Here are three small staging driver fixes for 6.15-rc6. These are:
- bcm2835-camera driver fix
- two axis-fifo driver fixes
All of these have been in linux-next for a few weeks with no reported
issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaB9XLQ8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynOXwCg1Gdq0MgLu4zuIv//AJiPvWPR6psAniJ81XW2
FxP3AQLcyUUSItvda5xa
=JJKJ
-----END PGP SIGNATURE-----
Merge tag 'staging-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are three small staging driver fixes for 6.15-rc6. These are:
- bcm2835-camera driver fix
- two axis-fifo driver fixes
All of these have been in linux-next for a few weeks with no reported
issues"
* tag 'staging-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: axis-fifo: Remove hardware resets for user errors
staging: axis-fifo: Correct handling of tx_fifo_depth for size validation
staging: bcm2835-camera: Initialise dev in v4l2_dev
Here are a bunch of small driver fixes (mostly all IIO) for 6.15-rc6.
Included in here are:
- loads of tiny IIO driver fixes for reported issues
- hyperv driver fix for a much-reported and worked on sysfs ring
buffer creation bug
All of these have been in linux-next for over a week (the IIO ones for
many weeks now), with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaB9YVQ8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynaIwCfTPZseJ558irNFrethcxPqtAAlc0An3z4Jyij
diV9XrxG+Afasvqviyi/
=sjUN
-----END PGP SIGNATURE-----
Merge tag 'char-misc-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc/IIO driver fixes from Greg KH:
"Here are a bunch of small driver fixes (mostly all IIO) for 6.15-rc6.
Included in here are:
- loads of tiny IIO driver fixes for reported issues
- hyperv driver fix for a much-reported and worked on sysfs ring
buffer creation bug
All of these have been in linux-next for over a week (the IIO ones for
many weeks now), with no reported issues"
* tag 'char-misc-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (30 commits)
Drivers: hv: Make the sysfs node size for the ring buffer dynamic
uio_hv_generic: Fix sysfs creation path for ring buffer
iio: adis16201: Correct inclinometer channel resolution
iio: adc: ad7606: fix serial register access
iio: pressure: mprls0025pa: use aligned_s64 for timestamp
iio: imu: adis16550: align buffers for timestamp
staging: iio: adc: ad7816: Correct conditional logic for store mode
iio: adc: ad7266: Fix potential timestamp alignment issue.
iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
iio: adc: dln2: Use aligned_s64 for timestamp
iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
iio: chemical: pms7003: use aligned_s64 for timestamp
iio: chemical: sps30: use aligned_s64 for timestamp
iio: imu: inv_mpu6050: align buffer for timestamp
iio: imu: st_lsm6dsx: Fix wakeup source leaks on device unbind
iio: adc: qcom-spmi-iadc: Fix wakeup source leaks on device unbind
iio: accel: fxls8962af: Fix wakeup source leaks on device unbind
iio: adc: ad7380: fix event threshold shift
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
...
- omap: use correct function to read from device tree
- MAINTAINERS: remove Seth from ISMT maintainership
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmgfJckACgkQFA3kzBSg
KbYccRAAoccV12i7q1GS9DlnkkxObENoJ18c4oV0XzH+US+Oi7BeD8c1/NAbLSMS
7RUJjqBf/4q8xHlvP3GTI8yGWwwdQRzHBS1Ul1kpNvX7CM8Jwi4ljAO2x+aoElEw
VnJTJj2dzjFZ4DQVQXUJmNAwPgpsQl/OuBd+i7YwXqJyeCRSvkrxc3D4AftoHQJl
e12a43qDm6wtRtGV6jIkDOyaZ+0+zYe8LAT8hNfAB/oJf4cz3W49LH8/pKl6y6FQ
2Tjw4TtERQQaSwKcjt03sIXqP3mMSEuRJdCyINvtkeCDqZiYVkN4p4JaGWCSaLCh
Yscuefdq8E0SDFKkS/ogGq7/YaBt/rIA8O3fRhVfnh/nx/I2wJXgIMBKDnkjMa6g
k1p9+RdAMxNyEoiFH4ALHeX0eztvQmNyAh3IvPvcZZ3+0yLqSmxkMZO87gi95+Vu
AxcSXZZQA4yy+rqNrgWAel7zXQSmBCppsjI90jj0Br072uYFuQ5Ja7LGmN0F7SDR
SlIaQ1dbi9dZE36F9IY2/GtTEGY6cQp8Hire58BqKwnE/qvId22Ywv12sqZLdNPp
CeywLiXJjFxCJjLqWRU0OY1lSTW6Tnp6aCZMtuIpjBQ0L39luPSZxsx4Mh3zM4UK
CO7I+fpViabeHq2cBtDvQSMDejuxp6Tig4H1WHHsSAhhnFjxVao=
=0qWn
-----END PGP SIGNATURE-----
Merge tag 'i2c-for-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
- omap: use correct function to read from device tree
- MAINTAINERS: remove Seth from ISMT maintainership
* tag 'i2c-for-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
MAINTAINERS: Remove entry for Seth Heasley
i2c: omap: fix deprecated of_property_read_bool() use
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCaB7qnQAKCRCAXGG7T9hj
vp7jAP9+fWTsuK6K3HnWn/XeQjLUIO37rty2Xep8vB6tdfa6GwEA/9YTgffq4R7w
UtIZiACpqRvawuBncK/ENjehbi72pgQ=
=DYrf
-----END PGP SIGNATURE-----
Merge tag 'for-linus-6.15a-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
- A fix for the xenbus driver allowing to use a PVH Dom0 with
Xenstore running in another domain
- A fix for the xenbus driver addressing a rare race condition
resulting in NULL dereferences and other problems
- A fix for the xen-swiotlb driver fixing a problem seen on Arm
platforms
* tag 'for-linus-6.15a-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xenbus: Use kref to track req lifetime
xenbus: Allow PVH dom0 a non-local xenstore
xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQqUNBr3gm4hGXdBJlZ7Krx/gZQ6wUCaB59uwAKCRBZ7Krx/gZQ
65LzAQDNWuHb/oR1LMgdPxynDDh3kFAuj1P3KN9j0QYw83RYMAD/aJucjRhIKUIH
ajyA4t/MMZsA2gBBdkKwWO9IDt8PAg0=
=RRin
-----END PGP SIGNATURE-----
Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull mount fixes from Al Viro:
"A couple of races around legalize_mnt vs umount (both fairly old and
hard to hit) plus two bugs in move_mount(2) - both around 'move
detached subtree in place' logics"
* tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fix IS_MNT_PROPAGATING uses
do_move_mount(): don't leak MNTNS_PROPAGATING on failures
do_umount(): add missing barrier before refcount checks in sync case
__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
- Forcibly leave SMM on SHUTDOWN interception on AMD CPUs to avoid causing
problems due to KVM stuffing INIT on SHUTDOWN (KVM needs to sanitize the
VMCB as its state is undefined after SHUTDOWN, emulating INIT is the
least awful choice).
- Track the valid sync/dirty fields in kvm_run as a u64 to ensure KVM
KVM doesn't goof a sanity check in the future.
- Free obsolete roots when (re)loading the MMU to fix a bug where
pre-faulting memory can get stuck due to always encountering a stale
root.
- When dumping GHCB state, use KVM's snapshot instead of the raw GHCB page
to print state, so that KVM doesn't print stale/wrong information.
- When changing memory attributes (e.g. shared <=> private), add potential
hugepage ranges to the mmu_invalidate_range_{start,end} set so that KVM
doesn't create a shared/private hugepage when the the corresponding
attributes will become mixed (the attributes are commited *after* KVM
finishes the invalidation).
- Rework the SRSO mitigation to enable BP_SPEC_REDUCE only when KVM has at
least one active VM. Effectively BP_SPEC_REDUCE when KVM is loaded led
to very measurable performance regressions for non-KVM workloads.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEKTobbabEP7vbhhN9OlYIJqCjN/0FAmgeTJoACgkQOlYIJqCj
N/1vFhAAgK31KUSbyU9dwfjr6ytLaYLbYf1Zb+Sl3tMeQlH8unOb6oKLh/tjJkvR
lQ4FgPWTSO7sgi9DcPAafBw5OoF1Y8Rk0wIVJYLgiNwFH/CyEif/qepvvho83uVj
X4Hx1uOa0zrCPeqXmiJeOPj09qNjRNkY/YaiBLsO+LLByRbgKSqDMrr19O52JQGN
Y0wXiySePYsf7hvO7eRaJ+XQWUvBKUTnFIe6I/Os5rHLwS/5fWXJmV4KYt1gM7CP
o84PZtLylrvikn4K21ULZZ/jfwzRKTdOdeXK1Y5vXMvMSlBArMD2F+x/7QkH2wnO
WUSzBxFjNMo+Ntuu0Xnix7kwqQeZWeNhdm+RKihx/fw4NyoU2S/6DoVBTa9DgwlC
6SSzjbzhHEi+Fa4GIx8DD2ekkDQKWfAStUuOxYBBhXCOW3Gdg/gMLpSKhCpdcEl9
Kt10mJVeAVUdctMsnNkX76ZHtxX9/6rCGm+jabYCshrj6H5+gmNmW+xKSaOZ4rh4
2ZO4JduTekHJBk8JbAgn1Ffky1RCPOssubVUh4Hym4q/egksWVTSGH68+MiLv37A
8q4P956Ql2wLdQfM+mvZgE+s+w+hlZGeMZ1ARd/U0KipjtlyJMmC2H2Y3p9a4p8R
fWR5oNZ2HkimL1T6j/hjGTMJz8uFjliiLwk2UKhOgHuhzWpi8Ds=
=r4B/
-----END PGP SIGNATURE-----
Merge tag 'kvm-x86-fixes-6.15-rcN' of https://github.com/kvm-x86/linux into HEAD
KVM x86 fixes for 6.15-rcN
- Forcibly leave SMM on SHUTDOWN interception on AMD CPUs to avoid causing
problems due to KVM stuffing INIT on SHUTDOWN (KVM needs to sanitize the
VMCB as its state is undefined after SHUTDOWN, emulating INIT is the
least awful choice).
- Track the valid sync/dirty fields in kvm_run as a u64 to ensure KVM
KVM doesn't goof a sanity check in the future.
- Free obsolete roots when (re)loading the MMU to fix a bug where
pre-faulting memory can get stuck due to always encountering a stale
root.
- When dumping GHCB state, use KVM's snapshot instead of the raw GHCB page
to print state, so that KVM doesn't print stale/wrong information.
- When changing memory attributes (e.g. shared <=> private), add potential
hugepage ranges to the mmu_invalidate_range_{start,end} set so that KVM
doesn't create a shared/private hugepage when the the corresponding
attributes will become mixed (the attributes are commited *after* KVM
finishes the invalidation).
- Rework the SRSO mitigation to enable BP_SPEC_REDUCE only when KVM has at
least one active VM. Effectively BP_SPEC_REDUCE when KVM is loaded led
to very measurable performance regressions for non-KVM workloads.
- Avoid use of uninitialized memcache pointer in user_mem_abort()
- Always set HCR_EL2.xMO bits when running in VHE, allowing interrupts
to be taken while TGE=0 and fixing an ugly bug on AmpereOne that
occurs when taking an interrupt while clearing the xMO bits
(AC03_CPU_36)
- Prevent VMMs from hiding support for AArch64 at any EL virtualized by
KVM
- Save/restore the host value for HCRX_EL2 instead of restoring an
incorrect fixed value
- Make host_stage2_set_owner_locked() check that the entire requested
range is memory rather than just the first page
-----BEGIN PGP SIGNATURE-----
iI0EABYIADUWIQSNXHjWXuzMZutrKNKivnWIJHzdFgUCaBsNHBccb2xpdmVyLnVw
dG9uQGxpbnV4LmRldgAKCRCivnWIJHzdFkk9AP9JSol3oXKv4Z8LX0/r3kqGGCbM
tpqYKtF+S3MyuftQZgD/Z61FKI90MqUbn4sWJWzvOOuTOUk9jJ2Ki9h4kb0aGgQ=
=p25s
-----END PGP SIGNATURE-----
Merge tag 'kvmarm-fixes-6.15-3' of https://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD
KVM/arm64 fixes for 6.15, round #3
- Avoid use of uninitialized memcache pointer in user_mem_abort()
- Always set HCR_EL2.xMO bits when running in VHE, allowing interrupts
to be taken while TGE=0 and fixing an ugly bug on AmpereOne that
occurs when taking an interrupt while clearing the xMO bits
(AC03_CPU_36)
- Prevent VMMs from hiding support for AArch64 at any EL virtualized by
KVM
- Save/restore the host value for HCRX_EL2 instead of restoring an
incorrect fixed value
- Make host_stage2_set_owner_locked() check that the entire requested
range is memory rather than just the first page
- omap: use correct function to read from device tree
- MAINTAINERS: remove Seth from ISMT maintainership
-----BEGIN PGP SIGNATURE-----
iIwEABYKADQWIQScDfrjQa34uOld1VLaeAVmJtMtbgUCaB3svBYcYW5kaS5zaHl0
aUBrZXJuZWwub3JnAAoJENp4BWYm0y1u+LYBAM9HQg3hDogvUTzT1bDUeBzAtNPk
brPFmUSi9wFZp8L1AQDwdTQSZOFp5yjboAtU5/MDBTFxdPlROkxrzror6wDDDA==
=HzZn
-----END PGP SIGNATURE-----
Merge tag 'i2c-host-fixes-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/andi.shyti/linux into i2c/for-current
i2c-host-fixes for v6.15-rc6
- omap: use correct function to read from device tree
- MAINTAINERS: remove Seth from ISMT maintainership
- One more i.MX8MP nominal drive mode DT fix from Ahmad Fatoum to use
800MHz NoC OPP
- A imx8mp-var-som DT change from Himanshu Bhavani to fix SD card
timeout caused by LDO5
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEFmJXigPl4LoGSz08UFdYWoewfM4FAmgeoVAACgkQUFdYWoew
fM7Ghgf6AgpSMZdzAmotrbhb7SRt38WRT9VJY8wfPTc8JSr4CB39EfjzzoJNyE7K
pNJyS5psljbKFj8UovMOIgrkpvvTevNGJATPXxDnuCLIngTM47uH4MpXTxy1a3MV
L1T4DfTljB1U6mDalrhjjwWwHfBR8cGb53Vv/A1OSn0jFCrvRnS6QEPorq5A/QaA
Gco9WeDh481HeN74n/H1vmNwtl2rlYNF0+c4HkWhb97DO7e3u+t2vWwe0WdF6NyL
1ZVNEaYNNWVYtdSRAz/AYcKS5cID1rfF3Iz6i3CDzN487VtwS7ogea7VSZTPn1l7
AxrvaZ/FYsdOmz12SDCYHaFR1znx+w==
=qSBA
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmgfGA4ACgkQYKtH/8kJ
UifjBg//QslEUfifNF0vUtDtHcXfX4dHdo59+guso9j8OEz4geoyvgDQ7ztxbcOF
mrZhaEOcUgNc3Komso92XBZ6dnd7uvuFnCO3uyscA50RWzhY3fbg0wLFifXA4wqj
LeSTztTXZeGpIV5peqcGyXLqogR/4T6Y7blisn4vB75zDDcRiayDTy/VNx48lpVq
5auNg3wPghoGS5BSOzAeveP0oTUDXK2Tr98EhxJWGRs35cMwTsGmaYXKZU/SSALG
ARFQWka3ziuU8dcaBa9mMwOxGcrgfDdrcEKAJC+FyN6Za4+KTO771phS3u9KQebV
kbA64hYyCtqQy/7nAmq4FLJAlM3kP2tShs+FRG1JyhvG+rrU7WGoWQiqxa3r0MNR
648c1XxFwfB55OF/ScPxRv6ct7MBmE5mjlnEdZNeHo9A4YAV64P7AaiLTcbWasxs
dj0H6tDIE2vix028g8EnWswXnJRfeit6kF6GaUJZRsDBL5NAbh4sV23nRtSa+S3F
rjAnDrjQcrk9+rAuEHA8zsRFuI0OQQl94xD9ai8JpIlKLjqZmMskPnFlKFi3HeTh
kpjvT/WmTiqWGPMrm4xC/2UydJg6glmd0cm/e6bRc5nLA4mv4KqaOWzBDnSlTJQh
kifenqC6/c++hEYafQ+TDSia6f4zhGVw1AQgvZk4/ExOKX2E4n0=
=1v2Z
-----END PGP SIGNATURE-----
Merge tag 'imx-fixes-6.15-2' of https://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/fixes
i.MX fixes for 6.15, 2nd round:
- One more i.MX8MP nominal drive mode DT fix from Ahmad Fatoum to use
800MHz NoC OPP
- A imx8mp-var-som DT change from Himanshu Bhavani to fix SD card
timeout caused by LDO5
* tag 'imx-fixes-6.15-2' of https://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
arm64: dts: imx8mp: use 800MHz NoC OPP for nominal drive mode
Link: https://lore.kernel.org/r/aB6h/woeyG1bSo12@dragon
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
- fix duplicate MAC address check, by Matthias Schiffer
-----BEGIN PGP SIGNATURE-----
iQJKBAABCgA0FiEE1ilQI7G+y+fdhnrfoSvjmEKSnqEFAmgdxEYWHHN3QHNpbW9u
d3VuZGVybGljaC5kZQAKCRChK+OYQpKeoSG7D/9UpiHwuCb3FCT9hZVNbRX6XChV
DSv8lYedVflwYgIZCqcKlg4/svygmnNNYy4XOJeLw7kjeegGmdQsol0TouZGkqTB
pNxKnporVTxwA4FDSaRwVxwF1UOlelAzcMRxAk5tpIkGPl1wBFLx7dFzWWuU7wvT
c0mtkJlV0kag0OZJEZqY5fYmQNHmYde9rsTpdP44ie7SPqGHpby6MYjqfGl0ztxy
70XCMgp9ByRsCnL45UQYua17gYavKWalCsAYCikQc/+nZGkgymAaIFv5elFrou9N
Dbw+k9X2ipw3v2atAUP40Bw6dvdIkTRaEpAyO5oDGM1//kqwAfUQazS+IWFYE50v
eN2KRGSNJH/J2RHY0ODRomcFDotHykR8aESbkePJHc5ZFgM9E6vAzy+BPrFJaROX
nRO/XmWXeVwyl9CrxoEtA0UusIEr3OQBMi2p5cV7vbcPHSPzQRuA2iKah0ZFsmB0
pGyaeEh60lO2r84lYsO04bA9q8eyZkNHUxd3pZnCpy4iAzEmgKaD7RAIygwHtRim
UezzP8BO7m6dlox16/eJ2Bev2EmA3m3w/rkyFU2jrE9xv8tTkjIYs04zTifs8+F7
hAU+2WM/P0z+lCVEZzTaguEjFK4UrmnmSZxF1B4mh5AVQL5q4R5np4ncTiBdGJCl
uS34escHTXWW4gHttQ==
=kqur
-----END PGP SIGNATURE-----
Merge tag 'batadv-net-pullrequest-20250509' of git://git.open-mesh.org/linux-merge
Simon Wunderlich says:
====================
Here is a batman-adv bugfix:
- fix duplicate MAC address check, by Matthias Schiffer
* tag 'batadv-net-pullrequest-20250509' of git://git.open-mesh.org/linux-merge:
batman-adv: fix duplicate MAC address check
====================
Link: https://patch.msgid.link/20250509090240.107796-1-sw@simonwunderlich.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmgebFUACgkQiiy9cAdy
T1HI+gv/Q1R0t6HlpL3fgMPw9RZIOcndvIulYI1CyNQ/xdhqDcPBGl3qt3vm6247
OM7o/easyr6TXXY5rdO/zne2ekORRLKBKFeoH/1v4jQu3XBoc/O2S0jaM9rmNuvm
gDgVU+rzkfIUWLYQz1r8XxQ7umz+rZYEX3E9K96mlQWlykSdepx8wtLDE5kZoZZb
fo5sHw1iEuWXLualM0fuNbqScdWKQ/Wg//yjopefwsldLY/JcoOfA/1HLXOgI451
a3AcL7QmZzQG6wa/aq1kUmU10fL9DxbDhNmCPyiGTlCIcyithECrMaR4IRq6/FlU
E1Zh1v7K+zCH48DSrb9SlVaCoqkZmkztvadTZBqp9NqnjOUlbpX0mHK2I0hFxcMN
nrYFg5HPKYdo0pbLSobgIGQPph6UIrAjSlKiTfTdpEGjyyStRjtftmhhky5vKHKS
ZXkQ9XNdS6Cwx1DT9JDYQrUwt2xH44kDx+OYsxYYYaw9yLkClJBDfQZWr4zeMnWi
0E0mx1cz
=m9eD
-----END PGP SIGNATURE-----
Merge tag '6.15-rc5-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb client fixes from Steve French:
- Fix dentry leak which can cause umount crash
- Add warning for parse contexts error on compounded operation
* tag '6.15-rc5-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb: client: Avoid race in open_cached_dir with lease breaks
smb3 client: warn when parse contexts returns error on compounded operation
Make sure trace_probe_log_clear is called in the tracing
eprobe code path, matching the trace_probe_log_init call.
Link: https://lore.kernel.org/all/20250504-fix-trace-probe-log-race-v3-1-9e99fec7eddc@gmail.com/
Signed-off-by: Paul Cacheux <paulcacheux@gmail.com>
Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
When CONFIG_PROVE_RCU_LIST is enabled, fprobe triggers the following
warning:
WARNING: suspicious RCU usage
kernel/trace/fprobe.c:457 RCU-list traversed in non-reader section!!
other info that might help us debug this:
#1: ffffffff863c4e08 (fprobe_mutex){+.+.}-{4:4}, at: fprobe_module_callback+0x7b/0x8c0
Call Trace:
fprobe_module_callback
notifier_call_chain
blocking_notifier_call_chain
This warning occurs because fprobe_remove_node_in_module() traverses an
RCU list using RCU primitives without holding an RCU read lock. However,
the function is only called from fprobe_module_callback(), which holds
the fprobe_mutex lock that provides sufficient protection for safely
traversing the list.
Fix the warning by specifying the locking design to the
CONFIG_PROVE_RCU_LIST mechanism. Add the lockdep_is_held() argument to
hlist_for_each_entry_rcu() to inform the RCU checker that fprobe_mutex
provides the required protection.
Link: https://lore.kernel.org/all/20250410-fprobe-v1-1-068ef5f41436@debian.org/
Fixes: a3dc2983ca ("tracing: fprobe: Cleanup fprobe hash when module unloading")
Signed-off-by: Breno Leitao <leitao@debian.org>
Tested-by: Antonio Quartulli <antonio@mandelbit.com>
Tested-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
mctp_flow_prepare_output() is called in mctp_route_output(), which
places outbound packets onto a given interface. The packet may represent
a message fragment, in which case we provoke an unbalanced reference
count to the underlying device. This causes trouble if we ever attempt
to remove the interface:
[ 48.702195] usb 1-1: USB disconnect, device number 2
[ 58.883056] unregister_netdevice: waiting for mctpusb0 to become free. Usage count = 2
[ 69.022548] unregister_netdevice: waiting for mctpusb0 to become free. Usage count = 2
[ 79.172568] unregister_netdevice: waiting for mctpusb0 to become free. Usage count = 2
...
Predicate the invocation of mctp_dev_set_key() in
mctp_flow_prepare_output() on not already having associated the device
with the key. It's not yet realistic to uphold the property that the key
maintains only one device reference earlier in the transmission sequence
as the route (and therefore the device) may not be known at the time the
key is associated with the socket.
Fixes: 67737c4572 ("mctp: Pass flow data & flow release events to drivers")
Acked-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Link: https://patch.msgid.link/20250508-mctp-dev-refcount-v1-1-d4f965c67bb5@codeconstruct.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
propagate_mnt() does not attach anything to mounts created during
propagate_mnt() itself. What's more, anything on ->mnt_slave_list
of such new mount must also be new, so we don't need to even look
there.
When move_mount() had been introduced, we've got an additional
class of mounts to skip - if we are moving from anon namespace,
we do not want to propagate to mounts we are moving (i.e. all
mounts in that anon namespace).
Unfortunately, the part about "everything on their ->mnt_slave_list
will also be ignorable" is not true - if we have propagation graph
A -> B -> C
and do OPEN_TREE_CLONE open_tree() of B, we get
A -> [B <-> B'] -> C
as propagation graph, where B' is a clone of B in our detached tree.
Making B private will result in
A -> B' -> C
C still gets propagation from A, as it would after making B private
if we hadn't done that open_tree(), but now the propagation goes
through B'. Trying to move_mount() our detached tree on subdirectory
in A should have
* moved B' on that subdirectory in A
* skipped the corresponding subdirectory in B' itself
* copied B' on the corresponding subdirectory in C.
As it is, the logics in propagation_next() and friends ends up
skipping propagation into C, since it doesn't consider anything
downstream of B'.
IOW, walking the propagation graph should only skip the ->mnt_slave_list
of new mounts; the only places where the check for "in that one
anon namespace" are applicable are propagate_one() (where we should
treat that as the same kind of thing as "mountpoint we are looking
at is not visible in the mount we are looking at") and
propagation_would_overmount(). The latter is better dealt with
in the caller (can_move_mount_beneath()); on the first call of
propagation_would_overmount() the test is always false, on the
second it is always true in "move from anon namespace" case and
always false in "move within our namespace" one, so it's easier
to just use check_mnt() before bothering with the second call and
be done with that.
Fixes: 064fe6e233 ("mount: handle mount propagation for detached mount trees")
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
as it is, a failed move_mount(2) from anon namespace breaks
all further propagation into that namespace, including normal
mounts in non-anon namespaces that would otherwise propagate
there.
Fixes: 064fe6e233 ("mount: handle mount propagation for detached mount trees")
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
do_umount() analogue of the race fixed in 119e1ef80e "fix
__legitimize_mnt()/mntput() race". Here we want to make sure that
if __legitimize_mnt() doesn't notice our lock_mount_hash(), we will
notice their refcount increment. Harder to hit than mntput_no_expire()
one, fortunately, and consequences are milder (sync umount acting
like umount -l on a rare race with RCU pathwalk hitting at just the
wrong time instead of use-after-free galore mntput_no_expire()
counterpart used to be hit). Still a bug...
Fixes: 48a066e72d ("RCU'd vfsmounts")
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
netdev_bind_rx takes ownership of the queue array passed as parameter
and frees it, so a queue array buffer cannot be reused across multiple
netdev_bind_rx calls.
This commit fixes that by always passing in a newly created queue array
to all netdev_bind_rx calls in ncdevmem.
Fixes: 85585b4bc8 ("selftests: add ncdevmem, netcat for devmem TCP")
Signed-off-by: Cosmin Ratiu <cratiu@nvidia.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Reviewed-by: Joe Damato <jdamato@fastly.com>
Reviewed-by: Mina Almasry <almasrymina@google.com>
Link: https://patch.msgid.link/20250508084434.1933069-1-cratiu@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Fix a crash in the ethtool YNL implementation when Hardware Clock information
is not present in the response. This ensures graceful handling of devices or
drivers that do not provide this optional field. e.g.
Traceback (most recent call last):
File "/net/tools/net/ynl/pyynl/./ethtool.py", line 438, in <module>
main()
~~~~^^
File "/net/tools/net/ynl/pyynl/./ethtool.py", line 341, in main
print(f'PTP Hardware Clock: {tsinfo["phc-index"]}')
~~~~~~^^^^^^^^^^^^^
KeyError: 'phc-index'
Fixes: f3d07b02b2 ("tools: ynl: ethtool testing tool")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Link: https://patch.msgid.link/20250508035414.82974-1-liuhangbin@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
... or we risk stealing final mntput from sync umount - raising mnt_count
after umount(2) has verified that victim is not busy, but before it
has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see
that it's safe to quietly undo mnt_count increment and leaves dropping
the reference to caller, where it'll be a full-blown mntput().
Check under mount_lock is needed; leaving the current one done before
taking that makes no sense - it's nowhere near common enough to bother
with.
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Toolchain and infrastructure:
- Make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88.0.
- Clean Rust (and Clippy) lints for the upcoming Rust 1.87.0 and Rust
1.88.0 releases.
- Clean objtool warning for the upcoming Rust 1.87.0 release by adding
one more noreturn function.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAmgeYP0ACgkQGXyLc2ht
IW1P4hAAkgehQqfec/Ebn31euIHcS2GTAr1UzSEM23ErYieLTKUOH3vaPq3rxxsF
Tfq/n7vjRI55hfQ199nYaWIXL/BBPIDGxGZ6EwoOcH/xx4Y7er4WIbCuaxaN2ySy
GniUtOOvbXM9tB4h/SjBc/8fv6XxmP0T8ylO4a2G1HIWz31Iy5KkeohmmugnpX0F
FvVdR0aAjbGk1bS4JCi4Y9/TX7FzjBd6gIErvIcYZNtNUkxlWYVbIOKTSOoQiQu0
JSI9EpgiDYjMMXvIM+INOapoVUX9yTJ/ZisoMEb2gkAkC15UVa+M8D4jaP1bYNPp
YcjiWGJv5TNIL9F25p0Wa9pgP/OGVzJxKZv11dAwkeqX6SM/nUXuNa3pBNiuSpn8
syoPTcP2DeZnPrXNZeItZ8KRl27TSdhs3y4RPW8jd77Fo5Hqw7nRrHqI9n+0DBKw
7FRqnXmUQfRzlpz29Y4nA9mr8k5gLJsdKLpLEzdxC8Fec3wDPTzvchu0X722UPq+
k+8Ex5sh8cDm0BKqplS6ZFEShMhqtwpRQFhZpCga8Ogs6t13b3vQRDkWFoeKvbGQ
7CxSUHQRjbiwJNEpemFUCLw6fHJMusnrEXNQCIOdxuIYFyCZKiV9wFyxVWYcEp6W
YTNnyp3f1GVlsiT9qSyNi9woUF4HTRdhUOQqsmGhCHDcUM6Ufhc=
=lyOI
-----END PGP SIGNATURE-----
Merge tag 'rust-fixes-6.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux
Pull rust fixes from Miguel Ojeda:
- Make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88.0
- Clean Rust (and Clippy) lints for the upcoming Rust 1.87.0 and 1.88.0
releases
- Clean objtool warning for the upcoming Rust 1.87.0 release by adding
one more noreturn function
* tag 'rust-fixes-6.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux:
x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88
rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint
rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration
rust: clean Rust 1.88.0's `unnecessary_transmutes` lint
rust: allow Rust 1.87.0's `clippy::ptr_eq` lint
objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0
Below are the tests added for Indirect Target Selection (ITS):
- its_sysfs.py - Check if sysfs reflects the correct mitigation status for
the mitigation selected via the kernel cmdline.
- its_permutations.py - tests mitigation selection with cmdline
permutations with other bugs like spectre_v2 and retbleed.
- its_indirect_alignment.py - verifies that for addresses in
.retpoline_sites section that belong to lower half of cacheline are
patched to ITS-safe thunk. Typical output looks like below:
Site 49: function symbol: __x64_sys_restart_syscall+0x1f <0xffffffffbb1509af>
# vmlinux: 0xffffffff813509af: jmp 0xffffffff81f5a8e0
# kcore: 0xffffffffbb1509af: jmpq *%rax
# ITS thunk NOT expected for site 49
# PASSED: Found *%rax
#
Site 50: function symbol: __resched_curr+0xb0 <0xffffffffbb181910>
# vmlinux: 0xffffffff81381910: jmp 0xffffffff81f5a8e0
# kcore: 0xffffffffbb181910: jmp 0xffffffffc02000fc
# ITS thunk expected for site 50
# PASSED: Found 0xffffffffc02000fc -> jmpq *%rax <scattered-thunk?>
- its_ret_alignment.py - verifies that for addresses in .return_sites
section that belong to lower half of cacheline are patched to
its_return_thunk. Typical output looks like below:
Site 97: function symbol: collect_event+0x48 <0xffffffffbb007f18>
# vmlinux: 0xffffffff81207f18: jmp 0xffffffff81f5b500
# kcore: 0xffffffffbb007f18: jmp 0xffffffffbbd5b560
# PASSED: Found jmp 0xffffffffbbd5b560 <its_return_thunk>
#
Site 98: function symbol: collect_event+0xa4 <0xffffffffbb007f74>
# vmlinux: 0xffffffff81207f74: jmp 0xffffffff81f5b500
# kcore: 0xffffffffbb007f74: retq
# PASSED: Found retq
Some of these tests have dependency on tools like virtme-ng[1] and drgn[2].
When the dependencies are not met, the test will be skipped.
[1] https://github.com/arighi/virtme-ng
[2] https://github.com/osandov/drgn
Co-developed-by: Tao Zhang <tao1.zhang@linux.intel.com>
Signed-off-by: Tao Zhang <tao1.zhang@linux.intel.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
FineIBT-paranoid was using the retpoline bytes for the paranoid check,
disabling retpolines, because all parts that have IBT also have eIBRS
and thus don't need no stinking retpolines.
Except... ITS needs the retpolines for indirect calls must not be in
the first half of a cacheline :-/
So what was the paranoid call sequence:
<fineibt_paranoid_start>:
0: 41 ba 78 56 34 12 mov $0x12345678, %r10d
6: 45 3b 53 f7 cmp -0x9(%r11), %r10d
a: 4d 8d 5b <f0> lea -0x10(%r11), %r11
e: 75 fd jne d <fineibt_paranoid_start+0xd>
10: 41 ff d3 call *%r11
13: 90 nop
Now becomes:
<fineibt_paranoid_start>:
0: 41 ba 78 56 34 12 mov $0x12345678, %r10d
6: 45 3b 53 f7 cmp -0x9(%r11), %r10d
a: 4d 8d 5b f0 lea -0x10(%r11), %r11
e: 2e e8 XX XX XX XX cs call __x86_indirect_paranoid_thunk_r11
Where the paranoid_thunk looks like:
1d: <ea> (bad)
__x86_indirect_paranoid_thunk_r11:
1e: 75 fd jne 1d
__x86_indirect_its_thunk_r11:
20: 41 ff eb jmp *%r11
23: cc int3
[ dhansen: remove initialization to false ]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
ITS mitigation moves the unsafe indirect branches to a safe thunk. This
could degrade the prediction accuracy as the source address of indirect
branches becomes same for different execution paths.
To improve the predictions, and hence the performance, assign a separate
thunk for each indirect callsite. This is also a defense-in-depth measure
to avoid indirect branches aliasing with each other.
As an example, 5000 dynamic thunks would utilize around 16 bits of the
address space, thereby gaining entropy. For a BTB that uses
32 bits for indexing, dynamic thunks could provide better prediction
accuracy over fixed thunks.
Have ITS thunks be variable sized and use EXECMEM_MODULE_TEXT such that
they are both more flexible (got to extend them later) and live in 2M TLBs,
just like kernel code, avoiding undue TLB pressure.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
cfi_rewrite_callers() updates the fineIBT hash matching at the caller side,
but except for paranoid-mode it relies on apply_retpoline() and friends for
any ENDBR relocation. This could temporarily cause an indirect branch to
land on a poisoned ENDBR.
For instance, with para-virtualization enabled, a simple wrmsrl() could
have an indirect branch pointing to native_write_msr() who's ENDBR has been
relocated due to fineIBT:
<wrmsrl>:
push %rbp
mov %rsp,%rbp
mov %esi,%eax
mov %rsi,%rdx
shr $0x20,%rdx
mov %edi,%edi
mov %rax,%rsi
call *0x21e65d0(%rip) # <pv_ops+0xb8>
^^^^^^^^^^^^^^^^^^^^^^^
Such an indirect call during the alternative patching could #CP if the
caller is not *yet* adjusted for the new target ENDBR. To prevent a false
#CP, keep CET-IBT disabled until all callers are patched.
Patching during the module load does not need to be guarded by IBT-disable
because the module code is not executed until the patching is complete.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Early kernel memory is RWX, only at the end of early boot (before SMP)
do we mark things ROX. Have execmem_cache mirror this behaviour for
early users.
This avoids having to remember what code is execmem and what is not --
we can poke everything with impunity ;-) Also performance for not
having to do endless text_poke_mm switches.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Fix a couple of node name warnings from the schema checks:
arch/arm64/boot/dts/amazon/alpine-v2-evp.dt.yaml: io-fabric: $nodename:0: 'io-fabric' does not match '^(bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
arch/arm64/boot/dts/amazon/alpine-v3-evp.dt.yaml: io-fabric: $nodename:0: 'io-fabric' does not match '^(bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
Signed-off-by: Rob Herring (Arm) <robh@kernel.org>
Link: https://lore.kernel.org/r/20250409210255.1541298-1-robh@kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The email address bounced. I couldn't find a newer one in recent git
history (last activity 9 years ago), so delete this email entry.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Link: https://lore.kernel.org/r/20250331190731.5094-2-wsa+renesas@sang-engineering.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The software mitigation for BHI is to execute BHB clear sequence at syscall
entry, and possibly after a cBPF program. ITS mitigation thunks RETs in the
lower half of the cacheline. This causes the RETs in the BHB clear sequence
to be thunked as well, adding unnecessary branches to the BHB clear
sequence.
Since the sequence is in hot path, align the RET instructions in the
sequence to avoid thunking.
This is how disassembly clear_bhb_loop() looks like after this change:
0x44 <+4>: mov $0x5,%ecx
0x49 <+9>: call 0xffffffff81001d9b <clear_bhb_loop+91>
0x4e <+14>: jmp 0xffffffff81001de5 <clear_bhb_loop+165>
0x53 <+19>: int3
...
0x9b <+91>: call 0xffffffff81001dce <clear_bhb_loop+142>
0xa0 <+96>: ret
0xa1 <+97>: int3
...
0xce <+142>: mov $0x5,%eax
0xd3 <+147>: jmp 0xffffffff81001dd6 <clear_bhb_loop+150>
0xd5 <+149>: nop
0xd6 <+150>: sub $0x1,%eax
0xd9 <+153>: jne 0xffffffff81001dd3 <clear_bhb_loop+147>
0xdb <+155>: sub $0x1,%ecx
0xde <+158>: jne 0xffffffff81001d9b <clear_bhb_loop+91>
0xe0 <+160>: ret
0xe1 <+161>: int3
0xe2 <+162>: int3
0xe3 <+163>: int3
0xe4 <+164>: int3
0xe5 <+165>: lfence
0xe8 <+168>: pop %rbp
0xe9 <+169>: ret
Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
When retpoline mitigation is enabled for spectre-v2, enabling
call-depth-tracking and RSB stuffing also mitigates ITS. Add cmdline option
indirect_target_selection=stuff to allow enabling RSB stuffing mitigation.
When retpoline mitigation is not enabled, =stuff option is ignored, and
default mitigation for ITS is deployed.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Ice Lake generation CPUs are not affected by guest/host isolation part of
ITS. If a user is only concerned about KVM guests, they can now choose a
new cmdline option "vmexit" that will not deploy the ITS mitigation when
CPU is not affected by guest/host isolation. This saves the performance
overhead of ITS mitigation on Ice Lake gen CPUs.
When "vmexit" option selected, if the CPU is affected by ITS guest/host
isolation, the default ITS mitigation is deployed.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Indirect Target Selection (ITS) is a bug in some pre-ADL Intel CPUs with
eIBRS. It affects prediction of indirect branch and RETs in the
lower half of cacheline. Due to ITS such branches may get wrongly predicted
to a target of (direct or indirect) branch that is located in the upper
half of the cacheline.
Scope of impact
===============
Guest/host isolation
--------------------
When eIBRS is used for guest/host isolation, the indirect branches in the
VMM may still be predicted with targets corresponding to branches in the
guest.
Intra-mode
----------
cBPF or other native gadgets can be used for intra-mode training and
disclosure using ITS.
User/kernel isolation
---------------------
When eIBRS is enabled user/kernel isolation is not impacted.
Indirect Branch Prediction Barrier (IBPB)
-----------------------------------------
After an IBPB, indirect branches may be predicted with targets
corresponding to direct branches which were executed prior to IBPB. This is
mitigated by a microcode update.
Add cmdline parameter indirect_target_selection=off|on|force to control the
mitigation to relocate the affected branches to an ITS-safe thunk i.e.
located in the upper half of cacheline. Also add the sysfs reporting.
When retpoline mitigation is deployed, ITS safe-thunks are not needed,
because retpoline sequence is already ITS-safe. Similarly, when call depth
tracking (CDT) mitigation is deployed (retbleed=stuff), ITS safe return
thunk is not used, as CDT prevents RSB-underflow.
To not overcomplicate things, ITS mitigation is not supported with
spectre-v2 lfence;jmp mitigation. Moreover, it is less practical to deploy
lfence;jmp mitigation on ITS affected parts anyways.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
RETs in the lower half of cacheline may be affected by ITS bug,
specifically when the RSB-underflows. Use ITS-safe return thunk for such
RETs.
RETs that are not patched:
- RET in retpoline sequence does not need to be patched, because the
sequence itself fills an RSB before RET.
- RET in Call Depth Tracking (CDT) thunks __x86_indirect_{call|jump}_thunk
and call_depth_return_thunk are not patched because CDT by design
prevents RSB-underflow.
- RETs in .init section are not reachable after init.
- RETs that are explicitly marked safe with ANNOTATE_UNRET_SAFE.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
Due to ITS, indirect branches in the lower half of a cacheline may be
vulnerable to branch target injection attack.
Introduce ITS-safe thunks to patch indirect branches in the lower half of
cacheline with the thunk. Also thunk any eBPF generated indirect branches
in emit_indirect_jump().
Below category of indirect branches are not mitigated:
- Indirect branches in the .init section are not mitigated because they are
discarded after boot.
- Indirect branches that are explicitly marked retpoline-safe.
Note that retpoline also mitigates the indirect branches against ITS. This
is because the retpoline sequence fills an RSB entry before RET, and it
does not suffer from RSB-underflow part of the ITS.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
ITS bug in some pre-Alderlake Intel CPUs may allow indirect branches in the
first half of a cache line get predicted to a target of a branch located in
the second half of the cache line.
Set X86_BUG_ITS on affected CPUs. Mitigation to follow in later commits.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
Reviewed-by: Alexandre Chartre <alexandre.chartre@oracle.com>
drm:
- Fix overflow when generating wedged event
ttm:
- Fix documentation
- Remove struct ttm_backup
panel:
- simple: Fix timings for AUO G101EVN010
amdgpu:
- DC FP fixes
- Freesync fix
- DMUB AUX fixes
- VCN fix
- Hibernation fixes
- HDP fixes
xe:
- Prevent PF queue overflow
- Hold all forcewake during mocs test
- Remove GSC flush on reset path
- Fix forcewake put on error path
- Fix runtime warning when building without svm
i915:
- Fix oops on resume after disconnecting DP MST sinks during suspend
- Fix SPLC num_waiters refcounting
ivpu:
- Increase timeouts
- Fix deadlock in cmdq ioctl
- Unlock mutices in correct order
v3d:
- Avoid memory leak in job handling
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmgeVDsACgkQDHTzWXnE
hr5ohw/9EH3+kIhmMGXjWLLSAbFlbzxe/CT8fdMi9Sf9w9lz5q8MHUmisVFw+zoK
XyKSU8Gvr1Ca5e7lH2tSEPQtjSnjAhnGdksv4TKTuDv9ZGampVfmHh0yyCc4z9ID
I7NLiceo8rc5heBw303XO/obotkteoK1mEY9kuPe30wRQtHMKwO4+VgC075ygygq
Ptvl7XFGBhgcpBespikZcdp/Oi+xOeWux9sEdd50xyXzU53n1ZjVQC8/vr2lnUCq
I3+4seJY/DKtBAw/RrqGPKYzG1r0Wa9kmmGyV1YnMPdicdgP58kbFJDSEO9r2cIL
yN6uy4va6lUdAtcmpnbZWzou3HFWiSpMbKsGRrWovjvmIaH8ltszILaZ8aMXCwY9
BeM6VWONjknRmoHDjZ03YuLM7HjKAC9jO8bxhBY2TcT+tb+1TXnMTXx0zcxamVMV
8FLV0ki+o3hsErl+HFNe9hqXPwtTgfVAdOjY+8vmX1Idex1dZYbk/d7BCk06dQOW
n4dnZLZXbZJfZ2IEyTZh5Hnw18No2hTiAHsePzWhjyJbUWn66ck0juNToIUxOf1i
Jw5i2ohTN/rT82f2CqSCeD+AMRjrJmht+jAO6MhnP3woV/s8MIx5BJQqqv14FdTq
dV5YITC5g3vkKuMK4PHwe9qAi/qOVIzduzlS3D997WNoP8y++fQ=
=50os
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2025-05-10' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Weekly drm fixes, bit bigger than last week, but overall amdgpu/xe
with some ivpu bits and a random few fixes, and dropping the
ttm_backup struct which wrapped struct file and was recently
frowned at.
drm:
- Fix overflow when generating wedged event
ttm:
- Fix documentation
- Remove struct ttm_backup
panel:
- simple: Fix timings for AUO G101EVN010
amdgpu:
- DC FP fixes
- Freesync fix
- DMUB AUX fixes
- VCN fix
- Hibernation fixes
- HDP fixes
xe:
- Prevent PF queue overflow
- Hold all forcewake during mocs test
- Remove GSC flush on reset path
- Fix forcewake put on error path
- Fix runtime warning when building without svm
i915:
- Fix oops on resume after disconnecting DP MST sinks during suspend
- Fix SPLC num_waiters refcounting
ivpu:
- Increase timeouts
- Fix deadlock in cmdq ioctl
- Unlock mutices in correct order
v3d:
- Avoid memory leak in job handling"
* tag 'drm-fixes-2025-05-10' of https://gitlab.freedesktop.org/drm/kernel: (32 commits)
drm/i915/dp: Fix determining SST/MST mode during MTP TU state computation
drm/xe: Add config control for svm flush work
drm/xe: Release force wake first then runtime power
drm/xe/gsc: do not flush the GSC worker from the reset path
drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs
drm/xe: Add page queue multiplier
drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
drm/amdgpu: fix pm notifier handling
Revert "drm/amd: Stop evicting resources on APUs in suspend"
drm/amdgpu/vcn: using separate VCN1_AON_SOC offset
drm/amd/display: Fix wrong handling for AUX_DEFER case
drm/amd/display: Copy AUX read reply data whenever length > 0
drm/amd/display: Remove incorrect checking in dmub aux handler
drm/amd/display: Fix the checking condition in dmub aux handling
drm/amd/display: Shift DMUB AUX reply command if necessary
drm/amd/display: Call FP Protect Before Mode Programming/Mode Support
...
- Prevent PF queue overflow
- Hold all forcewake during mocs test
- Remove GSC flush on reset path
- Fix forcewake put on error path
- Fix runtime warning when building without svm
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE6rM8lpABPHM5FqyDm6KlpjDL6lMFAmgdjogZHGx1Y2FzLmRl
bWFyY2hpQGludGVsLmNvbQAKCRCboqWmMMvqU6i6D/wID1kcnrLd8V/0F8o1UFP3
oIFgbHwWbOSejufgr8t6TEvWoh7S8YcGh5S5BlJU66gbpMqVUktnjbOGmUeqY2BE
9YxkGxyXisSjK7/E93D61tP+Bz4qWWlxaoDZLTCxq8kSqI4WTlvHc75HT5yo/bXs
CvjYTv2zSHmIIEEbDILzH75St6c+WiN9qn8TKaUNPWkKKd2OLkXbhMKdhD6+dPFM
lrswQDbaAkxWxMal6HstY/YexMzNe37VRgajXgr0i372mO6y2IUCFjtKlULrk3Fh
NJ1kBhLRkM3eGbeXFcwORKNGZ4+ecA4b0xxeTuPuzRw44ks1efkMpuh080Itmbl9
P8fs0LjDaGW1ILaBwD8yaBaYGgL1sasG7bnS16y+i/98aY8mXNhznNImQTEDQdSj
YGe8CLtDfMqJm9Ksg9tvuAZK6Z4NDSMEBTCZ59zJAN1OToEMu8d54okHSmdgI6xj
6GVjiXbZgwuLTjjjZ6NMgpjKLi+j0VPx/1jFDxTZ71sRQqSKNId6i9/jazKGe/nR
qUZyT9AXNShntR75FXmAXkTRlE+4tL+BaTbVqjuMwRoi/bN3fhpiugj7ucRK03n7
IjhP19YOfV1XfXk95y1cKnktspmSRHoSCuD/JO5GRKJpb1NkNAlH7aQ4JqKJW59B
p6s+gPruce1OE7GP5RQUmg==
=dbSX
-----END PGP SIGNATURE-----
Merge tag 'drm-xe-fixes-2025-05-09' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes
Driver Changes:
- Prevent PF queue overflow
- Hold all forcewake during mocs test
- Remove GSC flush on reset path
- Fix forcewake put on error path
- Fix runtime warning when building without svm
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://lore.kernel.org/r/jffqa56f2zp4i5ztz677cdspgxhnw7qfop3dd3l2epykfpfvza@q2nw6wapsphz
section as it is accessed very early during boot with the MMU off and
before the .bss has been initialised. This can lead to incorrect idmap
page table.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmgeNE0ACgkQa9axLQDI
XvHaog//SZP7GWW2xJZfw4hGBWZ8outFS3f+E/ldHn+HHHsnJwqVL+CC5Rm3Aa/R
x3I9mqPfvdmxkMiWvvTqAJJzSbsi8S2zcW46ytZuhkhz6n4DTIpoTcafYJavlIJy
lMpKrCVtnAEGf1ZP56IF5/+SVG/30/tQrv7d6sKcMwibnAta9TufqW5+lxW3EOFp
Mbo1d/3P/ApAtZIWYnOVIWxRDV9DyJpUvH1njkhv4iNQS6mXinqbhAtE8wgcnCZo
0ATeSqtNJDGuqTsf7/tDwaC9Dd9MyVXR0uyEwz7e0uFxX4hypC5ikAuEW2yDlt7X
Xng+TSaoiKc6fTbyG+/do8/EcxakDEWjph6Z6oBOtjBjTqkm1ECt3wdQLnrk/eqk
hzqtjqr6RaZhEF0RnpAny7h8wOpbf7JNxFJEUOugDz61RFl1mPZa22wQw6hNaRZT
uK507QA3ly1yAmIyVQ1AFFOQ7IWy3+NQc8ChNuTD9RiOqjqLcQ8X7sclSJ+yyZVM
5/5L8OayAUQj9orL9t5x9+NXuuaDL9bGZVr0p+9DHgCMYWmhldFgC5RvFFm8DW0v
Ll7sGeNjIqCuyGoXHbJwchCqcnjY1x+lZdUP74N10TUtr4h3dhEkBJvAvl9fOqzp
htaN36hCptq6aMQ59sR0C3QA0a29xRvb7jOCWec+02ExkdN7QZQ=
=sOHy
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fix from Catalin Marinas:
"Move the arm64_use_ng_mappings variable from the .bss to the .data
section as it is accessed very early during boot with the MMU off and
before the .bss has been initialised.
This could lead to incorrect idmap page table"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation
* The compressed half-word misaligned access instructions (c.lhu, c.lh,
and c.sh) from the Zcb extension are now properly emulated.
* A series of fixes to properly emulate permissions while handling
userspace misaligned accesses.
* A pair of fixes for PR_GET_TAGGED_ADDR_CTRL to avoid accessing the
envcfg CSR on systems that don't support that CSR, and to report those
failures up to userspace.
* The .rela.dyn section is no longer stripped from vmlinux, as it is
necessary to relocate the kernel under some conditions (including
kexec).
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAmgeKQ4THHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQbWRD/4uQ3JzhTsSCW+j2X6gwmn80Y7ugQN/
PURkgP0jzORrJxvM0fuUqMlvC9WjlBBxmLeVehsCqpbWYA6jwQbLlNNhE30l0GDB
pEMhuJ2zCCIQ18GLB7UGrsZO/XvfiwrFYhrLmbKFby5Z0utDubm3dTVPh+kMKHJd
SmcX0z1uxd/ONFWccI9Hh99Q4Q1fGcEneITlFA7DDfUGoP8ZuAOXG8xxi1m0Qbdg
nIPwgA0qIasPbR831QVnqV94rjcdwwsxZG7+kFCEgPjlxywSt3plFg7jH2sgeOc8
Xj+q2pdAktznpYDGAEZmZDmrIWa5RVwdAWqD0qlRW6C1ryVanuefc61v6CKrQ5Gt
w1v4y46XhnVeSkHvPbcqdHGyQnPpDvDdPndMYY39XkNTdRld72wkv7K+6Ow6483X
S16k/UwlnqybIh0B6/4BeRqGc2Gzu/Jz/L1nmd+iEcLnMVeSA3J1V7brFgAp49bF
0vYD9QHohq7RUdcctjr/EICjfMx32nrhXHt+gp6tB6SOnojk5m5/J7sOrXmtBl0o
Xo56zW9TSsxZyYrLAj57oT+r6C2EenQZrsx/UV8gLlyOmI7jLshFVwH2IGnSBD2Z
ZGtB82jaYyxJBVPwETN15rVXIZn7xhMjDy85upvN1NOknbSfuDX3+JuYgbt018Lp
Xew5LNj9cudIqA==
=5+HB
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Palmer Dabbelt:
- The compressed half-word misaligned access instructions (c.lhu, c.lh,
and c.sh) from the Zcb extension are now properly emulated
- A series of fixes to properly emulate permissions while handling
userspace misaligned accesses
- A pair of fixes for PR_GET_TAGGED_ADDR_CTRL to avoid accessing the
envcfg CSR on systems that don't support that CSR, and to report
those failures up to userspace
- The .rela.dyn section is no longer stripped from vmlinux, as it is
necessary to relocate the kernel under some conditions (including
kexec)
* tag 'riscv-for-linus-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm
scripts: Do not strip .rela.dyn section
riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
riscv: misaligned: use get_user() instead of __get_user()
riscv: misaligned: enable IRQs while handling misaligned accesses
riscv: misaligned: factorize trap handling
riscv: misaligned: Add handling for ZCB instructions
Commit ec5fbdfb99 ("cgroup/cpuset: Enable update_tasks_cpumask()
on top_cpuset") enabled us to pull CPUs dedicated to child partitions
from tasks in top_cpuset by ignoring per cpu kthreads. However, there
can be other kthreads that are not per cpu but have PF_NO_SETAFFINITY
flag set to indicate that we shouldn't mess with their CPU affinity.
For other kthreads, their affinity will be changed to skip CPUs dedicated
to child partitions whether it is an isolating or a scheduling one.
As all the per cpu kthreads have PF_NO_SETAFFINITY set, the
PF_NO_SETAFFINITY tasks are essentially a superset of per cpu kthreads.
Fix this issue by dropping the kthread_is_per_cpu() check and checking
the PF_NO_SETAFFINITY flag instead.
Fixes: ec5fbdfb99 ("cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset")
Signed-off-by: Waiman Long <longman@redhat.com>
Acked-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Tejun Heo <tj@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmgeCdgQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgprW3EACoZmPgLRnt19f/u+veGKnJknGMkxgyph44
MryIe6kmJPnZ8CUAq+RloHtObAsMDbNmvcfwvp4Aeg1he7D6yNgCTHyamGRhtwR0
ydGS/eawYUibp5757TIegj26jZOEwWKkVaytX60N0rnRLLkr6IFXgA9JBhxpkF95
YYDW5+6nr7Z95ZNprSpvA5Q59tbv+HAGoKX2mmmj6sWwXCwx9eHEK0//bnOe6HzA
3mYGpsFOIgOZ/DFj33jscSygsuyQRevh/i4TxuNZjDm+AD9TZZwAbspxKPVml+pT
aVQ6oRQoGzcPDaoMTTUAwxrMmMaVI3oDFibTDofldDjRbvPI96wR4Cs1orCBHrsE
5xOynjyp6Yrr+RBCbA0i6vIdhb5P/oDsXQ4/qxLgdz46aWwXl7kxd6JhdjDXrmXm
3k9Kou/GHNGbB2qhYU+qASRAWj+hieEEgS31ppCu44q0hh8pbynlUCnl3Di0hHsJ
CIgjzOtdLb9sCJm68mpZGCkx71B2RX2TTZRhtCUHZNuAr2vqynPcza2+gtTIYJkN
uxtYeguKwKzWTJkB5l4hvscH8GVAKY4hFpILT7CjAMs6Rn/i9mCtnuWlDdGbxQdb
JQjxbKM5C/XNdcMG/3oDWaTrg1beFPSk87N9dCNx2A87zLxtLi71OpIScPFdlP9y
XN6QgJbh2g==
=sdd1
-----END PGP SIGNATURE-----
Merge tag 'block-6.15-20250509' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
- Fix for a regression in this series for loop and read/write iterator
handling
- zone append block update tweak
- remove a broken IO priority test
- NVMe pull request via Christoph:
- unblock ctrl state transition for firmware update (Daniel
Wagner)
* tag 'block-6.15-20250509' of git://git.kernel.dk/linux:
block: remove test of incorrect io priority level
nvme: unblock ctrl state transition for firmware update
block: only update request sector if needed
loop: Add sanity check for read/write_iter
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmgeCbcQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpjqBEACSplsJV9Xwby8tOHpjqPKMpHMoY4oeML6b
PY1LNLpdTA9PvJVwLgFODJBQr3If39nJfzgua7T2f6MLcFQSmhtSLEc9x5g+32Uv
rHALCcLS070ekuHNPC/pS6kDoO+7TL8n8LhgvZcAQ51DqqOh1cfTuxZH78/F7eYt
J7K2c6ayW0pPkVbWOAjALxJIZpK+yWloh6AhNSg+TGfRcLOb8BJK3Migkf6jMP2N
f4AA1J7SkqO0CAmB8HPcJRxelbuNNL8pJSJDhuii7SgkyKtXp7s3p7+/OfyUZaDL
FyrhSFNpswUI2sw5xDDZOs9I/BuoRiuz/QamuKhwEm1eTJZkoT4Vt263tpoIXKyU
M4gD6lQVAQxJlQvurx1/D5+n52T1lJsR9w5U+KpcpYY6ISs9f40nnt6m5naoTDaH
WgOkK/6vr77KZ30upDe2Y4ZY9knqRg+vc2btgqSEw/jmGZMb9+R7TA6R8Ef7KM+j
E6zSRLzR8rBB3dUMhcumR9uZRBoJuI9kQvk5iD9AeFMVjQBrtA3P/M8pRc/I+QuF
Zh3y3bfbhirIpWMxUHeaDHQ0PkQchyFprIABamVhhk3Dxpm/O1gFfxxY9Jj9UsGx
awfYpmB9AKtnw+/aH3kvg6Gf234/UOqLGGKiITHhtdtMBAXjgVIeG+mQdIpOL53t
BekdMII8kA==
=Ug++
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.15-20250509' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
- Fix for linked timeouts arming and firing wrt prep and issue of the
request being managed by the linked timeout
- Fix for a CQE ordering issue between requests with multishot and
using the same buffer group. This is a dumbed down version for this
release and for stable, it'll get improved for v6.16
- Tweak the SQPOLL submit batch size. A previous commit made SQPOLL
manage its own task_work and chose a tiny batch size, bump it from 8
to 32 to fix a performance regression due to that
* tag 'io_uring-6.15-20250509' of git://git.kernel.dk/linux:
io_uring/sqpoll: Increase task_work submission batch size
io_uring: ensure deferred completions are flushed for multishot
io_uring: always arm linked timeouts prior to issue
A single fix to prevent use of an uninitialized completion pointer when
releasing a module_kobject in specific situations.
This addresses a latent bug exposed by commit f95bbfe185 ("drivers: base:
handle module_kobject creation"), which was merged in 6.15-rc5. The fix has
been on modules-next only since yesterday but should be safe.
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEEIduBR9MnFA82q/jtumpXJwqY6poFAmgeFsAUHHBldHIucGF2
bHVAc3VzZS5jb20ACgkQumpXJwqY6po5FQgAgI+UlBRH+oMvzDCZqwoEm0anWthe
id4JiQT13HHZx1Z/27JNb2NkikqoWURdX1HGEbtfs86HfiSQZutR/nhk7Uwy0fve
i6kHvIGOtVsDxv/NX/EOVL1Foa5rTMBJoTPTYf81tvVT/PtFII90HuA38NZQXglV
DRyYncPAgJuDpayVTmKdN+VcM7+Ma7DR6WCfyhIUEJigAjm3cWxLo3F3poYLdthS
3hzun+BDay60dXZuQ8VHce8zovOs2/cQgYbw7L06y3FbGBTeBEZKEtSdb4uWh1gi
3BELNPMW1zj1rBZVCOPOHQTgAPi8uGhquLM/8onmbb8vAbzE6D+vESrY3A==
=xJA1
-----END PGP SIGNATURE-----
Merge tag 'modules-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux
Pull modules fix from Petr Pavlu:
"A single fix to prevent use of an uninitialized completion pointer
when releasing a module_kobject in specific situations.
This addresses a latent bug exposed by commit f95bbfe185 ("drivers:
base: handle module_kobject creation")"
* tag 'modules-6.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux:
module: ensure that kobject_put() is safe for module type kobjects
This tag contains two small commits since rc1:
- Add a .mailmap entry requested by Asahi Lina to better filter her
emails
- Mark the power domains for the touchbar support introduced with 6.15
as always on since the driver cannot initialize the touchbar from
scratch after the domains are powered off (e.g. during suspend).
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQS3vz815OHsEaWy0u9EEX0kKnUe6QUCaAj9TQAKCRBEEX0kKnUe
6UqPAP9Qjep3S12BKIReeAmjICirSP+Psp+n9G7mGMucEvw99QEAiSqYJ632k3rb
fYOgTvf0GNF5TNCwfhmqIqu/fNOKfA8=
=21TP
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiK/NIGsWEZVxh/FrYKtH/8kJUicFAmgeJwgACgkQYKtH/8kJ
UicHYg//bnjMWhuwJYovQzboqJqHLXlgCpdsSl7PnIdUeOu6SlUjFLAmRBYcmdGH
tErKv1MbiC1k9qyZH0f4M6kaPQ2NVrYjZZ5q77/E+m0XV9Y8JMk/EZqpOW5xwoUC
fTJ7VNu/8J/9iXK7GJKjG5PVdqa9l4Tpid8BNRU6iX4vEMsOfMIRTBldTAOG2olu
rrusybMng/MUfTTGKzM9iZBgbLSJWQaQMraLzF0/SAGCuiCZqAtCdILToHr9vCXR
cs9PiV5hhgDqH15E/jKZhApgT4p+NE4UcxVPtwsmWvJLUSFPybO0I+lBkY23uJ8k
Kxggis4/qiEET7mMpvcorjF0rfEEJcM/ib0+OURBAH5Vbi85N43HeRwlSzNdqxKm
Z968cWyePq8M/XIDpkZCujPqar1jUFsmDIjTwRFtN04Xn83vSC5OEkRpKpNWj0gA
/AwgZ7BSM/hv9z/p9Aixi7MXcf5nq4qrXJ0nvzfp6nwkYwbbcbqwKks8LViNKtpq
mgpS/T7cvWx156+7S1WmGfoqnfPRrOdSMod0PIiFj2EE7iIb1elMEy1jHX52LmTy
JeTqktQ4MxgfDy4/EdAv+f1D4fL04n+zKYEoW42DCYq7/BYP3Ua645ZtFo5LA2QC
UxwcQxjq0mJlnPHI4MGq9+DUemEt6IldxZOM+Y3qVdOPsXHNZ30=
=j+tN
-----END PGP SIGNATURE-----
Merge tag 'asahi-soc-fixes-6.15' of https://github.com/AsahiLinux/linux into arm/fixes
Apple SoC fixes for 6.15
This tag contains two small commits since rc1:
- Add a .mailmap entry requested by Asahi Lina to better filter her
emails
- Mark the power domains for the touchbar support introduced with 6.15
as always on since the driver cannot initialize the touchbar from
scratch after the domains are powered off (e.g. during suspend).
* tag 'asahi-soc-fixes-6.15' of https://github.com/AsahiLinux/linux:
arm64: dts: apple: touchbar: Mark ps_dispdfr_be as always-on
mailmap: Update email for Asahi Lina
Link: https://lore.kernel.org/r/20250423145047.3098-1-sven@svenpeter.dev
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
