[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.117-part3 #1353
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ Upstream commit 10fb1b2 ] If two fault IRQs arrive in short succession recovery work will be queued up twice. When recovery runs a second time it may end up killing an unrelated context. Prevent this by masking off interrupts when triggering recovery. Signed-off-by: Antonino Maniscalco <[email protected]> Reviewed-by: Akhil P Oommen <[email protected]> Patchwork: https://patchwork.freedesktop.org/patch/670023/ Signed-off-by: Rob Clark <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit d89343fce39aa1e165c80bad8e88b93fcbec0870) Signed-off-by: Wentao Guan <[email protected]>
…ointer [ Upstream commit e280228 ] Currently, misc_deregister() uses list_del() to remove the device from the list. After list_del(), the list pointers are set to LIST_POISON1 and LIST_POISON2, which may help catch use-after-free bugs, but does not reset the list head. If misc_deregister() is called more than once on the same device, list_empty() will not return true, and list_del() may be called again, leading to undefined behavior. Replace list_del() with list_del_init() to reinitialize the list head after deletion. This makes the code more robust against double deregistration and allows safe usage of list_empty() on the miscdevice after deregistration. [ Note, this seems to keep broken out-of-tree drivers from doing foolish things. While this does not matter for any in-kernel drivers, external drivers could use a bit of help to show them they shouldn't be doing stuff like re-registering misc devices - gregkh ] Signed-off-by: Xion Wang <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 81015dd217a4fd3e56e910ee450300f332ef9ea7) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit c7df6f3 ] The datasheet of ov08x40 doesn't match the hardware behavior. 0x3821[2] == 1 is the original state and 0 the horizontal flip enabled. Signed-off-by: Hao Yao <[email protected]> Reviewed-by: Hans de Goede <[email protected]> Tested-by: Hans de Goede <[email protected]> # ThinkPad X1 Carbon Gen 12 & Gen 13 Reviewed-by: Stanislaw Gruszka <[email protected]> Signed-off-by: Sakari Ailus <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit f32fe18efc95ae11153b7f590667042c19ad2054) Signed-off-by: Wentao Guan <[email protected]>
…ayer [ Upstream commit bfbd5aa ] The OmniVision OG01A1B image sensor is a monochrome sensor, it supports 8-bit and 10-bit RAW output formats only. That said the planar greyscale Y8/Y10 media formats are more appropriate for the sensor instead of the originally and arbitrary selected SGRBG one, since there is no red, green or blue color components. Signed-off-by: Vladimir Zapolskiy <[email protected]> Signed-off-by: Sakari Ailus <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 5bde774bbfbf103f42c54a9fb881f87490750303) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 15ef3f5 ] Improve the recovery process for failed resume operations. Log the device's power status and return 0 if both resume and recovery fail to prevent I/O hang. Signed-off-by: Peter Wang <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 8fefca6a12e6f3e4d764fd97418c0a75ca1ddd95) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit faac32d ] Improve the recovery process for hibernation exit failures. Trigger the error handler and break the suspend operation to ensure effective recovery from hibernation errors. Activate the error handling mechanism by ufshcd_force_error_recovery and scheduling the error handler work. Signed-off-by: Peter Wang <[email protected]> Reviewed-by: Bart Van Assche <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 5122665ca5f3963684b1d81b2f8e57c7b703b48c) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit deb105f ] The 88e1510 PHY has an erratum where the phy downshift counter is not cleared after phy being suspended(BMCR_PDOWN set) and then later resumed(BMCR_PDOWN cleared). This can cause the gigabit link to intermittently downshift to a lower speed. Disabling and re-enabling the downshift feature clears the counter, allowing the PHY to retry gigabit link negotiation up to the programmed retry count times before downshifting. This behavior has been observed on copper links. Signed-off-by: Rohan G Thomas <[email protected]> Reviewed-by: Matthew Gerlach <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 30220dda83f82bacac5079a02097fae51b15df92) Signed-off-by: Wentao Guan <[email protected]>
…nges [ Upstream commit f5ca8d0 ] Disable auto-hibern8 during power mode transitions to prevent unintended entry into auto-hibern8. Restore the original auto-hibern8 timer value after completing the power mode change to maintain system stability and prevent potential issues during power state transitions. Signed-off-by: Peter Wang <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit b96d08ce3f7241dac9ae366a40796772daa27942) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 4e8011f ] Since commit af153bb ("vfs: catch invalid modes in may_open()") requires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/ S_IFIFO/S_IFSOCK type, use S_IFREG for $Extend records. Reported-by: syzbot <[email protected]> Closes: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d Signed-off-by: Tetsuo Handa <[email protected]> Signed-off-by: Konstantin Komarov <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 17249b2a65274f73ed68bcd1604e08a60fd8a278) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit ea92854 ] The element data length check did not account for the extra octet used for the extension ID. Fix it. Signed-off-by: Ilan Peer <[email protected]> Signed-off-by: Miri Korenblit <[email protected]> Link: https://patch.msgid.link/20250907115109.8da0012e2286.I8c0c69a0011f7153c13b365b14dfef48cfe7c3e3@changeid Signed-off-by: Johannes Berg <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 9406ec01a077082649f28392936144f962a90c08) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 43bd2c4 ] Enable support for data lane rates between 80-160 Mbps cdns dphy as mentioned in TRM [0] by setting the pll_opdiv field to 16. This change enables lower resolutions like 640x480 at 60Hz. [0]: https://www.ti.com/lit/zip/spruil1 (Table 12-552. DPHY_TX_PLL_CTRL Register Field Descriptions) Reviewed-by: Udit Kumar <[email protected]> Reviewed-by: Devarsh Thakkar <[email protected]> Signed-off-by: Harikrishna Shenoy <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit cf6781d97c6969ed7d836d7492296ed6cf77c656) Signed-off-by: Wentao Guan <[email protected]>
…asheet [ Upstream commit e4a8db9 ] R-Car S4-8 datasheet Rev.1.20 describes some additional register settings at the end of the initialization. Signed-off-by: Michael Dege <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit f0cc4b6c443aa3c773ccc6feba4ab5922b27394e) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 8c7c194 ] The driver for the Rockchip MIPI CSI-2 DPHY uses GRF register offset value 0 to sort out undefined registers. However, the RK3588 CSIDPHY GRF this offset is perfectly fine (in fact, register 0 is the only one in this register file). Introduce a boolean variable to indicate valid registers and allow writes to register 0. Reviewed-by: Neil Armstrong <[email protected]> Signed-off-by: Michael Riesch <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit cedcc490241b1f8859dc8610bb539d3ffaec8233) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 9c02ea5 ] The MAC can't facilitate WoL if the system can't go to sleep. Gate the WoL support callbacks in ethtool at compile time using CONFIG_PM_SLEEP. Signed-off-by: Niklas Söderlund <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Reviewed-by: Geert Uytterhoeven <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit f5781438ba043ecb9fc6d7aa1c30b52f215e49cc) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 15c068c ] fcnal-test.sh already includes lib.sh, use relevant helpers instead of sleeping. Replace sleep after starting nettest as a server with wait_local_port_listen. Reviewed-by: David Ahern <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit d15b3e4107b4ef52fadf0ad8d7d4ee35dd3f5ecf) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit ecba852 ] Change "ret" from u8 to int type in redrat3_enable_detector() to store negative error codes or zero returned by redrat3_send_cmd() and usb_submit_urb() - this better aligns with the coding standards and maintains code consistency. No effect on runtime. Signed-off-by: Qianfeng Rong <[email protected]> Signed-off-by: Sean Young <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 5df7e8bc4d23221f999e365591f986cd73d6dabf) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 47efbac ] Use require_command() so that the test will return SKIP (4) when a required command is not present. Before: # ./traceroute.sh SKIP: Could not run IPV6 test without traceroute6 SKIP: Could not run IPV4 test without traceroute $ echo $? 0 After: # ./traceroute.sh TEST: traceroute6 not installed [SKIP] $ echo $? 4 Reviewed-by: Petr Machata <[email protected]> Reviewed-by: David Ahern <[email protected]> Signed-off-by: Ido Schimmel <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Paolo Abeni <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit b94b57fd7eb9df246de252e1a8f9d2c3c9384c79) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit db99b2f ] tcp reject code won't reply to a tcp reset. But the icmp reject 'netdev' family versions will reply to icmp dst-unreach errors, unlike icmp_send() and icmp6_send() which are used by the inet family implementation (and internally by the REJECT target). Check for the icmp(6) type and do not respond if its an unreachable error. Without this, something like 'ip protocol icmp reject', when used in a netdev chain attached to 'lo', cause a packet loop. Same for two hosts that both use such a rule: each error packet will be replied to. Such situation persist until the (bogus) rule is amended to ratelimit or checks the icmp type before the reject statement. As the inet versions don't do this make the netdev ones follow along. Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 1a6ffaeddf76d397757aa0a76c39cc241634409d) Signed-off-by: Wentao Guan <[email protected]>
…PV_UNHALT [ Upstream commit 9605505 ] The commit b2798ba ("KVM: X86: Choose qspinlock when dedicated physical CPUs are available") states that when PV_DEDICATED=1 (vCPU has dedicated pCPU), qspinlock should be preferred regardless of PV_UNHALT. However, the current implementation doesn't reflect this: when PV_UNHALT=0, we still use virt_spin_lock() even with dedicated pCPUs. This is suboptimal because: 1. Native qspinlocks should outperform virt_spin_lock() for dedicated vCPUs irrespective of HALT exiting 2. virt_spin_lock() should only be preferred when vCPUs may be preempted (non-dedicated case) So reorder the PV spinlock checks to: 1. First handle dedicated pCPU case (disable virt_spin_lock_key) 2. Second check single CPU, and nopvspin configuration 3. Only then check PV_UNHALT support This ensures we always use native qspinlock for dedicated vCPUs, delivering pretty performance gains at high contention levels. Signed-off-by: Li RongQing <[email protected]> Reviewed-by: Sean Christopherson <[email protected]> Tested-by: Wangyang Guo <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sean Christopherson <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 2ddd6bf6b6719defae8ef9caa7ad49c1edabc04d) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 53d5917 ] Constrained test environment; duplicate address detection is not needed and causes races so disable it. Signed-off-by: David Ahern <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit c85be890e05715848d8f87d1f29a82554fe24137) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 43adad3 ] When 8139too is probing and 8139TOO_PIO=y it will call pci_iomap_range() and from there __pci_ioport_map() for the PCI IO space. If HAS_IOPORT_MAP=n and NO_GENERIC_PCI_IOPORT_MAP=n, like it is on my m68k config, __pci_ioport_map() becomes NULL, pci_iomap_range() will always fail and the driver will complain it couldn't map the PIO space and return an error. NO_IOPORT_MAP seems to cover the case where what 8139too is trying to do cannot ever work so make 8139TOO_PIO depend on being it false and avoid creating an unusable driver. Signed-off-by: Daniel Palmer <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 518319c9809717f33c9148d2e5b18638664c624a) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 2f186dd ] Replace the sleep in kill_procs with slowwait. Signed-off-by: David Ahern <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit ee957d6c0886194df0f949383199a8c8d44934cc) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit dc2f650 ] netdev_WARN() uses WARN/WARN_ON to print a backtrace along with file and line information. In this case, udp_tunnel_nic_register() returning an error is just a failed operation, not a kernel bug. udp_tunnel_nic_register() can fail due to a memory allocation failure (kzalloc() or udp_tunnel_nic_alloc()). This is a normal runtime error and not a kernel bug. Replace netdev_WARN() with netdev_warn() accordingly. Signed-off-by: Alok Tiwari <[email protected]> Reviewed-by: Simon Horman <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit c018a87942bf1607aeebf8dba5a210ca9a09a0fd) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit b595974 ] The Asus Z13 folio has a multitouch touchpad that needs to bind to the hid-multitouch driver in order to work properly. So bind it to the HID_GROUP_GENERIC group to release the touchpad and move it to the bottom so that the comment applies to it. While at it, change the generic KEYBOARD3 name to Z13_FOLIO. Reviewed-by: Luke D. Jones <[email protected]> Signed-off-by: Antheas Kapenekakis <[email protected]> Signed-off-by: Jiri Kosina <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 705c5a2f5517fd5b2ad44d7796336cfa99d54496) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit df3c6e0 ] Fix the issue of max_timeout being calculated larger than actual value. The calculation result of freq / (S3C2410_WTCON_PRESCALE_MAX + 1) / S3C2410_WTCON_MAXDIV is smaller than the actual value because the remainder is discarded during the calculation process. This leads to a larger calculated value for max_timeout compared to the actual settable value. To resolve this issue, the order of calculations in the computation process has been adjusted. Reviewed-by: Sam Protsenko <[email protected]> Signed-off-by: Sangwook Shin <[email protected]> Reviewed-by: Guenter Roeck <[email protected]> Signed-off-by: Guenter Roeck <[email protected]> Signed-off-by: Wim Van Sebroeck <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit a3d9de6ac510c198346fd2d33aa0d5d56b989155) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 9a23ea1 ] Using the number of bytes in the request as DMA timeout is really inconsistent, as large requests could possibly set a timeout of hundreds of seconds. Remove the per-channel timeout field and use a single, static DMA timeout of 3 seconds for all requests. Signed-off-by: Ovidiu Panait <[email protected]> Tested-by: Corentin LABBE <[email protected]> Reviewed-by: Corentin LABBE <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 27598de360430e7017add471d512162c27b8f070) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 09fefb2 ] dw_pcie_edma_irq_verify() is supposed to verify the eDMA IRQs in devicetree by fetching them using either 'dma' or 'dmaX' IRQ names. Former is used when the platform uses a single IRQ for all eDMA channels and latter is used when the platform uses separate IRQ per channel. But currently, dw_pcie_edma_irq_verify() bails out early if edma::nr_irqs is 1, i.e., when a single IRQ is used. This gives an impression that the driver could work with any single IRQ in devicetree, not necessarily with name 'dma'. But dw_pcie_edma_irq_vector(), which actually requests the IRQ, does require the single IRQ to be named as 'dma'. So this creates inconsistency between dw_pcie_edma_irq_verify() and dw_pcie_edma_irq_vector(). Thus, to fix this inconsistency, make sure dw_pcie_edma_irq_verify() also verifies the single IRQ name by removing the bail out code. Signed-off-by: Niklas Cassel <[email protected]> [mani: reworded subject and description] Signed-off-by: Manivannan Sadhasivam <[email protected]> [bhelgaas: fix typos] Signed-off-by: Bjorn Helgaas <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 01be9fad74e43c0a211eb95f11f04667d87cda1e) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 9048bec ] during entropy evaluation, if the generated samples fail any statistical test, then, all of the bits will be discarded, and a second set of samples will be generated and tested. the entropy delay interval should be doubled before performing the retry. also, ctrlpriv->rng4_sh_init and inst_handles both reads RNG DRNG status register, but only inst_handles is updated before every retry. so only check inst_handles and removing ctrlpriv->rng4_sh_init Signed-off-by: Gaurav Jain <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 160b03e57e624c8b27a46babafbdfca543bc83bf) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 66048f8 ] During recent testing with the netem qdisc to inject delays into TCP traffic, we observed that our CLS BPF program failed to function correctly due to incorrect classid retrieval from task_get_classid(). The issue manifests in the following call stack: bpf_get_cgroup_classid+5 cls_bpf_classify+507 __tcf_classify+90 tcf_classify+217 __dev_queue_xmit+798 bond_dev_queue_xmit+43 __bond_start_xmit+211 bond_start_xmit+70 dev_hard_start_xmit+142 sch_direct_xmit+161 __qdisc_run+102 <<<<< Issue location __dev_xmit_skb+1015 __dev_queue_xmit+637 neigh_hh_output+159 ip_finish_output2+461 __ip_finish_output+183 ip_finish_output+41 ip_output+120 ip_local_out+94 __ip_queue_xmit+394 ip_queue_xmit+21 __tcp_transmit_skb+2169 tcp_write_xmit+959 __tcp_push_pending_frames+55 tcp_push+264 tcp_sendmsg_locked+661 tcp_sendmsg+45 inet_sendmsg+67 sock_sendmsg+98 sock_write_iter+147 vfs_write+786 ksys_write+181 __x64_sys_write+25 do_syscall_64+56 entry_SYSCALL_64_after_hwframe+100 The problem occurs when multiple tasks share a single qdisc. In such cases, __qdisc_run() may transmit skbs created by different tasks. Consequently, task_get_classid() retrieves an incorrect classid since it references the current task's context rather than the skb's originating task. Given that dev_queue_xmit() always executes with bh disabled, we can use softirq_count() instead to obtain the correct classid. The simple steps to reproduce this issue: 1. Add network delay to the network interface: such as: tc qdisc add dev bond0 root netem delay 1.5ms 2. Build two distinct net_cls cgroups, each with a network-intensive task 3. Initiate parallel TCP streams from both tasks to external servers. Under this specific condition, the issue reliably occurs. The kernel eventually dequeues an SKB that originated from Task-A while executing in the context of Task-B. It is worth noting that it will change the established behavior for a slightly different scenario: <sock S is created by task A> <class ID for task A is changed> <skb is created by sock S xmit and classified> prior to this patch the skb will be classified with the 'new' task A classid, now with the old/original one. The bpf_get_cgroup_classid_curr() function is a more appropriate choice for this case. Signed-off-by: Yafang Shao <[email protected]> Cc: Daniel Borkmann <[email protected]> Cc: Thomas Graf <[email protected]> Cc: Sebastian Andrzej Siewior <[email protected]> Cc: Nikolay Aleksandrov <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 81f9b19af30286a953d3800ea05ccbd9e7a9eff2) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 25ef5b5 ] Enable 160MHz beamformee support on mt7922 by updating HE capability element configuration. Previously, only 160MHz channel width was set, but beamformee for 160MHz was not properly advertised. This patch adds BEAMFORMEE_MAX_STS_ABOVE_80MHZ_4 capability to allow devices to utilize 160MHz BW for beamforming. Tested by connecting to 160MHz-bandwidth beamforming AP and verified HE capability. Signed-off-by: Quan Zhou <[email protected]> Link: https://patch.msgid.link/ae637afaffed387018fdc43709470ef65898ff0b.1756383627.git.quan.zhou@mediatek.com Signed-off-by: Felix Fietkau <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit bf0b265fcb95119bd726a4062ef2dd42a2cc63af) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit ecb9a84 ] BUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline] BUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline] BUG: KASAN: slab-use-after-free in sco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107 Write of size 8 at addr ffff88811cb96b50 by task kworker/u17:4/352 CPU: 1 UID: 0 PID: 352 Comm: kworker/u17:4 Not tainted 6.17.0-rc5-g717368f83676 #4 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: hci13 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x10b/0x170 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x191/0x550 mm/kasan/report.c:482 kasan_report+0xc4/0x100 mm/kasan/report.c:595 sco_conn_free net/bluetooth/sco.c:87 [inline] kref_put include/linux/kref.h:65 [inline] sco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107 sco_connect_cfm+0xb4/0xae0 net/bluetooth/sco.c:1441 hci_connect_cfm include/net/bluetooth/hci_core.h:2082 [inline] hci_conn_failed+0x20a/0x2e0 net/bluetooth/hci_conn.c:1313 hci_conn_unlink+0x55f/0x810 net/bluetooth/hci_conn.c:1121 hci_conn_del+0xb6/0x1110 net/bluetooth/hci_conn.c:1147 hci_abort_conn_sync+0x8c5/0xbb0 net/bluetooth/hci_sync.c:5689 hci_cmd_sync_work+0x281/0x380 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0x77e/0x1040 kernel/workqueue.c:3319 worker_thread+0xbee/0x1200 kernel/workqueue.c:3400 kthread+0x3c7/0x870 kernel/kthread.c:463 ret_from_fork+0x13a/0x1e0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Allocated by task 31370: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x70 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:388 [inline] __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:405 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4382 [inline] __kmalloc_noprof+0x22f/0x390 mm/slub.c:4394 kmalloc_noprof include/linux/slab.h:909 [inline] sk_prot_alloc+0xae/0x220 net/core/sock.c:2239 sk_alloc+0x34/0x5a0 net/core/sock.c:2295 bt_sock_alloc+0x3c/0x330 net/bluetooth/af_bluetooth.c:151 sco_sock_alloc net/bluetooth/sco.c:562 [inline] sco_sock_create+0xc0/0x350 net/bluetooth/sco.c:593 bt_sock_create+0x161/0x3b0 net/bluetooth/af_bluetooth.c:135 __sock_create+0x3ad/0x780 net/socket.c:1589 sock_create net/socket.c:1647 [inline] __sys_socket_create net/socket.c:1684 [inline] __sys_socket+0xd5/0x330 net/socket.c:1731 __do_sys_socket net/socket.c:1745 [inline] __se_sys_socket net/socket.c:1743 [inline] __x64_sys_socket+0x7a/0x90 net/socket.c:1743 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xc7/0x240 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 31374: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x70 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:243 [inline] __kasan_slab_free+0x3d/0x50 mm/kasan/common.c:275 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2428 [inline] slab_free mm/slub.c:4701 [inline] kfree+0x199/0x3b0 mm/slub.c:4900 sk_prot_free net/core/sock.c:2278 [inline] __sk_destruct+0x4aa/0x630 net/core/sock.c:2373 sco_sock_release+0x2ad/0x300 net/bluetooth/sco.c:1333 __sock_release net/socket.c:649 [inline] sock_close+0xb8/0x230 net/socket.c:1439 __fput+0x3d1/0x9e0 fs/file_table.c:468 task_work_run+0x206/0x2a0 kernel/task_work.c:227 get_signal+0x1201/0x1410 kernel/signal.c:2807 arch_do_signal_or_restart+0x34/0x740 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop+0x68/0xc0 kernel/entry/common.c:40 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline] do_syscall_64+0x1dd/0x240 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f Reported-by: cen zhang <[email protected]> Signed-off-by: Luiz Augusto von Dentz <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 03371c0218189b185595b65a04dad60076ca9718) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit ca94b2b ] Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace: <TASK> hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627 tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290 tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f To prevent this, ensure that the HCI_UART_REGISTERED flag is set before processing received data. If the protocol is not registered, return -EUNATCH. Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=4ed6852d4da4606c93da Tested-by: [email protected] Signed-off-by: Ivan Pravdin <[email protected]> Signed-off-by: Luiz Augusto von Dentz <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 799cd62cbcc3f12ee04b33ef390ff7d41c37d671) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 659169c ] The 1824c does not have the A/B switch that the 1810c has, but instead it has a mono main switch that sums the two main output channels to mono. Signed-off-by: Roy Vegard Ovesen <[email protected]> Signed-off-by: Takashi Iwai <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 3a18f8ae062ee24cbbe3bb2c854dc7e6b6e6e562) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 6dfba10 ] For exFAT filesystems with 4MB read_ahead_size, removing the storage device when the read operation is in progress, which cause the last read syscall spent 150s [1]. The main reason is that exFAT generates excessive log messages [2]. After applying this patch, approximately 300,000 lines of log messages were suppressed, and the delay of the last read() syscall was reduced to about 4 seconds. [1]: write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 131072) = 131072 <0.000120> read(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 131072) = 131072 <0.000032> write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 131072) = 131072 <0.000119> read(4, 0x7fccf28ae000, 131072) = -1 EIO (Input/output error) <150.186215> [2]: [ 333.696603] exFAT-fs (vdb): error, failed to access to FAT (entry 0x0000d780, err:-5) [ 333.697378] exFAT-fs (vdb): error, failed to access to FAT (entry 0x0000d780, err:-5) [ 333.698156] exFAT-fs (vdb): error, failed to access to FAT (entry 0x0000d780, err:-5) Signed-off-by: Chi Zhiling <[email protected]> Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit e1806387c7f97af444a835d08d1de7e25b818107) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 38b04ed ] The TTY layer already serializes line discipline operations with tty->ldisc_sem, so the extra disc_data_lock and refcnt in 6pack are unnecessary. Removing them simplifies the code and also resolves a lockdep warning reported by syzbot. The warning did not indicate a real deadlock, since the write-side lock was only taken in process context with hardirqs disabled. Reported-by: [email protected] Closes: https://lore.kernel.org/all/[email protected]/ Signed-off-by: Qingfang Deng <[email protected]> Reviewed-by: Dan Carpenter <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Paolo Abeni <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit 2648c810a25fb7137c9fd474b14209d1175c51e6) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit a1b501a ] page_pool_init() returns E2BIG when the page_pool size goes above 32K pages. As some drivers are configuring the page_pool size according to the MTU and ring size, there are cases where this limit is exceeded and the queue creation fails. The page_pool size doesn't have to cover a full queue, especially for larger ring size. So clamp the size instead of returning an error. Do this in the core to avoid having each driver do the clamping. The current limit was deemed to high [1] so it was reduced to 16K to avoid page waste. [1] https://lore.kernel.org/all/[email protected]/ Signed-off-by: Dragos Tatulea <[email protected]> Reviewed-by: Tariq Toukan <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Paolo Abeni <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit df751755399571e0a87f3ef6725eaba151638a39) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 025e880 ] Willy Tarreau <[email protected]> forwarded me a message from Disclosure <[email protected]> with the following warning: > The helper `xattr_key()` uses the pointer variable in the loop condition > rather than dereferencing it. As `key` is incremented, it remains non-NULL > (until it runs into unmapped memory), so the loop does not terminate on > valid C strings and will walk memory indefinitely, consuming CPU or hanging > the thread. I easily reproduced this with setfattr and getfattr, causing a kernel oops, hung user processes and corrupted orangefs files. Disclosure sent along a diff (not a patch) with a suggested fix, which I based this patch on. After xattr_key started working right, xfstest generic/069 exposed an xattr related memory leak that lead to OOM. xattr_key returns a hashed key. When adding xattrs to the orangefs xattr cache, orangefs used hash_add, a kernel hashing macro. hash_add also hashes the key using hash_log which resulted in additions to the xattr cache going to the wrong hash bucket. generic/069 tortures a single file and orangefs does a getattr for the xattr "security.capability" every time. Orangefs negative caches on xattrs which includes a kmalloc. Since adds to the xattr cache were going to the wrong bucket, every getattr for "security.capability" resulted in another kmalloc, none of which were ever freed. I changed the two uses of hash_add to hlist_add_head instead and the memory leak ceased and generic/069 quit throwing furniture. Signed-off-by: Mike Marshall <[email protected]> Reported-by: Stanislav Fort of Aisle Research <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit e09a096104fc65859422817fb2211f35855983fe) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 4099b98 ] A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsyms_lookup can spend too much time in RCU critical section and with disabled preemption, causing kernel panic. This is the same issue that was fixed in commit d0b24b4 ("ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY kernels") and commit 42ea22e ("ftrace: Add cond_resched() to ftrace_graph_set_hash()"). Fix it the same way by adding cond_resched() in ftrace_module_enable. Link: https://lore.kernel.org/aMQD9_lxYmphT-up@vova-pc Signed-off-by: Vladimir Riabchun <[email protected]> Signed-off-by: Steven Rostedt (Google) <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit e81e6d6d99b16dae11adbeda5c996317942a940c) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 3677ca6 ] we should use sock_create_kern() if the socket resides in kernel space. Signed-off-by: Namjae Jeon <[email protected]> Signed-off-by: Steve French <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit a024cf4d9f8491d4e799e49ba1385368097c6743) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 00be6f2 ] When io_uring is used in the same task as CIFS, there might be unnecessary reconnects, causing issues in user-space applications like QEMU with a log like: > CIFS: VFS: \\10.10.100.81 Error -512 sending data on socket to server Certain io_uring completions might be added to task_work with notify_method being TWA_SIGNAL and thus TIF_NOTIFY_SIGNAL is set for the task. In __smb_send_rqst(), signals are masked before calling smb_send_kvec(), but the masking does not apply to TIF_NOTIFY_SIGNAL. If sk_stream_wait_memory() is reached via sock_sendmsg() while TIF_NOTIFY_SIGNAL is set, signal_pending(current) will evaluate to true there, and -EINTR will be propagated all the way from sk_stream_wait_memory() to sock_sendmsg() in smb_send_kvec(). Afterwards, __smb_send_rqst() will see that not everything was written and reconnect. Signed-off-by: Fiona Ebner <[email protected]> Signed-off-by: Steve French <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit c3e4a6de0d1f5104577bd1ce453607bc932e41f4) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 88b4cbc ] Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then writes/removes some other security xattr for the file. For example, on Fedora, after booting the kernel with "ima_appraise=fix evm=fix ima_policy=appraise_tcb" and installing rpm-plugin-ima, installing/reinstalling a package will not make good reference IMA signature generated. Instead IMA hash is generated, # getfattr -m - -d -e hex /usr/bin/bash # file: usr/bin/bash security.ima=0x0404... This happens because when setting security.selinux, the IMA_DIGSIG flag that had been set early was cleared. As a result, IMA hash is generated when the file is closed. Similarly, IMA signature can be cleared on file close after removing security xattr like security.evm or setting/removing ACL. Prevent replacing the IMA file signature with a file hash, by preventing the IMA_DIGSIG flag from being reset. Here's a minimal C reproducer which sets security.selinux as the last step which can also replaced by removing security.evm or setting ACL, #include <stdio.h> #include <sys/xattr.h> #include <fcntl.h> #include <unistd.h> #include <string.h> #include <stdlib.h> int main() { const char* file_path = "/usr/sbin/test_binary"; const char* hex_string = "030204d33204490066306402304"; int length = strlen(hex_string); char* ima_attr_value; int fd; fd = open(file_path, O_WRONLY|O_CREAT|O_EXCL, 0644); if (fd == -1) { perror("Error opening file"); return 1; } ima_attr_value = (char*)malloc(length / 2 ); for (int i = 0, j = 0; i < length; i += 2, j++) { sscanf(hex_string + i, "%2hhx", &ima_attr_value[j]); } if (fsetxattr(fd, "security.ima", ima_attr_value, length/2, 0) == -1) { perror("Error setting extended attribute"); close(fd); return 1; } const char* selinux_value= "system_u:object_r:bin_t:s0"; if (fsetxattr(fd, "security.selinux", selinux_value, strlen(selinux_value), 0) == -1) { perror("Error setting extended attribute"); close(fd); return 1; } close(fd); return 0; } Signed-off-by: Coiby Xu <[email protected]> Signed-off-by: Mimi Zohar <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit d2993a7e98eb70c737c6f5365a190e79c72b8407) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 31b636d ] When this was first reported [1], the possibility of having sufficient number of dynamic misc devices was theoretical, in the case of dlm driver. In practice, its userspace never created more than one device. What we know from commit ab76079 ("char: misc: Increase the maximum number of dynamic misc devices to 1048448"), is that the miscdevice interface has been used for allocating more than the single-shot devices it was designed for. And it is not only coresight_tmc, but many other drivers are able to create multiple devices. On systems like the ones described in the above commit, it is certain that the dynamic allocation will allocate certain reserved minor numbers, leading to failures when a later driver tries to claim its reserved number. Instead of excluding the historically statically allocated range from dynamic allocation, restrict the latter to minors above 255. That also removes the need for DYNAMIC_MINORS and the convolution in allocating minor numbers, simplifying the code. Since commit ab76079 ("char: misc: Increase the maximum number of dynamic misc devices to 1048448") has been applied, such range is already possible. And given such devices already need to be dynamically created, there should be no systems where this might become a problem. [1] https://lore.kernel.org/all/[email protected]/ Signed-off-by: Thadeu Lima de Souza Cascardo <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit f1d84a3d6521d977c405d2cbd1551bff1606c33d) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 8d158f4 ] In some cases, it is possible for pble_rsrc->next_fpm_addr to be larger than u32, so remove the u32 cast to avoid unintentional truncation. This fixes the following error that can be observed when registering massive memory regions: [ 447.227494] (NULL ib_device): cqp opcode = 0x1f maj_err_code = 0xffff min_err_code = 0x800c [ 447.227505] (NULL ib_device): [Update PE SDs Cmd Error][op_code=21] status=-5 waiting=1 completion_err=1 maj=0xffff min=0x800c Fixes: e8c4dbc ("RDMA/irdma: Add PBLE resource manager") Signed-off-by: Jacob Moroni <[email protected]> Link: https://patch.msgid.link/[email protected] Acked-by: Tatyana Nikolova <[email protected]> Signed-off-by: Leon Romanovsky <[email protected]> Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit cd7e3bb8e20098630495a072c0a67dd0e5c503a0) Signed-off-by: Wentao Guan <[email protected]>
[ Upstream commit 880245f ] These fields were set but not used anywhere, so remove them. Link: https://patch.msgid.link/r/[email protected] Signed-off-by: Jacob Moroni <[email protected]> Signed-off-by: Jason Gunthorpe <[email protected]> Stable-dep-of: 5575b76 ("RDMA/irdma: Set irdma_cq cq_num field during CQ create") Signed-off-by: Sasha Levin <[email protected]> (cherry picked from commit d559ddd687edd1addbd14d2acc8a1b4a1da4be11) Signed-off-by: Wentao Guan <[email protected]>
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @opsiff, your pull request is larger than the review limit of 150000 diff characters
deepin-ci-robot
requested review from
Avenger-285714,
Ink-Paper,
hello666888999 and
shy129
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| #define insl insl | ||
|
|
||
| static inline void readsb(void __iomem *port, void *buf, unsigned long count) | ||
| static inline void readsb(const volatile void __iomem *port, void *buf, unsigned long count) |
There was a problem hiding this comment.
WARNING: Prefer a maximum 75 chars per line (possible unwrapped commit description?)
| { | ||
| insb((unsigned long __force)port, buf, count); | ||
| } | ||
| #define readsb readsb |
There was a problem hiding this comment.
WARNING: Possible repeated word: 'readsb'
| { | ||
| insw((unsigned long __force)port, buf, count); | ||
| } | ||
| #define readsw readsw |
There was a problem hiding this comment.
WARNING: Possible repeated word: 'readsw'
deepin pr auto review我将对这个diff进行仔细的审查,从语法逻辑、代码质量、性能和安全等方面提出改进意见。
总体来说,这个diff包含了许多有价值的改进,主要集中在错误处理优化、性能提升和安全性增强等方面。建议在提交前:
这些修改大多合理且必要,但建议在合并前进行充分的测试验证。 |
There was a problem hiding this comment.
Pull request overview
This pull request is part 3 of updating the Linux kernel base to version 6.6.117, containing 100 upstream commits. The changes span across multiple subsystems including networking, filesystems, drivers, security, and architecture-specific code. Key improvements include bug fixes for race conditions, memory leaks, and incorrect hardware configurations, as well as enhancements to test infrastructure.
Key Changes
- Test infrastructure improvements: Replaced fixed
sleepcalls with dynamicwait_local_port_listencalls in network tests, and moved command checks to userequire_command()in traceroute tests - Network stack fixes: Added ICMP error reply prevention, fixed IPv6 race condition annotations, and corrected various driver configurations
- Driver updates: Multiple fixes across GPU (AMD/MSM), USB, SCSI, Bluetooth, and PHY drivers
- Filesystem improvements: Fixed race conditions in JFS, NFS delegation recalls, and various other filesystems
- Security enhancements: Corrected IMA xattr flag handling to prevent unintended flag clearing
Reviewed changes
Copilot reviewed 117 out of 117 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tools/testing/selftests/net/traceroute.sh | Moved command existence checks to use require_command() |
| tools/testing/selftests/net/fcnal-test.sh | Replaced sleep calls with wait_local_port_listen() and disabled IPv6 DAD |
| tools/testing/selftests/Makefile | Added INSTALL_DEP_TARGETS to clean target |
| sound/usb/mixer_s1810c.c | Added mono main switch for S1824c device |
| sound/soc/stm/stm32_sai_sub.c | Added context management in set_sysclk callback |
| sound/soc/qcom/sc8280xp.c | Explicitly set S16_LE format in hw_params_fixup |
| sound/soc/codecs/tlv320aic3x.c | Fixed class-D initialization for tlv320aic3007 |
| sound/drivers/serial-generic.c | Removed shared static buffer, made per-instance |
| security/integrity/ima/ima_appraise.c | Fixed IMA_DIGSIG flag handling for non-IMA xattrs |
| net/mac80211/mlme.c | Fixed HE capabilities element size check |
| net/ipv6/udp.c, net/ipv6/raw.c | Added race condition annotations for np->rxpmtu |
| net/ipv6/netfilter/nf_reject_ipv6.c | Don't reply to ICMP error messages |
| net/ipv4/udp_tunnel_nic.c | Changed netdev_WARN to netdev_warn |
| net/ipv4/netfilter/nf_reject_ipv4.c | Don't reply to ICMP error messages |
| net/ethernet/eth.c | Extended device_get_mac_address() to use NVMEM |
| net/core/page_pool.c | Clamped pool size and added GFP_NOWARN for ATOMIC |
| net/bridge/br.c | Install FDB for bridge MAC on VLAN 0 |
| net/bluetooth/sco.c | Fixed UAF on sco_conn_free |
| kernel/trace/ftrace.c | Added cond_resched() to prevent softlockup |
| include/ufs/ufshcd.h | Added ufshcd_force_error_recovery export |
| include/net/cls_cgroup.h | Fixed task_get_classid() during qdisc run |
| fs/smb/server/transport_tcp.c | Used sock_create_kern interface |
| fs/smb/client/transport.c | Avoided reconnects on pending task work |
| fs/orangefs/xattr.c | Fixed buffer overflow in xattr handling |
| fs/open.c | Allowed finish_no_open() with ERR_PTR |
| fs/ntfs3/inode.c | Made $Extend records appear as regular files |
| fs/nfs/nfs4state.c, fs/nfs/nfs4proc.c | Fixed mount hang and delegation recall handling |
| fs/jfs/jfs_txnmgr.c, fs/jfs/inode.c | Fixed waitqueue init and inode mode verification |
| fs/f2fs/extent_cache.c | Fixed infinite loop in __insert_extent_tree |
| fs/ext4/xattr.c, fs/ext4/fast_commit.c | Changed GFP_KERNEL to GFP_NOFS and increased IO priority |
| fs/exfat/fatent.c | Limited log print for IO errors |
| drivers/watchdog/s3c2410_wdt.c | Fixed max_timeout calculation overflow |
| drivers/vfio/vfio_main.c | Return -ENOTTY for unsupported device features |
| drivers/usb/mon/mon_bin.c | Increased BUFF_MAX to 64 MiB |
| drivers/usb/host/xhci-plat.c | Facilitated autosuspend for xhci plat devices |
| drivers/ufs/host/ufs-mediatek.c | Enhanced recovery on resume/hibernation failures |
| drivers/ufs/core/ufshcd.c | Added timestamp support quirk and exported force_error_recovery |
| drivers/scsi/* | Multiple SCSI driver fixes (mpt3sas, lpfc, libfc) |
| drivers/remoteproc/qcom_q6v5.c | Avoided handling handover twice |
| drivers/phy/* | Multiple PHY driver fixes (rockchip, renesas, cadence) |
| drivers/pci/* | Fixed PCI resume and controller issues |
| drivers/net/wireless/* | WiFi driver fixes (ath10k, ath12k, mt76) |
| drivers/net/phy/* | Fixed link parameter clearing and downshift counter |
| drivers/net/ethernet/* | Multiple ethernet driver fixes (r8169, fm10k, macb, etc.) |
| drivers/net/hamradio/6pack.c | Dropped redundant locking and refcounting |
| drivers/media/* | Media driver fixes (ov08x40, og01a1b, redrat3) |
| drivers/iommu/intel/* | Replaced snprintf with scnprintf |
| drivers/infiniband/hw/irdma/* | Removed unused struct fields and fixed SD index |
| drivers/hid/* | Fixed HID i2c touchpad issues and ASUS device support |
| drivers/gpu/drm/* | Multiple GPU driver fixes (AMD, MSM) |
| drivers/crypto/* | Crypto driver fixes (caam, sun8i-ce) |
| drivers/char/misc.c | Fixed dynamic minor allocation and list handling |
| drivers/bluetooth/* | Bluetooth driver fixes (btusb, hci_bcsp) |
| drivers/accel/habanalabs/* | Multiple habanalabs driver fixes |
| arch/x86/kernel/kvm.c | Fixed qspinlock preference for dedicated vCPUs |
| arch/sparc/* | Fixed module relocation and I/O prototypes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
git log --oneline v6.6.117
329..v6.6.117229 | wc100 883 7192
Merged:
ACPICA: Update dsmethod.c to get rid of unused variable warning