summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
13 hoursMerge tag 'rust-fixes-6.17-2' of ↵HEADmasterLinus Torvalds3-7/+23
git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux Pull rust fixes from Miguel Ojeda: - Two changes to prepare for the future Rust 1.91.0 release (expected 2025-10-30, currently in nightly): a target specification format change and a renamed, soon-to-be-stabilized 'core' function. * tag 'rust-fixes-6.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux: rust: support Rust >= 1.91.0 target spec rust: use the new name Location::file_as_c_str() in Rust >= 1.91.0
35 hoursMerge tag 'perf-tools-fixes-for-v6.17-2025-09-05' of ↵Linus Torvalds5-40/+76
git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools Pull perf tools fixes from Namhyung Kim: "Fixes for use-after-free that resulted in segfaults after merging the bpf tree. Also a couple of build and test fixes" * tag 'perf-tools-fixes-for-v6.17-2025-09-05' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools: perf symbol-elf: Add support for the block argument for libbfd perf test: Checking BPF metadata collection fails on version string perf tests: Fix "PE file support" test build perf bpf-utils: Harden get_bpf_prog_info_linear perf bpf-utils: Constify bpil_array_desc perf bpf-event: Fix use-after-free in synthesis
36 hoursMerge tag 'scsi-fixes' of ↵Linus Torvalds2-10/+16
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Obvious driver patch plus update to sr to add back rotational media flag since CDROMS are rotational" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: sr: Reinstate rotational media flag scsi: lpfc: Fix buffer free/clear order in deferred receive path
36 hoursMerge tag 'spi-fix-v6.17-rc3' of ↵Linus Torvalds5-33/+70
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "The largest batch of fixes here is a series of fixes for the Freescale LPSPI driver which James Clark pulled out of their BSP while looking at support for the NXP S32G version of the controller. The majority of this turned out to be bug fixes that affect existing systems with the actual S32G support being just a small quirk that would be unremarkable by itself, the whole series has had a good amount of testing and review and the individual patches are all pretty straightforward by themselves. We also have a few other driver specific fixes, including a relatively large but simple one for the Cadence QuadSPI driver" * tag 'spi-fix-v6.17-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove spi: cadence-quadspi: Implement refcount to handle unbind during busy spi: spi-fsl-lpspi: Add compatible for S32G spi: spi-fsl-lpspi: Parameterize reading num-cs from hardware spi: spi-fsl-lpspi: Treat prescale_max == 0 as no erratum spi: spi-fsl-lpspi: Constify devtype datas dt-bindings: lpspi: Document support for S32G spi: spi-fsl-lpspi: Clear status register after disabling the module spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort spi: spi-fsl-lpspi: Set correct chip-select polarity bit spi: spi-fsl-lpspi: Fix transmissions when using CONT spi: microchip-core-qspi: stop checking viability of op->max_freq in supports_op callback
37 hoursMerge tag 'arm64-fixes' of ↵Linus Torvalds7-5/+42
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Incorrect __BITS_PER_LONG as 64 when compiling the compat vDSO - Unreachable PLT for ftrace_caller() in a module's .init.text following past reworking of the module VA range selection - Memory leak in the ACPI iort_rmr_alloc_sids() after a failed krealloc_array() * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() arm64: uapi: Provide correct __BITS_PER_LONG for the compat vDSO
37 hoursMerge tag 'audit-pr-20250905' of ↵Linus Torvalds1-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit fix from Paul Moore: "A single small audit patch to fix a potential out-of-bounds read caused by a negative array index when comparing paths" * tag 'audit-pr-20250905' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: fix out-of-bounds read in audit_compare_dname_path()
39 hoursMerge tag '6.17-RC4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6Linus Torvalds7-19/+96
Pull smb client fixes from Steve French: - Fix two potential NULL pointer references - Two debugging improvements (to help debug recent issues) a new tracepoint, and minor improvement to DebugData - Trivial comment cleanup * tag '6.17-RC4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: cifs: prevent NULL pointer dereference in UTF16 conversion smb: client: show negotiated cipher in DebugData smb: client: add new tracepoint to trace lease break notification smb: client: fix spellings in comments smb: client: Fix NULL pointer dereference in cifs_debug_dirs_proc_show()
39 hoursMerge tag 'hwmon-for-v6.17-rc5' of ↵Linus Torvalds2-7/+7
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - ina238: Various value range fixes when writing limit attributes - mlxreg-fan: Prevent fans from getting stuck at 0 RPM * tag 'hwmon-for-v6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (ina238) Correctly clamp power limits hwmon: (ina238) Correctly clamp shunt voltage limit hwmon: (ina238) Correctly clamp temperature hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM
39 hoursMerge tag 'gpio-fixes-for-v6.17-rc5' of ↵Linus Torvalds2-4/+4
git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux Pull gpio fixes from Bartosz Golaszewski: - fix GPIO submenu regression in Kconfig - fix make clean under tools/gpio/ * tag 'gpio-fixes-for-v6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: tools: gpio: remove the include directory on make clean gpio: fix GPIO submenu in Kconfig
39 hoursMerge tag 'platform-drivers-x86-v6.17-3' of ↵Linus Torvalds9-72/+74
git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 Pull x86 platform driver fixes from Ilpo Järvinen: - acer-wmi: Stop using ACPI bitmap for platform profile choices - amd/hfi: Fix pcct_tbl leak - amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks - asus-wmi: - Fix registration races - Fix ROG button mapping, tablet mode on ASUS ROG Z13 - Support more keys on ExpertBook B9 - hp-wmi: Add support for Fn+P hotkey - intel/pmc: Add Bartlett Lake support - intel/power-domains: Use topology_logical_package_id() for package ID * tag 'platform-drivers-x86-v6.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86: platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID platform/x86: acer-wmi: Stop using ACPI bitmap for platform profile choices platform/x86: hp-wmi: Add support for Fn+P hotkey platform/x86/intel/pmc: Add Bartlett Lake support to intel_pmc_core platform/x86: asus-wmi: Fix racy registrations platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list platform/x86: asus-wmi: map more keys on ExpertBook B9 platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk platform/x86/amd: hfi: Fix pcct_tbl leak in amd_hfi_metadata_parser()
40 hoursMerge tag 'block-6.17-20250905' of git://git.kernel.dk/linuxLinus Torvalds3-8/+17
Pull block fixes from Jens Axboe: - NVMe pull request via Keith - Fix protection information ref tag for device side gen/strip (Christoph) - MD pull request via Yu - fix data loss for writemostly in raid1 (Yu Kuai) - fix potentional data loss by skipping recovery (Li Nan) * tag 'block-6.17-20250905' of git://git.kernel.dk/linux: md: prevent incorrect update of resync/recovery offset md/raid1: fix data lost for writemostly rdev nvme: fix PI insert on write
41 hoursarm64: ftrace: fix unreachable PLT for ftrace_caller in init_module with ↵panfan5-4/+34
CONFIG_DYNAMIC_FTRACE On arm64, it has been possible for a module's sections to be placed more than 128M away from each other since commit: commit 3e35d303ab7d ("arm64: module: rework module VA range selection") Due to this, an ftrace callsite in a module's .init.text section can be out of branch range for the module's ftrace PLT entry (in the module's .text section). Any attempt to enable tracing of that callsite will result in a BRK being patched into the callsite, resulting in a fatal exception when the callsite is later executed. Fix this by adding an additional trampoline for .init.text, which will be within range. No additional trampolines are necessary due to the way a given module's executable sections are packed together. Any executable section beginning with ".init" will be placed in MOD_INIT_TEXT, and any other executable section, including those beginning with ".exit", will be placed in MOD_TEXT. Fixes: 3e35d303ab7d ("arm64: module: rework module VA range selection") Cc: <stable@vger.kernel.org> # 6.5.x Signed-off-by: panfan <panfan@qti.qualcomm.com> Acked-by: Mark Rutland <mark.rutland@arm.com> Link: https://lore.kernel.org/r/20250905032236.3220885-1-panfan@qti.qualcomm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
41 hoursMerge tag 'drm-fixes-2025-09-05' of https://gitlab.freedesktop.org/drm/kernelLinus Torvalds29-48/+234
Pull drm fixes from Dave Airlie: "Weekly drm fixes roundup, nouveau has two fixes for fence/irq racing problems that should fix a bunch of instability in userspace. Otherwise amdgpu along with some single fixes to bridge, xe, ivpu. Looks about usual for this time in the release. scheduler: - fix race in unschedulable tracepoint bridge: - ti-sn65dsi86: fix REFCLK setting xe: - Fix incorrect migration of backed-up object to VRAM amdgpu: - UserQ fixes - MES 11 fix - eDP/LVDS fix - Fix non-DC audio clean up - Fix duplicate cursor issue - Fix error path in PSP init nouveau: - fix nonstall interrupt handling - fix race on fence vs irq emission - update MAINTAINERS entry ivpu: - prevent recovery work during device remove" * tag 'drm-fixes-2025-09-05' of https://gitlab.freedesktop.org/drm/kernel: drm/amd/amdgpu: Fix missing error return on kzalloc failure drm/bridge: ti-sn65dsi86: fix REFCLK setting MAINTAINERS: Update git entry for nouveau drm/xe: Fix incorrect migration of backed-up object to VRAM drm/sched: Fix racy access to drm_sched_entity.dependency accel/ivpu: Prevent recovery work from being queued during device removal nouveau: Membar before between semaphore writes and the interrupt nouveau: fix disabling the nonstall irq due to storm code drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG drm/amdgpu: drop hw access in non-DC audio fini drm/amd: Re-enable common modes for eDP and LVDS drm/amdgpu/mes11: make MES_MISC_OP_CHANGE_CONFIG failure non-fatal drm/amdgpu/sdma: bump firmware version checks for user queue support
42 hoursMerge tag 'libcrypto-fixes-for-linus' of ↵Linus Torvalds3-0/+181
git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux Pull crypto library fixes from Eric Biggers: "Fix a regression caused by my commits that reimplemented the sha1, sha256, and sha512 crypto_shash algorithms on top of the library API. Specifically, the export_core and import_core methods stopped being supported, which broke some hardware offload drivers (such as qat) that recently started depending on these for fallback functionality. Later I'd like to make these drivers just use the library API for their fallback. Then these methods won't be needed anymore. But for now, this fixes the regression for 6.17" * tag 'libcrypto-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux: crypto: sha512 - Implement export_core() and import_core() crypto: sha256 - Implement export_core() and import_core() crypto: sha1 - Implement export_core() and import_core()
42 hoursMerge tag 'pcmcia-6.18' of ↵Linus Torvalds10-202/+17
git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux Pull PCMCIA fixes and cleanups from Dominik Brodowski: "A number of minor PCMCIA bugfixes and cleanups, including the removal of unused code paths" [ Dominik suggested this might be 6.18 material, but having looked through this, it looks appropriate early: minor trivial fixes and then one slightly bigger patch that removes dead code - Linus ] * tag 'pcmcia-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux: pcmcia: Add error handling for add_interval() in do_validate_mem() pcmcia: cs: Remove unused pcmcia_get_socket_by_nr pcmcia: omap: Add missing check for platform_get_resource pcmcia: Use str_off_on() and str_yes_no() helpers pcmcia: remove PCCARD_IODYN pcmcia: ds: Emphasize "really" epizeuxis pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
46 hoursMerge tag 'md-6.17-20250905' of ↵Jens Axboe2-1/+6
https://git.kernel.org/pub/scm/linux/kernel/git/mdraid/linux into block-6.17 Pull MD fixes from Yu: "- fix data loss for writemostly in raid1, by Yu Kuai; - fix potentional data lost by skipping recovery, by Li Nan;" * tag 'md-6.17-20250905' of https://git.kernel.org/pub/scm/linux/kernel/git/mdraid/linux: md: prevent incorrect update of resync/recovery offset md/raid1: fix data lost for writemostly rdev
2 daysperf symbol-elf: Add support for the block argument for libbfdIan Rogers1-3/+7
James Clark caught that the BUILD_NONDISTRO=1 build with libbfd was broken due to an update to the read_build_id function adding a blocking argument. Add support for this argument by first opening the file blocking or non-blocking, then switching from bfd_openr to bfd_fdopenr and passing the opened fd. bfd_fdopenr closes the fd on error and when bfd_close are called. Reported-by: James Clark <james.clark@linaro.org> Closes: https://lore.kernel.org/lkml/20250903-james-perf-read-build-id-fix-v1-2-6a694d0a980f@linaro.org/ Fixes: 2c369d91d093 ("perf symbol: Add blocking argument to filename__read_build_id") Signed-off-by: Ian Rogers <irogers@google.com> Reviewed-by: James Clark <james.clark@linaro.org> Link: https://lore.kernel.org/r/20250904161731.1193729-1-irogers@google.com Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2 daysperf test: Checking BPF metadata collection fails on version stringThomas Richter1-1/+1
commit edf2cadf01e8f ("perf test: add test for BPF metadata collection") fails consistently on the version string check. The perf version string on some of the constant integration test machines contains characters with special meaning in grep's extended regular expression matching algorithm. The output of perf version is: # perf version perf version 6.17.0-20250814.rc1.git20.24ea63ea3877.63.fc42.s390x+git # and the '+' character has special meaning in egrep command. Also the use of egrep is deprecated. Change the perf version string check to fixed character matching and get rid of egrep's warning being deprecated. Use grep -F instead. Output before: # perf test -F 102 Checking BPF metadata collection egrep: warning: egrep is obsolescent; using grep -E Basic BPF metadata test [Failed invalid output] 102: BPF metadata collection test : FAILED! # Output after: # perf test -F 102 Checking BPF metadata collection Basic BPF metadata test [Success] 102: BPF metadata collection test : Ok # Fixes: edf2cadf01e8f ("perf test: add test for BPF metadata collection") Signed-off-by: Thomas Richter <tmricht@linux.ibm.com> Reviewed-by: Ian Rogers <irogers@google.com> Reviewed-by: Arnaldo Carvalho de Melo <acme@redhat.com> Acked-by: Sumanth Korikkar <sumanthk@linux.ibm.com> Cc: Blake Jones <blakejones@google.com> Link: https://lore.kernel.org/r/20250822122540.4104658-1-tmricht@linux.ibm.com Signed-off-by: Namhyung Kim <namhyung@kernel.org>
2 daysMerge tag 'nvme-6.17-2025-09-04' of git://git.infradead.org/nvme into block-6.17Jens Axboe1-7/+11
Pull NVMe fix from Keith: "nvme fixes for 6.17 - Fix protection information ref tag for device side gen/strip (Christoph)" * tag 'nvme-6.17-2025-09-04' of git://git.infradead.org/nvme: nvme: fix PI insert on write
2 daysMerge tag 'amd-drm-fixes-6.17-2025-09-03' of ↵Dave Airlie15-28/+98
https://gitlab.freedesktop.org/agd5f/linux into drm-fixes amd-drm-fixes-6.17-2025-09-03: amdgpu: - UserQ fixes - MES 11 fix - eDP/LVDS fix - Fix non-DC audio clean up - Fix duplicate cursor issue - Fix error path in PSP init Signed-off-by: Dave Airlie <airlied@redhat.com> From: Alex Deucher <alexander.deucher@amd.com> Link: https://lore.kernel.org/r/20250903221656.251254-1-alexander.deucher@amd.com
3 daysMerge tag 'net-6.17-rc5' of ↵Linus Torvalds105-491/+3116
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from Jakub Kicinski: "Including fixes from netfilter, wireless and Bluetooth. We're reverting the removal of a Sundance driver, a user has appeared. This makes the PR rather large in terms of LoC. There's a conspicuous absence of real, user-reported 6.17 issues. Slightly worried that the summer distracted people from testing. Previous releases - regressions: - ax25: properly unshare skbs in ax25_kiss_rcv() Previous releases - always broken: - phylink: disable autoneg for interfaces that have no inband, fix regression on pcs-lynx (NXP LS1088) - vxlan: fix null-deref when using nexthop objects - batman-adv: fix OOB read/write in network-coding decode - icmp: icmp_ndo_send: fix reversing address translation for replies - tcp: fix socket ref leak in TCP-AO failure handling for IPv6 - mctp: - mctp_fraq_queue should take ownership of passed skb - usb: initialise mac header in RX path, avoid WARN - wifi: mac80211: do not permit 40 MHz EHT operation on 5/6 GHz, respect device limitations - wifi: wilc1000: avoid buffer overflow in WID string configuration - wifi: mt76: - fix regressions from mt7996 MLO support rework - fix offchannel handling issues on mt7996 - fix multiple wcid linked list corruption issues - mt7921: don't disconnect when AP requests switch to a channel which requires radar detection - mt7925u: use connac3 tx aggr check in tx complete - wifi: intel: - improve validation of ACPI DSM data - cfg: restore some 1000 series configs - wifi: ath: - ath11k: a fix for GTK rekeying - ath12k: a missed WiFi7 capability (multi-link EMLSR) - eth: intel: - ice: fix races in "low latency" firmware interface for Tx timestamps - idpf: set mac type when adding and removing MAC filters - i40e: remove racy read access to some debugfs files Misc: - Revert "eth: remove the DLink/Sundance (ST201) driver" - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY, avoid confusing modprobe" * tag 'net-6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (99 commits) phy: mscc: Stop taking ts_lock for tx_queue and use its own lock selftest: net: Fix weird setsockopt() in bind_bhash.c. MAINTAINERS: add Sabrina to TLS maintainers gve: update MAINTAINERS ppp: fix memory leak in pad_compress_skb net: xilinx: axienet: Add error handling for RX metadata pointer retrieval net: atm: fix memory leak in atm_register_sysfs when device_register fail netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX selftests: netfilter: fix udpclash tool hang ax25: properly unshare skbs in ax25_kiss_rcv() mctp: return -ENOPROTOOPT for unknown getsockopt options net/smc: Remove validation of reserved bits in CLC Decline message ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() net: thunder_bgx: decrement cleanup index before use net: thunder_bgx: add a missing of_node_put net: phylink: move PHY interrupt request to non-fail path net: lockless sock_i_ino() tools: ynl-gen: fix nested array counting wifi: wilc1000: avoid buffer overflow in WID string configuration wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() ...
3 daysMerge tag 'slab-for-6.17-rc5' of ↵Linus Torvalds1-11/+26
git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab Pull slab fixes from Vlastimil Babka: - Stable fix to make slub_debug code not access invalid pointers in the process of reporting issues (Li Qiong) - Stable fix to make object tracking pass gfp flags to stackdepot to avoid deadlock in contexts that can't even wake up kswapd due to e.g. timers debugging enabled (yangshiguang) * tag 'slab-for-6.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab: mm: slub: avoid wake up kswapd in set_track_prepare mm/slub: avoid accessing metadata when pointer is invalid in object_err()
3 dayscifs: prevent NULL pointer dereference in UTF16 conversionMakar Semyonov1-0/+3
There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_utf16, which in turn passes it to cifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash. This patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and returns NULL early to prevent dereferencing NULL pointer. Found by Linux Verification Center (linuxtesting.org) with SVACE Signed-off-by: Makar Semyonov <m.semenov@tssltd.ru> Cc: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com>
3 daysmd: prevent incorrect update of resync/recovery offsetLi Nan1-0/+5
In md_do_sync(), when md_sync_action returns ACTION_FROZEN, subsequent call to md_sync_position() will return MaxSector. This causes 'curr_resync' (and later 'recovery_offset') to be set to MaxSector too, which incorrectly signals that recovery/resync has completed, even though disk data has not actually been updated. To fix this issue, skip updating any offset values when the sync action is FROZEN. The same holds true for IDLE. Fixes: 7d9f107a4e94 ("md: use new helpers in md_do_sync()") Signed-off-by: Li Nan <linan122@huawei.com> Link: https://lore.kernel.org/linux-raid/20250904073452.3408516-1-linan666@huaweicloud.com Signed-off-by: Yu Kuai <yukuai3@huawei.com>
3 daysmd/raid1: fix data lost for writemostly rdevYu Kuai1-1/+1
If writemostly is enabled, alloc_behind_master_bio() will allocate a new bio for rdev, with bi_opf set to 0. Later, raid1_write_request() will clone from this bio, hence bi_opf is still 0 for the cloned bio. Submit this cloned bio will end up to be read, causing write data lost. Fix this problem by inheriting bi_opf from original bio for behind_mast_bio. Fixes: e879a0d9cb08 ("md/raid1,raid10: don't ignore IO flags") Reported-and-tested-by: Ian Dall <ian@beware.dropbear.id.au> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220507 Link: https://lore.kernel.org/linux-raid/20250903014140.3690499-1-yukuai1@huaweicloud.com Signed-off-by: Yu Kuai <yukuai3@huawei.com> Reviewed-by: Li Nan <linan122@huawei.com>
3 daysACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()Miaoqian Lin1-1/+3
If krealloc_array() fails in iort_rmr_alloc_sids(), the function returns NULL but does not free the original 'sids' allocation. This results in a memory leak since the caller overwrites the original pointer with the NULL return value. Fixes: 491cf4a6735a ("ACPI/IORT: Add support to retrieve IORT RMR reserved regions") Cc: <stable@vger.kernel.org> # 6.0.x Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Reviewed-by: Hanjun Guo <guohanjun@huawei.com> Link: https://lore.kernel.org/r/20250828112243.61460-1-linmq006@gmail.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
3 daysphy: mscc: Stop taking ts_lock for tx_queue and use its own lockHoratiu Vultur1-10/+8
When transmitting a PTP frame which is timestamp using 2 step, the following warning appears if CONFIG_PROVE_LOCKING is enabled: ============================= [ BUG: Invalid wait context ] 6.17.0-rc1-00326-ge6160462704e #427 Not tainted ----------------------------- ptp4l/119 is trying to lock: c2a44ed4 (&vsc8531->ts_lock){+.+.}-{3:3}, at: vsc85xx_txtstamp+0x50/0xac other info that might help us debug this: context-{4:4} 4 locks held by ptp4l/119: #0: c145f068 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x58/0x1440 #1: c29df974 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x5c4/0x1440 #2: c2aaaad0 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x108/0x350 #3: c2aac170 (&lan966x->tx_lock){+.-.}-{2:2}, at: lan966x_port_xmit+0xd0/0x350 stack backtrace: CPU: 0 UID: 0 PID: 119 Comm: ptp4l Not tainted 6.17.0-rc1-00326-ge6160462704e #427 NONE Hardware name: Generic DT based system Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x7c/0xac dump_stack_lvl from __lock_acquire+0x8e8/0x29dc __lock_acquire from lock_acquire+0x108/0x38c lock_acquire from __mutex_lock+0xb0/0xe78 __mutex_lock from mutex_lock_nested+0x1c/0x24 mutex_lock_nested from vsc85xx_txtstamp+0x50/0xac vsc85xx_txtstamp from lan966x_fdma_xmit+0xd8/0x3a8 lan966x_fdma_xmit from lan966x_port_xmit+0x1bc/0x350 lan966x_port_xmit from dev_hard_start_xmit+0xc8/0x2c0 dev_hard_start_xmit from sch_direct_xmit+0x8c/0x350 sch_direct_xmit from __dev_queue_xmit+0x680/0x1440 __dev_queue_xmit from packet_sendmsg+0xfa4/0x1568 packet_sendmsg from __sys_sendto+0x110/0x19c __sys_sendto from sys_send+0x18/0x20 sys_send from ret_fast_syscall+0x0/0x1c Exception stack(0xf0b05fa8 to 0xf0b05ff0) 5fa0: 00000001 0000000e 0000000e 0004b47a 0000003a 00000000 5fc0: 00000001 0000000e 00000000 00000121 0004af58 00044874 00000000 00000000 5fe0: 00000001 bee9d420 00025a10 b6e75c7c So, instead of using the ts_lock for tx_queue, use the spinlock that skb_buff_head has. Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev> Fixes: 7d272e63e0979d ("net: phy: mscc: timestamping and PHC support") Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Link: https://patch.msgid.link/20250902121259.3257536-1-horatiu.vultur@microchip.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysselftest: net: Fix weird setsockopt() in bind_bhash.c.Kuniyuki Iwashima1-2/+2
bind_bhash.c passes (SO_REUSEADDR | SO_REUSEPORT) to setsockopt(). In the asm-generic definition, the value happens to match with the bare SO_REUSEPORT, (2 | 15) == 15, but not on some arch. arch/alpha/include/uapi/asm/socket.h:18:#define SO_REUSEADDR 0x0004 arch/alpha/include/uapi/asm/socket.h:24:#define SO_REUSEPORT 0x0200 arch/mips/include/uapi/asm/socket.h:24:#define SO_REUSEADDR 0x0004 /* Allow reuse of local addresses. */ arch/mips/include/uapi/asm/socket.h:33:#define SO_REUSEPORT 0x0200 /* Allow local address and port reuse. */ arch/parisc/include/uapi/asm/socket.h:12:#define SO_REUSEADDR 0x0004 arch/parisc/include/uapi/asm/socket.h:18:#define SO_REUSEPORT 0x0200 arch/sparc/include/uapi/asm/socket.h:13:#define SO_REUSEADDR 0x0004 arch/sparc/include/uapi/asm/socket.h:20:#define SO_REUSEPORT 0x0200 include/uapi/asm-generic/socket.h:12:#define SO_REUSEADDR 2 include/uapi/asm-generic/socket.h:27:#define SO_REUSEPORT 15 Let's pass SO_REUSEPORT only. Fixes: c35ecb95c448 ("selftests/net: Add test for timing a bind request to a port with a populated bhash entry") Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250903222938.2601522-1-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daystools: gpio: remove the include directory on make cleanzhang jiao1-1/+1
Remove the generated include directory when running make clean. Fixes: 8674cea84dc6 ("tools/gpio: move to tools buildsystem") Signed-off-by: Zhang Jiao <zhangjiao2@cmss.chinamobile.com> Link: https://lore.kernel.org/r/20250903063621.2424-1-zhangjiao2@cmss.chinamobile.com [Bartosz: add Fixes tag, improve the commit message] Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
3 daysMAINTAINERS: add Sabrina to TLS maintainersJakub Kicinski1-0/+1
Sabrina has been very helpful reviewing TLS patches, fixing bugs, and, I believe, the last one to implement any major feature in the TLS code base (rekeying). Add her as a maintainer. Acked-by: Sabrina Dubroca <sd@queasysnail.net> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250903212054.1885058-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysgve: update MAINTAINERSJeroen de Borst1-1/+1
Jeroen is leaving Google and Josh is taking his place as a maintainer. Signed-off-by: Jeroen de Borst <jeroendb@google.com> Link: https://patch.msgid.link/20250903175649.23246-1-jeroendb@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysppp: fix memory leak in pad_compress_skbQingfang Deng1-3/+3
If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb) goto drop; drop: kfree_skb(skb); When pad_compress_skb() returns NULL, the reference to the old skb is lost and kfree_skb(skb) ends up doing nothing, leading to a memory leak. Align pad_compress_skb() semantics with realloc(): only free the old skb if allocation and compression succeed. At the call site, use the new_skb variable so the original skb is not lost when pad_compress_skb() fails. Fixes: b3f9b92a6ec1 ("[PPP]: add PPP MPPE encryption module") Signed-off-by: Qingfang Deng <dqfext@gmail.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Yue Haibing <yuehaibing@huawei.com> Link: https://patch.msgid.link/20250903100726.269839-1-dqfext@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet: xilinx: axienet: Add error handling for RX metadata pointer retrievalAbin Joseph1-0/+10
Add proper error checking for dmaengine_desc_get_metadata_ptr() which can return an error pointer and lead to potential crashes or undefined behaviour if the pointer retrieval fails. Properly handle the error by unmapping DMA buffer, freeing the skb and returning early to prevent further processing with invalid data. Fixes: 6a91b846af85 ("net: axienet: Introduce dmaengine support") Signed-off-by: Abin Joseph <abin.joseph@amd.com> Reviewed-by: Radhey Shyam Pandey <radhey.shyam.pandey@amd.com> Link: https://patch.msgid.link/20250903025213.3120181-1-abin.joseph@amd.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysMerge tag 'nf-25-09-04' of ↵Jakub Kicinski5-15/+38
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Florian Westphal says: ==================== netfilter: updates for net 1) Fix a silly bug in conntrack selftest, busyloop may get optimized to for (;;), reported by Yi Chen. 2) Introduce new NFTA_DEVICE_PREFIX attribute in nftables netlink api, re-using old NFTA_DEVICE_NAME led to confusion with different kernel/userspace versions. This refines the wildcard interface support added in 6.16 release. From Phil Sutter. * tag 'nf-25-09-04' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX selftests: netfilter: fix udpclash tool hang ==================== Link: https://patch.msgid.link/20250904072548.3267-1-fw@strlen.de Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet: atm: fix memory leak in atm_register_sysfs when device_register failWang Liang1-2/+4
When device_register() return error in atm_register_sysfs(), which can be triggered by kzalloc fail in device_private_init() or other reasons, kmemleak reports the following memory leaks: unreferenced object 0xffff88810182fb80 (size 8): comm "insmod", pid 504, jiffies 4294852464 hex dump (first 8 bytes): 61 64 75 6d 6d 79 30 00 adummy0. backtrace (crc 14dfadaf): __kmalloc_node_track_caller_noprof+0x335/0x450 kvasprintf+0xb3/0x130 kobject_set_name_vargs+0x45/0x120 dev_set_name+0xa9/0xe0 atm_register_sysfs+0xf3/0x220 atm_dev_register+0x40b/0x780 0xffffffffa000b089 do_one_initcall+0x89/0x300 do_init_module+0x27b/0x7d0 load_module+0x54cd/0x5ff0 init_module_from_file+0xe4/0x150 idempotent_init_module+0x32c/0x610 __x64_sys_finit_module+0xbd/0x120 do_syscall_64+0xa8/0x270 entry_SYSCALL_64_after_hwframe+0x77/0x7f When device_create_file() return error in atm_register_sysfs(), the same issue also can be triggered. Function put_device() should be called to release kobj->name memory and other device resource, instead of kfree(). Fixes: 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array") Signed-off-by: Wang Liang <wangliang74@huawei.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250901063537.1472221-1-wangliang74@huawei.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
3 daysnetfilter: nf_tables: Introduce NFTA_DEVICE_PREFIXPhil Sutter2-11/+33
This new attribute is supposed to be used instead of NFTA_DEVICE_NAME for simple wildcard interface specs. It holds a NUL-terminated string representing an interface name prefix to match on. While kernel code to distinguish full names from prefixes in NFTA_DEVICE_NAME is simpler than this solution, reusing the existing attribute with different semantics leads to confusion between different versions of kernel and user space though: * With old kernels, wildcards submitted by user space are accepted yet silently treated as regular names. * With old user space, wildcards submitted by kernel may cause crashes since libnftnl expects NUL-termination when there is none. Using a distinct attribute type sanitizes these situations as the receiving part detects and rejects the unexpected attribute nested in *_HOOK_DEVS attributes. Fixes: 6d07a289504a ("netfilter: nf_tables: Support wildcard netdev hook specs") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
3 daysselftests: netfilter: fix udpclash tool hangFlorian Westphal3-4/+5
Yi Chen reports that 'udpclash' loops forever depending on compiler (and optimization level used); while (x == 1) gets optimized into for (;;). Add volatile qualifier to avoid that. While at it, also run it under timeout(1) and fix the resize script to not ignore the timeout passed as second parameter to insert_flood. Reported-by: Yi Chen <yiche@redhat.com> Suggested-by: Yi Chen <yiche@redhat.com> Fixes: 78a588363587 ("selftests: netfilter: add conntrack clash resolution test case") Signed-off-by: Florian Westphal <fw@strlen.de>
3 daysMerge tag 'v6.17-rc4-ksmbd-fix' of git://git.samba.org/ksmbdLinus Torvalds2-11/+16
Pull smb server fix from Steve French: - fix handling filenames with ":" (colon) in them * tag 'v6.17-rc4-ksmbd-fix' of git://git.samba.org/ksmbd: ksmbd: allow a filename to contain colons on SMB3.1.1 posix extensions
3 daysMerge tag 'drm-xe-fixes-2025-09-03' of ↵Dave Airlie1-2/+1
https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes - Fix incorrect migration of backed-up object to VRAM (Thomas) Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rodrigo Vivi <rodrigo.vivi@intel.com> Link: https://lore.kernel.org/r/aLiP26TiHkYxtBXL@intel.com
3 daysMerge tag 'drm-misc-fixes-2025-09-03' of ↵Dave Airlie13-18/+135
https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes Two nouveau interrupt handling fixes, one race fix for ivpu, a race fix for drm_sched, and a clock fix for ti-sn65dsi86. Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maxime Ripard <mripard@redhat.com> Link: https://lore.kernel.org/r/qc2rd7bskgufjtyspbjflyjpswcnhyja6s7nm2yb67j7hezyey@yfn2w6n5trff
3 daysax25: properly unshare skbs in ax25_kiss_rcv()Eric Dumazet1-0/+4
Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()"). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Bernard Pidoux <f6bvp@free.fr> Closes: https://lore.kernel.org/netdev/1713f383-c538-4918-bc64-13b3288cd542@free.fr/ Tested-by: Bernard Pidoux <f6bvp@free.fr> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Joerg Reuter <jreuter@yaina.de> Cc: David Ranch <dranch@trinnet.net> Cc: Folkert van Heusden <folkert@vanheusden.com> Reviewed-by: Dan Cross <crossd@gmail.com> Link: https://patch.msgid.link/20250902124642.212705-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysmctp: return -ENOPROTOOPT for unknown getsockopt optionsAlok Tiwari1-1/+1
In mctp_getsockopt(), unrecognized options currently return -EINVAL. In contrast, mctp_setsockopt() returns -ENOPROTOOPT for unknown options. Update mctp_getsockopt() to also return -ENOPROTOOPT for unknown options. This aligns the behavior of getsockopt() and setsockopt(), and matches the standard kernel socket API convention for handling unsupported options. Fixes: 99ce45d5e7db ("mctp: Implement extended addressing") Signed-off-by: Alok Tiwari <alok.a.tiwari@oracle.com> Link: https://patch.msgid.link/20250902102059.1370008-1-alok.a.tiwari@oracle.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet/smc: Remove validation of reserved bits in CLC Decline messageMahanta Jambigi1-2/+0
Currently SMC code is validating the reserved bits while parsing the incoming CLC decline message & when this validation fails, its treated as a protocol error. As a result, the SMC connection is terminated instead of falling back to TCP. As per RFC7609[1] specs we shouldn't be validating the reserved bits that is part of CLC message. This patch fixes this issue. CLC Decline message format can viewed here[2]. [1] https://datatracker.ietf.org/doc/html/rfc7609#page-92 [2] https://datatracker.ietf.org/doc/html/rfc7609#page-105 Fixes: 8ade200c269f ("net/smc: add v2 format of CLC decline message") Signed-off-by: Mahanta Jambigi <mjambigi@linux.ibm.com> Reviewed-by: Sidraya Jayagond <sidraya@linux.ibm.com> Reviewed-by: Alexandra Winter <wintera@linux.ibm.com> Reviewed-by: Dust Li <dust.li@linux.alibaba.com> Link: https://patch.msgid.link/20250902082041.98996-1-mjambigi@linux.ibm.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()Dan Carpenter1-4/+3
The inetdev_init() function never returns NULL. Check for error pointers instead. Fixes: 22600596b675 ("ipv4: give an IPv4 dev to blackhole_netdev") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Simon Horman <horms@kernel.org> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/aLaQWL9NguWmeM1i@stanley.mountain Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet: thunder_bgx: decrement cleanup index before useRosen Penev1-1/+1
All paths in probe that call goto defer do so before assigning phydev and thus it makes sense to cleanup the prior index. It also fixes a bug where index 0 does not get cleaned up. Fixes: b7d3e3d3d21a ("net: thunderx: Don't leak phy device references on -EPROBE_DEFER condition.") Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250901213314.48599-1-rosenp@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet: thunder_bgx: add a missing of_node_putRosen Penev1-7/+11
phy_np needs to get freed, just like the other child nodes. Fixes: 5fc7cf179449 ("net: thunderx: Cleanup PHY probing code.") Signed-off-by: Rosen Penev <rosenp@gmail.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20250901213018.47392-1-rosenp@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet: phylink: move PHY interrupt request to non-fail pathRussell King (Oracle)1-3/+3
The blamed commit added code which could return an error after we requested the PHY interrupt. When we return an error, the caller will call phy_detach() which fails to free the interrupt. Rearrange the code such that failing operations happen before the interrupt is requested, thereby allowing phy_detach() to be used. Note that replacing phy_detach() with phy_disconnect() in these paths could lead to freeing an interrupt which was never requested. Fixes: 1942b1c6f687 ("net: phylink: make configuring clock-stop dependent on MAC support") Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Link: https://patch.msgid.link/E1ut35k-00000001UEl-0iq6@rmk-PC.armlinux.org.uk Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysMerge branch '100GbE' of ↵Jakub Kicinski9-126/+65
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2025-09-02 (ice, idpf, i40e, ixgbe, e1000e) For ice: Jake adds checks for initialization of Tx timestamp tracking structure to prevent NULL pointer dereferences. For idpf: Josh moves freeing of auxiliary device id to prevent use-after-free issue. Emil sets, expected, MAC type value when sending virtchnl add/delete MAC commands. For i40e: Jake removes read debugfs access as 'netdev_ops' has the possibility to overflow. Zhen Ni adds handling for when MAC list is empty. For ixgbe: Alok Tiwari corrects bitmap being used for link speeds. For e1000e: Vitaly adds check to ensure overflow does not occur in e1000_set_eeprom(). * '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue: e1000e: fix heap overflow in e1000_set_eeprom ixgbe: fix incorrect map used in eee linkmode i40e: Fix potential invalid access when MAC list is empty i40e: remove read access to debugfs files idpf: set mac type when adding and removing MAC filters idpf: fix UAF in RDMA core aux dev deinitialization ice: fix NULL access of tx->in_use in ice_ll_ts_intr ice: fix NULL access of tx->in_use in ice_ptp_ts_irq ==================== Link: https://patch.msgid.link/20250902232131.2739555-1-anthony.l.nguyen@intel.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daysnet: lockless sock_i_ino()Eric Dumazet4-28/+14
Followup of commit c51da3f7a161 ("net: remove sock_i_uid()") A recent syzbot report was the trigger for this change. Over the years, we had many problems caused by the read_lock[_bh](&sk->sk_callback_lock) in sock_i_uid(). We could fix smc_diag_dump_proto() or make a more radical move: Instead of waiting for new syzbot reports, cache the socket inode number in sk->sk_ino, so that we no longer need to acquire sk->sk_callback_lock in sock_i_ino(). This makes socket dumps faster (one less cache line miss, and two atomic ops avoided). Prior art: commit 25a9c8a4431c ("netlink: Add __sock_i_ino() for __netlink_diag_dump().") commit 4f9bf2a2f5aa ("tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.") commit efc3dbc37412 ("rds: Make rds_sock_lock BH rather than IRQ safe.") Fixes: d2d6422f8bd1 ("x86: Allow to enable PREEMPT_RT.") Reported-by: syzbot+50603c05bbdf4dfdaffa@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/68b73804.050a0220.3db4df.01d8.GAE@google.com/T/#u Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://patch.msgid.link/20250902183603.740428-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
3 daystools: ynl-gen: fix nested array countingAsbjørn Sloth Tønnesen1-1/+1
The blamed commit introduced the concept of split attribute counting, and later allocating an array to hold them, however TypeArrayNest wasn't updated to use the new counting variable. Abbreviated example from tools/net/ynl/generated/nl80211-user.c: nl80211_if_combination_attributes_parse(...): unsigned int n_limits = 0; [...] ynl_attr_for_each(attr, nlh, yarg->ys->family->hdr_len) if (type == NL80211_IFACE_COMB_LIMITS) ynl_attr_for_each_nested(attr2, attr) dst->_count.limits++; if (n_limits) { dst->_count.limits = n_limits; /* allocate and parse attributes */ } In the above example n_limits is guaranteed to always be 0, hence the conditional is unsatisfiable and is optimized out. This patch changes the attribute counting to use n_limits++ in the attribute counting loop in the above example. Fixes: 58da455b31ba ("tools: ynl-gen: improve unwind on parsing errors") Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net> Link: https://patch.msgid.link/20250902160001.760953-1-ast@fiberby.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>