The Linux Kernel has released several new versions, including 6.12.53, 6.6.112, and 6.1.156, which bring various important updates to make the system faster, more stable, and safer. Some key changes include improved handling of interrupt handlers, addition of support for DMA handles, and fixes to security holes in the USB 9pfs transport layer that could cause heap buffer overflows. Other notable updates include validation to prevent attackers from exploiting packet size inconsistencies and a fix to a use-after-free problem that occurred on certain M2 Mac mini systems. Additionally, several bugs have been addressed, including issues with device runtime PM, soft lockups caused by MTE, and problems related to pm_domain cleanup and QEMU Standard PC hardware.

Linux Kernel 6.12.53, 6.6.112, and 6.1.156 released

The Linux Kernel 6.12.53, 6.6.112, and 6.1.156 have all just come out. The change log for Linux Kernel 6.12.53 includes several important updates designed to make the system faster, more stable, and safer. One big change is that the cdnsp-pci driver now uses pcim_enable_device() to turn on PCI devices. This makes sure that the managed device framework automatically disables these devices when the driver disconnects, so there is no need to call pci_disable_device() manually.



The Cadence USBSSP DRD Driver has also been added to stop crashes on systems that have long, high-bandwidth workloads. People in the field found this change to be necessary to keep the system stable when it was under a lot of stress.

Another important change is that the interrupt handler now reads all of the updated status registers before clearing interrupts. This stops duplicate interrupts from happening because of changed register states or plug events that happen after interrupt processing but before they are cleared.

In addition, the USB TypeC driver now works with the Apple CD321X and the TI TPS6598x USB Power Delivery controllers. The removal of USB runtime PM (autosuspend) for AX88772* in bind is also included. This fix was done because USBnet enables runtime PM by default, making it useless.

The Linux kernel has also fixed a number of security holes in the USB 9pfs transport layer, such as buffer overflow, platform_get_resource(), pinctrl, and register_shm_helper(). These problems allow malicious USB hosts to cause heap buffer overflows due to inconsistent size checks between parsing the packet header and copying the data. To stop this from happening, device runtime-PM is kept on by taking a usage reference in ax88772_bind() and dropping it in unbind(). This makes sure that the method stays strong even when the whole system is suspended.

The kernel has also added validation to usb9pfs_rx_complete() to ensure that req->actual doesn't go over the buffer's capacity before copying data. This stops attackers from making packets with small declared sizes but big actual payloads, which would cause memcpy() to overflow. The kernel also fixed the wrong way of handling errors for calls to iov_iter_extract_pages(). This was a problem when it only extracted some pages and returned a number greater than 0.

The Remoteproc pru driver has been updated to fix possible NULL pointer dereferences in pru_rproc_set_ctable(). This is done by making sure that the pru assignment is done before dereferencing a rproc pointer that might be NULL.

Other important changes include adding support for DMA handles, fixing possible map leaks in fastrpc_put_args(), and making sure that mapped buffers are released correctly before returning. The Nvdimm ndtest driver has also been changed so that it returns -ENOMEM if devm_kcalloc() fails to get memory for DMA address arrays.

Another problem that users like Ira Weiny, Dave Jiang, Greg Kroah-Hartman, and Janne Grunau reported was that the soft lockup caused by MTE in the kernel was due to long processing times in a loop. hugetlb now has cond_resched() to stop this from happening.

The patch that fixed this problem also fixed an incorrect cleanup of pm_domain when it was removed because devres management problems caused struct simplefb_par to be allocated and freed inside struct fb_info by framebuffer_alloc(). The simplefb_remove() function calls unregister_framebuffer() to free this allocation, which can't be accessed after the device remove call.

The patch also fixed a use-after-free problem that happened when aperture_remove_conflicting_devices() was run on an M2 Mac mini with the downstream asahi kernel and Debian's kernel configuration.

The QEMU Standard PC hardware bug was also reported. There were several reasons for this, including the fact that it is safe to skip these table-dependent suspend steps and avoid NULL pointer dereferences if a valid table (map) is used before performing request-based suspend and waiting for target I/O.

Linux kernel 6.12.53 released

Linux kernel version 6.12.53 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.12.53.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.12.53.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.12.53.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.12.53/v6.12.52

Linux kernel 6.6.112 released

Linux kernel version 6.6.112 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.112.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.6.112.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.112.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.6.112/v6.6.111

Linux kernel 6.1.156 released

Linux kernel version 6.1.156 is now available:

Full source: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.156.tar.xz
Patch: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-6.1.156.xz
PGP Signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.156.tar.sign

You can view the summary of the changes at the following URL:
https://git.kernel.org/stable/ds/v6.1.156/v6.1.155