Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0.11 2026-06-01T15:54:34+00:00 2026-06-01T15:54:34+00:00 Guo Ren (Alibaba DAMO Academy) guoren@kernel.org 2026-01-25T05:52:12+00:00 urn:sha1:5cbe683ef809e6171c54b5e73ea675693687c8d0 [ Upstream commit db909bd7986c10da074917af3dae83a60fa65093 ] Unlike no4lvl, no5lvl still continues to detect satp, which requires va=pa mapping. When pa=0x800000000000, no5lvl would fail in Sv48 mode due to an illegal VA value of 0x800000000000. So, prevent detecting the satp flow for no5lvl, when vaddr is invalid. Add the is_vaddr_valid() function for checking. Fixes: 26e7aacb83df ("riscv: Allow to downgrade paging mode from the command line") Cc: Alexandre Ghiti <alexghiti@rivosinc.com> Cc: Björn Töpel <bjorn@rivosinc.com> Signed-off-by: Guo Ren (Alibaba DAMO Academy) <guoren@kernel.org> Tested-by: Fangyu Yu <fangyu.yu@linux.alibaba.com> Link: https://patch.msgid.link/20260125055212.433163-1-guoren@kernel.org [pjw@kernel.org: cleaned up commit message] Signed-off-by: Paul Walmsley <pjw@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-06-01T15:54:34+00:00 Michael Neuling mikey@neuling.org 2026-05-01T06:23:20+00:00 urn:sha1:9e020156833f1ad0d425a1e3d85b65639f1c1c50 [ Upstream commit 6ebcbb53fc9bc30843054ed99fd60b8e542628f4 ] compat_riscv_gpr_set() calls cregs_to_regs() unconditionally, even when user_regset_copyin() fails. Since cregs is an uninitialized stack variable, a copyin failure causes uninitialized stack data to be written into the target task's pt_regs, corrupting its register state and potentially leaking kernel stack contents. compat_restore_sigcontext() has the same issue: it calls cregs_to_regs() even when __copy_from_user() fails, leading to the same corruption of the signal-returning task's register state on error. Only call cregs_to_regs() when the user copy succeeds. Fixes: 4608c159594f ("riscv: compat: ptrace: Add compat_arch_ptrace implement") Fixes: 7383ee05314b ("riscv: compat: signal: Add rt_frame implementation") Signed-off-by: Michael Neuling <mikey@neuling.org> Assisted-by: Cursor:claude-4.6-opus-high-thinking Link: https://patch.msgid.link/20260501062320.2339562-1-mikey@neuling.org Signed-off-by: Paul Walmsley <pjw@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-06-01T15:54:34+00:00 Michael Neuling mikey@neuling.org 2026-04-09T09:11:39+00:00 urn:sha1:5ae8378080cd01a26709e856a4174ef59543189c [ Upstream commit 4d2b03699460b8fd5df34408a03a84a1a7ff8aa1 ] The condition checking whether a specific errata needs patching uses logical AND (&&) instead of bitwise AND (&). Since logical AND only checks that both operands are non-zero, this causes all errata patches to be applied whenever any single errata is detected, rather than only applying the matching one. The SiFive errata implementation correctly uses bitwise AND for the same check. Fixes: 0b0ca959d206 ("riscv: errata: Fix the PAUSE Opcode for MIPS P8700") Signed-off-by: Michael Neuling <mikey@neuling.org> Assisted-by: Cursor:claude-4.6-opus-high-thinking Link: https://patch.msgid.link/20260409091143.1348853-2-mikey@neuling.org [pjw@kernel.org: fixed checkpatch warning] Signed-off-by: Paul Walmsley <pjw@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-06-01T15:54:27+00:00 Osama Abdelkader osama.abdelkader@gmail.com 2026-05-14T17:36:41+00:00 urn:sha1:c2e786fb9139f2838ec12906b7b9e40f3aa411ae commit 0e9d0e7a7c78db7aa1c13796c65cfe0aefa54a5b upstream. kvm_riscv_vcpu_pmu_event_info() returned -ENOMEM from the SBI extension handler, which caused kvm_riscv_vcpu_sbi_ecall() to abort KVM_RUN and surface the error to userspace instead of completing the ECALL with a negative SBI error in a0. Use SBI_ERR_FAILURE and the normal retdata path, matching other PMU handlers and kvm_sbi_ext_pmu_handler comment. Fixes: e309fd113b9f ("RISC-V: KVM: Implement get event info function") Cc: stable@vger.kernel.org Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Reviewed-by: Anup Patel <anup@brainfault.org> Link: https://lore.kernel.org/r/20260514173642.41448-2-osama.abdelkader@gmail.com Signed-off-by: Anup Patel <anup@brainfault.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-06-01T15:54:27+00:00 Osama Abdelkader osama.abdelkader@gmail.com 2026-05-14T17:36:40+00:00 urn:sha1:4121b43d595f5c68b60e803647257fa73bab9c76 commit 0835ee26938e15eccd70f7d33da386b6490f9449 upstream. kvm_riscv_vcpu_pmu_snapshot_set_shmem() returned -ENOMEM from the SBI extension handler, which caused kvm_riscv_vcpu_sbi_ecall() to abort KVM_RUN and surface the error to userspace instead of ompleting the ECALL with a negative SBI error in a0. Use SBI_ERR_FAILURE and the normal retdata path, matching other PMU handlers and kvm_sbi_ext_pmu_handler comment. Fixes: c2f41ddbcdd7 ("RISC-V: KVM: Implement SBI PMU Snapshot feature") Cc: stable@vger.kernel.org Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Reviewed-by: Anup Patel <anup@brainfault.org> Link: https://lore.kernel.org/r/20260514173642.41448-1-osama.abdelkader@gmail.com Signed-off-by: Anup Patel <anup@brainfault.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-06-01T15:54:24+00:00 Masami Hiramatsu (Google) mhiramat@kernel.org 2026-04-30T03:28:16+00:00 urn:sha1:d8d66d20cfee4771cb5aaa420bdefc15f96d967e commit a494d3c8d5392bcdff83c2a593df0c160ff9f322 upstream. On real hardware, panic and machine reboot may not flush hardware cache to memory. This means the persistent ring buffer, which relies on a coherent state of memory, may not have its events written to the buffer and they may be lost. Moreover, there may be inconsistency with the counters which are used for validation of the integrity of the persistent ring buffer which may cause all data to be discarded. To avoid this issue, stop recording of the ring buffer on panic and flush the cache of the ring buffer's memory. Fixes: e645535a954a ("tracing: Add option to use memmapped memory for trace boot instance") Cc: stable@vger.kernel.org Cc: Will Deacon <will@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Ian Rogers <irogers@google.com> Link: https://patch.msgid.link/177751969602.2136606.12031934362587643488.stgit@mhiramat.tok.corp.google.com Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-05-23T11:09:07+00:00 Puranjay Mohan puranjay@kernel.org 2026-04-13T19:11:09+00:00 urn:sha1:af0b4175cde4df56f300a360f5489de5422b7f1e [ Upstream commit 46ee1342b887c9387a933397d846ff6c9584322c ] bpf_flush_icache() calls flush_icache_range() to clean the data cache and invalidate the instruction cache for the JITed code region. However, since commit 48a8f78c50bd ("bpf, riscv: use prog pack allocator in the BPF JIT"), this flush is redundant. bpf_jit_binary_pack_finalize() copies the JITed instructions to the ROX region via bpf_arch_text_copy() -> patch_text_nosync(), and patch_text_nosync() already calls flush_icache_range() on the written range. The subsequent bpf_flush_icache() repeats the same cache maintenance on an overlapping range. Remove the redundant bpf_flush_icache() call and its now-unused definition. Fixes: 48a8f78c50bd ("bpf, riscv: use prog pack allocator in the BPF JIT") Acked-by: Song Liu <song@kernel.org> Signed-off-by: Puranjay Mohan <puranjay@kernel.org> Reviewed-by: Pu Lehui <pulehui@huawei.com> Tested-by: Paul Chaignon <paul.chaignon@gmail.com> Link: https://lore.kernel.org/r/20260413191111.3426023-3-puranjay@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-05-23T11:09:00+00:00 Aurelien Jarno aurelien@aurel32.net 2026-03-22T20:25:01+00:00 urn:sha1:4bfea5f06f5901be7c8fa47cd54f45badd50aebb [ Upstream commit c68360c0d636dae71f766b7b296ddfcf2827ccc7 ] The combo PHY on the Banana Pi F3 is used for the USB 3.0 port. The high speed differential lanes are always configured as such, and do not require a pinctrl entry. The existing pinctrl entry only configures PCIe secondary pins, which are unused for USB and instead routed to the MIPI CSI1 connector. Remove this incorrect pinctrl entry. Fixes: 0be016a4b5d1b9 ("riscv: dts: spacemit: PCIe and PHY-related updates") Signed-off-by: Aurelien Jarno <aurelien@aurel32.net> Reviewed-by: Yixun Lan <dlan@kernel.org> Link: https://lore.kernel.org/r/20260322202502.2205755-1-aurelien@aurel32.net Signed-off-by: Yixun Lan <dlan@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-05-23T11:08:57+00:00 Yixun Lan dlan@kernel.org 2026-02-26T08:17:55+00:00 urn:sha1:333d2f08d8c66a5979bf36ece436797bf83fe83f [ Upstream commit 8a9071299dec817a544c0fb48f7302396fafdc4b ] The PCIe port require 3.3v power regulator for device to work properly, So explicitly add it to fix the DT warning: arch/riscv/boot/dts/spacemit/k1-bananapi-f3.dtb: pcie@ca400000 (spacemit,k1-pcie): pcie@0: 'vpcie3v3-supply' is a required property from schema $id: http://devicetree.org/schemas/pci/spacemit,k1-pcie-host.yaml Fixes: 0be016a4b5d1 ("riscv: dts: spacemit: PCIe and PHY-related updates") Reported-by: Conor Dooley <conor@kernel.org> Link: https://lore.kernel.org/r/20260226-k1-pcie-fix-pwr-v1-1-94b493cd27e5@kernel.org Signed-off-by: Yixun Lan <dlan@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-05-14T13:31:14+00:00 Osama Abdelkader osama.abdelkader@gmail.com 2026-03-16T15:16:11+00:00 urn:sha1:1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98 commit b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978 upstream. When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning. Fixes: 0f4b82579716 ("riscv: KVM: Add vector lazy save/restore support") Cc: stable@vger.kernel.org Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com> Reviewed-by: Andy Chiu <andybnac@gmail.com> Link: https://lore.kernel.org/r/20260316151612.13305-1-osama.abdelkader@gmail.com Signed-off-by: Anup Patel <anup@brainfault.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>