With pch_pic device, its register is based on MMIO address space,
different access size 1/2/4/8 is supported. And base address should
be naturally aligned with its access size, here add alignment check
in its register access emulation function.
Cc: stable@vger.kernel.org
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Since using kvm_get_vcpu() may fail to retrieve the vCPU context,
kvm_get_vcpu_by_id() should be used instead.
Fixes: 8e3054261b ("LoongArch: KVM: Add IPI user mode read and write function")
Fixes: 3956a52bc0 ("LoongArch: KVM: Add EIOINTC read and write functions")
Reviewed-by: Yanteng Si <siyanteng@cqsoftware.com.cm>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Add the flag KVM_LARCH_LBT checking in function kvm_own_lbt(), so that
it can be called safely rather than duplicated enabling again.
Cc: stable@vger.kernel.org
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Commit 57fbad15c2 ("stackleak: Rename STACKLEAK to KSTACK_ERASE")
misses the stackframe.h part for LoongArch, so fix it.
Fixes: 57fbad15c2 ("stackleak: Rename STACKLEAK to KSTACK_ERASE")
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Now if preemption happens between protected_save_fpu_context() and
protected_save_lbt_context(), FTOP context is lost. Because FTOP is
saved by protected_save_lbt_context() but protected_save_fpu_context()
disables TM before that. So save LBT before FPU in setup_sigcontext()
to avoid this potential risk.
Signed-off-by: Hanlu Li <lihanlu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
When enabling CONFIG_KASAN, CONFIG_PREEMPT_VOLUNTARY_BUILD and
CONFIG_PREEMPT_VOLUNTARY at the same time, there will be soft deadlock,
the relevant logs are as follows:
rcu: INFO: rcu_sched self-detected stall on CPU
...
Call Trace:
[<900000000024f9e4>] show_stack+0x5c/0x180
[<90000000002482f4>] dump_stack_lvl+0x94/0xbc
[<9000000000224544>] rcu_dump_cpu_stacks+0x1fc/0x280
[<900000000037ac80>] rcu_sched_clock_irq+0x720/0xf88
[<9000000000396c34>] update_process_times+0xb4/0x150
[<90000000003b2474>] tick_nohz_handler+0xf4/0x250
[<9000000000397e28>] __hrtimer_run_queues+0x1d0/0x428
[<9000000000399b2c>] hrtimer_interrupt+0x214/0x538
[<9000000000253634>] constant_timer_interrupt+0x64/0x80
[<9000000000349938>] __handle_irq_event_percpu+0x78/0x1a0
[<9000000000349a78>] handle_irq_event_percpu+0x18/0x88
[<9000000000354c00>] handle_percpu_irq+0x90/0xf0
[<9000000000348c74>] handle_irq_desc+0x94/0xb8
[<9000000001012b28>] handle_cpu_irq+0x68/0xa0
[<9000000001def8c0>] handle_loongarch_irq+0x30/0x48
[<9000000001def958>] do_vint+0x80/0xd0
[<9000000000268a0c>] kasan_mem_to_shadow.part.0+0x2c/0x2a0
[<90000000006344f4>] __asan_load8+0x4c/0x120
[<900000000025c0d0>] module_frob_arch_sections+0x5c8/0x6b8
[<90000000003895f0>] load_module+0x9e0/0x2958
[<900000000038b770>] __do_sys_init_module+0x208/0x2d0
[<9000000001df0c34>] do_syscall+0x94/0x190
[<900000000024d6fc>] handle_syscall+0xbc/0x158
After analysis, this is because the slow speed of loading the amdgpu
module leads to the long time occupation of the cpu and then the soft
deadlock.
When loading a module, module_frob_arch_sections() tries to figure out
the number of PLTs/GOTs that will be needed to handle all the RELAs. It
will call the count_max_entries() to find in an out-of-order date which
counting algorithm has O(n^2) complexity.
To make it faster, we sort the relocation list by info and addend. That
way, to check for a duplicate relocation, it just needs to compare with
the previous entry. This reduces the complexity of the algorithm to O(n
log n), as done in commit d4e0340919 ("arm64/module: Optimize module
load time by optimizing PLT counting"). This gives sinificant reduction
in module load time for modules with large number of relocations.
After applying this patch, the soft deadlock problem has been solved,
and the kernel starts normally without "Call Trace".
Using the default configuration to test some modules, the results are as
follows:
Module Size
ip_tables 36K
fat 143K
radeon 2.5MB
amdgpu 16MB
Without this patch:
Module Module load time (ms) Count(PLTs/GOTs)
ip_tables 18 59/6
fat 0 162/14
radeon 54 1221/84
amdgpu 1411 4525/1098
With this patch:
Module Module load time (ms) Count(PLTs/GOTs)
ip_tables 18 59/6
fat 0 162/14
radeon 22 1221/84
amdgpu 45 4525/1098
Fixes: fcdfe9d22b ("LoongArch: Add ELF and module support")
Signed-off-by: Kanglong Wang <wangkanglong@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
When the CPU is offline, the timer of LoongArch is not correctly closed.
This is harmless for real machines, but resulting in an excessively high
cpu usage rate of the offline vCPU thread in the virtual machines.
To correctly close the timer, we have made the following modifications:
Register the cpu hotplug event (CPUHP_AP_LOONGARCH_ARCH_TIMER_STARTING)
for LoongArch. This event's hooks will be called to close the timer when
the CPU is offline.
Clear the timer interrupt when the timer is turned off. Since before the
timer is turned off, there may be a timer interrupt that has already been
in the pending state due to the interruption of the disabled, which also
affects the halt state of the offline vCPU.
Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
The default COMMAND_LINE_SIZE of 512, inherited from asm-generic, is
too small for modern use cases. For example, kdump configurations or
extensive debugging parameters can easily exceed this limit.
Therefore, increase the command line size to 4096 bytes, aligning
LoongArch with the MIPS architecture. This change follows a broader
trend among architectures to raise this limit to support modern needs;
for instance, PowerPC increased its value for similar reasons in the
commit a5980d064f ("powerpc: Bump COMMAND_LINE_SIZE to 2048").
Similar to the change made for RISC-V in the commit 61fc1ee8be
("riscv: Bump COMMAND_LINE_SIZE value to 1024"), this is considered
a safe change. The broader kernel community has reached a consensus
that modifying COMMAND_LINE_SIZE from UAPI headers does not constitute
a uABI breakage, as well-behaved userspace applications should not
rely on this macro.
Suggested-by: Huang Cun <cunhuang@tencent.com>
Signed-off-by: Ming Wang <wangming01@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
When compiling with LLVM and CONFIG_LTO_CLANG is set, there exist many
objtool warnings "sibling call from callable instruction with modified
stack frame".
For this special case, the related object file shows that there is no
generated relocation section '.rela.discard.tablejump_annotate' for the
table jump instruction jirl, thus objtool can not know that what is the
actual destination address.
It needs to do something on the LLVM side to make sure that there is the
relocation section '.rela.discard.tablejump_annotate' if LTO is enabled,
but in order to maintain compatibility for the current LLVM compiler,
this can be done in the kernel Makefile for now. Ensure it is aware of
linker with LTO, '--loongarch-annotate-tablejump' needs to be passed via
'-mllvm' to ld.lld.
Note that it should also pass the compiler option -mannotate-tablejump
rather than only pass '-mllvm --loongarch-annotate-tablejump' to ld.lld
if LTO is enabled, otherwise there are no jump info for some table jump
instructions.
Fixes: e20ab7d454 ("LoongArch: Enable jump table for objtool")
Closes: https://lore.kernel.org/loongarch/20250731175655.GA1455142@ax162/
Reported-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Co-developed-by: WANG Rui <wangrui@loongson.cn>
Signed-off-by: WANG Rui <wangrui@loongson.cn>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
When compiling with LLVM and CONFIG_LTO_CLANG is set, there exist many
objtool warnings "sibling call from callable instruction with modified
stack frame".
For this special case, the related object file shows that there is no
generated relocation section '.rela.discard.tablejump_annotate' for the
table jump instruction jirl, thus objtool can not know that what is the
actual destination address.
It needs to do something on the LLVM side to make sure that there is the
relocation section '.rela.discard.tablejump_annotate' if LTO is enabled,
but in order to maintain compatibility for the current LLVM compiler,
this can be done in the kernel Makefile for now. Ensure it is aware of
linker with LTO, '--loongarch-annotate-tablejump' needs to be passed via
'-mllvm' to ld.lld.
Before doing the above changes, it should handle the special case of the
relocation section '.rela.discard.tablejump_annotate' to get the correct
table size first, otherwise there are many objtool warnings and errors
if LTO is enabled.
There are many different rodata for each function if LTO is enabled, it
is necessary to enhance get_rodata_table_size_by_table_annotate().
Fixes: b95f852d3a ("objtool/LoongArch: Add support for switch table")
Closes: https://lore.kernel.org/loongarch/20250731175655.GA1455142@ax162/
Reported-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
a fallback during cpuid helpers reorg
- Initialize reserved fields in the SVSM page validation calls structure
to zero in order to allow for future structure extensions
- Have the sev-guest driver's buffers used in encryption operations be
in linear mapping space as the encryption operation can be offloaded
to an accelerator
- Have a read-only MSR write when in an AMD SNP guest trap to the
hypervisor as it is usually done. This makes the guest user experience
better by simply raising a #GP instead of terminating said guest
- Do not output AVX512 elapsed time for kernel threads because the data
is wrong and fix a NULL pointer dereferencing in the process
- Adjust the SRSO mitigation selection to the new attack vectors
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmihmPcACgkQEsHwGGHe
VUr6Iw/+KKuQdicPRvdQ8Kv+710oHFHka1CY/LdHuADuuzWWE+Zj6RzwraM0aqIr
1E4resu05MPVJj3KAzt0rBS4Ch5bbNU0QHQqhuuxe+EZpbY8XNxx53f43E4wHTS8
bPaZI1GdLZSTh5BUGRj9N0udK5gnd6kbku80PAbP2fqi+aSOZSA8JCqmiUicSi0/
EbYye7n38q8u1Dh2y9t9CBuxAOZEyzCM6LXRELmK5lya1LGJkKOTGllyb8irzsiv
HlLW1sN+weeVlvdUd1LvaYgTAetNhSVtiuh71cGMENnpoAyO6HAea+7X8Tg7UHHp
zsYRVXKg2CENQpo4OsQ3q/O7fnPTets7NFm8DNwSKO0qoCqn3Yf4AD4IeCIqZdM3
B2an4b1SWN2xtW38YEEGFVKIBIZVLQFzjmwR3yu8wqjhycIW3rNRCiQuI4EvW+ej
kx5ZXHXHKvThoLuxio/ILce1oWa4O9K+GzV9vEDHtYK283sCUU2XyUOVq3Ntpmoc
/mzOaBWAjN9nMWJ01DoPRh0bs5nkbN/NQxIOHUiOtLmMkwJX9ls/ed2VagL/iMq1
Sj1RZqkLEUYSHgE+HOToK8LXhbuDp6QEv1FUL/29pu1fzXRn5cn0PJx56+EKjJWO
f7b3NWMNGbbD/sIcYAtU73GVNnAOGzUkNA7AjDfmq+YoiC5G+LA=
=zsPJ
-----END PGP SIGNATURE-----
Merge tag 'x86_urgent_for_v6.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Borislav Petkov:
- Remove a transitional asm/cpuid.h header which was added only as a
fallback during cpuid helpers reorg
- Initialize reserved fields in the SVSM page validation calls
structure to zero in order to allow for future structure extensions
- Have the sev-guest driver's buffers used in encryption operations be
in linear mapping space as the encryption operation can be offloaded
to an accelerator
- Have a read-only MSR write when in an AMD SNP guest trap to the
hypervisor as it is usually done. This makes the guest user
experience better by simply raising a #GP instead of terminating said
guest
- Do not output AVX512 elapsed time for kernel threads because the data
is wrong and fix a NULL pointer dereferencing in the process
- Adjust the SRSO mitigation selection to the new attack vectors
* tag 'x86_urgent_for_v6.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/cpuid: Remove transitional <asm/cpuid.h> header
x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero
virt: sev-guest: Satisfy linear mapping requirement in get_derived_key()
x86/sev: Improve handling of writes to intercepted TSC MSRs
x86/fpu: Fix NULL dereference in avx512_status()
x86/bugs: Select best SRSO mitigation
type of task so that they don't trigger falsely
- Use the write unsafe user access pairs when writing a futex value to prevent
an error on PowerPC which does user read and write accesses differently
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmihlaAACgkQEsHwGGHe
VUrV7g/+Kx4n1TQuGnk4kd5h5q0uls8mgeFddYjv6BgVxcaWq7Tzv7XMJ5hvWEqp
P/+Zt43Sv9sd7i+PhoFD2Lr+EDYx8c0Lp08/LH0zsgKIA2Ai8ntJHJcb3se3Kxr5
yV23d0tkrCijcB58OL1xncm96Lp3XoXyTz8b0ahKDNG9mS8F/9XK9GgmG9OqKXDg
7T8Vx5NKt0YrvAWwvsQQlTUTcQ4a4O/UMwJmgEbvqHn0WwQISRxx/TE6wYuIwWAj
pbrN5kzDsZ6tA07h48NWnkFOEeqsQgbbKDkWvYYRYBrVzEATQBpBWfSQ0HsaqPmc
1Mk5Zs+J5UFhHx7Yw348JVqw5Fl4VDT4Oi4AoIzjBym3c73nrNfZzESRsf4dES5Q
DBsgTb0tjEZcR7MrWWErYu1LXw1qP5Ib39qLDVIvQQ4HomctSUuXVTIRL9qJvaCK
aCPt2Ivkhj3wItZSeTfzLTXbWE9lP4AhuBpJ4ALHRbOaCRLNfK9ZzLfOUyKePUvx
s3j7iPubfS5/lw192z5weLzEE4e8E7wIxSkIQNKLQFI/kr5YwKfwEO5Zm+UMfH5j
m+Hl7YKS0nT2IlFbRel2cSkw4MDaEJjgahMzbp+D0p+xV2H4KjY4nLoarwsuoP8D
GxLAOmRW1nzqj3QHIWsBF9iBxkO89lshWOgGxhUbhtywNqxSV6M=
=q1tX
-----END PGP SIGNATURE-----
Merge tag 'locking_urgent_for_v6.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull locking fixes from Borislav Petkov:
- Make sure sanity checks down in the mutex lock path happen on the
correct type of task so that they don't trigger falsely
- Use the write unsafe user access pairs when writing a futex value to
prevent an error on PowerPC which does user read and write accesses
differently
* tag 'locking_urgent_for_v6.17_rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
locking: Fix __clear_task_blocked_on() warning from __ww_mutex_wound() path
futex: Use user_write_access_begin/_end() in futex_put_value()
Toolchain and infrastructure:
- Workaround 'rustdoc' target modifiers bug in Rust >= 1.88.0. It will
be fixed in Rust 1.90.0 (expected 2025-09-18).
- Clean 'rustdoc' output before running it to avoid confusing the tool
when files from previous versions remain.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEPjU5OPd5QIZ9jqqOGXyLc2htIW0FAmig+UEACgkQGXyLc2ht
IW1s4RAAzT1MCd+CMXfPFyVQnsyXblCa5I3UWhE0+T2nPlicdQqD8NmmkvsxyGLB
SpoZnYk1yDl9L0wxx7Bw/elGeaoIf/EDqsF2Jl7jg9czhWuQhUTsnHemhw93gaOW
uCpCUduiTRlZH3Zp2jCQ7rglXdbAzWTPhyCOTJ5oxn3XTj9GL5iFE8iCea2/vjgV
sYf9GMkwy6I1+HmLsf7rhKVtrt+vozI8PVTXiPX1OlYpRBH0VjmRwjHIDJiGL1qU
FO0AZzNJqZ8yctheCvTJLxezf2SWXxgMaRuEPY7dEXNvyf7LcmXcxvnAnuQbbh0v
7wWTRd427bcKLG4NQ6Mqs1bB53YrgC/qfnSgczAtmULXTYoKHq26Ei6bUG2RnBr6
Br534xF1o1k71Fi5vebtbaGRoLAQFVSB1eTU+iaSZy01YZAevqP4+Ot2Y4NntJtP
CYnU9cUMZiWIOa42RnBI0YHOtdW7QeNSKKIAH2eT1GTB2bbqUtWuioN67jbHG3uq
kt3q7Mu8BwLoH6x6/vkPVW9KKahK5LMlB/uOspZhoaEHeGLO7JluoRwc0+EWV8Zm
QOaCB+lQC1gsEJTmNt0SaexYc7T2ml7zh8uXf+7jXOPzJ1UGUtCXq74un5kkYSOG
CKMmDKAhZa76BwSiFhlrYKlKBxhnYatyzQKXxe6u7caKoJAixfc=
=uT2O
-----END PGP SIGNATURE-----
Merge tag 'rust-fixes-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux
Pull rust fixes from Miguel Ojeda:
- Workaround 'rustdoc' target modifiers bug in Rust >= 1.88.0. It will
be fixed in Rust 1.90.0 (expected 2025-09-18).
- Clean 'rustdoc' output before running it to avoid confusing the tool
when files from previous versions remain.
* tag 'rust-fixes-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux:
rust: kbuild: clean output before running `rustdoc`
rust: workaround `rustdoc` target modifiers bug
- Fix a regression affecting old IDE/PATA device scan and introduced by
the recent link power management cleanups & fixes. The regression
prevented devices from being properly detected (me).
- Fix command duration limits (CDL) feature control: attempting to
enable the feature while NCQ commands are being executed resulted in
a silent failure to enable CDL when needed (Igor).
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCaKB5NgAKCRDdoc3SxdoY
dmb0AQDGsKNEgAB4tY6e0dkqmp6j0TbcfqT38sizQrOHQKXbQwD8Cq/SdMxsWvjq
4gWan4AiQmCBR5plwuFmeZ5XXuLSdgU=
=2Hgt
-----END PGP SIGNATURE-----
Merge tag 'ata-ata-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
Pull ata fixes from Damien Le Moal:
- Fix a regression affecting old IDE/PATA device scan and introduced by
the recent link power management cleanups & fixes. The regression
prevented devices from being properly detected (me)
- Fix command duration limits (CDL) feature control: attempting to
enable the feature while NCQ commands are being executed resulted in
a silent failure to enable CDL when needed (Igor)
* tag 'ata-ata-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
ata: libata-scsi: Fix CDL control
ata: libata-eh: Fix link state check for IDE/PATA ports
One core change removing the 'w' access flag of attributes that don't
have a set routine (and therefore can't be written to) which should
have no practical impact. The big scsi_debug update is caused by
reformatting lots of arrays and the rest of the bug fixes in drivers
are trivial.
Signed-off-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
-----BEGIN PGP SIGNATURE-----
iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCaKBK+yYcamFtZXMuYm90
dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishW1NAP4wTjnJ
MWB2YCP2jjQRyqUTdNI+XmL3pb15fnY1DZ/18QD/Vrhoa0SX1QFzr4h4ItPU+cIM
zAqMdfi2rVKbewZ5R+A=
=8XVL
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"One core change removing the 'w' access flag of attributes that don't
have a set routine (and therefore can't be written to) which should
have no practical impact. The big scsi_debug update is caused by
reformatting lots of arrays and the rest of the bug fixes in drivers
are trivial"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ufs: core: Remove error print for devm_add_action_or_reset()
scsi: ufs: mediatek: Fix out-of-bounds access in MCQ IRQ mapping
scsi: lpfc: Remove redundant assignment to avoid memory leak
scsi: lpfc: Fix wrong function reference in a comment
scsi: ufs: core: Fix interrupt handling for MCQ Mode
scsi: scsi_debug: Make read-only arrays static const
scsi: core: sysfs: Correct sysfs attributes access rights
bridge:
- fix OF-node leak
- fix documentation
fbdev-emulation:
- pass correct format info to drm_helper_mode_fill_fb_struct()
panfrost:
- print correct RSS size
amdgpu:
- PSP fix
- VRAM reservation fix
- CSA fix
- Process kill fix
i915:
- Fix the implementation of wa_18038517565 [fbc]
- Do not trigger Frame Change events from frontbuffer flush [psr]
xe:
- Some more xe_migrate_access_memory fixes (Auld)
- Defer buffer object shrinker write-backs and GPU waits (Thomas)
- HWMON fix for clamping limits (Karthik)
- SRIOV-PF: Set VF LMEM BAR size (Michal)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmifpQsACgkQDHTzWXnE
hr63FA//SvXpA51XfZuF1gm6x3oeYuF1xGMLS34ol6EI4YwOQg7wke7IFMe12dMJ
X/1kZ48Ju1l9NLyuRQfC7zW1EAqN4HjrB62MdGxFv7+Ap/i5SiOow9zJRSg0a5Mq
qRNmyGSw4ch1sVnU4LN1+9rVqpMN/jo5ngEvSlLlUmDtG2Plg9PzqSGIGHGPgStL
DEQI9DHUzn1F6lVtvdj/rA1+EzxaPKQ1g/VHMbA8bR46xal4jJ1BOWUI2plG6dcf
OxfhNvdqETz7q1YFgbyMUSXaR2VcK9qM/ATSBV/CSYOz51cd11CE12FI+Fywfc0i
/Jgt3H1Ociis/x7BfuTaRL3FkVYgzq7UK4KHZVeASJch2AjSl5tyaLx+ghmr4+5i
bPgK5rcWof9XvxRHylzKUcJwg+1Tn3r280mwWS/RQuGDEAWkT/8IB7WO+Ol8tJ+v
UbSsODl2BkXnumZE7r/dOcYNaJNgRdE5Uvc7+jCnt67Rk1WHBS8BB82Cst285A9h
lJdNp+mvN10erfWfLYhEWaFs/E6Us0YyFxKui65ZJftS5ErsQBDKE7Va7MVz5AxM
Laa8/K+5Y6c/2WW1Z8Ayiua/KV2Y7b4oWlhUPu6V/rjZrHHYt2sE1KV/bBeBKlPo
Q1zjf8ECQW90lK7vLSxPfGID5LMQUhJbmpaEpfyjyU+Q9nYjl9Y=
=d48j
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2025-08-16' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Relatively quiet week, usual amdgpu/i915/xe fixes along with a set of
fixes for fbdev format info, which fix some regressions seen in with
rc1.
bridge:
- fix OF-node leak
- fix documentation
fbdev-emulation:
- pass correct format info to drm_helper_mode_fill_fb_struct()
panfrost:
- print correct RSS size
amdgpu:
- PSP fix
- VRAM reservation fix
- CSA fix
- Process kill fix
i915:
- Fix the implementation of wa_18038517565 [fbc]
- Do not trigger Frame Change events from frontbuffer flush [psr]
xe:
- Some more xe_migrate_access_memory fixes (Auld)
- Defer buffer object shrinker write-backs and GPU waits (Thomas)
- HWMON fix for clamping limits (Karthik)
- SRIOV-PF: Set VF LMEM BAR size (Michal)"
* tag 'drm-fixes-2025-08-16' of https://gitlab.freedesktop.org/drm/kernel:
drm/xe/pf: Set VF LMEM BAR size
drm/amdgpu: fix task hang from failed job submission during process kill
drm/amdgpu: fix incorrect vm flags to map bo
drm/amdgpu: fix vram reservation issue
drm/amdgpu: Add PSP fw version check for fw reserve GFX command
drm/xe/hwmon: Add SW clamp for power limits writes
drm/xe: Defer buffer object shrinker write-backs and GPU waits
drm/xe/migrate: prevent potential UAF
drm/xe/migrate: don't overflow max copy size
drm/xe/migrate: prevent infinite recursion
drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush
drm/i915/fbc: fix the implementation of wa_18038517565
drm/panfrost: Print RSS for tiler heap BO's in debugfs GEMS file
drm/radeon: Pass along the format info from .fb_create() to drm_helper_mode_fill_fb_struct()
drm/nouveau: Pass along the format info from .fb_create() to drm_helper_mode_fill_fb_struct()
drm/omap: Pass along the format info from .fb_create() to drm_helper_mode_fill_fb_struct()
drm/bridge: document HDMI CEC callbacks
drm/bridge: Describe the newly introduced drm_connector parameter for drm_bridge_detect
drm/bridge: fix OF node leak
Signed-off-by: Carlos Maiolino <cem@kernel.org>
-----BEGIN PGP SIGNATURE-----
iJUEABMJAB0WIQSmtYVZ/MfVMGUq1GNcsMJ8RxYuYwUCaJ8nJQAKCRBcsMJ8RxYu
Y91GAX4q+aKhXBJzzEYGaCGEajMNHlClPI9Ac5AlhSkzW/XdZdS8FhIgJMNegTst
yOKZ32kBgPoBtiVDbRs7h0USqmcd94f9IwmoLa+0miUKyHHJaZIR97of9F/P1o3q
Lx2dLf5hwQ==
=e0dN
-----END PGP SIGNATURE-----
Merge tag 'xfs-fixes-6.17-rc2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs fixes from Carlos Maiolino:
- Fix an assert trigger introduced during the merge window
- Prevent atomic writes to be used with DAX
- Prevent users from using the max_atomic_write mount option without
reflink, as atomic writes > 1block are not supported without reflink
- Fix a null-pointer-deref in a tracepoint
* tag 'xfs-fixes-6.17-rc2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: split xfs_zone_record_blocks
xfs: fix scrub trace with null pointer in quotacheck
xfs: reject max_atomic_write mount option for no reflink
xfs: disallow atomic writes on DAX
fs/dax: Reject IOCB_ATOMIC in dax_iomap_rw()
xfs: remove XFS_IBULK_SAME_AG
xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
xfs: fix frozen file system assert in xfs_trans_alloc
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmifSywQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpo6lD/0T1HlfvcG2kVfk35pcn1EaVxX5li1nuRTa
afUmnVHeOe8C5Fcl9uwc7oBcdJUGldWcE3ARBHorMhmougy9hVj5T9qUKzP6w87U
ZVMU63gDJ13Uz0hv3nl6UDSv2P0Sgk+zb9qEpJx/XiOVtaw9rERGNpLNjjASU65v
c+BdRO4dwIrWUEz/dWU8AMADacjyFd1fBLvLxUQAWJ2Jo9voup4KnywDw5AuoTSw
wmXPYYoyaPtciNontQz+s6lFX4qCJJijnmiS4W7jF//xxbMS5MxSQzKVhdH5Ax0w
hpMO2Zb7UsF3zPiNiwfrtukhK68GJOJPmmOFkVPjaLU15kme84mDKE7Ad6hmiJXy
nDaMbt7+NLvV3Gn4TEZxyiqwA4MPOoqdmwg7rFPD4k6oCQ9Z+lOnKSd+gGNX2Mn5
fSjTAGFRXygfJ7mshGjRSqPEzqa+uPGMg+32gEUcE7Dx3U0bvFs4jZSqgEAjEAqR
e62zJtlYKgwaj+1lHG5+GMq1guU//H8IndSFGPMRKUBky1AIaLZZ8LiQbqEdnAWW
nTuPPUth5l2AzdmVjiBRzlOoiH8vhf8Mh5n+QPHP/olG9AKUmpYWquMzDMHKnZtt
6SOvnD8RDUgcojgdDPHXHpWEclNEw31b+jjZaFC+qcwnGDqAhEFy4qZJNFqqsiDl
W2nSJrsLtw==
=JNGm
-----END PGP SIGNATURE-----
Merge tag 'block-6.17-20250815' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
- Fix for unprivileged daemons in ublk
- Speedup ublk release by removing unnecessary quiesce
- Fix for blk-wbt, where a regression caused it to not be possible to
enable at runtime
- blk-wbt cleanups
- Kill the page pool from drbd
- Remove redundant __GFP_NOWARN uses in a few spots
- Fix for a kobject double initialization issues
* tag 'block-6.17-20250815' of git://git.kernel.dk/linux:
block: restore default wbt enablement
Docs: admin-guide: Correct spelling mistake
blk-wbt: doc: Update the doc of the wbt_lat_usec interface
blk-wbt: Eliminate ambiguity in the comments of struct rq_wb
blk-wbt: Optimize wbt_done() for non-throttled writes
block: fix kobject double initialization in add_disk
blk-cgroup: remove redundant __GFP_NOWARN
block, bfq: remove redundant __GFP_NOWARN
ublk: check for unprivileged daemon on each I/O fetch
ublk: don't quiesce in ublk_ch_release
drbd: Remove the open-coded page pool
All CPUID call sites were updated at commit:
968e300068 ("x86/cpuid: Set <asm/cpuid/api.h> as the main CPUID header")
to include <asm/cpuid/api.h> instead of <asm/cpuid.h>.
The <asm/cpuid.h> header was still retained as a wrapper, just in case
some new code in -next started using it. Now that everything is merged
to Linus' tree, remove the header.
Signed-off-by: Ahmed S. Darwish <darwi@linutronix.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250815070227.19981-2-darwi@linutronix.de
In order to support future versions of the SVSM_CORE_PVALIDATE call, all
reserved fields within a PVALIDATE entry must be set to zero as an SVSM should
be ensuring all reserved fields are zero in order to support future usage of
reserved areas based on the protocol version.
Fixes: fcd042e864 ("x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Joerg Roedel <joerg.roedel@amd.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/7cde412f8b057ea13a646fb166b1ca023f6a5031.1755098819.git.thomas.lendacky@amd.com
Commit
7ffeb2fc26 ("x86/sev: Document requirement for linear mapping of guest request buffers")
added a check that requires the guest request buffers to be in the linear
mapping. The get_derived_key() function was passing a buffer that was
allocated on the stack, resulting in the call to snp_send_guest_request()
returning an error.
Update the get_derived_key() function to use an allocated buffer instead
of a stack buffer.
Fixes: 7ffeb2fc26 ("x86/sev: Document requirement for linear mapping of guest request buffers")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/9b764ca9fc79199a091aac684c4926e2080ca7a8.1752698495.git.thomas.lendacky@amd.com
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmifSv8QHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpuPnEAClm82Eh6YvDyICgDbFAUwfgPVAMDhc67nc
uUUU4T/nzEEbHnESNAhISUScAR249cj3kTMwOhbgjy+gppJddwyJjVAPk827jjuf
xxw9BwtMFkEC2M4Rn0K/uPhZlc2+aVWpo2Cn/nfq61gbgHvohrKC2Yta9vqXxnkf
qKmYSiO9ALG+c9m53U0qFmmxy9/9RD9qdVqBFD5E7TKh2jBibcfoQVs4WeBLVQ24
50LrF9xIlKVf/HyASXkgx54sj0moKWwgX19TpWtLP4YPq2GcWHlCduTRhd42fxFz
pY2U6oWK9GzusbQ97h3JjIRJ7j9UodKEeN9p+za3DM2SANGiMsdGgAJPC7U/WSOz
+V5uOk/xakLgU9GNhKAgkAOuUUG1zXLRlJ6bzxKkw40dsltf7bMSbEBlilPOrhwZ
8He7cxOenJoyHp4JzICvFzQ0DUJhYwduro8QCankLGUG6NTEftfid3IFUKdbhY41
h3qpHkzxLAyNw5YJnQ0+07aMEPxDb6ZZ69uPwA3neHL/sjG09AIrsSTLRI7DPJOS
7riJJtjwRxvruummqQTimY4dx0XZp47wT7phDBqfCGh8R0Mt4r3Tium9dKOT4WVP
JRbodZ7I1QLZSlUxUqGVEjvZLIjG0O/QZN7GFHI8prMwEl9BdjY7wrRw2zuKsPYM
xqFLvFmb+g==
=Fwfy
-----END PGP SIGNATURE-----
Merge tag 'io_uring-6.17-20250815' of git://git.kernel.dk/linux
Pull io_uring fixes from Jens Axboe:
- Tweak for the fairly recent changes of minimizing io-wq worker
creations when it's pointless to create them.
- Fix for an issue with ring provided buffers, which could cause issues
with reuse or corrupt application data.
* tag 'io_uring-6.17-20250815' of git://git.kernel.dk/linux:
io_uring/io-wq: add check free worker before create new worker
io_uring/net: commit partial buffers on retry
A collection of small fixes.
- Potential OOB access fixes in USB-audio driver
- ASoC kconfig menu fix for improving the generic drivers
- HD-audio quirks and a fix revert
- Codec and platform-specific small fixes for ASoC
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmifC9YOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE/BehAAwhx8yxnhV9IYxS50C6ySvKnzaV8JbLeNaUeW
JTJjGCY+zDX4+1D0NWyw/OhFEB2/Vua4MFWqwPrR7m0lgpm9wYnCT3ALbV3JKDPu
b1ZlX6ZYHocSoMU1N1QDTC6Kec+UbKaOQwbrVFuKfo8Q+V7qo+burcyWgdpaVcLX
OzmCUbONRNX68NlN4ZzfzBlKVDfkzPYHGcE5lmZKYHj4EfeeiK5MQGIuCj2UJ3bh
urMTqJ7HmTfRmiiJZh9dMYET+Z0VtFkQtKIkZqIqgB6DbNsovkUMMvE6Bafzds4h
BbzgXdMEbfRDvaCS2OrqgamtoTD5qC+Op6/XnnvSUwaCWobe/vrwJ0N/OIMCaaOo
2fY6ST25/z5FUqf3LPxINCtk0z1CloGB7OgiiuPLh5N0hOTV+vdbEoBFs228PHCN
InaissJ56YBmyMiXGqcCXEG9pBFOnV0SuqvSCWWATRHA9pP05/E1iIoXCzMKDiJP
+YGufk4hZg0bXYRbu6HaFbP2YKYY0h4hs1NxS1uewF1ORHUkAYOQ2WNH3mxwz3uz
N1oE70WSOiz0p37NGGkNX8w3AVzT5L3Ef8UCvtfYAVAF6cRE+TipUzESFBkNLAHZ
Zx/t4HV8MSudx2sUUIS7JiC7+DJXMhIAHwvNUeGrGsC5nvpRY0/VPCAt+t8Xgu04
n7hNYpo=
=gCaR
-----END PGP SIGNATURE-----
Merge tag 'sound-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes:
- Potential OOB access fixes in USB-audio driver
- ASoC kconfig menu fix for improving the generic drivers
- HD-audio quirks and a fix revert
- Codec and platform-specific small fixes for ASoC"
* tag 'sound-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/tas2781: Normalize the volume kcontrol name
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
Revert "ALSA: hda: Add ASRock X670E Taichi to denylist"
ALSA: azt3328: Put __maybe_unused for inline functions for gameport
ASoC: tas2781: Normalize the volume kcontrol name
ASoC: stm: stm32_i2s: Fix calc_clk_div() error handling in determine_rate()
ASoC: codecs: Call strscpy() with correct size argument
ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
ASoC: tas2781: Fix spelling mistake "dismatch" -> "mismatch"
ASoC: rt1320: fix random cycle mute issue
ASoC: rt721: fix FU33 Boost Volume control not working
ASoC: generic: tidyup standardized ASoC menu for generic
ASoC: codec: sma1307: replace spelling mistake with new error message
ASoC: codecs: tx-macro: correct tx_macro_component_drv name
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
- fix the way optional interrupts are retrieved from firmware in
gpio-mlxbf3
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEFp3rbAvDxGAT0sefEacuoBRx13IFAmie81cACgkQEacuoBRx
13ITjxAAqoSjsoODn+8rpx08uhGCa98i1BX46uOgJJzsbE2JcSDjztNodXP02eJh
vg049tOy2YT0+OdHbuEjDoW8yzmiQRB6/nZ2FbwUFNArGr7eQEizIrDnNixEf/nD
oYpZENd9njIzDBtdJe47ZPV4k3GB38zcAbrtGLVh2zwyZcnwuT8veymENjDl82f6
YB83IM6fY9SQrEy6zctWS+u2hVcI+6XlaFDjOK2UAiey6REeAfEVD+B31rHdogqa
7DvLnzGnrNsIykimmIGBrlEkskcCgh5mLagEl5n0O2K4GWDKluXrtId3Cefn34JM
hnpIh5gVBWGeFC1IRN0N02Z8yq67/qi8rNHD8xcLjkShdPAanBh95UIRbbyM4EK3
q8ZtC01fHV4Pjz9K/6ZV71GVmllFXHRZbWDhJRsSkIDgV03O+F/J1vNnGbQMXiDn
aNiPicEe1hmRbi+9B+qq+he6ncqP37UxYd7C/XMKdAvXTIwQUhu9cGgl7vQl0ojN
dySdzH/y7O/WUI+RCrepAic/PgXFXtPC6D7M3D3iWOZpMeV0IPfc5SdgidtRcVt0
DFJZGl9Im1Dzn09kTQn6cDJmNKW6ekpp5tCPrrAmtyKY4XgOCHFcLC8kxsrBNYar
nDip/Y2eMnnRmfmdXXt6DlkDwlc3TissTK2j9XhY3ETASp48+Dk=
=PyWR
-----END PGP SIGNATURE-----
Merge tag 'gpio-fixes-for-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fix from Bartosz Golaszewski:
- fix the way optional interrupts are retrieved from firmware in
gpio-mlxbf3
* tag 'gpio-fixes-for-v6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpio: mlxbf3: use platform_get_irq_optional()
Revert "gpio: mlxbf3: only get IRQ for device instance 0"
- tegra: Ensure pmc power-domains are in a known state
-----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmie6iQXHHVsZi5oYW5z
c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjCk4MBAAg1rfgy2Ui3kP3kWVeOA3gf/k
eTfxEYuZhJaDG5Q/WWrREQR3q3V+rLdaBxyWjdGAkT9a8LnnJV21TUsDII/Segfz
4HcJA5txV2LcOtiZVg0S4J/aKA4klhPji/H8vN3yEq5xS2ldre9oB9z+u8yPuOhm
zmtxjrtzNZNkcSim+wE4tfk9XmnEut71Dh2IG8whTrxNnWXJnCbfgRn6jznKGlBm
i1Wrwdk05Z4EA4nkAHfeXWqqGcZoGhlFnFCYqKG0wymTBX0MPbT1dP1plwaKME0I
8ZQT+41Tm0BBs0T6PtWm238RmHqTGw2kP2QWXZvlbh3BMXDdoEqAvrwEuIOzOoPC
+lmCRhU8kHeDrI9wuMAntiuqAF2Mjq2UJs2qfyLsS2if9Di773i7U4tC9m1b+G2A
cvTj9A3X7/xlKFw4L8eF1xZU8vJ+A8woPpNPyUTgrK2NXdKU5MZdHIXfGyFCtEuQ
60z0iaYZt/7sksc3RfeCus4p72eFfpqK1ryHG75FhkQ/oNpxVk7VSfq9eEtnJ4H8
K5uVjxYkS4rd2/dPmMCW0CtnHvZNXrCc/0hMnpos8qQ8rftrvEVlt4+jQLupxLTd
L7fa9ZIxzJSBNGqQY7uuJBeC44Z2UyuOBz+qbzGTocS6If5ggd1yj+Vs4JuSEFrO
UXFG98C0+iJN5GQ1lgI=
=cH2o
-----END PGP SIGNATURE-----
Merge tag 'pmdomain-v6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm
Pull pmdomain fix from Ulf Hansson:
- tegra: Ensure pmc power-domains are in a known state
* tag 'pmdomain-v6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
soc/tegra: pmc: Ensure power-domains are in a known state
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmiegSwACgkQiiy9cAdy
T1GFvwv+JJajYgnBMmH/fOHpeozxV9PYpS+ACw1dTTR6wW9wH4e0P9lD1iqGR8bD
gewwvcaf6d2rw1fs3WfrJsSaQs+wmnIKlMFpMNMMHbW127Yts0stnclVhIrYAnE+
/JjK/d2dhpt6YJFGsYHK83OBsVsSY98KZPOuLUMo4cTmqzlEudWvcZapllNOiq6t
ygbdB89+o5ZAASeXzTJXOrcydamlCMMsdxBzs1GdQ6I84yDgXHhyPpY3rQAxy06L
TJkJO3IM9we0WBgh0qbglvH2D+KGJTbtB5q13CRMJ/PfeExWXdUEjXyYqa+wdyxY
3lcYmORhVuEQ6miLLPQjeFulGOi08G2rm1LzjKSmMsVuR4IJp22w0xZ0xeElJtos
xZEM6fX3cYYDWBbd7wSKp+XGsQLqDu505QKQY68Oyy5ji57851WfNZdCKfMkpx8a
54U1/XpP9KzqTKTNihxrbgZWpVPM5dB1k8RCBzqVVQ5jJK85kD77UBfEWbkE8Hbl
rXR18Et7
=SgEg
-----END PGP SIGNATURE-----
Merge tag '6.17-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb client fixes from Steve French:
- Fix unlink race and rename races
- SMB3.1.1 compression fix
- Avoid unneeded strlen calls in cifs_get_spnego_key
- Fix slab out of bounds in parse_server_interfaces()
- Fix mid leak and server buffer leak
- smbdirect send error path fix
- update internal version #
- Fix unneeded response time update in negotiate protocol
* tag '6.17-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb: client: remove redundant lstrp update in negotiate protocol
cifs: update internal version number
smb: client: don't wait for info->send_pending == 0 on error
smb: client: fix mid_q_entry memleak leak with per-mid locking
smb3: fix for slab out of bounds on mount to ksmbd
cifs: avoid extra calls to strlen() in cifs_get_spnego_key()
cifs: Fix collect_sample() to handle any iterator type
smb: client: fix race with concurrent opens in rename(2)
smb: client: fix race with concurrent opens in unlink(2)
This set of fixes includes a solution for the issue described in the tag
annotation for v6.17 updates.
The issue involved a potential call to schedule() within an RCU read-side
critical section. The solution applies reference counting to ensure that
handlers which may call schedule() are invoked safely outside of the
critical section.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQE66IEYNDXNBPeGKSsLtaWM8LwEwUCaJ6SzAAKCRCsLtaWM8Lw
E2YMAP0SNa3lrX9AWVviipIztqPb5Eo5jbMFk1KztEYWf/g0RQD+JxdELawys+3V
oVNceJ5UUpQy0lSge4bll0Y1kZNlAQE=
=gk22
-----END PGP SIGNATURE-----
Merge tag 'firewire-fixes-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull firewire fixes from Takashi Sakamoto:
"This fixes a potential call to schedule() within an RCU read-side
critical section. The solution applies reference counting to ensure
that handlers which may call schedule() are invoked safely outside of
the critical section"
* tag 'firewire-fixes-6.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394:
firewire: core: reallocate buffer for FCP address handlers when more than 4 are registered
firewire: core: call FCP address handlers outside RCU read-side critical section
firewire: core: call handler for exclusive regions outside RCU read-side critical section
firewire: core: use reference counting to invoke address handlers safely
- Prevent the ACPI EC driver from ignoring ECDT information in the
cases when the ID string in the ECDT is invalid, but not empty, to
fix thouchpad detection on ThinkBook 14 G7 IML (Armin Wolf).
- Rearrange checks in acpi_processor_ppc_init() to restore the handling
of frequency QoS requests related to _PPC limits inadvertently broken
by a recent update (Rafael Wysocki).
-----BEGIN PGP SIGNATURE-----
iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmidxxQSHHJqd0Byand5
c29ja2kubmV0AAoJEO5fvZ0v1OO1l8UH/R3dcBoacfdhaD6+KLUfaerWiKyW76dm
+310aADCX8ZTHpcMiy17g+rzeS07O81wfCvDUptbfF/1xmdNiZ46wq8FkOUlgVhv
Zhap7Sm+zTHTU/WkcX/2xRgpiJ9p1c9QnDI19hfRbUHcr/0CcsR04fxS2tiJUKuT
cd2RN7v2SKiULMQNtD7RFKYYmtJjAj+h67kbvgA1cxhH+q1g3EFdjy16cPlkH/0X
LAtRHWJtZxx8wO9NF2R/boKXqtq2Z+/StDekZ0BXqBPe8ivW3V9Z78eiFpm01bhB
YdCAGxgNvoObfueFQK+SOSlGod0a3B1rdeyK7PbkPe1tK/m/7KNgP5s=
=5cFF
-----END PGP SIGNATURE-----
Merge tag 'acpi-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These restore corner case behavior of the EC driver related to the
handling of defective ACPI tables and fix a recent regression in the
ACPI processor driver:
- Prevent the ACPI EC driver from ignoring ECDT information in the
cases when the ID string in the ECDT is invalid, but not empty, to
fix thouchpad detection on ThinkBook 14 G7 IML (Armin Wolf)
- Rearrange checks in acpi_processor_ppc_init() to restore the
handling of frequency QoS requests related to _PPC limits
inadvertently broken by a recent update (Rafael Wysocki)"
* tag 'acpi-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI: EC: Relax sanity check of the ECDT ID string
ACPI: processor: perflib: Move problematic pr->performance check
- Allow intel_idle to use _CST information from ACPI tables for
idle states enumeration on any family of processors (Len Brown).
- Restore corner case behavior of the menu cpuidle governor, related
to the handling of systems where idle states selected by the governor
are rejected by the cpuidle driver, inadvertently changed during the
6.15 development cycle (Rafael Wysocki).
- Add support for Clearwater Forest in the out-of-band (OOB) mode to
the intel_pstate driver (Srinivas Pandruvada).
-----BEGIN PGP SIGNATURE-----
iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmidw1wSHHJqd0Byand5
c29ja2kubmV0AAoJEO5fvZ0v1OO1NHAIAJDN1yMvQo0Pqlgw/FJYJzUGDF6kDfUF
xuAwBCr4/CYzlsi9yrUtfqx0hKHKdhRB9XsX/wlc0TM6nH6QH4X7XLy/SbZpZ28S
YsmJAPu/GJl/H6QvsDjYiovBhtPqmLFQMdTdW1WaIJUaBqffMUDb7xtZHy3Ib847
CpkmsKyPqsn0A0TMCWQ3fyprkqNMHMWL1qiPLllmlE/N9b9LMugN+KnxCL7dFnx1
b8mVDIvgJBMbayNs59oBFeg+92DLDvE41iCbW29QIblO1EjpS7ZnWHsbJvOswJCK
/ekNVkpgPywKvI0ycOjWTAkfNbfU3BhH3ZMupVzfzJ9WdqDxCU7tO7A=
=OJnT
-----END PGP SIGNATURE-----
Merge tag 'pm-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fixes from Rafael Wysocki:
"These remove an artificial limitation from the intel_idle driver,
update the menu cpuidle governor to restore its previous behavior in a
corner case and add one more supported platform configuration to the
intel_pstate driver:
- Allow intel_idle to use _CST information from ACPI tables for idle
states enumeration on any family of processors (Len Brown)
- Restore corner case behavior of the menu cpuidle governor, related
to the handling of systems where idle states selected by the
governor are rejected by the cpuidle driver, inadvertently changed
during the 6.15 development cycle (Rafael Wysocki)
- Add support for Clearwater Forest in the out-of-band (OOB) mode to
the intel_pstate driver (Srinivas Pandruvada)"
* tag 'pm-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: intel_pstate: Support Clearwater Forest OOB mode
cpuidle: governors: menu: Avoid using invalid recent intervals data
intel_idle: Allow loading ACPI tables for any family
LMEM is partitioned between multiple VFs and we expect that the more
VFs we have, the less LMEM is assigned to each VF.
This means that we can achieve full LMEM BAR access without the need to
attempt full VF LMEM BAR resize via pci_resize_resource().
Always try to set the largest possible BAR size that allows to fit the
number of enabled VFs and inform the user in case the resize attempt is
not successful.
Signed-off-by: Michał Winiarski <michal.winiarski@intel.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Link: https://lore.kernel.org/r/20250527120637.665506-7-michal.winiarski@intel.com
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
(cherry picked from commit 32a4d1b98e6663101fd0abfaf151c48feea7abb1)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Current release - regressions:
- netfilter: nft_set_pipapo:
- don't return bogus extension pointer
- fix null deref for empty set
Current release - new code bugs:
- core: prevent deadlocks when enabling NAPIs with mixed kthread config
- eth: netdevsim: Fix wild pointer access in nsim_queue_free().
Previous releases - regressions:
- page_pool: allow enabling recycling late, fix false positive warning
- sched: ets: use old 'nbands' while purging unused classes
- xfrm:
- restore GSO for SW crypto
- bring back device check in validate_xmit_xfrm
- tls: handle data disappearing from under the TLS ULP
- ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
- eth: bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE
- eth: hv_netvsc: fix panic during namespace deletion with VF
Previous releases - always broken:
- netfilter: fix refcount leak on table dump
- vsock: do not allow binding to VMADDR_PORT_ANY
- sctp: linearize cloned gso packets in sctp_rcv
- eth: hibmcge: fix the division by zero issue
- eth: microchip: fix KSZ8863 reset problem
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmidxhgSHHBhYmVuaUBy
ZWRoYXQuY29tAAoJECkkeY3MjxOkPckP/AhJ0kARPgo72OhElbW6KvkHhXVNUTJb
6m15j9Z8ybQPBupSorxUEBx7pxczv/GBloN1xoJqUY/p7B6kLO2HDOpaReNFjZvF
J9hPl6ZF6CWzwgfcUfwI3UB1zhALKyHDClclfd8FBoKjAYXCrZXuPv/AV4oqYsA1
y7g24zpI76Cu+M+Nf5YhrlIVSmQ1/DXX8gifdcHFYnAKmCn7KxNv2lwvm2/yE2lL
9/Xl/D1cG/BiAaCUUXR4BP8RU5gdW72+lM3qmC/QFO/7jcBaoE89Y9Anona8p0PQ
dqDerHd0GDUH9QA6bht3asCS+IW+Zo2gf25o53OzlYIMAxDmEZLUBCwetJhvNJBq
DUQ6agzfNRxsCnlOc4JhMOqNr7rdU7d+9c9KuZWA/m8KRWdlvTYGJd/qzSlTWOhq
s9228dl+4oTb9Mnq8Bqafi42+TImeOyFRW9ZgF8ptjlF0l/lyv6moIrRCmVXppRZ
awABNDdG+i004XmAOAeOhjbUT7clLkLr+KEnsfH16qCa2o3dM6rlhvWYp2sucVJf
SyRvMdz5VqMLgruefpQS/DuK52UklpRawgvgngzU6UDYQUaxQKToeusMjRU7xUnW
hVI1y7/oNH6+r7Zr/iLTLKRR007B+RVC7VSbeMpxmAW+n6puMb+z7RnrJlnFapGM
qqqtk2/jItuK
=Ydk1
-----END PGP SIGNATURE-----
Merge tag 'net-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from Netfilter and IPsec.
Current release - regressions:
- netfilter: nft_set_pipapo:
- don't return bogus extension pointer
- fix null deref for empty set
Current release - new code bugs:
- core: prevent deadlocks when enabling NAPIs with mixed kthread
config
- eth: netdevsim: Fix wild pointer access in nsim_queue_free().
Previous releases - regressions:
- page_pool: allow enabling recycling late, fix false positive
warning
- sched: ets: use old 'nbands' while purging unused classes
- xfrm:
- restore GSO for SW crypto
- bring back device check in validate_xmit_xfrm
- tls: handle data disappearing from under the TLS ULP
- ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
- eth:
- bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE
- hv_netvsc: fix panic during namespace deletion with VF
Previous releases - always broken:
- netfilter: fix refcount leak on table dump
- vsock: do not allow binding to VMADDR_PORT_ANY
- sctp: linearize cloned gso packets in sctp_rcv
- eth:
- hibmcge: fix the division by zero issue
- microchip: fix KSZ8863 reset problem"
* tag 'net-6.17-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (54 commits)
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
net: kcm: Fix race condition in kcm_unattach()
selftests: net/forwarding: test purge of active DWRR classes
net/sched: ets: use old 'nbands' while purging unused classes
bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE
netdevsim: Fix wild pointer access in nsim_queue_free().
net: mctp: Fix bad kfree_skb in bind lookup test
netfilter: nf_tables: reject duplicate device on updates
ipvs: Fix estimator kthreads preferred affinity
netfilter: nft_set_pipapo: fix null deref for empty set
selftests: tls: test TCP stealing data from under the TLS socket
tls: handle data disappearing from under the TLS ULP
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
ixgbe: prevent from unwanted interface name changes
devlink: let driver opt out of automatic phys_port_name generation
net: prevent deadlocks when enabling NAPIs with mixed kthread config
net: update NAPI threaded config even for disabled NAPIs
selftests: drv-net: don't assume device has only 2 queues
docs: Fix name for net.ipv4.udp_child_hash_entries
riscv: dts: thead: Add APB clocks for TH1520 GMACs
...
* pm-cpuidle:
cpuidle: governors: menu: Avoid using invalid recent intervals data
intel_idle: Allow loading ACPI tables for any family
* pm-cpufreq:
cpufreq: intel_pstate: Support Clearwater Forest OOB mode
Delete extra checks for the ATA_DFLAG_CDL_ENABLED flag that prevent
SET FEATURES command from being issued to a drive when NCQ commands
are active.
ata_mselect_control_ata_feature() sets / clears the ATA_DFLAG_CDL_ENABLED
flag during the translation of MODE SELECT to SET FEATURES. If SET FEATURES
gets deferred due to outstanding NCQ commands, the original MODE SELECT
command will be re-queued. When the re-queued MODE SELECT goes through
the ata_mselect_control_ata_feature() translation again, SET FEATURES
will not be issued because ATA_DFLAG_CDL_ENABLED has been already set or
cleared by the initial translation of MODE SELECT.
The ATA_DFLAG_CDL_ENABLED checks in ata_mselect_control_ata_feature()
are safe to remove because scsi_cdl_enable() implements a similar logic
that avoids enabling CDL if it has been enabled already.
Fixes: 17e897a456 ("ata: libata-scsi: Improve CDL control")
Cc: stable@vger.kernel.org
Signed-off-by: Igor Pylypiv <ipylypiv@google.com>
Reviewed-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Commit 4371fe1ba4 ("ata: libata-eh: Avoid unnecessary resets when
revalidating devices") replaced the call to ata_phys_link_offline() in
ata_eh_revalidate_and_attach() with the new function
ata_eh_link_established() which relaxes the checks on a device link
state to account for low power mode transitions. However, this change
assumed that the device port has a valid scr_read method to obtain the
SStatus register for the port. This is not always the case, especially
with older IDE/PATA adapters (e.g. PATA/IDE devices emulated with QEMU).
For such adapter, ata_eh_link_established() will always return false,
causing ata_eh_revalidate_and_attach() to go into its error path and
ultimately to the device being disabled.
Avoid this by restoring the previous behavior, which is to assume that
the link is online if reading the port SStatus register fails.
While at it, also fix the spelling of SStatus in the comment describing
the function ata_eh_link_established().
Reported-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Fixes: 4371fe1ba4 ("ata: libata-eh: Avoid unnecessary resets when revalidating devices")
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Reviewed-by: Niklas Cassel <cassel@kernel.org>
UAC3 class segment descriptors need to be verified whether their sizes
match with the declared lengths and whether they fit with the
allocated buffer sizes, too. Otherwise malicious firmware may lead to
the unexpected OOB accesses.
Fixes: 11785ef532 ("ALSA: usb-audio: Initial Power Domain support")
Reported-and-tested-by: Youngjun Lee <yjjuny.lee@samsung.com>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250814081245.8902-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
UAC3 power domain descriptors need to be verified with its variable
bLength for avoiding the unexpected OOB accesses by malicious
firmware, too.
Fixes: 9a2fe9b801 ("ALSA: usb: initial USB Audio Device Class 3.0 support")
Reported-and-tested-by: Youngjun Lee <yjjuny.lee@samsung.com>
Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250814081245.8902-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Without setting phy_mask for ax88772 mdio bus, current driver may create
at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f.
DLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy
device will bind to net phy driver. This is creating issue during system
suspend/resume since phy_polling_mode() in phy_state_machine() will
directly deference member of phydev->drv for non-main phy devices. Then
NULL pointer dereference issue will occur. Due to only external phy or
internal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud
the issue.
Closes: https://lore.kernel.org/netdev/20250806082931.3289134-1-xu.yang_2@nxp.com
Fixes: e532a096be ("net: usb: asix: ax88772: add phylib support")
Cc: stable@vger.kernel.org
Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
Tested-by: Oleksij Rempel <o.rempel@pengutronix.de>
Reviewed-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20250811092931.860333-1-xu.yang_2@nxp.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
A reasonably small collection of fixes that came in since the merge
window, mostly small and driver specific plus a cleanup of the menu
reorganisation to address some user confusion with the way the generic
drivers had been handled.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmic65gACgkQJNaLcl1U
h9BcKQf/QlkZR3J9y2NEH8UbAqf0l3c5WFMl1bfUtgiTTZzbgC5eP5wqjmP3bkCp
FRDxzrN0cukzajbfu63SM4WASYswH1uOIv2qD1T/xuDFZRZM2Dhbi0gs+wHYrpDv
laAmUSLbKAoRYHCAkfaDu9rPjVbOFmFvswmf1pIAfkfuRCJTGfiTk6sO6yKG24LP
tk1XPAZdDK22D5W2aVCDMf4BRJ2RKjJBRpN48Mwg3OaAwpIuBsftdZAnur3QfkLW
fDhDWjBqPr1wJsHmG96xIWFQG241kAD60BBposPvpLRF/HN813gcPwYDqW3U+ddF
Od38MSDqp2v2FFoHvgS6Y5GzfFK6Wg==
=O2NX
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v6.17-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v6.17
A reasonably small collection of fixes that came in since the merge
window, mostly small and driver specific plus a cleanup of the menu
reorganisation to address some user confusion with the way the generic
drivers had been handled.
Davide Caratti says:
====================
ets: use old 'nbands' while purging unused classes
- patch 1/2 fixes a NULL dereference in the control path of sch_ets qdisc
- patch 2/2 extends kselftests to verify effectiveness of the above fix
====================
Link: https://patch.msgid.link/cover.1755016081.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
