<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/video, branch linux-6.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>fbcon: Fix OOB access in font allocation</title>
<updated>2025-10-02T11:48:39+00:00</updated>
<author>
<name>Thomas Zimmermann</name>
<email>tzimmermann@suse.de</email>
</author>
<published>2025-09-22T13:45:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fc19489dfaf424397ba8d03b47e8786eaed7b3fc'/>
<id>fc19489dfaf424397ba8d03b47e8786eaed7b3fc</id>
<content type='text'>
commit 9b2f5ef00e852f8e8902a4d4f73aeedc60220c12 upstream.

Commit 1a194e6c8e1e ("fbcon: fix integer overflow in fbcon_do_set_font")
introduced an out-of-bounds access by storing data and allocation sizes
in the same variable. Restore the old size calculation and use the new
variable 'alloc_size' for the allocation.

Signed-off-by: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Fixes: 1a194e6c8e1e ("fbcon: fix integer overflow in fbcon_do_set_font")
Reported-by: Jani Nikula &lt;jani.nikula@linux.intel.com&gt;
Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/15020
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6201
Cc: Samasth Norway Ananda &lt;samasth.norway.ananda@oracle.com&gt;
Cc: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Cc: George Kennedy &lt;george.kennedy@oracle.com&gt;
Cc: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Cc: Simona Vetter &lt;simona@ffwll.ch&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: "Ville Syrjälä" &lt;ville.syrjala@linux.intel.com&gt;
Cc: Sam Ravnborg &lt;sam@ravnborg.org&gt;
Cc: Qianqiang Liu &lt;qianqiang.liu@163.com&gt;
Cc: Shixiong Ou &lt;oushixiong@kylinos.cn&gt;
Cc: Kees Cook &lt;kees@kernel.org&gt;
Cc: &lt;stable@vger.kernel.org&gt; # v5.9+
Cc: Zsolt Kajtar &lt;soci@c64.rulez.org&gt;
Reviewed-by: Lucas De Marchi &lt;lucas.demarchi@intel.com&gt;
Reviewed-by: Qianqiang Liu &lt;qianqiang.liu@163.com&gt;
Link: https://lore.kernel.org/r/20250922134619.257684-1-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9b2f5ef00e852f8e8902a4d4f73aeedc60220c12 upstream.

Commit 1a194e6c8e1e ("fbcon: fix integer overflow in fbcon_do_set_font")
introduced an out-of-bounds access by storing data and allocation sizes
in the same variable. Restore the old size calculation and use the new
variable 'alloc_size' for the allocation.

Signed-off-by: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Fixes: 1a194e6c8e1e ("fbcon: fix integer overflow in fbcon_do_set_font")
Reported-by: Jani Nikula &lt;jani.nikula@linux.intel.com&gt;
Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/15020
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6201
Cc: Samasth Norway Ananda &lt;samasth.norway.ananda@oracle.com&gt;
Cc: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Cc: George Kennedy &lt;george.kennedy@oracle.com&gt;
Cc: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Cc: Simona Vetter &lt;simona@ffwll.ch&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: "Ville Syrjälä" &lt;ville.syrjala@linux.intel.com&gt;
Cc: Sam Ravnborg &lt;sam@ravnborg.org&gt;
Cc: Qianqiang Liu &lt;qianqiang.liu@163.com&gt;
Cc: Shixiong Ou &lt;oushixiong@kylinos.cn&gt;
Cc: Kees Cook &lt;kees@kernel.org&gt;
Cc: &lt;stable@vger.kernel.org&gt; # v5.9+
Cc: Zsolt Kajtar &lt;soci@c64.rulez.org&gt;
Reviewed-by: Lucas De Marchi &lt;lucas.demarchi@intel.com&gt;
Reviewed-by: Qianqiang Liu &lt;qianqiang.liu@163.com&gt;
Link: https://lore.kernel.org/r/20250922134619.257684-1-tzimmermann@suse.de
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fbcon: fix integer overflow in fbcon_do_set_font</title>
<updated>2025-10-02T11:48:39+00:00</updated>
<author>
<name>Samasth Norway Ananda</name>
<email>samasth.norway.ananda@oracle.com</email>
</author>
<published>2025-09-12T17:00:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7'/>
<id>c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7</id>
<content type='text'>
commit 1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe upstream.

Fix integer overflow vulnerabilities in fbcon_do_set_font() where font
size calculations could overflow when handling user-controlled font
parameters.

The vulnerabilities occur when:
1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount
   multiplication with user-controlled values that can overflow.
2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow
3. This results in smaller allocations than expected, leading to buffer
   overflows during font data copying.

Add explicit overflow checking using check_mul_overflow() and
check_add_overflow() kernel helpers to safety validate all size
calculations before allocation.

Signed-off-by: Samasth Norway Ananda &lt;samasth.norway.ananda@oracle.com&gt;
Reviewed-by: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Fixes: 39b3cffb8cf3 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access")
Cc: George Kennedy &lt;george.kennedy@oracle.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Cc: syzbot+38a3699c7eaf165b97a6@syzkaller.appspotmail.com
Cc: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Cc: Simona Vetter &lt;simona@ffwll.ch&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Cc: "Ville Syrjälä" &lt;ville.syrjala@linux.intel.com&gt;
Cc: Sam Ravnborg &lt;sam@ravnborg.org&gt;
Cc: Qianqiang Liu &lt;qianqiang.liu@163.com&gt;
Cc: Shixiong Ou &lt;oushixiong@kylinos.cn&gt;
Cc: Kees Cook &lt;kees@kernel.org&gt;
Cc: &lt;stable@vger.kernel.org&gt; # v5.9+
Signed-off-by: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Link: https://lore.kernel.org/r/20250912170023.3931881-1-samasth.norway.ananda@oracle.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe upstream.

Fix integer overflow vulnerabilities in fbcon_do_set_font() where font
size calculations could overflow when handling user-controlled font
parameters.

The vulnerabilities occur when:
1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount
   multiplication with user-controlled values that can overflow.
2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow
3. This results in smaller allocations than expected, leading to buffer
   overflows during font data copying.

Add explicit overflow checking using check_mul_overflow() and
check_add_overflow() kernel helpers to safety validate all size
calculations before allocation.

Signed-off-by: Samasth Norway Ananda &lt;samasth.norway.ananda@oracle.com&gt;
Reviewed-by: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Fixes: 39b3cffb8cf3 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access")
Cc: George Kennedy &lt;george.kennedy@oracle.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Cc: syzbot+38a3699c7eaf165b97a6@syzkaller.appspotmail.com
Cc: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Cc: Simona Vetter &lt;simona@ffwll.ch&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Cc: "Ville Syrjälä" &lt;ville.syrjala@linux.intel.com&gt;
Cc: Sam Ravnborg &lt;sam@ravnborg.org&gt;
Cc: Qianqiang Liu &lt;qianqiang.liu@163.com&gt;
Cc: Shixiong Ou &lt;oushixiong@kylinos.cn&gt;
Cc: Kees Cook &lt;kees@kernel.org&gt;
Cc: &lt;stable@vger.kernel.org&gt; # v5.9+
Signed-off-by: Thomas Zimmermann &lt;tzimmermann@suse.de&gt;
Link: https://lore.kernel.org/r/20250912170023.3931881-1-samasth.norway.ananda@oracle.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"</title>
<updated>2025-08-28T14:34:14+00:00</updated>
<author>
<name>Helge Deller</name>
<email>deller@gmx.de</email>
</author>
<published>2025-08-02T19:34:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fd1896dccc9a5ea2fb74d835b8dcca5e9cd237fe'/>
<id>fd1896dccc9a5ea2fb74d835b8dcca5e9cd237fe</id>
<content type='text'>
commit e4fc307d8e24f122402907ebf585248cad52841d upstream.

This reverts commit 864f9963ec6b4b76d104d595ba28110b87158003.

The patch is wrong as it checks vc_origin against vc_screenbuf,
while in text mode it should compare against vga_vram_base.

As such it broke VGA text scrolling, which can be reproduced like this:
(1) boot a kernel that is configured to use text mode VGA-console
(2) type commands:  ls -l /usr/bin | less -S
(3) scroll up/down with cursor-down/up keys

Reported-by: Jari Ruusu &lt;jariruusu@protonmail.com&gt;
Cc: stable@vger.kernel.org
Cc: Yi Yang &lt;yiyang13@huawei.com&gt;
Cc: GONG Ruiqi &lt;gongruiqi1@huawei.com&gt;
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit e4fc307d8e24f122402907ebf585248cad52841d upstream.

This reverts commit 864f9963ec6b4b76d104d595ba28110b87158003.

The patch is wrong as it checks vc_origin against vc_screenbuf,
while in text mode it should compare against vga_vram_base.

As such it broke VGA text scrolling, which can be reproduced like this:
(1) boot a kernel that is configured to use text mode VGA-console
(2) type commands:  ls -l /usr/bin | less -S
(3) scroll up/down with cursor-down/up keys

Reported-by: Jari Ruusu &lt;jariruusu@protonmail.com&gt;
Cc: stable@vger.kernel.org
Cc: Yi Yang &lt;yiyang13@huawei.com&gt;
Cc: GONG Ruiqi &lt;gongruiqi1@huawei.com&gt;
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fbdev: nvidiafb: add depends on HAS_IOPORT</title>
<updated>2025-08-20T16:41:40+00:00</updated>
<author>
<name>Randy Dunlap</name>
<email>rdunlap@infradead.org</email>
</author>
<published>2025-06-15T18:36:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=490cce988beacf26d70a93b73116eec66fa3abac'/>
<id>490cce988beacf26d70a93b73116eec66fa3abac</id>
<content type='text'>
commit ecdd7df997fd992f0ec70b788e3b12258008a2bf upstream.

The nvidiafb driver uses inb()/outb() without depending on HAS_IOPORT,
which leads to build errors since kernel v6.13-rc1:
commit 6f043e757445 ("asm-generic/io.h: Remove I/O port accessors
for HAS_IOPORT=n")

Add the HAS_IOPORT dependency to prevent the build errors.

(Found in ARCH=um allmodconfig builds)

drivers/video/fbdev/nvidia/nv_accel.c: In function ‘NVDmaWait’:
include/asm-generic/io.h:596:15: error: call to ‘_outb’ declared with attribute error: outb() requires CONFIG_HAS_IOPORT
  596 | #define _outb _outb

Signed-off-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Cc: Arnd Bergmann &lt;arnd@kernel.org&gt;
Cc: Niklas Schnelle &lt;schnelle@linux.ibm.com&gt;
Cc: Antonino Daplas &lt;adaplas@gmail.com&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: linux-fbdev@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: stable@vger.kernel.org # v6.13+
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit ecdd7df997fd992f0ec70b788e3b12258008a2bf upstream.

The nvidiafb driver uses inb()/outb() without depending on HAS_IOPORT,
which leads to build errors since kernel v6.13-rc1:
commit 6f043e757445 ("asm-generic/io.h: Remove I/O port accessors
for HAS_IOPORT=n")

Add the HAS_IOPORT dependency to prevent the build errors.

(Found in ARCH=um allmodconfig builds)

drivers/video/fbdev/nvidia/nv_accel.c: In function ‘NVDmaWait’:
include/asm-generic/io.h:596:15: error: call to ‘_outb’ declared with attribute error: outb() requires CONFIG_HAS_IOPORT
  596 | #define _outb _outb

Signed-off-by: Randy Dunlap &lt;rdunlap@infradead.org&gt;
Cc: Arnd Bergmann &lt;arnd@kernel.org&gt;
Cc: Niklas Schnelle &lt;schnelle@linux.ibm.com&gt;
Cc: Antonino Daplas &lt;adaplas@gmail.com&gt;
Cc: Helge Deller &lt;deller@gmx.de&gt;
Cc: linux-fbdev@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: stable@vger.kernel.org # v6.13+
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fbdev: Fix vmalloc out-of-bounds write in fast_imageblit</title>
<updated>2025-08-20T16:41:40+00:00</updated>
<author>
<name>Sravan Kumar Gundu</name>
<email>sravankumarlpu@gmail.com</email>
</author>
<published>2025-07-31T20:36:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cfec17721265e72e50cc69c6004fe3475cd38df2'/>
<id>cfec17721265e72e50cc69c6004fe3475cd38df2</id>
<content type='text'>
commit af0db3c1f898144846d4c172531a199bb3ca375d upstream.

This issue triggers when a userspace program does an ioctl
FBIOPUT_CON2FBMAP by passing console number and frame buffer number.
Ideally this maps console to frame buffer and updates the screen if
console is visible.

As part of mapping it has to do resize of console according to frame
buffer info. if this resize fails and returns from vc_do_resize() and
continues further. At this point console and new frame buffer are mapped
and sets display vars. Despite failure still it continue to proceed
updating the screen at later stages where vc_data is related to previous
frame buffer and frame buffer info and display vars are mapped to new
frame buffer and eventully leading to out-of-bounds write in
fast_imageblit(). This bheviour is excepted only when fg_console is
equal to requested console which is a visible console and updates screen
with invalid struct references in fbcon_putcs().

Reported-and-tested-by: syzbot+c4b7aa0513823e2ea880@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=c4b7aa0513823e2ea880
Signed-off-by: Sravan Kumar Gundu &lt;sravankumarlpu@gmail.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit af0db3c1f898144846d4c172531a199bb3ca375d upstream.

This issue triggers when a userspace program does an ioctl
FBIOPUT_CON2FBMAP by passing console number and frame buffer number.
Ideally this maps console to frame buffer and updates the screen if
console is visible.

As part of mapping it has to do resize of console according to frame
buffer info. if this resize fails and returns from vc_do_resize() and
continues further. At this point console and new frame buffer are mapped
and sets display vars. Despite failure still it continue to proceed
updating the screen at later stages where vc_data is related to previous
frame buffer and frame buffer info and display vars are mapped to new
frame buffer and eventully leading to out-of-bounds write in
fast_imageblit(). This bheviour is excepted only when fg_console is
equal to requested console which is a visible console and updates screen
with invalid struct references in fbcon_putcs().

Reported-and-tested-by: syzbot+c4b7aa0513823e2ea880@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=c4b7aa0513823e2ea880
Signed-off-by: Sravan Kumar Gundu &lt;sravankumarlpu@gmail.com&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fbdev: fix potential buffer overflow in do_register_framebuffer()</title>
<updated>2025-08-20T16:41:21+00:00</updated>
<author>
<name>Yongzhen Zhang</name>
<email>zhangyongzhen@kylinos.cn</email>
</author>
<published>2025-07-01T09:07:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399'/>
<id>248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399</id>
<content type='text'>
[ Upstream commit 523b84dc7ccea9c4d79126d6ed1cf9033cf83b05 ]

The current implementation may lead to buffer overflow when:
1.  Unregistration creates NULL gaps in registered_fb[]
2.  All array slots become occupied despite num_registered_fb &lt; FB_MAX
3.  The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

Signed-off-by: Yongzhen Zhang &lt;zhangyongzhen@kylinos.cn&gt;
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 523b84dc7ccea9c4d79126d6ed1cf9033cf83b05 ]

The current implementation may lead to buffer overflow when:
1.  Unregistration creates NULL gaps in registered_fb[]
2.  All array slots become occupied despite num_registered_fb &lt; FB_MAX
3.  The registration loop exceeds array bounds

Add boundary check to prevent registered_fb[FB_MAX] access.

Signed-off-by: Yongzhen Zhang &lt;zhangyongzhen@kylinos.cn&gt;
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref</title>
<updated>2025-08-15T14:39:12+00:00</updated>
<author>
<name>Chenyuan Yang</name>
<email>chenyuan0y@gmail.com</email>
</author>
<published>2025-07-24T03:25:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f060441c153495750804133555cf0a211a856892'/>
<id>f060441c153495750804133555cf0a211a856892</id>
<content type='text'>
[ Upstream commit da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7 ]

fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot
allocate a struct fb_modelist.  If that happens, the modelist stays empty but
the driver continues to register.  Add a check for its return value to prevent
poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev:
Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var").

Fixes: 1b6c79361ba5 ("video: imxfb: Add DT support")
Signed-off-by: Chenyuan Yang &lt;chenyuan0y@gmail.com&gt;
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit da11e6a30e0bb8e911288bdc443b3dc8f6a7cac7 ]

fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot
allocate a struct fb_modelist.  If that happens, the modelist stays empty but
the driver continues to register.  Add a check for its return value to prevent
poteintial null-ptr-deref, which is similar to the commit 17186f1f90d3 ("fbdev:
Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var").

Fixes: 1b6c79361ba5 ("video: imxfb: Add DT support")
Signed-off-by: Chenyuan Yang &lt;chenyuan0y@gmail.com&gt;
Signed-off-by: Helge Deller &lt;deller@gmx.de&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>fbcon: Fix outdated registered_fb reference in comment</title>
<updated>2025-08-15T14:38:45+00:00</updated>
<author>
<name>Shixiong Ou</name>
<email>oushixiong@kylinos.cn</email>
</author>
<published>2025-07-09T10:34:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e9240dd81a05401fb445ad18f965fc494527b18c'/>
<id>e9240dd81a05401fb445ad18f965fc494527b18c</id>
<content type='text'>
[ Upstream commit 0f168e7be696a17487e83d1d47e5a408a181080f ]

The variable was renamed to fbcon_registered_fb, but this comment was
not updated along with the change. Correct it to avoid confusion.

Signed-off-by: Shixiong Ou &lt;oushixiong@kylinos.cn&gt;
Fixes: efc3acbc105a ("fbcon: Maintain a private array of fb_info")
[sima: Add Fixes: line.]
Signed-off-by: Simona Vetter &lt;simona.vetter@ffwll.ch&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20250709103438.572309-1-oushixiong1025@163.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 0f168e7be696a17487e83d1d47e5a408a181080f ]

The variable was renamed to fbcon_registered_fb, but this comment was
not updated along with the change. Correct it to avoid confusion.

Signed-off-by: Shixiong Ou &lt;oushixiong@kylinos.cn&gt;
Fixes: efc3acbc105a ("fbcon: Maintain a private array of fb_info")
[sima: Add Fixes: line.]
Signed-off-by: Simona Vetter &lt;simona.vetter@ffwll.ch&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20250709103438.572309-1-oushixiong1025@163.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>treewide, timers: Rename from_timer() to timer_container_of()</title>
<updated>2025-06-08T07:07:37+00:00</updated>
<author>
<name>Ingo Molnar</name>
<email>mingo@kernel.org</email>
</author>
<published>2025-05-09T05:51:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=41cb08555c4164996d67c78b3bf1c658075b75f1'/>
<id>41cb08555c4164996d67c78b3bf1c658075b75f1</id>
<content type='text'>
Move this API to the canonical timer_*() namespace.

[ tglx: Redone against pre rc1 ]

Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Link: https://lore.kernel.org/all/aB2X0jCKQO56WdMt@gmail.com

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move this API to the canonical timer_*() namespace.

[ tglx: Redone against pre rc1 ]

Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Link: https://lore.kernel.org/all/aB2X0jCKQO56WdMt@gmail.com

</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'drm-fixes-2025-06-06' of https://gitlab.freedesktop.org/drm/kernel</title>
<updated>2025-06-06T16:26:47+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2025-06-06T16:26:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5fc6c6f258b34fd0d2ff2a63b8a407a4dcbca750'/>
<id>5fc6c6f258b34fd0d2ff2a63b8a407a4dcbca750</id>
<content type='text'>
Pull more drm fixes from Simona Vetter:
 "Another small batch of drm fixes, this time with a different baseline
  and hence separate.

  Drivers:
   - ivpu:
       - dma_resv locking
       - warning fixes
       - reset failure handling
       - improve logging
       - update fw file names
       - fix cmdqueue unregister
   - panel-simple: add Evervision VGG644804

  Core Changes:
   - sysfb: screen_info type check
   - video: screen_info for relocated pci fb
   - drm/sched: signal fence of killed job
   - dummycon: deferred takeover fix"

* tag 'drm-fixes-2025-06-06' of https://gitlab.freedesktop.org/drm/kernel:
  sysfb: Fix screen_info type check for VGA
  video: screen_info: Relocate framebuffers behind PCI bridges
  accel/ivpu: Fix warning in ivpu_gem_bo_free()
  accel/ivpu: Trigger device recovery on engine reset/resume failure
  accel/ivpu: Use dma_resv_lock() instead of a custom mutex
  drm/panel-simple: fix the warnings for the Evervision VGG644804
  accel/ivpu: Reorder Doorbell Unregister and Command Queue Destruction
  accel/ivpu: Use firmware names from upstream repo
  accel/ivpu: Improve buffer object logging
  dummycon: Trigger redraw when switching consoles with deferred takeover
  drm/scheduler: signal scheduled fence when kill job
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull more drm fixes from Simona Vetter:
 "Another small batch of drm fixes, this time with a different baseline
  and hence separate.

  Drivers:
   - ivpu:
       - dma_resv locking
       - warning fixes
       - reset failure handling
       - improve logging
       - update fw file names
       - fix cmdqueue unregister
   - panel-simple: add Evervision VGG644804

  Core Changes:
   - sysfb: screen_info type check
   - video: screen_info for relocated pci fb
   - drm/sched: signal fence of killed job
   - dummycon: deferred takeover fix"

* tag 'drm-fixes-2025-06-06' of https://gitlab.freedesktop.org/drm/kernel:
  sysfb: Fix screen_info type check for VGA
  video: screen_info: Relocate framebuffers behind PCI bridges
  accel/ivpu: Fix warning in ivpu_gem_bo_free()
  accel/ivpu: Trigger device recovery on engine reset/resume failure
  accel/ivpu: Use dma_resv_lock() instead of a custom mutex
  drm/panel-simple: fix the warnings for the Evervision VGG644804
  accel/ivpu: Reorder Doorbell Unregister and Command Queue Destruction
  accel/ivpu: Use firmware names from upstream repo
  accel/ivpu: Improve buffer object logging
  dummycon: Trigger redraw when switching consoles with deferred takeover
  drm/scheduler: signal scheduled fence when kill job
</pre>
</div>
</content>
</entry>
</feed>
