android11-5.4
115 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
c066ac93be
|
Merge tag 'ASB-2023-02-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-02-01 CVE-2022-39189 CVE-2022-39842 CVE-2022-41222 CVE-2023-20937 CVE-2023-20938 CVE-2022-0850 * tag 'ASB-2023-02-05_11-5.4' of https://android.googlesource.com/kernel/common: ANDROID: ABI: Cuttlefish Symbol update UPSTREAM: media: dvb-core: Fix UAF due to refcount races at releasing ANDROID: abi_gki_aarch64_qcom: Add hrtimer_sleeper_start_expires UPSTREAM: ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark" UPSTREAM: usb: gadget: f_hid: fix f_hidg lifetime vs cdev UPSTREAM: usb: gadget: f_hid: optional SETUP/SET_REPORT mode ANDROID: add TEST_MAPPING for net/, include/net UPSTREAM: nfp: fix use-after-free in area_cache_get() UPSTREAM: proc: avoid integer type confusion in get_proc_long UPSTREAM: proc: proc_skip_spaces() shouldn't think it is working on C strings ANDROID: usb: f_accessory: Check buffer size when initialised via composite BACKPORT: mm: don't be stuck to rmap lock on reclaim path ANDROID: Add more hvc devices for virtio-console. Revert "mmc: sdhci: Fix voltage switch delay" ANDROID: gki_defconfig: add CONFIG_FUNCTION_ERROR_INJECTION Linux 5.4.226 ipc/sem: Fix dangling sem_array access in semtimedop race v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails proc: proc_skip_spaces() shouldn't think it is working on C strings proc: avoid integer type confusion in get_proc_long mmc: sdhci: Fix voltage switch delay mmc: sdhci: use FIELD_GET for preset value bit masks char: tpm: Protect tpm_pm_suspend with locks Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend" x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM x86/pm: Add enumeration check before spec MSRs save/restore setup x86/tsx: Add a feature bit for TSX control MSR support nvme: ensure subsystem reset is single threaded nvme: restrict management ioctls to admin epoll: check for events when removing a timed out thread from the wait queue epoll: call final ep_events_available() check under the lock tracing/ring-buffer: Have polling block on watermark ipv4: Fix route deletion when nexthop info is not specified ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference selftests: net: fix nexthop warning cleanup double ip typo selftests: net: add delete nexthop route warning test Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled parisc: Increase FRAME_WARN to 2048 bytes on parisc xtensa: increase size of gcc stack frame check parisc: Increase size of gcc stack frame check iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() pinctrl: single: Fix potential division by zero ASoC: ops: Fix bounds check for _sx controls mm: Fix '.data.once' orphan section warning arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors tracing: Free buffers when a used dynamic event is removed mmc: sdhci-sprd: Fix no reset data and command after voltage switch mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check mmc: core: Fix ambiguous TRIM and DISCARD arg mmc: mmc_test: Fix removal of debugfs file pinctrl: intel: Save and restore pins in "direct IRQ" mode x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" error-injection: Add prompt for function error injection net/mlx5: DR, Fix uninitialized var warning hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() hwmon: (coretemp) Check for null before removing sysfs attrs net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed sctp: fix memory leak in sctp_stream_outq_migrate() packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE net: tun: Fix use-after-free in tun_detach() afs: Fix fileserver probe RTT handling net: hsr: Fix potential use-after-free dsa: lan9303: Correct stat name net: ethernet: nixge: fix NULL dereference net/9p: Fix a potential socket leak in p9_socket_open net: net_netdev: Fix error handling in ntb_netdev_init_module() net: phy: fix null-ptr-deref while probe() failed wifi: cfg80211: fix buffer overflow in elem comparison qlcnic: fix sleep-in-atomic-context bugs caused by msleep can: cc770: cc770_isa_probe(): add missing free_cc770dev() can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() net/mlx5e: Fix use-after-free when reverting termination table net/mlx5: Fix uninitialized variable bug in outlen_write() of: property: decrement node refcount in of_fwnode_get_reference_args() hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails hwmon: (i5500_temp) fix missing pci_disable_device() scripts/faddr2line: Fix regression in name resolution on ppc64le iio: light: rpr0521: add missing Kconfig dependencies iio: health: |
||
Greg Kroah-Hartman
|
6b029aa535 |
This is the 5.4.220 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmNZGM8ACgkQONu9yGCS aT6cjQ/+JSj2g4OKD3WLjhnyy3+GJC7GdHvD8dvMkX/DNW+DD+Ja32O00Jfwi7F1 NMP/AglR4Y5aL3LvCyBR3SLj7Hq8pGOLYpLT8FxtFf7NSCXumUZmnLjRCDUqzovE W1ObC5EIJ1WMArZc28ECq5EGqOLuqiRcZyel4yDM71ttJ6AglEgOvhGIZMDDEaIh 7rTKgplaU0rNwiOrh16PwUjXVd7AW3dkVCN+Mog96hgkrfokCTVj00QHy2DxEFV4 JKrmrQBSwK36Db02k1+V2kpaKzVflPA1ZHAPee9SfJG50kfEoOOvjg9Yo0csMvqV LbYXiDhd04oF37Gf73PNhQyFVdyJYZstw1BOO5M/etYN9CNEGrWC1jR3XculxPdx oIN5Cy+9jBBAJOMxMi7Zx2ZSnacaSlKQq1faVFyv9ekA53HFKPKHUwy4jOGcM/rR yJw0r+IkCSYv4zTzUc2XM5n+3PXCBtXnrG7yVsihZiHxt4MZvQ5+J/aI88L8vOYa 5mkt8hQ75cZmWiCQOzR2TcVwy/FoPoGlKUWZIO8XYCDLVNgUyqSyTPhe7+9AU7HK rKHTktX7BJ/202xRypqc4tRuOhRZ3W3Htzq9Dmhf0so61D9Ayzrdm7/eiNto+1ru nU+V4I740is9x1CMyUU30pHretuhUdz0cuhgpwHeiF2ki/21J6A= =JFUC -----END PGP SIGNATURE----- Merge 5.4.220 into android11-5.4-lts Changes in 5.4.220 ALSA: oss: Fix potential deadlock at unregistration ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() ALSA: usb-audio: Fix potential memory leaks ALSA: usb-audio: Fix NULL dererence at error path ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 ALSA: hda/realtek: Correct pin configs for ASUS G533Z ALSA: hda/realtek: Add quirk for ASUS GV601R laptop ALSA: hda/realtek: Add Intel Reference SSID to support headset keys mtd: rawnand: atmel: Unmap streaming DMA mappings cifs: destage dirty pages before re-reading them for cache=none cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message iio: dac: ad5593r: Fix i2c read protocol requirements iio: pressure: dps310: Refactor startup procedure iio: pressure: dps310: Reset chip after timeout usb: add quirks for Lenovo OneLink+ Dock can: kvaser_usb: Fix use of uninitialized completion can: kvaser_usb_leaf: Fix overread with an invalid command can: kvaser_usb_leaf: Fix TX queue out of sync after restart can: kvaser_usb_leaf: Fix CAN state after restart mmc: sdhci-sprd: Fix minimum clock limit fs: dlm: fix race between test_bit() and queue_work() fs: dlm: handle -EBUSY first in lock arg validation HID: multitouch: Add memory barriers quota: Check next/prev free block number after reading from quota file ASoC: wcd9335: fix order of Slimbus unprepare/disable regulator: qcom_rpm: Fix circular deferral regression RISC-V: Make port I/O string accessors actually work parisc: fbdev/stifb: Align graphics memory size to 4MB riscv: Allow PROT_WRITE-only mmap() riscv: Pass -mno-relax only on lld < 15.0.0 UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge powerpc/boot: Explicitly disable usage of SPE instructions fbdev: smscufx: Fix use-after-free in ufx_ops_open() btrfs: fix race between quota enable and quota rescan ioctl f2fs: increase the limit for reserve_root f2fs: fix to do sanity check on destination blkaddr during recovery f2fs: fix to do sanity check on summary info nilfs2: fix use-after-free bug of struct nilfs_root jbd2: wake up journal waiters in FIFO order, not LIFO ext4: avoid crash when inline data creation follows DIO write ext4: fix null-ptr-deref in ext4_write_info ext4: make ext4_lazyinit_thread freezable ext4: place buffer head allocation before handle start livepatch: fix race between fork and KLP transition ftrace: Properly unset FTRACE_HASH_FL_MOD ring-buffer: Allow splice to read previous partially read pages ring-buffer: Have the shortest_full queue be the shortest not longest ring-buffer: Check pending waiters when doing wake ups as well ring-buffer: Fix race between reset page and reading page media: cedrus: Set the platform driver data earlier KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS gcov: support GCC 12.1 and newer compilers drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() selinux: use "grep -E" instead of "egrep" tracing: Disable interrupt or preemption before acquiring arch_spinlock_t userfaultfd: open userfaultfds with O_RDONLY sh: machvec: Use char[] for section boundaries ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE nfsd: Fix a memory leak in an error handling path wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() wifi: mac80211: allow bw change during channel switch in mesh bpftool: Fix a wrong type cast in btf_dumper_int x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() wifi: rtl8xxxu: Fix skb misuse in TX queue selection bpf: btf: fix truncated last_member_type_id in btf_struct_resolve wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration net: fs_enet: Fix wrong check in do_pd_setup bpf: Ensure correct locking around vulnerable function find_vpid() x86/microcode/AMD: Track patch allocation size explicitly spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe netfilter: nft_fib: Fix for rpath check with VRF devices spi: s3c64xx: Fix large transfers with DMA vhost/vsock: Use kvmalloc/kvfree for larger packets. mISDN: fix use-after-free bugs in l1oip timer handlers sctp: handle the error returned from sctp_auth_asoc_init_active_key tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() bnx2x: fix potential memory leak in bnx2x_tpa_stop() net/ieee802154: reject zero-sized raw_sendmsg() once: add DO_ONCE_SLOW() for sleepable contexts net: mvpp2: fix mvpp2 debugfs leak drm: bridge: adv7511: fix CEC power down control register offset drm/mipi-dsi: Detach devices when removing the host platform/chrome: fix double-free in chromeos_laptop_prepare() platform/chrome: fix memory corruption in ioctl platform/x86: msi-laptop: Fix old-ec check for backlight registering platform/x86: msi-laptop: Fix resource cleanup drm: fix drm_mipi_dbi build errors drm/bridge: megachips: Fix a null pointer dereference bug ASoC: rsnd: Add check for rsnd_mod_power_on ALSA: hda: beep: Simplify keep-power-at-enable behavior drm/omap: dss: Fix refcount leak bugs mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx ALSA: dmaengine: increment buffer pointer atomically mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe ALSA: hda/hdmi: Don't skip notification handling during PM operation memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() memory: of: Fix refcount leak bug in of_get_ddr_timings() soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() soc: qcom: smem_state: Add refcounting for the 'state->of_node' ARM: dts: turris-omnia: Fix mpp26 pin name and comment ARM: dts: kirkwood: lsxl: fix serial line ARM: dts: kirkwood: lsxl: remove first ethernet port ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family ARM: Drop CMDLINE_* dependency on ATAGS ARM: dts: exynos: fix polarity of VBUS GPIO of Origen iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX iio: adc: at91-sama5d2_adc: check return status for pressure and touch iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq iio: inkern: only release the device node when done with it iio: ABI: Fix wrong format of differential capacitance channel ABI. clk: meson: Hold reference returned by of_get_parent() clk: oxnas: Hold reference returned by of_get_parent() clk: berlin: Add of_node_put() for of_get_parent() clk: tegra: Fix refcount leak in tegra210_clock_init clk: tegra: Fix refcount leak in tegra114_clock_init clk: tegra20: Fix refcount leak in tegra20_clock_init HSI: omap_ssi: Fix refcount leak in ssi_probe HSI: omap_ssi_port: Fix dma_map_sg error check media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop tty: xilinx_uartps: Fix the ignore_status media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init RDMA/rxe: Fix "kernel NULL pointer dereference" error RDMA/rxe: Fix the error caused by qp->sk misc: ocxl: fix possible refcount leak in afu_ioctl() dyndbg: fix module.dyndbg handling dyndbg: let query-modname override actual module name mtd: devices: docg3: check the return value of devm_ioremap() in the probe RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() ata: fix ata_id_has_devslp() ata: fix ata_id_has_ncq_autosense() ata: fix ata_id_has_dipm() mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() md/raid5: Ensure stripe_fill happens on non-read IO with journal xhci: Don't show warning for reinit on known broken suspend usb: gadget: function: fix dangling pnp_string in f_printer.c drivers: serial: jsm: fix some leaks in probe tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown phy: qualcomm: call clk_disable_unprepare in the error handling staging: vt6655: fix some erroneous memory clean-up loops firmware: google: Test spinlock on panic path to avoid lockups serial: 8250: Fix restoring termios speed after suspend scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() fsi: core: Check error number after calling ida_simple_get mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() mfd: lp8788: Fix an error handling path in lp8788_probe() mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() mfd: fsl-imx25: Fix check for platform_get_irq() errors mfd: sm501: Add check for platform_driver_register() clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() spmi: pmic-arb: correct duplicate APID to PPID mapping logic clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe clk: ast2600: BCLK comes from EPLL mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg powerpc/math_emu/efp: Include module.h powerpc/sysdev/fsl_msi: Add missing of_node_put() powerpc/pci_dn: Add missing of_node_put() powerpc/powernv: add missing of_node_put() in opal_export_attrs() x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 powerpc: Fix SPE Power ISA properties for e500v1 platforms cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset iommu/omap: Fix buffer overflow in debugfs crypto: akcipher - default implementation for setting a private key crypto: ccp - Release dma channels before dmaengine unrgister iommu/iova: Fix module config properly kbuild: remove the target in signal traps when interrupted crypto: cavium - prevent integer overflow loading firmware f2fs: fix race condition on setting FI_NO_EXTENT flag ACPI: video: Add Toshiba Satellite/Portege Z830 quirk MIPS: BCM47XX: Cast memcmp() of function to (void *) powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data wifi: brcmfmac: fix invalid address access when enabling SCAN log level bpftool: Clear errno after libcap's checks openvswitch: Fix double reporting of drops in dropwatch openvswitch: Fix overreporting of drops in dropwatch tcp: annotate data-race around tcp_md5sig_pool_populated wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() xfrm: Update ipcomp_scratches with NULL when freed wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times can: bcm: check the result of can_send() in bcm_can_tx() wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 wifi: rt2x00: set VGC gain for both chains of MT7620 wifi: rt2x00: set SoC wmac clock register wifi: rt2x00: correctly set BBP register 86 for MT7620 net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Bluetooth: L2CAP: Fix user-after-free r8152: Rate limit overflow messages drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() drm: Use size_t type for len variable in drm_copy_field() drm: Prevent drm_copy_field() to attempt copying a NULL pointer drm/amd/display: fix overflow on MIN_I64 definition drm/vc4: vec: Fix timings for VEC modes drm: panel-orientation-quirks: Add quirk for Anbernic Win600 platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading drm/amdgpu: fix initial connector audio value mmc: sdhci-msm: add compatible string check for sdm670 ARM: dts: imx7d-sdb: config the max pressure for tsc2046 ARM: dts: imx6q: add missing properties for sram ARM: dts: imx6dl: add missing properties for sram ARM: dts: imx6qp: add missing properties for sram ARM: dts: imx6sl: add missing properties for sram ARM: dts: imx6sll: add missing properties for sram ARM: dts: imx6sx: add missing properties for sram btrfs: scrub: try to fix super block errors clk: zynqmp: Fix stack-out-of-bounds in strncpy` media: cx88: Fix a null-ptr-deref bug in buffer_prepare() clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate scsi: 3w-9xxx: Avoid disabling device if failing to enable it nbd: Fix hung when signal interrupts nbd_start_device_ioctl() power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() staging: vt6655: fix potential memory leak ata: libahci_platform: Sanity check the DT child nodes number bcache: fix set_at_max_writeback_rate() for multiple attached devices HID: roccat: Fix use-after-free in roccat_read() md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() usb: musb: Fix musb_gadget.c rxstate overflow bug Revert "usb: storage: Add quirk for Samsung Fit flash" staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() nvme: copy firmware_rev on each init nvmet-tcp: add bounds check on Transfer Tag usb: idmouse: fix an uninit-value in idmouse_open clk: bcm2835: Make peripheral PLLC critical perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc io_uring/af_unix: defer registered files gc to io_uring release net: ieee802154: return -EINVAL for unknown addr type Revert "net/ieee802154: reject zero-sized raw_sendmsg()" net/ieee802154: don't warn zero-sized raw_sendmsg() ext4: continue to expand file system when the target size doesn't reach md: Replace snprintf with scnprintf efi: libstub: drop pointless get_memory_map() call inet: fully convert sk->sk_rx_dst to RCU rules thermal: intel_powerclamp: Use first online CPU as control_cpu Linux 5.4.220 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I91859d6b79f44ab654cb0c88d0d6c9c46f62131b |
||
Ondrej Mosnacek
|
c0f4be8303 |
userfaultfd: open userfaultfds with O_RDONLY
[ Upstream commit abec3d015fdfb7c63105c7e1c956188bf381aa55 ]
Since userfaultfd doesn't implement a write operation, it is more
appropriate to open it read-only.
When userfaultfds are opened read-write like it is now, and such fd is
passed from one process to another, SELinux will check both read and
write permissions for the target process, even though it can't actually
do any write operation on the fd later.
Inspired by the following bug report, which has hit the SELinux scenario
described above:
https://bugzilla.redhat.com/show_bug.cgi?id=1974559
Reported-by: Robert O'Callahan <roc@ocallahan.org>
Fixes:
|
||
Srinivasarao Pathipati
|
16e939c6e4 |
Merge android11-5.4.161+ (b9d179c) into msm-5.4
* refs/heads/tmp-b9d179c:
UPSTREAM: driver core: Fix possible memory leak in device_link_add()
UPSTREAM: blk-mq: fix kernel panic during iterating over flush request
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: binder: fix the missing BR_FROZEN_REPLY in binder_return_strings
ANDROID: incremental-fs: fix mount_fs issue
UPSTREAM: vfs: fs_context: fix up param length parsing in legacy_parse_param
ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE
Linux 5.4.161
erofs: fix unsafe pagevec reuse of hooked pclusters
erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
PCI: Add MSI masking quirk for Nvidia ION AHCI
PCI/MSI: Deal with devices lying about their MSI mask capability
PCI/MSI: Destroy sysfs before freeing entries
parisc/entry: fix trace test in syscall exit path
fortify: Explicitly disable Clang support
scsi: ufs: Fix tm request when non-fatal error happens
ext4: fix lazy initialization next schedule time computation in more granular unit
MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
scsi: ufs: Fix interrupt error message for shared interrupts
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
Revert "net: sched: update default qdisc visibility after Tx queue cnt changes"
Revert "serial: core: Fix initializing and restoring termios speed"
Linux 5.4.160
selftests/bpf: Fix also no-alu32 strobemeta selftest
ath10k: fix invalid dma_addr_t token assignment
SUNRPC: Partial revert of commit 6f9f17287e78
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
s390/cio: make ccw_device_dma_* more robust
s390/tape: fix timer initialization in tape_std_assign()
s390/cio: check the subchannel validity for dev_busid
video: backlight: Drop maximum brightness override for brightness zero
mm, oom: do not trigger out_of_memory from the #PF
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
powerpc/lib: Add helper to check if offset is within conditional branch range
ovl: fix deadlock in splice write
9p/net: fix missing error check in p9_check_errors
net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
f2fs: should use GFP_NOFS for directory inodes
irqchip/sifive-plic: Fixup EOI failed when masked
parisc: Fix set_fixmap() on PA1.x CPUs
parisc: Fix backtrace to always include init funtion names
ARM: 9156/1: drop cc-option fallbacks for architecture selection
ARM: 9155/1: fix early early_iounmap()
selftests/net: udpgso_bench_rx: fix port argument
cxgb4: fix eeprom len when diagnostics not implemented
net/smc: fix sk_refcnt underflow on linkdown and fallback
vsock: prevent unnecessary refcnt inc for nonblocking connect
net: hns3: allow configure ETS bandwidth of all TCs
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
llc: fix out-of-bound array index in llc_sk_dev_hash()
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
zram: off by one in read_block_state()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: vlan: fix a UAF in vlan_dev_real_dev()
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: Fix gnl list corruption
ar7: fix kernel builds for compiler test
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read
auxdisplay: ht16k33: Fix frame buffer device blanking
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: core: don't remove debugfs directory if device is in use
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
NFS: Fix deadlocks in nfs_scan_commit_list()
opp: Fix return in _opp_add_static_v2()
PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
PCI: aardvark: Don't spam about PIO Response Status
drm/plane-helper: fix uninitialized variable reference
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
apparmor: fix error check
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
mips: cm: Convert to bitfield API to fix out-of-bounds access
powerpc/44x/fsp2: add missing of_node_put
HID: u2fzero: properly handle timeouts in usb_submit_urb
HID: u2fzero: clarify error check and length calculations
serial: xilinx_uartps: Fix race condition causing stuck TX
phy: qcom-qusb2: Fix a memory leak on probe
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
ASoC: cs42l42: Correct some register default values
ARM: dts: stm32: fix SAI sub nodes register range
staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
clk: at91: check pmc node status before registering syscore ops
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
ALSA: hda: Reduce udelay() at SKL+ position reporting
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: dts: at91: tse850: the emac<->phy interface is rmii
arm64: dts: meson-g12a: Fix the pwm regulator supply properties
RDMA/bnxt_re: Fix query SRQ failure
ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
RDMA/rxe: Fix wrong port_cap_flags
ibmvnic: Process crqs after enabling interrupts
ibmvnic: don't stop queue in xmit
udp6: allow SO_MARK ctrl msg to affect routing
selftests/bpf: Fix fclose/pclose mismatch in test_progs
crypto: pcrypt - Delay write to padata->info
net: phylink: avoid mvneta warning when setting pause parameters
net: amd-xgbe: Toggle PLL settings during rate change
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
wcn36xx: add proper DMA memory barriers in rx path
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
KVM: s390: Fix handle_sske page fault handling
samples/kretprobes: Fix return value if register_kretprobe() failed
tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
libbpf: Fix BTF data layout checks and allow empty BTF
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
drm/msm: Fix potential NULL dereference in DPU SSPP
clocksource/drivers/timer-ti-dm: Select TIMER_OF
PM: hibernate: fix sparse warnings
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
rsi: stop thread firstly in rsi_91x_init() error handling
mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
block: ataflop: fix breakage introduced at blk-mq refactoring
mmc: mxs-mmc: disable regulator on error and in the remove function
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
hwmon: Fix possible memleak in __hwmon_device_register()
net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
hwrng: mtk - Force runtime pm ops for sleep ops
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
netfilter: nft_dynset: relax superfluous check on set updates
EDAC/amd64: Handle three rank interleaving mode
ath9k: Fix potential interrupt storm on queue reset
media: em28xx: Don't use ops->suspend if it is NULL
cpuidle: Fix kobject memory leaks in error paths
crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
kprobes: Do not use local variable when creating debugfs file
media: cx23885: Fix snd_card_free call on null card pointer
media: tm6000: Avoid card name truncation
media: si470x: Avoid card name truncation
media: radio-wl1273: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: TDA1997x: handle short reads of hdmi info frame.
media: dvb-usb: fix ununit-value in az6027_rc_query
media: cxd2880-spi: Fix a null pointer dereference on error handling path
media: em28xx: add missing em28xx_close_extension
drm/amdgpu: fix warning for overflow check
ath10k: Fix missing frame timestamp for beacon/probe-resp
net: dsa: rtl8366rb: Fix off-by-one bug
rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
crypto: caam - disable pkc for non-E SoCs
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
wilc1000: fix possible memory leak in cfg_scan_result()
cgroup: Make rebind_subsystems() disable v2 controllers all at once
net: net_namespace: Fix undefined member in key_remove_domain()
virtio-gpu: fix possible memory allocation failure
drm/v3d: fix wait for TMU write combiner flush
rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
Bluetooth: fix init and cleanup of sco_conn.timeout_work
selftests/bpf: Fix strobemeta selftest regression
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
parisc: fix warning in flush_tlb_all
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
btrfs: do not take the uuid_mutex in btrfs_rm_device
net: annotate data-race in neigh_output()
vrf: run conntrack only in context of lower/physdev for locally generated packets
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
selftests: kvm: fix mismatched fclose() after popen()
PM: hibernate: Get block device exclusively in swsusp_check()
nvme: drop scan_lock and always kick requeue list when removing namespaces
nvmet-tcp: fix use-after-free when a port is removed
nvmet: fix use-after-free when a port is removed
block: remove inaccurate requeue check
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
workqueue: make sysfs of unbound kworker cpumask more clever
lib/xz: Validate the value before assigning it to an enum variable
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
memstick: r592: Fix a UAF bug when removing the driver
leaking_addresses: Always print a trailing newline
ACPI: battery: Accept charges over the design capacity as full
iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
tracefs: Have tracefs directories not set OTH permission bits by default
net-sysfs: try not to restart the syscall if it will fail eventually
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
media: ipu3-imgu: imgu_fmt: Handle properly try
ACPICA: Avoid evaluating methods too early during system resume
ipmi: Disable some operations during a panic
media: rcar-csi2: Add checking to rcsi2_start_receiver()
brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: imx: set a media_device bus_info string
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Set unique vdev name based in type
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set capability in s_param
media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
ath10k: high latency fixes for beacon buffer
mwifiex: Properly initialize private structure on interface type changes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
net: sched: update default qdisc visibility after Tx queue cnt changes
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
drm/panel-orientation-quirks: add Valve Steam Deck
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
dma-buf: WARN on dmabuf release with pending attachments
USB: chipidea: fix interrupt deadlock
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
pinctrl: core: fix possible memory leak in pinctrl_enable()
quota: correct error number in free_dqentry()
quota: check block number when reading the block in quota file
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Fix reporting Data Link Layer Link Active
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: pci-bridge-emul: Fix emulation of W1C bits
xen/balloon: add late_initcall_sync() for initial ballooning done
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
serial: core: Fix initializing and restoring termios speed
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
can: j1939: j1939_can_recv(): ignore messages with invalid source address
can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal: Remove the bogus sigkill_pending in ptrace_stop
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
rsi: Fix module dev_oper_mode parameter description
rsi: fix rate mask set leading to P2P failure
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix occasional initialisation failure with BT coex
wcn36xx: handle connection loss indication
libata: fix checking of DMA state
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
PCI: Mark Atheros QCA6174 to avoid bus reset
ath10k: fix division by zero in send path
ath10k: fix control-message timeout
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
ia64: kprobes: Fix to pass correct trampoline address to the handler
btrfs: call btrfs_check_rw_degradable only if there is a missing device
btrfs: fix lost error handling when replaying directory deletes
btrfs: clear MISSING device status bit in btrfs_close_one_device
net/smc: Correct spelling mistake to TCPF_SYN_RECV
nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
vmxnet3: do not stop tx queues after netif_device_detach()
r8169: Add device 10ec:8162 to driver r8169
nvmet-tcp: fix header digest verification
drm: panel-orientation-quirks: Add quirk for GPD Win3
watchdog: Fix OMAP watchdog early handling
net: multicast: calculate csum of looped-back and forwarded packets
spi: spl022: fix Microwire full duplex mode
nvmet-tcp: fix a memory leak when releasing a queue
xen/netfront: stop tx queues during live migration
bpf: Prevent increasing bpf_jit_limit above max
bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
mmc: winbond: don't build on M68K
reset: socfpga: add empty driver allowing consumers to probe
ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
cavium: Fix return values of the probe function
scsi: qla2xxx: Fix unmap of already freed sgl
scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
cavium: Return negative value when pci_alloc_irq_vectors() fails
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
fuse: fix page stealing
ALSA: timer: Unconditionally unlink slave instances, too
ALSA: timer: Fix use-after-free problem
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: usb-audio: Add registration quirk for JBL Quantum 400
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
ALSA: hda/realtek: Add quirk for ASUS UX550VE
ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
ALSA: hda/realtek: Add quirk for Clevo PC70HS
media: v4l2-ioctl: Fix check_ext_ctrls
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: ite-cir: IR receiver stop working after receive overflow
crypto: s5p-sss - Add error handling in s5p_aes_probe()
firmware/psci: fix application of sizeof to pointer
tpm: Check for integer overflow in tpm2_map_response_body()
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
scsi: qla2xxx: Fix use after free in eh_abort path
scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
ocfs2: fix data corruption on truncate
libata: fix read log timeout value
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
Input: iforce - fix control-message timeout
binder: use cred instead of task for getsecid
binder: use cred instead of task for selinux checks
binder: use euid from cred instead of using task
usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
Linux 5.4.159
rsi: fix control-message timeout
media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
printk/console: Allow to disable console output by using console="" or console=null
binder: don't detect sender/target during buffer cleanup
usb-storage: Add compatibility quirk flags for iODD 2531/2541
usb: musb: Balance list entry in musb_gadget_queue
usb: gadget: Mark USB_FSL_QE broken on 64-bit
usb: ehci: handshake CMD_RUN instead of STS_HALT
Revert "x86/kvm: fix vcpu-id indexed array sizes"
Linux 5.4.158
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
Revert "drm/ttm: fix memleak in ttm_transfered_destroy"
sfc: Fix reading non-legacy supported link modes
Revert "usb: core: hcd: Add support for deferring roothub registration"
Revert "xhci: Set HCD flag to defer primary roothub registration"
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
net: ethernet: microchip: lan743x: Fix skb allocation failure
vrf: Revert "Reset skb conntrack connection..."
scsi: core: Put LLD module refcnt after SCSI device is released
Linux 5.4.157
perf script: Check session->header.env.arch before using it
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
KVM: s390: clear kicked_mask before sleeping again
cfg80211: correct bridge/4addr mode check
net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT
sctp: add vtag check in sctp_sf_ootb
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
sctp: add vtag check in sctp_sf_violation
sctp: fix the processing for COOKIE_ECHO chunk
sctp: fix the processing for INIT_ACK chunk
sctp: use init_tag from inithdr for ABORT chunk
phy: phy_start_aneg: Add an unlocked version
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
net/tls: Fix flipped sign in async_wait.err assignment
net: nxp: lpc_eth.c: avoid hang when bringing interface down
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
net: Prevent infinite while loop in skb_tx_hash()
net: batman-adv: fix error handling
regmap: Fix possible double-free in regcache_rbtree_exit()
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
RDMA/mlx5: Set user priority for DCT
nvme-tcp: fix data digest pointer calculation
nvmet-tcp: fix data digest pointer calculation
IB/hfi1: Fix abba locking issue with sc_disable()
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
drm/ttm: fix memleak in ttm_transfered_destroy
net: lan78xx: fix division by zero in send path
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
mmc: dw_mmc: exynos: fix the finding clock sample value
mmc: cqhci: clear HALT state after CQE enable
mmc: vub300: fix control-message timeouts
net/tls: Fix flipped sign in tls_err_abort() calls
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
nfc: port100: fix using -ERRNO as command type mask
ata: sata_mv: Fix the error handling of mv_chip_id()
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
usbnet: fix error return code in usbnet_probe()
usbnet: sanity check for maxpacket
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
ipv6: use siphash in rt6_exception_hash()
powerpc/bpf: Fix BPF_MOD when imm == 1
ARM: 9141/1: only warn about XIP address when not compile testing
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
ARM: 9134/1: remove duplicate memcpy() definition
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
Linux 5.4.156
pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
tracing: Have all levels of checks prevent recursion
net: mdiobus: Fix memory leak in __mdiobus_register
scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
Input: snvs_pwrkey - add clk handling
ALSA: hda: avoid write to STATESTS if controller is in reset
platform/x86: intel_scu_ipc: Update timeout value in comment
isdn: mISDN: Fix sleeping function called from invalid context
ARM: dts: spear3xx: Fix gmac node
net: stmmac: add support for dwmac 3.40a
btrfs: deal with errors when checking if a dir entry exists during log replay
gcc-plugins/structleak: add makefile var for disabling structleak
selftests: netfilter: remove stray bash debug line
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
isdn: cpai: check ctr->cnr to avoid array index out of bound
nfc: nci: fix the UAF of rf_conn_info object
mm, slub: fix potential memoryleak in kmem_cache_open()
mm, slub: fix mismatch between reconstructed freelist depth and cnt
powerpc/idle: Don't corrupt back chain when going idle
KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
powerpc64/idle: Fix SP offsets when saving GPRs
audit: fix possible null-pointer dereference in audit_filter_rules
ASoC: DAPM: Fix missing kctl change notifications
ALSA: hda/realtek: Add quirk for Clevo PC50HS
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
vfs: check fd has read access in kernel_read_file_from_fd()
elfcore: correct reference to CONFIG_UML
ocfs2: mount fails with buffer overflow in strlen
ocfs2: fix data corruption after conversion from inline format
ceph: fix handling of "meta" errors
can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
can: peak_pci: peak_pci_remove(): fix UAF
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: rcar_can: fix suspend/resume
net: enetc: fix ethtool counter name for PM0_TERR
net: stmmac: Fix E2E delay mechanism
net: hns3: disable sriov before unload hclge layer
net: hns3: add limit ets dwrr bandwidth cannot be 0
net: hns3: reset DWRR of unused tc to zero
NIOS2: irqflags: rename a redefined register name
net: dsa: lantiq_gswip: fix register definition
lan78xx: select CRC32
netfilter: ipvs: make global sysctl readonly in non-init netns
ASoC: wm8960: Fix clock configuration on slave mode
dma-debug: fix sg checks in debug_dma_map_sg()
NFSD: Keep existing listeners on portlist error
xtensa: xtfpga: Try software restart before simulating CPU reset
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
tee: optee: Fix missing devices unregister during optee_remove
net: switchdev: do not propagate bridge updates across bridges
parisc: math-emu: Fix fall-through warnings
Linux 5.4.155
ionic: don't remove netdev->dev_addr when syncing uc list
r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
qed: Fix missing error code in qed_slowpath_start()
mqprio: Correct stats in mqprio_dump_class_stats().
acpi/arm64: fix next_platform_timer() section mismatch error
drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
drm/msm: Fix null pointer dereference on pointer edp
drm/panel: olimex-lcd-olinuxino: select CRC32
platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
mlxsw: thermal: Fix out-of-bounds memory accesses
ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators()
pata_legacy: fix a couple uninitialized variable bugs
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
nfc: fix error handling of nfc_proto_register()
ethernet: s2io: fix setting mac address during resume
net: encx24j600: check error in devm_regmap_init_encx24j600
net: stmmac: fix get_hw_feature() on old hardware
net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
net: korina: select CRC32
net: arc: select CRC32
gpio: pca953x: Improve bias setting
sctp: account stream padding length for reconf chunk
iio: dac: ti-dac5571: fix an error code in probe()
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: light: opt3001: Fixed timeout error when 0 lux
iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
iio: adc: aspeed: set driver data when adc probe.
powerpc/xive: Discard disabled interrupts in get_irqchip_state()
x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
EDAC/armada-xp: Fix output of uncorrectable error counter
virtio: write back F_VERSION_1 before validate
USB: serial: option: add prod. id for Quectel EG91
USB: serial: option: add Telit LE910Cx composition 0x1204
USB: serial: option: add Quectel EC200S-CN module support
USB: serial: qcserial: add EM9191 QDL support
Input: xpad - add support for another USB ID of Nacon GC-100
usb: musb: dsps: Fix the probe error path
efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock()
efi/cper: use stack buffer for error record decoding
cb710: avoid NULL pointer subtraction
xhci: Enable trust tx length quirk for Fresco FL11 USB controller
xhci: Fix command ring pointer corruption while aborting a command
xhci: guard accesses to ep_state in xhci_endpoint_reset()
mei: me: add Ice Lake-N device id.
x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
watchdog: orion: use 0 for unset heartbeat
btrfs: check for error when looking up inode during dir entry replay
btrfs: deal with errors when adding inode reference during log replay
btrfs: deal with errors when replaying dir entry during log replay
btrfs: unlock newly allocated extent buffer after error
csky: Fixup regs.sr broken in ptrace
csky: don't let sigreturn play with priveleged bits of status register
s390: fix strrchr() implementation
nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - ALC236 headset MIC recording issue
ALSA: hda/realtek: Add quirk for Clevo X170KM-G
ALSA: hda/realtek: Complete partial device name to avoid ambiguity
ALSA: seq: Fix a potential UAF by wrong private_free call order
ALSA: usb-audio: Add quirk for VF0770
ovl: simplify file splice
Linux 5.4.154
sched: Always inline is_percpu_thread()
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
scsi: ses: Fix unsigned comparison with less than zero
drm/amdgpu: fix gart.bo pin_count leak
net: sun: SUNVNET_COMMON should depend on INET
mac80211: check return value of rhashtable_init
net: prevent user from passing illegal stab size
m68k: Handle arrivals of multiple signals correctly
mac80211: Drop frames from invalid MAC address in ad-hoc mode
netfilter: nf_nat_masquerade: defer conntrack walk to work queue
netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
netfilter: ip6_tables: zero-initialize fragment offset
HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
ext4: correct the error path of ext4_write_inline_data_end()
net: phy: bcm7xxx: Fixed indirect MMD operations
UPSTREAM: ovl: simplify file splice
Linux 5.4.153
x86/Kconfig: Correct reference to MWINCHIP3D
x86/hpet: Use another crystalball to evaluate HPET usability
x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
RISC-V: Include clone3() on rv32
bpf, s390: Fix potential memory leak about jit_data
i2c: acpi: fix resource leak in reconfiguration device addition
net: prefer socket bound to interface when not in VRF
i40e: Fix freeing of uninitialized misc IRQ vector
i40e: fix endless loop under rtnl
gve: fix gve_get_stats()
rtnetlink: fix if_nlmsg_stats_size() under estimation
gve: Correct available tx qpl check
drm/nouveau/debugfs: fix file release memory leak
video: fbdev: gbefb: Only instantiate device when built for IP32
bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893
netlink: annotate data races around nlk->bound
net: sfp: Fix typo in state machine debug string
net/sched: sch_taprio: properly cancel timer from taprio_destroy()
net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence
arm64: dts: ls1028a: add missing CAN nodes
arm64: dts: freescale: Fix SP805 clock-names
ptp_pch: Load module automatically if ID matches
powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
net_sched: fix NULL deref in fifo_set_limit()
phy: mdio: fix memory leak
bpf: Fix integer overflow in prealloc_elems_and_freelist()
bpf, arm: Fix register clobbering in div/mod implementation
xtensa: call irqchip_init only when CONFIG_USE_OF is selected
xtensa: use CONFIG_USE_OF instead of CONFIG_OF
xtensa: move XCHAL_KIO_* definitions to kmem_layout.h
arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding
ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo
ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo
soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference
soc: qcom: socinfo: Fixed argument passed to platform_set_data()
bpf, mips: Validate conditional branch offsets
MIPS: BPF: Restore MIPS32 cBPF JIT
ARM: dts: qcom: apq8064: use compatible which contains chipid
ARM: dts: omap3430-sdp: Fix NAND device node
xen/balloon: fix cancelled balloon action
nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
nfsd: fix error handling of register_pernet_subsys() in init_nfsd()
ovl: fix missing negative dentry check in ovl_rename()
mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
xen/privcmd: fix error handling in mmap-resource processing
usb: typec: tcpm: handle SRC_STARTUP state if cc changes
USB: cdc-acm: fix break reporting
USB: cdc-acm: fix racy tty buffer accesses
Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
ANDROID: Different fix for KABI breakage in 5.4.151 in struct sock
Linux 5.4.152
libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
silence nfscache allocation warnings with kvzalloc
perf/x86: Reset destroy callback on event init failure
kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[]
KVM: do not shrink halt_poll_ns below grow_start
tools/vm/page-types: remove dependency on opt_file for idle page tracking
scsi: ses: Retry failed Send/Receive Diagnostic commands
selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn
selftests: be sure to make khdr before other targets
usb: dwc2: check return value after calling platform_get_resource()
usb: testusb: Fix for showing the connection speed
scsi: sd: Free scsi_disk device via put_device()
ext2: fix sleeping in atomic bugs on error
sparc64: fix pci_iounmap() when CONFIG_PCI is not set
xen-netback: correct success/error reporting for the SKB-with-fraglist case
net: mdio: introduce a shutdown method to mdio device drivers
ANDROID: Fix up KABI breakage in 5.4.151 in struct sock
Linux 5.4.151
HID: usbhid: free raw_report buffers in usbhid_stop
netfilter: ipset: Fix oversized kvmalloc() calls
HID: betop: fix slab-out-of-bounds Write in betop_probe
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
usb: hso: remove the bailout parameter
usb: hso: fix error handling code of hso_create_net_device
hso: fix bailout in error case of probe
libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
PCI: Fix pci_host_bridge struct device release/free handling
net: stmmac: don't attach interface until resume finishes
net: udp: annotate data race around udp_sk(sk)->corkflag
HID: u2fzero: ignore incomplete packets without data
ext4: fix potential infinite loop in ext4_dx_readdir()
ext4: fix reserved space counter leakage
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ipack: ipoctal: fix module reference leak
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix stack information leak
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
perf/x86/intel: Update event constraints for ICX
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
net: sched: flower: protect fl_walk() with rcu
net: hns3: do not allow call hns3_nic_net_open repeatedly
scsi: csiostor: Add module softdep on cxgb4
Revert "block, bfq: honor already-setup queue merges"
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
e100: fix buffer overrun in e100_get_regs
e100: fix length calculation in e100_get_regs_len
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
hwmon: (tmp421) fix rounding for negative values
hwmon: (tmp421) report /PVLD condition as fault
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
mac80211-hwsim: fix late beacon hrtimer handling
mac80211: mesh: fix potentially unaligned access
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
drm/amd/display: Pass PCI deviceid into DC
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
mac80211: fix use-after-free in CCMP/GCMP RX
scsi: ufs: Fix illegal offset in UPIU event trace
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
fs-verity: fix signed integer overflow with i_size near S64_MAX
usb: cdns3: fix race condition before setting doorbell
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
tty: Fix out-of-bound vmalloc access in imageblit
Revert "crypto: public_key: fix overflow during implicit conversion"
Linux 5.4.150
qnx4: work around gcc false positive warning bug
xen/balloon: fix balloon kthread freezing
arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
thermal/drivers/int340x: Do not set a wrong tcc offset on resume
EDAC/synopsys: Fix wrong value type assignment for edac_mode
spi: Fix tegra20 build with CONFIG_PM=n
net: 6pack: Fix tx timeout and slot time
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
arm64: Mark __stack_chk_guard as __ro_after_init
parisc: Use absolute_pointer() to define PAGE0
qnx4: avoid stringop-overread errors
sparc: avoid stringop-overread errors
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
compiler.h: Introduce absolute_pointer macro
blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
sparc32: page align size in arch_dma_alloc
nvme-multipath: fix ANA state updates when a namespace is not present
xen/balloon: use a kernel thread instead a workqueue
bpf: Add oversize check before call kvcalloc()
ipv6: delay fib6_sernum increase in fib6_add
m68k: Double cast io functions to unsigned long
net: stmmac: allow CSR clock of 300MHz
net: macb: fix use after free on rmmod
blktrace: Fix uaf in blk_trace access after removing by sysfs
md: fix a lock order reversal in md_alloc
irqchip/gic-v3-its: Fix potential VPE leak on error
irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
scsi: lpfc: Use correct scnprintf() limit
scsi: qla2xxx: Restore initiator in dual mode
cifs: fix a sign extension bug
thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
fpga: machxo2-spi: Return an error on failure
tty: synclink_gt: rename a conflicting function name
tty: synclink_gt, drop unneeded forward declarations
scsi: iscsi: Adjust iface sysfs attr detection
net/mlx4_en: Don't allow aRFS for encapsulated packets
qed: rdma - don't wait for resources under hw error recovery flow
gpio: uniphier: Fix void functions to remove return value
net/smc: add missing error check in smc_clc_prfx_set()
bnxt_en: Fix TX timeout when TX ring size is set to the smallest
enetc: Fix illegal access when reading affinity_hint
platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
net: hso: fix muxed tty registration
serial: mvebu-uart: fix driver's tx_empty callback
xhci: Set HCD flag to defer primary roothub registration
btrfs: prevent __btrfs_dump_space_info() to underflow its free space
erofs: fix up erofs_lookup tracepoint
mcb: fix error handling in mcb_alloc_bus()
USB: serial: option: add device id for Foxconn T99W265
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: mos7840: remove duplicated 0xac24 device ID
usb: core: hcd: Add support for deferring roothub registration
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
staging: greybus: uart: fix tty use after free
binder: make sure fd closes complete
USB: cdc-acm: fix minor-number release
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
xen/x86: fix PV trap handling on secondary processors
cifs: fix incorrect check for null pointer in header_assemble
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
usb: gadget: r8a66597: fix a loop in set_feature()
ocfs2: drop acl cache for directories too
Linux 5.4.149
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
rtc: rx8010: select REGMAP_I2C
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
pwm: stm32-lp: Don't modify HW state in .remove() callback
pwm: rockchip: Don't modify HW state in .remove() callback
pwm: img: Don't modify HW state in .remove() callback
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
btrfs: fix lockdep warning while mounting sprout fs
ceph: lockdep annotations for try_nonblocking_invalidate
ceph: request Fw caps before updating the mtime in ceph_write_iter
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
dmaengine: ioat: depends on !UML
dmaengine: sprd: Add missing MODULE_DEVICE_TABLE
parisc: Move pci_dev_is_behind_card_dino to where it is used
drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
thermal/core: Fix thermal_cooling_device_register() prototype
Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
net: stmmac: reset Tx desc base address before restarting Tx
phy: avoid unnecessary link-up delay in polling mode
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
profiling: fix shift-out-of-bounds bugs
nilfs2: use refcount_dec_and_lock() to fix potential UAF
prctl: allow to setup brk for et_dyn executables
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
um: virtio_uml: fix memory leak on init failures
staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb()
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
ARM: 9079/1: ftrace: Add MODULE_PLTS support
ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
ARM: 9077/1: PLT: Move struct plt_entries definition to header
apparmor: remove duplicate macro list_entry_is_head()
ARM: Qualify enabling of swiotlb_init()
s390/pci_mmio: fully validate the VMA before calling follow_pte()
console: consume APC, DM, DCS
KVM: remember position in kvm->vcpus array
PCI/ACPI: Add Ampere Altra SOC MCFG quirk
PCI: aardvark: Fix reporting CRS value
PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
PCI: aardvark: Indicate error in 'val' when config read fails
PCI: pci-bridge-emul: Fix big-endian support
Linux 5.4.148
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
s390/bpf: Fix optimizing out zero-extensions
net: renesas: sh_eth: Fix freeing wrong tx descriptor
ip_gre: validate csum_start only on pull
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
fq_codel: reject silly quantum parameters
netfilter: socket: icmp6: fix use-after-scope
net: dsa: b53: Fix calculating number of switch ports
perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
KVM: arm64: Handle PSCI resets before userspace touches vCPU state
mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
PCI: Fix pci_dev_str_match_path() alloc while atomic bug
mfd: axp20x: Update AXP288 volatile ranges
NTB: perf: Fix an error code in perf_setup_inbuf()
NTB: Fix an error code in ntb_msit_probe()
ethtool: Fix an error code in cxgb2.c
PCI: ibmphp: Fix double unmap of io_mem
block, bfq: honor already-setup queue merges
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
PCI: Add ACS quirks for Cavium multi-function devices
tracing/probes: Reject events which have the same name of existing one
mfd: Don't use irq_create_mapping() to resolve a mapping
fuse: fix use after free in fuse_read_interrupt()
PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
mfd: db8500-prcmu: Adjust map to reality
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
net: hns3: fix the timing issue of VF clearing interrupt sources
net: hns3: disable mac in flr process
net: hns3: change affinity_mask to numa node range
net: hns3: pad the short tunnel frame before sending to hardware
KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers
ibmvnic: check failover_pending in login response
dt-bindings: arm: Fix Toradex compatible typo
qed: Handle management FW error
tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
net/af_unix: fix a data-race in unix_dgram_poll
vhost_net: fix OoB on sendmsg() failure.
events: Reuse value read using READ_ONCE instead of re-reading it
net/mlx5: Fix potential sleeping in atomic context
net/mlx5: FWTrace, cancel work on alloc pd error flow
perf machine: Initialize srcline string member in add_location struct
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
tipc: fix an use-after-free issue in tipc_recvmsg
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
s390/sclp: fix Secure-IPL facility detection
drm/etnaviv: add missing MMU context put when reaping MMU mapping
drm/etnaviv: reference MMU context when setting up hardware state
drm/etnaviv: fix MMU context leak on GPU reset
drm/etnaviv: exec and MMU state is lost when resetting the GPU
drm/etnaviv: keep MMU context across runtime suspend/resume
drm/etnaviv: stop abusing mmu_context as FE running marker
drm/etnaviv: put submit prev MMU context when it exists
drm/etnaviv: return context from etnaviv_iommu_context_get
drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
PCI: Add AMD GPU multi-function power dependencies
PM: base: power: don't try to use non-existing RTC for storing data
arm64/sve: Use correct size when reinitialising SVE state
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
btrfs: fix upper limit for max_inline for page size 64K
drm/panfrost: Clamp lock region to Bifrost minimum
drm/panfrost: Use u64 for size in lock_region
drm/panfrost: Simplify lock_region calculation
drm/amdgpu: Fix BUG_ON assert
drm/msi/mdp4: populate priv->kms in mdp4_kms_init
net: dsa: lantiq_gswip: fix maximum frame length
lib/test_stackinit: Fix static initializer test
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
mm,vmscan: fix divide by zero in get_scan_count
mm/hugetlb: initialize hugetlb_usage in mm_init
s390/pv: fix the forcing of the swiotlb
cpufreq: powernv: Fix init_chip_info initialization in numa=off
scsi: qla2xxx: Sync queue idx with queue_pair_map idx
scsi: qla2xxx: Changes to support kdump kernel
scsi: BusLogic: Fix missing pr_cont() use
ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
fix array-index-out-of-bounds in taprio_change
net: fix NULL pointer reference in cipso_v4_doi_free
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
net/mlx5: DR, Enable QP retransmission
iwlwifi: mvm: fix access to BSS elements
iwlwifi: mvm: avoid static queue number aliasing
iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
drm/amdkfd: Account for SH/SE count when setting up cu masks.
ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
ASoC: rockchip: i2s: Fix regmap_ops hang
usbip:vhci_hcd USB port can get stuck in the disabled state
usbip: give back URBs for unsent unlink requests during cleanup
usb: musb: musb_dsps: request_irq() after initializing musb
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: core: Return correct emmc response in case of ioctl error
selftests/bpf: Enlarge select() timeout for test_maps
mmc: rtsx_pci: Fix long reads when clock is prescaled
mmc: sdhci-of-arasan: Check return value of non-void funtions
of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
ASoC: Intel: Skylake: Fix passing loadable flag for module
ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
btrfs: tree-log: check btrfs_lookup_data_extent return value
m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
drm/exynos: Always initialize mapping in exynos_drm_register_dma()
lockd: lockd server-side shouldn't set fl_ops
usb: chipidea: host: fix port index underflow and UBSAN complains
gfs2: Don't call dlm after protocol is unmounted
staging: rts5208: Fix get_ms_information() heap buffer size
rpc: fix gss_svc_init cleanup on failure
tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
serial: sh-sci: fix break handling for sysrq
opp: Don't print an error if required-opps is missing
Bluetooth: Fix handling of LE Enhanced Connection Complete
nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
arm64: dts: ls1046a: fix eeprom entries
arm64: tegra: Fix compatible string for Tegra132 CPUs
ARM: tegra: tamonten: Fix UART pad setting
mac80211: Fix monitor MTU limit so that A-MSDUs get through
drm/display: fix possible null-pointer dereference in dcn10_set_clock()
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
net/mlx5: Fix variable type to match 64bit
Bluetooth: avoid circular locks in sco_sock_connect
Bluetooth: schedule SCO timeouts with delayed_work
selftests/bpf: Fix xdp_tx.c prog section name
drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
arm64: dts: qcom: sdm660: use reg value for memory node
ARM: dts: imx53-ppd: Fix ACHC entry
media: tegra-cec: Handle errors of clk_prepare_enable()
media: TDA1997x: fix tda1997x_query_dv_timings() return value
media: v4l2-dv-timings.c: fix wrong condition in two for-loops
media: imx258: Limit the max analogue gain to 480
media: imx258: Rectify mismatch of VTS value
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
arm64: tegra: Fix Tegra194 PCIe EP compatible string
bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler()
workqueue: Fix possible memory leaks in wq_numa_init()
Bluetooth: skip invalid hci_sync_conn_complete_evt
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
samples: bpf: Fix tracex7 error raised on the missing argument
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390: make PCI mio support a machine flag
s390/jump_label: print real address in a case of a jump label bug
flow_dissector: Fix out-of-bounds warnings
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
drm/amd/display: Fix timer_per_pixel unit error
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
usb: gadget: composite: Allow bMaxPower=0 if self-powered
USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
usb: gadget: u_ether: fix a potential null pointer dereference
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
igc: Check if num of q_vectors is smaller than max before array access
drm: avoid blocking in drm_clients_info's rcu section
Smack: Fix wrong semantics in smk_access_entry()
netlink: Deal with ESRCH error in nlmsg_notify()
video: fbdev: kyro: fix a DoS bug by restricting user input
ARM: dts: qcom: apq8064: correct clock names
iavf: fix locking of critical sections
iavf: do not override the adapter state in the watchdog task
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
tipc: keep the skb in rcv queue until the whole data is read
PCI: Use pci_update_current_state() in pci_enable_device_flags()
crypto: mxs-dcp - Use sg_mapping_iter to copy data
media: dib8000: rewrite the init prbs logic
ASoC: atmel: ATMEL drivers don't need HAS_DMA
drm/amdgpu: Fix amdgpu_ras_eeprom_init()
userfaultfd: prevent concurrent API initialization
kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
MIPS: Malta: fix alignment of the devicetree buffer
f2fs: fix to unmap pages from userspace process in punch_hole()
f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
f2fs: fix to account missing .skipped_gc_rwsem
KVM: PPC: Fix clearing never mapped TCEs in realmode
clk: at91: clk-generated: Limit the requested rate to our range
clk: at91: clk-generated: pass the id of changeable parent at registration
clk: at91: sam9x60: Don't use audio PLL
fscache: Fix cookie key hashing
platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call
KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live
HID: i2c-hid: Fix Elan touchpad regression
scsi: target: avoid per-loop XCOPY buffer allocations
powerpc/config: Renable MTD_PHYSMAP_OF
scsi: qedf: Fix error codes in qedf_alloc_global_queues()
scsi: qedi: Fix error codes in qedi_alloc_global_queues()
scsi: smartpqi: Fix an error code in pqi_get_raid_map()
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
scsi: fdomain: Fix error return code in fdomain_probe()
SUNRPC: Fix potential memory corruption
dma-debug: fix debugfs initialization order
openrisc: don't printk() unconditionally
f2fs: reduce the scope of setting fsck tag when de->name_len is zero
f2fs: show f2fs instance in printk_ratelimited
RDMA/efa: Remove double QP type assignment
powerpc/stacktrace: Include linux/delay.h
vfio: Use config not menuconfig for VFIO_NOIOMMU
pinctrl: samsung: Fix pinctrl bank pin count
docs: Fix infiniband uverbs minor number
RDMA/iwcm: Release resources if iw_cm module initialization fails
IB/hfi1: Adjust pkey entry in index 0
scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
f2fs: quota: fix potential deadlock
HID: input: do not report stylus battery state as "full"
PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
PCI: aardvark: Fix checking for PIO status
PCI: xilinx-nwl: Enable the clock through CCF
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
PCI/portdrv: Enable Bandwidth Notification only if port supports it
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
dmaengine: imx-sdma: remove duplicated sdma_load_context
Revert "dmaengine: imx-sdma: refine to load context only once"
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
power: supply: max17042: handle fails of reading status register
block: bfq: fix bfq_set_next_ioprio_data()
crypto: public_key: fix overflow during implicit conversion
arm64: head: avoid over-mapping in map_memory
soc: aspeed: p2a-ctrl: Fix boundary check for mmap
soc: aspeed: lpc-ctrl: Fix boundary check for mmap
soc: qcom: aoss: Fix the out of bound usage of cooling_devs
pinctrl: ingenic: Fix incorrect pull up/down info
pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
tools/thermal/tmon: Add cross compiling support
9p/xen: Fix end of loop tests for list_for_each_entry
include/linux/list.h: add a macro to test if entry is pointing to the head
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
PCI/MSI: Skip masking MSI-X on Xen PV
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
btrfs: reset replace target device to allocation state on close
btrfs: wake up async_delalloc_pages waiters after submit
rtc: tps65910: Correct driver module alias
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/arm/tegra.yaml
Documentation/devicetree/bindings/mtd/gpmc-nand.txt
Documentation/devicetree/bindings/regulator/samsung,s5m8767.txt
kernel/sched/cpufreq_schedutil.c
Change-Id: Id17c4366cdc6854cd23fba0f41d335b09fc6100e
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
|
||
|
Srinivasarao Pathipati
|
828abb51dd |
Merge android11-5.4.147+ (dc8c919) into msm-5.4
* refs/heads/tmp-dc8c919:
Revert dwc3 changes
ANDROID: GKI: Update FCNT KMI symbol list No new symbols added that are not already in the .xml file.
ANDROID: GKI : Update symbols to symbol list
BACKPORT: crypto: arch - conditionalize crypto api in arch glue for lib code
BACKPORT: crypto: arch/lib - limit simd usage to 4k chunks
UPSTREAM: crypto: arm/blake2s - fix for big endian
ANDROID: gki_defconfig: enable BLAKE2b support
BACKPORT: crypto: arm/blake2b - add NEON-accelerated BLAKE2b
BACKPORT: crypto: blake2b - update file comment
BACKPORT: crypto: blake2b - sync with blake2s implementation
UPSTREAM: crypto: arm/blake2s - add ARM scalar optimized BLAKE2s
UPSTREAM: crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
UPSTREAM: crypto: blake2s - adjust include guard naming
UPSTREAM: crypto: blake2s - add comment for blake2s_state fields
UPSTREAM: crypto: blake2s - optimize blake2s initialization
BACKPORT: crypto: blake2s - share the "shash" API boilerplate code
UPSTREAM: crypto: blake2s - move update and final logic to internal/blake2s.h
UPSTREAM: crypto: blake2s - remove unneeded includes
UPSTREAM: crypto: x86/blake2s - define shash_alg structs using macros
UPSTREAM: crypto: blake2s - define shash_alg structs using macros
UPSTREAM: crypto: lib/blake2s - Move selftest prototype into header file
UPSTREAM: crypto: blake2b - Fix clang optimization for ARMv7-M
UPSTREAM: crypto: blake2b - rename tfm context and _setkey callback
UPSTREAM: crypto: blake2b - merge _update to api callback
UPSTREAM: crypto: blake2b - open code set last block helper
UPSTREAM: crypto: blake2b - delete unused structs or members
UPSTREAM: crypto: blake2b - simplify key init
UPSTREAM: crypto: blake2b - merge blake2 init to api callback
UPSTREAM: crypto: blake2b - merge _final implementation to callback
BACKPORT: crypto: testmgr - add test vectors for blake2b
BACKPORT: crypto: blake2b - add blake2b generic implementation
UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
UPSTREAM: crypto: blake2s - implement generic shash driver
UPSTREAM: crypto: testmgr - add test cases for Blake2s
UPSTREAM: crypto: blake2s - generic C library implementation and selftest
UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
ANDROID: ion heap: init ion heaps in subsys_initcall
UPSTREAM: ovl: simplify file splice
ANDROID: ABI: update allowed list for galaxy
ANDROID: ABI: Update allowed list for QCOM
ANDROID: distribute Module.symvers
UPSTREAM: usb: max-3421: Prevent corruption of freed memory
ANDROID: ABI: Update allowed list for QCOM
UPSTREAM: driver core: Prevent warning when removing a device link from unregistered consumer
UPSTREAM: udp: properly flush normal packet at GRO time
UPSTREAM: net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
UPSTREAM: f2fs: Advertise encrypted casefolding in sysfs
UPSTREAM: loop: Fix missing discard support when using LOOP_CONFIGURE
UPSTREAM: thermal/drivers/sprd: Add missing MODULE_DEVICE_TABLE
UPSTREAM: nvmem: sprd: Fix an error message
UPSTREAM: usb: musb: Fix an error message
UPSTREAM: scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend
UPSTREAM: scsi: ufs: core: Do not put UFS power into LPM if link is broken
UPSTREAM: selinux: add proper NULL termination to the secclass_map permissions
UPSTREAM: of: property: fw_devlink: do not link ".*,nr-gpios"
UPSTREAM: udp: never accept GSO_FRAGLIST packets
UPSTREAM: udp: skip L4 aggregation for UDP tunnel packets
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: pinctrl: sunxi: fix irq bank map for the Allwinner A100 pin controller
UPSTREAM: loop: Set correct device size when using LOOP_CONFIGURE
UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
ANDROID: ion_system_heap: Add __GFP_NOWARN to mid-order allocations
ANDROID: drivers: gpu: drm: increase the MAX_DRM_OPEN_COUNT
UPSTREAM: af_unix: fix garbage collect vs MSG_PEEK
Linux 5.4.147
Revert "time: Handle negative seconds correctly in timespec64_to_ns()"
Revert "posix-cpu-timers: Force next expiration recalc after itimer reset"
Revert "block: nbd: add sanity check for first_minor"
Revert "Bluetooth: Move shutdown callback before flushing tx and rx queue"
Linux 5.4.146
clk: kirkwood: Fix a clocking boot regression
backlight: pwm_bl: Improve bootloader/kernel device handover
fbmem: don't allow too huge resolutions
IMA: remove the dependency on CRYPTO_MD5
IMA: remove -Wmissing-prototypes warning
fuse: flush extending writes
fuse: truncate pagecache on atomic_o_trunc
KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
KVM: s390: index kvm->arch.idle_mask by vcpu_idx
x86/resctrl: Fix a maybe-uninitialized build warning treated as error
perf/x86/amd/ibs: Extend PERF_PMU_CAP_NO_EXCLUDE to IBS Op
tty: Fix data race between tiocsti() and flush_to_ldisc()
time: Handle negative seconds correctly in timespec64_to_ns()
bpf: Fix pointer arithmetic mask tightening under state pruning
bpf: verifier: Allocate idmap scratch in verifier env
bpf: Fix leakage due to insufficient speculative store bypass mitigation
bpf: Introduce BPF nospec instruction for mitigating Spectre v4
ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
octeontx2-af: Fix loop in free and unmap counter
net: qualcomm: fix QCA7000 checksum handling
net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
ipv4: make exception cache less predictible
ipv6: make exception cache less predictible
brcmfmac: pcie: fix oops on failure to resume and reprobe
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
ASoC: wcd9335: Disable irq on slave ports in the remove function
ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function
ASoC: wcd9335: Fix a double irq free in the remove function
tty: serial: fsl_lpuart: fix the wrong mapbase value
usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
bpf: Fix possible out of bound write in narrow load handling
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
ASoC: Intel: Skylake: Fix module resource and format selection
ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
rsi: fix an error code in rsi_probe()
rsi: fix error code in rsi_load_9116_firmware()
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
Bluetooth: add timeout sanity check to hci_inquiry
mm/swap: consider max pages in iomap_swapfile_add_extent
usb: gadget: mv_u3d: request_irq() after initializing UDC
nfsd4: Fix forced-expiry locking
lockd: Fix invalid lockowner cast after vfs_test_lock
mac80211: Fix insufficient headroom issue for AMSDU
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
Bluetooth: Move shutdown callback before flushing tx and rx queue
usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
Bluetooth: fix repeated calls to sco_sock_kill
counter: 104-quad-8: Return error when invalid mode during ceiling_write
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs
PM: EM: Increase energy calculation precision
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
debugfs: Return error during {full/open}_proxy_open() on rmmod
soc: qcom: smsm: Fix missed interrupts if state changes while masked
PCI: PM: Enable PME if it can be signaled from D3cold
PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
media: venus: venc: Fix potential null pointer dereference on pointer fmt
media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
leds: trigger: audio: Add an activate callback to ensure the initial brightness is set
leds: lt3593: Put fwnode in any case during ->probe()
i2c: highlander: add IRQ check
net: cipso: fix warnings in netlbl_cipsov4_add_std
cgroup/cpuset: Fix a partition bug with hotplug
net/mlx5e: Prohibit inner indir TIRs in IPoIB
ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties
ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties
ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties
ARM: dts: meson8: Use a higher default GPU clock frequency
tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
drm/amdgpu/acp: Make PM domain really work
netns: protect netns ID lookups with RCU
6lowpan: iphc: Fix an off-by-one check of array index
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
media: go7007: remove redundant initialization
media: dvb-usb: Fix error handling in dvb_usb_i2c_init
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
soc: qcom: rpmhpd: Use corner in power_off
arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties
ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi
bpf: Fix potential memleak and UAF in the verifier.
bpf: Fix a typo of reuseport map in bpf.h.
media: cxd2880-spi: Fix an error handling path
soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally
media: TDA1997x: enable EDID support
drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init()
EDAC/i10nm: Fix NVDIMM detection
spi: spi-zynq-qspi: use wait_for_completion_timeout to make zynq_qspi_exec_mem_op not interruptible
spi: sprd: Fix the wrong WDG_LOAD_VAL
regulator: vctrl: Avoid lockdep warning in enable/disable ops
regulator: vctrl: Use locked regulator_get_voltage in probe path
certs: Trigger creation of RSA module signing key if it's not an RSA key
crypto: qat - use proper type for vf_mask
block: nbd: add sanity check for first_minor
clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel
lib/mpi: use kcalloc in mpi_resize
genirq/timings: Fix error return code in irq_timings_test_irqs()
spi: spi-pic32: Fix issue with uninitialized dma_slave_config
spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
sched: Fix UCLAMP_FLAG_IDLE setting
m68k: emu: Fix invalid free in nfeth_cleanup()
s390/debug: fix debug area life cycle
s390/kasan: fix large PMD pages address alignment check
udf_get_extendedattr() had no boundary checks.
fcntl: fix potential deadlock for &fasync_struct.fa_lock
crypto: qat - do not export adf_iov_putmsg()
crypto: qat - fix naming for init/shutdown VF to PF notifications
crypto: qat - fix reuse of completion variable
crypto: qat - handle both source of interrupt in VF ISR
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
s390/cio: add dev_busid sysfs entry for each subchannel
power: supply: max17042_battery: fix typo in MAx17042_TOFF
nvmet: pass back cntlid on successful completion
nvme-rdma: don't update queue count when failing to set io queues
nvme-tcp: don't update queue count when failing to set io queues
bcache: add proper error unwinding in bcache_device_init
isofs: joliet: Fix iocharset=utf8 mount option
udf: Fix iocharset=utf8 mount option
udf: Check LVID earlier
hrtimer: Ensure timerfd notification for HIGHRES=n
hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns()
posix-cpu-timers: Force next expiration recalc after itimer reset
rcu/tree: Handle VM stoppage in stall detection
sched/deadline: Fix missing clock update in migrate_task_rq_dl()
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
sched/deadline: Fix reset_on_fork reporting of DL tasks
crypto: mxs-dcp - Check for DMA mapping errors
regmap: fix the offset of register error log
locking/mutex: Fix HANDOFF condition
ANDROID: GKI: db845c: Update symbols list and ABI for lts v5.4.144
Linux 5.4.145
PCI: Call Max Payload Size-related fixup quirks early
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
xhci: fix unsafe memory usage in xhci tracing
usb: mtu3: fix the wrong HS mult value
usb: mtu3: use @mult for HS isoc or intr
usb: host: xhci-rcar: Don't reload firmware after the completion
ALSA: usb-audio: Add registration quirk for JBL Quantum 800
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating
Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM"
mm/page_alloc: speed up the iteration of max_order
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
igmp: Add ip_mc_list lock in ip_check_mc_rcu
media: stkwebcam: fix memory leak in stk_camera_probe
ARC: wireup clone3 syscall
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
ARM: 8918/2: only build return_address() if needed
cryptoloop: add a deprecation warning
perf/x86/amd/power: Assign pmu.module
perf/x86/amd/ibs: Work around erratum #1197
perf/x86/intel/pt: Fix mask of num_address_ranges
qede: Fix memset corruption
net: macb: Add a NULL check on desc_ptp
qed: Fix the VF msix vectors flow
reset: reset-zynqmp: Fixed the argument data type
gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
kthread: Fix PF_KTHREAD vs to_kthread() race
ubifs: report correct st_size for encrypted symlinks
f2fs: report correct st_size for encrypted symlinks
ext4: report correct st_size for encrypted symlinks
fscrypt: add fscrypt_symlink_getattr() for computing st_size
ext4: fix race writing to an inline_data file while its xattrs are changing
Revert "once: Fix panic when module unload"
Linux 5.4.144
audit: move put_tree() to avoid trim_trees refcount underflow and UAF
net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat"
Revert "floppy: reintroduce O_NDELAY fix"
btrfs: fix NULL pointer dereference when deleting device by invalid id
arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
net: dsa: mt7530: fix VLAN traffic leaks again
bpf: Fix cast to pointer from integer of different size warning
bpf: Track contents of read-only maps as scalars
vt_kdsetmode: extend console locking
btrfs: fix race between marking inode needs to be logged and log syncing
net/rds: dma_map_sg is entitled to merge entries
drm/nouveau/disp: power down unused DP links during init
drm: Copy drm_wait_vblank to user before returning
qed: Fix null-pointer dereference in qed_rdma_create_qp()
qed: qed ll2 race condition fixes
vringh: Use wiov->used to check for read/write desc order
virtio_pci: Support surprise removal of virtio pci device
virtio: Improve vq->broken access to avoid any compiler optimization
opp: remove WARN when no valid OPPs remain
perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
usb: gadget: u_audio: fix race condition on endpoint stop
drm/i915: Fix syncmap memory leak
net: hns3: fix get wrong pfc_en when query PFC configuration
net: hns3: fix duplicate node in VLAN list
net: hns3: clear hardware resource when loading driver
rtnetlink: Return correct error on changing device netns
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
ip_gre: add validation for csum_start
RDMA/efa: Free IRQ vectors on error flow
e1000e: Fix the max snoop/no-snoop latency for 10M
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
RDMA/bnxt_re: Add missing spin lock initialization
scsi: core: Fix hang of freezing queue between blocking and running device
usb: dwc3: gadget: Stop EP0 transfers during pullup disable
usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
mm, oom: make the calculation of oom badness more accurate
mmc: sdhci-msm: Update the software timeout value for sdhc
ovl: fix uninitialized pointer read in ovl_lookup_real_one()
once: Fix panic when module unload
netfilter: conntrack: collect all entries in one cycle
ARC: Fix CONFIG_STACKDEPOT
net: qrtr: fix another OOB Read in qrtr_endpoint_post
Revert "virtio: Protect vqs list access"
Revert "net: igmp: fix data-race in igmp_ifc_timer_expire()"
Revert "net: igmp: increase size of mr_ifc_count"
Revert "PCI/MSI: Protect msi_desc::masked for multi-MSI"
Linux 5.4.143
netfilter: nft_exthdr: fix endianness of tcp option cast
fs: warn about impending deprecation of mandatory locks
mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
mm, memcg: avoid stale protection values when cgroup is above protection
ASoC: intel: atom: Fix breakage for PCM buffer address setup
PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
ipack: tpci200: fix memory leak in the tpci200_register
ipack: tpci200: fix many double free issues in tpci200_pci_probe
slimbus: ngd: reset dma setup during runtime pm
slimbus: messaging: check for valid transaction id
slimbus: messaging: start transaction ids from 1 instead of zero
tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
ALSA: hda - fix the 'Capture Switch' value change notifications
mmc: dw_mmc: Fix hang on data CRC error
ovl: add splice file read write helper
iavf: Fix ping is lost after untrusted VF had tried to change MAC
i40e: Fix ATR queue selection
ovs: clear skb->tstamp in forwarding path
net: mdio-mux: Handle -EPROBE_DEFER correctly
net: mdio-mux: Don't ignore memory allocation errors
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
virtio-net: support XDP when not more queues
vrf: Reset skb conntrack connection on VRF rcv
bnxt_en: Add missing DMA memory barriers
ptp_pch: Restore dependency on PCI
net: 6pack: fix slab-out-of-bounds in decode_data
bnxt: disable napi before canceling DIM
bnxt: don't lock the tx queue from napi poll
bpf: Clear zext_dst of dead insns
vhost: Fix the calculation in vhost_overflow()
virtio: Protect vqs list access
dccp: add do-while-0 stubs for dccp_pr_debug macros
cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
iommu: Check if group is NULL before remove device
Bluetooth: hidp: use correct wait queue when removing ctrl_wait
drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
net: usb: lan78xx: don't modify phy_device state concurrently
ARM: dts: nomadik: Fix up interrupt controller node names
scsi: core: Fix capacity set to zero after offlinining device
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
USB: core: Avoid WARNings for 0-length descriptor requests
media: drivers/media/usb: fix memory leak in zr364xx_probe
media: zr364xx: fix memory leaks in probe()
media: zr364xx: propagate errors from zr364xx_start_readpipe()
mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
x86/fpu: Make init_fpstate correct with optimized XSAVE
ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
Linux 5.4.142
KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
iommu/vt-d: Fix agaw for a supported 48 bit guest address width
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
ceph: take snap_empty_lock atomically with snaprealm refcount change
ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm
ceph: add some lockdep assertions around snaprealm handling
KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
PCI/MSI: Protect msi_desc::masked for multi-MSI
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Correct misleading comments
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Enforce MSI[X] entry updates to be visible
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Enable and mask MSI-X early
genirq/timings: Prevent potential array overflow in __irq_timings_store()
genirq/msi: Ensure deactivation on teardown
x86/resctrl: Fix default monitoring groups reporting
x86/ioapic: Force affinity setup before startup
x86/msi: Force affinity setup before startup
genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
x86/tools: Fix objdump version check again
powerpc/kprobes: Fix kprobe Oops happens in booke
nbd: Aovid double completion of a request
vsock/virtio: avoid potential deadlock when vsock device remove
xen/events: Fix race in set_evtchn_to_irq
net: igmp: increase size of mr_ifc_count
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
net: linkwatch: fix failure to restore device state across suspend/resume
net: bridge: fix memleak in br_add_if()
net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
net: igmp: fix data-race in igmp_ifc_timer_expire()
net: Fix memory leak in ieee802154_raw_deliver
net: dsa: microchip: Fix ksz_read64()
drm/meson: fix colour distortion from HDR set during vendor u-boot
net/mlx5: Fix return value from tracer initialization
psample: Add a fwd declaration for skbuff
iavf: Set RSS LUT and key in reset handle path
net: sched: act_mirred: Reset ct info when mirror/redirect skb
ppp: Fix generating ifname when empty IFLA_IFNAME is specified
net: phy: micrel: Fix link detection on ksz87xx switch"
platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables
platform/x86: pcengines-apuv2: revert wiring up simswitch GPIO as LED
net: dsa: mt7530: add the missing RxUnicast MIB counter
ASoC: cs42l42: Fix LRCLK frame start edge
netfilter: nf_conntrack_bridge: Fix memory leak when error
ASoC: cs42l42: Remove duplicate control for WNF filter frequency
ASoC: cs42l42: Fix inversion of ADC Notch Switch control
ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J
ASoC: cs42l42: Correct definition of ADC Volume control
ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
libnvdimm/region: Fix label activation vs errors
ACPI: NFIT: Fix support for virtual SPA ranges
ceph: reduce contention in ceph_check_delayed_caps()
i2c: dev: zero out array used for i2c reads from userspace
ASoC: intel: atom: Fix reference to PCM buffer address
ASoC: xilinx: Fix reference to PCM buffer address
iio: adc: Fix incorrect exit of for-loop
iio: humidity: hdc100x: Add margin to the conversion time
iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
Linux 5.4.141
btrfs: don't flush from btrfs_delayed_inode_reserve_metadata
btrfs: export and rename qgroup_reserve_meta
btrfs: qgroup: don't commit transaction when we already hold the handle
net: xilinx_emaclite: Do not print real IOMEM pointer
btrfs: fix lockdep splat when enabling and disabling qgroups
btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT
btrfs: transaction: Cleanup unused TRANS_STATE_BLOCKED
btrfs: qgroup: try to flush qgroup space when we get -EDQUOT
btrfs: qgroup: allow to unreserve range without releasing other ranges
btrfs: make btrfs_qgroup_reserve_data take btrfs_inode
btrfs: make qgroup_free_reserved_data take btrfs_inode
ovl: prevent private clone if bind mount is not allowed
ppp: Fix generating ppp unit id when ifname is not specified
ALSA: hda: Add quirk for ASUS Flow x13
USB:ehci:fix Kunpeng920 ehci hardware problem
KVM: X86: MMU: Use the correct inherited permissions to get shadow page
usb: dwc3: gadget: Avoid runtime resume if disabling pullup
usb: dwc3: gadget: Disable gadget IRQ during pullup disable
usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable
usb: dwc3: gadget: Prevent EP queuing while stopping transfers
usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
usb: dwc3: Stop active transfers before halting the controller
tracing: Reject string operand in the histogram expression
media: v4l2-mem2mem: always consider OUTPUT queue during poll
tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag
KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
Linux 5.4.140
arm64: fix compat syscall return truncation
net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset
alpha: Send stop IPI to send to online CPUs
virt_wifi: fix error on connect
reiserfs: check directory items on read from disk
reiserfs: add check for root_inode in reiserfs_fill_super
libata: fix ata_pio_sector for CONFIG_HIGHMEM
bpf, selftests: Adjust few selftest result_unpriv outcomes
perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
soc: ixp4xx/qmgr: fix invalid __iomem access
spi: meson-spicc: fix memory leak in meson_spicc_remove
soc: ixp4xx: fix printing resources
arm64: vdso: Avoid ISB after reading from cntvct_el0
KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
KVM: Do not leak memory for duplicate debugfs directories
KVM: x86: accept userspace interrupt only if no event is injected
md/raid10: properly indicate failure when ending a failed write request
pcmcia: i82092: fix a null pointer dereference bug
timers: Move clearing of base::timer_running under base:: Lock
serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts.
serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
MIPS: Malta: Do not byte-swap accesses to the CBUS UART
serial: 8250: Mask out floating 16/32-bit bus bits
serial: 8250_mtk: fix uart corruption issue when rx power off
serial: tegra: Only print FIFO error message when an error occurs
ext4: fix potential htree corruption when growing large_dir directories
pipe: increase minimum default pipe size to 2 pages
media: rtl28xxu: fix zero-length control request
staging: rtl8712: get rid of flush_scheduled_work
staging: rtl8723bs: Fix a resource leak in sd_int_dpc
tpm_ftpm_tee: Free and unregister TEE shared memory during kexec
optee: Fix memory leak when failing to register shm pages
tee: add tee_shm_alloc_kernel_buf()
optee: Clear stale cache entries during initialization
tracing / histogram: Give calculation hist_fields a size
scripts/tracing: fix the bug that can't parse raw_trace_func
clk: fix leak on devm_clk_bulk_get_all() unwind
usb: otg-fsm: Fix hrtimer list corruption
usb: gadget: f_hid: idle uses the highest byte for duration
usb: gadget: f_hid: fixed NULL pointer dereference
usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
usb: cdns3: Fixed incorrect gadget state
ALSA: usb-audio: Add registration quirk for JBL Quantum 600
ALSA: hda/realtek: add mic quirk for Acer SF314-42
firmware_loader: fix use-after-free in firmware_fallback_sysfs
firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback
USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
USB: serial: ch341: fix character loss at high transfer rates
USB: serial: option: add Telit FD980 composition 0x1056
USB: usbtmc: Fix RCU stall warning
Bluetooth: defer cleanup of resources in hci_unregister_dev()
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
net: vxge: fix use-after-free in vxge_device_unregister
net: fec: fix use-after-free in fec_drv_remove
net: pegasus: fix uninit-value in get_interrupt_interval
bnx2x: fix an error code in bnx2x_nic_load()
mips: Fix non-POSIX regexp
net: ipv6: fix returned variable type in ip6_skb_dst_mtu
nfp: update ethtool reporting of pauseframe control
sctp: move the active_key update after sh_keys is added
gpio: tqmx86: really make IRQ optional
net: natsemi: Fix missing pci_disable_device() in probe and remove
net: phy: micrel: Fix detection of ksz87xx switch
net: dsa: sja1105: invalidate dynamic FDB entries learned concurrently with statically added ones
net: dsa: sja1105: overwrite dynamic FDB entries with static ones in .port_fdb_add
net, gro: Set inner transport header offset in tcp/udp GRO hook
dmaengine: imx-dma: configure the generic DMA type to make it work
media: videobuf2-core: dequeue if start_streaming fails
scsi: sr: Return correct event when media event code is 3
spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator
ARM: dts: am437x-l4: fix typo in can@0 node
clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
ALSA: usb-audio: fix incorrect clock source setting
arm64: dts: armada-3720-turris-mox: remove mrvl,i2c-fast-mode
ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out pins
ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init
ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz
ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms
ARM: imx: add missing clk_disable_unprepare()
ARM: imx: add missing iounmap()
arm64: dts: ls1028a: fix node name for the sysclk
ALSA: seq: Fix racy deletion of subscriber
Revert "ACPICA: Fix memory leak caused by _CID repair function"
ANDROID: GKI: fix up android/abi_gki_aarch64.xml merge
Linux 5.4.139
spi: mediatek: Fix fifo transfer
bpf, selftests: Adjust few selftest outcomes wrt unreachable code
bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones
bpf: Test_verifier, add alu32 bounds tracking tests
bpf: Fix leakage under speculation on mispredicted branches
bpf: Do not mark insn as seen under speculative path verification
bpf: Inherit expanded/patched seen count from old aux data
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
firmware: arm_scmi: Add delayed response status check
firmware: arm_scmi: Ensure drivers provide a probe function
Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
ACPI: fix NULL pointer dereference
nvme: fix nvme_setup_command metadata trace event
net: Fix zero-copy head len calculation.
qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
r8152: Fix potential PM refcount imbalance
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
spi: stm32h7: fix full duplex irq handler handling
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction
btrfs: fix race causing unnecessary inode logging during link and rename
btrfs: do not commit logs and transactions during link and rename operations
btrfs: delete duplicated words + other fixes in comments
Linux 5.4.138
can: j1939: j1939_session_deactivate(): clarify lifetime of session object
i40e: Add additional info to PHY type error
Revert "perf map: Fix dso->nsinfo refcounting"
powerpc/pseries: Fix regression while building external modules
PCI: mvebu: Setup BAR0 in order to fix MSI
can: hi311x: fix a signedness bug in hi3110_cmd()
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
sctp: fix return value check in __sctp_rcv_asconf_lookup
net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
net/mlx5: Fix flow table chaining
net: llc: fix skb_over_panic
mlx4: Fix missing error code in mlx4_load_one()
net: Set true network header for ECN decapsulation
tipc: fix sleeping in tipc accept routine
i40e: Fix log TC creation failure when max num of queues is exceeded
i40e: Fix queue-to-TC mapping on Tx
i40e: Fix firmware LLDP agent related warning
i40e: Fix logic of disabling queues
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
netfilter: conntrack: adjust stop timestamp to real expiry value
cfg80211: Fix possible memory leak in function cfg80211_bss_update
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
can: mcba_usb_start(): add missing urb->transfer_dma initialization
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
KVM: add missing compat KVM_CLEAR_DIRTY_LOG
x86/kvm: fix vcpu-id indexed array sizes
Revert "ACPI: resources: Add checks for ACPI IRQ override"
btrfs: mark compressed range uptodate only if all bio succeed
btrfs: fix rw device counting in __btrfs_free_extra_devids
x86/asm: Ensure asm/proto.h can be included stand-alone
net_sched: check error pointer in tcf_dump_walker()
Linux 5.4.137
ipv6: ip6_finish_output2: set sk into newly allocated nskb
ARM: dts: versatile: Fix up interrupt controller node names
iomap: remove the length variable in iomap_seek_hole
iomap: remove the length variable in iomap_seek_data
cifs: fix the out of range assignment to bit fields in parse_server_interfaces
firmware: arm_scmi: Fix range check for the maximum number of pending messages
firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
ipv6: allocate enough headroom in ip6_finish_output2()
sctp: move 198 addresses from unusable to private scope
net: annotate data race around sk_ll_usec
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
cgroup1: fix leaked context root causing sporadic NULL deref in LTP
workqueue: fix UAF in pwq_unbound_release_workfn()
af_unix: fix garbage collect vs MSG_PEEK
KVM: x86: determine if an exception has an error code only when injecting it.
tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include
selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
ANDROID: Update android/abi_gki_aarch64.xml
ANDROID: Update android/abi_gki_aarch64_goldfish
Linux 5.4.136
xhci: add xhci_get_virt_ep() helper
perf inject: Close inject.output on exit
PCI: Mark AMD Navi14 GPU ATS as broken
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
drm: Return -ENOTTY for non-drm ioctls
nds32: fix up stack guard gap
rbd: always kick acquire on "acquired" and "released" notifications
rbd: don't hold lock_rwsem while running_list is being drained
hugetlbfs: fix mount mode command line processing
userfaultfd: do not untag user pointers
selftest: use mmap instead of posix_memalign to allocate memory
ixgbe: Fix packet corruption due to missing DMA sync
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
btrfs: check for missing device in btrfs_trim_fs
tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
tracing/histogram: Rename "cpu" to "common_cpu"
firmware/efi: Tell memblock about EFI iomem reservations
usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
usb: hub: Fix link power management max exit latency (MEL) calculations
usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
xhci: Fix lost USB 2 remote wake
ALSA: hdmi: Expose all pins on MSI MS-7C94 board
ALSA: sb: Fix potential ABBA deadlock in CSP driver
ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
s390/boot: fix use of expolines in the DMA code
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
proc: Avoid mixing integer types in mem_rw()
drm/panel: raspberrypi-touchscreen: Prevent double-free
net: sched: cls_api: Fix the the wrong parameter
sctp: update active_key for asoc when old key is being replaced
nvme: set the PRACT bit when using Write Zeroes with T10 PI
r8169: Avoid duplicate sysfs entry creation error
afs: Fix tracepoint string placement with built-in AFS
Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
net/sched: act_skbmod: Skip non-Ethernet packets
net: hns3: fix rx VLAN offload state inconsistent issue
net/tcp_fastopen: fix data races around tfo_active_disable_stamp
net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
bnxt_en: Check abort error state in bnxt_half_open_nic()
bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task()
bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence.
spi: cadence: Correct initialisation of runtime PM again
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
net: sched: fix memory leak in tcindex_partial_destroy_work
KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
net: decnet: Fix sleeping inside in af_decnet
efi/tpm: Differentiate missing and invalid final event log table.
net: fix uninit-value in caif_seqpkt_sendmsg
bpftool: Check malloc return value in mount_bpffs_for_pin
bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
liquidio: Fix unintentional sign extension issue on left shift of u16
ASoC: rt5631: Fix regcache sync errors on resume
spi: mediatek: fix fifo rx mode
regulator: hi6421: Fix getting wrong drvdata
regulator: hi6421: Use correct variable type for regmap api val argument
spi: stm32: fixes pm_runtime calls in probe/remove
spi: stm32: Use dma_request_chan() instead dma_request_slave_channel()
spi: imx: add a check for speed_hz before calculating the clock
perf data: Close all files in close_dir()
perf probe-file: Delete namelist in del_events() on the error path
perf lzma: Close lzma stream on exit
perf script: Fix memory 'threads' and 'cpus' leaks on exit
perf dso: Fix memory leak in dso__new_map()
perf test event_update: Fix memory leak of evlist
perf test session_topology: Delete session->evlist
perf env: Fix sibling_dies memory leak
perf probe: Fix dso->nsinfo refcounting
perf map: Fix dso->nsinfo refcounting
nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
cxgb4: fix IRQ free race during driver unload
pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped
selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect
selftests: icmp_redirect: remove from checking for IPv6 route get
ipv6: fix 'disable_policy' for fwd packets
gve: Fix an error handling path in 'gve_probe()'
igb: Fix position of assignment to *ring
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
igc: Fix an error handling path in 'igc_probe()'
igc: Prefer to use the pci_release_mem_regions method
ixgbe: Fix an error handling path in 'ixgbe_probe()'
igc: change default return of igc_read_phy_reg()
igb: Fix use-after-free error during reset
igc: Fix use-after-free error during reset
Linux 5.4.135
udp: annotate data races around unix_sk(sk)->gso_size
perf test bpf: Free obj_buf
bpftool: Properly close va_list 'ap' by va_end() on error
ipv6: tcp: drop silly ICMPv6 packet too big messages
tcp: annotate data races around tp->mtu_info
dma-buf/sync_file: Don't leak fences on merge failure
net: fddi: fix UAF in fza_probe
net: validate lwtstate->data before returning from skb_tunnel_info()
net: send SYNACK packet with accepted fwmark
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
net: bridge: sync fdb to new unicast-filtering ports
net/sched: act_ct: fix err check for nf_conntrack_confirm
netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
net: ipv6: fix return value of ip6_skb_dst_mtu
net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
dm writecache: return the exact table values that were set
mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
usb: cdns3: Enable TDL_CHK only for OUT ep
f2fs: Show casefolding support only when supported
arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file
firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible string
arm64: dts: armada-3720-turris-mox: add firmware node
cifs: prevent NULL deref in cifs_compose_mount_options()
s390: introduce proper type handling call_on_stack() macro
sched/fair: Fix CFS bandwidth hrtimer expiry type
scsi: qedf: Add check to synchronize abort and flush
scsi: libfc: Fix array index out of bound exception
scsi: libsas: Add LUN number check in .slave_alloc callback
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
thermal/core: Correct function name thermal_zone_device_unregister()
arm64: dts: imx8mq: assign PCIe clocks
arm64: dts: ls208xa: remove bus-num from dspi node
firmware: tegra: bpmp: Fix Tegra234-only builds
soc/tegra: fuse: Fix Tegra234-only builds
ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
ARM: dts: rockchip: fix supply properties in io-domains nodes
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios
kbuild: sink stdout from cmd for silent build
rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: Hurricane 2: Fix NAND nodes names
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: NSP: dts: fix NAND nodes names
ARM: Cygnus: dts: fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
arm64: dts: rockchip: Fix power-controller node names for rk3328
arm64: dts: rockchip: Fix power-controller node names for px30
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: Fix power-controller node names for rk3188
ARM: dts: rockchip: Fix power-controller node names for rk3066a
ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
ARM: dts: rockchip: Fix the timer clocks order
arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
ARM: dts: gemini: add device_type on pci
ARM: dts: gemini: rename mdio to the right name
Conflicts:
drivers/mmc/host/sdhci-msm.c
drivers/scsi/ufs/ufshcd.c
drivers/staging/android/ion/heaps/ion_cma_heap.c
drivers/usb/dwc3/gadget.c
include/linux/oom.h
kernel/time/hrtimer.c
mm/oom_kill.c
net/qrtr/qrtr.c
Change-Id: I1c29c9ef4233acd05550475b29b8f7d30b6c452d
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
|
||
|
Greg Kroah-Hartman
|
c4f92aff87 |
This is the 5.4.148 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFLBPMACgkQONu9yGCS
aT6BIQ//Wb4ZQJtEVvaKnda7vFwe8BoZzPGYZA4Imn9KERDRgHuavEuRfMQtKc2y
YHwe/PD2JreuDHcd+Wz32xsdMe045xNvgiE1oGcxq0jNBvhJqANSmVTWpdqAquON
cTmwsK3roa7ELC2g1WjrYZDv6CrCggqvbuM9AJ/cLITtd8zerhLdZo+CCDG/28cH
EosrWvkBcaGmX+r/IBC86Rt6K2OFQ/3LLbb79L4vjKi5lopsm5CTAmfOfIk8p1gB
mGB3PkQZnIqphBfqGXLGuljl4e+zb1SONrugUh78Egom393Ex34oo+RjWEGe9dV2
Stkuqo0GTi85X7JA7SGCA/xgF8A8yvaaLjQBsJsL9+2ji+GW+J7hfn4mE5h8H3Di
UBjeLMFJA8Mge8Ng9xUSttvjRdwSTm0jWTS9SOl07w24b0pKYbMrQdWt2eI6CT+/
ytq3nCxNJZKeVcAVH+OJNrbSLYvMy/PgYvGTbzASkNmpAeyNiHOyBz1sRcoiAM9U
QCWDdZyaqDKktqEyKHxK3opqPzbnHfZFFlCxR7Gw7vvR+itIGJEh/50RNv2F6vnu
wzowrVxe+Bf1h7JiNEqLLVHdiuygRqjH1ygepGM4+3TVF4jYHzDISyrqlA/Se3Pg
Hhvlzsbv7PH+KiApwBFjSeHTs5WOrokGMFQ7ZYFDpPkleWiywS0=
=50Hk
-----END PGP SIGNATURE-----
Merge 5.4.148 into android11-5.4-lts
Changes in 5.4.148
rtc: tps65910: Correct driver module alias
btrfs: wake up async_delalloc_pages waiters after submit
btrfs: reset replace target device to allocation state on close
blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
PCI/MSI: Skip masking MSI-X on Xen PV
powerpc/perf/hv-gpci: Fix counter value parsing
xen: fix setting of max_pfn in shared_info
include/linux/list.h: add a macro to test if entry is pointing to the head
9p/xen: Fix end of loop tests for list_for_each_entry
tools/thermal/tmon: Add cross compiling support
pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
pinctrl: ingenic: Fix incorrect pull up/down info
soc: qcom: aoss: Fix the out of bound usage of cooling_devs
soc: aspeed: lpc-ctrl: Fix boundary check for mmap
soc: aspeed: p2a-ctrl: Fix boundary check for mmap
arm64: head: avoid over-mapping in map_memory
crypto: public_key: fix overflow during implicit conversion
block: bfq: fix bfq_set_next_ioprio_data()
power: supply: max17042: handle fails of reading status register
dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
VMCI: fix NULL pointer dereference when unmapping queue pair
media: uvc: don't do DMA on stack
media: rc-loopback: return number of emitters rather than error
Revert "dmaengine: imx-sdma: refine to load context only once"
dmaengine: imx-sdma: remove duplicated sdma_load_context
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
ARM: 9105/1: atags_to_fdt: don't warn about stack size
PCI/portdrv: Enable Bandwidth Notification only if port supports it
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: xilinx-nwl: Enable the clock through CCF
PCI: aardvark: Fix checking for PIO status
PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
HID: input: do not report stylus battery state as "full"
f2fs: quota: fix potential deadlock
scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
IB/hfi1: Adjust pkey entry in index 0
RDMA/iwcm: Release resources if iw_cm module initialization fails
docs: Fix infiniband uverbs minor number
pinctrl: samsung: Fix pinctrl bank pin count
vfio: Use config not menuconfig for VFIO_NOIOMMU
powerpc/stacktrace: Include linux/delay.h
RDMA/efa: Remove double QP type assignment
f2fs: show f2fs instance in printk_ratelimited
f2fs: reduce the scope of setting fsck tag when de->name_len is zero
openrisc: don't printk() unconditionally
dma-debug: fix debugfs initialization order
SUNRPC: Fix potential memory corruption
scsi: fdomain: Fix error return code in fdomain_probe()
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
scsi: smartpqi: Fix an error code in pqi_get_raid_map()
scsi: qedi: Fix error codes in qedi_alloc_global_queues()
scsi: qedf: Fix error codes in qedf_alloc_global_queues()
powerpc/config: Renable MTD_PHYSMAP_OF
scsi: target: avoid per-loop XCOPY buffer allocations
HID: i2c-hid: Fix Elan touchpad regression
KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live
platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call
fscache: Fix cookie key hashing
clk: at91: sam9x60: Don't use audio PLL
clk: at91: clk-generated: pass the id of changeable parent at registration
clk: at91: clk-generated: Limit the requested rate to our range
KVM: PPC: Fix clearing never mapped TCEs in realmode
f2fs: fix to account missing .skipped_gc_rwsem
f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
f2fs: fix to unmap pages from userspace process in punch_hole()
MIPS: Malta: fix alignment of the devicetree buffer
kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
userfaultfd: prevent concurrent API initialization
drm/amdgpu: Fix amdgpu_ras_eeprom_init()
ASoC: atmel: ATMEL drivers don't need HAS_DMA
media: dib8000: rewrite the init prbs logic
crypto: mxs-dcp - Use sg_mapping_iter to copy data
PCI: Use pci_update_current_state() in pci_enable_device_flags()
tipc: keep the skb in rcv queue until the whole data is read
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
iavf: do not override the adapter state in the watchdog task
iavf: fix locking of critical sections
ARM: dts: qcom: apq8064: correct clock names
video: fbdev: kyro: fix a DoS bug by restricting user input
netlink: Deal with ESRCH error in nlmsg_notify()
Smack: Fix wrong semantics in smk_access_entry()
drm: avoid blocking in drm_clients_info's rcu section
igc: Check if num of q_vectors is smaller than max before array access
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
usb: host: fotg210: fix the actual_length of an iso packet
usb: gadget: u_ether: fix a potential null pointer dereference
USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
usb: gadget: composite: Allow bMaxPower=0 if self-powered
staging: board: Fix uninitialized spinlock when attaching genpd
tty: serial: jsm: hold port lock when reporting modem line changes
drm/amd/display: Fix timer_per_pixel unit error
drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
bpf/tests: Fix copy-and-paste error in double word test
bpf/tests: Do not PASS tests without actually testing the result
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: riva: Error out if 'pixclock' equals zero
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
flow_dissector: Fix out-of-bounds warnings
s390/jump_label: print real address in a case of a jump label bug
s390: make PCI mio support a machine flag
serial: 8250: Define RX trigger levels for OxSemi 950 devices
xtensa: ISS: don't panic in rs_init
hvsi: don't panic on tty_register_driver failure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
staging: ks7010: Fix the initialization of the 'sleep_status' structure
samples: bpf: Fix tracex7 error raised on the missing argument
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
Bluetooth: skip invalid hci_sync_conn_complete_evt
workqueue: Fix possible memory leaks in wq_numa_init()
bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler()
arm64: tegra: Fix Tegra194 PCIe EP compatible string
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
media: imx258: Rectify mismatch of VTS value
media: imx258: Limit the max analogue gain to 480
media: v4l2-dv-timings.c: fix wrong condition in two for-loops
media: TDA1997x: fix tda1997x_query_dv_timings() return value
media: tegra-cec: Handle errors of clk_prepare_enable()
ARM: dts: imx53-ppd: Fix ACHC entry
arm64: dts: qcom: sdm660: use reg value for memory node
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
selftests/bpf: Fix xdp_tx.c prog section name
Bluetooth: schedule SCO timeouts with delayed_work
Bluetooth: avoid circular locks in sco_sock_connect
net/mlx5: Fix variable type to match 64bit
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
drm/display: fix possible null-pointer dereference in dcn10_set_clock()
mac80211: Fix monitor MTU limit so that A-MSDUs get through
ARM: tegra: tamonten: Fix UART pad setting
arm64: tegra: Fix compatible string for Tegra132 CPUs
arm64: dts: ls1046a: fix eeprom entries
nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
Bluetooth: Fix handling of LE Enhanced Connection Complete
opp: Don't print an error if required-opps is missing
serial: sh-sci: fix break handling for sysrq
tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
rpc: fix gss_svc_init cleanup on failure
staging: rts5208: Fix get_ms_information() heap buffer size
gfs2: Don't call dlm after protocol is unmounted
usb: chipidea: host: fix port index underflow and UBSAN complains
lockd: lockd server-side shouldn't set fl_ops
drm/exynos: Always initialize mapping in exynos_drm_register_dma()
m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
btrfs: tree-log: check btrfs_lookup_data_extent return value
ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
ASoC: Intel: Skylake: Fix passing loadable flag for module
of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
mmc: sdhci-of-arasan: Check return value of non-void funtions
mmc: rtsx_pci: Fix long reads when clock is prescaled
selftests/bpf: Enlarge select() timeout for test_maps
mmc: core: Return correct emmc response in case of ioctl error
cifs: fix wrong release in sess_alloc_buffer() failed path
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
usb: musb: musb_dsps: request_irq() after initializing musb
usbip: give back URBs for unsent unlink requests during cleanup
usbip:vhci_hcd USB port can get stuck in the disabled state
ASoC: rockchip: i2s: Fix regmap_ops hang
ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
drm/amdkfd: Account for SH/SE count when setting up cu masks.
iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
iwlwifi: mvm: avoid static queue number aliasing
iwlwifi: mvm: fix access to BSS elements
net/mlx5: DR, Enable QP retransmission
parport: remove non-zero check on count
ath9k: fix OOB read ar9300_eeprom_restore_internal
ath9k: fix sleeping in atomic context
net: fix NULL pointer reference in cipso_v4_doi_free
fix array-index-out-of-bounds in taprio_change
net: w5100: check return value after calling platform_get_resource()
parisc: fix crash with signals and alloca
ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
scsi: BusLogic: Fix missing pr_cont() use
scsi: qla2xxx: Changes to support kdump kernel
scsi: qla2xxx: Sync queue idx with queue_pair_map idx
cpufreq: powernv: Fix init_chip_info initialization in numa=off
s390/pv: fix the forcing of the swiotlb
mm/hugetlb: initialize hugetlb_usage in mm_init
mm,vmscan: fix divide by zero in get_scan_count
memcg: enable accounting for pids in nested pid namespaces
platform/chrome: cros_ec_proto: Send command again when timeout occurs
lib/test_stackinit: Fix static initializer test
net: dsa: lantiq_gswip: fix maximum frame length
drm/msi/mdp4: populate priv->kms in mdp4_kms_init
drm/amdgpu: Fix BUG_ON assert
drm/panfrost: Simplify lock_region calculation
drm/panfrost: Use u64 for size in lock_region
drm/panfrost: Clamp lock region to Bifrost minimum
btrfs: fix upper limit for max_inline for page size 64K
xen: reset legacy rtc flag for PV domU
bnx2x: Fix enabling network interfaces without VFs
arm64/sve: Use correct size when reinitialising SVE state
PM: base: power: don't try to use non-existing RTC for storing data
PCI: Add AMD GPU multi-function power dependencies
drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
drm/etnaviv: return context from etnaviv_iommu_context_get
drm/etnaviv: put submit prev MMU context when it exists
drm/etnaviv: stop abusing mmu_context as FE running marker
drm/etnaviv: keep MMU context across runtime suspend/resume
drm/etnaviv: exec and MMU state is lost when resetting the GPU
drm/etnaviv: fix MMU context leak on GPU reset
drm/etnaviv: reference MMU context when setting up hardware state
drm/etnaviv: add missing MMU context put when reaping MMU mapping
s390/sclp: fix Secure-IPL facility detection
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
tipc: fix an use-after-free issue in tipc_recvmsg
net-caif: avoid user-triggerable WARN_ON(1)
ptp: dp83640: don't define PAGE0
dccp: don't duplicate ccid when cloning dccp sock
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
r6040: Restore MDIO clock frequency after MAC reset
tipc: increase timeout in tipc_sk_enqueue()
perf machine: Initialize srcline string member in add_location struct
net/mlx5: FWTrace, cancel work on alloc pd error flow
net/mlx5: Fix potential sleeping in atomic context
events: Reuse value read using READ_ONCE instead of re-reading it
vhost_net: fix OoB on sendmsg() failure.
net/af_unix: fix a data-race in unix_dgram_poll
net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
qed: Handle management FW error
dt-bindings: arm: Fix Toradex compatible typo
ibmvnic: check failover_pending in login response
KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers
net: hns3: pad the short tunnel frame before sending to hardware
net: hns3: change affinity_mask to numa node range
net: hns3: disable mac in flr process
net: hns3: fix the timing issue of VF clearing interrupt sources
mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
mfd: db8500-prcmu: Adjust map to reality
PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
fuse: fix use after free in fuse_read_interrupt()
mfd: Don't use irq_create_mapping() to resolve a mapping
tracing/probes: Reject events which have the same name of existing one
PCI: Add ACS quirks for Cavium multi-function devices
Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
block, bfq: honor already-setup queue merges
PCI: ibmphp: Fix double unmap of io_mem
ethtool: Fix an error code in cxgb2.c
NTB: Fix an error code in ntb_msit_probe()
NTB: perf: Fix an error code in perf_setup_inbuf()
mfd: axp20x: Update AXP288 volatile ranges
PCI: Fix pci_dev_str_match_path() alloc while atomic bug
mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
KVM: arm64: Handle PSCI resets before userspace touches vCPU state
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
ARC: export clear_user_page() for modules
perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
net: dsa: b53: Fix calculating number of switch ports
netfilter: socket: icmp6: fix use-after-scope
fq_codel: reject silly quantum parameters
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
ip_gre: validate csum_start only on pull
net: renesas: sh_eth: Fix freeing wrong tx descriptor
s390/bpf: Fix optimizing out zero-extensions
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
Linux 5.4.148
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8613b511cb543a7ce0d1623663fc1306aaa45af1
|
||
Nadav Amit
|
d766826eee |
userfaultfd: prevent concurrent API initialization
[ Upstream commit 22e5fe2a2a279d9a6fcbdfb4dffe73821bef1c90 ]
userfaultfd assumes that the enabled features are set once and never
changed after UFFDIO_API ioctl succeeded.
However, currently, UFFDIO_API can be called concurrently from two
different threads, succeed on both threads and leave userfaultfd's
features in non-deterministic state. Theoretically, other uffd operations
(ioctl's and page-faults) can be dispatched while adversely affected by
such changes of features.
Moreover, the writes to ctx->state and ctx->features are not ordered,
which can - theoretically, again - let userfaultfd_ioctl() think that
userfaultfd API completed, while the features are still not initialized.
To avoid races, it is arguably best to get rid of ctx->state. Since there
are only 2 states, record the API initialization in ctx->features as the
uppermost bit and remove ctx->state.
Link: https://lkml.kernel.org/r/20210808020724.1022515-3-namit@vmware.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
ccc19b14a1 |
This is the 5.4.136 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEBQAcACgkQONu9yGCS aT4FRBAAgFrHSPHhtwcZ2uqAehzajAp7AbKxf1WejxPg/0YH2bE6nbhuLyDWqH5F mhyDpXVltW7xaFYZAEg9CPr6czwHAul4Bql4DH57KbO+/Q5BrS0VguepP0TPcVI5 H8KztBrJCL5TsrOsvB+EXHtqDkEuhX957Qwa6PkBJs12x2Vq3EmazGGKSZSCGKuy v5gM8wztC3NzzOhVDZ2MPbh8RTrbGUEaRFi6B/XNlcEWMAxyqDJlJInbzimIFL6T eOYZ7z+IdrV0I0Eq0tqUmnhONQZxscs/hX1yv7evZtfG7LbT3v4nJu7c6O4FnLwV 61B5aK4aytX7rTLVU+FRxP7MTmvNit71AY8SMSOx+bNLGBtrFstMv+f950j8npq1 683wCAlDD2hw3zOc6rzbXhdowKtIaFirqDEDiYOy/K5r0liaEtQboOmlBO2WDFYy q5HsoCIpNWH2Os4LlA3PYVChEzO5yQJksUgRgUhcNMA0y+8hE1/C91HxNy8HPyHf tIeRHIpdvHETzSbNIYe9b9iQK0f3S2YLI+sdMtrlEXYFpvlD/w2DsVlzr/IRKP1x N1LVskeB7PVzJEImZPTGVrbPu/a/FHtFpx3dgiST72t18rHgCFdxW7pCI05jegLr C72SSES2v3QIIRoPAO6NF/E8ltmT6lnor1AcNeGz5I4rvPB01u8= =pPb8 -----END PGP SIGNATURE----- Merge 5.4.136 into android11-5.4-lts Changes in 5.4.136 igc: Fix use-after-free error during reset igb: Fix use-after-free error during reset igc: change default return of igc_read_phy_reg() ixgbe: Fix an error handling path in 'ixgbe_probe()' igc: Prefer to use the pci_release_mem_regions method igc: Fix an error handling path in 'igc_probe()' igb: Fix an error handling path in 'igb_probe()' fm10k: Fix an error handling path in 'fm10k_probe()' e1000e: Fix an error handling path in 'e1000_probe()' iavf: Fix an error handling path in 'iavf_probe()' igb: Check if num of q_vectors is smaller than max before array access igb: Fix position of assignment to *ring gve: Fix an error handling path in 'gve_probe()' ipv6: fix 'disable_policy' for fwd packets selftests: icmp_redirect: remove from checking for IPv6 route get selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped cxgb4: fix IRQ free race during driver unload nvme-pci: do not call nvme_dev_remove_admin from nvme_remove perf map: Fix dso->nsinfo refcounting perf probe: Fix dso->nsinfo refcounting perf env: Fix sibling_dies memory leak perf test session_topology: Delete session->evlist perf test event_update: Fix memory leak of evlist perf dso: Fix memory leak in dso__new_map() perf script: Fix memory 'threads' and 'cpus' leaks on exit perf lzma: Close lzma stream on exit perf probe-file: Delete namelist in del_events() on the error path perf data: Close all files in close_dir() spi: imx: add a check for speed_hz before calculating the clock spi: stm32: Use dma_request_chan() instead dma_request_slave_channel() spi: stm32: fixes pm_runtime calls in probe/remove regulator: hi6421: Use correct variable type for regmap api val argument regulator: hi6421: Fix getting wrong drvdata spi: mediatek: fix fifo rx mode ASoC: rt5631: Fix regcache sync errors on resume liquidio: Fix unintentional sign extension issue on left shift of u16 s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats bpftool: Check malloc return value in mount_bpffs_for_pin net: fix uninit-value in caif_seqpkt_sendmsg efi/tpm: Differentiate missing and invalid final event log table. net: decnet: Fix sleeping inside in af_decnet KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak net: sched: fix memory leak in tcindex_partial_destroy_work netrom: Decrease sock refcount when sock timers expire scsi: iscsi: Fix iface sysfs attr detection scsi: target: Fix protect handling in WRITE SAME(32) spi: cadence: Correct initialisation of runtime PM again bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence. bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() bnxt_en: Check abort error state in bnxt_half_open_nic() net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition net/tcp_fastopen: fix data races around tfo_active_disable_stamp net: hns3: fix rx VLAN offload state inconsistent issue net/sched: act_skbmod: Skip non-Ethernet packets ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" afs: Fix tracepoint string placement with built-in AFS r8169: Avoid duplicate sysfs entry creation error nvme: set the PRACT bit when using Write Zeroes with T10 PI sctp: update active_key for asoc when old key is being replaced net: sched: cls_api: Fix the the wrong parameter drm/panel: raspberrypi-touchscreen: Prevent double-free proc: Avoid mixing integer types in mem_rw() Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one" s390/ftrace: fix ftrace_update_ftrace_func implementation s390/boot: fix use of expolines in the DMA code ALSA: usb-audio: Add missing proc text entry for BESPOKEN type ALSA: usb-audio: Add registration quirk for JBL Quantum headsets ALSA: sb: Fix potential ABBA deadlock in CSP driver ALSA: hdmi: Expose all pins on MSI MS-7C94 board xhci: Fix lost USB 2 remote wake KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state usb: hub: Disable USB 3 device initiated lpm if exit latency is too high usb: hub: Fix link power management max exit latency (MEL) calculations USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS usb: max-3421: Prevent corruption of freed memory usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() USB: serial: option: add support for u-blox LARA-R6 family USB: serial: cp210x: fix comments for GE CS1000 USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. firmware/efi: Tell memblock about EFI iomem reservations tracing/histogram: Rename "cpu" to "common_cpu" tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. btrfs: check for missing device in btrfs_trim_fs media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() ixgbe: Fix packet corruption due to missing DMA sync selftest: use mmap instead of posix_memalign to allocate memory userfaultfd: do not untag user pointers hugetlbfs: fix mount mode command line processing rbd: don't hold lock_rwsem while running_list is being drained rbd: always kick acquire on "acquired" and "released" notifications nds32: fix up stack guard gap drm: Return -ENOTTY for non-drm ioctls net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear iio: accel: bma180: Use explicit member assignment iio: accel: bma180: Fix BMA25x bandwidth register values btrfs: compression: don't try to compress if we don't have enough pages PCI: Mark AMD Navi14 GPU ATS as broken perf inject: Close inject.output on exit xhci: add xhci_get_virt_ep() helper Linux 5.4.136 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8b7e344b3dd2ee557364f9be285ed9925038a497 |
||
Peter Collingbourne
|
60dbbd76f1 |
userfaultfd: do not untag user pointers
commit e71e2ace5721a8b921dca18b045069e7bb411277 upstream. Patch series "userfaultfd: do not untag user pointers", v5. If a user program uses userfaultfd on ranges of heap memory, it may end up passing a tagged pointer to the kernel in the range.start field of the UFFDIO_REGISTER ioctl. This can happen when using an MTE-capable allocator, or on Android if using the Tagged Pointers feature for MTE readiness [1]. When a fault subsequently occurs, the tag is stripped from the fault address returned to the application in the fault.address field of struct uffd_msg. However, from the application's perspective, the tagged address *is* the memory address, so if the application is unaware of memory tags, it may get confused by receiving an address that is, from its point of view, outside of the bounds of the allocation. We observed this behavior in the kselftest for userfaultfd [2] but other applications could have the same problem. Address this by not untagging pointers passed to the userfaultfd ioctls. Instead, let the system call fail. Also change the kselftest to use mmap so that it doesn't encounter this problem. [1] https://source.android.com/devices/tech/debug/tagged-pointers [2] tools/testing/selftests/vm/userfaultfd.c This patch (of 2): Do not untag pointers passed to the userfaultfd ioctls. Instead, let the system call fail. This will provide an early indication of problems with tag-unaware userspace code instead of letting the code get confused later, and is consistent with how we decided to handle brk/mmap/mremap in commit dcde237319e6 ("mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()"), as well as being consistent with the existing tagged address ABI documentation relating to how ioctl arguments are handled. The code change is a revert of commit |
||
Laurent Dufour
|
06219e6c87 |
mm: protect VMA modifications using VMA sequence count
The VMA sequence count has been introduced to allow fast detection of VMA modification when running a page fault handler without holding the mmap_sem. This patch provides protection against the VMA modification done in : - madvise() - mpol_rebind_policy() - vma_replace_policy() - change_prot_numa() - mlock(), munlock() - mprotect() - mmap_region() - collapse_huge_page() - userfaultd registering services In addition, VMA fields which will be read during the speculative fault path needs to be written using WRITE_ONCE to prevent write to be split and intermediate values to be pushed to other CPUs. Change-Id: Ic36046b7254e538b6baf7144c50ae577ee7f2074 Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Patch-mainline: linux-mm @ Tue, 17 Apr 2018 16:33:15 [vinmenon@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> [charante@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Charan Teja Reddy <charante@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
de197c5a4f |
This is the 5.4.8 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4Q1ycACgkQONu9yGCS
aT5YRg//SPO6yX/WxWjac/ZHnKrarTqnIF1jxK++pLYZLpBeSHs/n5BhguJoL37s
KVhCEdilnp1Fb49nuM65RJKqgvGyKxn9p380vNTkU6VUf/6O2lFN28nWVqWaSJqj
kjb+7Jkn0iJ4LTHwGPeFSqvxG66SsjOJfFsR6bqXaGGFZgSwC4yVTqYhkuCV6TGP
hEEcy7IgB9LT3lXHSQelG7cuc2Zs5MJSeLx+Ji+UQYyRIZwsMHJ1M8BvAI5Zd1J4
WrdJIVpyNAh5b65cXGuDYmSSIiqIFDNY43JbTII5RVEj/SjnJfnxDZ3+joJswJlo
noty2f7cg7GiKH8BhNXvuVopFu3Ycz1/deMIu3S8boWBVFawwECb0akLuB7Ms1n1
QHeXFExZyHxhPnBPfJ2dYwXMIgImvVS/3nPW4CcBsRbBjqUKhQeImoqk41+gfGDb
cZ0F7VUZ7Mq5O4raNYICMWoANqQTrXF9DUuA1e909CufP7BQBpw1X5XjITUBa0Gs
gvFrAU4oyqkX9xUVNb+n5qR6X1OjBTTNhaet6l06fuDNeWf7T0gVoVlKOf4dLCqP
uKy62Ps9QZsTsjgnjbdKuSFwlbu8S/qKrEqCnUS6vRYbrM2bUxkJL3D1xr6JHnGS
aMzPOxdt4JvrppYtBCJQr+/ETQzv2A1l3IeIujldiKzNnsoIUeY=
=mI67
-----END PGP SIGNATURE-----
Merge 5.4.8 into android-5.4
Changes in 5.4.8
Revert "MIPS: futex: Restore \n after sync instructions"
Revert "MIPS: futex: Emit Loongson3 sync workarounds within asm"
scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd()
scsi: lpfc: Fix discovery failures when target device connectivity bounces
scsi: mpt3sas: Fix clear pending bit in ioctl status
scsi: lpfc: Fix locking on mailbox command completion
scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA
gpio: mxc: Only get the second IRQ when there is more than one IRQ
scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq
Input: atmel_mxt_ts - disable IRQ across suspend
f2fs: fix to update time in lazytime mode
powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get, set}
tools/power/x86/intel-speed-select: Remove warning for unused result
platform/x86: peaq-wmi: switch to using polled mode of input devices
iommu: rockchip: Free domain on .domain_free
iommu/tegra-smmu: Fix page tables in > 4 GiB memory
dmaengine: xilinx_dma: Clear desc_pendingcount in xilinx_dma_reset
scsi: target: compare full CHAP_A Algorithm strings
scsi: lpfc: Fix hardlockup in lpfc_abort_handler
scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
scsi: csiostor: Don't enable IRQs too early
scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec()
scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails
powerpc/pseries: Mark accumulate_stolen_time() as notrace
powerpc/pseries: Don't fail hash page table insert for bolted mapping
Input: st1232 - do not reset the chip too early
selftests/powerpc: Fixup clobbers for TM tests
powerpc/tools: Don't quote $objdump in scripts
dma-debug: add a schedule point in debug_dma_dump_mappings()
dma-mapping: Add vmap checks to dma_map_single()
dma-mapping: fix handling of dma-ranges for reserved memory (again)
dmaengine: fsl-qdma: Handle invalid qdma-queue0 IRQ
leds: lm3692x: Handle failure to probe the regulator
leds: an30259a: add a check for devm_regmap_init_i2c
leds: trigger: netdev: fix handling on interface rename
clocksource/drivers/asm9260: Add a check for of_clk_get
clocksource/drivers/timer-of: Use unique device name instead of timer
dtc: Use pkg-config to locate libyaml
selftests/powerpc: Skip tm-signal-sigreturn-nt if TM not available
powerpc/security/book3s64: Report L1TF status in sysfs
powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning
ext4: update direct I/O read lock pattern for IOCB_NOWAIT
ext4: iomap that extends beyond EOF should be marked dirty
jbd2: Fix statistics for the number of logged blocks
scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
scsi: lpfc: Fix unexpected error messages during RSCN handling
scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
f2fs: fix to update dir's i_pino during cross_rename
clk: qcom: smd: Add missing pnoc clock
clk: qcom: Allow constant ratio freq tables for rcg
clk: clk-gpio: propagate rate change to parent
irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
irqchip: ingenic: Error out if IRQ domain creation failed
dma-direct: check for overflows on 32 bit DMA addresses
fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
iommu/arm-smmu-v3: Don't display an error when IRQ lines are missing
i2c: stm32f7: fix & reorder remove & probe error handling
iomap: fix return value of iomap_dio_bio_actor on 32bit systems
Input: ili210x - handle errors from input_mt_init_slots()
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except on Fastlane)
PCI: rpaphp: Fix up pointer to first drc-info entry
scsi: ufs: fix potential bug which ends in system hang
powerpc/pseries/cmm: Implement release() function for sysfs device
PCI: rpaphp: Don't rely on firmware feature to imply drc-info support
PCI: rpaphp: Annotate and correctly byte swap DRC properties
PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info
powerpc/security: Fix wrong message when RFI Flush is disable
powerpc/eeh: differentiate duplicate detection message
powerpc/book3s/mm: Update Oops message to print the correct translation in use
scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
clk: pxa: fix one of the pxa RTC clocks
bcache: at least try to shrink 1 node in bch_mca_scan()
HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse
dt-bindings: Improve validation build error handling
HID: logitech-hidpp: Silence intermittent get_battery_capacity errors
HID: i2c-hid: fix no irq after reset on raydium 3118
ARM: 8937/1: spectre-v2: remove Brahma-B53 from hardening
libnvdimm/btt: fix variable 'rc' set but not used
HID: Improve Windows Precision Touchpad detection.
HID: rmi: Check that the RMI_STARTED bit is set before unregistering the RMI transport device
watchdog: imx7ulp: Fix reboot hang
watchdog: prevent deferral of watchdogd wakeup on RT
watchdog: Fix the race between the release of watchdog_core_data and cdev
powerpc/fixmap: Use __fix_to_virt() instead of fix_to_virt()
scsi: pm80xx: Fix for SATA device discovery
scsi: ufs: Fix error handing during hibern8 enter
scsi: scsi_debug: num_tgts must be >= 0
scsi: NCR5380: Add disconnect_mask module parameter
scsi: target: core: Release SPC-2 reservations when closing a session
scsi: ufs: Fix up auto hibern8 enablement
scsi: iscsi: Don't send data to unbound connection
scsi: target: iscsi: Wait for all commands to finish before freeing a session
f2fs: Fix deadlock in f2fs_gc() context during atomic files handling
habanalabs: skip VA block list update in reset flow
gpio/mpc8xxx: fix qoriq GPIO reading
platform/x86: intel_pmc_core: Fix the SoC naming inconsistency
platform/x86: intel_pmc_core: Add Comet Lake (CML) platform support to intel_pmc_core driver
gpio: mpc8xxx: Don't overwrite default irq_set_type callback
gpio: lynxpoint: Setup correct IRQ handlers
tools/power/x86/intel-speed-select: Ignore missing config level
Drivers: hv: vmbus: Fix crash handler reset of Hyper-V synic
apparmor: fix unsigned len comparison with less than zero
drm/amdgpu: Call find_vma under mmap_sem
scripts/kallsyms: fix definitely-lost memory leak
powerpc: Don't add -mabi= flags when building with Clang
cifs: Fix use-after-free bug in cifs_reconnect()
um: virtio: Keep reading on -EAGAIN
io_uring: io_allocate_scq_urings() should return a sane state
of: unittest: fix memory leak in attach_node_and_children
cdrom: respect device capabilities during opening action
cifs: move cifsFileInfo_put logic into a work-queue
perf diff: Use llabs() with 64-bit values
perf script: Fix brstackinsn for AUXTRACE
perf regs: Make perf_reg_name() return "unknown" instead of NULL
s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
mailbox: imx: Clear the right interrupts at shutdown
libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
s390/unwind: filter out unreliable bogus %r14
s390/cpum_sf: Check for SDBT and SDB consistency
ocfs2: fix passing zero to 'PTR_ERR' warning
mailbox: imx: Fix Tx doorbell shutdown path
s390: disable preemption when switching to nodat stack with CALL_ON_STACK
selftests: vm: add fragment CONFIG_TEST_VMALLOC
mm/hugetlbfs: fix error handling when setting up mounts
kernel: sysctl: make drop_caches write-only
userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
Revert "powerpc/vcpu: Assume dedicated processors as non-preempt"
sctp: fix err handling of stream initialization
md: make sure desc_nr less than MD_SB_DISKS
Revert "iwlwifi: assign directly to iwl_trans->cfg in QuZ detection"
netfilter: ebtables: compat: reject all padding in matches/watchers
6pack,mkiss: fix possible deadlock
powerpc: Fix __clear_user() with KUAP enabled
net/smc: add fallback check to connect()
netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
inetpeer: fix data-race in inet_putpeer / inet_putpeer
net: add a READ_ONCE() in skb_peek_tail()
net: icmp: fix data-race in cmp_global_allow()
hrtimer: Annotate lockless access to timer->state
tomoyo: Don't use nifty names on sockets.
uaccess: disallow > INT_MAX copy sizes
drm: limit to INT_MAX in create_blob ioctl
xfs: fix mount failure crash on invalid iclog memory access
cxgb4/cxgb4vf: fix flow control display for auto negotiation
net: dsa: bcm_sf2: Fix IP fragment location and behavior
net/mlxfw: Fix out-of-memory error in mfa2 flash burning
net: phy: aquantia: add suspend / resume ops for AQR105
net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device
net/sched: add delete_empty() to filters and use it in cls_flower
net_sched: sch_fq: properly set sk->sk_pacing_status
net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs
ptp: fix the race between the release of ptp_clock and cdev
tcp: Fix highest_sack and highest_sack_seq
udp: fix integer overflow while computing available space in sk_rcvbuf
bnxt_en: Fix MSIX request logic for RDMA driver.
bnxt_en: Free context memory in the open path if firmware has been reset.
bnxt_en: Return error if FW returns more data than dump length
bnxt_en: Fix bp->fw_health allocation and free logic.
bnxt_en: Remove unnecessary NULL checks for fw_health
bnxt_en: Fix the logic that creates the health reporters.
bnxt_en: Add missing devlink health reporters for VFs.
mlxsw: spectrum_router: Skip loopback RIFs during MAC validation
mlxsw: spectrum: Use dedicated policer for VRRP packets
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
ip6_gre: do not confirm neighbor when do pmtu update
gtp: do not confirm neighbor when do pmtu update
net/dst: add new function skb_dst_update_pmtu_no_confirm
tunnel: do not confirm neighbor when do pmtu update
vti: do not confirm neighbor when do pmtu update
sit: do not confirm neighbor when do pmtu update
net/dst: do not confirm neighbor for vxlan and geneve pmtu update
net: dsa: sja1105: Reconcile the meaning of TPID and TPID2 for E/T and P/Q/R/S
net: marvell: mvpp2: phylink requires the link interrupt
gtp: fix wrong condition in gtp_genl_dump_pdp()
gtp: avoid zero size hashtable
bonding: fix active-backup transition after link failure
tcp: do not send empty skb from tcp_write_xmit()
tcp/dccp: fix possible race __inet_lookup_established()
hv_netvsc: Fix tx_table init in rndis_set_subchannel()
gtp: fix an use-after-free in ipv4_pdp_find()
gtp: do not allow adding duplicate tid and ms_addr pdp context
bnxt: apply computed clamp value for coalece parameter
ipv6/addrconf: only check invalid header values when NETLINK_F_STRICT_CHK is set
net: phylink: fix interface passed to mac_link_up
net: ena: fix napi handler misbehavior when the napi budget is zero
vhost/vsock: accept only packets with the right dst_cid
mmc: sdhci-of-esdhc: fix up erratum A-008171 workaround
mmc: sdhci-of-esdhc: re-implement erratum A-009204 workaround
mm/hugetlbfs: fix for_each_hstate() loop in init_hugetlbfs_fs()
Linux 5.4.8
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9962505e7207f0004499de4666df6862105e990d
|
||
Mike Rapoport
|
2176441fdd |
userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
[ Upstream commit 3c1c24d91ffd536de0a64688a9df7f49e58fadbc ] A while ago Andy noticed (http://lkml.kernel.org/r/CALCETrWY+5ynDct7eU_nDUqx=okQvjm=Y5wJvA4ahBja=CQXGw@mail.gmail.com) that UFFD_FEATURE_EVENT_FORK used by an unprivileged user may have security implications. As the first step of the solution the following patch limits the availably of UFFD_FEATURE_EVENT_FORK only for those having CAP_SYS_PTRACE. The usage of CAP_SYS_PTRACE ensures compatibility with CRIU. Yet, if there are other users of non-cooperative userfaultfd that run without CAP_SYS_PTRACE, they would be broken :( Current implementation of UFFD_FEATURE_EVENT_FORK modifies the file descriptor table from the read() implementation of uffd, which may have security implications for unprivileged use of the userfaultfd. Limit availability of UFFD_FEATURE_EVENT_FORK only for callers that have CAP_SYS_PTRACE. Link: http://lkml.kernel.org/r/1572967777-8812-2-git-send-email-rppt@linux.ibm.com Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Daniel Colascione <dancol@google.com> Cc: Jann Horn <jannh@google.com> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: Nick Kralevich <nnk@google.com> Cc: Nosh Minwalla <nosh@google.com> Cc: Pavel Emelyanov <ovzxemul@gmail.com> Cc: Tim Murray <timmurray@google.com> Cc: Aleksa Sarai <cyphar@cyphar.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
94139142d9 |
Merge 5.4-rc1-prelrease into android-mainline
To make the 5.4-rc1 merge easier, merge at a prerelease point in time before the final release happens. Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: If613d657fd0abf9910c5bf3435a745f01b89765e |
||
Andrey Konovalov
|
7d0325749a |
userfaultfd: untag user pointers
This patch is a part of a series that extends kernel ABI to allow to pass tagged user pointers (with the top byte set to something else other than 0x00) as syscall arguments. userfaultfd code use provided user pointers for vma lookups, which can only by done with untagged pointers. Untag user pointers in validate_range(). Link: http://lkml.kernel.org/r/cdc59ddd7011012ca2e689bc88c3b65b1ea7e413.1563904656.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Felix Kuehling <Felix.Kuehling@amd.com> Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Khalid Aziz <khalid.aziz@oracle.com> Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Greg Kroah-Hartman
|
ad455d87e5 |
Linux 5.3-rc6
-----BEGIN PGP SIGNATURE----- iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAl1i2wkeHHRvcnZhbGRz QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGcDQIAJINYON5WdDSFDpp htva213hSIxYLix8Dc4cTMk8qT/P2MAj9pPYERuLwIxWZlfbduW6Fxy8bJANZ7k3 4cJ/IbmA5M5ZIaOJTTL45w8H0CMR/4mdPl5rb5k/Wkh449Cj101gZLlh0FEtR5zG uDJecKSuHjH1ikySk6+zmRG5X+lq6wNY8NkuBtfwAwLffFc0ljQHwPUMJ8ojgqt/ p3ChNgtb/I6U6ExITlyktKdP59bAoHAoBiKKFZWw5yJWgXE2q4Sv9nT4Btkr5KdJ 9mnWnSaSLwptNCOtU4tKLwFIZP2WoVXGPNxxq4XLoTEuieXCqmikhc9tSSTwk+Tp CKHN6wU= =JkJ4 -----END PGP SIGNATURE----- Merge 5.3-rc6 into android-mainline Linux 5.3-rc6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Id10580d48d56054408b3efe0bd1866d67aba2a3d |
||
Oleg Nesterov
|
46d0b24c5e |
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
userfaultfd_release() should clear vm_flags/vm_userfaultfd_ctx even if
mm->core_state != NULL.
Otherwise a page fault can see userfaultfd_missing() == T and use an
already freed userfaultfd_ctx.
Link: http://lkml.kernel.org/r/20190820160237.GB4983@redhat.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
a4bbf3df04 |
Linux 5.2
-----BEGIN PGP SIGNATURE----- iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAl0idTweHHRvcnZhbGRz QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGZesIAJDKicw2Voyx8K8m 3pXSK+71RuO/d3Y9M51mdfTMKRP4PHR9/4wVZ9wHPwC4dV6wxgsmIYCF69a1Wety LD1MpDCP1DK5wVfPNKVX2xmj7ua6iutPtSsJHzdzM2TlscgsrFKjmUccqJ5JLwL5 c34nqwXWnzzRyI5Ga9cQSlwzAXq0vDHXyML3AnCosSsLX0lKFrHlK1zttdOPNkfj dXRN62g3q+9kVQozzhDXb8atZZ7IkBk8Q0lujpNXW83Ci1VjaVNv3SB8GZTXIlLj U15VdyuwfJDfpBgFBN6/unzVaAB6FFrEKy0jT1aeTyKarMKDKgOnJjn10aKjDNno /bXsKKc= =TVqV -----END PGP SIGNATURE----- Merge 5.2 into android-common Linux 5.2 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Biggers
|
cbcfa130a9 |
fs/userfaultfd.c: disable irqs for fault_pending and event locks
When IOCB_CMD_POLL is used on a userfaultfd, aio_poll() disables IRQs and takes kioctx::ctx_lock, then userfaultfd_ctx::fd_wqh.lock. This may have to wait for userfaultfd_ctx::fd_wqh.lock to be released by userfaultfd_ctx_read(), which in turn can be waiting for userfaultfd_ctx::fault_pending_wqh.lock or userfaultfd_ctx::event_wqh.lock. But elsewhere the fault_pending_wqh and event_wqh locks are taken with IRQs enabled. Since the IRQ handler may take kioctx::ctx_lock, lockdep reports that a deadlock is possible. Fix it by always disabling IRQs when taking the fault_pending_wqh and event_wqh locks. Commit |
||
|
Greg Kroah-Hartman
|
9a7ed8b83e |
Linux 5.2-rc6
-----BEGIN PGP SIGNATURE----- iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAl0Os1seHHRvcnZhbGRz QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGtx4H/j6i482XzcGFKTBm A7mBoQpy+kLtoUov4EtBAR62OuwI8rsahW9di37QKndPoQrczWaKBmr3De6LCdPe v3pl3O6wBbvH5ru+qBPFX9PdNbDvimEChh7LHxmMxNQq3M+AjZAZVJyfpoiFnx35 Fbge+LZaH/k8HMwZmkMr5t9Mpkip715qKg2o9Bua6dkH0AqlcpLlC8d9a+HIVw/z aAsyGSU8jRwhoAOJsE9bJf0acQ/pZSqmFp0rDKqeFTSDMsbDRKLGq/dgv4nW0RiW s7xqsjb/rdcvirRj3rv9+lcTVkOtEqwk0PVdL9WOf7g4iYrb3SOIZh8ZyViaDSeH VTS5zps= =huBY -----END PGP SIGNATURE----- Merge 5.2-rc6 into android-mainline Linux 5.2-rc6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Thomas Gleixner
|
20c8ccb197 |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499
Based on 1 normalized pattern(s): this work is licensed under the terms of the gnu gpl version 2 see the copying file in the top level directory extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 35 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Enrico Weigelt <info@metux.net> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.797835076@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
1226c72a32 |
Linux 5.2-rc1
-----BEGIN PGP SIGNATURE----- iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAlzh3PgeHHRvcnZhbGRz QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGnhoH/jkl4X66KuOXvGXa 9pgFzyEa3Mhqs0j+AaJYmRyoRty1CbAfMLEWgr0JbZy56zm0PhtXOxcu56/tfdtw f5j8OJLDvld10imHXxUrom9zc546Ff90VTOvWmsYznszTz0rV5HLmKgVIIc7ZN8W 6hshDOy/rviUcPAVrLKdZffzgQZlASNS7To7IBE9okT4QHEtER7dgzM/Z0VAg9R1 guCPaN8tje4vq2Lv7+J5T9LOF1RObCbKXNADwXY1rMRK5ao3xS93eDnJ8Vn08utI UECIVfnYsA6pGl6v1ErCl9izx9MoTU3Crle7BRzVbrw7furvB2lJ1R4RGwqRbvcB HovhmHI= =TMir -----END PGP SIGNATURE----- Merge 5.2-rc1 into android-mainline Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Peter Xu
|
cefdca0a86 |
userfaultfd/sysctl: add vm.unprivileged_userfaultfd
Userfaultfd can be misued to make it easier to exploit existing use-after-free (and similar) bugs that might otherwise only make a short window or race condition available. By using userfaultfd to stall a kernel thread, a malicious program can keep some state that it wrote, stable for an extended period, which it can then access using an existing exploit. While it doesn't cause the exploit itself, and while it's not the only thing that can stall a kernel thread when accessing a memory location, it's one of the few that never needs privilege. We can add a flag, allowing userfaultfd to be restricted, so that in general it won't be useable by arbitrary user programs, but in environments that require userfaultfd it can be turned back on. Add a global sysctl knob "vm.unprivileged_userfaultfd" to control whether userfaultfd is allowed by unprivileged users. When this is set to zero, only privileged users (root user, or users with the CAP_SYS_PTRACE capability) will be able to use the userfaultfd syscalls. Andrea said: : The only difference between the bpf sysctl and the userfaultfd sysctl : this way is that the bpf sysctl adds the CAP_SYS_ADMIN capability : requirement, while userfaultfd adds the CAP_SYS_PTRACE requirement, : because the userfaultfd monitor is more likely to need CAP_SYS_PTRACE : already if it's doing other kind of tracking on processes runtime, in : addition of userfaultfd. In other words both syscalls works only for : root, when the two sysctl are opt-in set to 1. [dgilbert@redhat.com: changelog additions] [akpm@linux-foundation.org: documentation tweak, per Mike] Link: http://lkml.kernel.org/r/20190319030722.12441-2-peterx@redhat.com Signed-off-by: Peter Xu <peterx@redhat.com> Suggested-by: Andrea Arcangeli <aarcange@redhat.com> Suggested-by: Mike Rapoport <rppt@linux.ibm.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Maxime Coquelin <maxime.coquelin@redhat.com> Cc: Maya Gokhale <gokhale2@llnl.gov> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Pavel Emelyanov <xemul@virtuozzo.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Martin Cracauer <cracauer@cons.org> Cc: Denis Plotnikov <dplotnikov@virtuozzo.com> Cc: Marty McFadden <mcfadden8@llnl.gov> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Kees Cook <keescook@chromium.org> Cc: Mel Gorman <mgorman@suse.de> Cc: "Kirill A . Shutemov" <kirill@shutemov.name> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Todd Kjos
|
0f2cb7cf80 |
Merge branch 'linux-mainline' into android-mainline-tmp
Change-Id: I4380c68c3474026a42ffa9f95c525f9a563ba7a3 |
||
Colin Cross
|
60500a4228 |
ANDROID: mm: add a field to store names for private anonymous memory
Userspace processes often have multiple allocators that each do
anonymous mmaps to get memory. When examining memory usage of
individual processes or systems as a whole, it is useful to be
able to break down the various heaps that were allocated by
each layer and examine their size, RSS, and physical memory
usage.
This patch adds a user pointer to the shared union in
vm_area_struct that points to a null terminated string inside
the user process containing a name for the vma. vmas that
point to the same address will be merged, but vmas that
point to equivalent strings at different addresses will
not be merged.
Userspace can set the name for a region of memory by calling
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
Setting the name to NULL clears it.
The names of named anonymous vmas are shown in /proc/pid/maps
as [anon:<name>] and in /proc/pid/smaps in a new "Name" field
that is only present for named vmas. If the userspace pointer
is no longer valid all or part of the name will be replaced
with "<fault>".
The idea to store a userspace pointer to reduce the complexity
within mm (at the expense of the complexity of reading
/proc/pid/mem) came from Dave Hansen. This results in no
runtime overhead in the mm subsystem other than comparing
the anon_name pointers when considering vma merging. The pointer
is stored in a union with fieds that are only used on file-backed
mappings, so it does not increase memory usage.
Includes fix from Jed Davis <jld@mozilla.com> for typo in
prctl_set_vma_anon_name, which could attempt to set the name
across two vmas at the same time due to a typo, which might
corrupt the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Bug: 120441514
Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
[AmitP: Fix get_user_pages_remote() call to align with upstream commit
|
||
Andrea Arcangeli
|
04f5866e41 |
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
The core dumping code has always run without holding the mmap_sem for
writing, despite that is the only way to ensure that the entire vma
layout will not change from under it. Only using some signal
serialization on the processes belonging to the mm is not nearly enough.
This was pointed out earlier. For example in Hugh's post from Jul 2017:
https://lkml.kernel.org/r/alpine.LSU.2.11.1707191716030.2055@eggly.anvils
"Not strictly relevant here, but a related note: I was very surprised
to discover, only quite recently, how handle_mm_fault() may be called
without down_read(mmap_sem) - when core dumping. That seems a
misguided optimization to me, which would also be nice to correct"
In particular because the growsdown and growsup can move the
vm_start/vm_end the various loops the core dump does around the vma will
not be consistent if page faults can happen concurrently.
Pretty much all users calling mmget_not_zero()/get_task_mm() and then
taking the mmap_sem had the potential to introduce unexpected side
effects in the core dumping code.
Adding mmap_sem for writing around the ->core_dump invocation is a
viable long term fix, but it requires removing all copy user and page
faults and to replace them with get_dump_page() for all binary formats
which is not suitable as a short term fix.
For the time being this solution manually covers the places that can
confuse the core dump either by altering the vma layout or the vma flags
while it runs. Once ->core_dump runs under mmap_sem for writing the
function mmget_still_valid() can be dropped.
Allowing mmap_sem protected sections to run in parallel with the
coredump provides some minor parallelism advantage to the swapoff code
(which seems to be safe enough by never mangling any vma field and can
keep doing swapins in parallel to the core dumping) and to some other
corner case.
In order to facilitate the backporting I added "Fixes: 86039bd3b4e6"
however the side effect of this same race condition in /proc/pid/mem
should be reproducible since before 2.6.12-rc2 so I couldn't add any
other "Fixes:" because there's no hash beyond the git genesis commit.
Because find_extend_vma() is the only location outside of the process
context that could modify the "mm" structures under mmap_sem for
reading, by adding the mmget_still_valid() check to it, all other cases
that take the mmap_sem for reading don't need the new check after
mmget_not_zero()/get_task_mm(). The expand_stack() in page fault
context also doesn't need the new check, because all tasks under core
dumping are frozen.
Link: http://lkml.kernel.org/r/20190325224949.11068-1-aarcange@redhat.com
Fixes:
|
||
|
Peter Xu
|
3cfd22be0a |
userfaultfd: clear flag if remap event not enabled
When the process being tracked does mremap() without UFFD_FEATURE_EVENT_REMAP on the corresponding tracking uffd file handle, we should not generate the remap event, and at the same time we should clear all the uffd flags on the new VMA. Without this patch, we can still have the VM_UFFD_MISSING|VM_UFFD_WP flags on the new VMA even the fault handling process does not even know the existance of the VMA. Link: http://lkml.kernel.org/r/20181211053409.20317-1-peterx@redhat.com Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Acked-by: Mike Rapoport <rppt@linux.vnet.ibm.com> Reviewed-by: William Kucharski <william.kucharski@oracle.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Cc: Hugh Dickins <hughd@google.com> Cc: Pavel Emelyanov <xemul@virtuozzo.com> Cc: Pravin Shedge <pravin.shedge4linux@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Eric Biggers
|
ca88042066 |
userfaultfd: convert userfaultfd_ctx::refcount to refcount_t
Reference counters should use refcount_t rather than atomic_t, since the refcount_t implementation can prevent overflows, reducing the exploitability of reference leak bugs. userfaultfd_ctx::refcount is a reference counter with the usual semantics, so convert it to refcount_t. Note: I replaced the BUG() on incrementing a 0 refcount with just refcount_inc(), since part of the semantics of refcount_t is that that incrementing a 0 refcount is not allowed; with CONFIG_REFCOUNT_FULL, refcount_inc() already checks for it and warns. Link: http://lkml.kernel.org/r/20181115003916.63381-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Linus Torvalds
|
792bf4d871 |
Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull RCU updates from Ingo Molnar:
"The biggest RCU changes in this cycle were:
- Convert RCU's BUG_ON() and similar calls to WARN_ON() and similar.
- Replace calls of RCU-bh and RCU-sched update-side functions to
their vanilla RCU counterparts. This series is a step towards
complete removal of the RCU-bh and RCU-sched update-side functions.
( Note that some of these conversions are going upstream via their
respective maintainers. )
- Documentation updates, including a number of flavor-consolidation
updates from Joel Fernandes.
- Miscellaneous fixes.
- Automate generation of the initrd filesystem used for rcutorture
testing.
- Convert spin_is_locked() assertions to instead use lockdep.
( Note that some of these conversions are going upstream via their
respective maintainers. )
- SRCU updates, especially including a fix from Dennis Krein for a
bag-on-head-class bug.
- RCU torture-test updates"
* 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (112 commits)
rcutorture: Don't do busted forward-progress testing
rcutorture: Use 100ms buckets for forward-progress callback histograms
rcutorture: Recover from OOM during forward-progress tests
rcutorture: Print forward-progress test age upon failure
rcutorture: Print time since GP end upon forward-progress failure
rcutorture: Print histogram of CB invocation at OOM time
rcutorture: Print GP age upon forward-progress failure
rcu: Print per-CPU callback counts for forward-progress failures
rcu: Account for nocb-CPU callback counts in RCU CPU stall warnings
rcutorture: Dump grace-period diagnostics upon forward-progress OOM
rcutorture: Prepare for asynchronous access to rcu_fwd_startat
torture: Remove unnecessary "ret" variables
rcutorture: Affinity forward-progress test to avoid housekeeping CPUs
rcutorture: Break up too-long rcu_torture_fwd_prog() function
rcutorture: Remove cbflood facility
torture: Bring any extra CPUs online during kernel startup
rcutorture: Add call_rcu() flooding forward-progress tests
rcutorture/formal: Replace synchronize_sched() with synchronize_rcu()
tools/kernel.h: Replace synchronize_sched() with synchronize_rcu()
net/decnet: Replace rcu_barrier_bh() with rcu_barrier()
...
|
||
|
Andrea Arcangeli
|
01e881f5a1 |
userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered
Calling UFFDIO_UNREGISTER on virtual ranges not yet registered in uffd
could trigger an harmless false positive WARN_ON. Check the vma is
already registered before checking VM_MAYWRITE to shut off the false
positive warning.
Link: http://lkml.kernel.org/r/20181206212028.18726-2-aarcange@redhat.com
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Ingo Molnar
|
4bbfd7467c |
Merge branch 'for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu
Pull RCU changes from Paul E. McKenney:
- Convert RCU's BUG_ON() and similar calls to WARN_ON() and similar.
- Replace calls of RCU-bh and RCU-sched update-side functions
to their vanilla RCU counterparts. This series is a step
towards complete removal of the RCU-bh and RCU-sched update-side
functions.
( Note that some of these conversions are going upstream via their
respective maintainers. )
- Documentation updates, including a number of flavor-consolidation
updates from Joel Fernandes.
- Miscellaneous fixes.
- Automate generation of the initrd filesystem used for
rcutorture testing.
- Convert spin_is_locked() assertions to instead use lockdep.
( Note that some of these conversions are going upstream via their
respective maintainers. )
- SRCU updates, especially including a fix from Dennis Krein
for a bag-on-head-class bug.
- RCU torture-test updates.
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||
|
Andrea Arcangeli
|
29ec90660d |
userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
After the VMA to register the uffd onto is found, check that it has VM_MAYWRITE set before allowing registration. This way we inherit all common code checks before allowing to fill file holes in shmem and hugetlbfs with UFFDIO_COPY. The userfaultfd memory model is not applicable for readonly files unless it's a MAP_PRIVATE. Link: http://lkml.kernel.org/r/20181126173452.26955-4-aarcange@redhat.com Fixes: |
||
Lance Roy
|
456a737896 |
userfaultfd: Replace spin_is_locked() with lockdep
lockdep_assert_held() is better suited to checking locking requirements, since it only checks if the current thread holds the lock regardless of whether someone else does. This is also a step towards possibly removing spin_is_locked(). Signed-off-by: Lance Roy <ldr709@gmail.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: <linux-fsdevel@vger.kernel.org> Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com> |
||
Christoph Hellwig
|
ae62c16e10 |
userfaultfd: disable irqs when taking the waitqueue lock
userfaultfd contains howe-grown locking of the waitqueue lock, and does not disable interrupts. This relies on the fact that no one else takes it from interrupt context and violates an invariat of the normal waitqueue locking scheme. With aio poll it is easy to trigger other locks that disable interrupts (or are called from interrupt context). Link: http://lkml.kernel.org/r/20181018154101.18750-1-hch@lst.de Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: <stable@vger.kernel.org> [4.19.x] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Souptick Joarder
|
2b74030354 |
mm: Change return type int to vm_fault_t for fault handlers
Use new return type vm_fault_t for fault handler. For now, this is just
documenting that the function returns a VM_FAULT value rather than an
errno. Once all instances are converted, vm_fault_t will become a
distinct type.
Ref-> commit
|
||
Matthew Wilcox
|
c430d1e848 |
userfaultfd: use fault_wqh lock
The userfaultfd code currently uses the unlocked waitqueue helpers for managing fault_wqh, but instead of holding the waitqueue lock for this waitqueue around these calls, it the waitqueue lock of fault_pending_wq, which is a different waitqueue instance. Given that the waitqueue is not exposed to the rest of the kernel this actually works ok at the moment, but prevents the userfaultfd locking rules from being enforced using lockdep. Switch to the internally locked waitqueue helpers instead. This means that the lock inside fault_wqh now nests inside the fault_pending_wqh lock, but that's not a problem since it was entirely unused before. [hch@lst.de: slight changelog updates] [rppt@linux.vnet.ibm.com: spotted changelog spellos] Link: http://lkml.kernel.org/r/20171214152344.6880-3-hch@lst.de Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Jason Baron <jbaron@akamai.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Matthew Wilcox <willy@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Colin Ian King
|
5241d47274 |
fs/userfaultfd.c: remove redundant pointer uwq
Pointer uwq is being assigned but is never used hence it is redundant and can be removed. Cleans up clang warning: warning: variable 'uwq' set but not used [-Wunused-but-set-variable] Link: http://lkml.kernel.org/r/20180717090802.18357-1-colin.king@canonical.com Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Mike Rapoport
|
31e810aa10 |
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
The fix in commit |
||
Janosch Frank
|
1e2c043628 |
userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait() pte access
Use huge_ptep_get() to translate huge ptes to normal ptes so we can
check them with the huge_pte_* functions. Otherwise some architectures
will check the wrong values and will not wait for userspace to bring in
the memory.
Link: http://lkml.kernel.org/r/20180626132421.78084-1-frankja@linux.ibm.com
Fixes:
|
||
|
Mike Rapoport
|
df2cc96e77 |
userfaultfd: prevent non-cooperative events vs mcopy_atomic races
If a process monitored with userfaultfd changes it's memory mappings or
forks() at the same time as uffd monitor fills the process memory with
UFFDIO_COPY, the actual creation of page table entries and copying of
the data in mcopy_atomic may happen either before of after the memory
mapping modifications and there is no way for the uffd monitor to
maintain consistent view of the process memory layout.
For instance, let's consider fork() running in parallel with
userfaultfd_copy():
process | uffd monitor
---------------------------------+------------------------------
fork() | userfaultfd_copy()
... | ...
dup_mmap() | down_read(mmap_sem)
down_write(mmap_sem) | /* create PTEs, copy data */
dup_uffd() | up_read(mmap_sem)
copy_page_range() |
up_write(mmap_sem) |
dup_uffd_complete() |
/* notify monitor */ |
If the userfaultfd_copy() takes the mmap_sem first, the new page(s) will
be present by the time copy_page_range() is called and they will appear
in the child's memory mappings. However, if the fork() is the first to
take the mmap_sem, the new pages won't be mapped in the child's address
space.
If the pages are not present and child tries to access them, the monitor
will get page fault notification and everything is fine. However, if
the pages *are present*, the child can access them without uffd
noticing. And if we copy them into child it'll see the wrong data.
Since we are talking about background copy, we'd need to decide whether
the pages should be copied or not regardless #PF notifications.
Since userfaultfd monitor has no way to determine what was the order,
let's disallow userfaultfd_copy in parallel with the non-cooperative
events. In such case we return -EAGAIN and the uffd monitor can
understand that userfaultfd_copy() clashed with a non-cooperative event
and take an appropriate action.
Link: http://lkml.kernel.org/r/1527061324-19949-1-git-send-email-rppt@linux.vnet.ibm.com
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Acked-by: Pavel Emelyanov <xemul@virtuozzo.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Andrei Vagin <avagin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Linus Torvalds
|
a9a08845e9 |
vfs: do bulk POLL* -> EPOLL* replacement
This is the mindless scripted replacement of kernel use of POLL*
variables as described by Al, done by this script:
for V in IN OUT PRI ERR RDNORM RDBAND WRNORM WRBAND HUP RDHUP NVAL MSG; do
L=`git grep -l -w POLL$V | grep -v '^t' | grep -v /um/ | grep -v '^sa' | grep -v '/poll.h$'|grep -v '^D'`
for f in $L; do sed -i "-es/^\([^\"]*\)\(\<POLL$V\>\)/\\1E\\2/" $f; done
done
with de-mangling cleanups yet to come.
NOTE! On almost all architectures, the EPOLL* constants have the same
values as the POLL* constants do. But they keyword here is "almost".
For various bad reasons they aren't the same, and epoll() doesn't
actually work quite correctly in some cases due to this on Sparc et al.
The next patch from Al will sort out the final differences, and we
should be all done.
Scripted-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Eric Biggers
|
284cd241a1 |
userfaultfd: convert to use anon_inode_getfd()
Nothing actually calls userfaultfd_file_create() besides the userfaultfd() system call itself. So simplify things by folding it into the system call and using anon_inode_getfd() instead of anon_inode_getfile(). Do the same in resolve_userfault_fork() as well. This removes over 50 lines with no change in functionality. Link: http://lkml.kernel.org/r/20171229212403.22800-1-ebiggers3@gmail.com Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Huang Ying
|
a365ac09d3 |
mm, userfaultfd, THP: avoid waiting when PMD under THP migration
If THP migration is enabled, for a VMA handled by userfaultfd, consider
the following situation,
do_page_fault()
__do_huge_pmd_anonymous_page()
handle_userfault()
userfault_msg()
/* a huge page is allocated and mapped at fault address */
/* the huge page is under migration, leaves migration entry
in page table */
userfaultfd_must_wait()
/* return true because !pmd_present() */
/* may wait in loop until fatal signal */
That is, it may be possible for userfaultfd_must_wait() encounters a PMD
entry which is !pmd_none() && !pmd_present(). In the current
implementation, we will wait for such PMD entries, which may cause
unnecessary waiting, and potential soft lockup.
This is fixed via avoiding to wait when !pmd_none() && !pmd_present(),
only wait when pmd_none().
This may be not a problem in practice, because userfaultfd_must_wait()
is always called with mm->mmap_sem read-locked. mremap() will
write-lock mm->mmap_sem. And UFFDIO_COPY doesn't support to copy THP
mapping. But the change introduced still makes the code more correct,
and makes the PMD and PTE code more consistent.
Link: http://lkml.kernel.org/r/20171207011752.3292-1-ying.huang@intel.com
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Alexander Viro <viro@zeniv.linux.org.UK>
Cc: Zi Yan <zi.yan@cs.rutgers.edu>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Linus Torvalds
|
168fe32a07 |
Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull poll annotations from Al Viro: "This introduces a __bitwise type for POLL### bitmap, and propagates the annotations through the tree. Most of that stuff is as simple as 'make ->poll() instances return __poll_t and do the same to local variables used to hold the future return value'. Some of the obvious brainos found in process are fixed (e.g. POLLIN misspelled as POLL_IN). At that point the amount of sparse warnings is low and most of them are for genuine bugs - e.g. ->poll() instance deciding to return -EINVAL instead of a bitmap. I hadn't touched those in this series - it's large enough as it is. Another problem it has caught was eventpoll() ABI mess; select.c and eventpoll.c assumed that corresponding POLL### and EPOLL### were equal. That's true for some, but not all of them - EPOLL### are arch-independent, but POLL### are not. The last commit in this series separates userland POLL### values from the (now arch-independent) kernel-side ones, converting between them in the few places where they are copied to/from userland. AFAICS, this is the least disruptive fix preserving poll(2) ABI and making epoll() work on all architectures. As it is, it's simply broken on sparc - try to give it EPOLLWRNORM and it will trigger only on what would've triggered EPOLLWRBAND on other architectures. EPOLLWRBAND and EPOLLRDHUP, OTOH, are never triggered at all on sparc. With this patch they should work consistently on all architectures" * 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (37 commits) make kernel-side POLL... arch-independent eventpoll: no need to mask the result of epi_item_poll() again eventpoll: constify struct epoll_event pointers debugging printk in sg_poll() uses %x to print POLL... bitmap annotate poll(2) guts 9p: untangle ->poll() mess ->si_band gets POLL... bitmap stored into a user-visible long field ring_buffer_poll_wait() return value used as return value of ->poll() the rest of drivers/*: annotate ->poll() instances media: annotate ->poll() instances fs: annotate ->poll() instances ipc, kernel, mm: annotate ->poll() instances net: annotate ->poll() instances apparmor: annotate ->poll() instances tomoyo: annotate ->poll() instances sound: annotate ->poll() instances acpi: annotate ->poll() instances crypto: annotate ->poll() instances block: annotate ->poll() instances x86: annotate ->poll() instances ... |
||
|
Andrea Arcangeli
|
0cbb4b4f4c |
userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
The previous fix in commit
|
||
Al Viro
|
076ccb76e1 |
fs: annotate ->poll() instances
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Mike Rapoport
|
00bb31fa44 |
userfaultfd: use mmgrab instead of open-coded increment of mm_count
Link: http://lkml.kernel.org/r/1508132478-7738-1-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Mark Rutland
|
6aa7de0591 |
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
||
|
Andrea Arcangeli
|
384632e67e |
userfaultfd: non-cooperative: fix fork use after free
When reading the event from the uffd, we put it on a temporary
fork_event list to detect if we can still access it after releasing and
retaking the event_wqh.lock.
If fork aborts and removes the event from the fork_event all is fine as
long as we're still in the userfault read context and fork_event head is
still alive.
We've to put the event allocated in the fork kernel stack, back from
fork_event list-head to the event_wqh head, before returning from
userfaultfd_ctx_read, because the fork_event head lifetime is limited to
the userfaultfd_ctx_read stack lifetime.
Forgetting to move the event back to its event_wqh place then results in
__remove_wait_queue(&ctx->event_wqh, &ewq->wq); in
userfaultfd_event_wait_completion to remove it from a head that has been
already freed from the reader stack.
This could only happen if resolve_userfault_fork failed (for example if
there are no file descriptors available to allocate the fork uffd). If
it succeeded it was put back correctly.
Furthermore, after find_userfault_evt receives a fork event, the forked
userfault context in fork_nctx and uwq->msg.arg.reserved.reserved1 can
be released by the fork thread as soon as the event_wqh.lock is
released. Taking a reference on the fork_nctx before dropping the lock
prevents an use after free in resolve_userfault_fork().
If the fork side aborted and it already released everything, we still
try to succeed resolve_userfault_fork(), if possible.
Fixes:
|
||
|
Andrea Arcangeli
|
656710a60e |
userfaultfd: non-cooperative: closing the uffd without triggering SIGBUS
This is an enhancement to avoid a non cooperative userfaultfd manager having to unregister all regions before it can close the uffd after all userfaultfd activity completed. The UFFDIO_UNREGISTER would serialize against the handle_userfault by taking the mmap_sem for writing, but we can simply repeat the page fault if we detect the uffd was closed and so the regular page fault paths should takeover. Link: http://lkml.kernel.org/r/20170823181227.19926-1-aarcange@redhat.com Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Acked-by: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andrea Arcangeli
|
a36985d31a |
userfaultfd: provide pid in userfault msg - add feat union
No ABI change, but this will make it more explicit to software that ptid is only available if requested by passing UFFD_FEATURE_THREAD_ID to UFFDIO_API. The fact it's a union will also self document it shouldn't be taken for granted there's a tpid there. Link: http://lkml.kernel.org/r/20170802165145.22628-7-aarcange@redhat.com Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Alexey Perevalov <a.perevalov@samsung.com> Cc: Maxime Coquelin <maxime.coquelin@redhat.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |