs
scripts: generate_rust_analyzer: add uapi crate
block: change blk_mq_add_to_batch() third argument type to bool
cifs: Fix integer overflow while processing acregmax mount option
cifs: Fix integer overflow while processing acdirmax mount option
cifs: Fix integer overflow while processing actimeo mount option
cifs: Fix integer overflow while processing closetimeo mount option
x86/vmware: Parse MP tables for SEV-SNP enabled guests under VMware hypervisors
i2c: ali1535: Fix an error handling path in ali1535_probe()
i2c: ali15x3: Fix an error handling path in ali15x3_probe()
i2c: sis630: Fix an error handling path in sis630_probe()
mm/hugetlb: wait for hugetlb folios to be freed
smb3: add support for IAKerb
smb: client: Fix match_session bug preventing session reuse
sched_ext: selftests/dsp_local_on: Fix selftest on UP systems
tools/sched_ext: Add helper to check task migration state
Bluetooth: L2CAP: Fix corrupted list in hci_chan_del
nvme-fc: rely on state transitions to handle connectivity loss
HID: apple: disable Fn key handling on the Omoton KB066
fs/netfs/read_collect: add to next->prev_donated
Linux 6.12.20
Change-Id: I5a7652336baaa64b019b6306f78ee5f96aa829aa
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This reverts commit 55b098a2be which is
commit ab6ab707a4d060a51c45fc13e3b2228d5f7c0b87 upstream.
It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.
Bug: 161946584
Change-Id: I16716919ad640cccea5ecbfd92fbe185333024e9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Steps on the way to 6.12.20
Resolves merge conflicts in:
mm/userfaultfd.c
Change-Id: I315faea2e1375e21d4c743d33f28f7f2dd56fd14
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 127881334eaad639e0a19a399ee8c91d6c9dc982 ]
Some fake controllers cannot be initialized because they return a smaller
report than expected for READ_PAGE_SCAN_TYPE.
Signed-off-by: Pedro Nishiyama <nishiyama.pedro@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Kroah-Hartman
Yang Li
Christian Eggers
Frédéric Danis
Kuniyuki Iwashima
Luiz Augusto von Dentz
Dr. David Alan Gilbert
Pauli Virtanen
Dmitry Antipov
Pedro Nishiyama
Iulia Tanasescu
Hsin-chen Chuang