[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.120-part1

[opsiff]

Due to github limit, submit part 1/8 of v6.6.120.

git log --oneline v6.6.119..v6.6.120~638 | wc
100 867 7155

Changelog v2:
Add the commit in v6.6.120 to fix build failed in LoongArch.
And rebase to now linux-6.6.y,so #1395 merged berfore.

LoongArch: Add machine_kexec_mask_interrupts() implementation

Alexander Sverdlin (1):
locking/spinlock/debug: Fix data-race in do_raw_write_lock

Alexey Nepomnyashih (1):
ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()

Alvaro Gamez Machado (1):
spi: xilinx: increase number of retries before declaring stall

Antheas Kapenekakis (2):
platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally

April Grimoire (1):
HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list

Armin Wolf (1):
platform/x86: acer-wmi: Ignore backlight event

Aryan Srivastava (2):
Revert "mtd: rawnand: marvell: fix layouts"
mtd: nand: relax ECC parameter validation check

Bagas Sanjaya (1):
Documentation: process: Also mention Sasha Levin as stable tree
maintainer

Baochen Qiang (1):
wifi: ath11k: fix peer HE MCS assignment

Benjamin Berg (1):
tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set

Claudiu Beznea (3):
clk: renesas: rzg2l: Simplify the logic in rzg2l_mod_clock_endisable()
clk: renesas: rzg2l: Remove critical area
clk: renesas: rzg2l: Use %x format specifier to print CLK_ON_R()

Deepanshu Kartikey (1):
ext4: refresh inline data size before write operations

Dylan Hatch (1):
objtool: Fix standalone --hacks=jump_label

Fabio Porcedda (2):
USB: serial: option: add Telit Cinterion FE910C04 new compositions
USB: serial: option: move Telit 0x10c7 composition in the right place

Fernand Sieber (1):
sched/fair: Forfeit vruntime on yield

Francesco Lavra (1):
iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member

Geert Uytterhoeven (2):
clk: renesas: Use str_on_off() helper
PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2

Gergo Koteles (1):
arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider

Guido Günther (1):
drm/panel: visionox-rm69299: Don't clear all mode flags

Haotian Zhang (1):
mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and
remove

Heiko Carstens (2):
s390/smp: Fix fallback CPU detection
s390/ap: Don't leak debug feature files if AP instructions are not
available

Herbert Xu (1):
crypto: authenc - Correctly pass EINPROGRESS back up to the caller

Horatiu Vultur (1):
phy: mscc: Fix PTP for VSC8574 and VSC8572

Huacai Chen (1):
LoongArch: Mask all interrupts during kexec/kdump

Ian Abbott (1):
comedi: c6xdigio: Fix invalid PNP driver unregistration

Ian Forbes (1):
drm/vmwgfx: Use kref in vmw_bo_dirty

Janusz Krzysztofik (1):
drm/vgem-fence: Fix potential deadlock on release

Jia Ston (1):
platform/x86: huawei-wmi: add keys for HONOR models

Johan Hovold (8):
USB: serial: ftdi_sio: match on interface number for jtag
USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC
USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC
irqchip/irq-bcm7038-l1: Fix section mismatch
irqchip/irq-bcm7120-l2: Fix section mismatch
irqchip/irq-brcmstb-l2: Fix section mismatch
irqchip/imx-mu-msi: Fix section mismatch
irqchip/qcom-irq-combiner: Fix section mismatch

Josh Poimboeuf (1):
objtool: Fix weak symbol detection

Keith Busch (1):
nvme: fix admin request_queue lifetime

Konstantin Andreev (1):
smack: fix bug: unprivileged task can create labels

Kuniyuki Iwashima (1):
sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock().

Li Qiang (1):
uio: uio_fsl_elbc_gpcm:: Add null pointer check to
uio_fsl_elbc_gpcm_probe

Linus Torvalds (1):
samples: work around glibc redefining some of our defines wrong

Luca Weiss (1):
clk: qcom: camcc-sm6350: Fix PLL config of PLL2

Lushih Hsieh (1):
ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series

Magne Bruno (1):
serial: add support of CPCI cards

Mainak Sen (1):
gpu: host1x: Fix race in syncpt alloc/free

Marek Vasut (2):
clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle
callback
clk: renesas: cpg-mssr: Read back reset registers to assure values
latched

Mario Limonciello (AMD) (1):
HID: hid-input: Extend Elan ignore battery quirk to USB

Mavroudis Chatzilazaridis (1):
HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync()

Max Chou (1):
Bluetooth: btrtl: Avoid loading the config file on security chips

Naoki Ueki (1):
HID: elecom: Add support for ELECOM M-XT3URBK (018F)

Navaneeth K (3):
staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser
staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing

Nikita Zhandarovich (3):
comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
comedi: multiq3: sanitize config options in multiq3_attach()
comedi: check device's attached status in compat ioctls

Omar Sandoval (1):
KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced

Peng Fan (1):
firmware: imx: scu-irq: fix OF node leak in

Peter Zijlstra (1):
task_work: Fix NMI race condition

Praveen Talari (1):
pinctrl: qcom: msm: Fix deadlock in pinmux configuration

Qianchang Zhao (1):
ksmbd: ipc: fix use-after-free in ipc_msg_send_request

Randolph Sapp (1):
arm64: dts: ti: k3-am62p: Fix memory ranges for GPU

Raphael Pinsonneault-Thibeault (1):
ntfs3: fix uninit memory after failed mi_read in mi_format_new

Robin Gong (1):
spi: imx: keep dma request disabled before dma transfer setup

Sabrina Dubroca (4):
xfrm: delete x->tunnel as we delete x
Revert "xfrm: destroy xfrm_state synchronously on net exit path"
xfrm: also call xfrm_state_delete_tunnel at destroy time for states
that were never added
xfrm: flush all states in xfrm_state_fini

Seungjin Bae (1):
USB: Fix descriptor count when handling invalid MBIM extended
descriptor

Sidharth Seela (1):
ntfs3: Fix uninit buffer allocated by __getname()

Slark Xiao (1):
USB: serial: option: add Foxconn T99W760

Song Liu (1):
ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()

Stefan Kalscheuer (1):
leds: spi-byte: Use devm_led_classdev_register_ext()

Tengda Wu (1):
x86/dumpstack: Prevent KASAN false positive warnings in __show_regs()

Tetsuo Handa (1):
bfs: Reconstruct file type when loading from disk

Thierry Bultel (1):
clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register

Thorsten Blum (1):
crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id

Tim Harvey (4):
arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate
usdhc1 props
arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl
arm64: dts: imx8mp-venice-gw702x: remove off-board uart
arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1

Vladimir Zapolskiy (1):
clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent
to other

Wolfram Sang (2):
ARM: dts: renesas: gose: Remove superfluous port property
ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells
properties

Xuanqiang Luo (2):
rculist: Add hlist_nulls_replace_rcu() and
hlist_nulls_replace_init_rcu()
inet: Avoid ehash lookup race in inet_ehash_insert()

Ye Bin (1):
jbd2: avoid bug_on in jbd2_journal_get_create_access() when file
system corrupted

Yiqi Sun (1):
smb: fix invalid username check in smb3_fs_context_parse_param()

Zenm Chen (1):
wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1

Zhu Yanjun (1):
RDMA/rxe: Fix null deref on srq->rq.queue after resize failure

nieweiqiang (1):
crypto: hisilicon/qm - restore original qos values

Documentation/process/2.Process.rst | 6 +-
arch/arm/boot/dts/renesas/r8a7793-gose.dts | 1 -
.../dts/renesas/r9a06g032-rzn1d400-db.dts | 2 -
.../dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 --
.../dts/freescale/imx8mp-venice-gw702x.dtsi | 51 ------
.../dts/freescale/imx8mp-venice-gw72xx.dtsi | 11 --
.../boot/dts/qcom/sdm845-oneplus-common.dtsi | 4 +-
arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +-
arch/loongarch/kernel/machine_kexec.c | 2 +
arch/s390/kernel/smp.c | 1 +
arch/x86/include/asm/kvm_host.h | 9 ++
arch/x86/kernel/dumpstack.c | 23 ++-
arch/x86/kvm/svm/svm.c | 24 +--
arch/x86/kvm/x86.c | 21 +++
crypto/asymmetric_keys/asymmetric_type.c | 14 +-
crypto/authenc.c | 75 ++++++---
drivers/bluetooth/btrtl.c | 24 +--
drivers/clk/qcom/camcc-sm6350.c | 13 +-
drivers/clk/renesas/r7s9210-cpg-mssr.c | 7 +-
drivers/clk/renesas/r8a77970-cpg-mssr.c | 8 +-
drivers/clk/renesas/rcar-gen2-cpg.c | 5 +-
drivers/clk/renesas/rcar-gen2-cpg.h | 3 +-
drivers/clk/renesas/rcar-gen3-cpg.c | 6 +-
drivers/clk/renesas/rcar-gen3-cpg.h | 3 +-
drivers/clk/renesas/rcar-gen4-cpg.c | 6 +-
drivers/clk/renesas/rcar-gen4-cpg.h | 3 +-
drivers/clk/renesas/renesas-cpg-mssr.c | 150 +++++++++---------
drivers/clk/renesas/renesas-cpg-mssr.h | 20 ++-
drivers/clk/renesas/rzg2l-cpg.c | 15 +-
drivers/comedi/comedi_fops.c | 42 ++++-
drivers/comedi/drivers/c6xdigio.c | 46 ++++--
drivers/comedi/drivers/multiq3.c | 9 ++
drivers/comedi/drivers/pcl818.c | 5 +-
drivers/crypto/hisilicon/qm.c | 14 +-
drivers/firmware/imx/imx-scu-irq.c | 4 +-
.../gpu/drm/panel/panel-visionox-rm69299.c | 2 +-
drivers/gpu/drm/vgem/vgem_fence.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c | 12 +-
drivers/gpu/host1x/syncpt.c | 4 +-
drivers/hid/hid-apple.c | 1 +
drivers/hid/hid-elecom.c | 6 +-
drivers/hid/hid-ids.h | 3 +-
drivers/hid/hid-input.c | 5 +-
drivers/hid/hid-logitech-hidpp.c | 9 +-
drivers/hid/hid-quirks.c | 3 +-
drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 2 +-
drivers/infiniband/sw/rxe/rxe_srq.c | 7 +-
drivers/irqchip/irq-bcm7038-l1.c | 8 +-
drivers/irqchip/irq-bcm7120-l2.c | 17 +-
drivers/irqchip/irq-brcmstb-l2.c | 12 +-
drivers/irqchip/irq-imx-mu-msi.c | 14 +-
drivers/irqchip/qcom-irq-combiner.c | 2 +-
drivers/leds/leds-spi-byte.c | 11 +-
drivers/mtd/nand/raw/lpc32xx_slc.c | 2 +
drivers/mtd/nand/raw/marvell_nand.c | 13 +-
drivers/mtd/nand/raw/nand_base.c | 13 +-
drivers/net/phy/mscc/mscc_main.c | 6 +-
drivers/net/wireless/ath/ath11k/mac.c | 4 +-
drivers/net/wireless/ath/ath11k/wmi.c | 7 +-
.../net/wireless/realtek/rtw88/rtw8822cu.c | 2 +
drivers/nvme/host/core.c | 3 +-
drivers/pci/controller/Kconfig | 7 +-
drivers/pinctrl/qcom/pinctrl-msm.c | 2 +-
drivers/platform/x86/acer-wmi.c | 4 +
drivers/platform/x86/amd/pmc/pmc-quirks.c | 25 +++
drivers/platform/x86/huawei-wmi.c | 4 +
drivers/s390/crypto/ap_bus.c | 8 +-
drivers/spi/spi-imx.c | 15 +-
drivers/spi/spi-xilinx.c | 2 +-
.../staging/rtl8723bs/core/rtw_ieee80211.c | 14 +-
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 13 +-
drivers/tty/serial/8250/8250_pci.c | 37 +++++
drivers/uio/uio_fsl_elbc_gpcm.c | 7 +
drivers/usb/core/message.c | 2 +-
drivers/usb/serial/belkin_sa.c | 28 ++--
drivers/usb/serial/ftdi_sio.c | 72 +++------
drivers/usb/serial/kobil_sct.c | 18 +--
drivers/usb/serial/option.c | 22 ++-
fs/bfs/inode.c | 19 ++-
fs/ext4/inline.c | 14 +-
fs/jbd2/transaction.c | 19 ++-
fs/ntfs3/fsntfs.c | 9 +-
fs/ntfs3/inode.c | 1 +
fs/smb/client/fs_context.c | 2 +-
fs/smb/server/transport_ipc.c | 7 +-
include/linux/rculist_nulls.h | 59 +++++++
include/net/sock.h | 13 ++
include/net/xfrm.h | 13 +-
kernel/locking/spinlock_debug.c | 4 +-
kernel/sched/fair.c | 14 +-
kernel/task_work.c | 8 +-
kernel/trace/ftrace.c | 40 +++--
net/ipv4/inet_hashtables.c | 8 +-
net/ipv4/ipcomp.c | 2 +
net/ipv6/ipcomp6.c | 2 +
net/ipv6/xfrm6_tunnel.c | 2 +-
net/key/af_key.c | 2 +-
net/sctp/socket.c | 5 +-
net/xfrm/xfrm_ipcomp.c | 1 -
net/xfrm/xfrm_state.c | 41 ++---
net/xfrm/xfrm_user.c | 2 +-
samples/vfs/test-statx.c | 6 +
samples/watch_queue/watch_test.c | 6 +
security/smack/smack_lsm.c | 41 +++--
sound/usb/quirks.c | 6 +
tools/include/nolibc/stdio.h | 4 +
tools/objtool/check.c | 3 +-
tools/objtool/elf.c | 8 +-
108 files changed, 920 insertions(+), 531 deletions(-)

[sourcery-ai]

Reviewer's Guide

Updates the 6.6 tree to include a large batch of stable backports, notably refactoring Renesas CPG/MSSR clock/reset plumbing, fixing async error propagation and callback ordering in crypto authenc, tightening RCU nulls-list helpers and inet ehash insertion to avoid races, correcting various driver- and arch-specific bugs (USB serial, HID, SPI, NAND, ntfs3/ext4/jbd2, KVM SVM, xfrm state/tunnel handling, scheduler yield, etc.), and adding a few new device IDs and quirks.

Updated class diagram for Renesas CPG/MSSR pub-priv clock infrastructure

classDiagram
    class cpg_mssr_pub {
        +void__iomem* base0
        +raw_notifier_head notifiers
        +spinlock_t rmw_lock
        +clk** clks
    }

    class cpg_mssr_priv {
        +cpg_mssr_pub pub
        +reset_controller_dev rcdev
        +device* dev
        +clk_reg_layout reg_layout
        +device_node* np
        +unsigned_int num_core_clks
        +unsigned_int num_mod_clks
        +unsigned_int last_dt_core_clk
        +const_u16* status_regs
        +const_u16* control_regs
        +const_u16* reset_regs
        +const_u16* reset_clear_regs
        +cpg_mssr_clk smstpcr_saved[8]
        +clk* clks[]
        +int __init cpg_mssr_common_init(device* dev,cpg_mssr_info* info,device_node* np)
        +int cpg_mstp_clock_endisable(clk_hw* hw,bool enable)
        +int cpg_mstp_clock_is_enabled(clk_hw* hw)
        +int cpg_mssr_reset(reset_controller_dev* rcdev,unsigned_long id)
        +int cpg_mssr_assert(reset_controller_dev* rcdev,unsigned_long id)
        +int cpg_mssr_deassert(reset_controller_dev* rcdev,unsigned_long id)
        +int cpg_mssr_status(reset_controller_dev* rcdev,unsigned_long id)
        +int cpg_mssr_suspend_noirq(device* dev)
        +int cpg_mssr_resume_noirq(device* dev)
    }

    class cpg_mssr_info {
        +unsigned_int num_total_core_clks
        +unsigned_int num_hw_mod_clks
        +unsigned_int last_dt_core_clk
        +clk_reg_layout reg_layout
        +clk*(*cpg_clk_register)(device* dev,const_cpg_core_clk* core,const_cpg_mssr_info* info,cpg_mssr_pub* pub)
    }

    class cpg_core_clk {
        +const_char* name
        +unsigned_int id
        +unsigned_int parent
        +unsigned_int type
        +unsigned_int div
        +unsigned_int mult
        +unsigned_int offset
    }

    class rcar_gen2_cpg {
        +clk* rcar_gen2_cpg_clk_register(device* dev,const_cpg_core_clk* core,const_cpg_mssr_info* info,cpg_mssr_pub* pub)
    }

    class rcar_gen3_cpg {
        +clk* rcar_gen3_cpg_clk_register(device* dev,const_cpg_core_clk* core,const_cpg_mssr_info* info,cpg_mssr_pub* pub)
    }

    class rcar_gen4_cpg {
        +clk* rcar_gen4_cpg_clk_register(device* dev,const_cpg_core_clk* core,const_cpg_mssr_info* info,cpg_mssr_pub* pub)
    }

    class r7s9210_cpg {
        +clk* rza2_cpg_clk_register(device* dev,const_cpg_core_clk* core,const_cpg_mssr_info* info,cpg_mssr_pub* pub)
    }

    class r8a77970_cpg {
        +clk* r8a77970_cpg_clk_register(device* dev,const_cpg_core_clk* core,const_cpg_mssr_info* info,cpg_mssr_pub* pub)
    }

    cpg_mssr_priv --> cpg_mssr_pub : has_pub
    cpg_mssr_priv --> cpg_mssr_info : uses_for_init
    cpg_mssr_info --> cpg_core_clk : describes

    rcar_gen2_cpg ..> cpg_mssr_pub : uses
    rcar_gen3_cpg ..> cpg_mssr_pub : uses
    rcar_gen4_cpg ..> cpg_mssr_pub : uses
    r7s9210_cpg ..> cpg_mssr_pub : uses
    r8a77970_cpg ..> cpg_mssr_pub : uses

    rcar_gen2_cpg ..> cpg_mssr_info : conforms_to
    rcar_gen3_cpg ..> cpg_mssr_info : conforms_to
    rcar_gen4_cpg ..> cpg_mssr_info : conforms_to
    r7s9210_cpg ..> cpg_mssr_info : conforms_to
    r8a77970_cpg ..> cpg_mssr_info : conforms_to

    cpg_mssr_priv o--> clk : owns_clks
    cpg_mssr_pub o--> clk : publishes_clks

Loading

File-Level Changes

Change	Details	Files
Refactor Renesas CPG/MSSR clock/reset plumbing to use a shared public struct and tighten reset and suspend/resume handling	Introduce struct cpg_mssr_pub carrying base address, notifier chain, RMW lock and clock array and thread it through all Renesas CPG/MSSR helpers and SoC-specific registration functions Replace direct priv->base / priv->rmw_lock / priv->clks / priv->notifiers usage with priv->pub.* in clock enable/disable, status checking, suspend/resume, and reset operations Rework reset sequencing to use a common helper with read-back+barrier and add proper usleep_range delays, including 1ms delay for R-Car Gen4, and ensure tunnel-style reset helpers use the new base pointer Clean up of_iomap/iounmap paths, initialization, and debug logging (e.g. use str_on_off, fix CLK_ON logging on RZ/G2L)	drivers/clk/renesas/renesas-cpg-mssr.c drivers/clk/renesas/renesas-cpg-mssr.h drivers/clk/renesas/r7s9210-cpg-mssr.c drivers/clk/renesas/r8a77970-cpg-mssr.c drivers/clk/renesas/rcar-gen2-cpg.c drivers/clk/renesas/rcar-gen2-cpg.h drivers/clk/renesas/rcar-gen3-cpg.c drivers/clk/renesas/rcar-gen3-cpg.h drivers/clk/renesas/rcar-gen4-cpg.c drivers/clk/renesas/rcar-gen4-cpg.h drivers/clk/renesas/rzg2l-cpg.c
Fix crypto authenc AEAD async error handling and auth/crypt sequencing	Ensure EINPROGRESS and EBUSY from lower layers are propagated correctly without prematurely completing the AEAD request Split ahash completion into a common finishing helper and two callbacks to handle normal vs nested async contexts, masking request flags appropriately Adjust encrypt/decrypt paths to call crypto_authenc_genicv/crypto_authenc_decrypt_tail with a mask that suppresses MAY_SLEEP in nested async contexts, and add dedicated decrypt-tail completion callback Tighten request completion so that authenc_request_complete is consistently used and no double-completions occur	crypto/authenc.c
Strengthen RCU nulls list and inet ehash manipulation to avoid races and support in-place replacement	Add hlist_nulls_pprev_rcu and new helpers hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() for safe RCU-protected list element replacement Introduce sk_nulls_replace_node_init_rcu() to atomically replace one sk in a nulls-hlist with another while dropping the old reference Change inet_ehash_insert() to use sk_nulls_replace_node_init_rcu when osk is provided, and simplify duplicate detection/insert logic under the bucket lock	include/linux/rculist_nulls.h include/net/sock.h net/ipv4/inet_hashtables.c
Fix various Comedi driver lifetime and compat-ioctl bugs	Move c6xdigio PnP driver registration/unregistration into module init/exit while using comedi_driver_register/unregister directly, tracking whether PnP registration succeeded Replace custom c6xdigio detach routine with comedi_legacy_detach and ensure unregister paths clean up PnP driver only if registered Guard multiple compat ioctl handlers (chaninfo, rangeinfo, cmd, cmdtest, insnlist, insn) with dev->attached checks to avoid accessing unbound devices and return -ENODEV early Limit multiq3 encoder subdevice channel count to a sane maximum and reset encoders only for the effective channel count Simplify pcl818 detach to cancel/reset without dereferencing freed private data	drivers/comedi/drivers/c6xdigio.c drivers/comedi/comedi_fops.c drivers/comedi/drivers/multiq3.c drivers/comedi/drivers/pcl818.c
Rework xfrm state destruction/tunnel handling and flush semantics	Split the internal GC destruction helper into xfrm_state_gc_destroy() that also calls xfrm_state_delete_tunnel(), and remove the exported xfrm_state_delete_tunnel() symbol Make __xfrm_state_destroy() always tear down states via the GC workqueue (no synchronous mode) and update xfrm_state_put* callers accordingly Ensure xfrm_state_delete() calls xfrm_state_delete_tunnel() before dropping the alloc reference, and adjust tunnel user accounting to use atomic_dec_return and xfrm_state_put Simplify xfrm_state_flush() signature (drop sync parameter) and update all call sites in IPv4/IPv6, af_key, xfrm_user, and xfrm6_tunnel_net_exit/xfrm_state_fini to rely on async GC then flush_gc	net/xfrm/xfrm_state.c include/net/xfrm.h net/ipv4/ipcomp.c net/ipv6/ipcomp6.c net/ipv6/xfrm6_tunnel.c net/key/af_key.c net/xfrm/xfrm_user.c net/xfrm/xfrm_ipcomp.c
Fix Smack setprocattr label handling and privilege checks	Parse the input Smack label into a temporary string first, explicitly reject web/star special labels by character instead of struct pointers, and free the temporary buffer on all paths Rework non-CAP_MAC_ADMIN relabel permission checks to compare string labels in the task's smk_relabel list, returning -EPERM if not allowed Defer smk_import_entry() to after validation, so that only validated labels are imported and used to update credentials	security/smack/smack_lsm.c
Improve ftrace IPMODIFY handling and direct-call retargeting	Extend __ftrace_hash_update_ipmodify() with an update_target flag to optionally update all records even when filter membership is unchanged, and guard against incorrectly modifying DIRECT callers unless explicitly requested Use the new flag in __modify_ftrace_direct() to ensure ops_func is installed for relevant records before retargeting direct callers; keep previous direct trampoline assumptions intact Pass update_target=false from enable/disable/update paths so that only changes in the filter hash cause text modifications	kernel/trace/ftrace.c
Adjust KVM SVM soft-int emulation to skip exactly the intended instruction and propagate vector information	Extend __svm_skip_emulated_instruction() to take an emulation type bitmap instead of a boolean and pass appropriate flags for normal skip vs soft-interrupt skip with vector encoding Introduce EMULTYPE_SKIP_SOFT_INT and macros to encode/decode the soft-int vector in emulation_type, and teach x86_emulate_instruction() to only perform a skip when the decoded opcode matches the requested software interrupt Update svm_update_soft_interrupt_rip(), svm_inject_exception(), and svm_inject_irq() to pass the correct vector into the emulator and reuse the new emul_type flags	arch/x86/include/asm/kvm_host.h arch/x86/kvm/svm/svm.c arch/x86/kvm/x86.c
Fix NVMe admin queue lifetime, making sure blk_queues are released in the correct context	Stop calling blk_put_queue() from nvme_remove_admin_tag_set(), leaving only blk_mq_destroy_queue() there Add a blk_put_queue() for ctrl->admin_q in nvme_free_ctrl() and guard it with a NULL check so admin queue references are dropped when the controller device is finally freed	drivers/nvme/host/core.c
Tighten scheduler yield handling and task_work NMI waking semantics	Change yield_task_fair() so that an entity forfeits remaining vruntime by advancing vruntime to deadline and updating min_vruntime only if the entity is eligible on its cfs_rq, avoiding runaway vruntime and loops with core scheduling and ineligible tasks Make the TWA_NMI_CURRENT task_work notify path explicitly set TIF_NOTIFY_RESUME and use a no-op irq_work callback (no test_and_set) so that the NMI-triggered IPI only tickles return-to-user and doesn’t race with flag setting	kernel/sched/fair.c kernel/task_work.c
Fix various driver-specific bugs (USB serial, HID, SPI, NAND, filesystems, net, etc.) and add device/quirk support	USB serial: match FTDI JTAG-style adapters on specific interface numbers instead of driver_info quirks; fix belkin_sa and kobil_sct TIOCMSET handling so RTS/DTR control lines are updated correctly and only when needed; extend option.c ID table for additional Telit FE910C04 compositions and Foxconn T99W760; adjust descriptor parsing for invalid MBIM extended descriptors HID: add SONiX AK870 PRO to Apple non-Apple keyboards list; handle Elecom M-XT3URBK multiple PIDs, wiring them through elecom fixups and quirks; fix Logitech hidpp busy handling to not assume HID++ 2.0 only; ignore bogus battery reports on all Elan HID devices, including USB; extend Elan battery ignore to USB as well Storage/fs: rework BFS inode mode reconstruction to derive S_IFMT from vtype and clamp to low 12 bits; relax NAND ECC parameter validation to warn instead of fail hard and update Marvell NAND ECC layouts; fix ntfs3 zero-filled buffer handling on uninitialized blocks and initialize path buffers in ntfs_link_inode(); fix jbd2_journal_get_create_access() to abort journal rather than BUG_ON on inconsistent state Networking/xfrm: constrain IPComp tunnel xfrm state lock class to avoid lockdep recursion; ensure IPComp destroy doesn’t redundantly delete tunnels now handled by xfrm_state GC Networking/ath11k: fix HE MCS RX/TX assignment and apply MCS limiting to RX-side capabilities, and send correct RX/TX sets to firmware Misc drivers: fix Renesas RZ/G2L module clock enable path to use str_on_off and simplified write; ensure spi-imx DMA trigger is enabled only when using DMA and moved out of setup path; increase RX polling iterations in spi-xilinx; restore and rollback hisilicon QM shaper VFT settings on error; ensure vmwgfx page-dirty tracking uses kref; ensure host1x syncpoint release is serialized via kref_put_mutex; fix PTP probe/interrupt handler wiring for MSCC PHYs; add ADDIDATA CPCI* PCI IDs and map them to standard 8250 port blocks; guard ksmbd IPC message wait and hash-table removal with consistent locking; fix uio_fsl_elbc_gpcm error path to avoid NULL-name and correctly unmap on failure; fix imx-scu IRQ general channel to of_node_put the MU reference; arrange ap_bus debugfs initialization after checking AP instruction availability; drop _init annotations from OF init helpers used as callbacks; use TIMER_IRQSAFE for vgem fences Filesystems/ext4/jbd2/ntfs3/smb: refresh inline data size before writes and protect ext4_destroy_inline_data_nolock() with i_data_sem; relax jbd2 buffer-state assertions and abort instead of BUG_ON when buffers are reused across transactions; fix ntfs3 get_bh() zeroing and link path buffer initialization; fix SMB username length check to reject exactly-max-length usernames instead of allowing unterminated strings Arch and tooling: mask interrupts before kexec/kdump on LoongArch; prevent KASAN false positives in x86 stack traces by disabling KASAN when walking non-current stacks and move the real trace logic into a KMSAN-no-check helper; fix s390 CPU core type reporting for fallback CPUs; work around glibc header conflicts in samples by undefining AT_RENAME* macros; make objtool’s symbol hole search use symbol length and let add_special_section_alts() run when hack_jump_label is enabled; fix nolibc perror() when errno is ignored Misc platform/quirks: add ASUS ROG Ally and Lenovo Legion Go 2 DMI quirks to AMD PMC; ignore Acer backlight WMI event already handled by ACPI; add new Huawei/HONOR WMI key codes; add PureAudio DAC native DSD quirks and flags; add Renesas, OnePlus, TI, Freescale, Foxconn, D-Link and other device-tree and Wi-Fi USB IDs and cleanups	drivers/usb/serial/ftdi_sio.c drivers/usb/serial/belkin_sa.c drivers/usb/serial/kobil_sct.c drivers/usb/serial/option.c drivers/usb/core/message.c drivers/hid/hid-apple.c drivers/hid/hid-elecom.c drivers/hid/hid-ids.h drivers/hid/hid-quirks.c drivers/hid/hid-input.c drivers/net/wireless/ath/ath11k/mac.c drivers/net/wireless/ath/ath11k/wmi.c drivers/net/wireless/realtek/rtw88/rtw8822cu.c drivers/net/phy/mscc/mscc_main.c drivers/spi/spi-imx.c drivers/spi/spi-xilinx.c drivers/mtd/nand/raw/marvell_nand.c drivers/mtd/nand/raw/nand_base.c fs/bfs/inode.c fs/ext4/inline.c fs/jbd2/transaction.c fs/ntfs3/fsntfs.c fs/ntfs3/inode.c fs/smb/client/fs_context.c fs/smb/server/transport_ipc.c drivers/gpu/drm/vgem/vgem_fence.c drivers/gpu/drm/vmwgfx/vmwgfx_page_dirty.c drivers/gpu/host1x/syncpt.c drivers/crypto/hisilicon/qm.c drivers/infiniband/sw/rxe/rxe_srq.c drivers/uio/uio_fsl_elbc_gpcm.c drivers/firmware/imx/imx-scu-irq.c drivers/s390/crypto/ap_bus.c drivers/tty/serial/8250/8250_pci.c drivers/platform/x86/amd/pmc/pmc-quirks.c drivers/platform/x86/acer-wmi.c drivers/platform/x86/huawei-wmi.c sound/usb/quirks.c net/ipv4/ipcomp.c net/ipv6/ipcomp6.c arch/loongarch/kernel/machine_kexec.c arch/x86/kernel/dumpstack.c arch/s390/kernel/smp.c samples/vfs/test-statx.c samples/watch_queue/watch_test.c tools/objtool/elf.c tools/objtool/check.c tools/include/nolibc/stdio.h Documentation/process/2.Process.rst arch/arm/boot/dts/renesas/r8a7793-gose.dts arch/arm/boot/dts/renesas/r9a06g032-rzn1d400-db.dts arch/arm64/boot/dts/freescale/imx8mm-venice-gw72xx.dtsi arch/arm64/boot/dts/freescale/imx8mp-venice-gw702x.dtsi arch/arm64/boot/dts/freescale/imx8mp-venice-gw72xx.dtsi arch/arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi arch/arm64/boot/dts/ti/k3-am62p.dtsi drivers/pci/controller/Kconfig drivers/bluetooth/btrtl.c net/sctp/socket.c drivers/irqchip/irq-bcm7120-l2.c drivers/irqchip/irq-bcm7038-l1.c drivers/irqchip/irq-brcmstb-l2.c drivers/irqchip/irq-imx-mu-msi.c drivers/leds/leds-spi-byte.c drivers/bus/mtd/nand/raw/lpc32xx_slc.c

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from opsiff. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sourcery-ai]

Hey - I've found 6 issues, and left some high level feedback:

• In vmwgfx_page_dirty.c, vmw_bo_dirty_release() now uses kref_put(&dirty->ref_count, (void *)kvfree), but kvfree does not have the void (*)(struct kref *) signature expected by kref_put; consider adding a small wrapper that does container_of() on the kref and calls kvfree() on the enclosing vmw_bo_dirty.
• In fs/bfs/inode.c, the new error path uses printf() directly in kernel code; this should be replaced with an appropriate pr_*() (or pr_warn()/pr_err()) logging helper instead of stdio-style printing.
• In rxe_srq_from_attr() (drivers/infiniband/sw/rxe/rxe_srq.c), the error path after a failed rxe_queue_init() now returns directly without cleaning up the partially initialized queue, whereas the previous code called rxe_queue_cleanup(); please restore appropriate cleanup to avoid leaking resources on failure.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In vmwgfx_page_dirty.c, `vmw_bo_dirty_release()` now uses `kref_put(&dirty->ref_count, (void *)kvfree)`, but `kvfree` does not have the `void (*)(struct kref *)` signature expected by `kref_put`; consider adding a small wrapper that does `container_of()` on the `kref` and calls `kvfree()` on the enclosing `vmw_bo_dirty`.
- In fs/bfs/inode.c, the new error path uses `printf()` directly in kernel code; this should be replaced with an appropriate `pr_*()` (or `pr_warn()`/`pr_err()`) logging helper instead of stdio-style printing.
- In rxe_srq_from_attr() (drivers/infiniband/sw/rxe/rxe_srq.c), the error path after a failed `rxe_queue_init()` now returns directly without cleaning up the partially initialized queue, whereas the previous code called `rxe_queue_cleanup()`; please restore appropriate cleanup to avoid leaking resources on failure.

## Individual Comments

### Comment 1
<location> `crypto/authenc.c:138` </location>
<code_context>
+ * Used when the ahash request was invoked in the async callback context
+ * of the previous skcipher request.  Eat any EINPROGRESS notifications.
+ */
+static void authenc_geniv_ahash_done2(void *data, int err)
+{
+	struct aead_request *req = data;
</code_context>

<issue_to_address>
**issue (bug_risk):** New async paths risk double-completing AEAD requests when the ahash/skcipher completes synchronously.

Because `authenc_geniv_ahash_done2()` and `authenc_decrypt_tail_done()` both call `authenc_request_complete()`, the new flow can complete the same `aead_request` twice when the ahash/skcipher runs synchronously.

In `crypto_authenc_encrypt_done()`, if `crypto_authenc_genicv()` uses a sync ahash, `crypto_ahash_digest()` will run to completion and invoke `authenc_geniv_ahash_done2()`, which calls `authenc_request_complete()`. Control then returns to `crypto_authenc_encrypt_done()`, which calls `authenc_request_complete()` again, causing double completion. The decrypt path has the same issue: `authenc_verify_ahash_done()` always calls `authenc_request_complete()`, and `authenc_decrypt_tail_done()` also does so when the skcipher completes.

The outer sites (`crypto_authenc_encrypt_done()` and `authenc_verify_ahash_done()`) should avoid calling `authenc_request_complete()` for the `*_MAY_SLEEP` paths and rely on the async callbacks instead. Alternatively, adjust `crypto_authenc_genicv()` / `crypto_authenc_decrypt_tail()` so they either return a distinct status or only trigger the callback for async engines, but the current behavior is unsafe for sync completions.
</issue_to_address>

### Comment 2
<location> `fs/bfs/inode.c:85` </location>
<code_context>
+		readb(priv->pub.base0 + priv->control_regs[reg]);
+		barrier_data(priv->pub.base0 + priv->control_regs[reg]);
+
 	} else {
-		value = readl(priv->base + priv->control_regs[reg]);
+		value = readl(priv->pub.base0 + priv->control_regs[reg]);
</code_context>

<issue_to_address>
**issue (bug_risk):** Using printf() in kernel code is incorrect and this error path likely needs to use a kernel logging helper.

Replace the `printf()` call with an appropriate kernel logging API such as `pr_warn()`, `pr_err()`, or a filesystem-specific helper, and consider rate limiting. Also double-check whether any additional cleanup (e.g., on `inode`) is required before branching to the `error` label, based on what that path does.
</issue_to_address>

### Comment 3
<location> `crypto/authenc.c:42` </location>
<code_context>
 static void authenc_request_complete(struct aead_request *req, int err)
 {
-	if (err != -EINPROGRESS)
+	if (err != -EINPROGRESS && err != -EBUSY)
 		aead_request_complete(req, err);
 }
</code_context>

<issue_to_address>
**issue (complexity):** Consider encoding the nested async state in the request context and using a single completion helper to avoid multiple callbacks, masks, and duplicated branching logic.

You can collapse most of the new branching by pushing the “nested async” concept into the request context and using a single completion path, instead of threading `mask` and multiple callbacks everywhere.

### 1. Unify `authenc_geniv_ahash_done` / `authenc_geniv_ahash_done2`

Add a small flag to the request context to indicate whether we’re running in the nested async callback context, and a helper to pick the correct completion function:

```c
struct authenc_request_ctx {
	struct scatterlist src[2];
	struct scatterlist dst[2];
	bool nested;      /* true when called from an inner async callback */
	char tail[];
};

static void authenc_complete(struct aead_request *req, int err)
{
	struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);

	if (areq_ctx->nested)
		authenc_request_complete(req, err);  /* eats EINPROGRESS/EBUSY */
	else
		aead_request_complete(req, err);
}
```

Then you only need a single ahash completion callback:

```c
static void authenc_geniv_ahash_done(void *data, int err)
{
	struct aead_request *req = data;

	if (!err)
		authenc_geniv_ahash_finish(req);

	authenc_complete(req, err);
}
```

### 2. Drop `authenc_geniv_ahash_done2` and the `mask` parameter

With the `nested` flag, you no longer need two callbacks or a bitmask to choose them. Let `crypto_authenc_genicv()` take a boolean and compute flags locally:

```c
static int crypto_authenc_genicv(struct aead_request *req, bool nested)
{
	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
	struct aead_instance *inst = aead_alg_instance(authenc);
	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
	struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
	struct crypto_ahash *auth = ctx->auth;
	struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
	struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
	unsigned int flags = aead_request_flags(req);
	u8 *hash = areq_ctx->tail;
	int err;

	if (nested)
		flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
	areq_ctx->nested = nested;

	hash = (u8 *)ALIGN((unsigned long)hash + crypto_ahash_alignmask(auth),
			   crypto_ahash_alignmask(auth) + 1);

	ahash_request_set_tfm(ahreq, auth);
	ahash_request_set_crypt(ahreq, req->dst, hash,
				req->assoclen + req->cryptlen);
	ahash_request_set_callback(ahreq, flags,
				   authenc_geniv_ahash_done, req);

	err = crypto_ahash_digest(ahreq);
	if (err)
		return err;

	scatterwalk_map_and_copy(hash, req->dst, req->assoclen + req->cryptlen,
				 crypto_aead_authsize(authenc), 1);
	return 0;
}
```

Call sites then just pass `nested = true/false` instead of masks:

```c
/* encrypt path: top-level */
static void crypto_authenc_encrypt_done(void *data, int err)
{
	struct aead_request *areq = data;

	if (err) {
		aead_request_complete(areq, err);
		return;
	}

	err = crypto_authenc_genicv(areq, true);  /* nested */
	authenc_request_complete(areq, err);
}

/* direct (non-nested) use */
return crypto_authenc_genicv(req, false);
```

### 3. Apply the same pattern to decrypt tail

You can do the same for `crypto_authenc_decrypt_tail()` and `authenc_decrypt_tail_done`, eliminating the `mask` argument and conditional callback/data selection:

```c
static void authenc_decrypt_tail_done(void *data, int err)
{
	struct aead_request *req = data;

	authenc_complete(req, err);
}

static int crypto_authenc_decrypt_tail(struct aead_request *req, bool nested)
{
	struct crypto_aead *authenc = crypto_aead_reqtfm(req);
	struct aead_instance *inst = aead_alg_instance(authenc);
	struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
	struct authenc_instance_ctx *ictx = aead_instance_ctx(inst);
	struct authenc_request_ctx *areq_ctx = aead_request_ctx(req);
	struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff);
	struct skcipher_request *skreq = (void *)(areq_ctx->tail + ictx->reqoff);
	unsigned int authsize = crypto_aead_authsize(authenc);
	unsigned int flags = aead_request_flags(req);
	u8 *ihash = ahreq->result + authsize;
	struct scatterlist *src, *dst;

	if (nested) {
		flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
		areq_ctx->nested = true;
	}

	scatterwalk_map_and_copy(ihash, req->src, ahreq->nbytes, authsize, 0);
	if (crypto_memneq(ihash, ahreq->result, authsize))
		return -EBADMSG;

	src = scatterwalk_ffwd(areq_ctx->src, req->src, req->assoclen);
	dst = (req->src != req->dst)
	    ? scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen)
	    : src;

	skcipher_request_set_tfm(skreq, ctx->enc);
	skcipher_request_set_callback(skreq, flags,
				      nested ? authenc_decrypt_tail_done
					     : req->base.complete,
				      nested ? req : req->base.data);
	skcipher_request_set_crypt(skreq, src, dst,
				   req->cryptlen - authsize, req->iv);

	return crypto_skcipher_decrypt(skreq);
}
```

And the ahash verify callback becomes:

```c
static void authenc_verify_ahash_done(void *data, int err)
{
	struct aead_request *req = data;

	if (err) {
		aead_request_complete(req, err);
		return;
	}

	err = crypto_authenc_decrypt_tail(req, true);  /* nested */
	authenc_request_complete(req, err);
}
```

This keeps all the async semantics you added, but:

* removes the second ahash callback,
* removes the `mask` plumbing and bit-twiddling in call sites,
* centralizes the “nested vs top-level” decision in a simple `nested` flag and `authenc_complete()` helper, which should make the control flow much easier to follow.
</issue_to_address>

### Comment 4
<location> `drivers/comedi/drivers/c6xdigio.c:287` </location>
<code_context>
+
+static bool c6xdigio_pnp_registered = false;
+
+static int __init c6xdigio_module_init(void)
+{
+	int ret;
</code_context>

<issue_to_address>
**issue (complexity):** Consider extracting the PnP registration/unregistration logic into small helper functions so that the module init/exit functions remain simple and boilerplate-like.

You can keep the new module-level registration semantics but reduce the mental overhead by isolating the PnP handling into small helpers and keeping `c6xdigio_module_init/exit` almost boilerplate.

For example:

```c
static bool c6xdigio_pnp_registered;

static void c6xdigio_pnp_try_register(void)
{
#if IS_ENABLED(CONFIG_PNP)
	int ret;

	ret = pnp_register_driver(&c6xdigio_pnp_driver);
	if (ret) {
		pr_warn("failed to register pnp driver - err %d\n", ret);
		return; /* ignore error */
	}

	c6xdigio_pnp_registered = true;
#endif
}

static void c6xdigio_pnp_unregister(void)
{
#if IS_ENABLED(CONFIG_PNP)
	if (c6xdigio_pnp_registered)
		pnp_unregister_driver(&c6xdigio_pnp_driver);
#endif
}
```

Then `module_init/exit` become much easier to reason about:

```c
static int __init c6xdigio_module_init(void)
{
	int ret;

	ret = comedi_driver_register(&c6xdigio_driver);
	if (ret)
		return ret;

	c6xdigio_pnp_try_register();
	return 0;
}
module_init(c6xdigio_module_init);

static void __exit c6xdigio_module_exit(void)
{
	c6xdigio_pnp_unregister();
	comedi_driver_unregister(&c6xdigio_driver);
}
module_exit(c6xdigio_module_exit);
```

This keeps the new behavior (PnP registered once at module load, unregistered at module exit, comedi before PnP on init and after PnP on exit) but removes the interleaving of policy details from the init/exit path and makes the ordering and responsibilities clearer for future readers.
</issue_to_address>

### Comment 5
<location> `security/smack/smack_lsm.c:3690` </location>
<code_context>
 	struct smack_known *skp;
-	struct smack_known_list_elem *sklep;
-	int rc;
+	char *labelstr;
+	int rc = 0;

</code_context>

<issue_to_address>
**issue (complexity):** Consider simplifying smack_setprocattr() by importing the label once into a smack_known struct and doing all validation and permission checks directly on it to avoid extra parsing and control-flow indirection.

You can keep the new semantics (string-based relabel checks and web/star filtering) but avoid double parsing and the indirect `rc`/`goto free_labelstr` path by doing all validation on the `struct smack_known *` once it’s imported.

Concretely:

- Call `smk_import_entry()` once up front.
- Use `skp->smk_known` for string comparisons with the relabel list.
- Keep the web/star restriction but check against `skp` or `skp->smk_known` directly.
- Return directly on permission failures instead of using `rc` + common tail.

For example, the core of `smack_setprocattr()` can be simplified to:

```c
	skp = smk_import_entry(value, size);
	if (IS_ERR(skp))
		return PTR_ERR(skp);

	/* No process is ever allowed the web ("@") label and the star ("*") label */
	if (skp->smk_known[1] == '\0') { /* '@', '*' */
		const char c = skp->smk_known[0];

		if (c == *smack_known_web.smk_known ||
		    c == *smack_known_star.smk_known)
			return -EPERM;
	}

	if (!smack_privileged(CAP_MAC_ADMIN)) {
		const struct smack_known_list_elem *sklep;

		list_for_each_entry(sklep, &tsp->smk_relabel, list) {
			if (strcmp(sklep->smk_label->smk_known,
				   skp->smk_known) == 0)
				goto allowed;
		}
		return -EPERM;
	}

allowed:
	new = prepare_creds();
	if (!new)
		return -ENOMEM;

	tsp = smack_cred(new);
	tsp->smk_task = skp;
```

This preserves the new string-based relabel permissions and label filtering, but:

- eliminates the temporary `labelstr` allocation and `smk_parse_smack()` call,
- avoids parsing the label twice,
- and makes the permission/error control flow more linear and easier to follow.
</issue_to_address>

### Comment 6
<location> `kernel/trace/ftrace.c:1940` </location>
<code_context>
 static int __ftrace_hash_update_ipmodify(struct ftrace_ops *ops,
 					 struct ftrace_hash *old_hash,
-					 struct ftrace_hash *new_hash)
+					 struct ftrace_hash *new_hash,
+					 bool update_target)
 {
</code_context>

<issue_to_address>
**issue (complexity):** Consider introducing an internal helper that hides the `update_target` flag behind two purpose-specific wrappers so call sites clearly express whether they are changing filters or direct targets without boolean plumbing.

You can keep the new behavior but localize the `update_target` complexity and make the call sites clearer by hiding the boolean behind two purpose-specific helpers.

### 1. Split the public API from the “mode” flag

Instead of exposing `bool update_target` at all callers, turn the current function into an internal helper and reintroduce the original, simpler API for ipmodify, plus a dedicated helper for direct target updates.

```c
/* New internal helper with the full behavior and flag */
static int __ftrace_hash_update_ipmodify_internal(struct ftrace_ops *ops,
						  struct ftrace_hash *old_hash,
						  struct ftrace_hash *new_hash,
						  bool update_target)
{
	/* ... move current __ftrace_hash_update_ipmodify body here ... */
}
```

Then reintroduce the original ipmodify API without the boolean:

```c
/* For ipmodify filter changes (previous semantics) */
static int __ftrace_hash_update_ipmodify(struct ftrace_ops *ops,
					 struct ftrace_hash *old_hash,
					 struct ftrace_hash *new_hash)
{
	return __ftrace_hash_update_ipmodify_internal(ops, old_hash, new_hash, false);
}
```

And a dedicated helper for the direct-target path:

```c
/* For modifying the direct call target while keeping the same filter set */
static int __ftrace_hash_update_direct_target(struct ftrace_ops *ops,
					      struct ftrace_hash *hash)
{
	return __ftrace_hash_update_ipmodify_internal(ops, hash, hash, true);
}
```

### 2. Make callers explicit

With those helpers, the ipmodify users stay as they were, and don’t need to know about `update_target`:

```c
return __ftrace_hash_update_ipmodify(ops, EMPTY_HASH, hash);
/* ... */
__ftrace_hash_update_ipmodify(ops, hash, EMPTY_HASH);
/* ... */
return __ftrace_hash_update_ipmodify(ops, old_hash, new_hash);
```

And the direct-modify path reads more self-descriptively:

```c
err = __ftrace_hash_update_direct_target(ops, hash);
if (err)
	goto out;
```

### 3. Keep the invariants local to the internal helper

The `update_target`-dependent logic, including:

```c
if (!update_target && (in_old == in_new))
	continue;

FTRACE_WARN_ON(!update_target && (rec->flags & FTRACE_FL_DIRECT));
```

remains inside `__ftrace_hash_update_ipmodify_internal()`, but call sites now encode their intent via the helper name rather than a boolean argument. This preserves your current behavior while reducing the cognitive load for future reviewers by keeping:

- ipmodify filter changes,
- direct target changes,

as clearly separated code paths at the call site, with the boolean distinction hidden inside a single, well-documented internal function.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): New async paths risk double-completing AEAD requests when the ahash/skcipher completes synchronously.

Because authenc_geniv_ahash_done2() and authenc_decrypt_tail_done() both call authenc_request_complete(), the new flow can complete the same aead_request twice when the ahash/skcipher runs synchronously.

In crypto_authenc_encrypt_done(), if crypto_authenc_genicv() uses a sync ahash, crypto_ahash_digest() will run to completion and invoke authenc_geniv_ahash_done2(), which calls authenc_request_complete(). Control then returns to crypto_authenc_encrypt_done(), which calls authenc_request_complete() again, causing double completion. The decrypt path has the same issue: authenc_verify_ahash_done() always calls authenc_request_complete(), and authenc_decrypt_tail_done() also does so when the skcipher completes.

The outer sites (crypto_authenc_encrypt_done() and authenc_verify_ahash_done()) should avoid calling authenc_request_complete() for the *_MAY_SLEEP paths and rely on the async callbacks instead. Alternatively, adjust crypto_authenc_genicv() / crypto_authenc_decrypt_tail() so they either return a distinct status or only trigger the callback for async engines, but the current behavior is unsafe for sync completions.

[Copilot]

Pull request overview

This pull request backports 100 upstream commits from Linux kernel v6.6.120 (part 1 of 8). The changes include various bug fixes, hardware support additions, and security improvements across multiple subsystems including networking (xfrm, sctp, inet), filesystems (ext4, ntfs3, bfs, jbd2), drivers (USB, GPIO, SPI, clock), and architecture-specific code (x86 KVM, s390, LoongArch, ARM64).

Changes:

• Bug fixes for memory leaks, race conditions, and null pointer dereferences
• Security improvements (smack, xfrm state management, authenc crypto)
• Hardware support additions (USB devices, HID devices, wireless adapters)
• Driver fixes and improvements across multiple subsystems

Reviewed changes

Copilot reviewed 108 out of 108 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
fs/bfs/inode.c	File type reconstruction from disk with vtype validation
security/smack/smack_lsm.c	Fix unprivileged task label creation vulnerability
net/xfrm/xfrm_state.c	Simplify and fix xfrm state deletion and synchronization
fs/ntfs3/fsntfs.c	Fix uninitialized memory in buffer handling
drivers/usb/serial/*	Fix TIOCMB* ioctl implementations and device ID additions
kernel/task_work.c	Fix NMI race condition in task work
crypto/authenc.c	Fix EINPROGRESS handling in authenc
Multiple driver files	Various bug fixes and hardware support additions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The function call printf() is used instead of the kernel-appropriate pr_err() or similar logging function. The kernel does not have printf() available.

[Copilot]

The variable 'labelstr' is freed before it's used in smk_import_entry(). The code should call smk_import_entry() before freeing labelstr, or the free should be moved to after smk_import_entry().

[deepin-ci-robot]

deepin pr auto review

这是一个包含大量Linux内核代码修改的diff文件。我将从语法逻辑、代码质量、代码性能和代码安全四个方面进行审查。

代码审查意见

1. 语法逻辑审查

优点：

• 代码修改遵循了Linux内核的编码风格，缩进和格式保持一致
• 函数签名和参数修改正确，没有破坏现有的调用接口
• 条件判断和循环逻辑正确

改进建议：

1. 在drivers/comedi/drivers/c6xdigio.c中，模块初始化和清理函数的修改增加了更多的错误处理，但缺少对c6xdigio_pnp_registered变量的初始化检查：

   static bool c6xdigio_pnp_registered = false;

   建议在模块初始化时检查该变量的状态，避免重复注册。

2. 在drivers/crypto/hisilicon/qm.c中，错误处理路径back_func_qos标签的回滚操作可能不完整：

   back_func_qos:
       memcpy(&qm->factor[fun_index], &t_factor, sizeof(t_factor));
       for (i--; i >= ALG_TYPE_0; i--) {
           ret = qm_set_vft_common(qm, SHAPER_VFT, fun_index, i, 1);
           if (ret)
               dev_err(dev, "failed to restore shaper vft during rollback!\n");
       }

   建议在回滚失败时添加更详细的错误日志，记录哪些VFT恢复失败。

2. 代码质量审查

优点：

• 添加了更多的错误检查和边界条件处理
• 改进了资源释放和清理逻辑
• 增加了更多的调试日志

改进建议：

1. 在drivers/clk/renesas/renesas-cpg-mssr.c中，大量修改了时钟注册函数的参数，从多个独立参数改为使用cpg_mssr_pub结构体：

   struct clk * __init rcar_gen3_cpg_clk_register(struct device *dev,
       const struct cpg_core_clk *core, const struct cpg_mssr_info *info,
       struct cpg_mssr_pub *pub)

   虽然这提高了代码的可维护性，但建议在cpg_mssr_pub结构体定义中添加更详细的注释，说明每个字段的用途和生命周期。

2. 在drivers/hid/hid-apple.c中，添加了新的键盘型号识别：

   static const struct apple_non_apple_keyboard non_apple_keyboards[] = {
       { "SONiX USB DEVICE" },
       { "SONiX AK870 PRO" },

   建议为这些键盘型号添加更详细的注释，说明为什么需要特殊处理。

3. 代码性能审查

优点：

• 优化了一些关键路径的性能
• 减少了不必要的内存分配和释放

改进建议：

1. 在drivers/net/wireless/ath/ath11k/mac.c中，HE MCS集的处理逻辑进行了修改：

   v = le16_to_cpu(he_cap->he_mcs_nss_supp.rx_mcs_160);
   v = ath11k_peer_assoc_h_he_limit(v, he_mcs_mask);
   arg->peer_he_rx_mcs_set[WMI_HECAP_TXRX_MCS_NSS_IDX_160] = v;

   建议检查ath11k_peer_assoc_h_he_limit函数的性能，确保它不会成为性能瓶颈。

2. 在drivers/staging/rtl8723bs/core/rtw_ieee80211.c中，IE解析逻辑进行了优化：

   while (i + 2 <= limit) {
       tmp = *(p + 1);
       if (i + 2 + tmp > limit)
           break;

   这个修改避免了潜在的缓冲区溢出，但建议进一步优化循环条件，减少不必要的检查。

4. 代码安全审查

优点：

• 修复了多个潜在的缓冲区溢出漏洞
• 添加了更多的输入验证
• 改进了资源释放逻辑，减少了资源泄漏的风险

改进建议：

1. 在crypto/asymmetric_keys/asymmetric_type.c中，添加了溢出检查：

   if (check_add_overflow(len_1, len_2, &len))
       return ERR_PTR(-EOVERFLOW);
   if (check_add_overflow(sizeof(struct asymmetric_key_id), len, &kid_sz))
       return ERR_PTR(-EOVERFLOW);

   这是一个很好的安全改进，但建议在调用kmalloc之前添加额外的日志，记录失败的原因。

2. 在drivers/staging/rtl8723bs/core/rtw_mlme_ext.c中，添加了缓冲区边界检查：

   if (p + 2 + ielen < pframe + len) {
       if ((*(p + 1 + ielen) == 0x2D) && (*(p + 2 + ielen) != 0x2D))
           *(p + 1) = ielen - 1;
   }

   建议在修改IE长度之前，添加更多的验证，确保修改后的长度是有效的。

3. 在drivers/comedi/comedi_fops.c中，添加了设备附加状态检查：

   if (!dev->attached) {
       dev_dbg(dev->class_dev, "no driver attached\n");
       err = -ENODEV;
   } else {
       err = do_chaninfo_ioctl(dev, &chaninfo);
   }

   建议在所有类似的ioctl处理函数中添加相同的检查，确保一致性。

总结

这次代码修改总体上提高了Linux内核的稳定性和安全性，特别是在以下几个方面：

1. 修复了多个潜在的缓冲区溢出漏洞
2. 改进了资源管理和错误处理
3. 优化了一些关键路径的性能
4. 增加了更多的输入验证和边界检查

建议在未来的修改中：

1. 继续加强错误处理和资源管理
2. 添加更多的单元测试和集成测试
3. 改进代码注释和文档
4. 考虑使用静态分析工具检测更多的潜在问题