android11-5.4-ksunext
973980 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
ktommy91
|
433510b676 |
Add KernelSU hooks
credits to akash07k |
||
j7b3y
|
9a04a90656 | Add kernelsu next | ||
mikooomich
|
717dc0e252 |
drivers: sensors: icm206xx: Fix strict-prototypes error
Change-Id: I5eb49319b73dfc9ee344c44ba4e9ebc16c8e7ce1 |
||
|
mikooomich
|
a7c4237e2c |
drivers: sensors: ams_tmd2755: Fix strict-prototypes error
Change-Id: Ic4cc39f623d06aa231d427403239a706f85fd2bd |
||
|
mikooomich
|
0d478b4492 |
techpack: camera: Fix strict-prototypes error
Change-Id: I3cb08b85ede5b58f64ceae8d99cd0479f3579c69 |
||
Davide Garberi
|
fa99342727 |
Merge branch 'lineage-20' of github.com:LineageOS/android_kernel_qcom_sm8350 into lineage-21
Change-Id: Ic2f27579a391262e3ce327e50fe0b0f5490b0750 |
||
|
Davide Garberi
|
65785c676b |
Revert "power: reset: qcom-dload-mode: perform a warm nodump reboot only if in panic"
This reverts commit
|
||
Michael Bestas
|
7f04c28240
|
Merge tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/display-drivers into android13-5.4-lahaina
"LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0" * tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/display-drivers: disp: msm: add support for hibernation Change-Id: Ieefc35e48b8d7068279c592918329e43b3d3959e |
||
|
Michael Bestas
|
db38838ac7
|
Merge tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/dataipa into android13-5.4-lahaina
"LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0" * tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/dataipa: msm: ipa: Null terminated interface name string argument received from ioctl msm: ipa3: creating new ipc log file for IPA Clocks Change-Id: I4135d434cb5e7dd1009ce2a66ce0f3d81bf3588a |
||
|
Michael Bestas
|
5a22f4da61
|
Merge tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel into android13-5.4-lahaina
"LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0" * tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel: msm: camera: common: Fix possible OOB reads and writes operation Change-Id: I943de389f42e93c7ac39c827b176eaea1f65dcb1 |
||
|
Michael Bestas
|
be31ff5b66
|
Merge tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0 into android13-5.4-lahaina
"LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0" * tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0: Release 2.0.8.34I qcacld-3.0: Ignore CSA request for invalid channel Release 2.0.8.34H qcacld-3.0: Check ch_width for dot11f vht and he caps qcacld-3.0: Higher Bandwidth support 80/80+80/160 in 2.4 GHz Band Release 2.0.8.34G qcacld-3.0: Extract 6 GHz AP power type from HE IE qcacld-3.0: Do not allow connection if STA VLP not supported Change-Id: Icdab6891cad69ccfd611f131e3ac578ca3012d37 |
||
|
Michael Bestas
|
60bb0d9f00
|
Merge tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn into android13-5.4-lahaina
"LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0" * tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn: qcacmn: Add sanity check to fix OOB issue qcacmn: Don't use LPI as default power type qcacmn: Do not allow connection if STA VLP not supported qcacmn: Don't set power mode to VLP for all countries Change-Id: I5284df6cfbe2b7af9b46715011825c467a81df85 |
||
|
Michael Bestas
|
ca99e36dea
|
Merge tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-5.4 into android13-5.4-lahaina
"LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0" * tag 'LA.UM.9.14.r1-23800-LAHAINA.QSSI14.0' of https://git.codelinaro.org/clo/la/kernel/msm-5.4: qcom-dload-mode: Convert reboot notifier to restart notifier defconfig: sdxlemur: Enable minidump for sdxlemur soc: qcom: Don't print thread info for arm arch soc: qcom: dcc_v2: Fix slab-out-of-bounds issue in dcc driver rpmsg: slatecom: Discard unaligned packet to read soc: qcom: peripheral-loader: Add KPI marker input: misc: Validate input pattern count in pattern_s_dbgfs_write BACKPORT: media: venus: hfi: fix the check in session buffer requirement BACKPORT: media: venus: hfi: add checks to perform sanity on queue pointers net: qrtr: smd: kfree svc_arr after use Conflicts: drivers/devfreq/devfreq.c drivers/rpmsg/qcom_glink_slatecom.c include/net/tcp.h Change-Id: If26696f886bf78d4d77e36a7266fabc0ceba7a85 |
||
Bruno Martins
|
a74c928fd6
|
Merge tag 'ASB-2024-02-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2024-02-01 * tag 'ASB-2024-02-05_11-5.4' of https://android.googlesource.com/kernel/common: Reapply "perf: Fix perf_event_validate_size()" UPSTREAM: ida: Fix crash in ida_free when the bitmap is empty UPSTREAM: netfilter: nf_tables: Reject tables of unsupported family Reapply "perf: Disallow mis-matched inherited group reads" UPSTREAM: ath10k: Get rid of "per_ce_irq" hw param UPSTREAM: ath10k: Keep track of which interrupts fired, don't poll them UPSTREAM: ath10k: Add interrupt summary based CE processing UPSTREAM: ath10k: Wait until copy complete is actually done before completing FROMGIT: clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Conflicts: kernel/events/core.c net/netfilter/nf_tables_api.c Change-Id: Id54c39eddcf408eff81a27a89621447e6b5f0e8e |
||
|
Bruno Martins
|
2f84185dd7 |
Merge branch 'android11-5.4-lts' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
* 'android11-5.4-lts' of https://android.googlesource.com/kernel/common: FROMGIT: clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Linux 5.4.268 arm64: dts: armada-3720-turris-mox: set irq type for RTC perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set i2c: s3c24xx: fix transferring more than one message in polling mode i2c: s3c24xx: fix read transfers in polling mode mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure kdb: Fix a potential buffer overflow in kdb_local() kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ ipvs: avoid stat macros calls from preemptible context netfilter: nf_tables: skip dead set elements in netlink dump net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe net: ravb: Fix dma_addr_t truncation in error case net: phy: micrel: populate .soft_reset for KSZ9131 net: qualcomm: rmnet: fix global oob in rmnet_policy s390/pci: fix max size calculation in zpci_memcpy_toio() PCI: keystone: Fix race condition when initializing PHYs nvmet-tcp: Fix the H2C expected PDU len calculation serial: imx: Correct clock error message in function probe() apparmor: avoid crash when parsed profile name is empty perf env: Avoid recursively taking env->bpf_progs.lock perf bpf: Decouple creating the evlist from adding the SB event perf top: Move sb_evlist to 'struct perf_top' perf record: Move sb_evlist to 'struct record' perf env: Add perf_env__numa_node() nvmet-tcp: fix a crash in nvmet_req_complete() nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length perf genelf: Set ELF program header addresses properly software node: Let args be NULL in software_node_get_reference_args acpi: property: Let args be NULL in __acpi_node_get_property_reference serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() mips: Fix incorrect max_low_pfn adjustment HID: wacom: Correct behavior when processing some confidence == false touches x86/kvm: Do not try to disable kvmclock if it was not enabled wifi: mwifiex: configure BSSID consistently when starting AP wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code rootfs: Fix support for rootfstype= when root= is given fbdev: flush deferred work in fb_deferred_io_fsync() ALSA: oxygen: Fix right channel of capture volume mixer usb: mon: Fix atomicity violation in mon_bin_vma_fault usb: typec: class: fix typec_altmode_put_partner to put plugs Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" usb: chipidea: wait controller resume finished for wakeup irq Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" Revert "usb: dwc3: Soft reset phy on probe for host" usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug binder: fix unused alloc->free_async_space binder: fix race between mmput() and do_exit() xen-netback: don't produce zero-size SKB frags Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" Input: atkbd - use ab83 as id when skipping the getid command binder: fix use-after-free in shinker's callback binder: fix async space check for 0-sized buffers of: unittest: Fix of_count_phandle_with_args() expected value message of: Fix double free in of_parse_phandle_with_args_map mmc: sdhci_omap: Fix TI SoC dependencies clk: si5341: fix an error code problem in si5341_output_clk_set_rate watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO watchdog: set cdev owner before adding drivers: clk: zynqmp: calculate closest mux rate gpu/drm/radeon: fix two memleaks in radeon_vm_init drivers/amd/pm: fix a use-after-free in kv_parse_power_table drm/amd/pm: fix a double-free in si_dpm_init drm/amdgpu/debugfs: fix error code when smc register accessors are NULL media: dvbdev: drop refcount on error path in dvb_device_open() media: cx231xx: fix a memleak in cx231xx_init_isoc drm/bridge: tc358767: Fix return value on error case drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table drm/radeon/dpm: fix a memleak in sumo_parse_power_table drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() drm/drv: propagate errors from drm_modeset_register_all() drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks drm/msm/mdp4: flush vblank event on disable ASoC: cs35l34: Fix GPIO name and drop legacy include ASoC: cs35l33: Fix GPIO name and drop legacy include drm/radeon: check return value of radeon_ring_lock() drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() f2fs: fix to avoid dirent corruption drm/bridge: Fix typo in post_disable() description media: pvrusb2: fix use after free on context disconnection RDMA/usnic: Silence uninitialized symbol smatch warnings ARM: davinci: always select CONFIG_CPU_ARM926T ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() Bluetooth: btmtkuart: fix recv_buf() return value Bluetooth: Fix bogus check for re-auth no supported with non-ssp netfilter: nf_tables: mark newset as dead on transaction abort wifi: rtlwifi: rtl8192se: using calculate_bit_shift() wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() wifi: rtlwifi: rtl8192de: using calculate_bit_shift() rtlwifi: rtl8192de: make arrays static const, makes object smaller wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() wifi: rtlwifi: rtl8192c: using calculate_bit_shift() wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() wifi: rtlwifi: add calculate_bit_shift() dma-mapping: clear dev->dma_mem to NULL after freeing it virtio/vsock: fix logic which reduces credit update messages selftests/net: fix grep checking for fib_nexthop_multiprefix scsi: hisi_sas: Replace with standard error code return value arm64: dts: qcom: sdm845-db845c: correct LED panic indicator scsi: fnic: Return error if vmalloc() failed wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() net/ncsi: Fix netlink major/minor version numbers ncsi: internal.h: Fix a spello ARM: dts: qcom: apq8064: correct XOADC register address wifi: libertas: stop selecting wext bpf, lpm: Fix check prefixlen before walking trie wifi: rtw88: fix RX filter in FIF_ALLMULTI flag NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT blocklayoutdriver: Fix reference leak of pnfs_device_node crypto: scomp - fix req->dst buffer overflow crypto: sahara - do not resize req->src when doing hash operations crypto: sahara - fix processing hash requests with req->nbytes < sg->length crypto: sahara - improve error handling in sahara_sha_process() crypto: sahara - fix wait_for_completion_timeout() error handling crypto: sahara - fix ahash reqsize crypto: virtio - Wait for tasklet to complete on device remove gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() crypto: sahara - fix error handling in sahara_hw_descriptor_create() crypto: sahara - fix processing requests with cryptlen < sg->length crypto: sahara - fix ahash selftest failure crypto: sahara - remove FLAGS_NEW_KEY logic crypto: af_alg - Disallow multiple in-flight AIO requests crypto: ccp - fix memleak in ccp_init_dm_workarea virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC crypto: virtio - don't use 'default m' crypto: virtio - Handle dataq logic with tasklet selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket mtd: Fix gluebi NULL pointer dereference caused by ftl notifier spi: sh-msiof: Enforce fixed DTDL for R-Car H3 calipso: fix memory leak in netlbl_calipso_add_pass() netlabel: remove unused parameter in netlbl_netlink_auditinfo() net: netlabel: Fix kerneldoc warnings ACPI: LPIT: Avoid u32 multiplication overflow ACPI: video: check for error while searching for backlight device parent mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response powerpc/imc-pmu: Add a null pointer check in update_events_in_group() powerpc/powernv: Add a null pointer check in opal_powercap_init() powerpc/powernv: Add a null pointer check in opal_event_init() powerpc/powernv: Add a null pointer check to scom_debug_init_one() selftests/powerpc: Fix error handling in FPU/VMX preemption tests powerpc/pseries/memhp: Fix access beyond end of drmem array powerpc/pseries/memhotplug: Quieten some DLPAR operations powerpc/44x: select I2C for CURRITUCK powerpc: add crtsavres.o to always-y instead of extra-y EDAC/thunderx: Fix possible out-of-bounds string access x86/lib: Fix overflow when counting digits coresight: etm4x: Fix width of CCITMIN field parport: parport_serial: Add Brainboxes device IDs and geometry parport: parport_serial: Add Brainboxes BAR details uio: Fix use-after-free in uio_open binder: fix comment on binder_alloc_new_buf() return value binder: fix trivial typo of binder_free_buf_locked() binder: use EPOLLERR from eventpoll.h ACPI: resource: Add another DMI match for the TongFang GMxXGxx drm/crtc: fix uninitialized variable use ARM: sun9i: smp: fix return code check of of_property_match_string ida: Fix crash in ida_free when the bitmap is empty Input: xpad - add Razer Wolverine V2 support ARC: fix spare error s390/scm: fix virtual vs physical address confusion Input: i8042 - add nomux quirk for Acer P459-G2-M Input: atkbd - skip ATKBD_CMD_GETID in translated mode reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI tracing: Add size check when printing trace_marker output tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing neighbour: Don't let neigh_forced_gc() disable preemption for long drm/crtc: Fix uninit-value bug in drm_mode_setcrtc jbd2: correct the printing of write_flags in jbd2_write_superblock() clk: rockchip: rk3128: Fix HCLK_OTG gate register drm/exynos: fix a wrong error checking drm/exynos: fix a potential error pointer dereference nvme: introduce helper function to get ctrl state ASoC: da7219: Support low DC impedance headset net/tg3: fix race condition in tg3_reset_task() nouveau/tu102: flush all pdbs on vmm flush ASoC: rt5650: add mutex to avoid the jack detection failure ASoC: cs43130: Fix incorrect frame delay configuration ASoC: cs43130: Fix the position of const qualifier ASoC: Intel: Skylake: mem leak in skl register function ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 ASoC: Intel: Skylake: Fix mem leak in few functions ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro pinctrl: lochnagar: Don't build on MIPS f2fs: explicitly null-terminate the xattr list Revert "ipv6: make ip6_rt_gc_expire an atomic_t" Revert "ipv6: remove max_size check inline with ipv4" Linux 5.4.267 ASoC: meson: codec-glue: fix pcm format cast warning ipv6: remove max_size check inline with ipv4 ipv6: make ip6_rt_gc_expire an atomic_t net/dst: use a smaller percpu_counter batch for dst entries accounting PCI: Disable ATS for specific Intel IPU E2000 devices PCI: Extract ATS disabling to a helper function netfilter: nf_tables: Reject tables of unsupported family net: tls, update curr on splice as well ath10k: Get rid of "per_ce_irq" hw param ath10k: Keep track of which interrupts fired, don't poll them ath10k: Add interrupt summary based CE processing ath10k: Wait until copy complete is actually done before completing mmc: sdhci-sprd: Fix eMMC init failure after hw reset mmc: core: Cancel delayed work before releasing host mmc: rpmb: fixes pause retune on all RPMB partitions. mm: fix unmap_mapping_range high bits shift bug i2c: core: Fix atomic xfer check for non-preempt config firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards mm/memory-failure: check the mapcount of the precise page net: Implement missing SO_TIMESTAMPING_NEW cmsg support bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() asix: Add check for usbnet_get_endpoints net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues net/qla3xxx: switch from 'pci_' to 'dma_' API i40e: Restore VF MSI-X state during PCI reset ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a: extract codec-to-codec utils i40e: fix use-after-free in i40e_aqc_add_filters() net: Save and restore msg_namelen in sock_sendmsg net: bcmgenet: Fix FCS generation for fragmented skbuffs ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps can: raw: add support for SO_MARK can: raw: add support for SO_TXTIME/SCM_TXTIME net: sched: em_text: fix possible memory leak in em_text_destroy() i40e: Fix filter input checks to prevent config with invalid values nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local ANDROID: db845c: Enable device tree overlay support Linux 5.4.266 block: Don't invalidate pagecache for invalid falloc modes ring-buffer: Fix wake ups when buffer_percent is set to 100 smb: client: fix OOB in smbCalcSize() usb: fotg210-hcd: delete an incorrect bounds test x86/alternatives: Sync core before enabling interrupts net: rfkill: gpio: set GPIO direction net: 9p: avoid freeing uninit memory in p9pdu_vreadf Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent USB: serial: option: add Quectel RM500Q R13 firmware support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel EG912Y module support USB: serial: ftdi_sio: update Actisense PIDs constant names wifi: cfg80211: fix certs build to not depend on file order wifi: cfg80211: Add my certificate iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Input: ipaq-micro-keys - add error handling for devm_kmemdup iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw interconnect: Treat xlate() returning NULL node as an error btrfs: do not allow non subvolume root targets for snapshot smb: client: fix NULL deref in asn1_ber_decoder() ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 pinctrl: at91-pio4: use dedicated lock class for IRQ i2c: aspeed: Handle the coalesced stop conditions with the start conditions. afs: Fix overwriting of result of DNS query net: check dev->gso_max_size in gso_features_check() net: warn if gso_type isn't set for a GSO SKB afs: Fix dynamic root lookup DNS check afs: Fix the dynamic root's d_delete to always delete unused dentries net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() net/rose: fix races in rose_kill_by_device() ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net: sched: ife: fix potential use-after-free net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors net/mlx5: Fix fw tracer first block check net/mlx5: improve some comments Revert "net/mlx5e: fix double free of encap_header" wifi: mac80211: mesh_plink: fix matches_local logic s390/vx: fix save/restore of fpu kernel context reset: Fix crash when freeing non-existent optional resets ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ANDROID: GKI: fix crc issue in include/net/addrconf.h Revert "cred: switch to using atomic_long_t" Linux 5.4.265 powerpc/ftrace: Fix stack teardown in ftrace_no_trace powerpc/ftrace: Create a dummy stackframe to fix stack unwind mmc: block: Be sure to wait while busy in CQE error recovery ring-buffer: Fix memory leak of free page team: Fix use-after-free when an option instance allocation fails arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS soundwire: stream: fix NULL pointer dereference for multi_link perf: Fix perf_event_validate_size() lockdep splat HID: hid-asus: add const to read-only outgoing usb buffer net: usb: qmi_wwan: claim interface 4 for ZTE MF290 asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad HID: hid-asus: reset the backlight brightness level on resume HID: add ALWAYS_POLL quirk for Apple kb platform/x86: intel_telemetry: Fix kernel doc descriptions bcache: avoid NULL checking to c->root in run_cache_set() bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid oversize memory allocation by small stripe_size blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" usb: aqc111: check packet for fixup for true limit Revert "PCI: acpiphp: Reassign resources on bridge if necessary" ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants cred: switch to using atomic_long_t appletalk: Fix Use-After-Free in atalk_ioctl net: stmmac: Handle disabled MDIO busses from devicetree net: stmmac: use dev_err_probe() for reporting mdio bus registration failure vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() sign-file: Fix incorrect return values check net: Remove acked SYN flag from packet in the transmit queue correctly qed: Fix a potential use-after-free in qed_cxt_tables_alloc net/rose: Fix Use-After-Free in rose_ioctl atm: Fix Use-After-Free in do_vcc_ioctl atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: solos-pci: Fix potential deadlock on &cli_queue_lock qca_spi: Fix reset behavior qca_debug: Fix ethtool -G iface tx behavior qca_debug: Prevent crash on TX ring changes net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX afs: Fix refcount underflow from error handling race Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group" Revert "mmc: core: add helpers mmc_regulator_enable/disable_vqmmc" Revert "mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled" Revert "genetlink: add CAP_NET_ADMIN test for multicast bind" Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" Revert "perf/core: Add a new read format to get a number of lost samples" Revert "perf: Fix perf_event_validate_size()" Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier" Linux 5.4.264 devcoredump: Send uevent once devcd is ready devcoredump : Serialize devcd_del work smb: client: fix potential NULL deref in parse_dfs_referrals() cifs: Fix non-availability of dedup breaking generic/304 Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" tools headers UAPI: Sync linux/perf_event.h with the kernel sources drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group psample: Require 'CAP_NET_ADMIN' when joining "packets" group genetlink: add CAP_NET_ADMIN test for multicast bind netlink: don't call ->netlink_bind with table lock held io_uring/af_unix: disable sending io_uring over sockets nilfs2: fix missing error check for sb_set_blocksize call KVM: s390/mm: Properly reset no-dat x86/CPU/AMD: Check vendor in the AMD microcode callback serial: 8250_omap: Add earlycon support for the AM654 UART controller serial: sc16is7xx: address RX timeout interrupt errata ARM: PL011: Fix DMA support usb: typec: class: fix typec_altmode_put_partner to put plugs parport: Add support for Brainboxes IX/UC/PX parallel cards usb: gadget: f_hid: fix report descriptor allocation mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled mmc: core: add helpers mmc_regulator_enable/disable_vqmmc gpiolib: sysfs: Fix error handling on failed export perf: Fix perf_event_validate_size() perf/core: Add a new read format to get a number of lost samples arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names arm64: dts: mediatek: mt7622: fix memory node warning check packet: Move reference count in packet_sock to atomic_long_t tracing: Fix a possible race when disabling buffered events tracing: Fix incomplete locking when disabling buffered events tracing: Always update snapshot buffer size nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ARM: dts: imx: make gpt node name generic ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() tracing: Fix a warning when allocating buffered events fails ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate hwmon: (acpi_power_meter) Fix 4.29 MW bug RDMA/bnxt_re: Correct module description string bpf: sockmap, updating the sg structure should also update curr tcp: do not accept ACK of bytes we never sent netfilter: xt_owner: Fix for unsafe access of sk->sk_socket net: hns: fix fake link up on xge port ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() arcnet: restoring support for multiple Sohard Arcnet cards net: arcnet: com20020 fix error handling net: arcnet: Fix RESET flag handling hv_netvsc: rndis_filter needs to select NLS ipv6: fix potential NULL deref in fib6_add() of: dynamic: Fix of_reconfig_get_state_change() return value documentation of: Add missing 'Return' section in kerneldoc comments of: Fix kerneldoc output formatting of: base: Fix some formatting issues and provide missing descriptions of/irq: Make of_msi_map_rid() PCI bus agnostic of/irq: make of_msi_map_get_device_domain() bus agnostic of/iommu: Make of_map_rid() PCI agnostic ACPI/IORT: Make iort_msi_map_rid() PCI agnostic ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic of: base: Add of_get_cpu_state_node() to get idle states for a CPU node drm/amdgpu: correct chunk_ptr to a pointer to chunk. kconfig: fix memory leak from range properties tg3: Increment tx_dropped in tg3_tso_bug() tg3: Move the [rt]x_dropped counters to tg3_napi netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test hrtimers: Push pending hrtimers away from outgoing CPU earlier Revert "HID: core: store the unique system identifier in hid_device" Revert "HID: fix HID device resource race between HID core and debugging support" Linux 5.4.263 mmc: block: Retry commands in CQE error recovery mmc: core: convert comma to semicolon mmc: cqhci: Fix task clearing in CQE error recovery mmc: cqhci: Warn of halt or task clear failure mmc: cqhci: Increase recovery halt timeout cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily cpufreq: imx6q: don't warn for disabling a non-existing frequency scsi: qla2xxx: Fix system crash due to bad pointer access scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Introduce the scsi_cmd_to_rq() function scsi: qla2xxx: Simplify the code for aborting SCSI commands ima: detect changes to the backing overlay file ovl: skip overlayfs superblocks at global sync ima: annotate iint mutex to avoid lockdep false positive warnings fbdev: stifb: Make the STI next font pointer a 32-bit signed offset mtd: cfi_cmdset_0001: Byte swap OTP info mtd: cfi_cmdset_0001: Support the absence of protection registers s390/cmma: fix detection of DAT pages s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family smb3: fix touch -h of symlink net: ravb: Start TX queues after HW initialization succeeded net: ravb: Use pm_runtime_resume_and_get() ravb: Fix races between ravb_tx_timeout_work() and net related ops net: stmmac: xgmac: Disable FPE MMC interrupts ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Input: xpad - add HyperX Clutch Gladiate Support btrfs: make error messages more clear when getting a chunk map btrfs: send: ensure send_fd is writable btrfs: fix off-by-one when checking chunk map includes logical address btrfs: add dmesg output for first mount and last unmount of a filesystem powerpc: Don't clobber f0/vs0 during fp|altivec register save bcache: revert replacing IS_ERR_OR_NULL with IS_ERR dm verity: don't perform FEC for failed readahead IO dm-verity: align struct dm_verity_fec_io properly ALSA: hda/realtek: Add supported ALC257 for ChromeOS ALSA: hda/realtek: Headset Mic VREF to 100% ALSA: hda: Disable power-save on KONTRON SinglePC mmc: block: Do not lose cache flush during CQE error recovery firewire: core: fix possible memory leak in create_units() pinctrl: avoid reload of p state in list iteration io_uring: fix off-by one bvec index USB: dwc3: qcom: fix wakeup after probe deferral USB: dwc3: qcom: fix resource leaks on probe deferral usb: dwc3: set the dma max_seg_size USB: dwc2: write HCINT with INTMASK applied USB: serial: option: don't claim interface 4 for ZTE MF290 USB: serial: option: fix FM101R-GL defines USB: serial: option: add Fibocom L7xx modules bcache: prevent potential division by zero error bcache: check return value from btree_node_alloc_replacement() dm-delay: fix a race between delay_presuspend and delay_bio hv_netvsc: Mark VF as slave before exposing it to user-mode hv_netvsc: Fix race of register_netdevice_notifier and VF register USB: serial: option: add Luat Air72*U series products s390/dasd: protect device queue against concurrent access bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 arm64: cpufeature: Extract capped perfmon fields ext4: make sure allocate pending entry not fail ext4: fix slab-use-after-free in ext4_es_insert_extent() ext4: using nofail preallocation in ext4_es_insert_extent() ext4: using nofail preallocation in ext4_es_insert_delayed_block() ext4: using nofail preallocation in ext4_es_remove_extent() ext4: use pre-allocated es in __es_remove_extent() ext4: use pre-allocated es in __es_insert_extent() ext4: factor out __es_alloc_extent() and __es_free_extent() ext4: add a new helper to check if es must be kept MIPS: KVM: Fix a build warning about variable set but not used nvmet: nul-terminate the NQNs passed in the connect command nvmet: remove unnecessary ctrl parameter afs: Fix file locking on R/O volumes to operate in local mode afs: Return ENOENT if no cell DNS record can be found net: axienet: Fix check for partial TX checksum amd-xgbe: propagate the correct speed and duplex status amd-xgbe: handle the corner-case during tx completion amd-xgbe: handle corner-case during sfp hotplug arm/xen: fix xen_vcpu_info allocation alignment net: usb: ax88179_178a: fix failed operations during ax88179_reset ipv4: Correct/silence an endian warning in __ip_do_redirect HID: fix HID device resource race between HID core and debugging support HID: core: store the unique system identifier in hid_device drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/panel: simple: Fix Innolux G101ICE-L01 timings drm/panel: simple: Fix Innolux G101ICE-L01 bus flags afs: Make error on cell lookup failure consistent with OpenAFS PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() RDMA/irdma: Prevent zero-length STAG registration driver core: Release all resources during unbind before updating device links ANDROID: GKI: db845c: Update symbols list and ABI on rpmsg_register_device_override Revert "tracing: Have trace_event_file have ref counters" Linux 5.4.262 netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: fix table flag updates netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: double hook unregistration in netns path netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: don't skip expired elements during walk netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nf_tables: drop map element references from preparation phase netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: pass context to nft_set_destroy() tracing: Have trace_event_file have ref counters drm/amdgpu: fix error handling in amdgpu_bo_list_get() ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct the start block of counting reserved clusters ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" nfsd: fix file memleak on client_opens_release media: venus: hfi: add checks to handle capabilities from firmware media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi_parser: Add check to keep the number of codecs within range media: sharp: fix sharp encoding media: lirc: drop trailing space from scancode transmit i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables bluetooth: Add device 13d3:3571 to device tables bluetooth: Add device 0bda:887b to device tables Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 Bluetooth: btusb: add Realtek 8822CE to usb_device_id table Bluetooth: btusb: Add flag to define wideband speech capability tty: serial: meson: fix hard LOCKUP on crtscts mode serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: retrieve port FIFO size from DT serial: meson: remove redundant initialization of variable id ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines i3c: master: cdns: Fix reading status register mm/cma: use nth_page() in place of direct struct page manipulation dmaengine: stm32-mdma: correct desc prep when channel running mcb: fix error handling for different scenarios when parsing i2c: core: Run atomic i2c xfer when !preemptible kernel/reboot: emergency_restart: Set correct system_state quota: explicitly forbid quota files from being encrypted jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev btrfs: don't arbitrarily slow down delalloc if we're committing PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list mmc: vub300: fix an error code clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks parisc/pdc: Add width field to struct pdc_model PCI: keystone: Don't discard .probe() callback PCI: keystone: Don't discard .remove() callback genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR ACPI: resource: Do IRQ override on TongFang GMxXGxx PCI/sysfs: Protect driver's D3cold preference from user space hvc/xen: fix error path in xen_hvc_init() to always register frontend driver audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() audit: don't take task_lock() in audit_exe_compare() code path KVM: x86: Ignore MSR_AMD64_TW_CFG access KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space x86/cpu/hygon: Fix the CPU topology evaluation for real scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END randstruct: Fix gcc-plugin performance mode to stay in group media: venus: hfi: add checks to perform sanity on queue pointers cifs: spnego: add ';' in HOST_KEY_LEN tools/power/turbostat: Fix a knl bug macvlan: Don't propagate promisc change to lower dev in passthru net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors net/mlx5_core: Clean driver version and name net/mlx5e: fix double free of encap_header net: stmmac: fix rx budget limit check net: stmmac: Rework stmmac_rx() netfilter: nf_conntrack_bridge: initialize err to 0 net: ethernet: cortina: Fix MTU max setting net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix max RX frame define bonding: stop the device in bond_setup_by_slave() ptp: annotate data-race around q->head and q->tail xen/events: fix delayed eoi list handling ppp: limit MRU to 64K tipc: Fix kernel-infoleak due to uninitialized TLV value net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() tty: Fix uninit-value access in ppp_sync_receive() ipvlan: add ipvlan_route_v6_outbound() helper NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO wifi: iwlwifi: Use FW rate for non-data frames pwm: Fix double shift bug ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings kgdb: Flush console before entering kgdb on panic drm/amd/display: Avoid NULL dereference of timing generator media: cobalt: Use FIELD_GET() to extract Link Width gfs2: ignore negated quota changes media: vivid: avoid integer overflow media: gspca: cpia1: shift-out-of-bounds in set_flicker i2c: sun6i-p2wi: Prevent potential division by zero usb: gadget: f_ncm: Always set current gadget in ncm_bind() tty: vcc: Add check for kstrdup() in vcc_probe() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() atm: iphase: Do PCI error checks on own line PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields ALSA: hda: Fix possible null-ptr-deref when assigning a stream ARM: 9320/1: fix stack depot IRQ stack filter jfs: fix array-index-out-of-bounds in diAlloc jfs: fix array-index-out-of-bounds in dbFindLeaf fs/jfs: Add validity check for db_maxag and db_agpref fs/jfs: Add check for negative db_l2nbperpage RDMA/hfi1: Use FIELD_GET() to extract Link Width crypto: pcrypt - Fix hungtask for PADATA_RESET selftests/efivarfs: create-read: fix a resource leak drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/komeda: drop all currently held locks if deadlock happens platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Bluetooth: Fix double free in hci_conn_cleanup wifi: ath10k: Don't touch the CE interrupt registers after power up net: annotate data-races around sk->sk_dst_pending_confirm net: annotate data-races around sk->sk_tx_queue_mapping wifi: ath10k: fix clang-specific fortify warning wifi: ath9k: fix clang-specific fortify warnings wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: mac80211_hwsim: fix clang-specific fortify warning x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware clocksource/drivers/timer-imx-gpt: Fix potential memory leak perf/core: Bail out early if the request AUX area is out of bound locking/ww_mutex/test: Fix potential workqueue corruption Revert "inet: shrink struct flowi_common" Revert "ipvlan: properly track tx_errors" ANDROID: fix up rpmsg_device ABI break ANDROID: fix up platform_device ABI break Linux 5.4.261 btrfs: use u64 for buffer sizes in the tree search ioctls Revert "mmc: core: Capture correct oemid-bits for eMMC cards" fbdev: fsl-diu-fb: mark wr_reg_wa() static fbdev: imsttfb: fix a resource leak in probe fbdev: imsttfb: Fix error path of imsttfb_probe() spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs netfilter: xt_recent: fix (increase) ipv6 literal buffer length r8169: respect userspace disabling IFF_MULTICAST tg3: power down device only on SYSTEM_POWER_OFF net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs Fix termination state for idr_for_each_entry_ul() net: r8169: Disable multicast filter for RTL8168H and RTL8107E dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. dccp: Call security_inet_conn_request() after setting IPv4 addresses. inet: shrink struct flowi_common tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING llc: verify mac len before reading mac header Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: sti: Avoid conditional gotos regmap: prevent noinc writes from clobbering cache media: dvb-usb-v2: af9035: fix missing unlock media: s3c-camif: Avoid inappropriate kfree() media: bttv: fix use after free error due to btv->timeout timer pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: cs: fix possible hung task and memory leak pccardd() rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs powerpc/pseries: fix potential memory leak in init_cpu_associativity() powerpc/imc-pmu: Use the correct spinlock initializer. powerpc/xive: Fix endian conversion size modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() USB: usbip: fix stub_dev hub disconnect tools: iio: iio_generic_buffer ensure alignment tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: privatize globals and functions in iio_generic_buffer.c file misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() dmaengine: ti: edma: handle irq_of_parse_and_map() errors usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency tty: tty_jobctrl: fix pid memleak in disassociate_ctty() leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' ledtrig-cpu: Limit to 8 CPUs leds: pwm: Don't disable the PWM when the LED should be off leds: pwm: convert to atomic PWM API leds: pwm: simplify if condition mfd: dln2: Fix double put in dln2_probe ASoC: ams-delta.c: use component after check ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails sh: bios: Revive earlyprintk support RDMA/hfi1: Workaround truncation compilation error scsi: ufs: core: Leave space for '\0' in utf8 desc string ext4: move 'ix' sanity check to corrent position ARM: 9321/1: memset: cast the constant byte to unsigned char hid: cp2112: Fix duplicate workqueue initialization HID: cp2112: Use irqchip template crypto: caam/jr - fix Chacha20 + Poly1305 self test failure crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure nd_btt: Make BTT lanes preemptible sched/rt: Provide migrate_disable/enable() inlines libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value hwrng: geode - fix accessing registers clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped firmware: ti_sci: Mark driver as non removable firmware: ti_sci: Replace HTTP links with HTTPS ones soc: qcom: llcc: Handle a second device without data corruption soc: qcom: Rename llcc-slice to llcc-qcom soc: qcom: llcc cleanup to get rid of sdm845 specific driver file ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator arm64: dts: qcom: sdm845-mtp: fix WiFi configuration drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() drm/radeon: possible buffer overflow drm/rockchip: vop: Fix call to crtc reset helper drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs hwmon: (coretemp) Fix potentially truncated sysfs attribute name platform/x86: wmi: Fix opening of char device platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix probe failure when failing to register WMI devices clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data clk: npcm7xx: Fix incorrect kfree clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: imx: Select MXC_CLK for CLK_IMX8QXP clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies regmap: debugfs: Fix a erroneous check after snprintf() ipvlan: properly track tx_errors net: add DEV_STATS_READ() helper ipv6: avoid atomic fragment on GSO packets ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() tcp: fix cookie_init_timestamp() overflows tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp chtls: fix tp->rcv_tstamp initialization r8169: fix rare issue with broken rx after link-down on RTL8125 r8169: use tp_to_dev instead of open code thermal: core: prevent potential string overflow can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() can: dev: can_restart(): don't crash kernel if carrier is OK wifi: rtlwifi: fix EDCA limit set by BT coexistence tcp_metrics: do not create an entry from tcp_init_metrics() tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: add missing barriers on delete wifi: mt76: mt7603: rework/fix rx pse hang check wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed i40e: fix potential memory leaks in i40e_remove() genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() vfs: fix readahead(2) on block devices Linux 5.4.260 tty: 8250: Add support for Intashield IS-100 tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Remove UC-257 and UC-431 usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver" nvmet-tcp: Fix a possible UAF in queue intialization setup nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites remove the sx8 block driver ata: ahci: fix enum constants for gcc-13 net: chelsio: cxgb4: add an error code check in t4_load_phy_fw platform/mellanox: mlxbf-tmfifo: Fix a warning message platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e scsi: mpt3sas: Fix in error path fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() ASoC: rt5650: fix the wrong result of key button netfilter: nfnetlink_log: silence bogus compiler warning spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe irqchip/stm32-exti: add missing DT IRQ flag translation Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table x86: Fix .brk attribute in linker script rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg: glink: Release driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Constify local variable in field store macro driver: platform: Add helper for safer setting of driver_override ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow ext4: avoid overlapping preallocations due to overflow ext4: add two helper functions extent_logical_end() and pa_logical_end() x86/mm: Fix RESERVE_BRK() for older binutils x86/mm: Simplify RESERVE_BRK() nfsd: lock_rename() needs both directories to live on the same fs f2fs: fix to do sanity check on inode type during garbage collection smbdirect: missing rc checks while waiting for rdma events kobject: Fix slab-out-of-bounds in fill_kobj_path() arm64: fix a concurrency issue in emulation_proc_handler() drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name perf/core: Fix potential NULL deref nvmem: imx: correct nregs for i.MX6UL nvmem: imx: correct nregs for i.MX6SLL nvmem: imx: correct nregs for i.MX6ULL i2c: aspeed: Fix i2c bus hang in slave read i2c: stm32f7: Fix PEC handling in case of SMBUS transfers i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() iio: exynos-adc: request second interupt only when touchscreen mode is used gtp: fix fragmentation needed check with gso gtp: uapi: fix GTPA_MAX tcp: fix wrong RTO timeout when received SACK reneging r8152: Cancel hw_phy_work if we have an error in probe r8152: Run the unload routine if we have errors during probe r8152: Increase USB control msg timeout to 5000ms as per spec net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() igc: Fix ambiguity in the ethtool advertising neighbour: fix various data-races igb: Fix potential memory leak in igb_add_ethtool_nfc_entry treewide: Spelling fix in comment r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 virtio-mmio: fix memory leak of vm_dev virtio_balloon: Fix endless deflation and inflation on arm64 mcb-lpc: Reallocate memory region to avoid memory overlapping mcb: Return actual parsed size when reading chameleon table selftests/ftrace: Add new test case which checks non unique symbol mtd: rawnand: marvell: Ensure program page operations are successful Conflicts: drivers/clk/qcom/gcc-sm8150.c drivers/net/ethernet/stmicro/stmmac/stmmac_main.c drivers/soc/qcom/Kconfig drivers/soc/qcom/Makefile drivers/soc/qcom/llcc-qcom.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c include/linux/soc/qcom/llcc-qcom.h include/net/netfilter/nf_tables.h mm/memory-failure.c net/netfilter/nf_tables_api.c net/netfilter/nft_set_hash.c net/netfilter/nft_set_rbtree.c Notes: * Dropped the following upstream commits: |
||
Greg Kroah-Hartman
|
78f2cf25b1 |
Reapply "perf: Fix perf_event_validate_size()"
This reverts commit
|
||
Matthew Wilcox (Oracle)
|
087b47920c |
UPSTREAM: ida: Fix crash in ida_free when the bitmap is empty
[ Upstream commit af73483f4e8b6f5c68c9aa63257bdd929a9c194a ] The IDA usually detects double-frees, but that detection failed to consider the case when there are no nearby IDs allocated and so we have a NULL bitmap rather than simply having a clear bit. Add some tests to the test-suite to be sure we don't inadvertently reintroduce this problem. Unfortunately they're quite noisy so include a message to disregard the warnings. Bug: 321878978 Reported-by: Zhenghan Wang <wzhmmmmm@gmail.com> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 5dbcdaf4dbfe074e9142991c5c28eef789c1f6c6) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I4919e5c64af12f86fe1a91e1e9224a58eedbf345 |
||
Phil Sutter
|
73bfa95eeb |
UPSTREAM: netfilter: nf_tables: Reject tables of unsupported family
commit f1082dd31fe461d482d69da2a8eccfeb7bf07ac2 upstream. An nftables family is merely a hollow container, its family just a number and such not reliant on compile-time options other than nftables support itself. Add an artificial check so attempts at using a family the kernel can't support fail as early as possible. This helps user space detect kernels which lack e.g. NFPROTO_INET. Bug: 321815738 Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 25d1e7be85cf0a5afca5555f90e4609c40480ece) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I45b5c6f046e9156edf4c60bf5611367fe25f8ec9 |
||
|
Greg Kroah-Hartman
|
a34cc1dcf7 |
Reapply "perf: Disallow mis-matched inherited group reads"
This reverts commit
|
||
Douglas Anderson
|
aea710204a |
UPSTREAM: ath10k: Get rid of "per_ce_irq" hw param
[ Upstream commit 7f86551665121931ecd6d327e019e7a69782bfcd ]
As of the patch ("ath10k: Keep track of which interrupts fired, don't
poll them") we now have no users of this hardware parameter. Remove
it.
Suggested-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200709082024.v2.2.I083faa4e62e69f863311c89ae5eb28ec5a229b70@changeid
Stable-dep-of: 170c75d43a77 ("ath10k: Don't touch the CE interrupt registers after power up")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 146449535
Change-Id: I221d9cc30d009c3bc87a7943f8e3da1931984e1e
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from android11-5.4-lts commit
|
||
|
Douglas Anderson
|
89945968f1 |
UPSTREAM: ath10k: Keep track of which interrupts fired, don't poll them
[ Upstream commit d66d24ac300cf41c6b88367fc9b4b6348679273d ]
If we have a per CE (Copy Engine) IRQ then we have no summary
register. Right now the code generates a summary register by
iterating over all copy engines and seeing if they have an interrupt
pending.
This has a problem. Specifically if _none_ if the Copy Engines have
an interrupt pending then they might go into low power mode and
reading from their address space will cause a full system crash. This
was seen to happen when two interrupts went off at nearly the same
time. Both were handled by a single call of ath10k_snoc_napi_poll()
but, because there were two interrupts handled and thus two calls to
napi_schedule() there was still a second call to
ath10k_snoc_napi_poll() which ran with no interrupts pending.
Instead of iterating over all the copy engines, let's just keep track
of the IRQs that fire. Then we can effectively generate our own
summary without ever needing to read the Copy Engines.
Tested-on: WCN3990 SNOC WLAN.HL.3.2.2-00490-QCAHLSWMTPL-1
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Reviewed-by: Rakesh Pillai <pillair@codeaurora.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200709082024.v2.1.I4d2f85ffa06f38532631e864a3125691ef5ffe06@changeid
Stable-dep-of: 170c75d43a77 ("ath10k: Don't touch the CE interrupt registers after power up")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 146449535
Change-Id: I3dbc75664ccbf4e8a1da60e42e84056551b10524
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from android11-5.4-lts commit
|
||
Rakesh Pillai
|
d9f1b99f4c |
UPSTREAM: ath10k: Add interrupt summary based CE processing
[ Upstream commit b92aba35d39d10d8a6bdf2495172fd490c598b4a ]
Currently the NAPI processing loops through all
the copy engines and processes a particular copy
engine is the copy completion is set for that copy
engine. The host driver is not supposed to access
any copy engine register after clearing the interrupt
status register.
This might result in kernel crash like the one below
[ 1159.220143] Call trace:
[ 1159.220170] ath10k_snoc_read32+0x20/0x40 [ath10k_snoc]
[ 1159.220193] ath10k_ce_per_engine_service_any+0x78/0x130 [ath10k_core]
[ 1159.220203] ath10k_snoc_napi_poll+0x38/0x8c [ath10k_snoc]
[ 1159.220270] net_rx_action+0x100/0x3b0
[ 1159.220312] __do_softirq+0x164/0x30c
[ 1159.220345] run_ksoftirqd+0x2c/0x64
[ 1159.220380] smpboot_thread_fn+0x1b0/0x288
[ 1159.220405] kthread+0x11c/0x12c
[ 1159.220423] ret_from_fork+0x10/0x18
To avoid such a scenario, we generate an interrupt
summary by reading the copy completion for all the
copy engine before actually processing any of them.
This will avoid reading the interrupt status register
for any CE after the interrupt status is cleared.
Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.1-01040-QCAHLSWMTPLZ-1
Signed-off-by: Rakesh Pillai <pillair@codeaurora.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1593193967-29897-1-git-send-email-pillair@codeaurora.org
Stable-dep-of: 170c75d43a77 ("ath10k: Don't touch the CE interrupt registers after power up")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 146449535
Change-Id: I3d85ff89b889eac117c6f14c77b8aae1d5b3d236
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from android11-5.4-lts commit
|
||
|
Douglas Anderson
|
0226ac138f |
UPSTREAM: ath10k: Wait until copy complete is actually done before completing
[ Upstream commit 8f9ed93d09a97444733d492a3bbf66bcb786a777 ]
On wcn3990 we have "per_ce_irq = true". That makes the
ath10k_ce_interrupt_summary() function always return 0xfff. The
ath10k_ce_per_engine_service_any() function will see this and think
that _all_ copy engines have an interrupt. Without checking, the
ath10k_ce_per_engine_service() assumes that if it's called that the
"copy complete" (cc) interrupt fired. This combination seems bad.
Let's add a check to make sure that the "copy complete" interrupt
actually fired in ath10k_ce_per_engine_service().
This might fix a hard-to-reproduce failure where it appears that the
copy complete handlers run before the copy is really complete.
Specifically a symptom was that we were seeing this on a Qualcomm
sc7180 board:
arm-smmu 15000000.iommu: Unhandled context fault:
fsr=0x402, iova=0x7fdd45780, fsynr=0x30003, cbfrsynra=0xc1, cb=10
Even on platforms that don't have wcn3990 this still seems like it
would be a sane thing to do. Specifically the current IRQ handler
comments indicate that there might be other misc interrupt sources
firing that need to be cleared. If one of those sources was the one
that caused the IRQ handler to be called it would also be important to
double-check that the interrupt we cared about actually fired.
Tested-on: WCN3990 SNOC WLAN.HL.3.2.2-00490-QCAHLSWMTPL-1
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200609082015.1.Ife398994e5a0a6830e4d4a16306ef36e0144e7ba@changeid
Stable-dep-of: 170c75d43a77 ("ath10k: Don't touch the CE interrupt registers after power up")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 146449535
Change-Id: I2ed2f1f7b97a27c741341bc6044450b68234114e
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from android11-5.4-lts commit
|
||
Amit Pundir
|
a7a2a20fff |
FROMGIT: clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
With the addition of RPMh power domain to the GCC node in
device tree, we noticed a significant delay in getting the
UFS driver probed on AOSP which futher led to mount failures
because Android do not support rootwait. So adding a soft
dependency on RPMh power domain which informs modprobe to
load rpmhpd module before gcc-sdm845.
Cc: <stable@vger.kernel.org> # v5.4+
Fixes: 4b6ea15c0a11 ("arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC")
Suggested-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20240123062814.2555649-1-amit.pundir@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Bug: 146449535
(cherry picked from commit 1d9054e3a4fd36e2949e616f7360bdb81bcc1921
https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux.git/commit/?h=for-next)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Change-Id: I93c875d3d6acc8c2c2bf9f238a72733861f87869
(cherry picked from android11-5.4-lts commit
|
||
|
Amit Pundir
|
b70f9975af |
FROMGIT: clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
With the addition of RPMh power domain to the GCC node in
device tree, we noticed a significant delay in getting the
UFS driver probed on AOSP which futher led to mount failures
because Android do not support rootwait. So adding a soft
dependency on RPMh power domain which informs modprobe to
load rpmhpd module before gcc-sdm845.
Cc: <stable@vger.kernel.org> # v5.4+
Fixes: 4b6ea15c0a11 ("arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC")
Suggested-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20240123062814.2555649-1-amit.pundir@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Bug: 146449535
(cherry picked from commit 1d9054e3a4fd36e2949e616f7360bdb81bcc1921
https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux.git/commit/?h=for-next)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Change-Id: I93c875d3d6acc8c2c2bf9f238a72733861f87869
|
||
|
Greg Kroah-Hartman
|
74299cb130 |
This is the 5.4.268 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWy4hYACgkQONu9yGCS aT7SVBAAyx1DlSyJWcqzpESH0+VfqyWHxXlKS6Ip5wT0/+t0gglIKkwU/O0FsRXw pLO24wL0+MuIzgfZZj7wieAOPlGLOonKAvvUHGEMlpfAzyKjmZuW93WLKQlA/Oec uaT2ooQevRQcgXzbuV1yN/CeCnhbtmiQdcwy6OU5QACfzguQYtDbNGpbVHJEyEIW khlr+tj1KgRMzh/Sx76RPg4C/hkZBHun3tPcE0lTg+5QZDSkUj5gEdhVOSG2qmSh Lj9zt/isY3v6Whixel9YoTLr9SukI7ZlKzMrH1kSbGtTW3uZqgqB+7wCi1tWoNE1 Zwu9/kUe1dU1kfwYW8AA5OwupjBjADVnZZx1cKN3nQZG2J8bSKHwHmuZPx3DGhJ1 sxlaQ0nGvcEbCKljlIqsHzx2U22YKk939mVz5Y+MZYT5uwWRHI+iH4yRW97putSP t8tb3uX69Gsl6B+gLu38Mr7kkwyY06xmMnc5dfNCPwh8SxLj3dG7Gft90CNq1JKT q2cwlMEcDZRlC08kwzD7pRehZ6hYLRlTOv8yhQsQefcfzrtsT18Cec5TI2k72NOe fbIY8us3Qsr8JVSYuObGqT8LmkX9pkmRozEXgENvwltijEsWULoO2Hs+Z/yD07z8 RYqtxWxVxFVeHTkrXbbMUTZWhFx5LE+rtxCySpfeFkv0WgRRwa8= =vkKq -----END PGP SIGNATURE----- Merge 5.4.268 into android11-5.4-lts Changes in 5.4.268 f2fs: explicitly null-terminate the xattr list pinctrl: lochnagar: Don't build on MIPS ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro ASoC: Intel: Skylake: Fix mem leak in few functions ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 ASoC: Intel: Skylake: mem leak in skl register function ASoC: cs43130: Fix the position of const qualifier ASoC: cs43130: Fix incorrect frame delay configuration ASoC: rt5650: add mutex to avoid the jack detection failure nouveau/tu102: flush all pdbs on vmm flush net/tg3: fix race condition in tg3_reset_task() ASoC: da7219: Support low DC impedance headset nvme: introduce helper function to get ctrl state drm/exynos: fix a potential error pointer dereference drm/exynos: fix a wrong error checking clk: rockchip: rk3128: Fix HCLK_OTG gate register jbd2: correct the printing of write_flags in jbd2_write_superblock() drm/crtc: Fix uninit-value bug in drm_mode_setcrtc neighbour: Don't let neigh_forced_gc() disable preemption for long tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing tracing: Add size check when printing trace_marker output ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning Input: atkbd - skip ATKBD_CMD_GETID in translated mode Input: i8042 - add nomux quirk for Acer P459-G2-M s390/scm: fix virtual vs physical address confusion ARC: fix spare error Input: xpad - add Razer Wolverine V2 support ida: Fix crash in ida_free when the bitmap is empty ARM: sun9i: smp: fix return code check of of_property_match_string drm/crtc: fix uninitialized variable use ACPI: resource: Add another DMI match for the TongFang GMxXGxx binder: use EPOLLERR from eventpoll.h binder: fix trivial typo of binder_free_buf_locked() binder: fix comment on binder_alloc_new_buf() return value uio: Fix use-after-free in uio_open parport: parport_serial: Add Brainboxes BAR details parport: parport_serial: Add Brainboxes device IDs and geometry coresight: etm4x: Fix width of CCITMIN field x86/lib: Fix overflow when counting digits EDAC/thunderx: Fix possible out-of-bounds string access powerpc: add crtsavres.o to always-y instead of extra-y powerpc/44x: select I2C for CURRITUCK powerpc/pseries/memhotplug: Quieten some DLPAR operations powerpc/pseries/memhp: Fix access beyond end of drmem array selftests/powerpc: Fix error handling in FPU/VMX preemption tests powerpc/powernv: Add a null pointer check to scom_debug_init_one() powerpc/powernv: Add a null pointer check in opal_event_init() powerpc/powernv: Add a null pointer check in opal_powercap_init() powerpc/imc-pmu: Add a null pointer check in update_events_in_group() mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response ACPI: video: check for error while searching for backlight device parent ACPI: LPIT: Avoid u32 multiplication overflow net: netlabel: Fix kerneldoc warnings netlabel: remove unused parameter in netlbl_netlink_auditinfo() calipso: fix memory leak in netlbl_calipso_add_pass() spi: sh-msiof: Enforce fixed DTDL for R-Car H3 mtd: Fix gluebi NULL pointer dereference caused by ftl notifier selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket crypto: virtio - Handle dataq logic with tasklet crypto: virtio - don't use 'default m' virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC crypto: ccp - fix memleak in ccp_init_dm_workarea crypto: af_alg - Disallow multiple in-flight AIO requests crypto: sahara - remove FLAGS_NEW_KEY logic crypto: sahara - fix ahash selftest failure crypto: sahara - fix processing requests with cryptlen < sg->length crypto: sahara - fix error handling in sahara_hw_descriptor_create() pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump crypto: virtio - Wait for tasklet to complete on device remove crypto: sahara - fix ahash reqsize crypto: sahara - fix wait_for_completion_timeout() error handling crypto: sahara - improve error handling in sahara_sha_process() crypto: sahara - fix processing hash requests with req->nbytes < sg->length crypto: sahara - do not resize req->src when doing hash operations crypto: scomp - fix req->dst buffer overflow blocklayoutdriver: Fix reference leak of pnfs_device_node NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT wifi: rtw88: fix RX filter in FIF_ALLMULTI flag bpf, lpm: Fix check prefixlen before walking trie wifi: libertas: stop selecting wext ARM: dts: qcom: apq8064: correct XOADC register address ncsi: internal.h: Fix a spello net/ncsi: Fix netlink major/minor version numbers firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior scsi: fnic: Return error if vmalloc() failed arm64: dts: qcom: sdm845-db845c: correct LED panic indicator scsi: hisi_sas: Replace with standard error code return value selftests/net: fix grep checking for fib_nexthop_multiprefix virtio/vsock: fix logic which reduces credit update messages dma-mapping: clear dev->dma_mem to NULL after freeing it wifi: rtlwifi: add calculate_bit_shift() wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() wifi: rtlwifi: rtl8192c: using calculate_bit_shift() wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() rtlwifi: rtl8192de: make arrays static const, makes object smaller wifi: rtlwifi: rtl8192de: using calculate_bit_shift() wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() wifi: rtlwifi: rtl8192se: using calculate_bit_shift() netfilter: nf_tables: mark newset as dead on transaction abort Bluetooth: Fix bogus check for re-auth no supported with non-ssp Bluetooth: btmtkuart: fix recv_buf() return value ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() ARM: davinci: always select CONFIG_CPU_ARM926T RDMA/usnic: Silence uninitialized symbol smatch warnings media: pvrusb2: fix use after free on context disconnection drm/bridge: Fix typo in post_disable() description f2fs: fix to avoid dirent corruption drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() drm/radeon: check return value of radeon_ring_lock() ASoC: cs35l33: Fix GPIO name and drop legacy include ASoC: cs35l34: Fix GPIO name and drop legacy include drm/msm/mdp4: flush vblank event on disable drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks drm/drv: propagate errors from drm_modeset_register_all() drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() drm/radeon/dpm: fix a memleak in sumo_parse_power_table drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table drm/bridge: tc358767: Fix return value on error case media: cx231xx: fix a memleak in cx231xx_init_isoc media: dvbdev: drop refcount on error path in dvb_device_open() drm/amdgpu/debugfs: fix error code when smc register accessors are NULL drm/amd/pm: fix a double-free in si_dpm_init drivers/amd/pm: fix a use-after-free in kv_parse_power_table gpu/drm/radeon: fix two memleaks in radeon_vm_init drivers: clk: zynqmp: calculate closest mux rate watchdog: set cdev owner before adding watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling clk: si5341: fix an error code problem in si5341_output_clk_set_rate mmc: sdhci_omap: Fix TI SoC dependencies of: Fix double free in of_parse_phandle_with_args_map of: unittest: Fix of_count_phandle_with_args() expected value message binder: fix async space check for 0-sized buffers binder: fix use-after-free in shinker's callback Input: atkbd - use ab83 as id when skipping the getid command Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" xen-netback: don't produce zero-size SKB frags binder: fix race between mmput() and do_exit() binder: fix unused alloc->free_async_space tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart Revert "usb: dwc3: Soft reset phy on probe for host" Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" usb: chipidea: wait controller resume finished for wakeup irq Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" usb: typec: class: fix typec_altmode_put_partner to put plugs usb: mon: Fix atomicity violation in mon_bin_vma_fault ALSA: oxygen: Fix right channel of capture volume mixer fbdev: flush deferred work in fb_deferred_io_fsync() rootfs: Fix support for rootfstype= when root= is given wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors wifi: mwifiex: configure BSSID consistently when starting AP x86/kvm: Do not try to disable kvmclock if it was not enabled HID: wacom: Correct behavior when processing some confidence == false touches mips: Fix incorrect max_low_pfn adjustment MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed acpi: property: Let args be NULL in __acpi_node_get_property_reference software node: Let args be NULL in software_node_get_reference_args perf genelf: Set ELF program header addresses properly nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length nvmet-tcp: fix a crash in nvmet_req_complete() perf env: Add perf_env__numa_node() perf record: Move sb_evlist to 'struct record' perf top: Move sb_evlist to 'struct perf_top' perf bpf: Decouple creating the evlist from adding the SB event perf env: Avoid recursively taking env->bpf_progs.lock apparmor: avoid crash when parsed profile name is empty serial: imx: Correct clock error message in function probe() nvmet-tcp: Fix the H2C expected PDU len calculation PCI: keystone: Fix race condition when initializing PHYs s390/pci: fix max size calculation in zpci_memcpy_toio() net: qualcomm: rmnet: fix global oob in rmnet_policy net: phy: micrel: populate .soft_reset for KSZ9131 net: ravb: Fix dma_addr_t truncation in error case net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe netfilter: nf_tables: skip dead set elements in netlink dump ipvs: avoid stat macros calls from preemptible context kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ kdb: Fix a potential buffer overflow in kdb_local() mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure i2c: s3c24xx: fix read transfers in polling mode i2c: s3c24xx: fix transferring more than one message in polling mode perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set arm64: dts: armada-3720-turris-mox: set irq type for RTC Linux 5.4.268 Change-Id: I347fc44c3a9947e2b7cb476d622adca58677f78a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Greg Kroah-Hartman
|
f0602893f4 |
Linux 5.4.268
Link: https://lore.kernel.org/r/20240122235719.206965081@linuxfoundation.org Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Link: https://lore.kernel.org/r/20240123174434.819712739@linuxfoundation.org Tested-by: Florian Fainelli <florian.fainelli@broadcom.com> Tested-by: Linux Kernel Functional Testing <lkft@linaro.org> Tested-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: kernelci.org bot <bot@kernelci.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Sjoerd Simons
|
5ff9836ab0 |
arm64: dts: armada-3720-turris-mox: set irq type for RTC
commit fca8a117c1c9a0f8b8feed117db34cf58134dc2c upstream.
The rtc on the mox shares its interrupt line with the moxtet bus. Set
the interrupt type to be consistent between both devices. This ensures
correct setup of the interrupt line regardless of probing order.
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
Cc: <stable@vger.kernel.org> # v6.2+
Fixes: 21aad8ba615e ("arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC")
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Tiezhu Yang
|
300a55a3a6 |
perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set
commit 0c5f1acc2a14416bf30023f373558d369afdbfc8 upstream.
When I execute 'perf top' without HAVE_LIBBPF_SUPPORT, there exists the
following segmentation fault, skip the side-band event setup to fix it,
this is similar with commit 1101c872c8c7 ("perf record: Skip side-band
event setup if HAVE_LIBBPF_SUPPORT is not set").
[yangtiezhu@linux perf]$ ./perf top
<SNIP>
perf: Segmentation fault
Obtained 6 stack frames.
./perf(sighandler_dump_stack+0x5c) [0x12011b604]
[0xffffffc010]
./perf(perf_mmap__read_init+0x3e) [0x1201feeae]
./perf() [0x1200d715c]
/lib64/libpthread.so.0(+0xab9c) [0xffee10ab9c]
/lib64/libc.so.6(+0x128f4c) [0xffedc08f4c]
Segmentation fault
[yangtiezhu@linux perf]$
I use git bisect to find commit b38d85ef49cf ("perf bpf: Decouple
creating the evlist from adding the SB event") is the first bad commit,
so also add the Fixes tag.
Committer testing:
First build perf explicitely disabling libbpf:
$ make NO_LIBBPF=1 O=/tmp/build/perf -C tools/perf install-bin && perf test python
Now make sure it isn't linked:
$ perf -vv | grep -w bpf
bpf: [ OFF ] # HAVE_LIBBPF_SUPPORT
$
$ nm ~/bin/perf | grep libbpf
$
And now try to run 'perf top':
# perf top
perf: Segmentation fault
-------- backtrace --------
perf[0x5bcd6d]
/lib64/libc.so.6(+0x3ca6f)[0x7fd0f5a66a6f]
perf(perf_mmap__read_init+0x1e)[0x5e1afe]
perf[0x4cc468]
/lib64/libpthread.so.0(+0x9431)[0x7fd0f645a431]
/lib64/libc.so.6(clone+0x42)[0x7fd0f5b2b912]
#
Applying this patch fixes the issue.
Fixes: b38d85ef49cf ("perf bpf: Decouple creating the evlist from adding the SB event")
Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Xuefeng Li <lixuefeng@loongson.cn>
Link: http://lore.kernel.org/lkml/1597753837-16222-1-git-send-email-yangtiezhu@loongson.cn
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Marek Szyprowski
|
ea5587946a |
i2c: s3c24xx: fix transferring more than one message in polling mode
[ Upstream commit 990489e1042c6c5d6bccf56deca68f8dbeed8180 ]
To properly handle ACK on the bus when transferring more than one
message in polling mode, move the polling handling loop from
s3c24xx_i2c_message_start() to s3c24xx_i2c_doxfer(). This way
i2c_s3c_irq_nextbyte() is always executed till the end, properly
acknowledging the IRQ bits and no recursive calls to
i2c_s3c_irq_nextbyte() are made.
While touching this, also fix finishing transfers in polling mode by
using common code path and always waiting for the bus to become idle
and disabled.
Fixes:
|
||
|
Marek Szyprowski
|
90734f1cde |
i2c: s3c24xx: fix read transfers in polling mode
[ Upstream commit 0d9cf23ed55d7ba3ab26d617a3ae507863674c8f ]
To properly handle read transfers in polling mode, no waiting for the ACK
state is needed as it will never come. Just wait a bit to ensure start
state is on the bus and continue processing next bytes.
Fixes:
|
||
Amit Cohen
|
05b6d0234a |
mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure
[ Upstream commit 6d6eeabcfaba2fcadf5443b575789ea606f9de83 ]
Lately, a bug was found when many TC filters are added - at some point,
several bugs are printed to dmesg [1] and the switch is crashed with
segmentation fault.
The issue starts when gen_pool_free() fails because of unexpected
behavior - a try to free memory which is already freed, this leads to BUG()
call which crashes the switch and makes many other bugs.
Trying to track down the unexpected behavior led to a bug in eRP code. The
function mlxsw_sp_acl_erp_table_alloc() gets a pointer to the allocated
index, sets the value and returns an error code. When gen_pool_alloc()
fails it returns address 0, we track it and return -ENOBUFS outside, BUT
the call for gen_pool_alloc() already override the index in erp_table
structure. This is a problem when such allocation is done as part of
table expansion. This is not a new table, which will not be used in case
of allocation failure. We try to expand eRP table and override the
current index (non-zero) with zero. Then, it leads to an unexpected
behavior when address 0 is freed twice. Note that address 0 is valid in
erp_table->base_index and indeed other tables use it.
gen_pool_alloc() fails in case that there is no space left in the
pre-allocated pool, in our case, the pool is limited to
ACL_MAX_ERPT_BANK_SIZE, which is read from hardware. When more than max
erp entries are required, we exceed the limit and return an error, this
error leads to "Failed to migrate vregion" print.
Fix this by changing erp_table->base_index only in case of a successful
allocation.
Add a test case for such a scenario. Without this fix it causes
segmentation fault:
$ TESTS="max_erp_entries_test" ./tc_flower.sh
./tc_flower.sh: line 988: 1560 Segmentation fault tc filter del dev $h2 ingress chain $i protocol ip pref $i handle $j flower &>/dev/null
[1]:
kernel BUG at lib/genalloc.c:508!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 6 PID: 3531 Comm: tc Not tainted 6.7.0-rc5-custom-ga6893f479f5e #1
Hardware name: Mellanox Technologies Ltd. MSN4700/VMOD0010, BIOS 5.11 07/12/2021
RIP: 0010:gen_pool_free_owner+0xc9/0xe0
...
Call Trace:
<TASK>
__mlxsw_sp_acl_erp_table_other_dec+0x70/0xa0 [mlxsw_spectrum]
mlxsw_sp_acl_erp_mask_destroy+0xf5/0x110 [mlxsw_spectrum]
objagg_obj_root_destroy+0x18/0x80 [objagg]
objagg_obj_destroy+0x12c/0x130 [objagg]
mlxsw_sp_acl_erp_mask_put+0x37/0x50 [mlxsw_spectrum]
mlxsw_sp_acl_ctcam_region_entry_remove+0x74/0xa0 [mlxsw_spectrum]
mlxsw_sp_acl_ctcam_entry_del+0x1e/0x40 [mlxsw_spectrum]
mlxsw_sp_acl_tcam_ventry_del+0x78/0xd0 [mlxsw_spectrum]
mlxsw_sp_flower_destroy+0x4d/0x70 [mlxsw_spectrum]
mlxsw_sp_flow_block_cb+0x73/0xb0 [mlxsw_spectrum]
tc_setup_cb_destroy+0xc1/0x180
fl_hw_destroy_filter+0x94/0xc0 [cls_flower]
__fl_delete+0x1ac/0x1c0 [cls_flower]
fl_destroy+0xc2/0x150 [cls_flower]
tcf_proto_destroy+0x1a/0xa0
...
mlxsw_spectrum3 0000:07:00.0: Failed to migrate vregion
mlxsw_spectrum3 0000:07:00.0: Failed to migrate vregion
Fixes:
|
||
Christophe JAILLET
|
d5661f46c1 |
kdb: Fix a potential buffer overflow in kdb_local()
[ Upstream commit 4f41d30cd6dc865c3cbc1a852372321eba6d4e4c ]
When appending "[defcmd]" to 'kdb_prompt_str', the size of the string
already in the buffer should be taken into account.
An option could be to switch from strncat() to strlcat() which does the
correct test to avoid such an overflow.
However, this actually looks as dead code, because 'defcmd_in_progress'
can't be true here.
See a more detailed explanation at [1].
[1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/
Fixes:
|
||
Daniel Thompson
|
cf6260a34d |
kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ
[ Upstream commit ad99b5105c0823ff02126497f4366e6a8009453e ]
Currently the PROMPT variable could be abused to provoke the printf()
machinery to read outside the current stack frame. Normally this
doesn't matter becaues md is already a much better tool for reading
from memory.
However the md command can be disabled by not setting KDB_ENABLE_MEM_READ.
Let's also prevent PROMPT from being modified in these circumstances.
Whilst adding a comment to help future code reviewers we also remove
the #ifdef where PROMPT in consumed. There is no problem passing an
unused (0) to snprintf when !CONFIG_SMP.
argument
Reported-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Stable-dep-of: 4f41d30cd6dc ("kdb: Fix a potential buffer overflow in kdb_local()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Fedor Pchelkin
|
36b6db699c |
ipvs: avoid stat macros calls from preemptible context
[ Upstream commit d6938c1c76c64f42363d0d1f051e1b4641c2ad40 ]
Inside decrement_ttl() upon discovering that the packet ttl has exceeded,
__IP_INC_STATS and __IP6_INC_STATS macros can be called from preemptible
context having the following backtrace:
check_preemption_disabled: 48 callbacks suppressed
BUG: using __this_cpu_add() in preemptible [00000000] code: curl/1177
caller is decrement_ttl+0x217/0x830
CPU: 5 PID: 1177 Comm: curl Not tainted 6.7.0+ #34
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xbd/0xe0
check_preemption_disabled+0xd1/0xe0
decrement_ttl+0x217/0x830
__ip_vs_get_out_rt+0x4e0/0x1ef0
ip_vs_nat_xmit+0x205/0xcd0
ip_vs_in_hook+0x9b1/0x26a0
nf_hook_slow+0xc2/0x210
nf_hook+0x1fb/0x770
__ip_local_out+0x33b/0x640
ip_local_out+0x2a/0x490
__ip_queue_xmit+0x990/0x1d10
__tcp_transmit_skb+0x288b/0x3d10
tcp_connect+0x3466/0x5180
tcp_v4_connect+0x1535/0x1bb0
__inet_stream_connect+0x40d/0x1040
inet_stream_connect+0x57/0xa0
__sys_connect_file+0x162/0x1a0
__sys_connect+0x137/0x160
__x64_sys_connect+0x72/0xb0
do_syscall_64+0x6f/0x140
entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7fe6dbbc34e0
Use the corresponding preemption-aware variants: IP_INC_STATS and
IP6_INC_STATS.
Found by Linux Verification Center (linuxtesting.org).
Fixes:
|
||
Pablo Neira Ayuso
|
4c8a827d68 |
netfilter: nf_tables: skip dead set elements in netlink dump
[ Upstream commit 6b1ca88e4bb63673dc9f9c7f23c899f22c3cb17a ]
Delete from packet path relies on the garbage collector to purge
elements with NFT_SET_ELEM_DEAD_BIT on.
Skip these dead elements from nf_tables_dump_setelem() path, I very
rarely see tests/shell/testcases/maps/typeof_maps_add_delete reports
[DUMP FAILED] showing a mismatch in the expected output with an element
that should not be there.
If the netlink dump happens before GC worker run, it might show dead
elements in the ruleset listing.
nft_rhash_get() already skips dead elements in nft_rhash_cmp(),
therefore, it already does not show the element when getting a single
element via netlink control plane.
Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Kunwu Chan
|
db9fda526c |
net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe
[ Upstream commit 776dac5a662774f07a876b650ba578d0a62d20db ]
devm_kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure.
Fixes:
|
||
Nikita Yushchenko
|
8efe3e8a6c |
net: ravb: Fix dma_addr_t truncation in error case
[ Upstream commit e327b2372bc0f18c30433ac40be07741b59231c5 ]
In ravb_start_xmit(), ravb driver uses u32 variable to store result of
dma_map_single() call. Since ravb hardware has 32-bit address fields in
descriptors, this works properly when mapping is successful - it is
platform's job to provide mapping addresses that fit into hardware
limitations.
However, in failure case dma_map_single() returns DMA_MAPPING_ERROR
constant that is 64-bit when dma_addr_t is 64-bit. Storing this constant
in u32 leads to truncation, and further call to dma_mapping_error()
fails to notice the error.
Fix that by storing result of dma_map_single() in a dma_addr_t
variable.
Fixes:
|
||
Claudiu Beznea
|
f7a153e3ac |
net: phy: micrel: populate .soft_reset for KSZ9131
[ Upstream commit e398822c4751017fe401f57409488f5948d12fb5 ]
The RZ/G3S SMARC Module has 2 KSZ9131 PHYs. In this setup, the KSZ9131 PHY
is used with the ravb Ethernet driver. It has been discovered that when
bringing the Ethernet interface down/up continuously, e.g., with the
following sh script:
$ while :; do ifconfig eth0 down; ifconfig eth0 up; done
the link speed and duplex are wrong after interrupting the bring down/up
operation even though the Ethernet interface is up. To recover from this
state the following configuration sequence is necessary (executed
manually):
$ ifconfig eth0 down
$ ifconfig eth0 up
The behavior has been identified also on the Microchip SAMA7G5-EK board
which runs the macb driver and uses the same PHY.
The order of PHY-related operations in ravb_open() is as follows:
ravb_open() ->
ravb_phy_start() ->
ravb_phy_init() ->
of_phy_connect() ->
phy_connect_direct() ->
phy_attach_direct() ->
phy_init_hw() ->
phydev->drv->soft_reset()
phydev->drv->config_init()
phydev->drv->config_intr()
phy_resume()
kszphy_resume()
The order of PHY-related operations in ravb_close is as follows:
ravb_close() ->
phy_stop() ->
phy_suspend() ->
kszphy_suspend() ->
genphy_suspend()
// set BMCR_PDOWN bit in MII_BMCR
In genphy_suspend() setting the BMCR_PDWN bit in MII_BMCR switches the PHY
to Software Power-Down (SPD) mode (according to the KSZ9131 datasheet).
Thus, when opening the interface after it has been previously closed (via
ravb_close()), the phydev->drv->config_init() and
phydev->drv->config_intr() reach the KSZ9131 PHY driver via the
ksz9131_config_init() and kszphy_config_intr() functions.
KSZ9131 specifies that the MII management interface remains operational
during SPD (Software Power-Down), but (according to manual):
- Only access to the standard registers (0 through 31) is supported.
- Access to MMD address spaces other than MMD address space 1 is possible
if the spd_clock_gate_override bit is set.
- Access to MMD address space 1 is not possible.
The spd_clock_gate_override bit is not used in the KSZ9131 driver.
ksz9131_config_init() configures RGMII delay, pad skews and LEDs by
accessesing MMD registers other than those in address space 1.
The datasheet for the KSZ9131 does not specify what happens if registers
from an unsupported address space are accessed while the PHY is in SPD.
To fix the issue the .soft_reset method has been instantiated for KSZ9131,
too. This resets the PHY to the default state before doing any
configurations to it, thus switching it out of SPD.
Fixes:
|
||
Lin Ma
|
02467ab8b4 |
net: qualcomm: rmnet: fix global oob in rmnet_policy
[ Upstream commit b33fb5b801c6db408b774a68e7c8722796b59ecc ]
The variable rmnet_link_ops assign a *bigger* maxtype which leads to a
global out-of-bounds read when parsing the netlink attributes. See bug
trace below:
==================================================================
BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline]
BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207
CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x172/0x475 mm/kasan/report.c:395
kasan_report+0xbb/0x1c0 mm/kasan/report.c:495
validate_nla lib/nlattr.c:386 [inline]
__nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600
__nla_parse+0x3e/0x50 lib/nlattr.c:697
nla_parse_nested_deprecated include/net/netlink.h:1248 [inline]
__rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594
rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091
netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0x154/0x190 net/socket.c:734
____sys_sendmsg+0x6df/0x840 net/socket.c:2482
___sys_sendmsg+0x110/0x1b0 net/socket.c:2536
__sys_sendmsg+0xf3/0x1c0 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdcf2072359
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000
</TASK>
The buggy address belongs to the variable:
rmnet_policy+0x30/0xe0
The buggy address belongs to the physical page:
page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243
flags: 0x200000000001000(reserved|node=0|zone=2)
raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07
ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9
>ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9
^
ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9
ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9
According to the comment of `nla_parse_nested_deprecated`, the maxtype
should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here.
Fixes:
|
||
Niklas Schnelle
|
5b58cfcd4c |
s390/pci: fix max size calculation in zpci_memcpy_toio()
[ Upstream commit 80df7d6af7f6d229b34cf237b2cc9024c07111cd ]
The zpci_get_max_write_size() helper is used to determine the maximum
size a PCI store or load can use at a given __iomem address.
For the PCI block store the following restrictions apply:
1. The dst + len must not cross a 4K boundary in the (pseudo-)MMIO space
2. len must not exceed ZPCI_MAX_WRITE_SIZE
3. len must be a multiple of 8 bytes
4. The src address must be double word (8 byte) aligned
5. The dst address must be double word (8 byte) aligned
Otherwise only a normal PCI store which takes its src value from
a register can be used. For these PCI store restriction 1 still applies.
Similarly 1 also applies to PCI loads.
It turns out zpci_max_write_size() instead implements stricter
conditions which prevents PCI block stores from being used where they
can and should be used. In particular instead of conditions 4 and 5 it
wrongly enforces both dst and src to be size aligned. This indirectly
covers condition 1 but also prevents many legal PCI block stores.
On top of the functional shortcomings the zpci_get_max_write_size() is
misnamed as it is used for both read and write size calculations. Rename
it to zpci_get_max_io_size() and implement the listed conditions
explicitly.
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Fixes:
|
||
Siddharth Vadapalli
|
14a7e3a0d0 |
PCI: keystone: Fix race condition when initializing PHYs
[ Upstream commit c12ca110c613a81cb0f0099019c839d078cd0f38 ]
The PCI driver invokes the PHY APIs using the ks_pcie_enable_phy()
function. The PHY in this case is the Serdes. It is possible that the
PCI instance is configured for two lane operation across two different
Serdes instances, using one lane of each Serdes.
In such a configuration, if the reference clock for one Serdes is
provided by the other Serdes, it results in a race condition. After the
Serdes providing the reference clock is initialized by the PCI driver by
invoking its PHY APIs, it is not guaranteed that this Serdes remains
powered on long enough for the PHY APIs based initialization of the
dependent Serdes. In such cases, the PLL of the dependent Serdes fails
to lock due to the absence of the reference clock from the former Serdes
which has been powered off by the PM Core.
Fix this by obtaining reference to the PHYs before invoking the PHY
initialization APIs and releasing reference after the initialization is
complete.
Link: https://lore.kernel.org/linux-pci/20230927041845.1222080-1-s-vadapalli@ti.com
Fixes:
|
||
Maurizio Lombardi
|
40d171ef23 |
nvmet-tcp: Fix the H2C expected PDU len calculation
[ Upstream commit 9a1abc24850eb759e36a2f8869161c3b7254c904 ]
The nvmet_tcp_handle_h2c_data_pdu() function should take into
consideration the possibility that the header digest and/or the data
digests are enabled when calculating the expected PDU length, before
comparing it to the value stored in cmd->pdu_len.
Fixes: efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length")
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Christoph Niedermaier
|
258dccd67b |
serial: imx: Correct clock error message in function probe()
[ Upstream commit 3e189470cad27d41a3a9dc02649f965b7ed1c90f ]
Correct the clock error message by changing the clock name.
Fixes:
|
||
|
Fedor Pchelkin
|
1d8e62b556 |
apparmor: avoid crash when parsed profile name is empty
[ Upstream commit 55a8210c9e7d21ff2644809699765796d4bfb200 ]
When processing a packed profile in unpack_profile() described like
"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}"
a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then
passed to aa_splitn_fqname().
aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace.
Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later
aa_alloc_profile() crashes as the new profile name is NULL now.
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:strlen+0x1e/0xa0
Call Trace:
<TASK>
? strlen+0x1e/0xa0
aa_policy_init+0x1bb/0x230
aa_alloc_profile+0xb1/0x480
unpack_profile+0x3bc/0x4960
aa_unpack+0x309/0x15e0
aa_replace_profiles+0x213/0x33c0
policy_update+0x261/0x370
profile_replace+0x20e/0x2a0
vfs_write+0x2af/0xe00
ksys_write+0x126/0x250
do_syscall_64+0x46/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
</TASK>
---[ end trace 0000000000000000 ]---
RIP: 0010:strlen+0x1e/0xa0
It seems such behaviour of aa_splitn_fqname() is expected and checked in
other places where it is called (e.g. aa_remove_profiles). Well, there
is an explicit comment "a ns name without a following profile is allowed"
inside.
AFAICS, nothing can prevent unpacked "name" to be in form like
":samba-dcerpcd" - it is passed from userspace.
Deny the whole profile set replacement in such case and inform user with
EPROTO and an explaining message.
Found by Linux Verification Center (linuxtesting.org).
Fixes:
|
||
Ian Rogers
|
4cd5db4fc4 |
perf env: Avoid recursively taking env->bpf_progs.lock
[ Upstream commit 9c51f8788b5d4e9f46afbcf563255cfd355690b3 ]
Add variants of perf_env__insert_bpf_prog_info(), perf_env__insert_btf()
and perf_env__find_btf prefixed with __ to indicate the
env->bpf_progs.lock is assumed held.
Call these variants when the lock is held to avoid recursively taking it
and potentially having a thread deadlock with itself.
Fixes:
|
||
Arnaldo Carvalho de Melo
|
f19a1cb1f9 |
perf bpf: Decouple creating the evlist from adding the SB event
[ Upstream commit b38d85ef49cf6af9d1deaaf01daf0986d47e6c7a ] Renaming bpf_event__add_sb_event() to evlist__add_sb_event() and requiring that the evlist be allocated beforehand. This will allow using the same side band thread and evlist to be used for multiple purposes in addition to react to PERF_RECORD_BPF_EVENT soon after they are generated. Acked-by: Jiri Olsa <jolsa@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Song Liu <songliubraving@fb.com> Link: http://lore.kernel.org/lkml/20200429131106.27974-4-acme@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Stable-dep-of: 9c51f8788b5d ("perf env: Avoid recursively taking env->bpf_progs.lock") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Arnaldo Carvalho de Melo
|
739b800279 |
perf top: Move sb_evlist to 'struct perf_top'
[ Upstream commit ca6c9c8b107f9788662117587cd24bbb19cea94d ] Where state related to a 'perf top' session is grouped. Acked-by: Jiri Olsa <jolsa@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Song Liu <songliubraving@fb.com> Link: http://lore.kernel.org/lkml/20200429131106.27974-3-acme@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Stable-dep-of: 9c51f8788b5d ("perf env: Avoid recursively taking env->bpf_progs.lock") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Arnaldo Carvalho de Melo
|
2d59b6ed99 |
perf record: Move sb_evlist to 'struct record'
[ Upstream commit bc477d7983e345262757568ec27be0395dc2fe73 ] Where state related to a 'perf record' session is grouped. Acked-by: Jiri Olsa <jolsa@redhat.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Song Liu <songliubraving@fb.com> Link: http://lore.kernel.org/lkml/20200429131106.27974-2-acme@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Stable-dep-of: 9c51f8788b5d ("perf env: Avoid recursively taking env->bpf_progs.lock") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Jiri Olsa
|
14a9769a76 |
perf env: Add perf_env__numa_node()
[ Upstream commit 389799a7a1e86c55f38897e679762efadcc9dedd ] To speed up cpu to node lookup, add perf_env__numa_node(), that creates cpu array on the first lookup, that holds numa nodes for each stored cpu. Signed-off-by: Jiri Olsa <jolsa@kernel.org> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Alexey Budankov <alexey.budankov@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Joe Mario <jmario@redhat.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Michael Petlan <mpetlan@redhat.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Link: http://lkml.kernel.org/r/20190904073415.723-3-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Stable-dep-of: 9c51f8788b5d ("perf env: Avoid recursively taking env->bpf_progs.lock") Signed-off-by: Sasha Levin <sashal@kernel.org> |