Merge tag 'v6.6.83' into for/openbmc/dev-6.6

This is the 6.6.83 stable release

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmfSyLoACgkQONu9yGCS
# aT5ioRAAjc8tbbt

Merge tag 'v6.6.83' into for/openbmc/dev-6.6

This is the 6.6.83 stable release

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmfSyLoACgkQONu9yGCS
# aT5ioRAAjc8tbbt6WfQoHQdy34s+/OUX8H+BTIHuGVbSRqU9xEbKmcaTbaQD266K
# AVcu+FpxwDNF9l1jxeh3XZsyIX5AwrFshA78HVwrz+IXtFcWBajwZ02Hv3EmUEqV
# ZrJksF/B1UcSSeBnAFHk/z3OLhqPgucmAKhlJRSvZf+Ps79+J405aG7/TUt5nVPE
# klQhqh35LWlCOZujKGwgOlJXsWwZdEA3rn87JBQxfTWJGQlMUY7+HP2dOLBu1cdZ
# zi72mkxw9Z6oA1IJl4DhVEsx/EH5P+tVGgiLN5yoJw5+NwB5XdXZ2TH5fZfcEtK4
# PEFs735w4VB8gbhVsDsnI23dSBNwbcwYFJgEIWHd+ZmfwNRSW4W0LPgFaKp79i3M
# CDoi0HZ8v0P9p5ZO+11oCAVfndxtVZlVSAm/lrTS0yEan7jiPcfN173hNfCMWAxj
# TR+O5IT9FbfYeVcnYUE9LdQZf5tx0GakvylGBfPWuwG0oCEQi5C9zSus7+pDSyrG
# rCNjnrhvS1shZrijV4xBaRFfqNv1kWl5k9jZCrq2EiWi1hyL+uiRKvUhhroiE4BF
# OA/2hllJSqzvW0hLcxd9YqbxwlQJ8h+hox4TyCyvA1pjnbtCIAOQ5pxfY4EVcmD9
# oG2B+JGHxQJmSXArRW7KctcAu/h7ciTsC7yej1fXbzBOxeadO/A=
# =3QPz
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 13 Mar 2025 22:29:54 ACDT
# gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
# gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [marginal]
# gpg: gregkh@kernel.org: Verified 12 signatures in the past 7 weeks. Encrypted
# 0 messages.
# gpg: Warning: you have yet to encrypt a message to this key!
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E

show more ...

ksmbd: fix out-of-bounds in parse_sec_desc()

commit d6e13e19063db24f94b690159d0633aaf72a0f03 upstream.

If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd
struct size. If it is

ksmbd: fix out-of-bounds in parse_sec_desc()

commit d6e13e19063db24f94b690159d0633aaf72a0f03 upstream.

If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd
struct size. If it is smaller, It could cause slab-out-of-bounds.
And when validating sid, It need to check it included subauth array size.

Cc: stable@vger.kernel.org
Reported-by: Norbert Szetei <norbert@doyensec.com>
Tested-by: Norbert Szetei <norbert@doyensec.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

show more ...

Merge tag 'v6.6.13' into dev-6.6

This is the 6.6.13 stable release

ksmbd: free ppace array on error in parse_dacl

commit 8cf9bedfc3c47d24bb0de386f808f925dc52863e upstream.

The ppace array is not freed if one of the init_acl_state() calls inside
parse_dacl() fails.

ksmbd: free ppace array on error in parse_dacl

commit 8cf9bedfc3c47d24bb0de386f808f925dc52863e upstream.

The ppace array is not freed if one of the init_acl_state() calls inside
parse_dacl() fails. At the moment the function may fail only due to the
memory allocation errors so it's highly unlikely in this case but
nevertheless a fix is needed.

Move ppace allocation after the init_acl_state() calls with proper error
handling.

Found by Linux Verification Center (linuxtesting.org).

Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

show more ...

Merge tag 'v6.6.6' into dev-6.6

This is the 6.6.6 stable release

Signed-off-by: Joel Stanley <joel@jms.id.au>

ksmbd: fix possible deadlock in smb2_open

commit 864fb5d3716303a045c3ffb397f651bfd37bfb36 upstream.

[ 8743.393379] ======================================================
[ 8743.393385] WARNING: pos

ksmbd: fix possible deadlock in smb2_open

commit 864fb5d3716303a045c3ffb397f651bfd37bfb36 upstream.

[ 8743.393379] ======================================================
[ 8743.393385] WARNING: possible circular locking dependency detected
[ 8743.393391] 6.4.0-rc1+ #11 Tainted: G OE
[ 8743.393397] ------------------------------------------------------
[ 8743.393402] kworker/0:2/12921 is trying to acquire lock:
[ 8743.393408] ffff888127a14460 (sb_writers#8){.+.+}-{0:0}, at: ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
[ 8743.393510]
but task is already holding lock:
[ 8743.393515] ffff8880360d97f0 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: ksmbd_vfs_kern_path_locked+0x181/0x670 [ksmbd]
[ 8743.393618]
which lock already depends on the new lock.

[ 8743.393623]
the existing dependency chain (in reverse order) is:
[ 8743.393628]
-> #1 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}:
[ 8743.393648] down_write_nested+0x9a/0x1b0
[ 8743.393660] filename_create+0x128/0x270
[ 8743.393670] do_mkdirat+0xab/0x1f0
[ 8743.393680] __x64_sys_mkdir+0x47/0x60
[ 8743.393690] do_syscall_64+0x5d/0x90
[ 8743.393701] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 8743.393711]
-> #0 (sb_writers#8){.+.+}-{0:0}:
[ 8743.393728] __lock_acquire+0x2201/0x3b80
[ 8743.393737] lock_acquire+0x18f/0x440
[ 8743.393746] mnt_want_write+0x5f/0x240
[ 8743.393755] ksmbd_vfs_setxattr+0x3d/0xd0 [ksmbd]
[ 8743.393839] ksmbd_vfs_set_dos_attrib_xattr+0xcc/0x110 [ksmbd]
[ 8743.393924] compat_ksmbd_vfs_set_dos_attrib_xattr+0x39/0x50 [ksmbd]
[ 8743.394010] smb2_open+0x3432/0x3cc0 [ksmbd]
[ 8743.394099] handle_ksmbd_work+0x2c9/0x7b0 [ksmbd]
[ 8743.394187] process_one_work+0x65a/0xb30
[ 8743.394198] worker_thread+0x2cf/0x700
[ 8743.394209] kthread+0x1ad/0x1f0
[ 8743.394218] ret_from_fork+0x29/0x50

This patch add mnt_want_write() above parent inode lock and remove
nested mnt_want_write calls in smb2_open().

Fixes: 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions")
Cc: stable@vger.kernel.org
Reported-by: Marios Makassikis <mmakassikis@freebox.fr>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

show more ...

ksmbd: fix slab out of bounds write in smb_inherit_dacl()

commit eebff19acaa35820cb09ce2ccb3d21bee2156ffb upstream.

slab out-of-bounds write is caused by that offsets is bigger than pntsd
allocatio

ksmbd: fix slab out of bounds write in smb_inherit_dacl()

commit eebff19acaa35820cb09ce2ccb3d21bee2156ffb upstream.

slab out-of-bounds write is caused by that offsets is bigger than pntsd
allocation size. This patch add the check to validate 3 offsets using
allocation size.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22271
Cc: stable@vger.kernel.org
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

show more ...

Merge tag 'kvm-riscv-fixes-6.6-1' of https://github.com/kvm-riscv/linux into HEAD

KVM/riscv fixes for 6.6, take #1

- Fix KVM_GET_REG_LIST API for ISA_EXT registers
- Fix reading ISA_EXT register of

Merge tag 'kvm-riscv-fixes-6.6-1' of https://github.com/kvm-riscv/linux into HEAD

KVM/riscv fixes for 6.6, take #1

- Fix KVM_GET_REG_LIST API for ISA_EXT registers
- Fix reading ISA_EXT register of a missing extension
- Fix ISA_EXT register handling in get-reg-list test
- Fix filtering of AIA registers in get-reg-list test

show more ...

Merge tag '6.6-rc1-ksmbd' of git://git.samba.org/ksmbd

Pull smb server fixes from Steve French:
"Two ksmbd server fixes"

* tag '6.6-rc1-ksmbd' of git://git.samba.org/ksmbd:
ksmbd: fix passing fr

Merge tag '6.6-rc1-ksmbd' of git://git.samba.org/ksmbd

Pull smb server fixes from Steve French:
"Two ksmbd server fixes"

* tag '6.6-rc1-ksmbd' of git://git.samba.org/ksmbd:
ksmbd: fix passing freed memory 'aux_payload_buf'
ksmbd: remove unneeded mark_inode_dirty in set_info_sec()

show more ...

ksmbd: remove unneeded mark_inode_dirty in set_info_sec()

mark_inode_dirty will be called in notify_change().
This patch remove unneeded mark_inode_dirty in set_info_sec().

Signed-off-by: Namjae Je

ksmbd: remove unneeded mark_inode_dirty in set_info_sec()

mark_inode_dirty will be called in notify_change().
This patch remove unneeded mark_inode_dirty in set_info_sec().

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

Merge branch 'next' into for-linus

Prepare input updates for 6.6 merge window.

Merge drm/drm-next into drm-intel-next

Catching-up with drm-next and drm-intel-gt-next.
It will unblock a code refactor around the platform
definitions (names vs acronyms).

Signed-off-by: Rodrigo V

Merge drm/drm-next into drm-intel-next

Catching-up with drm-next and drm-intel-gt-next.
It will unblock a code refactor around the platform
definitions (names vs acronyms).

Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

show more ...

Merge drm/drm-next into drm-intel-gt-next

Need to pull in b3e4aae612ec ("drm/i915/hdcp: Modify hdcp_gsc_message msg sending mechanism") as
a dependency for https://patchwork.freedesktop.org/series/1

Merge drm/drm-next into drm-intel-gt-next

Need to pull in b3e4aae612ec ("drm/i915/hdcp: Modify hdcp_gsc_message msg sending mechanism") as
a dependency for https://patchwork.freedesktop.org/series/121735/

Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>

show more ...

Merge drm/drm-next into drm-misc-next

Backmerging to get v6.5-rc2.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>

Merge tag 'v6.4' into next

Sync up with mainline to bring in updates to shared infrastructure.

ASoC: Merge v6.5-rc2

Get a similar baseline to my other branches, and fixes for people using
the branch.

Merge v6.5-rc1 into drm-misc-fixes

Boris needs 6.5-rc1 in drm-misc-fixes to prevent a conflict.

Signed-off-by: Maxime Ripard <mripard@kernel.org>

Merge branch 'master' into mm-hotfixes-stable

Merge tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd

Pull ksmbd server updates from Steve French:

- two fixes for compounding bugs (make sure no out of bound reads with
less

Merge tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd

Pull ksmbd server updates from Steve French:

- two fixes for compounding bugs (make sure no out of bound reads with
less common combinations of commands in the compound)

- eight minor cleanup patches (e.g. simplifying return values, replace
one element array, use of kzalloc where simpler)

- fix for clang warning on possible overflow in filename conversion

* tag '6.5-rc-ksmbd-server-fixes-part1' of git://git.samba.org/ksmbd:
ksmbd: avoid field overflow warning
ksmbd: Replace one-element array with flexible-array member
ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()
ksmbd: add missing compound request handing in some commands
ksmbd: fix out of bounds read in smb2_sess_setup
ksmbd: Replace the ternary conditional operator with min()
ksmbd: use kvzalloc instead of kvmalloc
ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void
ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()
ksmbd: use kzalloc() instead of __GFP_ZERO
ksmbd: remove unused ksmbd_tree_conn_share function

show more ...

Merge branch 'master' into mm-hotfixes-stable

Merge branch 'for-6.5/apple' into for-linus

- improved support for Keychron K8 keyboard (Lasse Brun)

Merge tag 'v6.4' into rdma.git for-next

Linux 6.4

Resolve conflicts between rdma rc and next in rxe_cq matching linux-next:

drivers/infiniband/sw/rxe/rxe_cq.c:
https://lore.kernel.org/r/20230622

Merge tag 'v6.4' into rdma.git for-next

Linux 6.4

Resolve conflicts between rdma rc and next in rxe_cq matching linux-next:

drivers/infiniband/sw/rxe/rxe_cq.c:
https://lore.kernel.org/r/20230622115246.365d30ad@canb.auug.org.au

Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

show more ...

Merge tag 'irqchip-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core

Pull irqchip updates from Marc Zyngier:

- A number of Loogson/Loogarch fixes

- Allow th

Merge tag 'irqchip-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/core

Pull irqchip updates from Marc Zyngier:

- A number of Loogson/Loogarch fixes

- Allow the core code to retrigger an interrupt that has
fired while the same interrupt is being handled on another
CPU, papering over a GICv3 architecture issue

- Work around an integration problem on ASR8601, where the CPU
numbering isn't representable in the GIC implementation...

- Add some missing interrupt to the STM32 irqchip

- A bunch of warning squashing triggered by W=1 builds

Link: https://lore.kernel.org/r/20230623224345.3577134-1-maz@kernel.org

show more ...

ksmbd: Replace the ternary conditional operator with min()

It would be better to replace the traditional ternary conditional
operator with min() in compare_sids.

Signed-off-by: Lu Hongfei <luhongfe

ksmbd: Replace the ternary conditional operator with min()

It would be better to replace the traditional ternary conditional
operator with min() in compare_sids.

Signed-off-by: Lu Hongfei <luhongfei@vivo.com>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

show more ...

Add Renesas PMIC RAA215300 and built-in RTC

Merge series from Biju Das <biju.das.jz@bp.renesas.com>:

This patch series aims to add support for Renesas PMIC RAA215300 and
built-in RTC found on this

Add Renesas PMIC RAA215300 and built-in RTC

Merge series from Biju Das <biju.das.jz@bp.renesas.com>:

This patch series aims to add support for Renesas PMIC RAA215300 and
built-in RTC found on this PMIC device.

The details of PMIC can be found here[1].

Renesas PMIC RAA215300 exposes two separate i2c devices, one for the main
device and another for rtc device.

show more ...