mirror of
https://github.com/torvalds/linux.git
synced 2026-05-29 09:33:31 +02:00
2b72f1674e
1444497 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Qiang Ma
|
2b72f1674e |
KVM: x86: Fix Xen hypercall tracepoint argument assignment
TRACE_EVENT(kvm_xen_hypercall) stores a5 in __entry->a4 instead of __entry->a5. That overwrites the recorded a4 argument and leaves a5 unset in the trace entry. Fix the typo so both arguments are captured correctly. Signed-off-by: Qiang Ma <maqianga@uniontech.com> Link: https://patch.msgid.link/20260512015313.1685784-1-maqianga@uniontech.com/ Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|
Aaron Sacks
|
577a8d3bae |
KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
kvm_reset_dirty_gfn() guards the gfn range with
if (!memslot || (offset + __fls(mask)) >= memslot->npages)
return;
but offset is u64 and the addition is unchecked. The check can be
silently bypassed by a u64 wrap.
The dirty ring backing those entries is MAP_SHARED at
KVM_DIRTY_LOG_PAGE_OFFSET of the vcpu fd, so the VMM can rewrite the
slot and offset fields of any entry between when the kernel pushes
them and when KVM_RESET_DIRTY_RINGS consumes them. On reset,
kvm_dirty_ring_reset() re-reads the values via READ_ONCE() and feeds
them straight back into this check; only the flags handshake is
treated as the handover, the slot/offset payload is taken on trust.
Crafting two entries
entry[i].offset = 0xffffffffffffffc1
entry[i+1].offset = 0
makes the coalescing loop in kvm_dirty_ring_reset() compute
delta = (s64)(0 - 0xffffffffffffffc1) = 63
which falls in [0, BITS_PER_LONG), so it folds entry[i+1] into the
existing mask by setting bit 63. The trailing kvm_reset_dirty_gfn()
call then sees offset = 0xffffffffffffffc1 and __fls(mask) = 63;
the sum is 0 in u64 and the bounds check passes.
That offset propagates into kvm_arch_mmu_enable_log_dirty_pt_masked()
unchanged. On the legacy MMU path -- kvm_memslots_have_rmaps() ==
true, i.e. shadow paging, any VM that has allocated shadow roots, or
a write-tracked slot -- it reaches gfn_to_rmap(), which indexes
slot->arch.rmap[0][] with a near-U64_MAX gfn. That is an
out-of-bounds load of a kvm_rmap_head, followed by a conditional
clear of PT_WRITABLE_MASK in whatever the loaded pointer points at.
The path is reachable from any process holding /dev/kvm.
Range-check offset on its own first, so the addition cannot wrap.
memslot->npages is bounded well below U64_MAX, so once offset <
npages holds, offset + __fls(mask) (with __fls(mask) < BITS_PER_LONG)
stays in range.
Fixes:
|
||
|
Linus Torvalds
|
6d35786de2 |
Three bug fixes for x86:
* Check that nEPT/nNPT is enabled in slow flush hypercalls. If it is
not, the hypercalls can be processed as usual even while running a
nested guest.
* Fix shadow paging use-after-free due to page tables changing outside
execution of the guest. A bug that is 16 years old and stems from an
imprecision in the very first KVM series.
* Scan IRR whenever PID.ON is true, even if PIR is empty, which avoids
a somewhat rare WARN.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmn3sQoUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroNMdQf/WuwNbJCb2bVWCoNeQUWvtxrlmZ5p
IqQrnEACYOkn20eWDrXrAiEqPoIj0fPTYSewU9mYoC5DhyGFXzB5TEwMMHUn9kNn
QVBQS/IlfuhO5BGrov4dbdmzUmXaTuUe29tjoOnr1IGNapf6naA9+m03u5/TaZcd
FtS28EPy5Z2ZRm3KiKrZahsMMVr9ZXI3xfiEFVht9lDwiYpZquxhH2bju3QnBQ71
0x02ZxMKbqwi5uJLCGmF62AacCSqag1+eNs05WFPThL5RNNkwpac1lceOetYFm9/
y+iqOfev4SYeL3rACyQ/nStpgdkhpL2cbkPISRvjQ0WKVVawk+IAzNzvsQ==
=sGxH
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"Three bug fixes for x86:
- Check that nEPT/nNPT is enabled in slow flush hypercalls. If it is
not, the hypercalls can be processed as usual even while running a
nested guest
- Fix shadow paging use-after-free due to page tables changing
outside execution of the guest. A bug that is 16 years old and
stems from an imprecision in the very first KVM series
- Scan IRR whenever PID.ON is true, even if PIR is empty, which
avoids a somewhat rare WARN"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
KVM: x86: Fix misleading variable names and add more comments for PIR=>IRR flow
KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty
KVM: x86: check for nEPT/nNPT in slow flush hypercalls
|
||
|
Linus Torvalds
|
7fd2df204f | Linux 7.1-rc2 | ||
|
Sean Christopherson
|
0cb2af2ea6 |
KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
The shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modified between VM entries (similar to commit |
||
|
Sean Christopherson
|
0aec99f9bf |
KVM: x86: Fix misleading variable names and add more comments for PIR=>IRR flow
Rename kvm_apic_update_irr()'s "irr_updated" and vmx_sync_pir_to_irr()'s "got_posted_interrupt" to a more accurate "max_irr_is_from_pir", as neither "irr_updated" nor "got_posted_interrupt" is accurate. __kvm_apic_update_irr() and thus kvm_apic_update_irr() specifically return true if and only if the highest priority IRQ, i.e. max_irr, is a "new" pending IRQ from the PIR. I.e. it's possible for the IRR to be updated, i.e. for a posted IRQ to be "got", *without* the APIs returning true. Expand vmx_sync_pir_to_irr()'s comment to explain why it's necessary to set KVM_REQ_EVENT only if a "new" IRQ was found, and to explain why it's safe to do so only if a new IRQ is also the highest priority pending IRQ. No functional change intended. Signed-off-by: Sean Christopherson <seanjc@google.com> Link: https://patch.msgid.link/20260503201703.108231-3-pbonzini@redhat.com/ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|
Paolo Bonzini
|
33fd0ccd25 |
KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty
Fall back to apic_find_highest_vector() when PID.ON is set but PIR
turns out to be empty, to correctly report the highest pending interrupt
from the existing IRR.
In a nested VM stress test, the following WARNING fires in
vmx_check_nested_events() when kvm_cpu_has_interrupt() reports a pending
interrupt but the subsequent kvm_apic_has_interrupt() (which invokes
vmx_sync_pir_to_irr() again) returns -1:
WARNING: CPU: 99 PID: 57767 at arch/x86/kvm/vmx/nested.c:4449 vmx_check_nested_events+0x6bf/0x6e0 [kvm_intel]
Call Trace:
kvm_check_and_inject_events
vcpu_enter_guest.constprop.0
vcpu_run
kvm_arch_vcpu_ioctl_run
kvm_vcpu_ioctl
__x64_sys_ioctl
do_syscall_64
entry_SYSCALL_64_after_hwframe
The root cause is a race between vmx_sync_pir_to_irr() on the target vCPU
and __vmx_deliver_posted_interrupt() on a sender vCPU. The sender
performs two individually-atomic operations that are not a single
transaction:
1. pi_test_and_set_pir(vector) -- sets the PIR bit
2. pi_test_and_set_on() -- sets PID.ON
The following interleaving triggers the bug:
Sender vCPU (IPI): Target vCPU (1st sync_pir_to_irr):
B1: set PIR[vector]
A1: pi_clear_on()
A2: pi_harvest_pir() -> sees B1 bit
A3: xchg() -> consumes bit, PIR=0
(1st sync returns correct max_irr)
B2: set PID.ON = 1
Target vCPU (2nd sync_pir_to_irr):
C1: pi_test_on() -> TRUE (from B2)
C2: pi_clear_on() -> ON=0
C3: pi_harvest_pir() -> PIR empty
C4: *max_irr = -1, early return
IRR NOT SCANNED
The interrupt is not lost (it resides in the IRR from the first sync and
is recovered on the next vcpu_enter_guest() iteration), but the incorrect
max_irr causes a spurious WARNING and a wasted L2 VM-Enter/VM-Exit cycle.
Fixes:
|
||
|
Paolo Bonzini
|
464af6fc2b |
KVM: x86: check for nEPT/nNPT in slow flush hypercalls
Checking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa()
is only valid if an L2 guest is running *with nested EPT/NPT enabled*.
Instead use the same condition as translate_nested_gpa() itself.
Cc: stable@vger.kernel.org
Reviewed-by: Sean Christopherson <seanjc@google.com>
Fixes:
|
||
|
Linus Torvalds
|
f377d0025e |
sh fixes for v7.1
- sh: Fix fallout from ZERO_PAGE consolidation
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEYv+KdYTgKVaVRgAGdCY7N/W1+RMFAmn3X0MACgkQdCY7N/W1
+RNzqhAAnKdBTXt7Ks1qYfCA1zrpTUPSLkJeyX/rjfmFHJkSoH9onmUhxOXPc5jp
TT1Jy8YjN8GEPd2Qis5e2FDM+yvF8wMfScQRaSE52WR8bXddQLTjQBK7+nyyPJNu
xJWymOufB7wooD9Qsg4jf7zmTcODMskT/F9i5EQxYA8bSt4/EVMKdhNF8k4goDwT
vpw4TYmWYj/tDndWe5zZNkok4kT6TZDQ/shiaqSSq5N0YpCBkKrsNP19zrxs1iQM
UCu/M5UvWkj6JukBuYQAZE642a7jvpvNCR74/l3DtF4kTTUoSYFozQ0LshXRVI94
46vpGZXRVsxiCjGNPB+XWLY9cJ9j2T8vVBuBfabRZjlllxOT9ygQ4n5pRVAwx2jW
VJP6w1AnCUea0fZ0BP2yOxFee48b4QIP2YufArAMKy2mtkAiwx3iDIxi0u43uZyG
TuyYQ6hKRFDoE157qYRoizMeBWf18FCsPg1hd7cWIu8E2xxTJaUss/qgwZAqLcFU
W2/RiUDLfFgyHCY9CM9go+ZgzbRWGUEItSLPv3AUgBlbFPscByjQzISU0ed6XjQ9
XMNKcIow6lwRkFpWf9CDcRqNn+9ey551tQvCyDsStp8h99V6buyX1nvndupDspZz
+l49H7GVwyIA9eqoTucCMNn5isx+KAsa2KeSjOyup9o0eGYr0Os=
=6ywF
-----END PGP SIGNATURE-----
Merge tag 'sh-for-v7.1-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/glaubitz/sh-linux
Pull sh fix from John Paul Adrian Glaubitz:
"The ZERO_PAGE consolidation in v7.1, introduced a regression on sh
which made these systems unbootable.
The problem was that on sh, the initial boot parameters were
previously referenced as an array and after
|
||
|
Linus Torvalds
|
811129272d |
slab fixes for 7.1-rc1
-----BEGIN PGP SIGNATURE----- iQFPBAABCAA5FiEEe7vIQRWZI0iWSE3xu+CwddJFiJoFAmn3BZgbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMiwyAAoJELvgsHXSRYiabzcIAIDyPybWZ/bRup/KfWGE GknYLaUA3nw9ZpZQdQ0cJ+jGO6pfoUqacO0cZ/5ppdcXblKz22AFItUnpsd44M9H 92QjwNJoT6vjgzaSWCDE/6TeE0y27HjyhBlIYjs9mTRTb8sIH+mzfDS58FZponb/ RZMGmcJvS4La+VzaetAxzyx+cX7J9W/7zDfvz/qPMpm8tysGe4z8H7/54c5x/U+c NvuEXaxPaKEa62x5e+IFG6G67NszbJnfRrLGn/UMwp+SS5WUId6D9kmjtT70yJlg hbdU6zw6kI+DIPxRidnpI/iJqcA08r9UuC/TrZwcjaM6sythev5UvOxZXMRVp19w qXU= =yAe1 -----END PGP SIGNATURE----- Merge tag 'slab-for-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab Pull slab fixes from Vlastimil Babka: - Stable fixes for CONFIG_SMP=n where _nolock() allocations in NMI both at kmalloc and page allocator levels are not properly protected by the spin_trylock() semantics on !SMP (Harry Yoo) * tag 'slab-for-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP |
||
|
Linus Torvalds
|
cffcf520fd |
Fix lockup in requeue-PI during signal/timeout wakeups,
by Sebastian Andrzej Siewior. Signed-off-by: Ingo Molnar <mingo@kernel.org> -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmn2/AYRHG1pbmdvQGtl cm5lbC5vcmcACgkQEnMQ0APhK1iQCA//cAsib3cTZr9GAvjX5+Fjf3Dsl4HdO7qr XzOeMNtvnz0wcWgNCq02vwutbQwzRRr71DqDzhYV7YGxwyrqw+fE0RMvQDEML3I6 SI1I8aj1Eo+WNHcy7HajYd0WBiOuMAcSZsa+3kYWKnDZ0GJadbQHTrQo5nT8VgFf o+aGU4kivGsKlz+UrcTxViNovenQ3mysuY8Pn3xKFlwn+vnJIwT2WUuQ1U8wK2OY edH9O4UEJkPFIOxqhL5+s4J/utsFasEFSLMpx9NpYzOGH85PTxIJg6O+n9a5NTAa 40tsXlWkDsi/AfiNbWBYOpw8gS2yHyrLuY9CLBuxiRojfS6TePzfJyCPFvLLhBau 90y02GskoDe4DFox9f+33BykR48yWxGOtxXiFJ1caXH4HsZi5z6Wd3vFCQp61zwm RPGKA5k8a9+hlToOpaAwHqA8ODbnEyRKwhG/OdnHo7cKPAWH+2awSSyW30DQoo+o mBYcMNbNeZObzQ/DErZvErDpq0hePATn/zfMFNEtXh+0Y1WZWix0NT5atHbtid+w 0tRaazUpNCpGNp+7xxFGmaHxN/bPCmjZXpTIWIhc6vn8DNx/Y059g3ItYyeiRVkZ WD0vWdBgYerK0CfYsllh5d4fiTSLKoILq/f5Zc5Pq/GnVAZe/JQy7v6Duj+HmJ9O g9es4fSjzBs= =HUBJ -----END PGP SIGNATURE----- Merge tag 'locking-urgent-2026-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fix from Ingo Molnar: "Fix lockup in requeue-PI during signal/timeout wakeups, by Sebastian Andrzej Siewior" * tag 'locking-urgent-2026-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup |
||
|
Linus Torvalds
|
c3cba36b39 |
Miscellaneous scheduler fixes:
- Fix the delayed dequeue negative lag increase fix in the
fair scheduler (Peter Zijlstra)
- Fix wakeup_preempt_fair() to do proper delayed dequeue
(Vincent Guittot)
- Clear sched_entity::rel_deadline when initializing
forked entities, which bug can cause all tasks to be
EEVDF-ineligible, causing a NULL pointer dereference
crash in pick_next_entity() (Zicheng Qu)
Signed-off-by: Ingo Molnar <mingo@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmn2+tsRHG1pbmdvQGtl
cm5lbC5vcmcACgkQEnMQ0APhK1gDdg//WX8E7dyiwRaFNsPMgEvi4Q7pBoXAb5Zi
/iYNlpw1/QRG9KF59175CC3cLOVLJ3dA+79EZPS/mQSuukdTxJg6sbPTkneULV3D
l8DkjH0uDS7mZBqlLDC+Xjqv1y7Y01V6qN9Si8hpR5rP3D0heWdspAGS5aSZ/8Dp
h/VSYl2R615Z32NaS0Xys2hy4M0/I30Uuw4fJScvIYeAMb4s5+6RHEQmuuo25A3O
HQg9Ljqi5NQaHwzvHTYjCenh/NENOd/tu/kZzFgW57HJqSXGM7KBqcjaK68q4vCl
LgBlsfux7RTbnrEAIhGYBSoDss+tBbMKm5qaYZNENJpLS8ptm4J3iKgUJ0W2e3dW
Zp6IjVkj0E+qC65WnFENXsiDr+/fZ9d71/xq2L4z6SxQNv1mtX2+f/HUYyKU5jCc
I4NDEBLGbdRVNuPW7esECVIEVRYFR1cPdZigLW8M7JEnr0p0skF1zgnnMtVuK6Ep
qONYldUIHWdsx67yOSdhykSyq6Qfaew/UKuG1ivlN0BDL4I/AWf+4BVMHJrigeok
xKD8DRWH6s7fSicfM2aJMmj6nRSR2Zz5a9T3lE4LxSvDm41JEnatqpb2Xhjri+I0
21slsm4AZmh1xR1kj7sTKxdHJn0E+lNN/XSZP6OcCoNqlr2XEGMRxWpVo/WqJnO6
HVG9/VoSP1w=
=z+8E
-----END PGP SIGNATURE-----
Merge tag 'sched-urgent-2026-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
- Fix the delayed dequeue negative lag increase fix in the
fair scheduler (Peter Zijlstra)
- Fix wakeup_preempt_fair() to do proper delayed dequeue
(Vincent Guittot)
- Clear sched_entity::rel_deadline when initializing
forked entities, which bug can cause all tasks to be
EEVDF-ineligible, causing a NULL pointer dereference
crash in pick_next_entity() (Zicheng Qu)
* tag 'sched-urgent-2026-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/fair: Clear rel_deadline when initializing forked entities
sched/fair: Fix wakeup_preempt_fair() vs delayed dequeue
sched/fair: Fix the negative lag increase fix
|
||
|
Mike Rapoport (Microsoft)
|
b0aa5e4b08 |
sh: Fix fallout from ZERO_PAGE consolidation
Consolidation of empty_zero_page declarations broke boot on sh. sh stores its initial boot parameters in a page reserved in arch/sh/kernel/head_32.S. Before commit |
||
|
Linus Torvalds
|
66edb901bf |
This push contains the following changes:
- Reject algorithms with authsizes that are too short in authencesn. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEn51F/lCuNhUwmDeSxycdCkmxi6cFAmn1f8AACgkQxycdCkmx i6fIWBAAmOFOGjqR1kk2Zk9CELilh6nYNMjhSqVzhlfexcISmYJh7AFl5ZFHwffS lZvikJfKkua8fXs56vod1PNkgzG/N9NgoSzA9Bob9pEocY4vDJoJjtv4lmWR9gur eYdUAyv24pn6gWANClDGvIwghY1I+vDyKuy/crwSo0yEA11XNRjvdqOijI0LDn1f 2JsRNJusCNUurctsNod4Sx3phlCEwQkIx/E66Hab2BI2jeN5+bLitrMvdsmtFgkz uT3VaEa7L5P+YzJ4ElxnvdHGEqg61LR4ywKndZ3Ifq6y1hULK4+mAH67Xiqpro9D GpCy5ca1kebzJ9oAaaji2piPYBaOl8TmtbzmVcoayrzjINSGVPegBns7x7gN7pjn bzmi6JJQnwgyltKh/DTW47AyvfzrVe2c9wDR9UK+9kqBcWGRdzNozC/RyJM9+Zbd 1CKHcver28ceAgGZmRCBW4vDFCcrnFAwYlQpd3Mp6Q8av7KAVBASC5Ge5fTTQivq hB0nFuG172uZYv/Axe+iAyQnR1PQR1ohfQ0LXJHyjMk3UNbI0G/ipLOFEeTZWCL0 o0BhKxY0K1+/reAC1WRLRTf35BwBHZnLoXF510lEU10WWc4d+qR4ZP/ot2HPz2Vy NZn1m6YheIcYvR65bAz0DWY35ksjgyuRR9lqGg36K+gqcGcYG3I= =Runs -----END PGP SIGNATURE----- Merge tag 'v7.1-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: - Reject algorithms with authsizes that are too short in authencesn * tag 'v7.1-p3' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: authencesn - reject short ahash digests during instance creation |
||
|
Linus Torvalds
|
4c2ed2a3db |
Description for this pull request:
- Fix a NULL pointer dereference in ntfs_index_walk_down() by validating
index block allocation.
- Fix a memory leak of the symlink target string in
ntfs_reparse_set_wsl_symlink() during error paths.
- Prevent VCN overflow and validate lowest_vcn in
ntfs_mapping_pairs_decompress() to avoid runlist corruption.
- Fix a page reference leak in ntfs_write_iomap_end_resident() when
attribute search context allocation fails.
- Fix an invalid PTR_ERR() usage on a valid folio pointer in
__ntfs_bitmap_set_bits_in_run().
- Correct directory link counting by dropping nlink only when the MFT
record link count reaches zero for WIN32/DOS aliases.
- Fix an uninitialized variable usage in ntfs_mapping_pairs_decompress()
by returning an error pointer directly.
-----BEGIN PGP SIGNATURE-----
iQJKBAABCgA0FiEE6NzKS6Uv/XAAGHgyZwv7A1FEIQgFAmn1SX4WHGxpbmtpbmpl
b25Aa2VybmVsLm9yZwAKCRBnC/sDUUQhCLFtEACQou87tSAG0pjuOe4FDW2/ijTJ
B4CWQ5AxSU/G8Mts1Or9bvjKMA2zI8A/N8Bx0kzZviB8G1TiIs2y8KWqJajLCXsX
dEvLwu1UUvtYlclw3sVdo+7oA8lB9NQB5LNlaubTzkDeCXHpkfQ5/+zgbU2Bdpjf
5qe34klrr8jU6KHIJnQlpiqJj8wYvNXizDRYkYZw0tMzNGlzM5csO8cZ4HNW8ENK
+D7CAKBDW4JA8AaaBC9eGL3cpl/a8a1X46O1LoEoCeH14FKGEGAoSa5z5aWBDJpg
X84v/19iP9Ti2poh2I5KZZfgKxFjsQodXYoPRofrXCGpVYUveTRmfEZ//qt33mr/
Y+bX5iTBjP0H4OLr5o8TZNgHXqjsR5/kkbnz71VEZey53U3/fFLC6L0tt9S9vLnb
mC2YghFgmcgQEIYz3S79F8K0JBEl4gSUsMNQtM8+vjqpYRsqFSSUYSEUqEJWgdaK
1tnzbZlGMTgiiNO5EdqZXLIGqsJsckUfi0Qr3tnzdw2CWqj6Q0fCbBV0KVfeLYuY
LtFfG6W2A8KUAvX+Nc6+MiQ887A9F8VYjR4sIC633IISiU05Kfd3OWP4Bx+05Yty
wt6cccm+gCMBVMVacRDccfK+ovIDN50r+7Flbuw1jw28rxcbe5tVmoKrC3HQ/RYr
hIXUXwqqCX5VMxsAOA==
=MosZ
-----END PGP SIGNATURE-----
Merge tag 'ntfs-for-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs
Pull ntfs fixes from Namjae Jeon:
- Fix a NULL pointer dereference in ntfs_index_walk_down() by
validating index block allocation
- Fix a memory leak of the symlink target string in
ntfs_reparse_set_wsl_symlink() during error paths
- Prevent VCN overflow and validate lowest_vcn in
ntfs_mapping_pairs_decompress() to avoid runlist corruption
- Fix a page reference leak in ntfs_write_iomap_end_resident()
when attribute search context allocation fails
- Fix an invalid PTR_ERR() usage on a valid folio pointer in
__ntfs_bitmap_set_bits_in_run()
- Correct directory link counting by dropping nlink only when
the MFT record link count reaches zero for WIN32/DOS aliases
- Fix an uninitialized variable in ntfs_mapping_pairs_decompress()
by returning an error pointer directly
* tag 'ntfs-for-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs:
ntfs: Use return instead of goto in ntfs_mapping_pairs_decompress()
ntfs: drop nlink once for WIN32/DOS aliases
ntfs: fix invalid PTR_ERR() usage in __ntfs_bitmap_set_bits_in_run()
ntfs: fix error handling in ntfs_write_iomap_end_resident()
ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress()
ntfs: fix WSL symlink target leak on reparse failure
ntfs: fix NULL dereference in ntfs_index_walk_down()
|
||
|
Linus Torvalds
|
f1a5e78a55 |
drm fixes for 7.1-rc2
core and helpers: - calculate framebuffer geometry with format helpers - fix docs amdgpu: - GFX12 fix for CONFIG_DRM_DEBUG_MM configs - Fix DC analog support - Userq fixes - GART placement fix - Aldebaran SMU fixes - AMDGPU_INFO_READ_MMR_REG fix - UVD 3.1 fix - GC 6 TCC fix - Fix root reservation in amdgpu_vm_handle_fault() - RAS fix - Module reload fix for APUs - Fix build for CONFIG_DRM_FBDEV_EMULATION=n - IGT DWB regression fix - GC 11.5.4 fix - VCN user fence fixes - JPEG user fence fixes - SMU 13.0.6 fix - VCN 3/4 IB parser fixes - NV3x+ dGPU vblank fix - DCE6/8 fixes for LVDS/eDP panels without an EDID amdkfd: - Fix for when CONFIG_HSA_AMD is not set - SVM fixes xe: - uapi: Add missing pad and extensions check - uapi: Reject unsafe PAT indices for CPU cached memory - Drop registration of guc_submit_wedged_fini from xe_guc_submit_wedge - Xe3p tuning and workaround fixes - USE drm mm instead of drm SA for CCS read/write - Fix leaks and null derefs - Fix Wa_18022495364 appletbdrm: - allocate protocol buffers with kvzalloc() dma-buf: - fix docs imagination: - avoid segfault in debugfs ofdrm: - put PCI device reference on errors udl: - increase USB timeout -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmn1JYQACgkQDHTzWXnE hr5rkBAAnAEiMatySCl54Zwt9RlC1S8PDJ+cKW0GbGE6ID3UYMcIgBgXjBfRWPGI smhCUq1a/tNjIFCO+JCNe3WqX/vhghtJKfh2FJVWy0tu18S/PvrxB5m3Iasm7JfP NxKGyoVCXknDQW4dMATWrDm5JoqAsh5b59Jf8WCcBrMQXeqVSZgHxXjVkwj8e092 i/FIoS/sV83Lf4xJcm9l25+0OcLhkoLdXz6+r7pwFwsafP07mWbXYXa53efWqy8v 848AH25FaB+cK16QcrluhIvdVFl3iLbX2b7WpJF3TAbDe3Emr4uggBqiqwcI4p5/ rQGfVZkng1FBLOcHBZ7p0Wsa+F35C+6H14R8fueMiOmsgX6pXZLnJJ0KpQvSEc+d acia8SYp1SGTaxBrdvrhRY6BKtcq/ClOPvbIvV0CPuxFtVNWU940FE+b3V51EpbG TGhks4Nuh1C7ihm82Kep34pZjx7ZRnQWPAz7Cm9L9ZfX2DOOi9Uu16u71IwgumfL yp/7Jt06Hx/TS0qWV1dnH3ZtluQgBA/EUARmv1MNyIEvSOjpvKiVqlNJmlPKi0+9 piXl0QUrOQz+Wj9glzcM3ENKh7ZxDFJxcIMkHx7q/wEwSIppnhOPuQAwNXWO4Y4Q p4X99W+gHfKwVG8BrY5tbW7lbkt8/4MWSR/9R2Vj8prIJCeeKFI= =wagp -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2026-05-02' of https://gitlab.freedesktop.org/drm/kernel Pull drm fixes from Dave Airlie: "Fixes for rc2, the usual amdgpu/xe double header, I think xe had a couple of weeks combined due to some maintainer access issues, otherwise there's just a few misc fixes and documentation fixups. core and helpers: - calculate framebuffer geometry with format helpers - fix docs amdgpu: - GFX12 fix for CONFIG_DRM_DEBUG_MM configs - Fix DC analog support - Userq fixes - GART placement fix - Aldebaran SMU fixes - AMDGPU_INFO_READ_MMR_REG fix - UVD 3.1 fix - GC 6 TCC fix - Fix root reservation in amdgpu_vm_handle_fault() - RAS fix - Module reload fix for APUs - Fix build for CONFIG_DRM_FBDEV_EMULATION=n - IGT DWB regression fix - GC 11.5.4 fix - VCN user fence fixes - JPEG user fence fixes - SMU 13.0.6 fix - VCN 3/4 IB parser fixes - NV3x+ dGPU vblank fix - DCE6/8 fixes for LVDS/eDP panels without an EDID amdkfd: - Fix for when CONFIG_HSA_AMD is not set - SVM fixes xe: - uapi: Add missing pad and extensions check - uapi: Reject unsafe PAT indices for CPU cached memory - Drop registration of guc_submit_wedged_fini from xe_guc_submit_wedge - Xe3p tuning and workaround fixes - USE drm mm instead of drm SA for CCS read/write - Fix leaks and null derefs - Fix Wa_18022495364 appletbdrm: - allocate protocol buffers with kvzalloc() dma-buf: - fix docs imagination: - avoid segfault in debugfs ofdrm: - put PCI device reference on errors udl: - increase USB timeout" * tag 'drm-fixes-2026-05-02' of https://gitlab.freedesktop.org/drm/kernel: (77 commits) drm/xe/uapi: Reject coh_none PAT index for CPU_ADDR_MIRROR drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise drm/xe/xelp: Fix Wa_18022495364 drm/xe/gsc: Fix BO leak on error in query_compatibility_version() drm/xe/eustall: Fix drm_dev_put called before stream disable in close drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl() drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure drm/xe/bo: Fix bo leak on GGTT flag validation in xe_bo_init_locked() drm/xe/bo: Fix bo leak on unaligned size validation in xe_bo_init_locked() drm/xe: Fix potential NULL deref in xe_exec_queue_tlb_inval_last_fence_put_unlocked drm/xe/vf: Use drm mm instead of drm sa for CCS read/write drm/xe: Add memory pool with shadow support drm/xe/debugfs: Correct printing of register whitelist ranges drm/xe: Mark ROW_CHICKEN5 as a masked register drm/xe/tuning: Use proper register offset for GAMSTLB_CTRL drm/xe/xe3p_lpg: Add missing indirect ring state feature flag drm/xe: Drop redundant rtp entries for Wa_14019988906 & Wa_14019877138 drm/xe/vm: Add missing pad and extensions check drm/xe: Drop registration of guc_submit_wedged_fini from xe_guc_submit_wedge() ... |
||
|
Linus Torvalds
|
cd546f7ae2 |
Assorted arm64, ACPI and kselftest fixes for 7.1-rc2:
- Avoid writing an uninitialised stack variable to POR_EL0 on
sigreturn if the poe_context record is absent
- Reserve one more page for the early 4K-page kernel mapping to cover
the extra [_text, _stext) split introduced by the non-executable
read-only mapping
- Force the arch_local_irq_*() wrappers to be __always_inline so that
noinstr entry and idle paths cannot call out-of-line, instrumentable
copies
- Fix potential sign extension in the arm64 SCS unwinder's DWARF
advance_loc4 decoding
- Tolerate arm64 ACPI platforms with only WFI and no deeper PSCI idle
states, restoring cpuidle registration on such systems
- Include the UAPI <asm/ptrace.h> header in the arm64 GCS libc test
rather than carrying a duplicate struct user_gcs definition (the
original #ifdef NT_ARM_GCS was wrong to cover the structure
definition as it would be masked out if the toolchain defined it)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmn03FoACgkQa9axLQDI
XvELcxAAmhoarEo1Te6wWyybco9LqvfZPzirij+YYLw0GWuqnN99N+f79FZirTbz
ug9AZiG1PPQY0hCurNWwEjQfWJ6dJYo/4mIT9R1rbeU2MwcxHawIePrM0T8PMBF8
nHMZaEy/EZ8hX3pam98d78F38yFUvxaikghhxQvHLFlQA4nU19IElQCyMogofe05
RTE71nDdMZAnfoOS6cVk7wnH99VLfbqiyl97zUOjnyFNdye99UDovayXPUdUkgbN
clF2qxWInS8TPuoKQPz5hzYkbuR0doFwIasLjSMnOQx+FMZdMmPXEZbwqI/hYl7l
xc5bjKtJH/AQqdoEkZW9MUJ1GhzMttTpoYW9//wgRpJtBDNxisdOE9LpcsCMMNIM
wKLrLVLTXsv5jyPeEFMRtUjd0tJ7bV0f3cO/sv5EVBd238CGT76zwCgjpMtZQqbj
KWsTJpM5oYAsKkBHAYE6XCa5h7kre0/249zH/CYhI/mXJkaHJRM8Ub2CnqBgqeTG
KobtDIUJt+TPAhThj/2OQ/HxP6SLzgBgsgVmVqE1nhkOPlcfg3YYBsgpgN+bzMfG
Z7h14yyCAhunoGRVBMtyUgksAvflR+PIS06soRjLZ5cXcOp/3h+sXs6/XVXHtOr/
UCeO5mfaNUNAr3xJ9oYhuAAT74b7zKXY3YM4NRVASfq6rQS0nWg=
=a9er
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- Avoid writing an uninitialised stack variable to POR_EL0 on sigreturn
if the poe_context record is absent
- Reserve one more page for the early 4K-page kernel mapping to cover
the extra [_text, _stext) split introduced by the non-executable
read-only mapping
- Force the arch_local_irq_*() wrappers to be __always_inline so that
noinstr entry and idle paths cannot call out-of-line, instrumentable
copies
- Fix potential sign extension in the arm64 SCS unwinder's DWARF
advance_loc4 decoding
- Tolerate arm64 ACPI platforms with only WFI and no deeper PSCI idle
states, restoring cpuidle registration on such systems
- Include the UAPI <asm/ptrace.h> header in the arm64 GCS libc test
rather than carrying a duplicate struct user_gcs definition (the
original #ifdef NT_ARM_GCS was wrong to cover the structure
definition as it would be masked out if the toolchain defined it)
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: signal: Preserve POR_EL0 if poe_context is missing
arm64: Reserve an extra page for early kernel mapping
kselftest/arm64: Include <asm/ptrace.h> for user_gcs definition
ACPI: arm64: cpuidle: Tolerate platforms with no deep PSCI idle states
arm64/irqflags: __always_inline the arch_local_irq_*() helpers
arm64/scs: Fix potential sign extension issue of advance_loc4
|
||
|
Linus Torvalds
|
ef5f46b630 |
selinux/stable-7.1 PR 20260501
-----BEGIN PGP SIGNATURE----- iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmn0uzwUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXNwng//WgLizoKU5myWxBG0HBfLX2uaQOOf VcVhEB9jCuo8DMYWuLX11bCX9uu8T9RISbVRgmikZItWUGLHWRpELQv6K2hm3T7D Yy+AjOHVksG4S3nJubhtqYkA7uozCtohGIQW+yxRzCsVEb+3NJEAFqowYFeznU6l /rHY/t7eL7Q1ORt+WRsdvA+tM67iaDzndNsR02qZoMnDHlUU4GdPOvD04nPRDLMS tK2UE0sNCEG2pTZBihsrrJW4IDTtjSfF0MQVdxYIO1+3oWmYtJW9pVKbPwDAKK17 kLgkwdV3w1EAvguRCjd4X9kEZ6MpzTnkkJUuVyTUDxtI5npcpUWA25hqPX2JGjll 6+S0YJKQ3KPXQTvOLQctojx7tMRhojiV6uRuo0bg5iTQAUANoR/uqeU42+lgY+ww 4uP1oRwf0aNPh9LXQjb08Z2HhyMfa/1ROkVUFOvRDrSGDIva5P2cMaZ3Uug7ZORn V8LUq90gQDJTc4YMTLCcHOWzG++h1gAeDu30AfBTVhMJffqpmap04YASlg600itD zg4nJg/5r3Px9j7IJBwIqBkvL5FAhT7UAAh17LN5vo9yB/AKCWnnakTZKr5v5kLc nDLlV6O/asI2gcL3KfG8tzr3k+I3lbiJ4139MRPNbmh+pF52qIAKycToLGnrqYnc FwyyirkJEP2TI3c= =/qwt -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20260501' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux fixes from Paul Moore: - Ensure SELinux is always properly accessing its own sock LSM state - Only reserve an xattr slot for SELinux if it will be used - Fix a SELinux auditing regression in the directory avdcache * tag 'selinux-pr-20260501' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix avdcache auditing selinux: don't reserve xattr slot when we won't fill it selinux: use sk blob accessor in socket permission helpers |
||
|
Davidlohr Bueso
|
ee9dce4436 |
futex: Drop CLONE_THREAD requirement for private default hash alloc
Currently need_futex_hash_allocate_default() depends on strict pthread
semantics, abusing CLONE_THREAD. This breaks the non-concurrency
assumptions when doing the mm->futex_ref pcpu allocations, leading to
bugs[0] when sharing the mm in other ways; ie:
BUG: KASAN: slab-use-after-free in futex_hash_put
... where the +1 bias can end up on a percpu counter that mm->futex_ref
no longer points at.
Loosen the check to cover any CLONE_VM clone, except vfork(). Excluding
vfork keeps the existing paths untouched (no overhead), and we can't
race in the first place: either the parent is suspended and the child
runs alone, or mm->futex_ref is already allocated from an earlier
CLONE_VM.
Link: https://lore.kernel.org/all/CAL_bE8LsmCQ-FAtYDuwbJhOkt9p2wwYQwAbMh=PifC=VsiBM6A@mail.gmail.com/ [0]
Fixes:
|
||
|
Linus Torvalds
|
bb1d73f2cd |
s390 updates for 7.1-rc2
- Reject zero-length writes from userspace that corrupt Debug Facility buffers - Replace one s390 PCI maintainer - Remove SCLP_OFB Kconfig option and enable the guarded code unconditionally - Replace incorrect use of phys_to_folio() to virt_to_folio() in do_secure_storage_access() -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCafTJpBccYWdvcmRlZXZA bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8OEgAQDsVJ448e9YY4j5e+zk5Q3m1Eag q5SIntMSb7r7df0AiAEAuiiNQWQMeDjPYpuOOS2SVp0qj2bf3y6RlHgD0sb1OAs= =UkrI -----END PGP SIGNATURE----- Merge tag 's390-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Alexander Gordeev: - Reject zero-length writes from userspace that corrupt Debug Facility buffers - Replace one s390 PCI maintainer - Remove SCLP_OFB Kconfig option and enable the guarded code unconditionally - Replace incorrect use of phys_to_folio() to virt_to_folio() in do_secure_storage_access() * tag 's390-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: Fix phys_to_folio() usage in do_secure_storage_access() s390/sclp: Remove SCLP_OFB Kconfig option MAINTAINERS: Replace one of the maintainers for s390/pci s390/debug: Reject zero-length input in debug_input_flush_fn() s390/debug: Reject zero-length input before trimming a newline |
||
|
Linus Torvalds
|
227c3d546e |
two ksmbd server fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmnz64kACgkQiiy9cAdy T1GLPgv/cuJlvhCW4NknYvOplaHZrOYFIeO3DFWc5GvAFO/9nK+6R2s7OoL2CNV+ QR5CTsWZgYq0vm2Vj2XeuyrnsmCvLkCTY/nmOVmHGxPfyKbjuIvKS5m2+mHiON9p aqNqAui03n8OGBACFi7LeaY3hH/8g2MlxbT3uwcbWbaUkZ6UiF1TaNw/hkFkIsnJ CarnOd0K08chXMwSIFttFeUYeZg0tVOUG80Zw5YJwnjxn8MY2VI6rf9fu4GVwbZY +ycqI49BjaG/CAVMcrPOJnceDkuO1jsfv39HHjXSEwTpE3GtgsS+RFMl2CTOsb/H VVdHBsq5pJ/E4zqbhwB+/oju75Ke8/xhNjsXliyqqkZW4vRnQUBKZSh1jarXoFV9 GW4Eg+cx5nduDI8qVB8IxoEvrwhF1dvbTkEGKN5r7Zy2SlyqvhXiDl0voRGm2am4 gD9SsKRkdm/wWUoFT2VVeFu4I7rj4ne42LNbhtmmzvkIWLJuvAXmynk2GGMgGrjk /1TlyI0t =Rq2W -----END PGP SIGNATURE----- Merge tag 'v7.1-rc2-ksmbd-server-fixes' of git://git.samba.org/ksmbd Pull smb server fixes from Steve French: - Fix shutdown (stop sessions) - Fix readdir unsupported info level * tag 'v7.1-rc2-ksmbd-server-fixes' of git://git.samba.org/ksmbd: ksmbd: rewrite stop_sessions() with restartable iteration smb: server: handle readdir_info_level_struct_sz() error |
||
|
Linus Torvalds
|
6fe0be6dc7 |
block-7.1-20260430
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmnz4j0QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgprB/EACLZ9Z3TpHOGe2evynV+uluq+M3GFUxUizc
f6TQxvHCyXTIDR/r+5J5gXkOEu3Jfepc/WpvXSwcMEneyYdZBUfQ7/ct/6/IpozR
RYiGb96H6qil0iV+cxvpGHJht894mZKaqYO5gNn8Q3mw/4SVYGmkhJ974j4+4uEn
JdcVTXFgGfw1u1UL5A0XTwQ3mk0GJmpRVtFgbMyvysdi8TngyB3M7F1Yko+sePLP
gSaP7UKGeRxAqvvEChVkMyc+m+oQhBl3+7IGwER7IupxMx2b5Ht2XMJ09ERW4fBZ
rLWZXWpN8iEkwSO6WTELBqWPGAe0ddFBA0b4qrOBdC0gvsJp7XtAlx9cDqTvD6zx
E/d8aDf4Elq8wzf6dPfnu18Ld8fgG0BO/7Pl1P7KPiwzGhj2TAwXhwkkOg+yUjZ6
4ej/MzeWocVmkwFv8fJ6D77O+0ziz67wgpzIYAz5dpoDcW7no8S1rHS5RLtZdfm0
JhsX6Epwlak7BR+4OTkcRx4dEjCPiW6W0henuuMicUFrEXs+eZoOqA7yS70vXd/f
9PRLgZk0r5Dpe/8aqGbuzkMZx5zzODDDcLNzMmAJbEbjn/8lnbMnBNroyIZS5gve
b7MuMC7RocmhUGs/8o1gpvTpa5SFp33kHjSb33s6WRiTM8qH+UbSq6ZWuchr77Iv
n3ZP40b5kw==
=Z0UT
-----END PGP SIGNATURE-----
Merge tag 'block-7.1-20260430' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull block fixes from Jens Axboe:
- MD pull request via Yu:
- Fix a raid5 UAF on IO across the reshape position
- Avoid failing RAID1/RAID10 devices for invalid IO errors
- Fix RAID10 divide-by-zero when far_copies is zero
- Restore bitmap grow through sysfs
- Use mddev_is_dm() instead of open-coding gendisk checks
- Use ATTRIBUTE_GROUPS() for md default sysfs attributes
- Replace open-coded wait loops with wait_event helpers
- NVMe pull request via Keith:
- Target data transfer size configuation (Aurelien)
- Enable P2P for RDMA (Shivaji Kant)
- TCP target updates (Maurizio, Alistair, Chaitanya, Shivam Kumar)
- TCP host updates (Alistair, Chaitanya)
- Authentication updates (Alistair, Daniel, Chris Leech)
- Multipath fixes (John Garry)
- New quirks (Alan Cui, Tao Jiang)
- Apple driver fix (Fedor Pchelkin)
- PCI admin doorbell update fix (Keith)
- Properly propagate CDROM read-only state to the block layer
* tag 'block-7.1-20260430' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: (35 commits)
md: use ATTRIBUTE_GROUPS() for md default sysfs attributes
md: use mddev_is_dm() instead of open-coding gendisk checks
md/raid1: replace wait loop with wait_event_idle() in raid1_write_request()
md/md-bitmap: add a none backend for bitmap grow
md/md-bitmap: split bitmap sysfs groups
md: factor bitmap creation away from sysfs handling
md: use mddev_lock_nointr() in mddev_suspend_and_lock_nointr()
md: replace wait loop with wait_event() in md_handle_request()
md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
md/raid1,raid10: don't fail devices for invalid IO errors
MAINTAINERS: Add Xiao Ni as md/raid reviewer
md/raid5: Fix UAF on IO across the reshape position
cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
nvme-auth: Hash DH shared secret to create session key
nvme-pci: fix missed admin queue sq doorbell write
nvme-auth: Include SC_C in RVAL controller hash
nvme-tcp: teardown circular locking fixes
nvmet-tcp: Don't clear tls_key when freeing sq
Revert "nvmet-tcp: Don't free SQ on authentication success"
nvme: skip trace completion for host path errors
...
|
||
|
Linus Torvalds
|
9d88bb929a |
io_uring-7.1-20260430
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmnz4ikQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpoecEACan9sGbcqrTAqBaJnNqMfjo5OoX0X2/3LP JoFH+GbLzJ7Ojj1+AWSHNsjjwhSZ71HmwRk78uWCPcl3oiKQLGyXTnbho0qKrwhk 4cnoFfhdcBEDGuh8GW/PnBset8ukq9occ11TbojC681tmaTma1WpXFk1vRabcwvw T8/Jr18kttHi8aj+MPowkTcqXV7iOjzX9RD/vS97jCWBxUbAmYjRGfm3nbDbDydI oMEstxqp+8jiFF1SHBdq3aGreoZDIegh1nXsjobAmoEMvAJQQ3K7zRsiqFEnoXFU CDVoS6LhlSBmG2jT657azYzhF3o7HwSiYk2B15YiYHO+EqIxMhIQYRlP5s/3UJD8 KLJPSYqivQ14m9yff5zjn//mad3QBxvOhrVrxHj/diIKclZDLs9VDPZjjB6A6DUO X01uJy7zuzp57GFh0FwyFGU3yBUl7WJGscLarIMHnOdmEWOIU3WRLWGYZRgZRUny 1yHXxGEucR7LMiYPzh7PnGnaAzDxtJJUzIXbIF+l+A5A0f1Ayb8cfFy6QoGc7v8j t+vG2gbRtwPR6DxFRNhGDMeZtstEoKj0IX4zw7ZQF7MFgpvdfjlkDGCveJ0jQO6x pw8UJW1KOQpT9MiheOAvop5hhvGlqSYWXByluW05y7O+CDQcHiVeXcjQsG7zREsO +zGvO5WHEg== =5d8D -----END PGP SIGNATURE----- Merge tag 'io_uring-7.1-20260430' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull io_uring fixes from Jens Axboe: - Remove dead struct io_buffer_list member - Fix for incrementally consumed buffers with recvmsg multishot, which requires a minimum value left in a buffer for any receive for the headers. If there's still a bit of buffer left but it's smaller than that value, then userspace will see a spurious -EFAULT returned in the CQE - Locking fix for the DEFER_TASKRUN retry list, which otherwise could race with fallback cancelations. If the task is exiting with task_work left in both the normal and retry list AND the exit cleanup races with the task running task work, then entries could either be doubly completed or lost - Cap NAPI busy poll timeout to something sane, to avoid syzbot running into excessive polling and triggering warnings around that * tag 'io_uring-7.1-20260430' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: io_uring/tw: serialize ctx->retry_llist with ->uring_lock io_uring/napi: cap busy_poll_to 10 msec io_uring/kbuf: support min length left for incremental buffers io_uring/kbuf: kill dead struct io_buffer_list 'nr_entries' member |
||
|
Linus Torvalds
|
33d0c9c5f0 |
spi: Fixes for v7.1
There are a couple of nasty issues fixed here in the axiado and rockchip drivers. We've also got more of the fixes from Johan here, this time for the two Cadence drivers, plus a couple of other similar fixes from John and Felix. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmn0AeEACgkQJNaLcl1U h9Co7Qf+I+1MpKYz07zWMhyh1SMZfMIAiCEQ4PipBO5ekc/I2ns7jLSNK0onquO9 tRDdKqvCQUwNUn+XnLrLBikZqemzpcCBYN91Fzxqa7j2oofr1jOafaBxk8HjPVco J3RaLkk3o0+mMixaQdCIFnlBzPOqt6OlORcUAbBKjY7ZI0+Z/ODDkRXSU/cuM2eK yfQLpLZ25VBhS1QPXg6CgZKdx85g76x5dfXpwpsaBoBY6e+VHP62Y7kwnPj6agV0 i4WGvDN5uGNAVCcu08Tf1J091TYtmEsuaS7cVTHYzqACbvJ6oU0k34ibjd7GtION BabmrWpxqHKN7ve/K3WSzewLF96HhQ== =Zom6 -----END PGP SIGNATURE----- Merge tag 'spi-fix-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "There are a couple of nasty issues fixed here in the axiado and rockchip drivers. We've also got more of the fixes from Johan here, this time for the two Cadence drivers, plus a couple of other similar fixes from John and Felix" * tag 'spi-fix-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: amlogic-spisg: initialize completion before requesting IRQ spi: axiado: replace usleep_range() with udelay() in IRQ path spi: cadence-quadspi: fix runtime pm and clock imbalance on unbind spi: cadence-quadspi: fix unclocked access on unbind spi: cadence-quadspi: fix clock imbalance on probe failure spi: cadence-quadspi: fix runtime pm disable imbalance on probe failure spi: cadence: fix clock imbalance on probe failure spi: cadence: fix unclocked access on unbind spi: rockchip: Drop unused and broken CR0 macros spi: rockchip: Read ISR, not IMR, to detect cs-inactive IRQ spi: rzv2h-rspi: Fix silent failure in clock setup error path |
||
|
Kevin Brodsky
|
030e8a40ff |
arm64: signal: Preserve POR_EL0 if poe_context is missing
Commit |
||
|
Linus Torvalds
|
d8b0e2ef75 |
regulator: Fix for a dropped gpiolib dependency
A fix from Arnd readding a dependency on gpiolib which was implicitly pulled in via an OF specific route which got removed as part of a cleanup. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmnz/RoACgkQJNaLcl1U h9BGWAf+IN35HJzfU+67HKJHlvO1/X8um9kK3VRmxcFwyw/Ai0p1ZJOVJpKPCZ3n gyGirrq1wnyaNxYgh4UJvEf9rNTFI+qEsBv9xQzJJH92tMdEbbkAh5+y6Sk+hXYt wvFx+3ZBR+ULnhHWfK2BrS/y4/yrRK9eM7IfEgjJNua12TmL07LOxaWxlwZRQeza c4O4hgeEYc1AftRrovmierv1XrrlYOQCXyl1XJ7Lc1syKO9C4OQkFuJg/hYrj4un XF1ikJxTvwB6nO3+rS4o3zE+HFtxLul96cX8pYmpQPzqlE0n4SZYoDAAGkvkgxeD x/m9pn2ZLm/CoFmN39G1Rg11FJ0nGw== =mds4 -----END PGP SIGNATURE----- Merge tag 'regulator-fix-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fix from Mark Brown: "A fix from Arnd re-adding a dependency on gpiolib which was implicitly pulled in via an OF specific route which got removed as part of a cleanup" * tag 'regulator-fix-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: rpi-panel-attiny: add back GPIOLIB dependency |
||
|
Linus Torvalds
|
a973736a28 |
regmap: Fix for v7.1
A fix from Colin for a spelling mistake in a dev_warn() message. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmnz/XoACgkQJNaLcl1U h9BBVQf/b9xfTduD6LBGwrIKU5XXlDpebjkJANy6SYpeNfEzcNSn1Wgo0t2cRbTd obMce92guVYFQWPZI5bwlVCy2q62Uk7CF6puh1PUQ1yoU+3UOugsgEi+ND41gXCp Z+27oZvB6OsV06mrGWa7iXEgLViDUg9A9PrfbMz9eFkVKdGNJCxzLiHVQKyvHWgb HDNo3Ju2LjxdrEJZmNL4+kcrGZD+Qg7B3XHpz2wjhmbX5NHbfqA0PXytAWRhuz8Z ihzwdHdV2m5iz89F0a5CflKIGYO7QkX/Rm6z2FvSjXLYckAo3q8oFCgnPy0/h4MO /YsVDJrZ3Er1L3SXUuFcl322wmkbkQ== =PE11 -----END PGP SIGNATURE----- Merge tag 'regmap-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap fix from Mark Brown: "A fix from Colin for a spelling mistake in a dev_warn() message" * tag 'regmap-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: sdw-mbq: Fix spelling mistake "undeferable" -> "undeferrable" |
||
|
Linus Torvalds
|
2b4d0215be |
20 hotfixes. All are for MM (and for MMish maintainers). 9 are cc:stable
and the remainder are for post-7.0 issues or aren't deemed suitable for backporting. There's a 2 patch DAMON series from SeongJae Park which address races which could lead to use-after-free errors. And a 3 patch DAMON series which avoids the possibility of presenting stale parameter values to users. -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCafPaVQAKCRDdBJ7gKXxA jiUxAQCceUQi6IqADUMhYAsbGcs1LoeMWfiMfbCz2NCoiTXAEwD/S2uqSELRPQQc 7iW6D7U6dTa3d2kkbnxC02ocekaxiQ4= =M/FI -----END PGP SIGNATURE----- Merge tag 'mm-hotfixes-stable-2026-04-30-15-39' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Pull MM fixes from Andrew Morton: "20 hotfixes. All are for MM (and for MMish maintainers). 9 are cc:stable and the remainder are for post-7.0 issues or aren't deemed suitable for backporting. There are two DAMON series from SeongJae Park which address races which could lead to use-after-free errors, and avoid the possibility of presenting stale parameter values to users" * tag 'mm-hotfixes-stable-2026-04-30-15-39' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: mm: memcontrol: fix rcu unbalance in get_non_dying_memcg_end() mm/userfaultfd: detect VMA type change after copy retry in mfill_copy_folio_retry() MAINTAINERS: remove stale kdump project URL mm/damon/stat: detect and use fresh enabled value mm/damon/lru_sort: detect and use fresh enabled and kdamond_pid values mm/damon/reclaim: detect and use fresh enabled and kdamond_pid values selftests/mm: specify requirement for PROC_MEM_ALWAYS_FORCE=y mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock MAINTAINERS: update Li Wang's email address MAINTAINERS, mailmap: update email address for Qi Zheng MAINTAINERS: update Liam's email address mm/hugetlb_cma: round up per_node before logging it MAINTAINERS: fix regex pattern in CORE MM category mm/vma: do not try to unmap a VMA if mmap_prepare() invoked from mmap() mm: start background writeback based on per-wb threshold for strictlimit BDIs kho: fix error handling in kho_add_subtree() liveupdate: fix return value on session allocation failure mailmap: update entry for Dan Carpenter vmalloc: fix buffer overflow in vrealloc_node_align() |
||
|
Zhaoyang Huang
|
4d8e74ad45 |
arm64: Reserve an extra page for early kernel mapping
The final part of [data, end) segment may overflow into the next page of
init_pg_end[1] which is the gap page before early_init_stack[2]:
[1]
crash_arm64_v9.0.1> vtop ffffffed00601000
VIRTUAL PHYSICAL
ffffffed00601000 83401000
PAGE DIRECTORY: ffffffecffd62000
PGD: ffffffecffd62da0 => 10000000833fb003
PMD: ffffff80033fb018 => 10000000833fe003
PTE: ffffff80033fe008 => 68000083401f03
PAGE: 83401000
PTE PHYSICAL FLAGS
68000083401f03 83401000 (VALID|SHARED|AF|NG|PXN|UXN)
PAGE PHYSICAL MAPPING INDEX CNT FLAGS
fffffffec00d0040 83401000 0 0 1 4000 reserved
[2]
ffffffed002c8000 (r) __pi__data
ffffffed0054e000 (d) __pi___bss_start
ffffffed005f5000 (b) __pi_init_pg_dir
ffffffed005fe000 (b) __pi_init_pg_end
ffffffed005ff000 (B) early_init_stack
ffffffed00608000 (b) __pi__end
For 4K pages, the early kernel mapping may use 2MB block entries but the
kernel segments are only 64KB aligned. Segment boundaries that fall
within a 2MB block therefore require a PTE table so that different
attributes can be applied on either side of the boundary.
KERNEL_SEGMENT_COUNT still correctly counts the five permanent kernel
VMAs registered by declare_kernel_vmas(). However, since commit
|
||
|
Leo Yan
|
bb7235e226 |
kselftest/arm64: Include <asm/ptrace.h> for user_gcs definition
kselftest includes kernel uAPI headers with option:
-isystem $(top_srcdir)/usr/include
Include <asm/ptrace.h> in libc-gcs.c for the definition of struct
user_gcs from the uAPI headers, and remove the redundant definition in
gcs-util.h. This fixes a compilation error on systems where the
toolchain defines NT_ARM_GCS.
Fixes:
|
||
|
Dave Airlie
|
f0997a06e3 |
API Fixes:
- Add missing pad and extensions check (Jonathan) - Reject unsafe PAT indices for CPU cached memory (Jia) Driver Fixes: - Drop registration of guc_submit_wedged_fini from xe_guc_submit_wedge (Brost) - Xe3p tuning and workaround fixes (Roper, Gustavo) - USE drm mm instead of drm SA for CCS read/write (Satya) - Fix leaks and null derefs (Shuicheng) - Fix Wa_18022495364 (Tvrtko) -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmnztD8ACgkQ+mJfZA7r E8oWdgf/S9zjWO7Wg8zdWkqF8e7F2wCsdbe/BeeXeCkFSGye99rjJRaJ26gY+CAx /Y50oqNIAIICiCXSbOENd9eaed4YAM1CO7i9uyEWjTxemSDefI85rZmpu/CwMk3Q 4ttTg1+XzfOMdfoCUWU3qb9kZtzEHJoUYMUK1w2TtmzQyqlKMRSjSkdRiwHmoqyy UQ+A3CN3iaypTfoC87F+JLVo5xcicBECbVyT4c1wiyucLDx59+4AVqFiKOhB8YK3 9xLM5zf6x/SI29r3/SWZNF9vdX4HsW2PqXzi0MOdo5Oij8d4v3XRPUr3bY2rnXXv zwL3fzGpsuBXwWc332H6smBGxn0Riw== =aYWw -----END PGP SIGNATURE----- Merge tag 'drm-xe-fixes-2026-04-30' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes API Fixes: - Add missing pad and extensions check (Jonathan) - Reject unsafe PAT indices for CPU cached memory (Jia) Driver Fixes: - Drop registration of guc_submit_wedged_fini from xe_guc_submit_wedge (Brost) - Xe3p tuning and workaround fixes (Roper, Gustavo) - USE drm mm instead of drm SA for CCS read/write (Satya) - Fix leaks and null derefs (Shuicheng) - Fix Wa_18022495364 (Tvrtko) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rodrigo Vivi <rodrigo.vivi@intel.com> Link: https://patch.msgid.link/afO05KvmFMn_7qcY@intel.com |
||
|
Dave Airlie
|
b006ef5fd6 |
amd-drm-fixes-7.1-2026-04-30:
amdgpu: - GFX12 fix for CONFIG_DRM_DEBUG_MM configs - Fix DC analog support - Userq fixes - GART placement fix - Aldebaran SMU fixes - AMDGPU_INFO_READ_MMR_REG fix - UVD 3.1 fix - GC 6 TCC fix - Fix root reservation in amdgpu_vm_handle_fault() - RAS fix - Module reload fix for APUs - Fix build for CONFIG_DRM_FBDEV_EMULATION=n - IGT DWB regression fix - GC 11.5.4 fix - VCN user fence fixes - JPEG user fence fixes - SMU 13.0.6 fix - VCN 3/4 IB parser fixes - NV3x+ dGPU vblank fix - DCE6/8 fixes for LVDS/eDP panels without an EDID amdkfd: - Fix for when CONFIG_HSA_AMD is not set - SVM fixes -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCafNeDQAKCRC93/aFa7yZ 2CnxAP9PIi18FgBFOxP1ZpMmWg8+7rqV/LpFOF3k4d1tSuJ9MQD/WUQ3kn2bgywz XLbHfEzXaXJ1uN4LFMRRfTnssSathgw= =pBy9 -----END PGP SIGNATURE----- Merge tag 'amd-drm-fixes-7.1-2026-04-30' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-7.1-2026-04-30: amdgpu: - GFX12 fix for CONFIG_DRM_DEBUG_MM configs - Fix DC analog support - Userq fixes - GART placement fix - Aldebaran SMU fixes - AMDGPU_INFO_READ_MMR_REG fix - UVD 3.1 fix - GC 6 TCC fix - Fix root reservation in amdgpu_vm_handle_fault() - RAS fix - Module reload fix for APUs - Fix build for CONFIG_DRM_FBDEV_EMULATION=n - IGT DWB regression fix - GC 11.5.4 fix - VCN user fence fixes - JPEG user fence fixes - SMU 13.0.6 fix - VCN 3/4 IB parser fixes - NV3x+ dGPU vblank fix - DCE6/8 fixes for LVDS/eDP panels without an EDID amdkfd: - Fix for when CONFIG_HSA_AMD is not set - SVM fixes Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patch.msgid.link/20260430135619.3929877-1-alexander.deucher@amd.com |
||
|
Mark Brown
|
8c0f9cd1df
|
spi: cadence: Probe and unbind fixes
Several fixes from Johan for issues with unbind and error handling in probe. |
||
|
Mark Brown
|
4f12ee0a4d
|
spi: cadence-quadspi: Probe and unbind fixes
Several fixes from Johan for probe failure and unbind issues in the cadence-quadspi driver. |
||
|
Linus Torvalds
|
26fd6bff2c |
Besides an out-of-bound bug, this is about properly supporting Winbond
octal SPI NAND chips which use a specific pattern for stuffing more address bits in some operations. This PR only carries the use of the a spi-mem flag in SPI NAND. This flag has been added in the spi-mem layer just before the merge window through the spi tree. -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEE9HuaYnbmDhq/XIDIJWrqGEe9VoQFAmnzukUACgkQJWrqGEe9 VoTsRggAjAcSdety80N0EXh8VVbqNoJuLybfIXrqELHP/xJ9QLmC9xe3PdFgcDpy jXLV/kIIUj30/8suvtt70mT8neZQOtzeltET/38BjKvUyQpS1oNeiSt0tW/q5F6S fRw058ENXdjq2zFYas95Ia5gVF5AyZm6wbhUC+v67KdDwiNnfK9b3XYt4vUOzVdB x62bbCDp5176ef6hVz3NplykR6L5cFlvcSMUBweAGba52nqqq5PI1wbECwfekVu5 z+SqmnlJO94GOCTr8XNLotfKDUdUgIXYgvQ/ljXxK6iNumDPdFcDzoGvOe81sj0a OwC4+IVpbLAXUMpmenb24/KrMrLNfg== =j0yz -----END PGP SIGNATURE----- Merge tag 'mtd/fixes-for-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux Pull mtd fixes from Miquel Raynal: "Besides an out-of-bound bug, this is about properly supporting Winbond octal SPI NAND chips which use a specific pattern for stuffing more address bits in some operations. This uses the spi-mem flag in SPI NAND that was added to the spi-mem layer just before the merge window through the spi tree" * tag 'mtd/fixes-for-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux: mtd: spinand: winbond: Fix ODTR write VCR on W35NxxJW mtd: spinand: winbond: Set the packed page read flag to W35N02/04JW mtd: spinand: Add support for packed read data ODTR commands mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() |
||
|
Linus Torvalds
|
cae4ef6f9a |
ACPI support fixes for 7.1-rc2
- Fix removal code ordering in the ACPI TAD driver, refine timer value
computations and checks in its RTC class device interface, make it
use the __ATTRIBUTE_GROUPS() macro, and fix a comment in it (Rafael
Wysocki)
- Fix EINJV2 memory error injection in APEI (Tony Luck)
- Add missing notifier_block structure forward declaration to
acpi_bus.h (Bartosz Golaszewski)
- Fix related_cpus inconsistency during CPU hotplug in the ACPI CPPC
library (Jinjie Ruan)
- Add a quirk to force native backlight on HP OMEN 16 (8A44) in the
ACPI video bus driver (Shivam Kalra)
-----BEGIN PGP SIGNATURE-----
iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmnzrDASHHJqd0Byand5
c29ja2kubmV0AAoJEO5fvZ0v1OO1+YEH/3C4UiCg1JLk6A2O+wrfJ4cCA1PtrImq
Dbb2QvX2ZBx9fBITMPfjBt1fqxXN/MVdeMsZJ6ypwO0ZUEIyWej5vATLStNIcrVa
HhiZ5aMD2YV3oj/K5Di1gMJCritoA9LKBVUt/kdKxk6JYV8ZPJAjToM+vF+7yQSb
EfmL5vMx7614jcxYGbP9qAF3WVDzqwNb2kacpkA6d4jhqFKvRxeKY02Cf9BpXnH6
Lxpiagt/DMWPiEWM3ul/FzrVDK/GlBq8wq6zXwPtNe8li/OZ8SReIBTsAxS2Re8q
fXb+tado6unxzg69efHVU3kG/vg4r+nUxNKFPt1/n8bQOTdGNf0/VSE=
=hRFc
-----END PGP SIGNATURE-----
Merge tag 'acpi-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI support fixes from Rafael Wysocki:
"These fix leftover issues in the ACPI Time and Alarm Device (TAD)
driver on top of the recently merged updates of it and address
assorted issues in the ACPI support code:
- Fix removal code ordering in the ACPI TAD driver, refine timer
value computations and checks in its RTC class device interface,
make it use the __ATTRIBUTE_GROUPS() macro, and fix a comment in it
(Rafael Wysocki)
- Fix EINJV2 memory error injection in APEI (Tony Luck)
- Add missing notifier_block structure forward declaration to
acpi_bus.h (Bartosz Golaszewski)
- Fix related_cpus inconsistency during CPU hotplug in the ACPI CPPC
library (Jinjie Ruan)
- Add a quirk to force native backlight on HP OMEN 16 (8A44) in the
ACPI video bus driver (Shivam Kalra)"
* tag 'acpi-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: bus: add missing forward declaration to acpi_bus.h
ACPI: video: force native backlight on HP OMEN 16 (8A44)
ACPI: TAD: Fix up a comment in acpi_tad_probe()
ACPI: TAD: RTC: Refine timer value computations and checks
ACPI: TAD: Use devres for all driver cleanup
ACPI: TAD: Use __ATTRIBUTE_GROUPS() macro
ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug
ACPI: APEI: EINJ: Fix EINJV2 memory error injection
ACPICA: Provide #defines for EINJV2 error types
|
||
|
Linus Torvalds
|
74b54e9b10 |
three smb3 client fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmnzfsoACgkQiiy9cAdy T1E8ogv+Kx7TMahO+6RJpSHknPbwHxmEQjvz6SZkSFG7WgtupqRofAjnxIJyiqo5 PuoH2LPd9ggWvzZC3spz/J/XqcwiqY+u94h3pudGClJuLU7p1AH7eH5aS+GgFePW FFymUOWUaqwPp6NTBHKfEFg6byPfqzm7e256WpSQSDqKPiEEcrLZqxiZ0H6iOoBK 4asWO/0P6a1MMWf+rUeNq0IduHt8R1tTsukuF5Ye/B919eA3zvnlRTGjhW0X35Qc BxPaGO4eIrBvmPHSZUS2XN9tBES7kFK+lEdYpDIHkOhD67BKIqJ7rPOgoXrgJwtK MxZbTNm1Zfkrh7wbxOCbyfHLs1ckPKmOWzfa3Qjls2SyohmwaV6u2EJ2xu/A11r5 4O31gDTunwZ1f1v72k/mXbC2Bi1rIdBVzzfRxqSzMApfSeouk5PLjedvekAoqrO9 0EXGWIp/uIbs8Be1+YIEfXkitjff0znC2VFd+1N7nifF8zqBfYQJyyJpigdjhLB4 WFi1zp9C =CAio -----END PGP SIGNATURE----- Merge tag 'v7.1-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fixes from Steve French: - multichannel crediting fix - memory allocation improvement for smb2_compound_op - remove some dead code * tag 'v7.1-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: change_conf needs to be called for session setup smb: client: change allocation requirements in smb2_compound_op smb/client: remove unused smb3_parse_opt() |
||
|
Dave Airlie
|
39436e1d91 |
Short summary of fixes pull:
DRM core and helpers: - calculate framebuffer geometry with format helpers - fix docs appletbdrm: - allocate protocol buffers with kvzalloc() dma-buf: - fix docs imagination: - avoid segfault in debugfs ofdrm: - put PCI device reference on errors udl: - increase USB timeout -----BEGIN PGP SIGNATURE----- iQFPBAABCgA5FiEEchf7rIzpz2NEoWjlaA3BHVMLeiMFAmny+kwbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMiwyAAoJEGgNwR1TC3oj47oH/REVpna/fcqpV7RMycV+ rEfxgIlsFB10G+slcNq9pYlYGoI63HtyGOOpCCHFoSI+V1VMO3DCv4ebN4F/P+IT rZkMG3IQqZHSEN+6kD511xN+m8f+6afqGyRwp9FL/HrAytFexr6yerNq9ASMC2sa tkXAZtvODlN9jRaNMBaoBcF2BHbEOhXgwxQOyBkOytzOsWq3xuKmkPiFWGjJHQG1 nujBha5G2SDGs14+1e3j5iyT2GE6yDoucTwNbd86e0ZtsjRqzZogEXQ+d+yzNVIk d6mPi89XreC1gNhnc+VoM4D3Kk6eJuMNSlZ531GoAxZdPg6pnuXrAiNpjqqGxH98 vb8= =xEbl -----END PGP SIGNATURE----- Merge tag 'drm-misc-fixes-2026-04-30' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes Short summary of fixes pull: DRM core and helpers: - calculate framebuffer geometry with format helpers - fix docs appletbdrm: - allocate protocol buffers with kvzalloc() dma-buf: - fix docs imagination: - avoid segfault in debugfs ofdrm: - put PCI device reference on errors udl: - increase USB timeout Signed-off-by: Dave Airlie <airlied@redhat.com> From: Thomas Zimmermann <tzimmermann@suse.de> Link: https://patch.msgid.link/20260430064521.GA14957@linux.fritz.box |
||
|
Rafael J. Wysocki
|
36a96eda15 |
Merge branches 'acpi-apei', 'acpi-bus', 'acpi-cppc' and 'acpi-video'
Merge assorted ACPI support fixes for 7.1-rc2: - Fix EINJV2 memory error injection in APEI (Tony Luck) - Add missing notifier_block structure forward declaration to acpi_bus.h (Bartosz Golaszewski) - Fix related_cpus inconsistency during CPU hotplug in the ACPI CPPC library (Jinjie Ruan) - Add a quirk to force native backlight on HP OMEN 16 (8A44) in the ACPI video bus driver (Shivam Kalra) * acpi-apei: ACPI: APEI: EINJ: Fix EINJV2 memory error injection ACPICA: Provide #defines for EINJV2 error types * acpi-bus: ACPI: bus: add missing forward declaration to acpi_bus.h * acpi-cppc: ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug * acpi-video: ACPI: video: force native backlight on HP OMEN 16 (8A44) |
||
|
Linus Torvalds
|
08d0d34666 |
Including fixes from netfilter.
Current release - regressions:
- ipmr: free mr_table after RCU grace period.
Previous releases - regressions:
- core: add net_iov_init() and use it to initialize ->page_type
- sched: taprio: fix NULL pointer dereference in class dump
- netfilter: nf_tables:
- use list_del_rcu for netlink hooks
- fix strict mode inbound policy matching
- tcp: make probe0 timer handle expired user timeout
- vrf: fix a potential NPD when removing a port from a VRF
- eth: ice:
- fix NULL pointer dereference in ice_reset_all_vfs()
- fix infinite recursion in ice_cfg_tx_topo via ice_init_dev_hw
Previous releases - always broken:
- page_pool: fix memory-provider leak in error path
- sched: sch_cake: annotate data-races in cake_dump_stats()
- mptcp: fix scheduling with atomic in timestamp sockopt
- psp: check for device unregister when creating assoc
- tls: fix strparser anchor skb leak on offload RX setup failure
- eth: stmmac: prevent NULL deref when RX memory exhausted
- eth: airoha: do not read uninitialized fragment address
- eth: rtl8150: fix use-after-free in rtl8150_start_xmit()
Misc:
- add Ido Schimmel as IPv4/IPv6 maintainer
- add David Heidelberg as NFC subsystem maintainer
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCgAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmnzX4ASHHBhYmVuaUBy
ZWRoYXQuY29tAAoJECkkeY3MjxOkdB0QAKRtF1ZdnNXv0egGN6pJtY3LOyWXhR22
LGSq8obz0/9tdVM3GjuCQuolYi1yJrt8JR8SKM9vTPAtCbRFz6S36qcQXuQBzxPi
ICaN9rrnAao/F+wkAtpprvc0lO9pXeDZjmpm6+8t9pgoS48Pl5rNrN6bPGH4wMmM
o87V+6MX6kxQbU2fizOUJcjix/BkdUqwI2BxpxOAvL7ifBeYtFex6iNHraN3Zlkt
BiP38kEDZ25KHCrrYXKEIGcB1+qhGSYDwc/8754x4PJlvKtwpQgrWTsSF8M/bycz
eti5flwP/x16pgZscMwhhagCiYrwNSDX6dBhRA1jG2eqxFxaCprQSYJ6OMk4NvEH
RLNykMGpGH9tACujcrJrhcVspduAkYe7M7MN0FWV5lOWdtw51U6Jua5GuiKrQXy4
LI39loh5nJcVQYmouRTNCX81CCWVZ8Zb7Zktkzbok08D+r31kenKjBwBcC4igtk1
ZF9Sq9PAsXojCpItp2p/ekb54tfRFRp47NuVkCwhQ1TB5f3JaHfmKwjIshrmfK0Z
wJGXjlaJ9y8obBhhqbOKakeLKzIVXxERAcA89ezkErq7gLtYDhdlcgEdFu+VTLUl
So5K1x7tPynHB7my7G8awTyNlYjzHs8LmZKccRHBr2NfOo1fID7XxfBA9RZB/uzf
un9iIF8bmPi1
=BByd
-----END PGP SIGNATURE-----
Merge tag 'net-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from netfilter.
Current release - regressions:
- ipmr: free mr_table after RCU grace period.
Previous releases - regressions:
- core: add net_iov_init() and use it to initialize ->page_type
- sched: taprio: fix NULL pointer dereference in class dump
- netfilter: nf_tables:
- use list_del_rcu for netlink hooks
- fix strict mode inbound policy matching
- tcp: make probe0 timer handle expired user timeout
- vrf: fix a potential NPD when removing a port from a VRF
- eth: ice:
- fix NULL pointer dereference in ice_reset_all_vfs()
- fix infinite recursion in ice_cfg_tx_topo via ice_init_dev_hw
Previous releases - always broken:
- page_pool: fix memory-provider leak in error path
- sched: sch_cake: annotate data-races in cake_dump_stats()
- mptcp: fix scheduling with atomic in timestamp sockopt
- psp: check for device unregister when creating assoc
- tls: fix strparser anchor skb leak on offload RX setup failure
- eth:
- stmmac: prevent NULL deref when RX memory exhausted
- airoha: do not read uninitialized fragment address
- rtl8150: fix use-after-free in rtl8150_start_xmit()
Misc:
- add Ido Schimmel as IPv4/IPv6 maintainer
- add David Heidelberg as NFC subsystem maintainer"
* tag 'net-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (79 commits)
net/sched: cls_flower: revert unintended changes
sfc: fix error code in efx_devlink_info_running_versions()
net: tls: fix strparser anchor skb leak on offload RX setup failure
ice: add dpll peer notification for paired SMA and U.FL pins
ice: fix missing dpll notifications for SW pins
dpll: export __dpll_pin_change_ntf() for use under dpll_lock
ice: fix SMA and U.FL pin state changes affecting paired pin
ice: fix missing SMA pin initialization in DPLL subsystem
ice: fix infinite recursion in ice_cfg_tx_topo via ice_init_dev_hw
ice: fix NULL pointer dereference in ice_reset_all_vfs()
iavf: add VIRTCHNL_OP_ADD_VLAN to success completion handler
iavf: wait for PF confirmation before removing VLAN filters
iavf: stop removing VLAN filters from PF on interface down
iavf: rename IAVF_VLAN_IS_NEW to IAVF_VLAN_ADDING
page_pool: fix memory-provider leak in page_pool_create_percpu() error path
bonding: 3ad: implement proper RCU rules for port->aggregator
net: airoha: Do not return err in ndo_stop() callback
hv_sock: fix ARM64 support
MAINTAINERS: update the IPv4/IPv6 entry and add Ido Schimmel
selftests: drv-net: clarify linters and frameworks in README
...
|
||
|
Linus Torvalds
|
6cd70263a6 |
ata fix for 7.1-rc2
- Fix a reference leak on device_register() failure in pata_parport -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRN+ES/c4tHlMch3DzJZDGjmcZNcgUCafNROAAKCRDJZDGjmcZN cnFfAQD+x6vRvu0bpGab9J7gvZYYtbbsj12pCbVA9jPpS2AMXQEA/ity23nuogu4 vF+H+XKqSjfdRGhn5GZ9GMhIq4tNOQ4= =0MCi -----END PGP SIGNATURE----- Merge tag 'ata-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux Pull ata fix from Niklas Cassel: - Fix a reference leak on device_register() failure in pata_parport * tag 'ata-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux: ata: pata_parport: switch to dynamic root device |
||
|
Linus Torvalds
|
2aa0a36917 |
sound fixes for 7.1-rc2
A bunch of small fixes. One minor fix is found in the core side for
data race in PCM OSS layer, while remaining changes are various
device-specific fixes and quirks.
- Core: PCM OSS data race fix
- HD-audio: Fixes for TAS2781, CS35L56, and Realtek/Conexant quirks;
avoidance of a WARN_ON for HDMI channel mapping
- USB-audio: Improvements in UAC3 parsing robustness (leaks, size
checks) and fixes for potential endless loops
- ASoC: Driver-specific fixes for CS35L56, Intel bytcr_wm5102,
Spacemit, AW88395, and others, plus a new quirk for Steam Deck OLED.
- Misc: A UAF fix in aloop driver, division by zero fix in ua101
driver and leak fixes in caiaq driver
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmny+BAOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+jHhAAvkuJnlkLKVJ2t+rckKiZDWSsiB+DW6uV//EV
TRSGtkXA3WMhJcvJNKZF7YfVaNJcoAVYFZjZKXDuep8B28/HPzSaK1jY3CjAObHT
Al3OAHESsn9Qzzd+C8SBMJ+7ievDCiHCrliggjwICIE2yb2EN6Q6jz8q2nLOz4cL
8MvF8YgF8LRU+jtrz5MfMW81Auvkg4Pgnby71JVpc2PV1xv2bn5HGoWebAJWRi0f
+XIsz6NVPKlyrtXeTgY4os13277jtNg5BqDkQtgFKduHFaCLNHnn7+R6fK2h+oPq
NhdY6ujr7n5+1HS3jexB9ULRPBImW3WkkRoRjvAPizsWBfL/7+Oou6m1OlTKEk/+
RaIOEvnuVbyHnldPyPDrsxNXW3fqVFbwKree2smDFeZUptTxQiVNoILV3IRKO4uF
cFc4ax2eq+TRfD9pGng6fkp7/kz4WQE8/YHJuLpKZdj3lgp/v7OwWx0mxMvaG1Qg
689TQhhoxjcr21l6D7ESSWephP4UC7VSY5B0CqBHSo3EbLf6AbMMDr0ec1h2aL8U
ycmeR7hQw78XpL9+7jaSilRkev2SQ9wOtWLV10JFUhrD4laoJ1xIIMTWMOONCVT4
l/jMKh6rjVGE+mpVWlD1n/Scqdw7L6MLQ/x4oJ/yvDnqq5aemD9KFFQJ/HyGsp18
B3fuZkw=
=SGI0
-----END PGP SIGNATURE-----
Merge tag 'sound-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A bunch of small fixes. One minor fix is found in the core side for
data race in PCM OSS layer, while remaining changes are various
device-specific fixes and quirks.
- Core: PCM OSS data race fix
- HD-audio: Fixes for TAS2781, CS35L56, and Realtek/Conexant quirks;
avoidance of a WARN_ON for HDMI channel mapping
- USB-audio: Improvements in UAC3 parsing robustness (leaks, size
checks) and fixes for potential endless loops
- ASoC: Driver-specific fixes for CS35L56, Intel bytcr_wm5102,
Spacemit, AW88395, and others, plus a new quirk for Steam Deck
OLED
- Misc: A UAF fix in aloop driver, division by zero fix in ua101
driver and leak fixes in caiaq driver"
* tag 'sound-7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (32 commits)
ALSA: hda/tas2781: Fix incorrect bit update for non-book-zero or book 0 pages >1
ALSA: hda: cs35l56: Fix uninitialized value in cs35l56_hda_read_acpi()
ALSA: hda/conexant: Fix missing error check for jack detection
ALSA: hda: Avoid WARN_ON() for HDMI chmap slot checks
ALSA: usb-audio: Fix quirk entry placement for PreSonus AudioBox USB
ASoC: spacemit: adjust FIFO trigger threshold to half FIFO size
ASoC: spacemit: move hw constraints from hw_params to startup
ASoC: codecs: ab8500: Fix casting of private data
ASoC: cs35l56: Fix illegal writes to OTP_MEM registers
ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error
ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams
ALSA: caiaq: Don't abort when no input device is available
ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path
ASoC: aw88395: Fix kernel panic caused by invalid GPIO error pointer
ALSA: caiaq: fix usb_dev refcount leak on probe failure
sound: ua101: fix division by zero at probe
ALSA: usb-audio: apply quirk for Playstation PDP Riffmaster
ALSA: hda: Remove duplicate cmedia entries in codecs Makefile
ALSA: hda/realtek: Add micmute LED quirk for Acer Aspire A315-44P
...
|
||
|
Qi Zheng
|
99ebc509ee |
mm: memcontrol: fix rcu unbalance in get_non_dying_memcg_end()
Currently, get_non_dying_memcg_start() and get_non_dying_memcg_end() both
evaluate cgroup_subsys_on_dfl(memory_cgrp_subsys) independently to
determine whether to acquire or release the RCU read lock.
However, the result of cgroup_subsys_on_dfl() can change dynamically at
runtime due to cgroup hierarchy rebinding (e.g., when the memory
controller is moved between cgroup v1 and v2 hierarchies). This can cause
the following warning:
=====================================
WARNING: bad unlock balance detected!
7.0.0-next-20260420+ #83 Tainted: G W
-------------------------------------
memcg-repro/270 is trying to release lock (rcu_read_lock) at:
[<ffffffff815f57f7>] rcu_read_unlock+0x17/0x60
but there are no more locks to release!
other info that might help us debug this:
1 lock held by memcg-repro/270:
#0: ffff888102fa2088 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x285/0x880
stack backtrace:
CPU: 0 UID: 0 PID: 270 Comm: memcg-repro Tainted: G W 7.0.0-next-20260420+ #
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
<TASK>
? rcu_read_unlock+0x17/0x60
dump_stack_lvl+0x77/0xb0
print_unlock_imbalance_bug+0xe0/0xf0
? rcu_read_unlock+0x17/0x60
lock_release+0x21d/0x2a0
rcu_read_unlock+0x1c/0x60
do_pte_missing+0x233/0xb40
__handle_mm_fault+0x80e/0xcd0
handle_mm_fault+0x146/0x310
do_user_addr_fault+0x303/0x880
exc_page_fault+0x9b/0x270
asm_exc_page_fault+0x26/0x30
RIP: 0033:0x5590e4eb41ea
Code: 61 cc 66 0f 6f e0 66 0f 61 c2 66 0f db cd 66 0f 69 e2 66 0f 6f d0 66 0f 69 d4 66 0f 61 0
RSP: 002b:00007ffcad25f030 EFLAGS: 00010202
RAX: 00005590e4eb8010 RBX: 00007ffcad260f7d RCX: 00007f73c474d44d
RDX: 00005590e4eb80a0 RSI: 00005590e4eb503c RDI: 000000000000000f
RBP: 00005590e4eb70a0 R08: 0000000000000000 R09: 00007f73c483a680
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcad25f180 R14: 00005590e4eb6dd8 R15: 00007f73c4869020
</TASK>
------------[ cut here ]------------
Fix this by explicitly tracking the RCU lock state, ensuring that
rcu_read_unlock() in get_non_dying_memcg_end() is strictly paired with the
lock acquisition, regardless of any runtime rebinding events.
Link: https://lore.kernel.org/20260429073105.44472-1-qi.zheng@linux.dev
Fixes:
|
||
|
Jens Axboe
|
17666e2d75 |
io_uring/tw: serialize ctx->retry_llist with ->uring_lock
The DEFER_TASKRUN local task work paths all run under ctx->uring_lock,
which serializes them with each other and with the rest of the ring's
hot paths. io_move_task_work_from_local() is the exception - it's called
from io_ring_exit_work() on a kworker without holding the lock and from
the iopoll cancelation side right after dropping it.
->work_llist is fine with this, as it's only ever updated via the
expected paths. But the ->retry_llist is updated while runing, and hence
it could potentially race between normal task_work running and the
task-has-exited shutdown path.
Simply grab ->uring_lock while moving the local work to the fallback
list for exit purposes, which nicely serializes it across both the
normal additions and the exit prune path.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Paolo Abeni
|
1e01abec85 |
net/sched: cls_flower: revert unintended changes
While applying the blamed commit |
||
|
Dan Carpenter
|
051ffb001b |
sfc: fix error code in efx_devlink_info_running_versions()
Return -EIO if efx_mcdi_rpc() doesn't return enough space.
Fixes:
|
||
|
Jakub Kicinski
|
58689498ca |
net: tls: fix strparser anchor skb leak on offload RX setup failure
When tls_set_device_offload_rx() fails at tls_dev_add(), the error path calls tls_sw_free_resources_rx() to clean up the SW context that was initialized by tls_set_sw_offload(). This function calls tls_sw_release_resources_rx() (which stops the strparser via tls_strp_stop()) and tls_sw_free_ctx_rx() (which kfrees the context), but never frees the anchor skb that was allocated by alloc_skb(0) in tls_strp_init(). Note that tls_sw_free_resources_rx() is exclusively used for this "failed to start offload" code path, there's no other caller. The leak did not exist before commit |
||
|
Paolo Abeni
|
47888597a3 |
Merge branch 'intel-wired-lan-update-2026-04-27-ice-iavf'
Jacob Keller says: ==================== Intel Wired LAN Update 2026-04-27 (ice, iavf) Petr Oros from RedHat has accumulated a number of fixes for the Intel ice and iavf drivers, bundled together in this series. First, a series of 4 fixes to resolve issues with the iavf driver logic for handling VLAN filters. This includes keeping VLAN filters while the interface is brought down, waiting for confirmation on filter deletion before deleting filters from the driver tracking structures, and handling the VIRTCHNL_OP_ADD_VLAN for the old v1 VLAN_ADD command. A fix for a crash in ice_reset_all_vfs(), properly checking for errors when ice_vf_rebuild_vsi() fails. A fix for a possible infinite recursion in ice_cfg_tx_topo() that occurs when trying to apply invalid Tx topology configuration. A fix to initialize the SMA pins in the DPLL subsystem properly. A fix to change the SMA and U.FL pin state for paired pins, ensuring that all flows changing one pin will also update its shared pin appropriately. A preparatory patch to export __dpll_pin_change_ntf() so that drivers can notify pin changes while already holding the dpll_lock. A fix to ensure DPLL notifications are sent for the software-controlled pins which wrap the physical CGU input/output pins. A fix to add DPLL notifications for peer pins when changing the SMA or U.FL pins, ensuring DPLL subsystem is notified about the paired connected pins. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> ==================== Link: https://patch.msgid.link/20260427-jk-iwl-net-petr-oros-fixes-v1-0-cdcb48303fd8@intel.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
||
|
Petr Oros
|
9e5dead140 |
ice: add dpll peer notification for paired SMA and U.FL pins
SMA and U.FL pins share physical signal paths in pairs (SMA1/U.FL1 and
SMA2/U.FL2). When one pin's state changes via a PCA9575 GPIO write,
the paired pin's state also changes, but no notification is sent for
the peer pin. Userspace consumers monitoring the peer via dpll netlink
subscribe never learn about the update.
Add ice_dpll_sw_pin_notify_peer() which sends a change notification for
the paired SW pin. Call it from ice_dpll_pin_sma_direction_set(),
ice_dpll_sma_pin_state_set(), and ice_dpll_ufl_pin_state_set() after
pf->dplls.lock is released. Use __dpll_pin_change_ntf() because
dpll_lock is still held by the dpll netlink layer (dpll_pin_pre_doit).
Fixes:
|
||
|
Petr Oros
|
1a41b58fd4 |
ice: fix missing dpll notifications for SW pins
The SMA/U.FL pin redesign (commit |