Merge tag 'perf-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf events fixes from Ingo Molnar:
- Fix SVM #GP on AMD CPUs that LBR but not BRS (Sandipan Das)
- Fix UAF bug in the perf AUX code (Lee Jia Jie)
- Fix address leakage in the AMD LBR code (Sandipan Das)
- Fix address leakage in the AMD BRS code (Sandipan Das)
* tag 'perf-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf/x86/amd/brs: Fix kernel address leakage
perf/x86/amd/lbr: Fix kernel address leakage
perf/aux: Fix page UAF in map_range()
perf/x86/amd/core: Avoid enabling BRS from the SVM reload path
Merge tag 'x86-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
- Fix resctrl resource leak (Tony Luck)
- Fix resctrl umount race (Tony Luck)
- Fix resctrl double-free (Reinette Chatre)
- Fix x86 VGA display fallback logic during bootup on
certain multi-GPU systems (Mario Limonciello)
- Re-add a WBINVD call to the SNP bootstrap path to
fix an SNP regression (Tycho Andersen)
* tag 'x86-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/virt/sev: Revert "Drop WBINVD before setting MSR_AMD64_SYSCFG_SNP_EN"
x86/video: Only fall back to vga_default_device() without screen info
[3 lines not shown]
Merge tag 'timers-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Ingo Molnar:
- Fix a subtle posix-cpu-timers vs. exec() race, which
unearthed other races in the area (Thomas Gleixner)
* tag 'timers-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
posix-cpu-timers: Prevent UAF caused by non-leader exec() race
[IR] Use pretty printing for mask in is_fpclass (#207653)
The second argument of `llvm.is_fpclass` is a mask, where each bit
represents a floating-point class. Understanding the check that the call
makes in an IR dump requires additional effort. To simplify the
interpretation of IR dumps, a previously implemented pretty-printing
mechanism can be used:
https://github.com/llvm/llvm-project/commit/39e7712ac520ccfc43383b3e9d6ea8cf2958b8e3.
This commit implements this mechanism for printing the arguments of
`llvm.is_fpclass`.
This change also fixes the printing of argument names: if an argument
name is absent, it is simply not printed.
Merge tag 'block-7.2-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull block fixes from Jens Axboe:
- Limit blk_hctx_poll() to one jiffy. Prevents buggy drivers from
spinning for too long, hence triggering a stalled RCU read section
warning
- Avoid a potential deadlock on zone revalidation failure, which could
otherwise trigger a lockdep circular locking splat during a SCSI disk
rescan
- Remove a redundant GD_NEED_PART_SCAN set in add_disk_final()
- Make writes to queue/wbt_lat_usec honor the WBT enable state
- ublk fix to snapshot the batch commands before preparing IO, so that
userspace can't change an already processed tag and trip the
WARN_ON_ONCE() in the rollback path
[13 lines not shown]
Merge tag 'io_uring-7.2-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull io_uring fixes from Jens Axboe:
- Restore full RCU read section in io_req_local_work_add(), which was
mistakenly dropped with the DEFER_TASKRUN rework in this merge
window. Revert the commit that grabbed the RCU read lock in
io_ctx_mark_taskrun(), as that's no longer required with the previous
fix.
- Fix a dangling iovec after a provided-buffer bundle grow failure,
also an issue introduced in this merge window.
- Reject IORING_CQE_F_32 flag pass-through in MSG_RING to rings that
weren't setup with CQE32 or CQE_MIXED.
- Return -EINVAL rather than -ENOMEM from get_unmapped_area() when mmap
validation fails, matching io_uring_mmap().
[7 lines not shown]
Use ENTRY_NB() for sig{set,long}jmp
Like on arm, the END_WEAK() trigger "changed binding to STB_WEAK"
warnings on sparc64 when compiled with clang.
ok kettenis
[mlir][presburger] Avoid redundant zero-initialization in insertColumns (#199911)
When insertColumns does not trigger a physical reallocation, the inner
loop needlessly loops up to nReservedColumns - 1. This causes massive
redundant zero-writes on trailing columns that are already zero. This
patch truncates the inner loop start boundary to nColumns - 1, when the
reserved capacity is unchanged, optimizing the non-realloc path from
O(nRows * nReservedColumns) to O(nRows * nColumns).
nfsd: Garbage collect stray NFSv4 state
When a file is deleted on the NFS server by another client,
any NFSv4 state related to that file is left stranded.
This happens because the NFSv4 operations that free the
state use a CFH, which is set by a PutFH operation.
However, the PutFH fails with ESTALE because the file has
been deleted.
This patch adds a function called nfsrv_freestrandedstate()
that frees all the NFSv4 state related to a file and calls
this function when PutFH will be replying ESTALE.
While here, a helper function was defined to handle free'ng
of the nfslockfile structure and replaces the two places
where nearly identical code does this.
Reported by: Richard Purdie <richard.purdie at linuxfoundation.org>
Tested by: Michael Halstead <mhalstead at linuxfoundation.org>
MFC after: 2 weeks
Add Rendition Verite V2100/V2200 (PCI/AGP) wsdisplay driver.
The driver supports:
- Fully accelerated console, provided that the user installs microcode
from the Windows driver (v20002d.uc). The driver runs unaccelerated
until root file system is available, or if the microcode is not present.
- Mode setting and DDC.
Redistribution terms of the original microcode are unclear, therefore
it must be obtained seprarately.
At some point in the future, we may just develop an alternative microcode,
since Verite RISC is documented and reverse engineering efforts have
filled the knowledge gaps.
18213 rpc/xdr.h should not pull in stdio.h
Reviewed by: Hans Rosenfeld <rosenfeld at grumpf.hope-2000.org>
Reviewed by: Toomas Soome <tsoome at me.com>
Reviewed by: Bill Sommerfeld <sommerfeld at hamachi.org>
Approved by: Dan McDonald <danmcd at edgecast.io>
security/dogtag-pki: Fix PKI version file path
Read share/pki/VERSION from LOCALBASE instead of the Linux
/usr/share/pki path.
Sponsored by: Netzkommune GmbH
Encrypt swap pages "inline" instead of going through a bounce buffer. This
means we no longer need to reserve bounce pages for the pagdaemon. Instead
we can use the complete set of psegs to swap out pages. Note that there is
another important consequence of this diff. Before the old page remaines
unencrypted and on the inactive queue, where it will sit until the
pagedaemon runs again and kills it. With this diff, pages will be freed
as soon as the I/O completes. This is probably an improvement in itself.
This is simplified version of a diff posted by mpi@ earlier this year.
These simplifications were possible because we no longer bounce pages to
meet DMA constraints in the swap code.
ok deraadt@