-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCZ672+AAKCRCAXGG7T9hj
vqnNAP99iQfUC5je/UYE4k9ku0oRD9+d65G5YCmnLv5egUOuTgD/UT+N0LYaahS7
5hRh61sicj57dsrN4kA4U4TpVvoFsAY=
=CUIl
-----END PGP SIGNATURE-----
Merge tag 'for-linus-6.14-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
"Three fixes to xen-swiotlb driver:
- two fixes for issues coming up due to another fix in 6.12
- addition of an __init annotation"
* tag 'for-linus-6.14-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
Xen/swiotlb: mark xen_swiotlb_fixup() __init
x86/xen: allow larger contiguous memory regions in PV guests
xen/swiotlb: relax alignment requirements
amdgpu:
- Fix shutdown regression on old APUs
- Fix compute queue hang on gfx9 APUs
- Fix possible invalid access in PSP failure path
- Avoid possible buffer overflow in pptable override
amdkfd:
- Properly free gang bo in failure path
- GFX12 trap handler fix
i915:
- selftest fix: avoid using uninitialized context
xe:
- Remove bo->clients out of bos_lock area
- Carve out wopcm portion from the stolen memory
tests:
- fix lockdep with hdmi infrastructure tests
host1x:
- fix uninitialised mutex usage
panthor:
- fix uninit variable
hibmc:
- fix missing Kconfig select
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmeuuOsACgkQDHTzWXnE
hr6FpQ//U31/Gvz+T5l5+5mRy0QTsc8bJ0VECVIaFvhWvwsQP5ZAi4P/mPhsDbIP
p/s5UQKRSFPpQDKXe862XBMec7ZY5pUQZVEx++BxrVOhCFmIqdghjdg+gGYs3M+S
FN77HY+VFL7m3BrvOHXSfrFPmBtl4QZzqu0hKKgKvPt3mK0AzYjT6NFKpGudPxiW
eD679F4L8zJDLfMNldFSdElft8Xe+VwYtoOJwPysM61e/f340k+byti4/sdtcQHX
a90EBOzdEYaPhTFta5MWZmxyHdbiWNYwuG1j3K+PBY54HHmvqczoY6HCEwINYkDu
4IbNJI/LwGXXwjTJcVBfribnqj3rSzOIxVvjnDI8XfJ4MoQL4W/Ci1Mvui2SmSsn
Px/f4E9BVBOQJo7X6vfK8ZzAHov70kTjcOtrdX3/Ve4TSuOzGzizHwb3/GpClNDK
uvKr16kppfDTEfV74TaVS+Mkl4MBFFfY+lwaqg9KZa8b6/PfcvqX0o9W+75q0wAC
U0vPmHwPWLfEFv/naOer3cUUY3p/3FujKyx8YlHuXNCi4DwvgCkxH3ouoKIAzMLo
S6qw7ux/CbbCmZ1TvKtjU9egH5FYPskj5Rz5uSGMhvZBqgDFjsHZpmwX68sVUID7
LerfTfJxtIAHvh4HCoZmPu/KH/yLlOF5EyPBg+pyGtz8Dzh6lag=
=p2pF
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-2025-02-14' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Weekly drm fixes pull request, nothing too unusual, the hdmi tests
needs a bit of refactoring after lockdep shouted at them, otherwise
amdgpu and xe lead and a few misc otherwise.
amdgpu:
- Fix shutdown regression on old APUs
- Fix compute queue hang on gfx9 APUs
- Fix possible invalid access in PSP failure path
- Avoid possible buffer overflow in pptable override
amdkfd:
- Properly free gang bo in failure path
- GFX12 trap handler fix
i915:
- selftest fix: avoid using uninitialized context
xe:
- Remove bo->clients out of bos_lock area
- Carve out wopcm portion from the stolen memory
tests:
- fix lockdep with hdmi infrastructure tests
host1x:
- fix uninitialised mutex usage
panthor:
- fix uninit variable
hibmc:
- fix missing Kconfig select"
* tag 'drm-fixes-2025-02-14' of https://gitlab.freedesktop.org/drm/kernel:
drm: Fix DSC BPP increment decoding
drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
drm/amdkfd: Ensure consistent barrier state saved in gfx12 trap handler
drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
amdkfd: properly free gang_ctx_bo when failed to init user queue
drm/amdgpu: bump version for RV/PCO compute fix
drm/amdgpu/gfx9: manually control gfxoff for CS on RV
drm/amdgpu/pm: fix UVD handing in amdgpu_dpm_set_powergating_by_smu()
drm/xe: Carve out wopcm portion from the stolen memory
drm/i915/selftests: avoid using uninitialized context
drm/xe/client: bo->client does not need bos_lock
drm/hisilicon/hibmc: select CONFIG_DRM_DISPLAY_DP_HELPER
drm/panthor: avoid garbage value in panthor_ioctl_dev_query()
gpu: host1x: Fix a use of uninitialized mutex
drm/tests: hdmi: Fix recursive locking
drm/tests: hdmi: Reorder DRM entities variables assignment
drm/tests: hdmi: Remove redundant assignments
drm/tests: hdmi: Fix WW_MUTEX_SLOWPATH failures
- Carve out wopcm portion from the stolen memory (Nirmoy)
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEbSBwaO7dZQkcLOKj+mJfZA7rE8oFAmeuKuwACgkQ+mJfZA7r
E8otWAf9EYDbWE9va00T9kzPbzs3h/LEgkF7E22zgQPDcty+EwP+yGC9itcYnW8x
HfzR7iQa56Q3iO9i+UINkjZnVzjNtuQpM5G4vKKW6eBwO/4tGvXy2knBf5Vd2yvY
nLZQRPitaScwV17VjL0iw4ib4WuQWpJU7FZeTlIz8oHsF4dDV2B/R5k4REvbzM8a
81O0bXT+gvTQ//6A0PWDe4zPkS2dxKk6lhw57WRAnk0q4zRfV2rr4zlUHOrvDu8H
Lfzz+fkrssYNVvzstLesRlIr8za6IhJDg4crro57dnAluNbPBCGl+GHBAc4eVeC5
P6z7Hl1xfkLGrFJoTj6m9Lvywt9Osw==
=YbHU
-----END PGP SIGNATURE-----
Merge tag 'drm-xe-fixes-2025-02-13' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes
- Remove bo->clients out of bos_lock area (Tejas)
- Carve out wopcm portion from the stolen memory (Nirmoy)
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/Z64rCicgpBe_t5GY@intel.com
amdgpu:
- Fix shutdown regression on old APUs
- Fix compute queue hang on gfx9 APUs
- Fix possible invalid access in PSP failure path
- Avoid possible buffer overflow in pptable override
amdkfd:
- Properly free gang bo in failure path
- GFX12 trap handler fix
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQQgO5Idg2tXNTSZAr293/aFa7yZ2AUCZ64QYgAKCRC93/aFa7yZ
2E4uAPoCIug8zq4eyn2FIke05YUsKIleaWqnyfx5lOxE0liX6AEAqVjST+WNWmjx
6vC1MAOUitiVjOjLcsGIHG+xXK2T0Ak=
=H/SZ
-----END PGP SIGNATURE-----
Merge tag 'amd-drm-fixes-6.14-2025-02-13' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes
amd-drm-fixes-6.14-2025-02-13:
amdgpu:
- Fix shutdown regression on old APUs
- Fix compute queue hang on gfx9 APUs
- Fix possible invalid access in PSP failure path
- Avoid possible buffer overflow in pptable override
amdkfd:
- Properly free gang bo in failure path
- GFX12 trap handler fix
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250213153843.242640-1-alexander.deucher@amd.com
mutex fix for host1x, an unitialized variable fix for panthor, and a
config selection fix for hibmc.
-----BEGIN PGP SIGNATURE-----
iJUEABMJAB0WIQTkHFbLp4ejekA/qfgnX84Zoj2+dgUCZ64QCQAKCRAnX84Zoj2+
dmDKAYDbYyoPwDUEHDK87HiVKov0rVgeZ5Bxol+AV+5SP57XBSFP3p+IgtnWxZhQ
5f6yAl4BgKI70F7x4EQEyuOejEVAVCZTHuA9lzWcYIDkUQmvcIoY8t0HY9gZpW42
ZKrhAX3/vg==
=JF2k
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2025-02-13' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes
Some locking fixes for the HDMI infrastructure tests, an unitialized
mutex fix for host1x, an unitialized variable fix for panthor, and a
config selection fix for hibmc.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <mripard@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250213-brilliant-terrier-from-hell-d06dd5@houat
A small collection of driver specific fixes, none standing out in
particular.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmeuQCAACgkQJNaLcl1U
h9CCVAf/Rr150avak+/UYx7qVw6mQxKSNhElT3FccHZv8hOj0jlQhwXYS/o9dbzJ
fHua5LNXW9eOjj7O4It0VxW0TNT51cw/kkBPF0qZOfd4BkLF2sulU9LiKVgE+6D6
//NFOiRn5pXpAa0MXkiRouHxvJzPt+793oY9xE9pxYunBUww+cVk4bqMUmCl8ZmW
oWrF3x9YjIc55WAep6C/5dcQ7kHFwV1xiZa/0kTsmQvngaCMIjUSmtY2IPc+3NxV
a7yMNBs8AV784O3613WWHewiWEpzYCHt8ibqCqXrZn3U/8Tg7bTdIwKy5I9+WdEr
R1NFw5XdpUoeIQxMvmfo83VHrF9O2Q==
=W2sb
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A small collection of driver specific fixes, none standing out in
particular"
* tag 'spi-fix-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: sn-f-ospi: Fix division by zero
spi: pxa2xx: Fix regression when toggling chip select on LPSS devices
spi: atmel-quadspi: Fix warning in doc-comment
The main change here is a revert for a cleanup that was done in the
core, attempting to resolve some confusion about how we handle systems
where we've somehow managed to end up with both platform data and device
tree data for the same device. Unfortunately it turns out there are
actually a few systems that deliberately do this and were broken by the
change so we've just reverted it.
There's also a new Qualcomm device ID.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmeuQOIACgkQJNaLcl1U
h9AL1wf9EfB3NRu2QF1K/hSqXGLUUv6qCmhmi1pXw0eFzQuQG91bVPPMkB3WTTGq
5yPy3KjwABh2tMzUyv4W+D8q80+bwBwqmD3zBOfpFLQ38H9zgTE7Pi9X/uo3lnt/
eWZJx/KZ3RFzlVrH1W40U0t3r/vGxFlu2QxVacfRyG47FPz5DVDLxL8rN7NOzxaC
+h4fHdvSaSJY9YKnbZIjMFkywXf3pgMub91ZHLTWnlAdiMO2nsURBnQ+6BZnxjXz
b/LRHZ8cWby7shz+1qrDKZiMPpTdDKQWq7pKzx9R7PANO/hRim4X0bzPVrKAo0/f
UYL3Ts6TZ8rHBdRFy5/CGgrB5IAp6w==
=Pk60
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"The main change here is a revert for a cleanup that was done in the
core, attempting to resolve some confusion about how we handle systems
where we've somehow managed to end up with both platform data and
device tree data for the same device. Unfortunately it turns out there
are actually a few systems that deliberately do this and were broken
by the change so we've just reverted it.
There's also a new Qualcomm device ID"
* tag 'regulator-fix-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: core: let dt properties override driver init_data
regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
A simple fix for memory leaks when deallocating regmap-irq controllers.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmeuQSAACgkQJNaLcl1U
h9Aeigf+Jj4+NAOolq1sE86GSoTuupAw418f+a1Yy1TzCrKryyRNvEF8I4UFvxHs
uBEysvLGSa4fMFkDzCO0DlLtv7exmCCHuhKw2Vjy+icT5iichc6PE5ylas47bx4/
FrSm5O2VEzWIIBzQrStSkr0WJ8Paqnx3OLsJpdD/keqq7bRhYGyCoSZ6o9suyerr
zh/g+pOy+6nl3CuT2QNnCXLlzL04xfoIqHeTVOFFMwDw76NaxdL2Feb+mk40glqA
PUqggzzDLmxThmsh4LXGaos/ljmaWtt8/vUkl249o7EU9PMqZKSlDrKXFWY9I8OB
Y4P94DmhLuqx1wSBKFWcQDlkNqAjBQ==
=qxFK
-----END PGP SIGNATURE-----
Merge tag 'regmap-fix-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
Pull regmap fix from Mark Brown:
"A simple fix for memory leaks when deallocating regmap-irq
controllers"
* tag 'regmap-fix-v6.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap-irq: Add missing kfree()
Kalle Valo steps down after serving as the WiFi driver maintainer
for over a decade.
Current release - fix to a fix:
- vsock: orphan socket after transport release, avoid null-deref
- Bluetooth: L2CAP: fix corrupted list in hci_chan_del
Current release - regressions:
- eth: stmmac: correct Rx buffer layout when SPH is enabled
- rxrpc: fix alteration of headers whilst zerocopy pending
- eth: iavf: fix a locking bug in an error path
- s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH
- Revert "netfilter: flowtable: teardown flow if cached mtu is stale"
Current release - new code bugs:
- rxrpc: fix ipv6 path MTU discovery, only ipv4 worked
- pse-pd: fix deadlock in current limit functions
Previous releases - regressions:
- rtnetlink: fix netns refleak with rtnl_setlink()
- wifi: brcmfmac: use random seed flag for BCM4355 and BCM4364 firmware
Previous releases - always broken:
- add missing RCU protection of struct net throughout the stack
- can: rockchip: bail out if skb cannot be allocated
- eth: ti: am65-cpsw: base XDP support fixes
Misc:
- ethtool: tsconfig: update the format of hwtstamp flags,
changes the uAPI but this uAPI was not in any release yet
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmeuOoMACgkQMUZtbf5S
Irs43w/+M9ZRNqU7O1CK6kykgAkuWCZvfVvvKFCTKcxg+ibrelzn78m1CtFWfpci
aZ6meM65XQ/9a8y4VQgjMs8dDPSQphLXjXTLRtMLCEbL6Wakg6pobj/Rb/Ya4p9T
4Ao7VrCRzAbGDv/M4NXSuqVxc1YYBXA3i3FSKR913cMsYeTMOYLRvjsB8ZvSJOgK
Qs4iGYz3D/oO0KRHVWpzn1DUxQhwoqSjU1lFeuLc+1yxDmicqqkKnnP0A6DbN4zd
/JMVkM1ysAqKh4HNDdurMhy5D42Gdc/W/QfLJiNtpohNO2wItR9cs+Nn4TMnCvpF
DK4tS1z5V60S/t0G8isVAjtZYGcBL2hlC94H/8m/FztUdoVew2vaAlD3Fa2i0ED0
7Q9vzNHUfUSYfI2QLYJC+QHXBkzSiU18uK3zIFq/sIOZJco1Wz8Aevg78c2JV+Qi
nZLyyeH73Yt1lINBK5/td+KBFSVlMI5gAAGMVuH4+djLOOQohiufe5uKVlU/vjZ0
o2YTiIXRwhvAe2QIbjbZV1y4xhWLrH+NXhKYzRZZfTgx2wjLFVovjCfodQjskjNk
fVp5wg3m9qKO3MkEN+NTFcnZytUmpNgC1LqXLEMCOfccU+vDqQ+0xylNhEipSuWd
PW5c/dcoVnDARvxGVp1wWtEy83kF1RefgIp++wqSzSqisr2l2l4=
=7lE+
-----END PGP SIGNATURE-----
Merge tag 'net-6.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from netfilter, wireless and bluetooth.
Kalle Valo steps down after serving as the WiFi driver maintainer for
over a decade.
Current release - fix to a fix:
- vsock: orphan socket after transport release, avoid null-deref
- Bluetooth: L2CAP: fix corrupted list in hci_chan_del
Current release - regressions:
- eth:
- stmmac: correct Rx buffer layout when SPH is enabled
- iavf: fix a locking bug in an error path
- rxrpc: fix alteration of headers whilst zerocopy pending
- s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH
- Revert "netfilter: flowtable: teardown flow if cached mtu is stale"
Current release - new code bugs:
- rxrpc: fix ipv6 path MTU discovery, only ipv4 worked
- pse-pd: fix deadlock in current limit functions
Previous releases - regressions:
- rtnetlink: fix netns refleak with rtnl_setlink()
- wifi: brcmfmac: use random seed flag for BCM4355 and BCM4364
firmware
Previous releases - always broken:
- add missing RCU protection of struct net throughout the stack
- can: rockchip: bail out if skb cannot be allocated
- eth: ti: am65-cpsw: base XDP support fixes
Misc:
- ethtool: tsconfig: update the format of hwtstamp flags, changes the
uAPI but this uAPI was not in any release yet"
* tag 'net-6.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (72 commits)
net: pse-pd: Fix deadlock in current limit functions
rxrpc: Fix ipv6 path MTU discovery
Reapply "net: skb: introduce and use a single page frag cache"
s390/qeth: move netif_napi_add_tx() and napi_enable() from under BH
mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
ipv6: mcast: add RCU protection to mld_newpack()
team: better TEAM_OPTION_TYPE_STRING validation
Bluetooth: L2CAP: Fix corrupted list in hci_chan_del
Bluetooth: btintel_pcie: Fix a potential race condition
Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
net: ethernet: ti: am65_cpsw: fix tx_cleanup for XDP case
net: ethernet: ti: am65-cpsw: fix RX & TX statistics for XDP_TX case
net: ethernet: ti: am65-cpsw: fix memleak in certain XDP cases
vsock/test: Add test for SO_LINGER null ptr deref
vsock: Orphan socket after transport release
MAINTAINERS: Add sctp headers to the general netdev entry
Revert "netfilter: flowtable: teardown flow if cached mtu is stale"
iavf: Fix a locking bug in an error path
rxrpc: Fix alteration of headers whilst zerocopy pending
net: phylink: make configuring clock-stop dependent on MAC support
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAmeuSwwACgkQxWXV+ddt
WDtQ8Q//fsTAu1DLjeVrzMhVNswGwr3PgWzLk3PqWTDEG9UeR/jJYntIPglVyhhP
Mp2E3CYe2rlWwK0K3PITDu179tLrnCvbfKEPwWvyVZw5D0EDjPQYs9/H5ztSE8O4
4i3kv2LjlXHE3h62tjNoeHL4NK1SRJcFeH69XhhIe0ELvTQVarvfJupZwdQQivWg
sDlQXklXxl1kEtHVGnmz6jd09a0vti7xw8MAG6QiIP83Hvt6Ie+NLfTfTCkRIWSK
95mPM+1YhmLQe15sD8xjHyYmH5E0cEXQh1Pvlz6xqQWRvZERG8Pmj+iwFTLaw4iA
JR6sN2/KFgXE9OIGbFqQ+dvm++2hWcnPwW+h6EdOSj0DQkupbJm4VeBK0WQ4YZ+x
Q0OQXPTfGpcjp7KyJrT6EZFq5VxeEfOz4hozhiCSTs+Xpx7Oh/2THL01N/dUMn0C
SNR9E4/Rlq7rWV7euGwicwo/tZZIdCr4ihUGk4jpamlUbIXj+2SrOc4cpQdypmsO
DeYvwzIXnPe8/Eo3rZ5ej0DK7GxfEFyd6v6l0oS6HepvMJ6y6/eiOYteVbGpvhXv
J2M6PLstiZc152VHPApN9+ZlXBeGjyMfxLcsweblpSBBt/57otY6cMhqNuIp0j9B
0zP3KKOwrIJ8tzcwjMSH+2OZsDQ7oc7eiJI08r0IcpCbCBTIeyE=
=0hI+
-----END PGP SIGNATURE-----
Merge tag 'for-6.14-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
Pull btrfs fixes from David Sterba:
- fix stale page cache after race between readahead and direct IO write
- fix hole expansion when writing at an offset beyond EOF, the range
will not be zeroed
- use proper way to calculate offsets in folio ranges
* tag 'for-6.14-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
btrfs: fix hole expansion when writing at an offset beyond EOF
btrfs: fix stale page cache after race between readahead and direct IO write
btrfs: fix two misuses of folio_shift()
- More fixes for going read-only: the previous fix was insufficient, but
with more work on ordering journal reclaim flushing (and a btree node
accounting fix so we don't split until we have to) the
tiering_replication test now consistently goes read-only in less than
a second.
- fix for fsck when we have reflink pointers to missing indirect
extents
- some transaction restart handling fixes from Alan; the "Pass
_orig_restart_count to trans_was_restarted" likely fixes some rare
undefined behaviour heisenbugs.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEKnAFLkS8Qha+jvQrE6szbY3KbnYFAmeuOa8ACgkQE6szbY3K
bnbCog//SqsVcJKqkkSS1mmqnagy9UV7HGY4gXXzo5a2g/3Nkg1ZLgz18G23txaR
C9O8UXbSeZ6YWwer6brK++vtD22P7CGK94MnD0JNGsm7uqeMhqkNlUn5Z6dXXRsA
9lPOBCLugC5nJBZYZ9ITTWB4pGbIvv++yoWA4qluTUZ+NakP1X9+fNDBN0BQAEwz
JCHPkLcL4L9ifwxgoTRJjyTEQx6zTgCqC5UjWrvtvnZgDrfIt2OTR1Y2GKc3WFcf
3kbbpTjbyycL7b8pfF0x97ZpilKwqBSvWvBqNt9130lk9/CvaROlctqnzwNwqz36
ISPTKO1dmS+OX4lQNqvSu6ZnFEaKXUK4pPAifQWKNduPBaLB9zeMAR9aGXie+Ta5
fn0vXKD9KKs9VWe1bwni278u9oN0TmZya3d1Jo+wy2Z0DLI+5j4jobg7rtimLfnJ
4LMRzmhooTJENE9Zw3qStpnJxbvKA4HJuNTNyp+qDfpaQnF/u9FcRfSET0Hvt99E
byCAUVEuOscAaStIaaLugTLecK2r5MCxfdO93pGL8yfUhaiJq6KpvXLieoOYOoOP
7KWneV3/6/0RRw8WcHlnuXBucRrVDpqq48cTpZhb08ig5/P5kuODV0IeeGBH6qVx
H0tAMNq9d1XdBNRd+jNH/WkJvtkTI6SPOP2mKoGyfVWYyTEHKOw=
=qdkE
-----END PGP SIGNATURE-----
Merge tag 'bcachefs-2025-02-12' of git://evilpiepirate.org/bcachefs
Pull bcachefs fixes from Kent Overstreet:
"Just small stuff.
As a general announcement, on disk format is now frozen in my master
branch - future on disk format changes will be optional, not required.
- More fixes for going read-only: the previous fix was insufficient,
but with more work on ordering journal reclaim flushing (and a
btree node accounting fix so we don't split until we have to) the
tiering_replication test now consistently goes read-only in less
than a second.
- fix for fsck when we have reflink pointers to missing indirect
extents
- some transaction restart handling fixes from Alan; the "Pass
_orig_restart_count to trans_was_restarted" likely fixes some rare
undefined behaviour heisenbugs"
* tag 'bcachefs-2025-02-12' of git://evilpiepirate.org/bcachefs:
bcachefs: Reuse transaction
bcachefs: Pass _orig_restart_count to trans_was_restarted
bcachefs: CONFIG_BCACHEFS_INJECT_TRANSACTION_RESTARTS
bcachefs: Fix want_new_bset() so we write until the end of the btree node
bcachefs: Split out journal pins by btree level
bcachefs: Fix use after free
bcachefs: Fix marking reflink pointers to missing indirect extents
Fix a deadlock in pse_pi_get_current_limit and pse_pi_set_current_limit
caused by consecutive mutex_lock calls. One in the function itself and
another in pse_pi_get_voltage.
Resolve the issue by using the unlocked version of pse_pi_get_voltage
instead.
Fixes: e0a5e2bba3 ("net: pse-pd: Use power limit at driver side instead of current limit")
Signed-off-by: Kory Maincent <kory.maincent@bootlin.com>
Link: https://patch.msgid.link/20250212151751.1515008-1-kory.maincent@bootlin.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
rxrpc path MTU discovery currently only makes use of ICMPv4, but not
ICMPv6, which means that pmtud for IPv6 doesn't work correctly. Fix it to
check for ICMPv6 messages also.
Fixes: eeaedc5449 ("rxrpc: Implement path-MTU probing using padded PING ACKs (RFC8899)")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
Link: https://patch.msgid.link/3517283.1739359284@warthog.procyon.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjF9xRqF1emXiQiqU1w0aZmrPKyEFAmetwrcACgkQ1w0aZmrP
KyHrsA/+JYLZfG5Z1IMVs1MO0OyrhP/psLdAgwBGdyMpH1s95/d+fs1jej+A7zTh
9JtQu8i2sUzPq19eHtjPvafMb53/GTUly2qIJannmga22JxrT2Xvw3xUFsd0wiTa
e7g+mcRM3GIanXDN6U98FcC8w/aThsVy61QjpSGab4LYjKu4cTYpgO2iZqVjOSUT
cyfYrn3bgFkPphLA8YrJ9govwU1H6AOJtzCigU8Q8jkAQ0u8VOsWRa7ac/UhAIUa
viG3H7cv0iIzZ2NspokFU4LBMSKPHE9FAWHbw5cCukXSdCBoww14CbljFd3lOrrQ
z3BG+hREDLrscxMmCuBxvXLz1nN/UUPMlfTwvuDg68BySixiFPn7pjqVQUi68ij0
AS3y+tSAIDpibK4YcXUguvn49NcdvK0oEkrI3pAEwL6y8bHpoJfwNR73T/KeH8Vm
XQr2m1ruPhyCIWkV8yKPyga+7tWjT+txgZQAP1hwZWo/P3rao6cYDKfkWZKpdJ01
RKk4YepI7kDVqqqgRCpFfkcMvqthaRdBaTrQU3KnQBu/bkY3CxoQAtDJtBHdrcaw
7XykaojoDAFpydTJg7eVKTm/x6k0syWKJA/TsyX5p5OmQ4EOGt6lmZbkljxDPl+q
NiiXLnIdugnM4uL6lR6YGSsvzOui+LUT6KUPsbw1Eg7kKPK0StI=
=ZZ4N
-----END PGP SIGNATURE-----
Merge tag 'nf-25-02-13' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following batch contains one revert for:
1) Revert flowtable entry teardown cycle when skbuff exceeds mtu to
deal with DF flag unset scenarios. This is reverts a patch coming
in the previous merge window (available in 6.14-rc releases).
* tag 'nf-25-02-13' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
Revert "netfilter: flowtable: teardown flow if cached mtu is stale"
====================
Link: https://patch.msgid.link/20250213100502.3983-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This reverts commit 011b033590.
Sabrina reports that the revert may trigger warnings due to intervening
changes, especially the ability to rise MAX_SKB_FRAGS. Let's drop it
and revisit once that part is also ironed out.
Fixes: 011b033590 ("Revert "net: skb: introduce and use a single page frag cache"")
Reported-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/6bf54579233038bc0e76056c5ea459872ce362ab.1739375933.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQJKBAABCAA0FiEEzOlt8mkP+tbeiYy5AoYrw/LiJnoFAmet+IIWHGNoZW5odWFj
YWlAa2VybmVsLm9yZwAKCRAChivD8uImesjHD/9NL2GwZTldtC+ryWb2Og7xcKGs
f7lSUrUaQypHP8NTxduP/M/tmLrmzbj5LYdoG2zXHWykOwJo2Z1C8N0q1uB6nwqW
PNAx+sS2NjRwUCXIsTfCK2/+NKmuHzRJTyEvSS8W4ott3QAgPa5vHpyCDqqr5rJQ
UiWgMxbxA/fQKGr5CEsoF3U1w/iJgBCbVMzcY6OAHmO1/8Pf29XN3yUvdiNDqadH
bR7nDpLn6uZQn4w16A/ZlFh2k0EGFsVcYC1W5e2x15ud1rU76Eg5DAP9GMIm3EXt
8SeyvaR0jTrIyZeJliF2tn60x4SG94ZDlyNGcOq94StDEPDxyVTs+D6KDiQfLwx6
9zp9igQR/hpTGhPzwD5dtUyJbgfn+Sln8w6c8ygrzfKwopA0GXlkrBLmnPCU1lCG
FfbKhNycRH4VrQsAqfO47876T9Bba+vgNkyMOgfkFBr7EmKHCDncCK4EAB9xpXfu
2zE5pc3Yl6I7EHSk/KtKhJ3kgNri5nK/ubJiEKAR+0jep2H5JxMCSJoJMsmFw3Vt
d0O495PDIEu6s2ULMyfp5MFrXTDkTiC2ghw2b7+UojScCn9A9+WjARBy/NtH83R5
3j+S+4KbV5aserl7AkOTc87aNXdyZ62b9vzYqzJVaHJxavnTn2DXOGjFBhQn0oRl
HhYoJAn9kcK4I74Rvw==
=O6uZ
-----END PGP SIGNATURE-----
Merge tag 'loongarch-fixes-6.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
Pull LoongArch fixes from Huacai Chen:
"Fix bugs about idle, kernel_page_present(), IP checksum and KVM, plus
some trival cleanups"
* tag 'loongarch-fixes-6.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
LoongArch: KVM: Set host with kernel mode when switch to VM mode
LoongArch: KVM: Remove duplicated cache attribute setting
LoongArch: KVM: Fix typo issue about GCFG feature detection
LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
LoongArch: Remove the deprecated notifier hook mechanism
LoongArch: Use str_yes_no() helper function for /proc/cpuinfo
LoongArch: Fix kernel_page_present() for KPRANGE/XKPRANGE
LoongArch: Fix idle VS timer enqueue
Fixes and new HW support:
- thinkpad_acpi:
- Fix registration of tpacpi platform driver
- Support fan speed in ticks per revolution (Thinkpad X120e)
- Support V9 DYTC profiles (new Thinkpad AMD platforms)
- int3472: Handle GPIO "enable" vs "reset" variation (ov7251)
The following is an automated shortlog grouped by driver:
int3472:
- Call "reset" GPIO "enable" for INT347E
- Use correct type for "polarity", call it gpio_flags
thinkpad_acpi:
- Fix invalid fan speed on ThinkPad X120e
- Fix registration of tpacpi platform driver
- Support for V9 DYTC platform profiles
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQSCSUwRdwTNL2MhaBlZrE9hU+XOMQUCZ63igAAKCRBZrE9hU+XO
MW/TAQDbeIrh8Oy17XBXVYUMcLhuyQNGXQLQntMzxPzCL+aL7AD/T39y8bZFWlYg
lEvrv4B/YOjCZyfcst8lR7RrcMFo/Qs=
=olZn
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v6.14-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver fixes from Ilpo Järvinen:
- thinkpad_acpi:
- Fix registration of tpacpi platform driver
- Support fan speed in ticks per revolution (Thinkpad X120e)
- Support V9 DYTC profiles (new Thinkpad AMD platforms)
- int3472: Handle GPIO "enable" vs "reset" variation (ov7251)
* tag 'platform-drivers-x86-v6.14-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
platform/x86: thinkpad_acpi: Fix registration of tpacpi platform driver
platform/x86: int3472: Call "reset" GPIO "enable" for INT347E
platform/x86: int3472: Use correct type for "polarity", call it gpio_flags
platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
Add a check for the return value of mlxsw_sp_port_get_stats_raw()
in __mlxsw_sp_port_get_stats(). If mlxsw_sp_port_get_stats_raw()
returns an error, exit the function to prevent further processing
with potentially invalid data.
Fixes: 614d509aa1 ("mlxsw: Move ethtool_ops to spectrum_ethtool.c")
Cc: stable@vger.kernel.org # 5.9+
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Link: https://patch.msgid.link/20250212152311.1332-1-vulab@iscas.ac.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
mld_newpack() can be called without RTNL or RCU being held.
Note that we no longer can use sock_alloc_send_skb() because
ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.
Instead use alloc_skb() and charge the net->ipv6.igmp_sk
socket under RCU protection.
Fixes: b8ad0cbc58 ("[NETNS][IPV6] mcast - handle several network namespace")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250212141021.1663666-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
On HCI_OP_RESET command, firmware raises alive interrupt. Driver needs
to wait for this before sending other command. This patch fixes the potential
miss of alive interrupt due to which HCI_OP_RESET can timeout.
Expected flow:
If tx command is HCI_OP_RESET,
1. set data->gp0_received = false
2. send HCI_OP_RESET
3. wait for alive interrupt
Actual flow having potential race:
If tx command is HCI_OP_RESET,
1. send HCI_OP_RESET
1a. Firmware raises alive interrupt here and in ISR
data->gp0_received is set to true
2. set data->gp0_received = false
3. wait for alive interrupt
Signed-off-by: Kiran K <kiran.k@intel.com>
Fixes: 05c200c8f0 ("Bluetooth: btintel_pcie: Add handshake between driver and firmware")
Reported-by: Bjorn Helgaas <helgaas@kernel.org>
Closes: https://patchwork.kernel.org/project/bluetooth/patch/20241001104451.626964-1-kiran.k@intel.com/
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Today a PV guest (including dom0) can create 2MB contiguous memory
regions for DMA buffers at max. This has led to problems at least
with the megaraid_sas driver, which wants to allocate a 2.3MB DMA
buffer.
The limiting factor is the frame array used to do the hypercall for
making the memory contiguous, which has 512 entries and is just a
static array in mmu_pv.c.
In order to not waste memory for non-PV guests, put the initial
frame array into .init.data section and dynamically allocate an array
from the .init_after_bootmem hook of PV guests.
In case a contiguous memory area larger than the initially supported
2MB is requested, allocate a larger buffer for the frame list. Note
that such an allocation is tried only after memory management has been
initialized properly, which is tested via a flag being set in the
.init_after_bootmem hook.
Fixes: 9f40ec84a7 ("xen/swiotlb: add alignment check for dma buffers")
Signed-off-by: Juergen Gross <jgross@suse.com>
Tested-by: Alan Robinson <Alan.Robinson@fujitsu.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
When mapping a buffer for DMA via .map_page or .map_sg DMA operations,
there is no need to check the machine frames to be aligned according
to the mapped areas size. All what is needed in these cases is that the
buffer is contiguous at machine level.
So carve out the alignment check from range_straddles_page_boundary()
and move it to a helper called by xen_swiotlb_alloc_coherent() and
xen_swiotlb_free_coherent() directly.
Fixes: 9f40ec84a7 ("xen/swiotlb: add alignment check for dma buffers")
Reported-by: Jan Vejvalka <jan.vejvalka@lfmotol.cuni.cz>
Tested-by: Jan Vejvalka <jan.vejvalka@lfmotol.cuni.cz>
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
Starting with DPCD version 2.0 bits 6:3 of the DP_DSC_BITS_PER_PIXEL_INC
DPCD register contains the NativeYCbCr422_MAX_bpp_DELTA field, which can
be non-zero as opposed to earlier DPCD versions, hence decoding the
bit_per_pixel increment value at bits 2:0 in the same register requires
applying a mask, do so.
Cc: Ankit Nautiyal <ankit.k.nautiyal@intel.com>
Fixes: 0c2287c965 ("drm/display/dp: Add helper function to get DSC bpp precision")
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Imre Deak <imre.deak@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250212161851.4007005-1-imre.deak@intel.com
For XDP transmit case, swdata doesn't contain SKB but the
XDP Frame. Infer the correct swdata based on buffer type
and return the XDP Frame for XDP transmit case.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Fixes: 8acacc40f7 ("net: ethernet: ti: am65-cpsw: Add minimal XDP support")
Link: https://patch.msgid.link/20250210-am65-cpsw-xdp-fixes-v1-3-ec6b1f7f1aca@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
For successful XDP_TX and XDP_REDIRECT cases, the packet was received
successfully so update RX statistics. Use original received
packet length for that.
TX packets statistics are incremented on TX completion so don't
update it while TX queueing.
If xdp_convert_buff_to_frame() fails, increment tx_dropped.
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Fixes: 8acacc40f7 ("net: ethernet: ti: am65-cpsw: Add minimal XDP support")
Link: https://patch.msgid.link/20250210-am65-cpsw-xdp-fixes-v1-2-ec6b1f7f1aca@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
If the XDP program doesn't result in XDP_PASS then we leak the
memory allocated by am65_cpsw_build_skb().
It is pointless to allocate SKB memory before running the XDP
program as we would be wasting CPU cycles for cases other than XDP_PASS.
Move the SKB allocation after evaluating the XDP program result.
This fixes the memleak. A performance boost is seen for XDP_DROP test.
XDP_DROP test:
Before: 460256 rx/s 0 err/s
After: 784130 rx/s 0 err/s
Fixes: 8acacc40f7 ("net: ethernet: ti: am65-cpsw: Add minimal XDP support")
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Link: https://patch.msgid.link/20250210-am65-cpsw-xdp-fixes-v1-1-ec6b1f7f1aca@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
PRMD register is only meaningful on the beginning stage of exception
entry, and it is overwritten with nested irq or exception.
When CPU runs in VM mode, interrupt need be enabled on host. And the
mode for host had better be kernel mode rather than random or user mode.
When VM is running, the running mode with top command comes from CRMD
register, and running mode should be kernel mode since kernel function
is executing with perf command. It needs be consistent with both top and
perf command.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Cache attribute comes from GPA->HPA secondary mmu page table and is
configured when kvm is enabled. It is the same for all VMs, so remove
duplicated cache attribute setting on vCPU context switch.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
This is typo issue and misusage about GCFG feature macro. The code
is wrong, only that it does not cause obvious problem since GCFG is
set again on vCPU context switch.
Fixes: 0d0df3c99d ("LoongArch: KVM: Implement kvm hardware enable, disable interface")
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Commit 69e3a6aa6b ("LoongArch: Add checksum optimization for 64-bit
system") would cause an undefined shift and an out-of-bounds read.
Commit 8bd795fedb ("arm64: csum: Fix OoB access in IP checksum code
for negative lengths") fixes the same issue on ARM64.
Fixes: 69e3a6aa6b ("LoongArch: Add checksum optimization for 64-bit system")
Co-developed-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Yuli Wang <wangyuli@uniontech.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
The notifier hook mechanism in proc and cpuinfo is actually unnecessary
for LoongArch because it's not used anywhere.
It was originally added to the MIPS code in commit d6d3c9afaa ("MIPS:
MT: proc: Add support for printing VPE and TC ids"), and LoongArch then
inherited it.
But as the kernel code stands now, this notifier hook mechanism doesn't
really make sense for either LoongArch or MIPS.
In addition, the seq_file forward declaration needs to be moved to its
proper place, as only the show_ipi_list() function in smp.c requires it.
Co-developed-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Yuli Wang <wangyuli@uniontech.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Now kernel_page_present() always return true for KPRANGE/XKPRANGE
addresses, this isn't correct because hibernation (ACPI S4) use it
to distinguish whether a page is saveable. If all KPRANGE/XKPRANGE
addresses are considered as saveable, then reserved memory such as
EFI_RUNTIME_SERVICES_CODE / EFI_RUNTIME_SERVICES_DATA will also be
saved and restored.
Fix this by returning true only if the KPRANGE/XKPRANGE address is in
memblock.memory.
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
LoongArch re-enables interrupts on its idle routine and performs a
TIF_NEED_RESCHED check afterwards before putting the CPU to sleep.
The IRQs firing between the check and the idle instruction may set the
TIF_NEED_RESCHED flag. In order to deal with such a race, IRQs
interrupting __arch_cpu_idle() rollback their return address to the
beginning of __arch_cpu_idle() so that TIF_NEED_RESCHED is checked
again before going back to sleep.
However idle IRQs can also queue timers that may require a tick
reprogramming through a new generic idle loop iteration but those timers
would go unnoticed here because __arch_cpu_idle() only checks
TIF_NEED_RESCHED. It doesn't check for pending timers.
Fix this with fast-forwarding idle IRQs return address to the end of the
idle routine instead of the beginning, so that the generic idle loop can
handle both TIF_NEED_RESCHED and pending timers.
Fixes: 0603839b18 ("LoongArch: Add exception/interrupt handling")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Marco Crivellari <marco.crivellari@suse.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Explicitly close() a TCP_ESTABLISHED (connectible) socket with SO_LINGER
enabled.
As for now, test does not verify if close() actually lingers.
On an unpatched machine, may trigger a null pointer dereference.
Tested-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Link: https://patch.msgid.link/20250210-vsock-linger-nullderef-v3-2-ef6244d02b54@rbox.co
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
During socket release, sock_orphan() is called without considering that it
sets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a
null pointer dereferenced in virtio_transport_wait_close().
Orphan the socket only after transport release.
Partially reverts the 'Fixes:' commit.
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
lock_acquire+0x19e/0x500
_raw_spin_lock_irqsave+0x47/0x70
add_wait_queue+0x46/0x230
virtio_transport_release+0x4e7/0x7f0
__vsock_release+0xfd/0x490
vsock_release+0x90/0x120
__sock_release+0xa3/0x250
sock_close+0x14/0x20
__fput+0x35e/0xa90
__x64_sys_close+0x78/0xd0
do_syscall_64+0x93/0x1b0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Reported-by: syzbot+9d55b199192a4be7d02c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9d55b199192a4be7d02c
Fixes: fcdd2242c0 ("vsock: Keep the binding until socket destruction")
Tested-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Signed-off-by: Michal Luczaj <mhal@rbox.co>
Link: https://patch.msgid.link/20250210-vsock-linger-nullderef-v3-1-ef6244d02b54@rbox.co
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
All SCTP patches are picked up by netdev maintainers. Two headers were
missing to be listed there.
Reported-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/b3c2dc3a102eb89bd155abca2503ebd015f50ee0.1739193671.git.marcelo.leitner@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Tony Nguyen says:
====================
Intel Wired LAN Driver Updates 2025-02-11 (idpf, ixgbe, igc)
For idpf:
Sridhar fixes a couple issues in handling of RSC packets.
Josh adds a call to set_real_num_queues() to keep queue count in sync.
For ixgbe:
Piotr removes missed IS_ERR() removal when ERR_PTR usage was removed.
For igc:
Zdenek Bouska fixes reporting of Rx timestamp with AF_XDP.
Siang sets buffer type on empty frame to ensure proper handling.
* '200GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
igc: Set buffer type for empty frames in igc_init_empty_frame
igc: Fix HW RX timestamp when passed by ZC XDP
ixgbe: Fix possible skb NULL pointer dereference
idpf: call set_real_num_queues in idpf_open
idpf: record rx queue in skb for RSC packets
idpf: fix handling rsc packet with a single segment
====================
Link: https://patch.msgid.link/20250211214343.4092496-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
It malicious user provides a small pptable through sysfs and then
a bigger pptable, it may cause buffer overflow attack in function
smu_sys_set_pp_table().
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
It is possible for some waves in a workgroup to finish their save
sequence before the group leader has had time to capture the workgroup
barrier state. When this happens, having those waves exit do impact the
barrier state. As a consequence, the state captured by the group leader
is invalid, and is eventually incorrectly restored.
This patch proposes to have all waves in a workgroup wait for each other
at the end of their save sequence (just before calling s_endpgm_saved).
Signed-off-by: Lancelot SIX <lancelot.six@amd.com>
Reviewed-by: Jay Cornwall <jay.cornwall@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org # 6.12.x
In function psp_init_cap_microcode(), it should bail out when failed to
load firmware, otherwise it may cause invalid memory access.
Fixes: 07dbfc6b10 ("drm/amd: Use `amdgpu_ucode_*` helpers for PSP")
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
