mirror of https://github.com/torvalds/linux.git
1398540 Commits
| Author | SHA1 | Message | Date |
|---|---|---|---|
Linus Torvalds
|
ac3fd01e4c | Linux 6.18-rc7 | |
|
Linus Torvalds
|
d0e88704d9 |
Fixes for the Allwinner clk driver:
- Lower the minimum rate for the A523 audio PLL to support
frequencies required by audio devices
- Mark a couple clks critical on A523 so that Linux doesn't turn
them off when they're used by other code like TF-A
-----BEGIN PGP SIGNATURE-----
iQJIBAABCAAyFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAmkjV3AUHHN3Ym95ZEBj
aHJvbWl1bS5vcmcACgkQrQKIl8bklSUPzw/+JyChC42SYjZAAbzT/aBE7STbjlWT
EnY4RcES5AJ9xav9wXI6UbI9941xJWfhpijqJ5UOuXiHP9pGOzrElI+iyevL5iDu
AL6qijUsE+3NL505LqwLo1IvrnCtdOy5o8JVI+A84QLs0SQCXGjFewxo1vSOCm/o
va6zyFNW11Vk4dfMw1dS3bna9yhCXkZh0nzvelsYc0KyZODd6qk838Qjnq80A3tC
5kXNFWFTuz9CLqc3emzACF3uRxT296gTLX92evyi1Pq+d69QaAdaVJQHSOJiMfT2
tbiGpOyZHGm+vlZ8O2awE71ODgqOvSXcbewCm9DA7xp3TEAf0Kdy5zz8Jl6qmVuG
PvYnhJe+B1SUm6iTwrzJTeyOD468Xi7yICbg+HKIrr1efpL4NzSIKypAJH9bv+DY
t7wySo3Yql/9LOQQKE/TG8JGi8mozYNZSTiMrBtdUw9ev2kOW0zwaM9V7SEH1WK2
urerDjloOPZ+Nf7eIN8dZfhFDi3sEO5/YcBev1FiQ+iIZtIZwltFnbvAHzrcLStb
VttJla6lN05kUdPMkTBg1oNu2FLnS47eJWHCjDysOjsGnKx+Mjm+RB+p7wjqLc3e
y0IRzlj7w2+PZFI7Q4KRfDT5srHP2TqBE2y6xAdQsU8xWx/tKSvVYgO0Vmu7AbJh
8L77KUw2tQPaFbo=
=A1l6
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"Fixes for the Allwinner A523 clk driver:
- Lower the minimum rate for the A523 audio PLL to support
frequencies required by audio devices
- Mark a couple clks critical on A523 so that Linux doesn't turn them
off when they're used by other code like TF-A"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: sunxi-ng: sun55i-a523-ccu: Lower audio0 pll minimum rate
clk: sunxi-ng: sun55i-a523-r-ccu: Mark bus-r-dma as critical
clk: sunxi-ng: Mark A523 bus-r-cpucfg clock as critical
|
|
|
Linus Torvalds
|
1af5c1d3a9 |
Miscellaneous fixes:
- Fix a race in timer->function clearing in timer_shutdown_sync()
- Fix a timekeeper sysfs-setup resource leak in error paths
- Fix the NOHZ report_idle_softirq() syslog rate-limiting
logic to have no side effects on the return value
Signed-off-by: Ingo Molnar <mingo@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmkivgERHG1pbmdvQGtl
cm5lbC5vcmcACgkQEnMQ0APhK1i/0g/+ODFR6NF7cNcsZPhKdRt/A9Il72qmjteG
Fqzacev1rzaQpPSaRpOnEAnqDRmfnFLZ0I4WA36QJxfApHHg9kI8GzEaa7WDvQOc
kOL317i3vsme+tolI0fwazvMRnwgSipHVvXp76eyaEKXHM97i81XUpJYynxl+j9R
0le8wpcBQKMUnpvYWN4J7u0AOO0vXCdaKSM2r9bgecXGyaqgzdyLYqGhgPLd0tYC
Tn3pSrQIffORZQed3hKjXmC4DSs+tsdQr1npphxrzHy3Q8rXbt3eEj96IYyHdz1f
/3eetSWRcd0jnZYIjuA9xG7xMSBBitkPBzSQMaZMdzV2d03oPU2WVvoKLSPnFNxz
JQIErExLJH2AOrYNLmx+6DJ0Ql8398KdISJnb6HdX1cZcljRKmqlo9BIaPorQDqf
WFm8WvhthBXHwEbWx/ecaPkV2aBQpXTTH7AkCebBLF+YTxtHUVGjwlBQ/CltABk3
a4U93M/Zdyaxys/9YpIeWAsg0y3b54r6aFbReyt8CiMVe+gKqTOnT3Jy4hqFZPnB
x+AHtooGsN7CIV4q9NIB6EmvJ5J1HFkmGQrWo1y/OHbZp2mDJy/1sQ+rj7NXdBZA
ibrUHIWzTtZ6WpuR1ABD3wubhb7/BF3Gwh4v27AUtLFKW/cZq7ovMODVrp+Svt6X
3EOg/YofAy0=
=JVik
-----END PGP SIGNATURE-----
Merge tag 'timers-urgent-2025-11-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fixes from Ingo Molnar:
- Fix a race in timer->function clearing in timer_shutdown_sync()
- Fix a timekeeper sysfs-setup resource leak in error paths
- Fix the NOHZ report_idle_softirq() syslog rate-limiting
logic to have no side effects on the return value
* tag 'timers-urgent-2025-11-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
timers: Fix NULL function pointer race in timer_shutdown_sync()
timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths
tick/sched: Fix bogus condition in report_idle_softirq()
|
|
|
Linus Torvalds
|
e624f73775 |
Fix perf CPU-clock counters, and address a static checker warning.
Signed-off-by: Ingo Molnar <mingo@kernel.org> -----BEGIN PGP SIGNATURE----- iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmkiu0sRHG1pbmdvQGtl cm5lbC5vcmcACgkQEnMQ0APhK1h5+xAAsBjDSBSLwCyMb+k9iP482jMgMkl3s3m1 LjqBvdJgbBZvZF2mfxRFRcgR8KLNyy4uXq05w0Bb5zP4pTvPK0cNuhG6SmlAhppr r4OHwnbRThXoKssWYVTc5qILEiCAoRbwSXDYdFjgl29Fd0u+IIv2sQIYRKkna8OJ A73TuOjFTWdU58sKPqY/tp7O0duzyFoicFkkap4atAV8lPHlDZJl+r1ayBtmx3pD xe9u9kHQXYq6NLPwXKrKIA77RAa3w1nTAe9zh/mIFF36MvifxGhSwNSB4Fr/RKuN 2lBzCW5KnTrY9Mzs1Ds4k1RBt6RNNn30AZU/c9RB1qdzl1X6Z1xtse72yjHYQPb1 +VM4YwMhnaJkGEczK6KP62DfNa/scrSjehLHXwqNPCt+FzJY2YRXp5s3v8SK8AXP rlRBnL0U8FhImR3VucgHp6LIkZMvuKI/+dDdW/KIO6XkZqbYQ/fORAgCFNGJDNAo UQv4mb11qk2Bv/QC0NJGfQqIb2mS+/xmM8q31Ipf9eC0eHzM0sLmVtJW9IX61qfI K+rP4qmIKkWJMLMkwGJxpw2G0v3Wfx0LQ6xa9io/Bw9F/9rs8/Qd5C2eafZmCRqW Mt/dK+2eYnR/+hKsWN/xN8ayawN2Ra5NSJjQAxL5CfLEXJRQAmrvwpWPNA/Ef3Dg 0KOqU6yJlNo= =kaoD -----END PGP SIGNATURE----- Merge tag 'perf-urgent-2025-11-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Fix perf CPU-clock counters, and address a static checker warning" * tag 'perf-urgent-2025-11-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf: Fix 0 count issue of cpu-clock perf/x86/intel/uncore: Remove superfluous check |
|
Yipeng Zou
|
20739af073 |
timers: Fix NULL function pointer race in timer_shutdown_sync()
There is a race condition between timer_shutdown_sync() and timer
expiration that can lead to hitting a WARN_ON in expire_timers().
The issue occurs when timer_shutdown_sync() clears the timer function
to NULL while the timer is still running on another CPU. The race
scenario looks like this:
CPU0 CPU1
<SOFTIRQ>
lock_timer_base()
expire_timers()
base->running_timer = timer;
unlock_timer_base()
[call_timer_fn enter]
mod_timer()
...
timer_shutdown_sync()
lock_timer_base()
// For now, will not detach the timer but only clear its function to NULL
if (base->running_timer != timer)
ret = detach_if_pending(timer, base, true);
if (shutdown)
timer->function = NULL;
unlock_timer_base()
[call_timer_fn exit]
lock_timer_base()
base->running_timer = NULL;
unlock_timer_base()
...
// Now timer is pending while its function set to NULL.
// next timer trigger
<SOFTIRQ>
expire_timers()
WARN_ON_ONCE(!fn) // hit
...
lock_timer_base()
// Now timer will detach
if (base->running_timer != timer)
ret = detach_if_pending(timer, base, true);
if (shutdown)
timer->function = NULL;
unlock_timer_base()
The problem is that timer_shutdown_sync() clears the timer function
regardless of whether the timer is currently running. This can leave a
pending timer with a NULL function pointer, which triggers the
WARN_ON_ONCE(!fn) check in expire_timers().
Fix this by only clearing the timer function when actually detaching the
timer. If the timer is running, leave the function pointer intact, which is
safe because the timer will be properly detached when it finishes running.
Fixes:
|
|
|
Linus Torvalds
|
d13f3ac64e |
- Fix CPU type in DT for econet
- Fix for Malta PCI MMIO breakage for SOC-it - Fix TLB shutdown caused by iniital uniquification - Fix random seg faults -----BEGIN PGP SIGNATURE----- iQJOBAABCAA4FiEEbt46xwy6kEcDOXoUeZbBVTGwZHAFAmkiIKQaHHRzYm9nZW5k QGFscGhhLmZyYW5rZW4uZGUACgkQeZbBVTGwZHA+4A//VBaGVDaIbqwE1xzBdeUQ j5yK4l9wbD4LO67DTN4eElouct/o48I1UbQSK3vBaBRlGKLEFK/2Pu1amh6VGWr9 SyI14AYlj0vX7C6nqSrGKL+/+1mA9pCQmpz4yshn+qnwoAqHjqs+enX3BiBh+L0j 1JJRyr8qGzQ8Xma80Bx5Jvst61a5AgQZvVf70nr/0LdoqjBkS6dqVKRHtA7VOqWd SqX1/y7FeLt6oPmzRYCy7Kp7RNDJ9sIht7ZklznV1tUBdDTRpA8eUqeSSyUEe0/7 x79jj3/On7vg84shs3u+JU8jjrVuyXQcSJq2YRw9kEm0lJ2nd2YFS13SpnT4ZMNQ qCyzfTELLQ+NvRNaiUWWj5RXdiSo2LrZNq/Qu2EsNaSz2YYkkmrAurGOd8rOcfka 59lKvoQ18Vt3Ok5EeaatAWANJhXpEodvScuGdzBocaJ8/mSBwUzd6Vit9fma6eJ2 o1evxG7rqhXo+fT3pfjkW9ueAzCwJvF+tXV47Ga3PLssZfBvGo90LhaMf8C+VQA+ WoSAHhHlhrjhpo0/8/Z5577LV0IyRhwcnoivphBAwuCNe6SQrkKDrnx6xbemwbM1 biCbMaknli72c/KfptoOtBJYyZdEkgCigsB9unBHFXtExreoCo0PEAoJIv0GZs4M 3y7EIgkwib7OZCU2cA4/hkA= =caJE -----END PGP SIGNATURE----- Merge tag 'mips-fixes_6.18_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux Pull MIPS fixes from Thomas Bogendoerfer: - Fix CPU type in DT for econet - Fix for Malta PCI MMIO breakage for SOC-it - Fix TLB shutdown caused by iniital uniquification - Fix random seg faults due to missed vdso storage requirement * tag 'mips-fixes_6.18_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux: MIPS: kernel: Fix random segmentation faults MIPS: mm: Prevent a TLB shutdown on initial uniquification mips: dts: econet: fix EN751221 core type MIPS: Malta: Fix !EVA SOC-it PCI MMIO |
|
|
Linus Torvalds
|
0629dcf772 |
Crypto library fix for v6.18-rc7
Fix another KMSAN warning that made it in while KMSAN wasn't working reliably. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQSacvsUNc7UX4ntmEPzXCl4vpKOKwUCaSITwxQcZWJpZ2dlcnNA a2VybmVsLm9yZwAKCRDzXCl4vpKOK898AQCZFgPxQxVrkSaZuDXJ1V5ZpH/PcQVe RWsmR6TtVE84QQD/a/mteTNxeB0xDFCrhgYG4TmF1g/RhPTTdBTmhubSdwo= =VNQT -----END PGP SIGNATURE----- Merge tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux Pull crypto library fix from Eric Biggers: "Fix another KMSAN warning that made it in while KMSAN wasn't working reliably" * tag 'libcrypto-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux: lib/crypto: tests: Fix KMSAN warning in test_sha256_finup_2x() |
|
|
Linus Torvalds
|
89edd36fd8 |
xfs: fixes for 6.18-rc7
Signed-off-by: Carlos Maiolino <cem@kernel.org> -----BEGIN PGP SIGNATURE----- iJUEABMJAB0WIQSmtYVZ/MfVMGUq1GNcsMJ8RxYuYwUCaSGL+QAKCRBcsMJ8RxYu YyvcAXsECiSerKCBGTXpRTLlxB59UWhjRkz2pKhMYLd4czYsukPqTmEergwkQeVN Ebb5rlMBegJoUfeL//wDZ3D/w/T4E2bEMhlcVH04vEE+yBkuqKqcfNDftQl5MCoD /1JI9xbKAQ== =3pbL -----END PGP SIGNATURE----- Merge tag 'xfs-fixes-6.18-rc7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fix from Carlos Maiolino: "A single out-of-bounds fix, nothing special" * tag 'xfs-fixes-6.18-rc7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix out of bounds memory read error in symlink repair |
|
|
Linus Torvalds
|
7e29f07760 |
SCSI fixes on 20251122
One target driver fix and one scsi-generic one. The latter is 10 lines because the problem lock has to be dropped and re-taken around the call causing the sleep in atomic. Signed-off-by: James E.J. Bottomley <James.Bottomley@HansenPartnership.com> -----BEGIN PGP SIGNATURE----- iLgEABMIAGAWIQTnYEDbdso9F2cI+arnQslM7pishQUCaSHVghsUgAAAAAAEAA5t YW51MiwyLjUrMS4xMSwyLDImHGphbWVzLmJvdHRvbWxleUBoYW5zZW5wYXJ0bmVy c2hpcC5jb20ACgkQ50LJTO6YrIW+xQEAx4Sfjb+NTZ4qcDX2wjAosFUnuu5RUnn6 YG1OSrzHHP4A/RQQIxerooZPSD67LxIFVsxCV3yu6S88+n4P3emAec3V =qUHX -----END PGP SIGNATURE----- Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "One target driver fix and one scsi-generic one. The latter is 10 lines because the problem lock has to be dropped and re-taken around the call causing the sleep in atomic" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: sg: Do not sleep in atomic context scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() |
|
|
Linus Torvalds
|
ebd975458d |
Input updates for v6.18-rc6
- INPUT_PROP_HAPTIC_TOUCHPAD definition added early in 6.18 cycle has been renamed to INPUT_PROP_PRESSUREPAD to better reflect the kind of devices it is supposed to be set for - a new ID for a touchscreen found in Ayaneo Flip DS in Goodix driver - Goodix driver no longer tries to set reset pin as "input" as it causes issues when there is no pull up resistor installed on the board - fixes for cros_ec_keyb, imx_sc_key, and pegasus-notetaker drivers to deal with potential out-of-bounds access and memory corruption issues -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQST2eWILY88ieB2DOtAj56VGEWXnAUCaSFbUAAKCRBAj56VGEWX nC+zAQCmxIsTcA4GEPgelW0dRaaKCcCnr++0RQVW5hFJ+0VgTgD6AlzkMtdy5O30 91gz5ooMKSz5SMsgb97N2GlayGKezA0= =dMey -----END PGP SIGNATURE----- Merge tag 'input-for-v6.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: - INPUT_PROP_HAPTIC_TOUCHPAD definition added early in 6.18 cycle has been renamed to INPUT_PROP_PRESSUREPAD to better reflect the kind of devices it is supposed to be set for - a new ID for a touchscreen found in Ayaneo Flip DS in Goodix driver - Goodix driver no longer tries to set reset pin as "input" as it causes issues when there is no pull up resistor installed on the board - fixes for cros_ec_keyb, imx_sc_key, and pegasus-notetaker drivers to deal with potential out-of-bounds access and memory corruption issues * tag 'input-for-v6.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: rename INPUT_PROP_HAPTIC_TOUCHPAD to INPUT_PROP_PRESSUREPAD Input: cros_ec_keyb - fix an invalid memory access Input: imx_sc_key - fix memory corruption on unload Input: pegasus-notetaker - fix potential out-of-bounds access Input: goodix - remove setting of RST pin to input Input: goodix - add support for ACPI ID GDIX1003 |
|
|
Linus Torvalds
|
a6ff0d85eb |
RISC-V updates for v6.18-rc7
- Correct the MIPS RISC-V/JEDEC vendor ID. - Fix the system shutdown behavior in the legacy case where CONFIG_RISCV_SBI_V01 is set, but the firmware implementation doesn't support the older v0.1 system shutdown method. - Align some tools/ macro definitions with the corresponding kernel headers. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEElRDoIDdEz9/svf2Kx4+xDQu9KksFAmkhEkIACgkQx4+xDQu9 Kkvwzw//argWbOhLtXyoLxPlsyeQaBh5tiJgXJJTIlqhpNb0c1JR3dG+7sSAPVCl Hrq6blvP0ADUajdlSxuvSaBglqydFaqU689kkG79/hWcAQiRsuJz830RRlQKwnzd FIRv+m8kN2JoFLLiCvpm2r1PNaWQBpwmphVCrfnqvJ2fqPpmC8DVk9iDP6w67Hcj U1lSofEWxKcDaGOHuA1xU9NFAydtAd0/Jefci5C2hz0bTyJ5sAgAwJrvMoxX4n1x Y/yUWe88sOIj8SMg2bJJSm6Ny1apOc6IuYd+GxGpN954tcjJCQ/PBLywM2FT1hx4 65I3yJv0VEDmmLSodYPrmN38bu5n7gKrbRTjBvjVRat5hvLV6iej4UHdyScc7eXV 6BxR982BYtG0Mo1W9lm1NbH1ubcyuJxDfwPffeGFYP2RhaVQgneOeczWmcyW6KKA GB8zvLBEwDgQoSWtFGvotQhnzM9oqDYYmQ2AeMuTHqB2D+AIqoejoB8S7i95MPaB m8zepRgN2VS0v+glOZ9tDlsbURR0Yu0SO4k/bIJ2/Surtt7G0BKcenfTNquaOW+/ evr8uS1fbQPLyyqnUmHh/FYRivQs0JcB/6yBdFYM1YZfW84PC03KdFrO+fhyna+V wMQzEhIYxLi5gyP1KZ1s4DWynXoUdBjovsjWNjQGe0pF+uQps40= =aw1W -----END PGP SIGNATURE----- Merge tag 'riscv-for-linus-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fixes from Paul Walmsley: - Correct the MIPS RISC-V/JEDEC vendor ID - Fix the system shutdown behavior in the legacy case where CONFIG_RISCV_SBI_V01 is set, but the firmware implementation doesn't support the older v0.1 system shutdown method - Align some tools/ macro definitions with the corresponding kernel headers * tag 'riscv-for-linus-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: tools: riscv: Fixed misalignment of CSR related definitions riscv: sbi: Prefer SRST shutdown over legacy riscv: Update MIPS vendor id to 0x127 |
|
|
Linus Torvalds
|
5703357ede |
selinux/stable-6.18 PR 20251121
-----BEGIN PGP SIGNATURE----- iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmkgxTMUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMaFw//ceP1tRSZcpCEkgkks3hkSxANfqdZ WbuSlI/bzEJjmmM/FAA1KM1+5b/FrO5gzrkfi1eEJ5DlI9Biy0Qa1qgi+21JbOGO yC0f7poMwDtDZFl9OLtI6yJ8XyO/HP8+HIc7LqJgSjUvF4S0m8MVHS2acRvOuEGU adw80uwnW64pBX+mgZOsf3GAZLpNFMlFwLQ2s2ERd0Hl4X1hmOgkejCTjS4BhAVE BSOxRyNLiEjmrjypP+pmjZoedsnq5LaUZD5tj+0IieQ0SYCg//2GSwh8fpfNjRCx C8rnBOT632VTKkUdIkHHOe8PzDN8L+WJYtiCiSyuCm+ExdElfibN+/N0jwhck/bF pXHwtIaXbxMaWDbfJyrjblBZQwlfMwUzQtoNCeKtuVANCQqz77aDMsMxGXw/FXYm c5Wut0FDGPnoITJu1b2hwA6XWPwBFB/lI+7M8l54ofssC27M4wp6xw5z1vVGz4bb x3ypzOxoa0VkZrbXjb7o2FMOqsHdb/J23tXN2YRnVTeUGdK48KFBcrvMwQKZV+rD AYmdJkzMLiFX0NLpviYqJT61tEQviWLVmeB2ACm8RbxN7+aE6ecZz6QvrtCsPqz9 iKeSNfSqwdHPQPe935pzfa/LcLDdvpEhSzuAcQICPhY3M33J4xc8y/0ZXkH6katL nU75VPpt6EVU5XI= =32VE -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20251121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux fixes from Paul Moore: "Three SELinux patches for v6.18 to fix issues around accessing the per-task decision cache that we introduced in v6.16 to help reduce SELinux overhead on path walks. The problem was that despite the cache being located in the SELinux "task_security_struct", the parent struct wasn't actually tied to the task, it was tied to a cred. Historically SELinux did locate the task_security_struct in the task_struct's security blob, but it was later relocated to the cred struct when the cred work happened, as it made the most sense at the time. Unfortunately we never did the task_security_struct to cred_security_struct rename work (avoid code churn maybe? who knows) because it didn't really matter at the time. However, it suddenly became a problem when we added a per-task cache to a per-cred object and didn't notice because of the old, no-longer-correct struct naming. Thanks to KCSAN for flagging this, as the silly humans running things forgot that the task_security_struct was a big lie. This contains three patches, only one of which actually fixes the problem described above and moves the SELinux decision cache from the per-cred struct to a newly (re)created per-task struct. The other two patches, which form the bulk of the diffstat, take care of the associated renaming tasks so we can hopefully avoid making the same stupid mistake in the future. For the record, I did contemplate sending just a fix for the cache, leaving the renaming patches for the upcoming merge window, but the type/variable naming ended up being pretty awful and would have made v6.18 an outlier stuck between the "old" names and the "new" names in v6.19. The renaming patches are also fairly mechanical/trivial and shouldn't pose much risk despite their size. TLDR; naming things may be hard, but if you mess it up bad things happen" * tag 'selinux-pr-20251121' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: rename the cred_security_struct variables to "crsec" selinux: move avdcache to per-task security struct selinux: rename task_security_struct to cred_security_struct |
|
|
Linus Torvalds
|
2eba5e05d9 |
LoongArch fixes for v6.18-rc7
-----BEGIN PGP SIGNATURE----- iQJKBAABCAA0FiEEzOlt8mkP+tbeiYy5AoYrw/LiJnoFAmkgH58WHGNoZW5odWFj YWlAa2VybmVsLm9yZwAKCRAChivD8uImetIQD/90qm0rkEhYnciXeSR+yuqSKk1e YDyXkNiVjwazAUGBo0vdTvCkLa9xs2rbxXbA4cUsRYKB8lW0fRWlNlj+DxOxAroQ 0rVsgWvp5ZHzB6ppIdNEY2PF2bwk7vTdffQXlwYKoTDt95MAqxKercQX5isPe17t S4N23hIMiNzqM9kshxi5xxm27PvJvEpdRYRoFh9zmZBrW98pLhhc668JEGautzra dAjm7uzdeDb/f5AQFdiB+NGlYt2fRr24EPmEqyqXJAHtL9wI2t1HHUs4lb+FUILf ZiUfJHmYbz1v6GInPbPB3Xqi5EJrrSa0+8SmnqlUr3trEQ6whqjGoV2n5v38Ppr6 PTL+fv7ACEDbr+APgWajsLCjbSzu6LDUay+vVFLLDJSxl7eYjWMZwFS5Rzr+pAc3 UJHCG8sNXyLqiwxbwRMPR/w/YTxCaULHfBuCmxQpnhU6qHsjIzpFdztycpgcuF3B YcvZ0rAGbq+Q3glhqIe19WhswDUB94j4+Nrz80pXqJgumK42xtIbx5K4WLYFdHFo Wxi6mW9VGPDZVysbDry2aFVVoymlYpv7p3N/txOrYuxmrr6YUyEeued3mW+99Zjj FbdPfCOJU1sTBZcg8AiSG3nUuStKKLFu56e8oaW5kzOOAxjHsFqo3vL0JdjjeJX/ +1pRdJ/1i9k9la4/rQ== =rVXC -----END PGP SIGNATURE----- Merge tag 'loongarch-fixes-6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson Pull LoongArch fixes from Huacai Chen: "Use UAPI types in ptrace UAPI header to fix nolibc ptrace. Fix CPU name display, NUMA node parsing, kexec/kdump, PCI init and BPF trampoline" * tag 'loongarch-fixes-6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson: LoongArch: BPF: Disable trampoline for kernel module function trace LoongArch: Don't panic if no valid cache info for PCI LoongArch: Mask all interrupts during kexec/kdump LoongArch: Fix NUMA node parsing with numa_memblks LoongArch: Consolidate CPU names in /proc/cpuinfo LoongArch: Use UAPI types in ptrace UAPI header |
|
|
Linus Torvalds
|
e3fe48f9bd |
three smb3 client fixes
-----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEE6fsu8pdIjtWE/DpLiiy9cAdyT1EFAmkf728ACgkQiiy9cAdy T1EgHAwAskeR4845ddwfkcrOWktFyjxhkaQ2n9A5c5caDxbLsVSc8MOBl40GnQEZ 8EmGw3I7TWxmv92dzEt8fA7VWhBYxqj/cNVH5vnU8TYT9mS6cu6mXI5/Jbx14f2U DooQpjJmOGV4/fFDc9mY7uLx9rX64HsVposvfkblk0cbAsbzoJciaB/Dn+0RBIKs xSYkY1RaXhEDa1yJrYxKY8bIbXJo9bfi8socJFl3O2hRJt/kU6L6XqGcGBqUwjk7 JI65UHfVrcEWIzk0FfdI8gVqGlZjHWcY8bg/hSTq3QSGJ7s1kCmRwsREm6CS+a2D Gt4RXVZdNua6WLez3ItUQVvz1iYqiOfpsceZ/Qp8zInaSyKr0GUnT2ZPYJ8NkdfI TAYYnrFKSgaUhMsyA3GaURPu3nJPSIHLgJPOJTlxvSobtZlPArpYIny78L+6gYbR K6mnkBJPbTbTrn7fx8OXKSycFU3bMwJAuB9NFzf/I1Vl1nyVSv4sKErCaDeertzE uOGyrYVE =fBmC -----END PGP SIGNATURE----- Merge tag 'v6.18-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 Pull smb client fixes from Steve French: - Fix potential memory leak in mount - Add some missing read tracepoints - Fix locking issue with directory leases * tag 'v6.18-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: Add the smb3_read_* tracepoints to SMB1 cifs: fix memory leak in smb3_fs_context_parse_param error path smb: client: introduce close_cached_dir_locked() |
|
|
Linus Torvalds
|
a07a003ce6 |
io_uring-6.18-20251120
-----BEGIN PGP SIGNATURE----- iQJDBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmkfngUQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgppNrD/iFobqiPSgoIO703YfN2aS74itKMuKuJfJL 7gmLwwNYx1F78l7mfvQz5vOetHcIM2xZzRENvlgeh5UBz0537zDcaXeWjILUCdSw UxaQgnyHjJN8a5C07FfAXVTLT38133iMVCWT9OjOffPGVFtaVE4JsNI7YLziCGBc 3W69b/uob1KBzSpcWYMl1mA8ZAIoNXk0//qUdcrYuJVeeR5Gp9Cwf09g+axERYYw OCVf0ykWeIr6B7qhKcoV95a+BsbSwKnO8n3o5bo8/nJ/dexr+ofHbf5YhtJaPhbr o8/CZIYcfdDaYXC2z9KVZrePjinYXYiEwZkvzfoAgbE6Kd88v62ZgHbC8LcYboQ+ w+caLJ1TuEt7aHrLJAN/HbzpAEvMgmZ8Msr26RkKEp1XkiShjAmA+MEqD6zwbZ2i DgYMetXgQm03Iso0ZseOE3nbnimI2oWWNIyFG2Wx8etmLKR6jAwP72OZumlKZweX ZXuEWp3Kxoy6buERnR6hWM6MbMK7dIVMVXvKAjbhgbCN2Biy32nbPhW/xj6W3Foa /0ixGv9pPp6gBA90JmVm5CxuL35wAdScnCIlrAuaBmLlJfeciwXOH5+3ymRvqe2D k+r8Ng6rqiv6kIoje7bZvuq+i6ZvWnMtpfTanECBnFIQtCjPQyuUJqyhqiL/6puQ hjn50LHg =CgZ0 -----END PGP SIGNATURE----- Merge tag 'io_uring-6.18-20251120' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull io_uring fix from Jens Axboe: "Just a single fix for a mixup of arguments for the skb_queue_splice() call, in the io_uring timestamp retrieval code" * tag 'io_uring-6.18-20251120' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: io_uring/cmd_net: fix wrong argument types for skb_queue_splice() |
|
|
Linus Torvalds
|
a4165ffc83 |
block-6.18-20251120
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmkfnhkQHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpgxoEACH4Pqtied7cbgVLQ+EZl/BDHMiFQLgTywq fNPBaQFTPXR3UjUJyZBelqCxIZsuJjElHyjOqh4zQO66WJ0Ba6s9HG5irTWIFwjb iOuCL88P2rmdfOUDvYTZS7oGTJEgBUcHzBwSheTGIljSrV0ztKAkiuLvDivzvzSG uwxzjZYzlfixWm0dTolgzKLzgKfRKrZlOF2i/RPFRld/9q3gAmDFRaKv3ht4i3hC lBuRHj9c8LnLY/aaEEjXRFEgca3ceMcO0m9YvWQUpCKXp5pztRENOLUKW1xmuDho 04IB8iSPHMJMgbm6U2JKhVcAHfIYW2PBLaHbx0RQYceG/16wqOAFGuXmcglQ8JYt bb8V+xu1KhDFmAPcEn29a837GpYaqQ4J+p5f15HeiLLX0l/cO/8dqG6cY0vqH3zr V/ir973hxtSl5nljGWwf3JRUiSUFqNCHGdrCBnvsZ6jtOWqiyzRNx54qLJjhTOza p1QYHaagDMMzwIpTnFmJWAcyHolROXmvCrJ+gxuYTN45i6ok0MOzDueonPWaQ2Us eBb9oQelmpKLgXYrdZB6s6ujkY/IRvHFsUDEekPRAOaOJVJKQyVfIOYsz5wMD+aK b8UQSvkTkZViMtjpxjS7fNihONjguVthGSaw9G851ithHW77wMBuNYiPq+O2OFF2 5/jSrvIGSQ== =X6HU -----END PGP SIGNATURE----- Merge tag 'block-6.18-20251120' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull block fixes from Jens Axboe: "NVMe pull request via Keith: - Admin queue use-after-free fix (Keith) - Target authentication fix (Alistar) - Multipath lockdeup fix (Shin'ichiro) - FC transport teardown fixes (Ewan)" * tag 'block-6.18-20251120' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme-multipath: fix lockdep WARN due to partition scan work nvmet-auth: update sc_c in target host hash calculation nvme: fix admin request_queue lifetime |
|
|
Linus Torvalds
|
317c4d8a2a |
ata fixes for 6.18-rc7
- Add a missing refcount decrement in ata_scsi_dev_rescan() when
the device or its queue is not running. In the case where the
device is running, the recount is already decremented properly
(Yihang Li)
- Generate the proper sense code for a Security locked device.
There was a regression caused by a recent change of how sense
data is generated for commands that did not provide any sense
data. This broke system suspend for Security locked devices.
Generate the sense data that the SCSI disk driver expects for
a Security locked device so that system supend works again
(me)
- Set capacity to zero for a Security locked device.
All I/O commands will be aborted by a Security locked device.
Thus, the block layer disk partition scanning will result in
a bunch of, for the user, confusing I/O errors in dmesg during
boot. Since a Security locked device is unusable anyway, set
the capacity to zero, to avoid the disk partition scanning
during boot. We still create the block device in /dev such
that the user may unlock the device using e.g. hdparm (me)
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRN+ES/c4tHlMch3DzJZDGjmcZNcgUCaSB/+AAKCRDJZDGjmcZN
cswtAP4l1Ui8d6PwHnxVvOlv1cWO/K+7XboiGZNFphf7QDZhPQD+J41BG/YNyNcB
Ma716tdF1UVayUB2OItsX0gSmmz9KgI=
=0b5E
-----END PGP SIGNATURE-----
Merge tag 'ata-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
Pull ata fixes from Niklas Cassel:
- Add a missing refcount decrement in ata_scsi_dev_rescan() when
the device or its queue is not running.
In the case where the device is running, the recount is already
decremented properly (Yihang Li)
- Generate the proper sense code for a Security locked device.
There was a regression caused by a recent change of how sense
data is generated for commands that did not provide any sense
data. This broke system suspend for Security locked devices.
Generate the sense data that the SCSI disk driver expects for a
Security locked device so that system suspend works again (me)
- Set capacity to zero for a Security locked device.
All I/O commands will be aborted by a Security locked device.
Thus, the block layer disk partition scanning will result in
a bunch of, for the user, confusing I/O errors in dmesg during
boot.
Since a Security locked device is unusable anyway, set the capacity
to zero, to avoid the disk partition scanning during boot. We still
create the block device in /dev such that the user may unlock the
device using e.g. hdparm (me)
* tag 'ata-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
ata: libata-core: Set capacity to zero for a security locked drive
ata: libata-scsi: Fix system suspend for a security locked drive
ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
|
|
|
Linus Torvalds
|
68d804c64a |
Pin control fixes for the v6.18 series:
- Fix register naming in the Mediatek mt8189 driver. - Select REGMAP_MMIO for the Realtek RTD driver. - Fix the number of items in groups in the Toshiba Visconti driver. - Fix a memory leak in the Cirrus CS42L43 driver. - Fix a deadlock (!) in Qualcomm pinmux configuration. - Fix use of uninitialized memory and list initialization in the S32CC pin controller. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEElDRnuGcz/wPCXQWMQRCzN7AZXXMFAmkgkXUACgkQQRCzN7AZ XXNxZxAAn7JgQd+ec2G8NtCXDd9CklEgnj8nrAp5k2DxdIfgmumrUWnuk0sFg5gR r9bHZXTucbFEhSXzZklMsYY3fIBDAFc4pcZe3+T3dwvLuP9eNT9WAKCxKrZol8b4 5x/D6nqfOMbYPBGwoR/tK1QUbbWxyC/LgjgUXr7GV5jKFZSDponWqOE50JdG3g8K ykJZFTZb++NLoBCW5IKPoKR+p2z5eyO0oiSrsgsFJvHsNy3ID6/L1lab9udJ1VdD TNLtnGuB3FEpUOUycx/Y4OyuMoVe2ySr2mqsSAVEWXB8+reAIZF3v5Y1uYYkn7j3 TwJ4qUTm7DtOlcCuH0GfyPuA0NLwFteTBVQl1w43i2Zcuy2prpZ0sYjMLPmwZTbX YiZgjo7lz2CxhGKkhOlcgrvxhoembEhD9Z8YL7CLn04dykjjnzTD7O1Hr2NA+ZwD ttbc5+2adyfaewIbo1zJNwP81x1wBVzPCDQVS+/h4lQB5AAxZpcYC8pz/zx84fTO Qg+nRk9hSjWjGqi9JGpsJRtNR04Q58qThDg3xuumq+17TtYUPTE7BCzpuV2jyodE UV1cHwjULp9e/f3dumDG15V733xUUtHEGNkk9AFD+F5X+QtChK1uDSbYlybsr/qc UbhoYHA+jQz5L3I4MIuU41ekVdVYlH5PKzDI5jTJOQUra9M/sag= =dfY2 -----END PGP SIGNATURE----- Merge tag 'pinctrl-v6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: - Fix register naming in the Mediatek mt8189 driver - Select REGMAP_MMIO for the Realtek RTD driver - Fix the number of items in groups in the Toshiba Visconti driver - Fix a memory leak in the Cirrus CS42L43 driver - Fix a deadlock (!) in Qualcomm pinmux configuration - Fix use of uninitialized memory and list initialization in the S32CC pin controller * tag 'pinctrl-v6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: dt-bindings: pinctrl: xlnx,versal-pinctrl: Add missing unevaluatedProperties on '^conf' nodes pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: qcom: msm: Fix deadlock in pinmux configuration pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups pinctrl: realtek: Select REGMAP_MMIO for RTD driver pinctrl: mediatek: mt8189: align register base names to dt-bindings ones pinctrl: mediatek: mt8196: align register base names to dt-bindings ones |
|
|
Linus Torvalds
|
2c26574cc4 |
gpio fixes for v6.18-rc7
- fix a use-after-free bug in GPIO character device code - update MAINTAINERS -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEkeUTLeW1Rh17omX8BZ0uy/82hMMFAmkgdpIACgkQBZ0uy/82 hMMt3Q/9E7I9oc89DFy9yZ6YXM8k2EpiIWvfygTMdVEx91i16L2591XFlrc6oQjQ c7Aaw6CWDVe20VlrWNMYxUQH2TUmROeQr3DJol8DUBRshLeVOEpWU6G0hvdFSucl lrDCS2ZkhNUswf0PLT+787OvdUhIvXGbvZv+Rcd5N+P7wxUwZkMStArl7PaAHVKt pNlUE6R0BtwPDWhi0wgag/RAmGo8TEdBcSinak9Ph9rdQg3GSPA1AsssFPqd1a13 j2MdcWJQAEUKm6ecEcBSFeBR62LhhgIEo7iybHAtLml/qiGzz5sAj3gOBG4filLi YLhTLxKOiGzkpg+MqYioj42JCpCobEhIkPV+/W9jmZePFH2pyKEdHnI4dF0xcp/8 +1WQo6xaZtTwADkyG3d0ardJdgZ0fc4AxQcSck29O+1NG0hd1Z+dL1cffdyJ8fxi OHucAlO/P/k7/T83eSZhRZaxdTWXCieWEJ1VzgwOsu/DnNvIcwhbyKGeFuS7z3Xj Gs1AFfh6GpFkK6ueZDz0ipBvtHqQTdzu1IwvosWMhmmPz/QdcxOywNK+UArvt6lg P5Tj6Wes0/ymZTKiPHicSx8UaqC8MliMKpJAWybePox6KieirXiht+a/qJvEXsbm ekPXH3RwsHNBlzB+dP+fa3aJWvd0F/2YVnug4T6a/QEVuNvJx7U= =nTA4 -----END PGP SIGNATURE----- Merge tag 'gpio-fixes-for-v6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux Pull gpio fixes from Bartosz Golaszewski: - fix a use-after-free bug in GPIO character device code - update MAINTAINERS * tag 'gpio-fixes-for-v6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: MAINTAINERS: update my email address gpio: cdev: make sure the cdev fd is still active before emitting events |
|
Eric Biggers
|
141fbbecec |
lib/crypto: tests: Fix KMSAN warning in test_sha256_finup_2x()
Fully initialize *ctx, including the buf field which sha256_init()
doesn't initialize, to avoid a KMSAN warning when comparing *ctx to
orig_ctx. This KMSAN warning slipped in while KMSAN was not working
reliably due to a stackdepot bug, which has now been fixed.
Fixes:
|
|
|
Linus Torvalds
|
c6d732c3bd |
drm fixes for 6.18-rc7
atomic: - Return error codes on failed blob creation for planes nouveau: - Fix memory leak tegra: - Fix device ref counting - Fix pid ref counting - Revert booting on Pixel C xe: - Fix out-of-bounds access with BIT() - Fix kunit test checking wrong condition - Drop duplicate kconfig select - Fix guc2host irq handler with MSI-X i915: - Wildcat Lake and Panther Lake detangled for display fixes amdgpu: - DTBCLK gating fix - EDID fetching retry improvements - HDMI HPD debounce filtering - DCN 2.0 cursor fix - DP MST PBN fix - VPE fix - GC 11 fix - PRT fix - MMIO remap page fix - SR-IOV fix radeon: - Fence deadlock fix -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmkgKwsACgkQDHTzWXnE hr5I7w//ZJ/IZjVOvkj53Z0+Nt/HO0Jg+tM+5Q0fldhMlvnh+c7WpcyWRivi5hLV JgOJJagu6CrXNKGwdghDRbV4fOW+LsqHTFim2JnxA2k/6est3ZaWfiwo6e0kza2W whRLUcC0G0zoIYESAgzEr2Th52vYRR6SHj/HGLs00EUx8zdIUnbzQd1LqQb9RjCo zHdbuig9ZInCDpp4bRSgrlOrIgBC1ysWWHLYK5cF1K54/7a/PqqHHZBl29dXizCt +n4hQfkpHPPGDcy1Bm1cI3RclfQ0j+XxiWaMNw8z7eSZbUVhnkqm3xVJbhvr6eg7 FiJMYvo4JMSMFBkcjwu8UPpVy1Bkpeebq61RvFlX7tDdMPJI5WO7wNN9iCyKZRIo YhCa+JVZ8quLcDHlxWVjhsdnN3r0/YpsNF3FbGzfPbSdZ97+dh33oSa+p035hhgD JxRBGA7yNtg9t9SJ2/1L66WbxSRP3tNVSOQlifKoJ51wwtF5OReZ/+wecCXsoWRo ic8LDEx3/KwmgsIALyTRRlw/dj9slqvtQhlZtEp9SAYm+0DsD7+dR61mrRsNcoTg d7j/S/zyWGZf4qMlktMfSuHPqqLQkVy4ExW+oMygk7g2P5jx2IiHOgrdg7HcVPWA KPrj+UCdUbTFm7pb9D+huIAwgmThkL9K+e0etm3c72rDR6j8JDk= =HgqB -----END PGP SIGNATURE----- Merge tag 'drm-fixes-2025-11-21' of https://gitlab.freedesktop.org/drm/kernel Pull drm fixes from Dave Airlie: "A range of small fixes across the board, the i915 display disambiguation is probably the biggest otherwise amdgpu and xe as usual with tegra, nouveau, radeon and a core atomic fix. Looks mostly normal. atomic: - Return error codes on failed blob creation for planes nouveau: - Fix memory leak tegra: - Fix device ref counting - Fix pid ref counting - Revert booting on Pixel C xe: - Fix out-of-bounds access with BIT() - Fix kunit test checking wrong condition - Drop duplicate kconfig select - Fix guc2host irq handler with MSI-X i915: - Wildcat Lake and Panther Lake detangled for display fixes amdgpu: - DTBCLK gating fix - EDID fetching retry improvements - HDMI HPD debounce filtering - DCN 2.0 cursor fix - DP MST PBN fix - VPE fix - GC 11 fix - PRT fix - MMIO remap page fix - SR-IOV fix radeon: - Fence deadlock fix" * tag 'drm-fixes-2025-11-21' of https://gitlab.freedesktop.org/drm/kernel: (25 commits) drm/amdgpu: Add sriov vf check for VCN per queue reset support. drm/amdgpu/ttm: Fix crash when handling MMIO_REMAP in PDE flags drm/amdgpu/vm: Check PRT uAPI flag instead of PTE flag drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled drm/amd: Skip power ungate during suspend for VPE drm/plane: Fix create_in_format_blob() return value drm/xe/irq: Handle msix vector0 interrupt drm/xe: Remove duplicate DRM_EXEC selection from Kconfig drm/xe/kunit: Fix forcewake assertion in mocs test drm/xe: Prevent BIT() overflow when handling invalid prefetch region drm/radeon: delete radeon_fence_process in is_signaled, no deadlock drm/amd/display: Fix pbn to kbps Conversion drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 drm/amd/display: Add an HPD filter for HDMI drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched drm/i915/xe3: Restrict PTL intel_encoder_is_c10phy() to only PHY A drm/i915/display: Add definition for wcl as subplatform drm/pcids: Split PTL pciids group to make wcl subplatform ... |
|
|
Linus Torvalds
|
a48f822908 |
samples: work around glibc redefining some of our defines wrong
Apparently as of version 2.42, glibc headers define AT_RENAME_NOREPLACE
and some of the other flags for renameat2() and friends in <stdio.h>.
Which would all be fine, except for inexplicable reasons glibc decided
to define them _differently_ from the kernel definitions, which then
makes some of our sample code that includes both kernel headers and user
space headers unhappy, because the compiler will (correctly) complain
about redefining things.
Now, mixing kernel headers and user space headers is always a somewhat
iffy proposition due to namespacing issues, but it's kind of inevitable
in our sample and selftest code. And this is just glibc being stupid.
Those defines come from the kernel, glibc is exposing the kernel
interfaces, and glibc shouldn't make up some random new expressions for
these values.
It's not like glibc headers changed the actual result values, but they
arbitrarily just decided to use a different expression to describe those
values. The kernel just does
#define AT_RENAME_NOREPLACE 0x0001
while glibc does
# define RENAME_NOREPLACE (1 << 0)
# define AT_RENAME_NOREPLACE RENAME_NOREPLACE
instead. Same value in the end, but very different macro definition.
For absolutely no reason.
This has since been fixed in the glibc development tree, so eventually
we'll end up with the canonical expressions and no clashes. But in the
meantime the broken headers are in the glibc-2.42 release and have made
it out into distributions.
Do a minimal work-around to make the samples build cleanly by just
undefining the affected macros in between the user space header include
and the kernel header includes.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Thomas Bogendoerfer
|
14b46ba92b |
MIPS: kernel: Fix random segmentation faults
Commit |
|
Maciej W. Rozycki
|
9f048fa487 |
MIPS: mm: Prevent a TLB shutdown on initial uniquification
Depending on the particular CPU implementation a TLB shutdown may occur
if multiple matching entries are detected upon the execution of a TLBP
or the TLBWI/TLBWR instructions. Given that we don't know what entries
we have been handed we need to be very careful with the initial TLB
setup and avoid all these instructions.
Therefore read all the TLB entries one by one with the TLBR instruction,
bypassing the content addressing logic, and truncate any large pages in
place so as to avoid a case in the second step where an incoming entry
for a large page at a lower address overlaps with a replacement entry
chosen at another index. Then preinitialize the TLB using addresses
outside our usual unique range and avoiding clashes with any entries
received, before making the usual call to local_flush_tlb_all().
This fixes (at least) R4x00 cores if TLBP hits multiple matching TLB
entries (SGI IP22 PROM for examples sets up all TLBs to the same virtual
address).
Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk>
Fixes:
|
|
Dave Airlie
|
40b53db87c |
Driver Changes:
- Fix out-of-bounds access with BIT() (Shuicheng Lin) - Fix kunit test checking wrong condition (Matt Roper) - Drop duplicate kconfig select (Shuicheng Lin) - Fix guc2host irq handler with MSI-X (Venkata Ramana Nayana) -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE6rM8lpABPHM5FqyDm6KlpjDL6lMFAmkgA6UACgkQm6KlpjDL 6lNQOQ/7BvIs0E5pAMxlxYq+O5Oyt9roX39ud1ilq2zSrBwxWEQ4n1eWXoveZ1AR lTdlhJij1bwEesgHQ59znoLCqIdvqIQpMAAjYnDVcCVDzDFRyrPfL6/PG7tw2gMw dyKlF5K2BPCqSL9wPVBNu9mUiPj8PytK8kR/uoJqI7ddBIQjQBt1dOqU+3perp8n e6MrfK5cKg9BYQewgky3rkAgt2P/ZIgsQkVoVk58D+OoX3Ot9I4kAfzsRklVwKZS 2CAqKooqhUrcNRk0u5PCg9NG4N/pmkjYL0MJWKk7MR0YcHhpvUN3AOJ/EtsNrP+6 oUJAlI3qptJUkGYSwD9WNweNPpISIqIktOhmkKW5SNMKzoAIAUvLbL45GodCeBRw FU7zHd9ELcZK9cevI/+0ARwdlBqj+UWArX0PLQ5hT7y3xW6soZeIQlvdsqKABamG NEslQsClOoDQrI8U8VxC/QHVvEIoDcFRKb6TbV2N9to0FhhyG8DSg5fct/9lCt9U cIl+O/PVq98raUf/DK1pvIzwJxaXQvAh/q1jE9627be9QxytEpdbph5FVMm8QAgT ae4OzlbElCGgrnxxCw1JVr0w/+Cj8uud9AV2FNgZC1CGO1uh3HmsFz596YwKFnV8 AHuyWr6w9pLMSYwOZf4k0Shv12rSLIMb2bXxLnoO7ZRMrDrZpHU= =8bu9 -----END PGP SIGNATURE----- Merge tag 'drm-xe-fixes-2025-11-21' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes Driver Changes: - Fix out-of-bounds access with BIT() (Shuicheng Lin) - Fix kunit test checking wrong condition (Matt Roper) - Drop duplicate kconfig select (Shuicheng Lin) - Fix guc2host irq handler with MSI-X (Venkata Ramana Nayana) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Lucas De Marchi <lucas.demarchi@intel.com> Link: https://patch.msgid.link/uadbrmftcud3wg32c6tje7mmfcr7wgmpnkzxwubk6fletahje2@coek2ciunkvz |
|
|
Dave Airlie
|
4e9fd472d1 |
amd-drm-fixes-6.18-2025-11-20:
amdgpu: - DTBCLK gating fix - EDID fetching retry improvements - HDMI HPD debounce filtering - DCN 2.0 cursor fix - DP MST PBN fix - VPE fix - GC 11 fix - PRT fix - MMIO remap page fix - SR-IOV fix radeon: - Fence deadlock fix -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCaR9DIQAKCRC93/aFa7yZ 2GLlAP479q32wC9h370R3ezgV9JfOH1SFgTaxdaJo/08SbEaXQD/Y2fe6YFrxZOF 1uxETAgq8LOGIZ4hMov1dMpaMczv5AY= =1VyU -----END PGP SIGNATURE----- Merge tag 'amd-drm-fixes-6.18-2025-11-20' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-6.18-2025-11-20: amdgpu: - DTBCLK gating fix - EDID fetching retry improvements - HDMI HPD debounce filtering - DCN 2.0 cursor fix - DP MST PBN fix - VPE fix - GC 11 fix - PRT fix - MMIO remap page fix - SR-IOV fix radeon: - Fence deadlock fix Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://patch.msgid.link/20251120164110.1077973-1-alexander.deucher@amd.com |
|
|
Dave Airlie
|
201a32e61b |
Short summary of fixes pull:
atomic: - Return error codes on failed blob creation for planes nouveau: - Fix memory leak tegra: - Fix device ref counting - Fix pid ref counting - Revert booting on Pixel C -----BEGIN PGP SIGNATURE----- iQFPBAABCgA5FiEEchf7rIzpz2NEoWjlaA3BHVMLeiMFAmkfL84bFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwyAAoJEGgNwR1TC3ojl+8H/RZmSovRsDwqCaaf8/rK ilXw840DmmkYbTKwlDjSd/F9NTMVtGZoVyqAUkuwfRrVXRfRPH391E5/FQnejOSF 8llrWQXYUg8VuIVHZx/LRNJyChEdCR3XdaaNbBKqETGB6ioUGwgUEEh3UcJV9VU8 WN7uQMpcCM7vM09di8PWEDUUTt0WU2m54/btLVi4Tdwl/ckyHlbxughycNiGg50v moWAxHt9/L7RC0aj4I+PiYMhknfY6DCh++ZCZ61yKg8dPCVkAXKNN+n0jQEmQgBK c03ZmLUBvvNYpmutL2TlEQXwF2cJiNXFJKYkxYWF69/Ln5gG7Pz98BIsiviLZZ+H fNE= =O22s -----END PGP SIGNATURE----- Merge tag 'drm-misc-fixes-2025-11-20' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes Short summary of fixes pull: atomic: - Return error codes on failed blob creation for planes nouveau: - Fix memory leak tegra: - Fix device ref counting - Fix pid ref counting - Revert booting on Pixel C Signed-off-by: Dave Airlie <airlied@redhat.com> From: Thomas Zimmermann <tzimmermann@suse.de> Link: https://patch.msgid.link/20251120151308.GA589436@linux.fritz.box |
|
|
Dave Airlie
|
9b571b3231 |
- Wildcat Lake and Panther Lake detangled for display fixes (Dnyaneshwar)
-----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmkfIkcACgkQ+mJfZA7r E8r+sAf8CaMlam0xIFVqn/EnmxDbRefP2TuamFPU6KzJ6rLNwNRjeTNQtJ2qxL/d igQ8YxSvSDBsuH+Xw6IE0fZN8JryiIpUDB8i+GiU3cOqmTijDYBpHYgXN07LT5Z1 8SbCX2yc/g+brDOjJKP6XZOtJVKHkNJ9fLawwkbGVU8ULDWKp16mry077E7Jalo3 66BnVL4DMVGM0bxVy9qvHHWRPmzkpgnoJKN/OVop5n8xE6vb+LcKeibVL6nd5jLQ b/aHUFxKkMfzjRrcIfnryuH4hv+2Og/fhqXQDGuCRocA0vDfocadv3N0PoGwWFv7 aA4GgXGzuWnnm/JT2HBIDYjnrXfDlA== =+Woe -----END PGP SIGNATURE----- Merge tag 'drm-intel-fixes-2025-11-20' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes - Wildcat Lake and Panther Lake detangled for display fixes (Dnyaneshwar) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rodrigo Vivi <rodrigo.vivi@intel.com> Link: https://patch.msgid.link/aR8jByCwjIThpnpk@intel.com |
|
Paul Moore
|
3ded250b97 |
selinux: rename the cred_security_struct variables to "crsec"
Along with the renaming from task_security_struct to cred_security_struct, rename the local variables to "crsec" from "tsec". This both fits with existing conventions and helps distinguish between task and cred related variables. No functional changes. Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
|
Stephen Smalley
|
dde3a5d0f4 |
selinux: move avdcache to per-task security struct
The avdcache is meant to be per-task; move it to a new
task_security_struct that is duplicated per-task.
Cc: stable@vger.kernel.org
Fixes:
|
|
|
Stephen Smalley
|
75f72fe289 |
selinux: rename task_security_struct to cred_security_struct
Before Linux had cred structures, the SELinux task_security_struct was per-task and although the structure was switched to being per-cred long ago, the name was never updated. This change renames it to cred_security_struct to avoid confusion and pave the way for the introduction of an actual per-task security structure for SELinux. No functional change. Cc: stable@vger.kernel.org Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> |
|
|
Linus Torvalds
|
fd95357fd8 |
sched_ext: Fixes for v6.18-rc6
One low risk and obvious fix: - scx_enable() was dereferencing error pointer on helper kthread creation failure. Fixed. -----BEGIN PGP SIGNATURE----- iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCaR9kwQ4cdGpAa2VybmVs Lm9yZwAKCRCxYfJx3gVYGUOOAPwKO8inQ9NceKv+7hJomt1IErwqe/S5w5ZHtGa4 knn/vgD9EEDou5QN1iM6VXd7p1T/R7A0lqAfWAtzjpA9lEOCjAA= =8v1T -----END PGP SIGNATURE----- Merge tag 'sched_ext-for-6.18-rc6-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext Pull sched_ext fix from Tejun Heo: "One low risk and obvious fix: scx_enable() was dereferencing an error pointer on helper kthread creation failure. Fixed" * tag 'sched_ext-for-6.18-rc6-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext: sched_ext: Fix scx_enable() crash on helper kthread creation failure |
|
|
Linus Torvalds
|
c966813ea1 |
slab fix for 6.18-rc7
-----BEGIN PGP SIGNATURE----- iQFPBAABCAA5FiEEe7vIQRWZI0iWSE3xu+CwddJFiJoFAmkfYFEbFIAAAAAABAAO bWFudTIsMi41KzEuMTEsMiwyAAoJELvgsHXSRYiaLtEIAKDAXWXlwCO3CVDb5USk t1KFTpmQ3UCPDd48eTRbeC6D0B3Jh7+JOa/f96yxQrQOABm2P3xuU30HcqLsWbfV D08MB2u/eyjcghBAqZ95WzdKUcMdzx90qlCnwUE/tDbcFhEc3FutPjqRUQ2iJcyu dk3K6yNl+LiQiw+BVLu+WgQD1fFStuSQ4H3oDHSL2ep0C+vv6jVBEKoiybHFvexQ okrVVBgL7RlPbz+n6t4bsaR64jGa+P9DeiGDGU9gM+kOdP5dYKcmOq0q5dliNOVw 6Bnf9T+zykU6NdQZjwx32eZZoocCg+DT2K+NDvLqeg8PsAGktwQWYDEKnM0yoRMk 7nY= =Lmv8 -----END PGP SIGNATURE----- Merge tag 'slab-for-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab Pull slab fix from Vlastimil Babka: - Fix mempool poisoning order>0 pages with CONFIG_HIGHMEM (Vlastimil Babka) * tag 'slab-for-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab: mm/mempool: fix poisoning order>0 pages with HIGHMEM |
|
Saket Kumar Bhaskar
|
7b6216baae |
sched_ext: Fix scx_enable() crash on helper kthread creation failure
A crash was observed when the sched_ext selftests runner was
terminated with Ctrl+\ while test 15 was running:
NIP [c00000000028fa58] scx_enable.constprop.0+0x358/0x12b0
LR [c00000000028fa2c] scx_enable.constprop.0+0x32c/0x12b0
Call Trace:
scx_enable.constprop.0+0x32c/0x12b0 (unreliable)
bpf_struct_ops_link_create+0x18c/0x22c
__sys_bpf+0x23f8/0x3044
sys_bpf+0x2c/0x6c
system_call_exception+0x124/0x320
system_call_vectored_common+0x15c/0x2ec
kthread_run_worker() returns an ERR_PTR() on failure rather than NULL,
but the current code in scx_alloc_and_add_sched() only checks for a NULL
helper. Incase of failure on SIGQUIT, the error is not handled in
scx_alloc_and_add_sched() and scx_enable() ends up dereferencing an
error pointer.
Error handling is fixed in scx_alloc_and_add_sched() to propagate
PTR_ERR() into ret, so that scx_enable() jumps to the existing error
path, avoiding random dereference on failure.
Fixes:
|
|
Jens Axboe
|
46447367a5 |
io_uring/cmd_net: fix wrong argument types for skb_queue_splice()
If timestamp retriving needs to be retried and the local list of
SKB's already has entries, then it's spliced back into the socket
queue. However, the arguments for the splice helper are transposed,
causing exactly the wrong direction of splicing into the on-stack
list. Fix that up.
Cc: stable@vger.kernel.org
Reported-by: Google Big Sleep <big-sleep-vuln-reports+bigsleep-462435176@google.com>
Fixes:
|
|
|
Linus Torvalds
|
07e09c3233 |
Power management fix for 6.18-rc7
Fix a regression introduced during the 6.16 development cycle that may cause runtime PM to be enabled by mistake for devices that do not support it (which may lead to some serious trouble) if there is a system wakeup event during the "late suspend" phase of system suspend. -----BEGIN PGP SIGNATURE----- iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmkfS9ASHHJqd0Byand5 c29ja2kubmV0AAoJEO5fvZ0v1OO1cKQH/RbZZcC/4q3lUgMfk0+C/6Y+4Nv7MxDR jT4fxYinFVSAVpcAIomB838C4PBuIilNKu2JUR62Rw2Pa5PSvVMZcpIHWMdb/QXn 7V5f0CQIGeWdzOBuXlzMWzko6D3CBBBHQMOBPFWD1w5DeT04DRDBAyqW+Osb6NEU aywA+qFkSSg+m+IzkNZGiIgKW9y6oponKetGTuB5b4C0c6WhMg9abc+isKC4yLXY NufuHokqSRn19RoKpzz1IBnHDE6yVoy9/O9QNY8yfKvLOr8MCRN6rbPwbMF3tcSk RQ+jASuIlEgExe0fsP+K1KTPh++EUOottirM9b1B6rj4UwHN+Yq95dk= =7MZg -----END PGP SIGNATURE----- Merge tag 'pm-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fix from Rafael Wysocki: "Fix a regression introduced during the 6.16 development cycle that may cause runtime PM to be enabled by mistake for devices that do not support it (which may lead to some serious trouble) if there is a system wakeup event during the "late suspend" phase of system suspend" * tag 'pm-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM: sleep: core: Fix runtime PM enabling in device_resume_early() |
|
|
Linus Torvalds
|
1753d40dce |
ACPI support fix for 6.18-rc7
This fixes EINJV2 support introduced during the 6.17 cycle by unbreaking the initialization broken by a previous attempted fix, adding sanity checks for data coming from the platform firmware, and updating the code to handle injecting legacy error types on an EINJV2 capable systems properly (Tony Luck). -----BEGIN PGP SIGNATURE----- iQFGBAABCAAwFiEEcM8Aw/RY0dgsiRUR7l+9nS/U47UFAmkfTbkSHHJqd0Byand5 c29ja2kubmV0AAoJEO5fvZ0v1OO1sW0H/1hrZXwWMnevTKSrjEgcfCu7Bj2JHTNl DqkjMOgU4uX+F6cO/Vitfs3j2N4FM6DCQpEvXBFso8jPkUjp0Ekw/zYoePcecdTd JPD/IIOcJJBrmbHMkEHwHNiaXEqNxKlvAYvdsVLGPZxut+ysiOqYYRjtYDwSFcjr F9FliIDn0HUDBYwV3ItiIZupUjkmficmiLO7AFAZddbugtCSEcdtQw207iq5NSN3 zfdVyGv0DOVwub3KEcRQOmMr8orUho5Z62/ms4RUl6b8jpIo8S57Yoxp9/J9cfDt 1eU2q8XnkKy/GbhEGehvRt3D/pTUUGdrgfEM40FUgROR1hI+b5MFE1w= =NauX -----END PGP SIGNATURE----- Merge tag 'acpi-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "This fixes EINJV2 support introduced during the 6.17 cycle by unbreaking the initialization broken by a previous attempted fix, adding sanity checks for data coming from the platform firmware, and updating the code to handle injecting legacy error types on an EINJV2 capable systems properly (Tony Luck)" * tag 'acpi-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: APEI: EINJ: Fix EINJV2 initialization and injection |
|
|
Linus Torvalds
|
6ba3bb3348 |
platform-drivers-x86 for v6.18-4
Fixes
- acer-wmi: Ignore backlight event
- alienware-wmi-wmax: Fix quirk match table order & drop redundant entries
- amd/pmc:
- Add Xbox Ally to spurious 8042 quirk list
- Quirk list Lenovo Legion Go 2 NVMe resume
- msi-wmi-platform:
- Correct GUID to uppercase
- GUID is uncleverly copy-pasted from an example so add a DMI whitelist
- intel/speed_select_if: PCIBIOS_* return code conversion
- intel-uncore-freq & ISST: Fix kernel doc warnings
New HW support
- alienware-wmi-wmax:
- Alienware 16 Aurora support
- Alienware M support
- Alienware X support
- Dell G support
- amd/pmc:
- ROG Xbox Ally (non-X) support
- huaway-wmi: HONOR MagicBoox X16/X14 PrintScreen & YOYO keys
- hp-wmi:
- Omen 16-wf1xxx fan support
- Omen MAX 16-ah0xx fan + thermal profile support
- Victus 16-r0 and 16-s0 fan + thermal profile support
- intel/hid: Intel Nova Lake support
- intel-uncore-freq:
- Intel Panther Lake support
- Intel Wildcat Lake support
- Intel Nova Lake support
The following is an automated shortlog grouped by driver:
acer-wmi:
- Ignore backlight event
alienware-wmi-wmax:
- Add AWCC support to Alienware 16 Aurora
- Add support for the whole "G" family
- Add support for the whole "M" family
- Add support for the whole "X" family
- Drop redundant DMI entries
- Fix "Alienware m16 R1 AMD" quirk order
amd: pmc:
- Add Lenovo Legion Go 2 to pmc quirk list
amd/pmc:
- Add spurious_8042 to Xbox Ally
- Add support for Van Gogh SoC
hp-wmi:
- Add Omen 16-wf1xxx fan support
- Add Omen MAX 16-ah0xx fan support and thermal profile
- mark Victus 16-r0 and 16-s0 for victus_s fan and thermal profile support
huawei-wmi:
- add keys for HONOR models
intel/hid:
- Add Nova Lake support
intel/speed_select_if:
- Convert PCIBIOS_* return codes to errnos
intel-uncore-freq:
- Add additional client processors
- fix all header kernel-doc warnings
ISST: isst_if.h:
- fix all kernel-doc warnings
msi-wmi-platform:
- Fix typo in WMI GUID
- Only load on MSI devices
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCaR9GsgAKCRBZrE9hU+XO
MU2qAQD8C75ebO/ltd9LZ4oTzfe0P6kmV+28z0D97tFsFmt0hwEA/fZHU/bV1+3c
+gRnoLCl4yPh214OgWnmsciPhW3iyAM=
=AtKC
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v6.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver fixes from Ilpo Järvinen:
"This one has lots of new HW entries which adds to the size in diffstat
but the individual changes are simple.
Fixes
- acer-wmi: Ignore backlight event
- alienware-wmi-wmax: Fix quirk match table order & drop redundant
entries
- amd/pmc:
- Add Xbox Ally to spurious 8042 quirk list
- Quirk list Lenovo Legion Go 2 NVMe resume
- msi-wmi-platform:
- Correct GUID to uppercase
- GUID is uncleverly copy-pasted from an example so add a DMI
whitelist
- intel/speed_select_if: PCIBIOS_* return code conversion
- intel-uncore-freq & ISST: Fix kernel doc warnings
New HW support
- alienware-wmi-wmax:
- Alienware 16 Aurora support
- Alienware M support
- Alienware X support
- Dell G support
- amd/pmc:
- ROG Xbox Ally (non-X) support
- huaway-wmi: HONOR MagicBoox X16/X14 PrintScreen & YOYO keys
- hp-wmi:
- Omen 16-wf1xxx fan support
- Omen MAX 16-ah0xx fan + thermal profile support
- Victus 16-r0 and 16-s0 fan + thermal profile support
- intel/hid: Intel Nova Lake support
- intel-uncore-freq:
- Intel Panther Lake support
- Intel Wildcat Lake support
- Intel Nova Lake support"
* tag 'platform-drivers-x86-v6.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86: (21 commits)
platform/x86: intel-uncore-freq: fix all header kernel-doc warnings
platform/x86: acer-wmi: Ignore backlight event
platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos
platform/x86/intel/hid: Add Nova Lake support
platform/x86: alienware-wmi-wmax: Add AWCC support to Alienware 16 Aurora
platform/x86: hp-wmi: Add Omen MAX 16-ah0xx fan support and thermal profile
platform/x86: msi-wmi-platform: Fix typo in WMI GUID
platform/x86: msi-wmi-platform: Only load on MSI devices
platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally
platform/x86/amd/pmc: Add support for Van Gogh SoC
platform/x86: alienware-wmi-wmax: Add support for the whole "G" family
platform/x86: alienware-wmi-wmax: Add support for the whole "X" family
platform/x86: alienware-wmi-wmax: Add support for the whole "M" family
platform/x86: alienware-wmi-wmax: Drop redundant DMI entries
platform/x86: alienware-wmi-wmax: Fix "Alienware m16 R1 AMD" quirk order
platform/x86: ISST: isst_if.h: fix all kernel-doc warnings
platform/x86: intel-uncore-freq: Add additional client processors
platform/x86: hp-wmi: Add Omen 16-wf1xxx fan support
platform/x86: huawei-wmi: add keys for HONOR models
...
|
|
|
Linus Torvalds
|
8e621c9a33 |
Including fixes from IPsec and wireless.
Previous releases - regressions:
- prevent NULL deref in generic_hwtstamp_ioctl_lower(),
newer APIs don't populate all the pointers in the request
- phylink: add missing supported link modes for the fixed-link
- mptcp: fix false positive warning in mptcp_pm_nl_rm_addr
Previous releases - always broken:
- openvswitch: remove never-working support for setting NSH fields
- xfrm: number of fixes for error paths of xfrm_state creation/
modification/deletion
- xfrm: fixes for offload
- fix the determination of the protocol of the inner packet
- don't push locally generated packets directly to L2 tunnel
mode offloading, they still need processing from the standard
xfrm path
- mptcp: fix a couple of corner cases in fallback and fastclose
handling
- wifi: rtw89: hw_scan: prevent connections from getting stuck,
work around apparent bug in FW by tweaking messages we send
- af_unix: fix duplicate data if PEEK w/ peek_offset needs to wait
- veth: more robust handing of race to avoid txq getting stuck
- eth: ps3_gelic_net: handle skb allocation failures
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmkfQv8ACgkQMUZtbf5S
IruptQ//aa3wFISt/xfCxaygNnQAL1gxWbKg15cLnv88S5r5wrh+Mf/r+qHkT0IG
qaxPToztcTKNGzRqMI/7x/OEXjCdfEmJtNcb5JfYRxGkYVcje81bhHrxZN+nLLcj
jx1xD7rXCjfFNDVFSl+OzQkoTZtfGphX+JgCTKLPZ8t4qR/UhU1IwYgpoaiK0uCT
gitXJPHrDGJLHud0ilaXbn+q0ZH9ZU08QSRhsaAq7C6YPafUseEr2fuQYgFr1kkp
mtzFm84bEnRSneQ5+noVzoc5llbu3vf3Wd9Y5tr5sBaBjh5OpH/kK0kuPy6Lzhvd
8y05jl8kyASMtRBoTvmpYOdi3xUNbge5AwJN3FIo4KPCmyr1bQoNoQVIivUpoiGz
Zvv7QcceP7E5057CRuhi06krld/QaScHkmhUododbqJKmL8NWaSoXLRO7oYjB4kU
1MuAwOJWVpsqnTUEbMw7dHJPZFTqRkLYv6oAmIqb/AWzTcqg9OXjLEc+OzUqWEl6
mHv/SonSjAM81m3GxCxtNtH2ErKwdMIgI/ado39+KvksKTH1bhN9ZpmuyyktzpCj
PBn9FVdd7zyct92u5xXtsKVkDWKGyD419Z2lFHC0FaAsNQmPrSqzi+U50pAtie5M
JWABm8hsSdia4dTDrdldMgM50dzuBd5nSceY7XCqPA8nZ5+Af/8=
=89Xl
-----END PGP SIGNATURE-----
Merge tag 'net-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from IPsec and wireless.
Previous releases - regressions:
- prevent NULL deref in generic_hwtstamp_ioctl_lower(),
newer APIs don't populate all the pointers in the request
- phylink: add missing supported link modes for the fixed-link
- mptcp: fix false positive warning in mptcp_pm_nl_rm_addr
Previous releases - always broken:
- openvswitch: remove never-working support for setting NSH fields
- xfrm: number of fixes for error paths of xfrm_state creation/
modification/deletion
- xfrm: fixes for offload
- fix the determination of the protocol of the inner packet
- don't push locally generated packets directly to L2 tunnel
mode offloading, they still need processing from the standard
xfrm path
- mptcp: fix a couple of corner cases in fallback and fastclose
handling
- wifi: rtw89: hw_scan: prevent connections from getting stuck,
work around apparent bug in FW by tweaking messages we send
- af_unix: fix duplicate data if PEEK w/ peek_offset needs to wait
- veth: more robust handing of race to avoid txq getting stuck
- eth: ps3_gelic_net: handle skb allocation failures"
* tag 'net-6.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (47 commits)
vsock: Ignore signal/timeout on connect() if already established
be2net: pass wrb_params in case of OS2BMC
l2tp: reset skb control buffer on xmit
net: dsa: microchip: lan937x: Fix RGMII delay tuning
selftests: mptcp: add a check for 'add_addr_accepted'
mptcp: fix address removal logic in mptcp_pm_nl_rm_addr
selftests: mptcp: join: userspace: longer timeout
selftests: mptcp: join: endpoints: longer timeout
selftests: mptcp: join: fastclose: remove flaky marks
mptcp: fix duplicate reset on fastclose
mptcp: decouple mptcp fastclose from tcp close
mptcp: do not fallback when OoO is present
mptcp: fix premature close in case of fallback
mptcp: avoid unneeded subflow-level drops
mptcp: fix ack generation for fallback msk
wifi: rtw89: hw_scan: Don't let the operating channel be last
net: phylink: add missing supported link modes for the fixed-link
selftest: af_unix: Add test for SO_PEEK_OFF.
af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic().
net/mlx5: Clean up only new IRQ glue on request_irq() failure
...
|
|
Malaya Kumar Rout
|
7b5ab04f03 |
timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths
tk_aux_sysfs_init() returns immediately on error during the auxiliary clock
initialization loop without cleaning up previously allocated kobjects and
sysfs groups.
If kobject_create_and_add() or sysfs_create_group() fails during loop
iteration, the parent kobjects (tko and auxo) and any previously created
child kobjects are leaked.
Fix this by adding proper error handling with goto labels to ensure all
allocated resources are cleaned up on failure. kobject_put() on the
parent kobjects will handle cleanup of their children.
Fixes:
|
|
Michal Luczaj
|
002541ef65 |
vsock: Ignore signal/timeout on connect() if already established
During connect(), acting on a signal/timeout by disconnecting an already
established socket leads to several issues:
1. connect() invoking vsock_transport_cancel_pkt() ->
virtio_transport_purge_skbs() may race with sendmsg() invoking
virtio_transport_get_credit(). This results in a permanently elevated
`vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.
2. connect() resetting a connected socket's state may race with socket
being placed in a sockmap. A disconnected socket remaining in a sockmap
breaks sockmap's assumptions. And gives rise to WARNs.
3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a
transport change/drop after TCP_ESTABLISHED. Which poses a problem for
any simultaneous sendmsg() or connect() and may result in a
use-after-free/null-ptr-deref.
Do not disconnect socket on signal/timeout. Keep the logic for unconnected
sockets: they don't linger, can't be placed in a sockmap, are rejected by
sendmsg().
[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/
[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/
[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/
Fixes:
|
|
Andrey Vatoropin
|
7d277a7a58 |
be2net: pass wrb_params in case of OS2BMC
be_insert_vlan_in_pkt() is called with the wrb_params argument being NULL at be_send_pkt_to_bmc() call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific packet, as commit |
|
|
Jens Axboe
|
49c2d5941c |
nvme fixes for Linux 6.18
- Admin queue use-after-free fix (Keith) - Target authentication fix (Alistar) - Multipath lockdeup fix (Shin'ichiro) - FC transport teardown fixes (Ewan) -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE3Fbyvv+648XNRdHTPe3zGtjzRgkFAmkfNGYACgkQPe3zGtjz RglWKg//Uq8AfPTAAjzP2w/bYNSSw3PD037fzQKnEikDCK2U2FyJuUP/UW6QPJxm ChhKrwJIKWlL7gOebiFkmQk/ri/4rgbDqO/L4P/K6W4TEA3RgPi6Z+iXhSRE1Soy mlPltmvTtXYtj1lHH2wSaQTKMz6Xsix+0t6uLlOizKEGy8lSSzp4ihyT984PLMjO trCy3uRpbPRLa38fqWj4nzaQ1tItvLwQtuH+9SRvy21B7W5zMfJyeXM31Joj2WQ1 u4HnZOhTcnA1Ihh/pdaRugEUMVACYcwGYBTFdLm/wzHXd+jZPVI2Sa9uDPeiJh3D oOrtCchrVMiODaxiH8sYNObn1GV7xUfsLsWxwOWJdQbe7WRBmWK1+4nOyGX12EO6 EQ628tMU8ojqZOS0dFFzWEmAQ7SRHtfi2Sd9grZZzZdW+mim7m0EWOmKg9iW4mtY /8E56NgRXZhybwfqjWof3rzIiYq586H6XduFNaGCfZKVjDB2wzrWPD2OglqljSjh ud1NU1vTs+F67R/jhYHIOMjFi9bYWTLEbB5SEWau1whDh4iUi9/M8ndjcyNNEAvC yzW69vpSmD5ZJyNhska6jnlL9nwS3wMm3RIDEHIMU508ikRClVTCw2AMYNbI3XhF veNaDHIMO44OolspKlhGO1FMRzIkX1IltRdT/9pQn1Fj2hGOn2w= =M5sK -----END PGP SIGNATURE----- Merge tag 'nvme-6.18-2025-11-20' of git://git.infradead.org/nvme into block-6.18 Pull NVMe fixes from Keith: "nvme fixes for Linux 6.18 - Admin queue use-after-free fix (Keith) - Target authentication fix (Alistar) - Multipath lockdeup fix (Shin'ichiro) - FC transport teardown fixes (Ewan)" * tag 'nvme-6.18-2025-11-20' of git://git.infradead.org/nvme: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme-multipath: fix lockdep WARN due to partition scan work nvmet-auth: update sc_c in target host hash calculation nvme: fix admin request_queue lifetime |
|
Niklas Cassel
|
91842ed844 |
ata: libata-core: Set capacity to zero for a security locked drive
For Security locked drives (drives that have Security enabled, and have
not been Security unlocked by boot firmware), the automatic partition
scanning will result in the user being spammed with errors such as:
ata5.00: failed command: READ DMA
ata5.00: cmd c8/00:08:00:00:00/00:00:00:00:00/e0 tag 7 dma 4096 in
res 51/04:08:00:00:00/00:00:00:00:00/e0 Emask 0x1 (device error)
ata5.00: status: { DRDY ERR }
ata5.00: error: { ABRT }
sd 4:0:0:0: [sda] tag#7 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sd 4:0:0:0: [sda] tag#7 Sense Key : Aborted Command [current]
sd 4:0:0:0: [sda] tag#7 Add. Sense: No additional sense information
during boot, because most commands except for IDENTIFY will be aborted by
a Security locked drive.
For a Security locked drive, set capacity to zero, so that no automatic
partition scanning will happen.
If the user later unlocks the drive using e.g. hdparm, the close() by the
user space application should trigger a revalidation of the drive.
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Damien Le Moal <dlemoal@kernel.org>
Signed-off-by: Niklas Cassel <cassel@kernel.org>
|
|
|
Niklas Cassel
|
b118906833 |
ata: libata-scsi: Fix system suspend for a security locked drive
Commit |
|
Yihang Li
|
b32cc17d60 |
ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
Call scsi_device_put() in ata_scsi_dev_rescan() if the device or its
queue are not running.
Fixes:
|
|
Paolo Abeni
|
dc9e7e652f |
A single fix for scanning on some rtw89 devices.
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEpeA8sTs3M8SN2hR410qiO8sPaAAFAmke1ccACgkQ10qiO8sP aAC5pg/9FI7YeMa8/wguZp8avQ0w48/GIaJ5qk7vpDoFuAoj9JSeIqCdlX7Kuo8L NulrCswFdVvpFhYqwnhYtstgaXTSxmx9Tt0VlQ4UUBevWwvgbScpB60KzpMssCW8 sXkqqT6dWHhuj9y2W4yZJahp5is5Yt/I6B5BsOst/VRtUyr2uN29HNjIFEJ4WHvg h/wNd3kGuBpwnDeIcwpeekpoSnD0C+JXDvIIMN2E2lGzF37oxMEmUDZsq4UmFLFP /Ntlce4CyTk4qv/cESGykaTPKA5LHLtBJnRP7//suLldwuLbkCvLwFNqy78QamRB pgx2Vn4eTayUFjFUojnlgFR8LnmoeSa9RQspx4KPqbFCxpJ49G14D7ZIDfDD1EW6 WjIUEqIcR6d2sdPFIGvKcAqadH0/qN8z5OSwKXl+8VYopintfMc3oYz1Zx1Q8/F8 jIWEKLHvCntrNuUEdhZToiqklA6I8StoLan3LvZVFXloSecxsrZ6kq/bTblmq7S9 iI6WeaFmzbhAHWKorD8u0K6kRJnMcftGPpGD0zgqbx1rb7T9DFWa11O/DS/EsXAE GssVtqu1+G7PqsDsHmtExm/YuCF/mBKfDSmV5AaQzD333uedthN+OehcmAtFoxzL Ipjhog0hCwryNQ7rPASRRCWjxHEqPc4Yk84HIB8e2XHEvCLONhY= =5p6s -----END PGP SIGNATURE----- Merge tag 'wireless-2025-11-20' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless Johannes Berg says: ==================== wireless-2025-11-20 A single fix for scanning on some rtw89 devices. * tag 'wireless-2025-11-20' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless: wifi: rtw89: hw_scan: Don't let the operating channel be last ==================== Link: https://patch.msgid.link/20251120085433.8601-3-johannes@sipsolutions.net Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
|
David Bauer
|
d70b592551 |
l2tp: reset skb control buffer on xmit
The L2TP stack did not reset the skb control buffer before sending the
encapsulated package.
In a setup with an ath10k radio and batman-adv over an L2TP tunnel
massive fragmentations happen sporadically if the L2TP tunnel is
established over IPv4.
L2TP might reset some of the fields in the IP control buffer, but L2TP
assumes the type of the control buffer to be of an IPv4 packet.
In case the L2TP interface is used as a batadv hardif or the packet is
an IPv6 packet, this assumption breaks.
Clear the entire control buffer to avoid such mishaps altogether.
Fixes:
|
|
Oleksij Rempel
|
3ceb6ac211 |
net: dsa: microchip: lan937x: Fix RGMII delay tuning
Correct RGMII delay application logic in lan937x_set_tune_adj().
The function was missing `data16 &= ~PORT_TUNE_ADJ` before setting the
new delay value. This caused the new value to be bitwise-OR'd with the
existing PORT_TUNE_ADJ field instead of replacing it.
For example, when setting the RGMII 2 TX delay on port 4, the
intended TUNE_ADJUST value of 0 (RGMII_2_TX_DELAY_2NS) was
incorrectly OR'd with the default 0x1B (from register value 0xDA3),
leaving the delay at the wrong setting.
This patch adds the missing mask to clear the field, ensuring the
correct delay value is written. Physical measurements on the RGMII TX
lines confirm the fix, showing the delay changing from ~1ns (before
change) to ~2ns.
While testing on i.MX 8MP showed this was within the platform's timing
tolerance, it did not match the intended hardware-characterized value.
Fixes:
|
|
Darrick J. Wong
|
678e1cc2f4 |
xfs: fix out of bounds memory read error in symlink repair
xfs/286 produced this report on my test fleet:
==================================================================
BUG: KFENCE: out-of-bounds read in memcpy_orig+0x54/0x110
Out-of-bounds read at 0xffff88843fe9e038 (184B right of kfence-#184):
memcpy_orig+0x54/0x110
xrep_symlink_salvage_inline+0xb3/0xf0 [xfs]
xrep_symlink_salvage+0x100/0x110 [xfs]
xrep_symlink+0x2e/0x80 [xfs]
xrep_attempt+0x61/0x1f0 [xfs]
xfs_scrub_metadata+0x34f/0x5c0 [xfs]
xfs_ioc_scrubv_metadata+0x387/0x560 [xfs]
xfs_file_ioctl+0xe23/0x10e0 [xfs]
__x64_sys_ioctl+0x76/0xc0
do_syscall_64+0x4e/0x1e0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
kfence-#184: 0xffff88843fe9df80-0xffff88843fe9dfea, size=107, cache=kmalloc-128
allocated by task 3470 on cpu 1 at 263329.131592s (192823.508886s ago):
xfs_init_local_fork+0x79/0xe0 [xfs]
xfs_iformat_local+0xa4/0x170 [xfs]
xfs_iformat_data_fork+0x148/0x180 [xfs]
xfs_inode_from_disk+0x2cd/0x480 [xfs]
xfs_iget+0x450/0xd60 [xfs]
xfs_bulkstat_one_int+0x6b/0x510 [xfs]
xfs_bulkstat_iwalk+0x1e/0x30 [xfs]
xfs_iwalk_ag_recs+0xdf/0x150 [xfs]
xfs_iwalk_run_callbacks+0xb9/0x190 [xfs]
xfs_iwalk_ag+0x1dc/0x2f0 [xfs]
xfs_iwalk_args.constprop.0+0x6a/0x120 [xfs]
xfs_iwalk+0xa4/0xd0 [xfs]
xfs_bulkstat+0xfa/0x170 [xfs]
xfs_ioc_fsbulkstat.isra.0+0x13a/0x230 [xfs]
xfs_file_ioctl+0xbf2/0x10e0 [xfs]
__x64_sys_ioctl+0x76/0xc0
do_syscall_64+0x4e/0x1e0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
CPU: 1 UID: 0 PID: 1300113 Comm: xfs_scrub Not tainted 6.18.0-rc4-djwx #rc4 PREEMPT(lazy) 3d744dd94e92690f00a04398d2bd8631dcef1954
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-4.module+el8.8.0+21164+ed375313 04/01/2014
==================================================================
On further analysis, I realized that the second parameter to min() is
not correct. xfs_ifork::if_bytes is the size of the xfs_ifork::if_data
buffer. if_bytes can be smaller than the data fork size because:
(a) the forkoff code tries to keep the data area as large as possible
(b) for symbolic links, if_bytes is the ondisk file size + 1
(c) forkoff is always a multiple of 8.
Case in point: for a single-byte symlink target, forkoff will be
8 but the buffer will only be 2 bytes long.
In other words, the logic here is wrong and we walk off the end of the
incore buffer. Fix that.
Cc: stable@vger.kernel.org # v6.10
Fixes:
|