--- /dev/null
+From stable+bounces-205029-greg=kroah.com@vger.kernel.org Tue Jan 6 03:55:40 2026
+From: Huacai Chen <chenhuacai@loongson.cn>
+Date: Tue, 6 Jan 2026 10:55:02 +0800
+Subject: LoongArch: BPF: Enhance the bpf_arch_text_poke() function
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>, Huacai Chen <chenhuacai@kernel.org>
+Cc: Xuerui Wang <kernel@xen0n.name>, stable@vger.kernel.org, linux-kernel@vger.kernel.org, loongarch@lists.linux.dev, Chenghao Duan <duanchenghao@kylinos.cn>, Huacai Chen <chenhuacai@loongson.cn>
+Message-ID: <20260106025502.951868-1-chenhuacai@loongson.cn>
+
+From: Chenghao Duan <duanchenghao@kylinos.cn>
+
+commit 73721d8676771c6c7b06d4e636cc053fc76afefd upstream.
+
+Enhance the bpf_arch_text_poke() function to enable accurate location
+of BPF program entry points.
+
+When modifying the entry point of a BPF program, skip the "move t0, ra"
+instruction to ensure the correct logic and copy of the jump address.
+
+Cc: stable@vger.kernel.org
+Fixes: 677e6123e3d2 ("LoongArch: BPF: Disable trampoline for kernel module function trace")
+Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>
+Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/loongarch/net/bpf_jit.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+--- a/arch/loongarch/net/bpf_jit.c
++++ b/arch/loongarch/net/bpf_jit.c
+@@ -1307,6 +1307,10 @@ int bpf_arch_text_poke(void *ip, enum bp
+ void *old_addr, void *new_addr)
+ {
+ int ret;
++ unsigned long size = 0;
++ unsigned long offset = 0;
++ void *image = NULL;
++ char namebuf[KSYM_NAME_LEN];
+ bool is_call = (poke_type == BPF_MOD_CALL);
+ u32 old_insns[LOONGARCH_LONG_JUMP_NINSNS] = {[0 ... 4] = INSN_NOP};
+ u32 new_insns[LOONGARCH_LONG_JUMP_NINSNS] = {[0 ... 4] = INSN_NOP};
+@@ -1314,9 +1318,20 @@ int bpf_arch_text_poke(void *ip, enum bp
+ /* Only poking bpf text is supported. Since kernel function entry
+ * is set up by ftrace, we rely on ftrace to poke kernel functions.
+ */
+- if (!is_bpf_text_address((unsigned long)ip))
++ if (!__bpf_address_lookup((unsigned long)ip, &size, &offset, namebuf))
+ return -ENOTSUPP;
+
++ image = ip - offset;
++
++ /* zero offset means we're poking bpf prog entry */
++ if (offset == 0) {
++ /* skip to the nop instruction in bpf prog entry:
++ * move t0, ra
++ * nop
++ */
++ ip = image + LOONGARCH_INSN_SIZE;
++ }
++
+ ret = emit_jump_or_nops(old_addr, ip, old_insns, is_call);
+ if (ret)
+ return ret;
--- /dev/null
+From stable+bounces-204994-greg=kroah.com@vger.kernel.org Tue Jan 6 02:55:58 2026
+From: SeongJae Park <sj@kernel.org>
+Date: Mon, 5 Jan 2026 17:42:49 -0800
+Subject: mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of()
+To: stable@vger.kernel.org
+Cc: damon@lists.linux.dev, SeongJae Park <sj@kernel.org>, Brendan Higgins <brendan.higgins@linux.dev>, David Gow <davidgow@google.com>, Kefeng Wang <wangkefeng.wang@huawei.com>, Andrew Morton <akpm@linux-foundation.org>
+Message-ID: <20260106014249.364220-1-sj@kernel.org>
+
+From: SeongJae Park <sj@kernel.org>
+
+damon_test_split_regions_of() is assuming all dynamic memory allocation in
+it will succeed. Those are indeed likely in the real use cases since
+those allocations are too small to fail, but theoretically those could
+fail. In the case, inappropriate memory access can happen. Fix it by
+appropriately cleanup pre-allocated memory and skip the execution of the
+remaining tests in the failure cases.
+
+Link: https://lkml.kernel.org/r/20251101182021.74868-9-sj@kernel.org
+Fixes: 17ccae8bb5c9 ("mm/damon: add kunit tests")
+Signed-off-by: SeongJae Park <sj@kernel.org>
+Cc: Brendan Higgins <brendan.higgins@linux.dev>
+Cc: David Gow <davidgow@google.com>
+Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
+Cc: <stable@vger.kernel.org> [5.15+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+(cherry picked from commit eded254cb69044bd4abde87394ea44909708d7c0)
+Signed-off-by: SeongJae Park <sj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/damon/tests/core-kunit.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+--- a/mm/damon/tests/core-kunit.h
++++ b/mm/damon/tests/core-kunit.h
+@@ -278,15 +278,35 @@ static void damon_test_split_regions_of(
+ struct damon_target *t;
+ struct damon_region *r;
+
++ if (!c)
++ kunit_skip(test, "ctx alloc fail");
+ t = damon_new_target();
++ if (!t) {
++ damon_destroy_ctx(c);
++ kunit_skip(test, "target alloc fail");
++ }
+ r = damon_new_region(0, 22);
++ if (!r) {
++ damon_destroy_ctx(c);
++ damon_free_target(t);
++ kunit_skip(test, "region alloc fail");
++ }
+ damon_add_region(r, t);
+ damon_split_regions_of(t, 2, DAMON_MIN_REGION);
+ KUNIT_EXPECT_LE(test, damon_nr_regions(t), 2u);
+ damon_free_target(t);
+
+ t = damon_new_target();
++ if (!t) {
++ damon_destroy_ctx(c);
++ kunit_skip(test, "second target alloc fail");
++ }
+ r = damon_new_region(0, 220);
++ if (!r) {
++ damon_destroy_ctx(c);
++ damon_free_target(t);
++ kunit_skip(test, "second region alloc fail");
++ }
+ damon_add_region(r, t);
+ damon_split_regions_of(t, 4, DAMON_MIN_REGION);
+ KUNIT_EXPECT_LE(test, damon_nr_regions(t), 4u);
--- /dev/null
+From 58075aec92a8141fd7f42e1c36d1bc54552c015e Mon Sep 17 00:00:00 2001
+From: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
+Date: Tue, 28 Oct 2025 15:48:14 +0530
+Subject: powercap: intel_rapl: Add support for Nova Lake processors
+
+From: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
+
+commit 58075aec92a8141fd7f42e1c36d1bc54552c015e upstream.
+
+Add RAPL support for Intel Nova Lake and Nova Lake L processors using
+the core defaults configuration.
+
+Signed-off-by: Kaushlendra Kumar <kaushlendra.kumar@intel.com>
+[ rjw: Subject and changelog edits, rebase ]
+Link: https://patch.msgid.link/20251028101814.3482508-1-kaushlendra.kumar@intel.com
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/powercap/intel_rapl_common.c | 2 ++
+ drivers/powercap/intel_rapl_msr.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/powercap/intel_rapl_common.c
++++ b/drivers/powercap/intel_rapl_common.c
+@@ -1285,6 +1285,8 @@ static const struct x86_cpu_id rapl_ids[
+ X86_MATCH_VFM(INTEL_LUNARLAKE_M, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_PANTHERLAKE_L, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_WILDCATLAKE_L, &rapl_defaults_core),
++ X86_MATCH_VFM(INTEL_NOVALAKE, &rapl_defaults_core),
++ X86_MATCH_VFM(INTEL_NOVALAKE_L, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_ARROWLAKE_H, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_ARROWLAKE, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_ARROWLAKE_U, &rapl_defaults_core),
+--- a/drivers/powercap/intel_rapl_msr.c
++++ b/drivers/powercap/intel_rapl_msr.c
+@@ -152,6 +152,8 @@ static const struct x86_cpu_id pl4_suppo
+ X86_MATCH_VFM(INTEL_ARROWLAKE_H, NULL),
+ X86_MATCH_VFM(INTEL_PANTHERLAKE_L, NULL),
+ X86_MATCH_VFM(INTEL_WILDCATLAKE_L, NULL),
++ X86_MATCH_VFM(INTEL_NOVALAKE, NULL),
++ X86_MATCH_VFM(INTEL_NOVALAKE_L, NULL),
+ {}
+ };
+
--- /dev/null
+From 39f421f2e301f995c17c35b783e2863155b3f647 Mon Sep 17 00:00:00 2001
+From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
+Date: Thu, 23 Oct 2025 10:45:32 -0700
+Subject: powercap: intel_rapl: Add support for Wildcat Lake platform
+
+From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
+
+commit 39f421f2e301f995c17c35b783e2863155b3f647 upstream.
+
+Add Wildcat Lake to the list of supported processors for RAPL.
+
+Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
+Link: https://patch.msgid.link/20251023174532.1882008-1-srinivas.pandruvada@linux.intel.com
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/powercap/intel_rapl_common.c | 1 +
+ drivers/powercap/intel_rapl_msr.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/powercap/intel_rapl_common.c
++++ b/drivers/powercap/intel_rapl_common.c
+@@ -1284,6 +1284,7 @@ static const struct x86_cpu_id rapl_ids[
+ X86_MATCH_VFM(INTEL_EMERALDRAPIDS_X, &rapl_defaults_spr_server),
+ X86_MATCH_VFM(INTEL_LUNARLAKE_M, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_PANTHERLAKE_L, &rapl_defaults_core),
++ X86_MATCH_VFM(INTEL_WILDCATLAKE_L, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_ARROWLAKE_H, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_ARROWLAKE, &rapl_defaults_core),
+ X86_MATCH_VFM(INTEL_ARROWLAKE_U, &rapl_defaults_core),
+--- a/drivers/powercap/intel_rapl_msr.c
++++ b/drivers/powercap/intel_rapl_msr.c
+@@ -151,6 +151,7 @@ static const struct x86_cpu_id pl4_suppo
+ X86_MATCH_VFM(INTEL_ARROWLAKE_U, NULL),
+ X86_MATCH_VFM(INTEL_ARROWLAKE_H, NULL),
+ X86_MATCH_VFM(INTEL_PANTHERLAKE_L, NULL),
++ X86_MATCH_VFM(INTEL_WILDCATLAKE_L, NULL),
+ {}
+ };
+
drm-imagination-disallow-exporting-of-pm-fw-protected-objects.patch
erofs-fix-unexpected-eio-under-memory-pressure.patch
block-fix-null-pointer-dereference-in-blk_zone_reset_all_bio_endio.patch
+powercap-intel_rapl-add-support-for-wildcat-lake-platform.patch
+powercap-intel_rapl-add-support-for-nova-lake-processors.patch
+loongarch-bpf-enhance-the-bpf_arch_text_poke-function.patch
+vfio-pci-disable-qword-access-to-the-pci-rom-bar.patch
+mm-damon-tests-core-kunit-handle-alloc-failures-on-damon_test_split_regions_of.patch
--- /dev/null
+From stable+bounces-205011-greg=kroah.com@vger.kernel.org Tue Jan 6 03:10:45 2026
+From: Kevin Tian <kevin.tian@intel.com>
+Date: Tue, 6 Jan 2026 02:11:44 +0000
+Subject: vfio/pci: Disable qword access to the PCI ROM bar
+To: stable@vger.kernel.org
+Cc: Kevin Tian <kevin.tian@intel.com>, Farrah Chen <farrah.chen@intel.com>, Alex Williamson <alex@shazbot.org>
+Message-ID: <20260106021144.1231645-1-kevin.tian@intel.com>
+
+From: Kevin Tian <kevin.tian@intel.com>
+
+[ Upstream commit dc85a46928c41423ad89869baf05a589e2975575 ]
+
+Commit 2b938e3db335 ("vfio/pci: Enable iowrite64 and ioread64 for vfio
+pci") enables qword access to the PCI bar resources. However certain
+devices (e.g. Intel X710) are observed with problem upon qword accesses
+to the rom bar, e.g. triggering PCI aer errors.
+
+This is triggered by Qemu which caches the rom content by simply does a
+pread() of the remaining size until it gets the full contents. The other
+bars would only perform operations at the same access width as their
+guest drivers.
+
+Instead of trying to identify all broken devices, universally disable
+qword access to the rom bar i.e. going back to the old way which worked
+reliably for years.
+
+Reported-by: Farrah Chen <farrah.chen@intel.com>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220740
+Fixes: 2b938e3db335 ("vfio/pci: Enable iowrite64 and ioread64 for vfio pci")
+Cc: stable@vger.kernel.org
+Signed-off-by: Kevin Tian <kevin.tian@intel.com>
+Tested-by: Farrah Chen <farrah.chen@intel.com>
+Link: https://lore.kernel.org/r/20251218081650.555015-2-kevin.tian@intel.com
+Signed-off-by: Alex Williamson <alex@shazbot.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/vfio/pci/nvgrace-gpu/main.c | 4 ++--
+ drivers/vfio/pci/vfio_pci_rdwr.c | 25 ++++++++++++++++++-------
+ include/linux/vfio_pci_core.h | 10 +++++++++-
+ 3 files changed, 29 insertions(+), 10 deletions(-)
+
+--- a/drivers/vfio/pci/nvgrace-gpu/main.c
++++ b/drivers/vfio/pci/nvgrace-gpu/main.c
+@@ -491,7 +491,7 @@ nvgrace_gpu_map_and_read(struct nvgrace_
+ ret = vfio_pci_core_do_io_rw(&nvdev->core_device, false,
+ nvdev->resmem.ioaddr,
+ buf, offset, mem_count,
+- 0, 0, false);
++ 0, 0, false, VFIO_PCI_IO_WIDTH_8);
+ }
+
+ return ret;
+@@ -609,7 +609,7 @@ nvgrace_gpu_map_and_write(struct nvgrace
+ ret = vfio_pci_core_do_io_rw(&nvdev->core_device, false,
+ nvdev->resmem.ioaddr,
+ (char __user *)buf, pos, mem_count,
+- 0, 0, true);
++ 0, 0, true, VFIO_PCI_IO_WIDTH_8);
+ }
+
+ return ret;
+--- a/drivers/vfio/pci/vfio_pci_rdwr.c
++++ b/drivers/vfio/pci/vfio_pci_rdwr.c
+@@ -135,7 +135,8 @@ VFIO_IORDWR(64)
+ ssize_t vfio_pci_core_do_io_rw(struct vfio_pci_core_device *vdev, bool test_mem,
+ void __iomem *io, char __user *buf,
+ loff_t off, size_t count, size_t x_start,
+- size_t x_end, bool iswrite)
++ size_t x_end, bool iswrite,
++ enum vfio_pci_io_width max_width)
+ {
+ ssize_t done = 0;
+ int ret;
+@@ -150,20 +151,19 @@ ssize_t vfio_pci_core_do_io_rw(struct vf
+ else
+ fillable = 0;
+
+- if (fillable >= 8 && !(off % 8)) {
++ if (fillable >= 8 && !(off % 8) && max_width >= 8) {
+ ret = vfio_pci_iordwr64(vdev, iswrite, test_mem,
+ io, buf, off, &filled);
+ if (ret)
+ return ret;
+
+- } else
+- if (fillable >= 4 && !(off % 4)) {
++ } else if (fillable >= 4 && !(off % 4) && max_width >= 4) {
+ ret = vfio_pci_iordwr32(vdev, iswrite, test_mem,
+ io, buf, off, &filled);
+ if (ret)
+ return ret;
+
+- } else if (fillable >= 2 && !(off % 2)) {
++ } else if (fillable >= 2 && !(off % 2) && max_width >= 2) {
+ ret = vfio_pci_iordwr16(vdev, iswrite, test_mem,
+ io, buf, off, &filled);
+ if (ret)
+@@ -234,6 +234,7 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_
+ void __iomem *io;
+ struct resource *res = &vdev->pdev->resource[bar];
+ ssize_t done;
++ enum vfio_pci_io_width max_width = VFIO_PCI_IO_WIDTH_8;
+
+ if (pci_resource_start(pdev, bar))
+ end = pci_resource_len(pdev, bar);
+@@ -262,6 +263,16 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_
+ if (!io)
+ return -ENOMEM;
+ x_end = end;
++
++ /*
++ * Certain devices (e.g. Intel X710) don't support qword
++ * access to the ROM bar. Otherwise PCI AER errors might be
++ * triggered.
++ *
++ * Disable qword access to the ROM bar universally, which
++ * worked reliably for years before qword access is enabled.
++ */
++ max_width = VFIO_PCI_IO_WIDTH_4;
+ } else {
+ int ret = vfio_pci_core_setup_barmap(vdev, bar);
+ if (ret) {
+@@ -278,7 +289,7 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_
+ }
+
+ done = vfio_pci_core_do_io_rw(vdev, res->flags & IORESOURCE_MEM, io, buf, pos,
+- count, x_start, x_end, iswrite);
++ count, x_start, x_end, iswrite, max_width);
+
+ if (done >= 0)
+ *ppos += done;
+@@ -352,7 +363,7 @@ ssize_t vfio_pci_vga_rw(struct vfio_pci_
+ * to the memory enable bit in the command register.
+ */
+ done = vfio_pci_core_do_io_rw(vdev, false, iomem, buf, off, count,
+- 0, 0, iswrite);
++ 0, 0, iswrite, VFIO_PCI_IO_WIDTH_8);
+
+ vga_put(vdev->pdev, rsrc);
+
+--- a/include/linux/vfio_pci_core.h
++++ b/include/linux/vfio_pci_core.h
+@@ -102,6 +102,13 @@ struct vfio_pci_core_device {
+ struct rw_semaphore memory_lock;
+ };
+
++enum vfio_pci_io_width {
++ VFIO_PCI_IO_WIDTH_1 = 1,
++ VFIO_PCI_IO_WIDTH_2 = 2,
++ VFIO_PCI_IO_WIDTH_4 = 4,
++ VFIO_PCI_IO_WIDTH_8 = 8,
++};
++
+ /* Will be exported for vfio pci drivers usage */
+ int vfio_pci_core_register_dev_region(struct vfio_pci_core_device *vdev,
+ unsigned int type, unsigned int subtype,
+@@ -139,7 +146,8 @@ pci_ers_result_t vfio_pci_core_aer_err_d
+ ssize_t vfio_pci_core_do_io_rw(struct vfio_pci_core_device *vdev, bool test_mem,
+ void __iomem *io, char __user *buf,
+ loff_t off, size_t count, size_t x_start,
+- size_t x_end, bool iswrite);
++ size_t x_end, bool iswrite,
++ enum vfio_pci_io_width max_width);
+ bool vfio_pci_core_range_intersect_range(loff_t buf_start, size_t buf_cnt,
+ loff_t reg_start, size_t reg_cnt,
+ loff_t *buf_offset,
projects / thirdparty / kernel / stable-queue.git / commitdiff
