android11-5.4
512 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Suren Baghdasaryan
|
bb3bc96f35 |
BACKPORT: FROMLIST: mm: protect free_pgtables with mmap_lock write lock in exit_mmap
oom-reaper and process_mrelease system call should protect against races with exit_mmap which can destroy page tables while they walk the VMA tree. oom-reaper protects from that race by setting MMF_OOM_VICTIM and by relying on exit_mmap to set MMF_OOM_SKIP before taking and releasing mmap_write_lock. process_mrelease has to elevate mm->mm_users to prevent such race. Both oom-reaper and process_mrelease hold mmap_read_lock when walking the VMA tree. The locking rules and mechanisms could be simpler if exit_mmap takes mmap_write_lock while executing destructive operations such as free_pgtables. Change exit_mmap to hold the mmap_write_lock when calling free_pgtables. Operations like unmap_vmas() and unlock_range() are not destructive and could run under mmap_read_lock but for simplicity we take one mmap_write_lock during almost the entire operation. Note also that because oom-reaper checks VM_LOCKED flag, unlock_range() should not be allowed to race with it. In most cases this lock should be uncontended. Previously, Kirill reported ~4% regression caused by a similar change [1]. We reran the same test and although the individual results are quite noisy, the percentiles show lower regression with 1.6% being the worst case [2]. The change allows oom-reaper and process_mrelease to execute safely under mmap_read_lock without worries that exit_mmap might destroy page tables from under them. [1] https://lore.kernel.org/all/20170725141723.ivukwhddk2voyhuc@node.shutemov.name/ [2] https://lore.kernel.org/all/CAJuCfpGC9-c9P40x7oy=jy5SphMcd0o0G_6U1-+JAziGKG6dGA@mail.gmail.com/ Signed-off-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20211124235906.14437-1-surenb@google.com/ Bug: 130172058 Bug: 189803002 Change-Id: Ic87272d09a0b68a1b0e968e8f1a1510fd6fc776a Git-commit: 28358ebf2adb31117893813992fefcfd359a6a16 Git-repo: https://android.googlesource.com/kernel/common/ [quic_gkohli@quicinc.com: Resolved cherry-pick conflict in mm/mmap.c due to mmap lock was implemented differently in older kernel, and Although process_mrelease is not applicable in older kernel, but this patch is required to take exclusive lock in exit_mmap path so that SPF knows an isolated vma was freed from this path] Signed-off-by: Gaurav Kohli <quic_gkohli@quicinc.com> Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com> |
||
Kalesh Singh
|
ea5f9d7e7e |
ANDROID: Re-enable fast mremap and fix UAF with SPF
SPF attempts page faults without taking the mmap lock, but takes the
PTL. If there is a concurrent fast mremap (at PMD/PUD level), this
can lead to a UAF as fast mremap will only take the PTL locks at the
PMD/PUD level. SPF cannot take the PTL locks at the larger subtree
granularity since this introduces much contention in the page fault
paths.
To address the race:
1) Only try fast mremaps if there are no users of the VMA. Android
is concerned with this optimization in the context of
GC stop-the-world pause. So there are no other threads active
and this should almost always succeed.
2) Speculative faults detect ongoing fast mremaps and fallback
to conventional fault handling (taking mmap read lock).
Bug: 263177905
Change-Id: I23917e493ddc8576de19883cac053dfde9982b7f
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Git-commit: 529351c4c8202aa7f5bc4a8a100e583a70ab6110
Git-repo: https://android.googlesource.com/kernel/common/
[quic_c_spathi@quicinc.com: resolve merge conflicts]
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
Srinivasarao Pathipati
|
b696332499 |
Merge android11-5.4.219+ (0ce03d1) into msm-5.4
* refs/heads/tmp-0ce03d1:
Revert "wait: Fix __wait_event_hrtimeout for RT/DL tasks"
Reverts below USB and netfilter patches
BACKPORT: Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
UPSTREAM: bpf: Ensure correct locking around vulnerable function find_vpid()
UPSTREAM: HID: roccat: Fix use-after-free in roccat_read()
ANDROID: arm64: mm: perform clean & invalidation in __dma_map_area
UPSTREAM: mmc: hsq: Fix data stomping during mmc recovery
UPSTREAM: pinctrl: sunxi: Fix name for A100 R_PIO
BACKPORT: mmc: core: Fix UHS-I SD 1.8V workaround branch
UPSTREAM: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
UPSTREAM: wifi: mac80211_hwsim: set virtio device ready in probe()
BACKPORT: f2fs: don't use casefolded comparison for "." and ".."
UPSTREAM: Revert "mm/cma.c: remove redundant cma_mutex lock"
UPSTREAM: usb: dwc3: Try usb-role-switch first in dwc3_drd_init
BACKPORT: usb: typec: ucsi: Fix reuse of completion structure
BACKPORT: tipc: fix incorrect order of state message data sanity check
UPSTREAM: net: fix up skbs delta_truesize in UDP GRO frag_list
UPSTREAM: cgroup-v1: Correct privileges check in release_agent writes
UPSTREAM: mm: don't try to NUMA-migrate COW pages that have other uses
UPSTREAM: usb: raw-gadget: fix handling of dual-direction-capable endpoints
UPSTREAM: selinux: check return value of sel_make_avc_files
UPSTREAM: usb: musb: select GENERIC_PHY instead of depending on it
BACKPORT: driver core: Fix error return code in really_probe()
UPSTREAM: fscrypt: fix derivation of SipHash keys on big endian CPUs
BACKPORT: fscrypt: rename FS_KEY_DERIVATION_NONCE_SIZE
UPSTREAM: socionext: account for napi_gro_receive never returning GRO_DROP
UPSTREAM: net: socionext: netsec: fix xdp stats accounting
BACKPORT: fs: align IOCB_* flags with RWF_* flags
UPSTREAM: efi: capsule-loader: Fix use-after-free in efi_capsule_write
BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l
BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro
UPSTREAM: drm/meson: Fix overflow implicit truncation warnings
UPSTREAM: irqchip/tegra: Fix overflow implicit truncation warnings
UPSTREAM: video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
UPSTREAM: mm/mremap: hold the rmap lock in write mode when moving page table entries.
FROMLIST: binder: fix UAF of alloc->vma in race with munmap()
UPSTREAM: mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
UPSTREAM: mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
UPSTREAM: af_key: Do not call xfrm_probe_algs in parallel
UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements
UPSTREAM: wifi: cfg80211: ensure length byte is present before access
UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs
UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption
UPSTREAM: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
UPSTREAM: mac80211: mlme: find auth challenge directly
UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response
ANDROID: GKI: db845c: Update symbols list and ABI
UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free
ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig
UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
UPSTREAM: hardening: Clarify Kconfig text for auto-var-init
ANDROID: GKI: Update FCNT KMI symbol list
Linux 5.4.219
wifi: mac80211: fix MBSSID parsing use-after-free
wifi: mac80211: don't parse mbssid in assoc response
mac80211: mlme: find auth challenge directly
Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
Linux 5.4.218
Input: xpad - fix wireless 360 controller breaking after suspend
Input: xpad - add supported devices as contributed on github
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
wifi: cfg80211: avoid nontransmitted BSS list corruption
wifi: cfg80211: fix BSS refcounting bugs
wifi: cfg80211: ensure length byte is present before access
wifi: cfg80211/mac80211: reject bad MBSSID elements
wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
random: use expired timer rather than wq for mixing fast pool
random: avoid reading two cache lines on irq randomness
random: restore O_NONBLOCK support
USB: serial: qcserial: add new usb-id for Dell branded EM7455
scsi: stex: Properly zero out the passthrough command structure
efi: Correct Macmini DMI match in uefi cert quirk
ALSA: hda: Fix position reporting on Poulsbo
random: clamp credited irq bits to maximum mixed
ceph: don't truncate file in atomic_open
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
nilfs2: fix leak of nilfs_root in case of writer thread creation failure
nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
mmc: core: Terminate infinite loop in SD-UHS voltage switch
mmc: core: Replace with already defined values for readability
USB: serial: ftdi_sio: fix 300 bps rate for SIO
usb: mon: make mmapped memory read only
arch: um: Mark the stack non-executable to fix a binutils warning
um: Cleanup compiler warning in arch/x86/um/tls_32.c
um: Cleanup syscall_handler_t cast in syscalls_32.h
net/ieee802154: fix uninit value bug in dgram_sendmsg
scsi: qedf: Fix a UAF bug in __qedf_probe()
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
firmware: arm_scmi: Add SCMI PM driver remove routine
fs: fix UAF/GPF bug in nilfs_mdt_destroy
perf tools: Fixup get_current_dir_name() compilation
mm: pagewalk: Fix race between unmap and page walker
ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS
BACKPORT: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
Linux 5.4.217
docs: update mediator information in CoC docs
Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
Revert "drm/amdgpu: use dirty framebuffer helper"
xfs: remove unused variable 'done'
xfs: fix uninitialized variable in xfs_attr3_leaf_inactive
xfs: streamline xfs_attr3_leaf_inactive
xfs: move incore structures out of xfs_da_format.h
xfs: fix memory corruption during remote attr value buffer invalidation
xfs: refactor remote attr value buffer invalidation
xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read
xfs: fix s_maxbytes computation on 32-bit kernels
xfs: truncate should remove all blocks, not just to the end of the page cache
xfs: introduce XFS_MAX_FILEOFF
xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag
x86/speculation: Add RSB VM Exit protections
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
x86/speculation: Disable RRSBA behavior
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
KVM: VMX: Convert launched argument to flags
KVM: VMX: Flatten __vmx_vcpu_run()
KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
intel_idle: Disable IBRS during long idle
x86/bugs: Report Intel retbleed vulnerability
x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/entry: Add kernel IBRS implementation
x86/entry: Remove skip_r11rcx
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Add AMD retbleed= boot parameter
x86/bugs: Report AMD retbleed vulnerability
x86/cpufeatures: Move RETPOLINE flags to word 11
x86/kvm/vmx: Make noinstr clean
x86/cpu: Add a steppings field to struct x86_cpu_id
x86/cpu: Add consistent CPU match macros
x86/devicetable: Move x86 specific macro out of generic code
Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
Revert "x86/speculation: Add RSB VM Exit protections"
Linux 5.4.216
clk: iproc: Do not rely on node name for correct PLL setup
clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
selftests: Fix the if conditions of in test_extra_filter()
nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
nvme: add new line after variable declatation
usbnet: Fix memory leak in usbnet_disconnect()
Input: melfas_mip4 - fix return value check in mip4_probe()
Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time"
soc: sunxi: sram: Fix debugfs info for A64 SRAM C
soc: sunxi: sram: Fix probe function ordering issues
soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource()
soc: sunxi: sram: Prevent the driver from being unbound
soc: sunxi: sram: Actually claim SRAM regions
ARM: dts: am33xx: Fix MMCHS0 dma properties
ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver
media: dvb_vb2: fix possible out of bound access
mm: fix madivse_pageout mishandling on non-LRU page
mm/migrate_device.c: flush TLB while holding PTL
mm: prevent page_frag_alloc() from corrupting the memory
mm/page_alloc: fix race condition between build_all_zonelists and page allocation
mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
Revert "net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()"
ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
ARM: dts: integrator: Tag PCI host with device_type
clk: ingenic-tcu: Properly enable registers before accessing timers
net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
uas: ignore UAS for Thinkplus chips
usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
uas: add no-uas quirk for Hiksemi usb_disk
ANDROID: ABI: Update allowed list for QCOM
UPSTREAM: wifi: mac80211_hwsim: use 32-bit skb cookie
UPSTREAM: wifi: mac80211_hwsim: add back erroneously removed cast
UPSTREAM: wifi: mac80211_hwsim: fix race condition in pending packet
Linux 5.4.215
ext4: make directory inode spreading reflect flexbg size
xfs: fix use-after-free when aborting corrupt attr inactivation
xfs: fix an ABBA deadlock in xfs_rename
xfs: don't commit sunit/swidth updates to disk if that would cause repair failures
xfs: split the sunit parameter update into two parts
xfs: refactor agfl length computation function
xfs: use bitops interface for buf log item AIL flag check
xfs: stabilize insert range start boundary to avoid COW writeback race
xfs: fix some memory leaks in log recovery
xfs: always log corruption errors
xfs: constify the buffer pointer arguments to error functions
xfs: convert EIO to EFSCORRUPTED when log contents are invalid
xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()
xfs: attach dquots and reserve quota blocks during unwritten conversion
xfs: range check ri_cnt when recovering log items
xfs: add missing assert in xfs_fsmap_owner_from_rmap
xfs: slightly tweak an assert in xfs_fs_map_blocks
xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
workqueue: don't skip lockdep work dependency in cancel_work_sync()
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
drm/amd/display: Limit user regamma to a valid value
drm/amdgpu: use dirty framebuffer helper
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
cifs: always initialize struct msghdr smb_msg completely
usb: xhci-mtk: fix issue of out-of-bounds array access
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
serial: Create uart_xmit_advance()
net: sched: fix possible refcount leak in tc_new_tfilter()
net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
perf kcore_copy: Do not check /proc/modules is unchanged
perf jit: Include program header in ELF files
can: gs_usb: gs_can_open(): fix race dev->can.state condition
netfilter: ebtables: fix memory leak when blob is malformed
net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
net/sched: taprio: avoid disabling offload when it was never enabled
of: mdio: Add of_node_put() when breaking out of for_each_xx
i40e: Fix set max_tx_rate when it is lower than 1 Mbps
i40e: Fix VF set max MTU size
iavf: Fix set max MTU size with port VLAN and jumbo frames
iavf: Fix bad page state
MIPS: Loongson32: Fix PHY-mode being left unspecified
MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
net: team: Unsync device addresses on ndo_stop
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
iavf: Fix cached head and tail value for iavf_get_tx_pending
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nf_conntrack_irc: Tighten matching on DCC message
netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
mm/slub: fix to return errno if kmalloc() fails
efi: libstub: check Shim mode using MokSBStateRT
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
ALSA: hda/realtek: Re-arrange quirk table entries
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
ALSA: hda: add Intel 5 Series / 3400 PCI DID
ALSA: hda/tegra: set depop delay for tegra
USB: serial: option: add Quectel RM520N
USB: serial: option: add Quectel BG95 0x0203 composition
USB: core: Fix RST error in hub.c
Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
Revert "usb: add quirks for Lenovo OneLink+ Dock"
usb: cdns3: fix issue with rearming ISO OUT endpoint
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
usb: add quirks for Lenovo OneLink+ Dock
tty: serial: atmel: Preserve previous USART mode if RS485 disabled
serial: atmel: remove redundant assignment in rs485_config
tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
usb: xhci-mtk: relax TT periodic bandwidth allocation
usb: xhci-mtk: allow multiple Start-Split in a microframe
usb: xhci-mtk: add some schedule error number
usb: xhci-mtk: add a function to (un)load bandwidth info
usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
usb: xhci-mtk: add only one extra CS for FS/LS INTR
usb: xhci-mtk: get the microframe boundary for ESIT
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
usb: dwc3: gadget: Refactor pullup()
usb: dwc3: gadget: Prevent repeat pullup()
usb: dwc3: Issue core soft reset before enabling run/stop
usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
ALSA: hda/sigmatel: Fix unused variable warning for beep power change
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
mksysmap: Fix the mismatch of 'L0' symbols in System.map
MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
net: usb: qmi_wwan: add Quectel RM520N
ALSA: hda/tegra: Align BDL entry to 4KB boundary
ALSA: hda/sigmatel: Keep power up while beep is enabled
rxrpc: Fix calc of resend age
rxrpc: Fix local destruction being repeated
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
ASoC: nau8824: Fix semaphore unbalance at error paths
iomap: iomap that extends beyond EOF should be marked dirty
MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
cifs: revalidate mapping when doing direct writes
tracing: hold caller_addr to hardirq_{enable,disable}_ip
task_stack, x86/cea: Force-inline stack helpers
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
drm/meson: Fix OSD1 RGB to YCbCr coefficient
drm/meson: Correct OSD1 global alpha value
gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
of: fdt: fix off-by-one error in unflatten_dt_nodes()
Revert "USB: core: Prevent nested device-reset calls"
Revert "io_uring: disable polling pollfree files"
Revert "netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y"
Revert "sched/deadline: Fix priority inheritance with multiple scheduling classes"
Revert "kernel/sched: Remove dl_boosted flag comment"
Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse"
Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
Linux 5.4.214
tracefs: Only clobber mode/uid/gid on remount if asked
soc: fsl: select FSL_GUTS driver for DPIO
net: dp83822: disable rx error interrupt
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
perf/arm_pmu_platform: fix tests for platform_get_irq() failure
nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
Input: iforce - add support for Boeder Force Feedback Wheel
ieee802154: cc2520: add rc code in cc2520_tx()
tg3: Disable tg3 device on system reboot to avoid triggering AER
hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
drm/msm/rd: Fix FIFO-full deadlock
Linux 5.4.213
MIPS: loongson32: ls1c: Fix hang during startup
x86/nospec: Fix i386 RSB stuffing
sch_sfb: Also store skb len before calling child enqueue
tcp: fix early ETIMEDOUT after spurious non-SACK RTO
nvme-tcp: fix UAF when detecting digest errors
RDMA/mlx5: Set local port to one when accessing counters
ipv6: sr: fix out-of-bounds read when setting HMAC data.
RDMA/siw: Pass a pointer to virt_to_page()
i40e: Fix kernel crash during module removal
tipc: fix shift wrapping bug in map_get()
sch_sfb: Don't assume the skb is still around after enqueueing to child
afs: Use the operation issue time instead of the reply time for callbacks
rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
netfilter: nf_conntrack_irc: Fix forged IP logic
netfilter: br_netfilter: Drop dst references before setting.
RDMA/hns: Fix supported page size
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
RDMA/cma: Fix arguments order in net device validation
regulator: core: Clean up on enable failure
ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
smb3: missing inode locks in punch hole
cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
cgroup: Optimize single thread migration
scsi: lpfc: Add missing destroy_workqueue() in error path
scsi: mpt3sas: Fix use-after-free warning
nvmet: fix a use-after-free
debugfs: add debugfs_lookup_and_remove()
kprobes: Prohibit probes in gate area
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
ALSA: aloop: Fix random zeros in capture data when using jiffies timer
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
drm/radeon: add a force flush to delay work when radeon
drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
drm/gem: Fix GEM handle release errors
scsi: megaraid_sas: Fix double kfree()
USB: serial: ch341: fix disabled rx timer on older devices
USB: serial: ch341: fix lost character on LCR updates
usb: dwc3: disable USB core PHY management
usb: dwc3: fix PHY disable sequence
btrfs: harden identification of a stale device
drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
ALSA: seq: Fix data-race at module auto-loading
ALSA: seq: oss: Fix data-race for max_midi_devs access
net: mac802154: Fix a condition in the receive path
ip: fix triggering of 'icmp redirect'
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
driver core: Don't probe devices after bus_type.match() probe deferral
usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
USB: core: Prevent nested device-reset calls
s390: fix nospec table alignments
s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
usb-storage: Add ignore-residue quirk for NXP PN7462AU
USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
usb: dwc2: fix wrong order of phy_power_on and phy_init
usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
USB: serial: option: add Quectel EM060K modem
USB: serial: option: add support for OPPO R11 diag port
USB: serial: cp210x: add Decagon UCA device id
xhci: Add grace period after xHC start to prevent premature runtime suspend.
thunderbolt: Use the actual buffer in tb_async_error()
gpio: pca953x: Add mutex_lock for regcache sync in PM
hwmon: (gpio-fan) Fix array out of bounds access
clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
Input: rk805-pwrkey - fix module autoloading
clk: core: Fix runtime PM sequence in clk_core_unprepare()
Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
binder: fix UAF of ref->proc caused by race condition
USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
misc: fastrpc: fix memory corruption on open
misc: fastrpc: fix memory corruption on probe
iio: adc: mcp3911: use correct formula for AD conversion
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete
vt: Clear selection before changing the font
powerpc: align syscall table for ppc32
staging: rtl8712: fix use after free bugs
serial: fsl_lpuart: RS485 RTS polariy is inverse
net/smc: Remove redundant refcount increase
Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
tcp: annotate data-race around challenge_timestamp
sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
kcm: fix strp_init() order and cleanup
ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
net: sched: tbf: don't call qdisc_put() while holding tree lock
Revert "xhci: turn off port power in shutdown"
wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
ieee802154/adf7242: defer destroy_workqueue call
iio: adc: mcp3911: make use of the sign bit
platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
drm/msm/dsi: fix the inconsistent indenting
net: dp83822: disable false carrier interrupt
Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
fs: only do a memory barrier for the first set_buffer_uptodate()
net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()
wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
efi: capsule-loader: Fix use-after-free in efi_capsule_write
Linux 5.4.212
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
net/af_packet: check len when min_header_len equals to 0
io_uring: disable polling pollfree files
kprobes: don't call disarm_kprobe() for disabled kprobes
lib/vdso: Mark do_hres() and do_coarse() as __always_inline
lib/vdso: Let do_coarse() return 0 to simplify the callsite
btrfs: tree-checker: check for overlapping extent items
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
drm/amd/display: Fix pixel clock programming
s390/hypfs: avoid error message under KVM
neigh: fix possible DoS due to net iface start/stop loop
drm/amd/display: clear optc underflow before turn off odm clock
drm/amd/display: Avoid MPC infinite loop
btrfs: unify lookup return value when dir entry is missing
btrfs: do not pin logs too early during renames
btrfs: introduce btrfs_lookup_match_dir
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
bpf: Don't redirect packets with invalid pkt_len
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
fbdev: fb_pm2fb: Avoid potential divide by zero error
HID: hidraw: fix memory leak in hidraw_release()
media: pvrusb2: fix memory leak in pvr_probe
udmabuf: Set the DMA mask for the udmabuf device (v2)
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
Bluetooth: L2CAP: Fix build errors in some archs
kbuild: Fix include path in scripts/Makefile.modpost
x86/bugs: Add "unknown" reporting for MMIO Stale Data
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
md: call __md_stop_writes in md_stop
mm/hugetlb: fix hugetlb not supporting softdirty tracking
ACPI: processor: Remove freq Qos request for all CPUs
s390: fix double free of GS and RI CBs on fork() failure
asm-generic: sections: refactor memory_intersects
loop: Check for overflow while configuring loop
x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
btrfs: check if root is readonly while setting security xattr
btrfs: add info when mount fails due to stale replace target
btrfs: replace: drop assert for suspended replace
btrfs: fix silent failure when deleting root reference
ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
net: Fix a data-race around sysctl_somaxconn.
net: Fix a data-race around netdev_budget_usecs.
net: Fix a data-race around netdev_budget.
net: Fix a data-race around sysctl_net_busy_read.
net: Fix a data-race around sysctl_net_busy_poll.
net: Fix a data-race around sysctl_tstamp_allow_data.
ratelimit: Fix data-races in ___ratelimit().
net: Fix data-races around netdev_tstamp_prequeue.
net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
netfilter: nft_tunnel: restrict it to netdev family
netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
netfilter: nft_payload: do not truncate csum_offset and csum_type
netfilter: nft_payload: report ERANGE for too long offset and length
bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
netfilter: ebtables: reject blobs that don't provide all entry points
net: ipvtap - add __init/__exit annotations to module init/exit funcs
bonding: 802.3ad: fix no transmission of LACPDUs
net: moxa: get rid of asymmetry in DMA mapping/unmapping
net/mlx5e: Properly disable vlan strip on non-UL reps
rose: check NULL rose_loopback_neigh->loopback
SUNRPC: RPC level errors should set task->tk_rpc_status
af_key: Do not call xfrm_probe_algs in parallel
xfrm: fix refcount leak in __xfrm_policy_check()
kernel/sched: Remove dl_boosted flag comment
sched/deadline: Fix priority inheritance with multiple scheduling classes
sched/deadline: Fix stale throttling on de-/boosted tasks
sched/deadline: Unthrottle PI boosted threads while enqueuing
pinctrl: amd: Don't save/restore interrupt status and wake status bits
Revert "selftests/bpf: Fix test_align verifier log patterns"
Revert "selftests/bpf: Fix "dubious pointer arithmetic" test"
usb: cdns3: Fix issue for clear halt endpoint
kernel/sys_ni: add compat entry for fadvise64_64
parisc: Fix exception handler for fldw and fstw instructions
audit: fix potential double free on error path from fsnotify_add_inode_mark
Revert "USB: HCD: Fix URB giveback issue in tasklet function"
Linux 5.4.211
btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
btrfs: only write the sectors in the vertical stripe which has data stripes
can: j1939: j1939_session_destroy(): fix memory leak of skbs
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
tracing/probes: Have kprobes and uprobes use $COMM too
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
powerpc/64: Init jump labels before parse_early_param()
smb3: check xattr value length earlier
f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
ALSA: timer: Use deferred fasync helper
ALSA: core: Add async signal helpers
powerpc/32: Don't always pass -mcpu=powerpc to the compiler
watchdog: export lockup_detector_reconfigure
RISC-V: Add fast call path of crash_kexec()
riscv: mmap with PROT_WRITE but no PROT_READ is invalid
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
vfio: Clear the caps->buf to NULL after free
tty: serial: Fix refcount leak bug in ucc_uart.c
lib/list_debug.c: Detect uninitialized lists
ext4: avoid resizing to a partial cluster size
ext4: avoid remove directory when directory is corrupted
drivers:md:fix a potential use-after-free bug
nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
selftests/kprobe: Do not test for GRP/ without event failures
um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
PCI/ACPI: Guard ARM64-specific mcfg_quirks
cxl: Fix a memory leak in an error handling path
gadgetfs: ep_io - wait until IRQ finishes
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
vboxguest: Do not use devm for irq
usb: renesas: Fix refcount leak bug
usb: host: ohci-ppc-of: Fix refcount leak bug
drm/meson: Fix overflow implicit truncation warnings
irqchip/tegra: Fix overflow implicit truncation warnings
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
usb: cdns3 fix use-after-free at workaround 2
PCI: Add ACS quirk for Broadcom BCM5750x NICs
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
locking/atomic: Make test_and_*_bit() ordered on failure
gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
igb: Add lock to avoid data race
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
i40e: Fix to stop tx_timeout recovery if GLOBR fails
ice: Ignore EEXIST when setting promisc mode
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
net: moxa: pass pdev instead of ndev to DMA functions
net: dsa: mv88e6060: prevent crash on an unused port
powerpc/pci: Fix get_phb_number() locking
netfilter: nf_tables: really skip inactive sets when allocating name
clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
iavf: Fix adminq error handling
nios2: add force_successful_syscall_return()
nios2: restarts apply only to the first sigframe we build...
nios2: fix syscall restart checks
nios2: traced syscall does need to check the syscall number
nios2: don't leave NULLs in sys_call_table[]
nios2: page fault et.al. are *not* restartable syscalls...
tee: add overflow check in register_shm_helper()
dpaa2-eth: trace the allocated address instead of page struct
atm: idt77252: fix use-after-free bugs caused by tst_timer
xen/xenbus: fix return type in xenbus_file_read()
nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
NTB: ntb_tool: uninitialized heap data in tool_fn_write()
tools build: Switch to new openssl API for test-libcrypto
tools/vm/slabinfo: use alphabetic order when two values are equal
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
vsock: Fix memory leak in vsock_connect()
plip: avoid rcu debug splat
geneve: do not use RT_TOS for IPv6 flowlabel
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
net: bgmac: Fix a BUG triggered by wrong bytes_compl
devlink: Fix use-after-free after a failed reload
SUNRPC: Reinitialise the backchannel request buffers before reuse
sunrpc: fix expiry of auth creds
can: mcp251x: Fix race condition on receive interrupt
NFSv4/pnfs: Fix a use-after-free bug in open
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
NFSv4: Fix races in the legacy idmapper upcall
NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
NFSv4.1: Don't decrease the value of seq_nr_highest_sent
Documentation: ACPI: EINJ: Fix obsolete example
apparmor: Fix memleak in aa_simple_write_to_buffer()
apparmor: fix reference count leak in aa_pivotroot()
apparmor: fix overlapping attachment computation
apparmor: fix aa_label_asxprint return check
apparmor: Fix failed mount permission check error message
apparmor: fix absroot causing audited secids to begin with =
apparmor: fix quiet_denied for file rules
can: ems_usb: fix clang's -Wunaligned-access warning
tracing: Have filter accept "common_cpu" to be consistent
btrfs: fix lost error handling when looking up extended ref on log replay
mmc: pxamci: Fix an error handling path in pxamci_probe()
mmc: pxamci: Fix another error handling path in pxamci_probe()
ata: libata-eh: Add missing command name
rds: add missing barrier to release_refill
ALSA: info: Fix llseek return value when using callback
net_sched: cls_route: disallow handle of 0
net/9p: Initialize the iounit field during fid creation
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
scsi: sg: Allow waiting for commands to complete on removed device
tcp: fix over estimation in sk_forced_mem_schedule()
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
KVM: Add infrastructure and macro to mark VM as bugged
btrfs: reject log replay if there is unsupported RO compat flag
net_sched: cls_route: remove from list when handle is 0
iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
timekeeping: contribute wall clock to rng on time change
ACPI: CPPC: Do not prevent CPPC from working in the future
dm writecache: set a default MAX_WRITEBACK_JOBS
dm thin: fix use-after-free crash in dm_sm_register_threshold_callback
dm raid: fix address sanitizer warning in raid_status
dm raid: fix address sanitizer warning in raid_resume
intel_th: pci: Add Meteor Lake-P support
intel_th: pci: Add Raptor Lake-S PCH support
intel_th: pci: Add Raptor Lake-S CPU support
ext4: correct the misjudgment in ext4_iget_extra_inode
ext4: correct max_inline_xattr_value_size computing
ext4: fix extent status tree race in writeback error recovery path
ext4: update s_overhead_clusters in the superblock during an on-line resize
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: make sure ext4_append() always allocates new block
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
btrfs: reset block group chunk force if we have to wait
tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
x86/olpc: fix 'logical not is only applied to the left hand side'
scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
scsi: qla2xxx: Turn off multi-queue for 8G adapters
scsi: qla2xxx: Fix discovery issues in FC-AL topology
scsi: zfcp: Fix missing auto port scan and thus missing target ports
video: fbdev: s3fb: Check the size of screen before memset_io()
video: fbdev: arkfb: Check the size of screen before memset_io()
video: fbdev: vt8623fb: Check the size of screen before memset_io()
tools/thermal: Fix possible path truncations
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
x86/numa: Use cpumask_available instead of hardcoded NULL check
scripts/faddr2line: Fix vmlinux detection on arm64
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
powerpc/pci: Fix PHB numbering when using opal-phbid
kprobes: Forbid probing on trampoline and BPF code areas
perf symbol: Fail to read phdr workaround
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
powerpc/xive: Fix refcount leak in xive_get_max_prio
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
video: fbdev: sis: fix typos in SiS_GetModeID()
video: fbdev: amba-clcd: Fix refcount leak bugs
watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe()
ASoC: audio-graph-card: Add of_node_put() in fail path
fuse: Remove the control interface for virtio-fs
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
s390/zcore: fix race when reading from hardware system area
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
mfd: max77620: Fix refcount leak in max77620_initialise_fps
mfd: t7l66xb: Drop platform disable callback
kfifo: fix kfifo_to_user() return type
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
iommu/exynos: Handle failed IOMMU device registration properly
tty: n_gsm: fix missing corner cases in gsmld_poll()
tty: n_gsm: fix DM command
tty: n_gsm: fix wrong T1 retry count handling
vfio/ccw: Do not change FSM state in subchannel event
remoteproc: qcom: wcnss: Fix handling of IRQs
tty: n_gsm: fix race condition in gsmld_write()
tty: n_gsm: fix packet re-transmission without open control channel
tty: n_gsm: fix non flow control frames during mux flow off
profiling: fix shift too large makes kernel panic
ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
ASoC: codecs: da7210: add check for i2c_add_driver
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
opp: Fix error check in dev_pm_opp_attach_genpd()
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
ext4: recover csum seed of tmp_inode after migrating to extents
jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction()
null_blk: fix ida error handling in null_add_dev()
RDMA/rxe: Fix error unwind in rxe_create_qp()
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
platform/olpc: Fix uninitialized data in debugfs write
USB: serial: fix tty-port initialized comments
PCI: tegra194: Fix link up retry sequence
PCI: tegra194: Fix Root Port interrupt handling
HID: alps: Declare U1_UNICORN_LEGACY support
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event
RDMA/hns: Fix incorrect clearing of interrupt status register
usb: gadget: udc: amd5536 depends on HAS_DMA
scsi: smartpqi: Fix DMA direction for RAID requests
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
memstick/ms_block: Fix a memory leak
memstick/ms_block: Fix some incorrect memory allocation
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
intel_th: msu: Fix vmalloced buffers
intel_th: msu-sink: Potential dereference of null pointer
intel_th: Fix a resource leak in an error handling path
soundwire: bus_type: fix remove and shutdown support
clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
clk: qcom: ipq8074: fix NSS port frequency tables
usb: host: xhci: use snprintf() in xhci_decode_trb()
clk: qcom: clk-krait: unlock spin after mux completion
driver core: fix potential deadlock in __driver_attach
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
clk: mediatek: reset: Fix written reset bit offset
usb: xhci: tegra: Fix error check
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
fpga: altera-pr-ip: fix unsigned comparison with less than zero
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
mtd: partitions: Fix refcount leak in parse_redboot_of
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
mtd: rawnand: meson: Fix a potential double free issue
mtd: maps: Fix refcount leak in ap_flash_init
mtd: maps: Fix refcount leak in of_flash_probe_versatile
clk: renesas: r9a06g032: Fix UART clkgrp bitsel
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
net: rose: fix netdev reference changes
netdevsim: Avoid allocation warnings triggered from user space
iavf: Fix max_rate limiting
crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
wifi: libertas: Fix possible refcount leak in if_usb_probe()
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
i2c: cadence: Support PEC for SMBus block read
Bluetooth: hci_intel: Add check for platform_driver_register
can: pch_can: pch_can_error(): initialize errc before using it
can: error: specify the values of data[5..7] of CAN error frames
can: usb_8dev: do not report txerr and rxerr during bus-off
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
can: sun4i_can: do not report txerr and rxerr during bus-off
can: hi311x: do not report txerr and rxerr during bus-off
can: sja1000: do not report txerr and rxerr during bus-off
can: rcar_can: do not report txerr and rxerr during bus-off
can: pch_can: do not report txerr and rxerr during bus-off
selftests/bpf: fix a test for snprintf() overflow
wifi: p54: add missing parentheses in p54_flush()
wifi: p54: Fix an error handling path in p54spi_probe()
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
fs: check FMODE_LSEEK to control internal pipe splicing
selftests: timers: clocksource-switch: fix passing errors from child
selftests: timers: valid-adjtimex: build fix for newer toolchains
libbpf: Fix the name of a reused map
tcp: make retransmitted SKB fit into the send window
drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed.
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
drm/msm/mdp5: Fix global state lock backoff
drm: bridge: sii8620: fix possible off-by-one
drm/mediatek: dpi: Only enable dpi after the bridge is enabled
drm/mediatek: dpi: Remove output format of YUV
drm/rockchip: Fix an error handling path rockchip_dp_probe()
drm/rockchip: vop: Don't crash for invalid duplicate_state()
crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
drm/vc4: dsi: Correct DSI divider calculations
drm/vc4: plane: Fix margin calculations for the right/bottom edges
drm/vc4: plane: Remove subpixel positioning check
media: hdpvr: fix error value returns in hdpvr_read
drm/mcde: Fix refcount leak in mcde_dsi_bind
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
media: tw686x: Register the irq at the end of probe
i2c: Fix a potential use after free
drm: adv7511: override i2c address of cec before accessing it
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
drm/mipi-dbi: align max_chunk to 2 in spi_transfer
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
ath10k: do not enforce interrupt trigger type
dm: return early from dm_pr_call() if DM device is suspended
thermal/tools/tmon: Include pthread and time headers in tmon.h
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created
erofs: avoid consecutive detection for Highmem memory
arm64: dts: mt7622: fix BPI-R64 WPS button
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
cpufreq: zynq: Fix refcount leak in zynq_get_revision
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
ARM: OMAP2+: Fix refcount leak in omapdss_init_of
ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
soc: fsl: guts: machine variable might be unset
ARM: dts: ast2600-evb: fix board compatible
ARM: dts: ast2500-evb: fix board compatible
x86/pmem: Fix platform-device leak in error path
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
ARM: findbit: fix overflowing offset
spi: spi-rspi: Fix PIO fallback on RZ platforms
selinux: Add boundary check in put_entry()
PM: hibernate: defer device probing when resuming from hibernation
ARM: shmobile: rcar-gen2: Increase refcount for new reference
arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
arm64: dts: qcom: ipq8074: fix NAND node name
ACPI: LPSS: Fix missing check in register_device_clock()
ACPI: PM: save NVS memory for Lenovo G40-45
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
ARM: OMAP2+: display: Fix refcount leak bug
spi: synquacer: Add missing clk_disable_unprepare()
ARM: dts: imx6ul: fix qspi node compatible
ARM: dts: imx6ul: fix lcdif node compatible
ARM: dts: imx6ul: fix csi node compatible
ARM: dts: imx6ul: change operating-points to uint32-matrix
ARM: dts: imx6ul: add missing properties for sram
wait: Fix __wait_event_hrtimeout for RT/DL tasks
genirq: Don't return error on missing optional irq_request_resources()
ext2: Add more validity checks for inode counts
arm64: fix oops in concurrently setting insn_emulation sysctls
arm64: Do not forget syscall when starting a new thread.
x86: Handle idle=nomwait cmdline properly for x86_idle
epoll: autoremove wakers even more aggressively
netfilter: nf_tables: fix null deref due to zeroed list head
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: do not allow SET_ID to refer to another table
arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
USB: HCD: Fix URB giveback issue in tasklet function
coresight: Clear the connection field properly
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
powerpc/powernv: Avoid crashing if rng is NULL
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
PCI: Add defines for normal and subtractive PCI bridges
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
md-raid10: fix KASAN warning
serial: mvebu-uart: uart2 error bits clearing
fuse: limit nsec
iio: light: isl29028: Fix the warning in isl29028_remove()
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
drm/nouveau: fix another off-by-one in nvbios_addr
drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error
parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode
parisc: Fix device names in /proc/iomem
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
usbnet: Fix linkwatch use-after-free on disconnect
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
thermal: sysfs: Fix cooling_device_stats_setup() error code path
fs: Add missing umask strip in vfs_tmpfile
vfs: Check the truncate maximum size in inode_newsize_ok()
tty: vt: initialize unicode screen buffer
ALSA: hda/realtek: Add quirk for another Asus K42JZ model
ALSA: hda/cirrus - support for iMac 12,1 model
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
mm/mremap: hold the rmap lock in write mode when moving page table entries.
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
HID: wacom: Don't register pad_input for touch switch
HID: wacom: Only report rotation for art pen
add barriers to buffer_uptodate and set_buffer_uptodate
wifi: mac80211_hwsim: use 32-bit skb cookie
wifi: mac80211_hwsim: add back erroneously removed cast
wifi: mac80211_hwsim: fix race condition in pending packet
igc: Remove _I_PHY_ID checking
ALSA: bcd2000: Fix a UAF bug on the error path of probing
scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
Makefile: link with -z noexecstack --no-warn-rwx-segments
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/arm/qcom.yaml
Documentation/devicetree/bindings/dma/moxa,moxart-dma.txt
drivers/mmc/core/sd.c
drivers/net/usb/ax88179_178a.c
drivers/rpmsg/qcom_glink_native.c
drivers/usb/dwc3/core.c
drivers/usb/typec/ucsi/ucsi.c
net/core/dev.c
net/wireless/scan.c
Change-Id: Id1996866ef5d9b7c097c39a5bdb00db413763104
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
Greg Kroah-Hartman
|
79028819d5 |
This is the 5.4.214 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMplc4ACgkQONu9yGCS aT7JAw//SoS3KufL4ygl35P1YXSX5ozYk1YxU2i5cft6ewzB62OFDxjJqc6mFzY/ GzOLmXAST6huuX22PMbdoHljdXiSPIpT8WBs5GxGZCXxBTxLznJnV4SNYHo4f3OL SzXMlqV7FgVB6kc4R0YBXOHx6kU2HcRY3c46YDYHDRlWyn9p3QE3EugVCal/LzHR eTEqCIfa7qsN2CcavhOiUzGpV3wQ6fo/E5h5p6KdweR0JS/wgqbAVGAuc2WkgKZC c8oAu3Yl2Xmf30+uVTR3/Njx2z1Dfo3RrR0HwjtLXlBGFrsji82ClXDrRI4QSHs4 CQYASpQx7lr39AZg93ElrZ9k+LRoY6f9m+exDfJmuoJNKzPIUuXtbvORnAAi7UJt HzN1YbIqsedjaA4x1FEOBodinYZEdwhL6SBrA03sg1VLDM6CZH2PKo00A1YuYdSF XMK/eUDdvmK7NtW0B9B0lMFx5xR1UO/cj86W1lq+SldB216K0WBzqH0xydRLBbUW 57n/oshrFZUsjk/FBcO6neJuK+9XQTIjEw4UE8F1yxUdUm9WAeO9A2UKEdseVC8D bdW7FtgjBOAL+q8KGDbW1zYQJ4Hn4c/d/nIs86R1I2uqCI9+keAFa8eu9adZ6riw uuc5C5uKB1pj2h6fLQqzdyT0/JmkbHBqIJ+SDqcgGg0hGks5124= =4Rji -----END PGP SIGNATURE----- Merge 5.4.214 into android11-5.4-lts Changes in 5.4.214 drm/msm/rd: Fix FIFO-full deadlock HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message tg3: Disable tg3 device on system reboot to avoid triggering AER ieee802154: cc2520: add rc code in cc2520_tx() Input: iforce - add support for Boeder Force Feedback Wheel nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() perf/arm_pmu_platform: fix tests for platform_get_irq() failure platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() net: dp83822: disable rx error interrupt soc: fsl: select FSL_GUTS driver for DPIO tracefs: Only clobber mode/uid/gid on remount if asked Linux 5.4.214 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I034f32293503012d4c66b6c2b2f2eb2bea8d2b8b |
||
|
Greg Kroah-Hartman
|
51223c9db5 |
This is the 5.4.212 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMVswkACgkQONu9yGCS
aT5AcA//eKOG3lSbvbott2AIS66Lkcl+1uLfqYwQRa6s8pTurvFWt5gEnHN6GrCi
NtcTU4F2WVavCj4YjNTwaqg4U+s2a9sudaVvsQHHcyc8QrTCWbQNcEjZmodAgspD
BBnK1CV7s/TRT6V4lb2N9tzOcmxEL32aLCizLS/+KGp9yTKTlHG778BQXWAxzwGB
91IUh0QWKGaK+tG+6tGSvDwYBc0P/02Gdk+v6oxVhIdzojLZzVP0luGMffDg+a9P
6BPPjxwNpKLxu97us9Xdufb6APHgxFYN1KPxA8AGh4JAeaz4yIhaA5rxnvZOsPIo
7dcBgySXdcelYXCtZ0K5bXJITHj5DMv9++l5f0gSEjx8BFXwc8/6ogFC2W8awoys
wvK6jt1glbhcyXVdThCoZ8a0jVYM4x2YbFl/jp2EoP7lJEmvMQKCJHWhKZ8u58vN
dCtoDXZe0JiGldoFPzeJXCw+qN2P8G+N6sh/J+twQXHBmBMFR7HmpmYVqpAhJ9Mb
ixItRBPVGct8njC7PgdRG4RaJqk41Symes6q5mnaMEGQgYzbe250OIoiclSHkUaC
+y9Pq/gThKQEdd8T2fwIPYTUMpnq7GX1VDOVDW8gxADKWGl8/0UZUC3ldt+v+wfM
Xl6ftWamDkZTz9DL5ctHl2ByfdTISAnL4tl6R0FScLP17ANOTNo=
=V2/s
-----END PGP SIGNATURE-----
Merge 5.4.212 into android11-5.4-lts
Changes in 5.4.212
audit: fix potential double free on error path from fsnotify_add_inode_mark
parisc: Fix exception handler for fldw and fstw instructions
kernel/sys_ni: add compat entry for fadvise64_64
usb: cdns3: Fix issue for clear halt endpoint
Revert "selftests/bpf: Fix "dubious pointer arithmetic" test"
Revert "selftests/bpf: Fix test_align verifier log patterns"
pinctrl: amd: Don't save/restore interrupt status and wake status bits
sched/deadline: Unthrottle PI boosted threads while enqueuing
sched/deadline: Fix stale throttling on de-/boosted tasks
sched/deadline: Fix priority inheritance with multiple scheduling classes
kernel/sched: Remove dl_boosted flag comment
xfrm: fix refcount leak in __xfrm_policy_check()
af_key: Do not call xfrm_probe_algs in parallel
SUNRPC: RPC level errors should set task->tk_rpc_status
rose: check NULL rose_loopback_neigh->loopback
net/mlx5e: Properly disable vlan strip on non-UL reps
net: moxa: get rid of asymmetry in DMA mapping/unmapping
bonding: 802.3ad: fix no transmission of LACPDUs
net: ipvtap - add __init/__exit annotations to module init/exit funcs
netfilter: ebtables: reject blobs that don't provide all entry points
bnxt_en: fix NQ resource accounting during vf creation on 57500 chips
netfilter: nft_payload: report ERANGE for too long offset and length
netfilter: nft_payload: do not truncate csum_offset and csum_type
netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
netfilter: nft_tunnel: restrict it to netdev family
net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
net: Fix data-races around netdev_tstamp_prequeue.
ratelimit: Fix data-races in ___ratelimit().
net: Fix a data-race around sysctl_tstamp_allow_data.
net: Fix a data-race around sysctl_net_busy_poll.
net: Fix a data-race around sysctl_net_busy_read.
net: Fix a data-race around netdev_budget.
net: Fix a data-race around netdev_budget_usecs.
net: Fix a data-race around sysctl_somaxconn.
ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
btrfs: fix silent failure when deleting root reference
btrfs: replace: drop assert for suspended replace
btrfs: add info when mount fails due to stale replace target
btrfs: check if root is readonly while setting security xattr
x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
loop: Check for overflow while configuring loop
asm-generic: sections: refactor memory_intersects
s390: fix double free of GS and RI CBs on fork() failure
ACPI: processor: Remove freq Qos request for all CPUs
mm/hugetlb: fix hugetlb not supporting softdirty tracking
md: call __md_stop_writes in md_stop
perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU
scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
s390/mm: do not trigger write fault when vma does not allow VM_WRITE
x86/bugs: Add "unknown" reporting for MMIO Stale Data
kbuild: Fix include path in scripts/Makefile.modpost
Bluetooth: L2CAP: Fix build errors in some archs
HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
udmabuf: Set the DMA mask for the udmabuf device (v2)
media: pvrusb2: fix memory leak in pvr_probe
HID: hidraw: fix memory leak in hidraw_release()
fbdev: fb_pm2fb: Avoid potential divide by zero error
ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
bpf: Don't redirect packets with invalid pkt_len
mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
btrfs: introduce btrfs_lookup_match_dir
btrfs: do not pin logs too early during renames
btrfs: unify lookup return value when dir entry is missing
drm/amd/display: Avoid MPC infinite loop
drm/amd/display: clear optc underflow before turn off odm clock
neigh: fix possible DoS due to net iface start/stop loop
s390/hypfs: avoid error message under KVM
drm/amd/display: Fix pixel clock programming
netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
btrfs: tree-checker: check for overlapping extent items
lib/vdso: Let do_coarse() return 0 to simplify the callsite
lib/vdso: Mark do_hres() and do_coarse() as __always_inline
kprobes: don't call disarm_kprobe() for disabled kprobes
io_uring: disable polling pollfree files
net/af_packet: check len when min_header_len equals to 0
net: neigh: don't call kfree_skb() under spin_lock_irqsave()
Linux 5.4.212
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1ef70da3d0bb05506a0c4b6b29c0bf9305a7f5c5
|
||
Jann Horn
|
c128bff9ff |
mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
This is a stable-specific patch.
I botched the stable-specific rewrite of
commit b67fbebd4cf98 ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"):
As Hugh pointed out, unmap_region() actually operates on a list of VMAs,
and the variable "vma" merely points to the first VMA in that list.
So if we want to check whether any of the VMAs we're operating on is
PFNMAP or MIXEDMAP, we have to iterate through the list and check each VMA.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jann Horn
|
c9c5501e81 |
mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
commit b67fbebd4cf980aecbcc750e1462128bffe8ae15 upstream.
Some drivers rely on having all VMAs through which a PFN might be
accessible listed in the rmap for correctness.
However, on X86, it was possible for a VMA with stale TLB entries
to not be listed in the rmap.
This was fixed in mainline with
commit b67fbebd4cf9 ("mmu_gather: Force tlb-flush VM_PFNMAP vmas"),
but that commit relies on preceding refactoring in
commit 18ba064e42df3 ("mmu_gather: Let there be one tlb_{start,end}_vma()
implementation") and commit 1e9fdf21a4339 ("mmu_gather: Remove per arch
tlb_{start,end}_vma()").
This patch provides equivalent protection without needing that
refactoring, by forcing a TLB flush between removing PTEs in
unmap_vmas() and the call to unlink_file_vma() in free_pgtables().
[This is a stable-specific rewrite of the upstream commit!]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
David Hildenbrand
|
f35c4fec07 |
mm/hugetlb: fix hugetlb not supporting softdirty tracking
commit f96f7a40874d7c746680c0b9f57cef2262ae551f upstream.
Patch series "mm/hugetlb: fix write-fault handling for shared mappings", v2.
I observed that hugetlb does not support/expect write-faults in shared
mappings that would have to map the R/O-mapped page writable -- and I
found two case where we could currently get such faults and would
erroneously map an anon page into a shared mapping.
Reproducers part of the patches.
I propose to backport both fixes to stable trees. The first fix needs a
small adjustment.
This patch (of 2):
Staring at hugetlb_wp(), one might wonder where all the logic for shared
mappings is when stumbling over a write-protected page in a shared
mapping. In fact, there is none, and so far we thought we could get away
with that because e.g., mprotect() should always do the right thing and
map all pages directly writable.
Looks like we were wrong:
--------------------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <sys/mman.h>
#define HUGETLB_SIZE (2 * 1024 * 1024u)
static void clear_softdirty(void)
{
int fd = open("/proc/self/clear_refs", O_WRONLY);
const char *ctrl = "4";
int ret;
if (fd < 0) {
fprintf(stderr, "open(clear_refs) failed\n");
exit(1);
}
ret = write(fd, ctrl, strlen(ctrl));
if (ret != strlen(ctrl)) {
fprintf(stderr, "write(clear_refs) failed\n");
exit(1);
}
close(fd);
}
int main(int argc, char **argv)
{
char *map;
int fd;
fd = open("/dev/hugepages/tmp", O_RDWR | O_CREAT);
if (!fd) {
fprintf(stderr, "open() failed\n");
return -errno;
}
if (ftruncate(fd, HUGETLB_SIZE)) {
fprintf(stderr, "ftruncate() failed\n");
return -errno;
}
map = mmap(NULL, HUGETLB_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (map == MAP_FAILED) {
fprintf(stderr, "mmap() failed\n");
return -errno;
}
*map = 0;
if (mprotect(map, HUGETLB_SIZE, PROT_READ)) {
fprintf(stderr, "mmprotect() failed\n");
return -errno;
}
clear_softdirty();
if (mprotect(map, HUGETLB_SIZE, PROT_READ|PROT_WRITE)) {
fprintf(stderr, "mmprotect() failed\n");
return -errno;
}
*map = 0;
return 0;
}
--------------------------------------------------------------------------
Above test fails with SIGBUS when there is only a single free hugetlb page.
# echo 1 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
# ./test
Bus error (core dumped)
And worse, with sufficient free hugetlb pages it will map an anonymous page
into a shared mapping, for example, messing up accounting during unmap
and breaking MAP_SHARED semantics:
# echo 2 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
# ./test
# cat /proc/meminfo | grep HugePages_
HugePages_Total: 2
HugePages_Free: 1
HugePages_Rsvd: 18446744073709551615
HugePages_Surp: 0
Reason in this particular case is that vma_wants_writenotify() will
return "true", removing VM_SHARED in vma_set_page_prot() to map pages
write-protected. Let's teach vma_wants_writenotify() that hugetlb does not
support softdirty tracking.
Link: https://lkml.kernel.org/r/20220811103435.188481-1-david@redhat.com
Link: https://lkml.kernel.org/r/20220811103435.188481-2-david@redhat.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
05426a3d4f |
This is the 5.4.211 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMHPogACgkQONu9yGCS aT6GgQ//eILgoV9jHOdWFDlOqWz80zTFxPo2d1Fyd+jKbxI9Joj6raMfyhbNQA5z sNS6B21FTC1V9TkPwt3/TaghYZlBvYutcIUWVgxvKHM2m2QCyiS6Y7VgfnqTVU2J C6Ri0zabWf0X2eahdDAd0uOxhejSbewo+3Xfv2Y090kOWKxj5b1SjQoo7/OapBFi 8ZZ60qamP5/Qfs3rTiVNDYHqY+n1okYuOpEL78Zh/imGC71ZfyKVZgAe/WHHaXtQ KBug0mmr/9K2yMFYdXmuPdOZrS66A2sklsaw+WdXIboZKhAMF16KkkNvN2BExX5G Hf03MRfCAEFDndhGO16X07WDNIr/CQaEYLjAn6PE1cGnIncQMw2vyWMHGiNlOdLO JZiOcyVEW6cao7vLmQD/Rk6x44nOlm+ttzxMD2spHwAU4tSM7aM0SrAvM201R8Vc 6hs6m1+NQr9XNEiH+QT+A4+cbIeOd/b8hkQdjB/uvlS0HTUNu4SGNlL7s3nwuB8D a1chV1VbmYfIjSyY6ffr3hNrTHfHSZN2M5otK2iDmvYlTrrbOAu6sPXCWHKskKSf Dm43Le+NaZmBHSS36ejcQKGdNpZ35H7uQ89bzuo5/kisQ4fY4VnQSYFNgmnRAY+s nOvbrj7M4K+QvumYBT1efoMrMYgXRYQSQOc03Mq7AQYuJBrQv/4= =U/Z1 -----END PGP SIGNATURE----- Merge 5.4.211 into android11-5.4-lts Changes in 5.4.211 Makefile: link with -z noexecstack --no-warn-rwx-segments x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" ALSA: bcd2000: Fix a UAF bug on the error path of probing igc: Remove _I_PHY_ID checking wifi: mac80211_hwsim: fix race condition in pending packet wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: use 32-bit skb cookie add barriers to buffer_uptodate and set_buffer_uptodate HID: wacom: Only report rotation for art pen HID: wacom: Don't register pad_input for touch switch KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP mm/mremap: hold the rmap lock in write mode when moving page table entries. ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/realtek: Add quirk for another Asus K42JZ model tty: vt: initialize unicode screen buffer vfs: Check the truncate maximum size in inode_newsize_ok() fs: Add missing umask strip in vfs_tmpfile thermal: sysfs: Fix cooling_device_stats_setup() error code path fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters usbnet: Fix linkwatch use-after-free on disconnect ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() parisc: Fix device names in /proc/iomem parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error drm/nouveau: fix another off-by-one in nvbios_addr drm/amdgpu: Check BO's requested pinning domains against its preferred_domains iio: light: isl29028: Fix the warning in isl29028_remove() fuse: limit nsec serial: mvebu-uart: uart2 error bits clearing md-raid10: fix KASAN warning ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() PCI: Add defines for normal and subtractive PCI bridges powerpc/fsl-pci: Fix Class Code of PCIe Root Port powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E powerpc/powernv: Avoid crashing if rng is NULL MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK coresight: Clear the connection field properly USB: HCD: Fix URB giveback issue in tasklet function ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC netfilter: nf_tables: do not allow SET_ID to refer to another table netfilter: nf_tables: do not allow RULE_ID to refer to another chain netfilter: nf_tables: fix null deref due to zeroed list head epoll: autoremove wakers even more aggressively x86: Handle idle=nomwait cmdline properly for x86_idle arm64: Do not forget syscall when starting a new thread. arm64: fix oops in concurrently setting insn_emulation sysctls ext2: Add more validity checks for inode counts genirq: Don't return error on missing optional irq_request_resources() wait: Fix __wait_event_hrtimeout for RT/DL tasks ARM: dts: imx6ul: add missing properties for sram ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: fix csi node compatible ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: fix qspi node compatible spi: synquacer: Add missing clk_disable_unprepare() ARM: OMAP2+: display: Fix refcount leak bug ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: LPSS: Fix missing check in register_device_clock() arm64: dts: qcom: ipq8074: fix NAND node name arm64: dts: allwinner: a64: orangepi-win: Fix LED node name ARM: shmobile: rcar-gen2: Increase refcount for new reference PM: hibernate: defer device probing when resuming from hibernation selinux: Add boundary check in put_entry() spi: spi-rspi: Fix PIO fallback on RZ platforms ARM: findbit: fix overflowing offset meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: bcm: Fix refcount leak in bcm_kona_smc_init x86/pmem: Fix platform-device leak in error path ARM: dts: ast2500-evb: fix board compatible ARM: dts: ast2600-evb: fix board compatible soc: fsl: guts: machine variable might be unset ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg ARM: OMAP2+: Fix refcount leak in omapdss_init_of ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init cpufreq: zynq: Fix refcount leak in zynq_get_revision soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register ARM: dts: qcom: pm8841: add required thermal-sensor-cells bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() arm64: dts: mt7622: fix BPI-R64 WPS button erofs: avoid consecutive detection for Highmem memory blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created regulator: of: Fix refcount leak bug in of_get_regulation_constraints() nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() thermal/tools/tmon: Include pthread and time headers in tmon.h dm: return early from dm_pr_call() if DM device is suspended ath10k: do not enforce interrupt trigger type wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() drm/mipi-dbi: align max_chunk to 2 in spi_transfer drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm: adv7511: override i2c address of cec before accessing it i2c: Fix a potential use after free media: tw686x: Register the irq at the end of probe ath9k: fix use-after-free in ath9k_hif_usb_rx_cb wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() drm: bridge: adv7511: Add check for mipi_dsi_driver_register drm/mcde: Fix refcount leak in mcde_dsi_bind media: hdpvr: fix error value returns in hdpvr_read drm/vc4: plane: Remove subpixel positioning check drm/vc4: plane: Fix margin calculations for the right/bottom edges drm/vc4: dsi: Correct DSI divider calculations crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE drm/rockchip: vop: Don't crash for invalid duplicate_state() drm/rockchip: Fix an error handling path rockchip_dp_probe() drm/mediatek: dpi: Remove output format of YUV drm/mediatek: dpi: Only enable dpi after the bridge is enabled drm: bridge: sii8620: fix possible off-by-one drm/msm/mdp5: Fix global state lock backoff crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. tcp: make retransmitted SKB fit into the send window libbpf: Fix the name of a reused map selftests: timers: valid-adjtimex: build fix for newer toolchains selftests: timers: clocksource-switch: fix passing errors from child fs: check FMODE_LSEEK to control internal pipe splicing wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() wifi: p54: Fix an error handling path in p54spi_probe() wifi: p54: add missing parentheses in p54_flush() selftests/bpf: fix a test for snprintf() overflow can: pch_can: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: usb_8dev: do not report txerr and rxerr during bus-off can: error: specify the values of data[5..7] of CAN error frames can: pch_can: pch_can_error(): initialize errc before using it Bluetooth: hci_intel: Add check for platform_driver_register i2c: cadence: Support PEC for SMBus block read i2c: mux-gpmux: Add of_node_put() when breaking out of loop wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue wifi: libertas: Fix possible refcount leak in if_usb_probe() net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of iavf: Fix max_rate limiting netdevsim: Avoid allocation warnings triggered from user space net: rose: fix netdev reference changes dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock clk: renesas: r9a06g032: Fix UART clkgrp bitsel mtd: maps: Fix refcount leak in of_flash_probe_versatile mtd: maps: Fix refcount leak in ap_flash_init mtd: rawnand: meson: Fix a potential double free issue HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release mtd: partitions: Fix refcount leak in parse_redboot_of mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path fpga: altera-pr-ip: fix unsigned comparison with less than zero usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: xhci: tegra: Fix error check clk: mediatek: reset: Fix written reset bit offset misc: rtsx: Fix an error handling path in rtsx_pci_probe() driver core: fix potential deadlock in __driver_attach clk: qcom: clk-krait: unlock spin after mux completion usb: host: xhci: use snprintf() in xhci_decode_trb() clk: qcom: ipq8074: fix NSS port frequency tables clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks clk: qcom: camcc-sdm845: Fix topology around titan_top power domain soundwire: bus_type: fix remove and shutdown support intel_th: Fix a resource leak in an error handling path intel_th: msu-sink: Potential dereference of null pointer intel_th: msu: Fix vmalloced buffers staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch memstick/ms_block: Fix some incorrect memory allocation memstick/ms_block: Fix a memory leak mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R scsi: smartpqi: Fix DMA direction for RAID requests usb: gadget: udc: amd5536 depends on HAS_DMA RDMA/hns: Fix incorrect clearing of interrupt status register RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event RDMA/hfi1: fix potential memory leak in setup_base_ctxt() gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() mmc: cavium-octeon: Add of_node_put() when breaking out of loop mmc: cavium-thunderx: Add of_node_put() when breaking out of loop HID: alps: Declare U1_UNICORN_LEGACY support PCI: tegra194: Fix Root Port interrupt handling PCI: tegra194: Fix link up retry sequence USB: serial: fix tty-port initialized comments platform/olpc: Fix uninitialized data in debugfs write mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region RDMA/rxe: Fix error unwind in rxe_create_qp() null_blk: fix ida error handling in null_add_dev() jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() ext4: recover csum seed of tmp_inode after migrating to extents jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted opp: Fix error check in dev_pm_opp_attach_genpd() ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV profiling: fix shift too large makes kernel panic tty: n_gsm: fix non flow control frames during mux flow off tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix race condition in gsmld_write() remoteproc: qcom: wcnss: Fix handling of IRQs vfio/ccw: Do not change FSM state in subchannel event tty: n_gsm: fix wrong T1 retry count handling tty: n_gsm: fix DM command tty: n_gsm: fix missing corner cases in gsmld_poll() iommu/exynos: Handle failed IOMMU device registration properly rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge kfifo: fix kfifo_to_user() return type mfd: t7l66xb: Drop platform disable callback mfd: max77620: Fix refcount leak in max77620_initialise_fps iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop s390/zcore: fix race when reading from hardware system area ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() fuse: Remove the control interface for virtio-fs ASoC: audio-graph-card: Add of_node_put() in fail path watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() video: fbdev: amba-clcd: Fix refcount leak bugs video: fbdev: sis: fix typos in SiS_GetModeID() powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address perf symbol: Fail to read phdr workaround kprobes: Forbid probing on trampoline and BPF code areas powerpc/pci: Fix PHB numbering when using opal-phbid genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO scripts/faddr2line: Fix vmlinux detection on arm64 x86/numa: Use cpumask_available instead of hardcoded NULL check video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() tools/thermal: Fix possible path truncations video: fbdev: vt8623fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: s3fb: Check the size of screen before memset_io() scsi: zfcp: Fix missing auto port scan and thus missing target ports scsi: qla2xxx: Fix discovery issues in FC-AL topology scsi: qla2xxx: Turn off multi-queue for 8G adapters scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection x86/olpc: fix 'logical not is only applied to the left hand side' spmi: trace: fix stack-out-of-bound access in SPMI tracing functions kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH btrfs: reset block group chunk force if we have to wait ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h ext4: make sure ext4_append() always allocates new block ext4: fix use-after-free in ext4_xattr_set_entry ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix extent status tree race in writeback error recovery path ext4: correct max_inline_xattr_value_size computing ext4: correct the misjudgment in ext4_iget_extra_inode intel_th: pci: Add Raptor Lake-S CPU support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Meteor Lake-P support dm raid: fix address sanitizer warning in raid_resume dm raid: fix address sanitizer warning in raid_status dm thin: fix use-after-free crash in dm_sm_register_threshold_callback dm writecache: set a default MAX_WRITEBACK_JOBS ACPI: CPPC: Do not prevent CPPC from working in the future timekeeping: contribute wall clock to rng on time change firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) net_sched: cls_route: remove from list when handle is 0 btrfs: reject log replay if there is unsupported RO compat flag KVM: Add infrastructure and macro to mark VM as bugged KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() tcp: fix over estimation in sk_forced_mem_schedule() scsi: sg: Allow waiting for commands to complete on removed device Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression net/9p: Initialize the iounit field during fid creation net_sched: cls_route: disallow handle of 0 ALSA: info: Fix llseek return value when using callback rds: add missing barrier to release_refill ata: libata-eh: Add missing command name mmc: pxamci: Fix another error handling path in pxamci_probe() mmc: pxamci: Fix an error handling path in pxamci_probe() btrfs: fix lost error handling when looking up extended ref on log replay tracing: Have filter accept "common_cpu" to be consistent can: ems_usb: fix clang's -Wunaligned-access warning apparmor: fix quiet_denied for file rules apparmor: fix absroot causing audited secids to begin with = apparmor: Fix failed mount permission check error message apparmor: fix aa_label_asxprint return check apparmor: fix overlapping attachment computation apparmor: fix reference count leak in aa_pivotroot() apparmor: Fix memleak in aa_simple_write_to_buffer() Documentation: ACPI: EINJ: Fix obsolete example NFSv4.1: Don't decrease the value of seq_nr_highest_sent NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly NFSv4: Fix races in the legacy idmapper upcall NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4/pnfs: Fix a use-after-free bug in open can: mcp251x: Fix race condition on receive interrupt sunrpc: fix expiry of auth creds SUNRPC: Reinitialise the backchannel request buffers before reuse devlink: Fix use-after-free after a failed reload net: bgmac: Fix a BUG triggered by wrong bytes_compl pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: sunxi: Add I/O bias setting for H6 R-PIO ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool geneve: do not use RT_TOS for IPv6 flowlabel plip: avoid rcu debug splat vsock: Fix memory leak in vsock_connect() vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() dt-bindings: arm: qcom: fix MSM8916 MTP compatibles tools/vm/slabinfo: use alphabetic order when two values are equal tools build: Switch to new openssl API for test-libcrypto NTB: ntb_tool: uninitialized heap data in tool_fn_write() nfp: ethtool: fix the display error of `ethtool -m DEVNAME` xen/xenbus: fix return type in xenbus_file_read() atm: idt77252: fix use-after-free bugs caused by tst_timer dpaa2-eth: trace the allocated address instead of page struct tee: add overflow check in register_shm_helper() nios2: page fault et.al. are *not* restartable syscalls... nios2: don't leave NULLs in sys_call_table[] nios2: traced syscall does need to check the syscall number nios2: fix syscall restart checks nios2: restarts apply only to the first sigframe we build... nios2: add force_successful_syscall_return() iavf: Fix adminq error handling clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks netfilter: nf_tables: really skip inactive sets when allocating name powerpc/pci: Fix get_phb_number() locking net: dsa: mv88e6060: prevent crash on an unused port net: moxa: pass pdev instead of ndev to DMA functions net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry ice: Ignore EEXIST when setting promisc mode i40e: Fix to stop tx_timeout recovery if GLOBR fails fec: Fix timer capture timing in `fec_ptp_enable_pps()` igb: Add lock to avoid data race gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file locking/atomic: Make test_and_*_bit() ordered on failure drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() PCI: Add ACS quirk for Broadcom BCM5750x NICs usb: cdns3 fix use-after-free at workaround 2 usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info irqchip/tegra: Fix overflow implicit truncation warnings drm/meson: Fix overflow implicit truncation warnings usb: host: ohci-ppc-of: Fix refcount leak bug usb: renesas: Fix refcount leak bug vboxguest: Do not use devm for irq clk: qcom: ipq8074: dont disable gcc_sleep_clk_src scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input gadgetfs: ep_io - wait until IRQ finishes cxl: Fix a memory leak in an error handling path PCI/ACPI: Guard ARM64-specific mcfg_quirks um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups selftests/kprobe: Do not test for GRP/ without event failures dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown drivers:md:fix a potential use-after-free bug ext4: avoid remove directory when directory is corrupted ext4: avoid resizing to a partial cluster size lib/list_debug.c: Detect uninitialized lists tty: serial: Fix refcount leak bug in ucc_uart.c vfio: Clear the caps->buf to NULL after free mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start riscv: mmap with PROT_WRITE but no PROT_READ is invalid RISC-V: Add fast call path of crash_kexec() watchdog: export lockup_detector_reconfigure powerpc/32: Don't always pass -mcpu=powerpc to the compiler ALSA: core: Add async signal helpers ALSA: timer: Use deferred fasync helper f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() smb3: check xattr value length earlier powerpc/64: Init jump labels before parse_early_param() video: fbdev: i740fb: Check the argument of i740_calc_vclk() MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 tracing/probes: Have kprobes and uprobes use $COMM too can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() can: j1939: j1939_session_destroy(): fix memory leak of skbs btrfs: only write the sectors in the vertical stripe which has data stripes btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() Linux 5.4.211 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I509fd58b7896bfeaa41497f558a2bfc079e46656 |
||
Miaohe Lin
|
38403d143d |
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
[ Upstream commit 7f82f922319ede486540e8746769865b9508d2c2 ] Since the beginning, charged is set to 0 to avoid calling vm_unacct_memory twice because vm_unacct_memory will be called by above unmap_region. But since commit |
||
|
Srinivasarao Pathipati
|
630e7df8c5 |
Merge android11-5.4.197+ (3970bc6) into msm-5.4
* refs/heads/tmp-3970bc6:
UPSTREAM: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls
ANDROID: abi_gki_aarch64_qcom: Add vmemdup_user to qcom symbol list
ANDROID: GKI: update Sony KMI symbol list
UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
BACKPORT: mm: do_wp_page() simplification
UPSTREAM: mm/ksm: Remove reuse_ksm_page()
BACKPORT: ALSA: pcm: Fix races among concurrent prealloc proc writes
BACKPORT: ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
BACKPORT: ALSA: pcm: Fix races among concurrent read/write and buffer changes
ANDROID: Fix up abi issue with struct snd_pcm_runtime
BACKPORT: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
BACKPORT: nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
Linux 5.4.197
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
NFSD: Fix possible sleep during nfsd4_release_lockowner()
NFS: Memory allocation failures are not server fatal errors
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
HID: multitouch: Add support for Google Whiskers Touchpad
raid5: introduce MD_BROKEN
dm verity: set DM_TARGET_IMMUTABLE feature flag
dm stats: add cond_resched when looping over entries
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
zsmalloc: fix races between asynchronous zspage free and page migration
crypto: ecrdsa - Fix incorrect use of vli_cmp
netfilter: conntrack: re-fetch conntrack after insertion
exec: Force single empty string when argv is empty
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
cfg80211: set custom regdomain after wiphy registration
assoc_array: Fix BUG_ON during garbage collect
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
net: af_key: check encryption module availability consistency
pinctrl: sunxi: fix f1c100s uart2 function
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
media: vim2m: initialize the media device earlier
media: vim2m: Register video device after setting up internals
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: change source port randomizarion at connect() time
Input: goodix - fix spurious key release events
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
lockdown: also lock down previous kgdb use
Linux 5.4.196
afs: Fix afs_getattr() to refetch file status if callback break occurred
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
x86/xen: fix booting 32-bit pv guest
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
firmware_loader: use kernel credentials when reading firmware
net: stmmac: disable Split Header (SPH) for Intel platforms
block: return ELEVATOR_DISCARD_MERGE if possible
Input: ili210x - fix reset timing
net: atlantic: verify hw_head_ lies within TX buffer ring
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
selftests: add ping test with ping_group_range tuned
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
net: af_key: add check for pfkey_broadcast in function pfkey_process
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
ice: fix possible under reporting of ethtool Tx and Rx statistics
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net/sched: act_pedit: sanitize shift argument before usage
net: macb: Increment rx bd head after allocating skb and buffer
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
KVM: x86/mmu: Update number of zapped pages even if page list is stable
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
Fix double fget() in vhost_net_set_backend()
perf: Fix sys_perf_event_open() race against self
ALSA: wavefront: Proper check of get_user() error
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
SUNRPC: Don't call connect() more than once on a TCP socket
SUNRPC: Prevent immediate close+reconnect
SUNRPC: Clean up scheduling of autoclose
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
nvme-multipath: fix hang when disk goes live over reconnect
ALSA: hda/realtek: Enable headset mic on Lenovo P360
crypto: x86/chacha20 - Avoid spurious jumps to other functions
crypto: stm32 - fix reference leak in stm32_crc_remove
Input: stmfts - fix reference leak in stmfts_input_open
Input: add bounds checking to input_set_capability()
um: Cleanup syscall_handler_t definition/cast, fix warning
rtc: fix use-after-free on device removal
x86/xen: Make the secondary CPU idle tasks reliable
x86/xen: Make the boot CPU idle task reliable
floppy: use a statically allocated error counter
ANDROID: fix up abi issue with struct snd_pcm_runtime
Linux 5.4.195
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
ping: fix address binding wrt vrf
arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
net: phy: Fix race condition on link status change
MIPS: fix build with gcc-12
drm/vmwgfx: Initialize drm_mode_fb_cmd2
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
i40e: i40e_main: fix a missing check on list iterator
drm/nouveau/tegra: Stop using iommu_present()
serial: 8250_mtk: Fix register address for XON/XOFF character
serial: 8250_mtk: Fix UART_EFR register address
slimbus: qcom: Fix IRQ check in qcom_slim_probe
USB: serial: option: add Fibocom MA510 modem
USB: serial: option: add Fibocom L610 modem
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: pl2303: add device id for HP LM930 Display
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: cdc-wdm: fix reading stuck on device close
tty: n_gsm: fix mux activation issues in gsm_config()
tcp: resalt the secret every 10 seconds
net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
s390: disable -Warray-bounds
ASoC: ops: Validate input values in snd_soc_put_volsw_range()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: max98090: Reject invalid values in custom control put()
hwmon: (f71882fg) Fix negative temperature
gfs2: Fix filesystem block deallocation for short writes
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net/sched: act_pedit: really ensure the skb is writable
s390/lcs: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/ctcm: fix variable dereferenced before check
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
dim: initialize all struct fields
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
netlink: do not reset transport header in netlink_recvmsg()
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
ipv4: drop dst in multicast routing path
net: Fix features skip in for_each_netdev_feature()
mac80211: Reset MBSSID parameters upon connection
hwmon: (tmp401) Add OF device ID table
batman-adv: Don't skb_split skbuffs with frag_list
Linux 5.4.194
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: fix missing cache flush for all tail pages of compound page
Bluetooth: Fix the creation of hdev->name
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
x86: kprobes: Prohibit probing on instruction which has emulate prefix
x86: xen: insn: Decode Xen and KVM emulate-prefix signature
x86: xen: kvm: Gather the definition of emulate prefixes
x86/asm: Allow to pass macros to __ASM_FORM()
KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
can: grcan: only use the NAPI poll budget for RX
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
nfp: bpf: silence bitwise vs. logical OR warning
drm/i915: Cast remain to unsigned long in eb_relocate_vma
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
MIPS: Use address-of operator on section symbols
ANDROID: GKI: update the abi .xml file
Revert "tcp: ensure to use the most recently sent skb when filling the rate sample"
Linux 5.4.193
mmc: rtsx: add 74 Clocks in power on flow
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Clear all MSIs at setup
dm: interlock pending dm_io and dm_wait_for_bios_completion
dm: fix mempool NULL pointer race when completing IO
tcp: make sure treq->af_specific is initialized
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
mm: fix unexpected zeroed page mapping with zram swap
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
net: ipv6: ensure we call ipv6_mc_down() at most once
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
NFSv4: Don't invalidate inode attributes on delegation return
drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
btrfs: always log symlinks in full mode
smsc911x: allow using IRQ0
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
net: emaclite: Add error handling for of_address_to_resource()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
RDMA/siw: Fix a condition race issue in MPA request processing
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
hwmon: (adt7470) Fix warning on module removal
NFC: netlink: fix sleep in atomic bug when firmware download timeout
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
nfc: replace improper check device_is_registered() in netlink related functions
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_close(): fix deadlock
s390/dasd: Fix read inconsistency for ESE DASD devices
s390/dasd: Fix read for ESE with blksize < 4k
s390/dasd: prevent double format of tracks for ESE devices
s390/dasd: fix data corruption for ESE devices
ASoC: meson: Fix event generation for G12A tohdmi mux
ASoC: wm8958: Fix change notifications for DSP controls
ASoC: da7219: Fix change notifications for tone generator frequency
genirq: Synchronize interrupt thread startup
ACPICA: Always create namespace nodes using acpi_ns_create_node()
firewire: core: extend card->lock in fw_core_handle_bus_reset
firewire: remove check of list iterator against head past the loop body
firewire: fix potential uaf in outbound_phy_packet_callback()
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
parisc: Merge model and model name into one line in /proc/cpuinfo
MIPS: Fix CP0 counter erratum detection for R4k CPUs
Linux 5.4.192
mm, hugetlb: allow for "high" userspace addresses
hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix insufficient txframe size
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix malformed counter for out of frame data
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
x86/cpu: Load microcode during restore_processor_state()
net: ethernet: stmmac: fix write to sgmii_adapter_base
drivers: net: hippi: Fix deadlock in rr_close()
cifs: destage any unwritten data to the server before calling copychunk_write
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ASoC: wm8731: Disable the regulator when probing fails
tcp: fix F-RTO may not work correctly when receiving DSACK
ixgbe: ensure IPsec VF<->PF compatibility
bnx2x: fix napi API usage sequence
tls: Skip tls_append_frag on zero copy size
drm/amd/display: Fix memory leak in dcn21_clock_source_create
net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
net: bcmgenet: hide status block before TX timestamping
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
ip_gre: Make o_seqno start from 0 in native mode
net/smc: sync err code when tcp connection was refused
net: hns3: add validity check for message data length
cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
pinctrl: pistachio: fix use of irq_of_parse_and_map()
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
ARM: dts: imx6ull-colibri: fix vqmmc regulator
sctp: check asoc strreset_chunk in sctp_generate_reconf_event
tcp: ensure to use the most recently sent skb when filling the rate sample
tcp: md5: incorrect tcp_header_len for incoming connections
bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
mtd: rawnand: Fix return value check of wait_for_completion_timeout
ipvs: correctly print the memory size of ip_vs_conn_tab
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ARM: dts: am3517-evm: Fix misc pinmuxing
ARM: dts: Fix mmc order for omap3-gta04
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
USB: Fix xhci event ring dequeue pointer ERDP update issue
mtd: rawnand: fix ecc parameters for mt7622
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
video: fbdev: udlfb: properly check endpoint type
hex2bin: fix access beyond string end
hex2bin: make the function hex_to_bin constant-time
arch_topology: Do not set llc_sibling if llc_id is invalid
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
serial: 8250: Also set sticky MCR bits in console restoration
serial: imx: fix overrun interrupts in DMA mode
usb: dwc3: gadget: Return proper request status
usb: dwc3: core: Fix tx/rx threshold settings
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: typec: ucsi: Fix role swapping
usb: misc: fix improper handling of refcount in uss720_probe()
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: dac: ad5446: Fix read_raw not returning set value
iio: dac: ad5592r: Fix the missing return value.
xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
xhci: stop polling roothubs after shutdown
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
USB: quirks: add STRING quirk for VCOM device
USB: quirks: add a Realtek card reader
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
lightnvm: disable the subsystem
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
floppy: disable FDRAWCMD by default
Conflicts:
drivers/usb/dwc3/gadget.c
include/linux/dma-mapping.h
include/linux/stmmac.h
mm/memory.c
Change-Id: I3bf49e11ae4aeaf1db353efbdfee950cd12de8cf
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
|
Srinivasarao Pathipati
|
a965799388 |
Merge android11-5.4.191+ (375c2e2) into msm-5.4
* refs/heads/tmp-375c2e2:
Revert "oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup"
Linux 5.4.191
Revert "net: micrel: fix KS8851_MLL Kconfig"
block/compat_ioctl: fix range check in BLKGETSIZE
staging: ion: Prevent incorrect reference counting behavour
spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
jbd2: fix a potential race while discarding reserved buffers after an abort
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4, doc: fix incorrect h_reserved size
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ext4: fix use-after-free in ext4_search_dir
ext4: fix symlink file size not match to file content
arm_pmu: Validate single/group leader events
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
xtensa: fix a7 clobbering in coprocessor context load/store
xtensa: patch_text: Fixup last cpu should be master
powerpc/perf: Fix power9 event alternatives
drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
KVM: PPC: Fix TCE handling for VFIO
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
EDAC/synopsys: Read the error count from the correct register
stat: fix inconsistency between struct stat and struct compat_stat
scsi: qedi: Fix failed disconnect handling
net: macb: Restart tx only if queue pointer is lagging
drm/msm/mdp5: check the return of kzalloc()
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
mt76: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
reset: tegra-bpmp: Restore Handle errors in BPMP response
ARM: vexpress/spc: Avoid negative array index when !SMP
selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
netlink: reset network and mac headers in netlink_dump()
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
net/sched: cls_u32: fix possible leak in u32_init_knode()
net/packet: fix packet_sock xmit return value checking
net/smc: Fix sock leak when release after smc_shutdown()
rxrpc: Restore removed timer deletion
igc: Fix BUG: scheduling while atomic
igc: Fix infinite loop in release_swfw_sync
dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
ALSA: usb-audio: Clear MIDI port active flag after draining
tcp: Fix potential use-after-free due to double kfree()
net/sched: cls_u32: fix netns refcount changes in u32_change()
tcp: fix race condition when creating child sockets from syncookies
gfs2: assign rgrp glock before compute_bitstructs
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
tracing: Dump stacktrace trigger to the corresponding instance
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 5.4.190
ax25: Fix UAF bugs in ax25 timers
ax25: Fix NULL pointer dereferences in ax25 timers
ax25: fix NPD bug in ax25_disconnect
ax25: fix UAF bug in ax25_send_control()
ax25: Fix refcount leaks caused by ax25_cb_del()
ax25: fix UAF bugs of net_device caused by rebinding operation
ax25: fix reference count leaks of ax25_dev
ax25: add refcount in ax25_dev to avoid UAF bugs
dma-direct: avoid redundant memory sync for swiotlb
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
dm integrity: fix memory corruption when tag_size is less than digest size
ARM: davinci: da850-evm: Avoid NULL pointer dereference
tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
genirq/affinity: Consider that CPUs on nodes can be unbalanced
drm/amd/display: don't ignore alpha property on pre-multiplied mode
ipv6: fix panic when forwarding a pkt with no in6 dev
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
btrfs: mark resumed async balance as writing
btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
ath9k: Fix usage of driver-private space in tx_info
ath9k: Properly clear TX status area before reporting to mac80211
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
scsi: mvsas: Add PCI ID of RocketRaid 2640
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
drm/amd/display: Fix allocate_mst_payload assert on resume
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
arm64: alternatives: mark patch_alternative() as `noinstr`
regulator: wm8994: Add an off-on delay for WM8994 variant
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amdkfd: Fix Incorrect VMIDs passed to HWS
drm/amd/display: Update VTEM Infopacket definition
drm/amd/display: fix audio format not updated after edid updated
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
sctp: Initialize daddr on peeled off socket
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
cfg80211: hold bss_lock while updating nontrans_list
net/sched: taprio: Check if socket flags are valid
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
net/sched: fix initialization order when updating chain 0 head
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
veth: Ensure eth header is in skb's linear part
net/sched: flower: fix parsing of ethertype following VLAN header
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
ANDROID: GKI: fix crc issue with commit
|
||
|
Greg Kroah-Hartman
|
aa172204d5 |
This is the 5.4.192 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJ4vNYACgkQONu9yGCS aT7xvw//e6m5llwO0aXOVFLca2TvAdN1L3shREY57P2TgNejrmrdFzYXu+6AE+ia MhdcQL5LphFB1lIfSM/MKYFgmOVYkYpjz4AM+rqPPAv99sj0lAWslppJQAPU4a/O V2qyKzj9f78ojr9TacgooCqwuHaJtrhXKBrjG18UTmHgcFV5hDTNtIwVWxG8NF5R /ma/nY62kwzTvu2e4Ic+7LgKqhFkndQ/N9uB9owJ5IzJOE68Rzj1AWklbb1AMI4+ wv0J2WO+fZRiA0q9WT88G/ZJKpXLdEO7VwiarXFeBfIHTi0RsOp7SSpKkgk0QxtV K4SBUl44ma3v5vlKprN18mNZxoJ3fu88UZSSPDfnms/gGzKIlLedsb02Er4qC6wb EAiSuOzjEOwqh5BCRiaUgrWGyN4DQ+qrtDVRwrJ4NV6EAQ3ASehm5jevxotRuZ+M g1nqnIJVtx0jpXjPhUTxTNC1pswQo6ZpTqKB0TNtoBvp24x2y3HmMNJDS+1noCAg r4KSrO+DQ7gxrjqJiewpFUSbeXDyRkUyqbyYLqmXkRYdzGN0YuSchzY0xRoqW0hS tCW8yYpki2a1IwOiEoEfLMaudKVEeiYbDisD58wTVjNG7k5A3UCyZ3btigg9FbOq w76VJH6tZPePcYpmoI0XH0vzgmESd6gK4c/8EB9yH2gyfSwRIiM= =eySc -----END PGP SIGNATURE----- Merge 5.4.192 into android11-5.4-lts Changes in 5.4.192 floppy: disable FDRAWCMD by default hamradio: defer 6pack kfree after unregister_netdev hamradio: remove needs_free_netdev to avoid UAF lightnvm: disable the subsystem usb: mtu3: fix USB 3.0 dual-role-switch from device to host USB: quirks: add a Realtek card reader USB: quirks: add STRING quirk for VCOM device USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader USB: serial: option: add support for Cinterion MV32-WA/MV32-WB USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions xhci: stop polling roothubs after shutdown xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms iio: dac: ad5592r: Fix the missing return value. iio: dac: ad5446: Fix read_raw not returning set value iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() usb: misc: fix improper handling of refcount in uss720_probe() usb: typec: ucsi: Fix role swapping usb: gadget: uvc: Fix crash when encoding data for usb request usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() usb: dwc3: core: Fix tx/rx threshold settings usb: dwc3: gadget: Return proper request status serial: imx: fix overrun interrupts in DMA mode serial: 8250: Also set sticky MCR bits in console restoration serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device arch_topology: Do not set llc_sibling if llc_id is invalid hex2bin: make the function hex_to_bin constant-time hex2bin: fix access beyond string end video: fbdev: udlfb: properly check endpoint type arm64: dts: meson: remove CPU opps below 1GHz for G12B boards arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards mtd: rawnand: fix ecc parameters for mt7622 USB: Fix xhci event ring dequeue pointer ERDP update issue ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe phy: samsung: exynos5250-sata: fix missing device put in probe error paths ARM: OMAP2+: Fix refcount leak in omap_gic_of_init phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe ARM: dts: Fix mmc order for omap3-gta04 ARM: dts: am3517-evm: Fix misc pinmuxing ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 ipvs: correctly print the memory size of ip_vs_conn_tab mtd: rawnand: Fix return value check of wait_for_completion_timeout bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook tcp: md5: incorrect tcp_header_len for incoming connections tcp: ensure to use the most recently sent skb when filling the rate sample sctp: check asoc strreset_chunk in sctp_generate_reconf_event ARM: dts: imx6ull-colibri: fix vqmmc regulator arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock pinctrl: pistachio: fix use of irq_of_parse_and_map() cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe net: hns3: add validity check for message data length net/smc: sync err code when tcp connection was refused ip_gre: Make o_seqno start from 0 in native mode tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() net: bcmgenet: hide status block before TX timestamping net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK drm/amd/display: Fix memory leak in dcn21_clock_source_create tls: Skip tls_append_frag on zero copy size bnx2x: fix napi API usage sequence ixgbe: ensure IPsec VF<->PF compatibility tcp: fix F-RTO may not work correctly when receiving DSACK ASoC: wm8731: Disable the regulator when probing fails ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit() x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 cifs: destage any unwritten data to the server before calling copychunk_write drivers: net: hippi: Fix deadlock in rr_close() net: ethernet: stmmac: fix write to sgmii_adapter_base x86/cpu: Load microcode during restore_processor_state() tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 tty: n_gsm: fix malformed counter for out of frame data netfilter: nft_socket: only do sk lookups when indev is available tty: n_gsm: fix insufficient txframe size tty: n_gsm: fix missing explicit ldisc flush tty: n_gsm: fix wrong command retry handling tty: n_gsm: fix wrong command frame length field encoding tty: n_gsm: fix incorrect UA handling hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs mm, hugetlb: allow for "high" userspace addresses Linux 5.4.192 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I151e1623022f3629b0cec0685db3ea08c62ab95d |
||
Christophe Leroy
|
aa2a047b58 |
mm, hugetlb: allow for "high" userspace addresses
commit 5f24d5a579d1eace79d505b148808a850b417d4c upstream. This is a fix for commit |
||
|
Greg Kroah-Hartman
|
023cd1cf3f |
This is the 5.4.189 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJZYqcACgkQONu9yGCS
aT51cA/+PXr+24MJMwa0PyLuQO9YScRAu/4E8PtEkumpj5dA9FuWJCcuNwO9cmNp
YM6IdGGbHfW+JRsX3wLAothut1ID9hfl+Y2tpBFJacS7E5ezgzoiAF1ke8RsBxd/
s+sRwZqRfSVoVmwYGj9/SwXLzJJTdPwY/FwXUdsyxxkn8u99YmAURlNUZdv0+KWs
vmAvS6mj4M4GfazS9FfBhnUVMcxbDgY0/rNlek2rMQi1ValvrYeNBATjKMI/NrkR
/bRTplCezuDFDw82IqQfiqGQ71mMbpYFXxkbdXsJj3nhIJ1AimWRQhLRg/TqJOi4
0Hhx3cEk/5hs/22VBN9sIYIAbJr+z7Kr9gnhltAETPOrv0s9w9fnJARve5GlwSHV
yKBm3Pfq0+abAQ2urnsmiHFvMMzFaiNuWe98TOF0BHkJbwMSFQpgFtp0yWx2bgMf
Svx/rEXzd2Cx0h5X4dHAMykPqsJAek0qIb4MgOPAEpuZWLZ09xfXOeVc8lTbHG22
y/HfKE+4FMTw8tsAe/7E7xP+yjosPrAq8De2ymMo9NGDFxT8I9ro+gkqwMWwC+yi
trYDVFEX3NNIEG9D6Oh+eP2nY97U898wCI1GFU18J9zOPQsw4peHSS8xPW7vLbqy
zrzOxMKW+2khSwj/wFlSXRaj3pogP5/y4jaAXpMSse0Zb3Neu2U=
=p4tc
-----END PGP SIGNATURE-----
Merge 5.4.189 into android11-5.4-lts
Changes in 5.4.189
swiotlb: fix info leak with DMA_FROM_DEVICE
USB: serial: pl2303: add IBM device IDs
USB: serial: simple: add Nokia phone driver
netdevice: add the case if dev is NULL
HID: logitech-dj: add new lightspeed receiver id
xfrm: fix tunnel model fragmentation behavior
virtio_console: break out of buf poll on remove
ethernet: sun: Free the coherent when failing in probing
spi: Fix invalid sgs value
net:mcf8390: Use platform_get_irq() to get the interrupt
spi: Fix erroneous sgs value with min_t()
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
net: dsa: microchip: add spi_device_id tables
iommu/iova: Improve 32-bit free space estimate
tpm: fix reference counting for struct tpm_chip
block: Add a helper to validate the block size
virtio-blk: Use blk_validate_block_size() to validate block size
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
xhci: fix runtime PM imbalance in USB2 resume
xhci: make xhci_handshake timeout for xhci_reset() adjustable
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
coresight: Fix TRCCONFIGR.QE sysfs interface
iio: afe: rescale: use s64 for temporary scale calculations
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: make a best effort on offset calculation
greybus: svc: fix an error handling bug in gb_svc_hello()
clk: uniphier: Fix fixed-rate initialization
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
KEYS: fix length validation in keyctl_pkey_params_get_2()
Documentation: add link to stable release candidate tree
Documentation: update stable tree link
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
SUNRPC: avoid race between mod_timer() and del_timer_sync()
NFSD: prevent underflow in nfssvc_decode_writeargs()
NFSD: prevent integer overflow on 32 bit systems
f2fs: fix to unlock page correctly in error path of is_alive()
f2fs: quota: fix loop condition at f2fs_quota_sync()
f2fs: fix to do sanity check on .cp_pack_total_block_count
pinctrl: samsung: drop pin banks references on error paths
spi: mxic: Fix the transmit path
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix memory leak in jffs2_scan_medium
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
mm: invalidate hwpoison page cache page in fault path
mempolicy: mbind_range() set_policy() after vma_merge()
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
qed: display VF trust config
qed: validate and restrict untrusted VFs vlan promisc mode
riscv: Fix fill_callchain return value
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
ALSA: cs4236: fix an incorrect NULL check on list iterator
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
mm,hwpoison: unmap poisoned page before invalidation
mm/kmemleak: reset tag when compare object pointer
drbd: fix potential silent data corruption
powerpc/kvm: Fix kvm_use_magic_page
udp: call udp_encap_enable for v6 sockets when enabling encap
ACPI: properties: Consistently return -ENOENT if there are no more references
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
mailbox: tegra-hsp: Flush whole channel
block: don't merge across cgroup boundaries if blkcg is enabled
drm/edid: check basic audio support on CEA extension block
video: fbdev: sm712fb: Fix crash in smtcfb_read()
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
carl9170: fix missing bit-wise or operator for tx_params
thermal: int340x: Increase bitmap size
lib/raid6/test: fix multiple definition linking error
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
crypto: rsa-pkcs1pad - restore signature length check
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
DEC: Limit PMAX memory probing to R3k systems
media: davinci: vpif: fix unbalanced runtime PM get
xtensa: fix stop_machine_cpuslocked call in patch_text
xtensa: fix xtensa_wsr always writing 0
brcmfmac: firmware: Allocate space for default boardrev in nvram
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: pcie: Fix crashes due to early IRQs
PCI: pciehp: Clear cmd_busy bit in polling mode
regulator: qcom_smd: fix for_each_child.cocci warnings
crypto: authenc - Fix sleep in atomic context in decrypt_tail
crypto: mxs-dcp - Fix scatterlist processing
spi: tegra114: Add missing IRQ check in tegra_spi_probe
selftests/x86: Add validity check and allow field splitting
audit: log AUDIT_TIME_* records only from rules
crypto: ccree - don't attempt 0 len DMA mappings
spi: pxa2xx-pci: Balance reference count for PCI DMA device
hwmon: (pmbus) Add mutex to regulator ops
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
block: don't delete queue kobject before its children
PM: hibernate: fix __setup handler error handling
PM: suspend: fix return value of __setup handler
hwrng: atmel - disable trng on failure path
crypto: vmx - add missing dependencies
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
ACPI: APEI: fix return value of __setup handlers
crypto: ccp - ccp_dmaengine_unregister release dma channels
hwmon: (pmbus) Add Vin unit off handling
clocksource: acpi_pm: fix return value of __setup handler
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
perf/core: Fix address filter parser for multiple filters
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
f2fs: fix missing free nid in f2fs_handle_failed_inode
f2fs: fix to avoid potential deadlock
media: bttv: fix WARNING regression on tunerless devices
media: coda: Fix missing put_device() call in coda_get_vdoa_data
media: hantro: Fix overfill bottom register field name
media: aspeed: Correct value for h-total-pixels
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
ARM: dts: qcom: ipq4019: fix sleep clock
soc: qcom: rpmpd: Check for null return of devm_kcalloc
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: imx: Add missing LVDS decoder on M53Menlo
media: video/hdmi: handle short reads of hdmi info frame.
media: em28xx: initialize refcount before kref_get
media: usb: go7007: s2250-board: fix leak in probe()
uaccess: fix nios2 and microblaze get_user_8()
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
ASoC: ti: davinci-i2s: Add check for clk_enable()
ALSA: spi: Add check for clk_enable()
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
arm64: dts: broadcom: Fix sata nodename
printk: fix return value of printk.devkmsg __setup handler
ASoC: mxs-saif: Handle errors for clk_enable
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: soc-compress: prevent the potentially use of null pointer
memory: emif: Add check for setup_interrupts
memory: emif: check the pointer temp in get_device_details()
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: fsi: Add check for clk_enable
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ivtv: fix incorrect device_caps for ivtvfb
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
mmc: davinci_mmc: Handle error for clk_enable
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
udmabuf: validate ubuf->pagecount
Bluetooth: hci_serdev: call init_rwsem() before p->open()
mtd: onenand: Check for error irq
mtd: rawnand: gpmi: fix controller timings setting
drm/edid: Don't clear formats if using deep color
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
ath9k_htc: fix uninit value bugs
KVM: PPC: Fix vmx/vsx mixup in mmio emulation
i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
ray_cs: Check ioremap return value
powerpc/perf: Don't use perf_hw_context for trace IMC PMU
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
net: dsa: mv88e6xxx: Enable port policy support on 6097
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
iommu/ipmmu-vmsa: Check for error num after setting mask
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
IB/cma: Allow XRC INI QPs to set their local ACK timeout
dax: make sure inodes are flushed before destroy cache
iwlwifi: Fix -EIO error code that is never returned
iwlwifi: mvm: Fix an error code in iwl_mvm_up()
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix abort all task initialization
drm/amd/display: Remove vupdate_int_entry definition
TOMOYO: fix __setup handlers return values
ext2: correct max file size computing
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
scsi: hisi_sas: Change permission of parameter prot_mask
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
bpf, arm64: Call build_prologue() first in first JIT pass
bpf, arm64: Feed byte-offset into bpf line info
libbpf: Skip forward declaration when counting duplicated type names
powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
KVM: x86: Fix emulation in writing cr8
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
hv_balloon: rate-limit "Unhandled message" warning
i2c: xiic: Make bus names unique
power: supply: wm8350-power: Handle error for wm8350_register_irq
power: supply: wm8350-power: Add missing free in free_charger_irq
PCI: Reduce warnings on possible RW1C corruption
mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
powerpc/sysdev: fix incorrect use to determine if list is empty
mfd: mc13xxx: Add check for mc13xxx_irq_request
selftests/bpf: Make test_lwt_ip_encap more stable and faster
powerpc: 8xx: fix a return value error in mpc8xx_pic_init
vxcan: enable local echo for sent CAN frames
MIPS: RB532: fix return value of __setup handler
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix more uncharged while msg has more_data
bpf, sockmap: Fix double uncharge the mem of sk_msg
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
af_netlink: Fix shift out of bounds in group mask calculation
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
selftests/bpf/test_lirc_mode2.sh: Exit with proper code
tcp: ensure PMTU updates are processed during fastopen
openvswitch: always update flow key after nat
tipc: fix the timer expires after interval 100ms
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
mxser: fix xmit_buf leak in activate when LSR == 0xff
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
misc: alcor_pci: Fix an error handling path
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
clk: qcom: ipq8074: Use floor ops for SDCC1 clock
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
serial: 8250_mid: Balance reference count for PCI DMA device
serial: 8250: Fix race condition in RTS-after-send handling
iio: adc: Add check for devm_request_threaded_irq
NFS: Return valid errors from nfs2/3_decode_dirent()
dma-debug: fix return value of __setup handlers
clk: imx7d: Remove audio_mclk_root_clk
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
clk: qcom: clk-rcg2: Update the frac table for pixel clock
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
clk: actions: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
clk: clps711x: Terminate clk_div_table with sentinel element
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
NFS: remove unneeded check in decode_devicenotify_args()
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
pinctrl: mediatek: paris: Fix pingroup pin config state readback
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
tty: hvc: fix return value of __setup handler
kgdboc: fix return value of __setup handler
kgdbts: fix return value of __setup handler
firmware: google: Properly state IOMEM dependency
driver core: dd: fix return value of __setup handler
jfs: fix divide error in dbNextAG
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
clk: qcom: gcc-msm8994: Fix gpll4 width
clk: Initialize orphan req_rate
xen: fix is_xen_pmu()
net: phy: broadcom: Fix brcm_fet_config_init()
selftests: test_vxlan_under_vrf: Fix broken test case
qlcnic: dcb: default to returning -EOPNOTSUPP
net/x25: Fix null-ptr-deref caused by x25_disconnect
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
lib/test: use after free in register_test_dev_kmod()
LSM: general protection fault in legacy_parse_param
gcc-plugins/stackleak: Exactly match strings instead of prefixes
pinctrl: npcm: Fix broken references to chip->parent_device
block, bfq: don't move oom_bfqq
selinux: use correct type for context length
loop: use sysfs_emit() in the sysfs xxx show()
Fix incorrect type in assignment of ipv6 port for audit
irqchip/qcom-pdc: Fix broken locking
irqchip/nvic: Release nvic_base upon failure
bfq: fix use-after-free in bfq_dispatch_request
ACPICA: Avoid walking the ACPI Namespace if it is not there
lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
Revert "Revert "block, bfq: honor already-setup queue merges""
ACPI/APEI: Limit printable size of BERT table data
PM: core: keep irq flags in device_pm_check_callbacks()
spi: tegra20: Use of_device_get_match_data()
ext4: don't BUG if someone dirty pages without asking ext4 first
ntfs: add sanity check on allocation size
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
video: fbdev: w100fb: Reset global state
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ASoC: madera: Add dependencies on MFD
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
ASoC: soc-core: skip zero num_dai component in searching dai name
media: cx88-mpeg: clear interrupt status register before streaming video
ARM: tegra: tamonten: Fix I2C3 pad setting
ARM: mmp: Fix failure to remove sram device
video: fbdev: sm712fb: Fix crash in smtcfb_write()
media: Revert "media: em28xx: add missing em28xx_close_extension"
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
ALSA: hda/realtek: Add alc256-samsung-headphone fixup
powerpc/lib/sstep: Fix 'sthcx' instruction
powerpc/lib/sstep: Fix build errors with newer binutils
powerpc: Fix build errors with newer binutils
scsi: qla2xxx: Fix stuck session in gpdb
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Fix device reconnect in loop topology
scsi: qla2xxx: Add devids and conditionals for 28xx
scsi: qla2xxx: Check for firmware dump already collected
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
scsi: qla2xxx: Fix disk failure to rediscover
scsi: qla2xxx: Fix incorrect reporting of task management failure
scsi: qla2xxx: Fix hang due to session stuck
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
scsi: qla2xxx: Fix N2N inconsistent PLOGI
scsi: qla2xxx: Reduce false trigger to login
scsi: qla2xxx: Use correct feature type field during RFF_ID processing
KVM: Prevent module exit until all VMs are freed
KVM: x86: fix sending PV IPI
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: rename_whiteout: correct old_dir size computing
XArray: Fix xas_create_range() when multi-order entry present
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
can: mcba_usb: properly check endpoint type
XArray: Update the LRU list in xas_split()
rtc: check if __rtc_read_time was successful
gfs2: Make sure FITRIM minlen is rounded up to fs block size
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
pinctrl: pinconf-generic: Print arguments for bias-pull-*
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ARM: iop32x: offset IRQ numbers by 1
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
powerpc/kasan: Fix early region not updated correctly
ASoC: soc-compress: Change the check for codec_dai
mm/mmap: return 1 from stack_guard_gap __setup() handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/usercopy: return 1 from hardened_usercopy __setup() handler
bpf: Fix comment for helper bpf_current_task_under_cgroup()
dt-bindings: mtd: nand-controller: Fix the reg property description
dt-bindings: mtd: nand-controller: Fix a comment in the examples
dt-bindings: spi: mxic: The interrupt property is not mandatory
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ASoC: topology: Allow TLV control to be either read or write
ARM: dts: spear1340: Update serial node properties
ARM: dts: spear13xx: Update SPI dma properties
um: Fix uml_mconsole stop/go
openvswitch: Fixed nd target mask field in the flow dump.
KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
ubifs: Rectify space amount budget for mkdir/tmpfile operations
rtc: wm8350: Handle error for wm8350_register_irq
riscv module: remove (NOLOAD)
ARM: 9187/1: JIVE: fix return value of __setup handler
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
drm: Add orientation quirk for GPD Win Max
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
ptp: replace snprintf with sysfs_emit
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
bpf: Make dst_port field in struct bpf_sock 16-bit wide
scsi: mvsas: Replace snprintf() with sysfs_emit()
scsi: bfa: Replace snprintf() with sysfs_emit()
power: supply: axp20x_battery: properly report current when discharging
ipv6: make mc_forwarding atomic
powerpc: Set crashkernel offset to mid of RMA region
drm/amdgpu: Fix recursive locking warning
PCI: aardvark: Fix support for MSI interrupts
iommu/arm-smmu-v3: fix event handling soft lockup
usb: ehci: add pci device support for Aspeed platforms
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
power: supply: axp288-charger: Set Vhold to 4.4V
ipv4: Invalidate neighbour for broadcast address upon address addition
dm ioctl: prevent potential spectre v1 gadget
drm/amdkfd: make CRAT table missing message informational only
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
scsi: aha152x: Fix aha152x_setup() __setup handler return value
net/smc: correct settings of RMB window update limit
mips: ralink: fix a refcount leak in ill_acc_of_setup()
macvtap: advertise link netns via netlink
tuntap: add sanity checks about msg_controllen in sendmsg
bnxt_en: Eliminate unintended link toggle during FW reset
MIPS: fix fortify panic when copying asm exception handlers
scsi: libfc: Fix use after free in fc_exch_abts_resp()
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
xtensa: fix DTC warning unit_address_format
Bluetooth: Fix use after free in hci_send_acl
netlabel: fix out-of-bounds memory accesses
init/main.c: return 1 from handled __setup() functions
minix: fix bug when opening a file with O_DIRECT
clk: si5341: fix reported clk_rate when output divider is 2
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
NFSv4: Protect the state recovery thread against direct reclaim
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
clk: Enforce that disjoints limits are invalid
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
NFS: swap IO handling is slightly different for O_DIRECT IO
NFS: swap-out must always use STABLE writes.
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
virtio_console: eliminate anonymous module_init & module_exit
jfs: prevent NULL deref in diFree
SUNRPC: Fix socket waits for write buffer space
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
parisc: Fix patch code locking and flushing
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
Drivers: hv: vmbus: Fix potential crash on module unload
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
net/tls: fix slab-out-of-bounds bug in decrypt_internal
net: ipv4: fix route with nexthop object delete warning
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
drm/imx: Fix memory leak in imx_pd_connector_get_modes
bnxt_en: reserve space inside receive page for skb_shared_info
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
ipv6: Fix stats accounting in ip6_pkt_drop
net: openvswitch: don't send internal clone attribute to the userspace.
rxrpc: fix a race in rxrpc_exit_net()
qede: confirm skb is allocated before using
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
drbd: Fix five use after free bugs in get_initial_state
SUNRPC: Handle ENOMEM in call_transmit_status()
SUNRPC: Handle low memory situations in call_status()
perf tools: Fix perf's libperf_print callback
perf session: Remap buf if there is no space for event
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
lz4: fix LZ4_decompress_safe_partial read out of bound
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
mm/mempolicy: fix mpol_new leak in shared_policy_replace
x86/pm: Save the MSR validity status at context setup
x86/speculation: Restore speculation related MSRs during S3 resume
btrfs: fix qgroup reserve overflow the qgroup limit
arm64: patch_text: Fixup last cpu should be master
ata: sata_dwc_460ex: Fix crash due to OOB write
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
tools build: Filter out options and warnings not supported by clang
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
mmc: mmci_sdmmc: Replace sg_dma_xxx macros
mmc: mmci: stm32: correctly check all elements of sg list
mm: don't skip swap entry even if zap_details specified
arm64: module: remove (NOLOAD) from linker script
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
drm/amdkfd: add missing void argument to function kgd2kfd_init
drm/amdkfd: Fix -Wstrict-prototypes from amdgpu_amdkfd_gfx_10_0_get_functions()
io_uring: fix fs->users overflow
cgroup: Use open-time credentials for process migraton perm checks
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
cgroup: Use open-time cgroup namespace for process migration perm checks
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
selftests: cgroup: Test open-time credential usage for migration checks
selftests: cgroup: Test open-time cgroup namespace usage for migration checks
cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function
ACPI: processor idle: Check for architectural support for LPI
Linux 5.4.189
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If3564fc9b0854c215e077cf29dabd4d88de266eb
|
||
Randy Dunlap
|
2e16f48838 |
mm/mmap: return 1 from stack_guard_gap __setup() handler
commit e6d094936988910ce6e8197570f2753898830081 upstream.
__setup() handlers should return 1 if the command line option is handled
and 0 if not (or maybe never return 0; it just pollutes init's
environment). This prevents:
Unknown kernel command line parameters \
"BOOT_IMAGE=/boot/bzImage-517rc5 stack_guard_gap=100", will be \
passed to user space.
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
stack_guard_gap=100
Return 1 to indicate that the boot option has been handled.
Note that there is no warning message if someone enters:
stack_guard_gap=anything_invalid
and 'val' and stack_guard_gap are both set to 0 due to the use of
simple_strtoul(). This could be improved by using kstrtoxxx() and
checking for an error.
It appears that having stack_guard_gap == 0 is valid (if unexpected) since
using "stack_guard_gap=0" on the kernel command line does that.
Link: https://lkml.kernel.org/r/20220222005817.11087-1-rdunlap@infradead.org
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Fixes:
|
||
Vinayak Menon
|
f2c1ef71ed |
ANDROID: mm: use raw seqcount variants in vm_write_*
write_seqcount_begin expects to be called from a non-preemptible context to avoid preemption by a read section that can spin due to an odd value. But the readers of vm_sequence never retries and thus writers need not disable preemption. Use the non-lockdep variant as lockdep checks are now in-built to write_seqcount_begin. Bug: 161210518 Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> Change-Id: If4f0cddd7f0a79136495060d4acc1702abb46817 Git-commit: c9201630e8a53106406516ba40862e637c324480 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com> |
||
Srinivasarao P
|
b403cd66bd |
Merge android11-5.4.86+ (75c93eb) into msm-5.4
* refs/heads/tmp-75c93eb: Revert one chunk from |
||
|
Greg Kroah-Hartman
|
e772bef401 |
This is the 5.4.69 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl91u0cACgkQONu9yGCS aT7KmhAAvuW3edfAfzD/F5h4vHaa9rMRmtvp2/FwefBoE4LEi3F6p2gBrUZMA3ds DNQ8Nheafeqd63wFkfE//TXYR0rYTxTxa0jTrhtuJCUZ4+anRyG00fEbHPOxvMnJ aPwQQVNOfCaUAvRbFdQ4RbuIm5chhX8Bml0ZtqvsAAFJ9XkCh1UPF0VHtSrS7PRL lRMBlamLgZqU72naaJaFY2nMp+pvMFPZrzkR7tpv0Z1bqxuJp6L2n/EmcHpmTOJy Ze+Wvt1wKk8Ep5Vql5ekXt5lEiInjacwsJZXbb5HfHO++Y+1b+ABt1kSjJx+R3/q 2Qdztq+9Eoj0N1A4gXdVFoZHqKihhbD49k8YqX4qO5ujTzqgnNyHGSEXyIKvaU6z b3b12IvjbcMhM1zm3qvFfrVbbQI3kJf66zSi9NAwsZHlsvxRzslALR8I7mila4r5 fVOyfGoZxFs44FNW9JG7I85/isAxgg0ogYraMZbk8gmhTtb1ZaN+r7kJeXuTpzOg UBAIDYPclMyZeny6tn1/qFuzNGYQQ0R9kxFcTC21Cf2zNLWHNfwCL1vE3Ob+ROIS IHcsce6IqWQKGlD8UPjkZiXTLfqCAVi51PsGTVrnidXfa1IBOuvDsVqlghPsjHSD 30N4VB++9Gbw7LFEP4e33cOZLBLjDEdYd4VuoQFYywDZ3cy6xXo= =OoZD -----END PGP SIGNATURE----- Merge 5.4.69 into android11-5.4-lts Changes in 5.4.69 kernel/sysctl-test: Add null pointer test for sysctl.c:proc_dointvec() scsi: lpfc: Fix pt2pt discovery on SLI3 HBAs scsi: mpt3sas: Free diag buffer without any status check selinux: allow labeling before policy is loaded media: mc-device.c: fix memleak in media_device_register_entity drm/amd/display: Do not double-buffer DTO adjustments drm/amdkfd: Fix race in gfx10 context restore handler dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) scsi: qla2xxx: Add error handling for PLOGI ELS passthrough ath10k: fix array out-of-bounds access ath10k: fix memory leak for tpc_stats_final PCI/IOV: Serialize sysfs sriov_numvfs reads vs writes mm: fix double page fault on arm64 if PTE_AF is cleared scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl xfs: fix inode fork extent count overflow gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling soundwire: intel/cadence: fix startup sequence media: smiapp: Fix error handling at NVM reading drm/amd/display: Free gamma after calculating legacy transfer function xfs: properly serialise fallocate against AIO+DIO leds: mlxreg: Fix possible buffer overflow dm table: do not allow request-based DM to stack on partitions PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out scsi: fnic: fix use after free scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce powerpc/64s: Always disable branch profiling for prom_init.o net: silence data-races on sk_backlog.tail dax: Fix alloc_dax_region() compile warning iomap: Fix overflow in iomap_page_mkwrite f2fs: avoid kernel panic on corruption test clk/ti/adpll: allocate room for terminating null drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table ice: Fix to change Rx/Tx ring descriptor size via ethtool with DCBx mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table tpm_crb: fix fTPM on AMD Zen+ CPUs tracing: Verify if trace array exists before destroying it. tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails x86/kdump: Always reserve the low 1M when the crashkernel option is specified RDMA/qedr: Fix potential use after free RDMA/i40iw: Fix potential use after free PCI: Avoid double hpmemsize MMIO window assignment fix dget_parent() fastpath race xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' ubi: Fix producing anchor PEBs mmc: core: Fix size overflow for mmc partitions gfs2: clean up iopen glock mess in gfs2_create_inode scsi: pm80xx: Cleanup command when a reset times out mt76: do not use devm API for led classdev mt76: add missing locking around ampdu action debugfs: Fix !DEBUG_FS debugfs_create_automount SUNRPC: Capture completion of all RPC tasks CIFS: Use common error handling code in smb2_ioctl_query_info() CIFS: Properly process SMB3 lease breaks f2fs: stop GC when the victim becomes fully valid ASoC: max98090: remove msleep in PLL unlocked workaround xtensa: fix system_call interaction with ptrace s390: avoid misusing CALL_ON_STACK for task stack setup xfs: fix realtime file data space leak drm/amdgpu: fix calltrace during kmd unload(v3) arm64: insn: consistently handle exit text selftests/bpf: De-flake test_tcpbpf kernel/notifier.c: intercept duplicate registrations to avoid infinite loops kernel/sys.c: avoid copying possible padding bytes in copy_to_user KVM: arm/arm64: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() module: Remove accidental change of module_enable_x() xfs: fix log reservation overflows when allocating large rt extents ALSA: hda: enable regmap internal locking tipc: fix link overflow issue at socket shutdown vcc_seq_next should increase position index neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index ipv6_route_seq_next should increase position index drm/mcde: Handle pending vblank while disabling display seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier drm/scheduler: Avoid accessing freed bad job. media: ti-vpe: cal: Restrict DMA to avoid memory corruption opp: Replace list_kref with a local counter scsi: qla2xxx: Fix stuck session in GNL scsi: lpfc: Fix incomplete NVME discovery when target sctp: move trace_sctp_probe_path into sctp_outq_sack ACPI: EC: Reference count query handlers under lock scsi: ufs: Make ufshcd_add_command_trace() easier to read scsi: ufs: Fix a race condition in the tracing code drm/amd/display: Initialize DSC PPS variables to 0 i2c: tegra: Prevent interrupt triggering after transfer timeout btrfs: tree-checker: Check leaf chunk item size dmaengine: zynqmp_dma: fix burst length configuration s390/cpum_sf: Use kzalloc and minor changes nfsd: Fix a soft lockup race in nfsd_file_mark_find_or_create() powerpc/eeh: Only dump stack once if an MMIO loop is detected Bluetooth: btrtl: Use kvmalloc for FW allocations tracing: Set kernel_stack's caller size properly ARM: 8948/1: Prevent OOB access in stacktrace ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter ceph: ensure we have a new cap before continuing in fill_inode selftests/ftrace: fix glob selftest tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility Bluetooth: Fix refcount use-after-free issue mm/swapfile.c: swap_next should increase position index mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() nfsd: Fix a perf warning drm/amd/display: fix workaround for incorrect double buffer register for DLG ADL and TTU audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix release of hwq to clear the eq relationship scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak locking/lockdep: Decrement IRQ context counters when removing lock chain clk: stratix10: use do_div() for 64-bit calculation crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test mt76: clear skb pointers from rx aggregation reorder buffer during cleanup mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw ALSA: usb-audio: Don't create a mixer element with bogus volume range perf test: Fix test trace+probe_vfs_getname.sh on s390 RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event KVM: nVMX: Hold KVM's srcu lock when syncing vmcs12->shadow dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all media: staging/imx: Missing assignment in imx_media_capture_device_register() x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all dmaengine: tegra-apb: Prevent race conditions on channel's freeing soundwire: bus: disable pm_runtime in sdw_slave_delete drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic drm/omap: dss: Cleanup DSS ports on initialisation failure iavf: use tc_cls_can_offload_and_chain0() instead of chain check firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp random: fix data races at timer_rand_state bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal ASoC: SOF: ipc: check ipc return value before data copy media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() powerpc/book3s64: Fix error handling in mm_iommu_do_alloc() drm/amd/display: fix image corruption with ODM 2:1 DSC 2 slice ext4: fix a data race at inode->i_disksize perf jevents: Fix leak of mapfile memory mm: avoid data corruption on CoW fault into PFN-mapped VMA drm/amdgpu: increase atombios cmd timeout ARM: OMAP2+: Handle errors for cpu_pm drm/amd/display: Stop if retimer is not available clk: imx: Fix division by zero warning on pfdv2 cpu-topology: Fix the potential data corruption s390/irq: replace setup_irq() by request_irq() perf cs-etm: Swap packets for instruction samples perf cs-etm: Correct synthesizing instruction samples ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read scsi: aacraid: Disabling TM path and only processing IOP reset Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow tty: sifive: Finish transmission before changing the clock xfs: don't ever return a stale pointer from __xfs_dir3_free_read xfs: mark dir corrupt when lookup-by-hash fails ext4: mark block bitmap corrupted when found instead of BUGON tpm: ibmvtpm: Wait for buffer to be set before proceeding rtc: sa1100: fix possible race condition rtc: ds1374: fix possible race condition nfsd: Don't add locks to closed or closing open stateids RDMA/cm: Remove a race freeing timewait_info intel_th: Disallow multi mode on devices where it's broken KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones drm/msm: fix leaks if initialization fails drm/msm/a5xx: Always set an OPP supported hardware value tracing: Use address-of operator on section symbols thermal: rcar_thermal: Handle probe error gracefully KVM: LAPIC: Mark hrtimer for period or oneshot mode to expire in hard interrupt context perf parse-events: Fix 3 use after frees found with clang ASAN btrfs: do not init a reloc root if we aren't relocating btrfs: free the reloc_control in a consistent way r8169: improve RTL8168b FIFO overflow workaround serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout perf cpumap: Fix snprintf overflow check net: axienet: Convert DMA error handler to a work queue net: axienet: Propagate failure of DMA descriptor setup cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main exec: Add exec_update_mutex to replace cred_guard_mutex exec: Fix a deadlock in strace selftests/ptrace: add test cases for dead-locks kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve proc: Use new infrastructure to fix deadlocks in execve proc: io_accounting: Use new infrastructure to fix deadlocks in execve perf: Use new infrastructure to fix deadlocks in execve nvme-multipath: do not reset on unknown status nvme: Fix ctrl use-after-free during sysfs deletion nvme: Fix controller creation races with teardown flow brcmfmac: Fix double freeing in the fmac usb data path xfs: prohibit fs freezing when using empty transactions RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices IB/iser: Always check sig MR before putting it to the free pool scsi: hpsa: correct race condition in offload enabled SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses netfilter: nf_tables: silence a RCU-list warning in nft_table_lookup() PCI: Use ioremap(), not phys_to_virt() for platform ROM ubifs: ubifs_jnl_write_inode: Fix a memory leak bug ubifs: ubifs_add_orphan: Fix a memory leak bug ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor PCI: pciehp: Fix MSI interrupt race NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() drm/amdgpu/vcn2.0: stall DPG when WPTR/RPTR reset powerpc/perf: Implement a global lock to avoid races between trace, core and thread imc events. mm/kmemleak.c: use address-of operator on section symbols mm/filemap.c: clear page error before actual read mm/swapfile: fix data races in try_to_unuse() mm/vmscan.c: fix data races using kswapd_classzone_idx SUNRPC: Don't start a timer on an already queued rpc task nvmet-rdma: fix double free of rdma queue workqueue: Remove the warning in wq_worker_sleeping() drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area ALSA: hda: Skip controller resume if not needed scsi: qedi: Fix termination timeouts in session logout serial: uartps: Wait for tx_empty in console setup btrfs: fix setting last_trans for reloc roots KVM: Remove CREATE_IRQCHIP/SET_PIT2 race perf stat: Force error in fallback on :k events bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler KVM: arm64: vgic-v3: Retire all pending LPIs on vcpu destroy KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi() net: openvswitch: use u64 for meter bucket scsi: aacraid: Fix error handling paths in aac_probe_one() staging:r8188eu: avoid skb_clone for amsdu to msdu conversion sparc64: vcc: Fix error return code in vcc_probe() arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] sched/fair: Eliminate bandwidth race between throttling and distribution dpaa2-eth: fix error return code in setup_dpni() dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion devlink: Fix reporter's recovery condition atm: fix a memory leak of vcc->user_back media: venus: vdec: Init registered list unconditionally perf mem2node: Avoid double free related to realloc mm/slub: fix incorrect interpretation of s->offset i2c: tegra: Restore pinmux on system resume power: supply: max17040: Correct voltage reading phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() KVM: x86: handle wrap around 32-bit address space tipc: fix memory leak in service subscripting tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler drm/exynos: dsi: Remove bridge node reference in error handling path in probe function ipmi:bt-bmc: Fix error handling and status check powerpc/traps: Make unrecoverable NMIs die instead of panic svcrdma: Fix backchannel return code fuse: don't check refcount after stealing page fuse: update attr_version counter on fuse_notify_inval_inode() USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int coresight: etm4x: Fix use-after-free of per-cpu etm drvdata arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work scsi: cxlflash: Fix error return code in cxlflash_probe() arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register drm/amdkfd: fix restore worker race condition e1000: Do not perform reset in reset_task if we are already down drm/nouveau/debugfs: fix runtime pm imbalance on error drm/nouveau: fix runtime pm imbalance on error drm/nouveau/dispnv50: fix runtime pm imbalance on error printk: handle blank console arguments passed in. usb: dwc3: Increase timeout for CmdAct cleared by device controller btrfs: don't force read-only after error in drop snapshot btrfs: fix double __endio_write_update_ordered in direct I/O gpio: rcar: Fix runtime PM imbalance on error vfio/pci: fix memory leaks of eventfd ctx KVM: PPC: Book3S HV: Close race with page faults around memslot flushes perf evsel: Fix 2 memory leaks perf trace: Fix the selection for architectures to generate the errno name tables perf stat: Fix duration_time value for higher intervals perf util: Fix memory leak of prefix_if_not_in perf metricgroup: Free metric_events on error perf kcore_copy: Fix module map when there are no modules loaded PCI: tegra194: Fix runtime PM imbalance on error ASoC: img-i2s-out: Fix runtime PM imbalance on error wlcore: fix runtime pm imbalance in wl1271_tx_work wlcore: fix runtime pm imbalance in wlcore_regdomain_config mtd: rawnand: gpmi: Fix runtime PM imbalance on error mtd: rawnand: omap_elm: Fix runtime PM imbalance on error PCI: tegra: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mm/swap_state: fix a data race in swapin_nr_pages mm: memcontrol: fix stat-corrupting race in charge moving rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline NFS: nfs_xdr_status should record the procedure name vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages nvme: fix possible deadlock when I/O is blocked mac80211: skip mpath lookup also for control port tx scsi: libfc: Handling of extra kref scsi: libfc: Skip additional kref updating work event selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx btrfs: qgroup: fix data leak caused by race between writeback and truncate perf tests: Fix test 68 zstd compression for s390 scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure ubi: fastmap: Free unused fastmap anchor peb during detach mt76: fix LED link time failure opp: Increase parsed_static_opps in _of_add_opp_table_v1() perf parse-events: Use strcmp() to compare the PMU name ALSA: hda: Always use jackpoll helper for jack update after resume ALSA: hda: Workaround for spurious wakeups on some Intel platforms net: openvswitch: use div_u64() for 64-by-32 divisions nvme: explicitly update mpath disk capacity on revalidation device_cgroup: Fix RCU list debugging warning ASoC: pcm3168a: ignore 0 Hz settings ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 RISC-V: Take text_mutex in ftrace_init_nop() i2c: aspeed: Mask IRQ status to relevant bits s390/init: add missing __init annotations lockdep: fix order in trace_hardirqs_off_caller() EDAC/ghes: Check whether the driver is on the safe list correctly drm/amdkfd: fix a memory leak issue drm/amd/display: update nv1x stutter latencies drm/amdgpu/dc: Require primary plane to be enabled whenever the CRTC is i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154: fix one possible memleak in ca8210_dev_com_init ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled mac802154: tx: fix use-after-free bpf: Fix clobbering of r2 in bpf_gen_ld_abs drm/vc4/vc4_hdmi: fill ASoC card owner net: qed: Disable aRFS for NPAR and 100G net: qede: Disable aRFS for NPAR and 100G net: qed: RDMA personality shouldn't fail VF load drm/sun4i: sun8i-csc: Secondary CSC register correction batman-adv: Add missing include for in_interrupt() nvme-tcp: fix kconfig dependency warning when !CRYPTO batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh bpf: Fix a rcu warning for bpffs map pretty-print lib80211: fix unmet direct dependendices config warning when !CRYPTO ALSA: asihpi: fix iounmap in error handler regmap: fix page selection for noinc reads regmap: fix page selection for noinc writes MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() regulator: axp20x: fix LDO2/4 description KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE KVM: SVM: Add a dedicated INVD intercept routine mm: validate pmd after splitting arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback x86/ioapic: Unbreak check_timer() scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported ALSA: usb-audio: Add delay quirk for H570e USB headsets ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 lib/string.c: implement stpcpy tracing: fix double free s390/dasd: Fix zero write for FBA devices kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot btrfs: fix overflow when copying corrupt csums for a message dmabuf: fix NULL pointer dereference in dma_buf_release() mm, THP, swap: fix allocating cluster for swapfile by mistake mm/gup: fix gup_fast with dynamic page table folding s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch dm: fix bio splitting and its bio completion order for regular IO kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 5.4.69 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I2a26b4f6fd89b641fa80e339ee72089da51a1415 |
||
Jaewon Kim
|
51396da044 |
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
[ Upstream commit 09ef5283fd96ac424ef0e569626f359bf9ab86c9 ]
On passing requirement to vm_unmapped_area, arch_get_unmapped_area and
arch_get_unmapped_area_topdown did not set align_offset. Internally on
both unmapped_area and unmapped_area_topdown, if info->align_mask is 0,
then info->align_offset was meaningless.
But commit df529cabb7a2 ("mm: mmap: add trace point of
vm_unmapped_area") always prints info->align_offset even though it is
uninitialized.
Fix this uninitialized value issue by setting it to 0 explicitly.
Before:
vm_unmapped_area: addr=0x755b155000 err=0 total_vm=0x15aaf0 flags=0x1 len=0x109000 lo=0x8000 hi=0x75eed48000 mask=0x0 ofs=0x4022
After:
vm_unmapped_area: addr=0x74a4ca1000 err=0 total_vm=0x168ab1 flags=0x1 len=0x9000 lo=0x8000 hi=0x753d94b000 mask=0x0 ofs=0x0
Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Michel Lespinasse <walken@google.com>
Cc: Borislav Petkov <bp@suse.de>
Link: http://lkml.kernel.org/r/20200409094035.19457-1-jaewon31.kim@samsung.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Ivaylo Georgiev
|
125c29efb1 |
Merge android11-5.4.60 (8ae87ad) into msm-5.4
* refs/heads/tmp-8ae87ad:
Linux 5.4.60
drm/amd/display: dchubbub p-state warning during surface planes switch
drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume
drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
drm: Added orientation quirk for ASUS tablet model T103HAF
drm/panfrost: Use kvfree() to free bo->sgts
arm64: dts: marvell: espressobin: add ethernet alias
khugepaged: retract_page_tables() remember to test exit
sh: landisk: Add missing initialization of sh_io_port_base
perf/x86/rapl: Fix missing psys sysfs attributes
tools build feature: Quote CC and CXX for their arguments
perf bench mem: Always memset source before memcpy
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
crypto: algif_aead - fix uninitialized ctx->init
mfd: dln2: Run event handler loop under spinlock
i2c: iproc: fix race between client unreg and isr
test_kmod: avoid potential double free in trigger_config_run_type()
fs/ufs: avoid potential u32 multiplication overflow
fs/minix: remove expected error message in block_to_path()
fs/minix: fix block limit check for V1 filesystems
fs/minix: set s_maxbytes correctly
nfs: Fix getxattr kernel panic and memory overflow
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
drm/vmwgfx: Fix two list_for_each loop exit tests
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
recordmcount: Fix build failure on non arm64
Input: sentelic - fix error return when fsp_reg_write fails
x86/tsr: Fix tsc frequency enumeration bug on Lightning Mountain SoC
md-cluster: Fix potential error pointer dereference in resize_bitmaps()
watchdog: initialize device before misc_register
nfs: nfs_file_write() should check for writeback errors
scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport
openrisc: Fix oops caused when dumping stack
libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr
libnvdimm/security: fix a typo
clk: bcm2835: Do not use prediv with bcm2711's PLLs
ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename
nfs: ensure correct writeback errors are returned on close()
i2c: rcar: avoid race when unregistering slave
tools build feature: Use CC and CXX from parent
pwm: bcm-iproc: handle clk_get_rate() return
clk: clk-atlas6: fix return value check in atlas6_clk_init()
clk: qcom: gcc-sdm660: Fix up gcc_mss_mnoc_bimc_axi_clk
i2c: rcar: slave: only send STOP event when we have been addressed
iommu/vt-d: Enforce PASID devTLB field mask
clk: qcom: clk-alpha-pll: remove unused/incorrect PLL_CAL_VAL
clk: qcom: gcc: fix sm8150 GPU and NPU clocks
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
selftests/powerpc: ptrace-pkey: Don't update expected UAMOR value
selftests/powerpc: ptrace-pkey: Update the test to mark an invalid pkey correctly
selftests/powerpc: ptrace-pkey: Rename variables to make it easier to follow code
clk: actions: Fix h_clk for Actions S500 SoC
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
gpu: ipu-v3: image-convert: Wait for all EOFs before completing a tile
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
crypto: caam - Remove broken arc4 support
mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
RDMA/counter: Allow manually bind QPs with different pids to same counter
RDMA/counter: Only bind user QPs in auto mode
devres: keep both device name and resource name in pretty name
crypto: af_alg - Fix regression on empty requests
USB: serial: ftdi_sio: clean up receive processing
USB: serial: ftdi_sio: make process-packet buffer unsigned
selftests/bpf: test_progs use another shell exit on non-actions
selftests/bpf: Test_progs indicate to shell on non-actions
IB/uverbs: Set IOVA on IB MR in uverbs layer
media: rockchip: rga: Only set output CSC mode for RGB input
media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic
RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
platform/chrome: cros_ec_ishtp: Fix a double-unlock issue
mtd: rawnand: fsl_upm: Remove unused mtd var
octeontx2-af: change (struct qmem)->entry_sz from u8 to u16
mfd: arizona: Ensure 32k clock is put on driver unbind and error
crypto: algif_aead - Only wake up when ctx->more is zero
pinctrl: ingenic: Properly detect GPIO direction when configured for IRQ
orangefs: get rid of knob code...
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load
remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load
remoteproc: qcom: q6v5: Update running state before requesting stop
perf intel-pt: Fix duplicate branch after CBR
perf intel-pt: Fix FUP packet state
module: Correctly truncate sysfs sections output
pseries: Fix 64 bit logical memory block panic
ceph: handle zero-length feature mask in session messages
ceph: set sec_context xattr on symlink creation
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
tracing: Move pipe reference to trace array instead of current_tracer
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
tracing/hwlat: Honor the tracing_cpumask
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
ftrace: Setup correct FTRACE_FL_REGS flags for module
mm/memory_hotplug: fix unpaired mem_hotplug_begin/done
mm/page_counter.c: fix protection usage propagation
ocfs2: change slot number type s16 to u16
khugepaged: collapse_pte_mapped_thp() protect the pmd lock
khugepaged: collapse_pte_mapped_thp() flush the right range
ext2: fix missing percpu_counter_inc
MIPS: qi_lb60: Fix routing to audio amplifier
MIPS: CPU#0 is not hotpluggable
driver core: Avoid binding drivers to dead devices
mac80211: fix misplaced while instead of if
bcache: fix overflow in offset_to_stripe()
bcache: allocate meta data pages as compound pages
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
net/compat: Add missing sock updates for SCM_RIGHTS
net: stmmac: dwmac1000: provide multicast filter fallback
net: ethernet: stmmac: Disable hardware multicast filter
media: vsp1: dl: Fix NULL pointer dereference on unbind
pinctrl: ingenic: Enhance support for IRQ_TYPE_EDGE_BOTH
powerpc: Fix circular dependency between percpu.h and mmu.h
powerpc: Allow 4224 bytes of stack expansion for the signal frame
powerpc/ptdump: Fix build failure in hashpagetable.c
cifs: Fix leak when handling lease break for cached root fid
xtensa: fix xtensa_pmu_setup prototype
xtensa: add missing exclusive access state management
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
arm64: perf: Correct the event index in sysfs
btrfs: fix return value mixup in btrfs_get_extent
btrfs: make sure SB_I_VERSION doesn't get unset by remount
btrfs: fix memory leaks after failure to lookup checksums during inode logging
btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix messages after changing compression level by remount
btrfs: fix race between page release and a fast fsync
btrfs: don't WARN if we abort a transaction with EROFS
btrfs: sysfs: use NOFS for device creation
btrfs: avoid possible signal interruption of btrfs_drop_snapshot() on relocation tree
btrfs: add missing check for nocow and compression inode flags
btrfs: relocation: review the call sites which can be interrupted by signal
btrfs: move the chunk_mutex in btrfs_read_chunk_tree
btrfs: open device without device_list_mutex
btrfs: don't traverse into the seed devices in show_devname
btrfs: remove no longer needed use of log_writers for the log root tree
btrfs: stop incremening log_batch for the log root tree when syncing log
btrfs: ref-verify: fix memory leak in add_block_entry
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: free anon block device right after subvolume deletion
btrfs: allow use of global block reserve for balance item deletion
PCI: qcom: Add support for tx term offset for rev 2.1.0
PCI: qcom: Define some PARF params needed for ipq8064 SoC
PCI: Add device even if driver attach failed
PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
genirq/PM: Always unlock IRQ descriptor in rearm_wake_irq()
genirq/affinity: Make affinity setting if activated opt-in
smb3: warn on confusing error scenario with sec=krb5
ANDROID: ABI: FPSIMD save/restore using vendor_hooks
ANDROID: vendor_hooks: FPSIMD save/restore by using vendor_hooks
ANDROID: futex: Add vendor hook for wait queue
ANDROID: sched: add vendor hooks to handle scheduling priority
ANDROID: rwsem: Add vendor hook to the rw-semaphore
ANDROID: binder: Add vendor hook to the binder
FROMLIST: ufs: introduce a callback to get info of command completion
ANDROID: scsi: ufs: export ufshcd_wb_ctrl func
ANDROID: GKI: enable some USB_NET_ config options
ANDROID: sched: add restrict vendor hook to modify task placement policy in EAS
BACKPORT: kthread: Do not preempt current task if it is going to call schedule()
ANDROID: GKI: enable CONFIG_USB_ROLE_SWITCH
ANDROID: ABI: Update ABI after UFS error recovery patches
BACKPORT: FROMGIT: scsi: ufs: Properly release resources if a task is aborted successfully
BACKPORT: FROMGIT: scsi: ufs: Fix a race condition between error handler and runtime PM ops
FROMGIT: scsi: ufs: Move dumps in IRQ handler to error handler
BACKPORT: FROMGIT: scsi: ufs: Recover HBA runtime PM error in error handler
BACKPORT: FROMGIT: scsi: ufs: Fix concurrency of error handler and other error recovery paths
BACKPORT: FROMGIT: scsi: ufs: Add some debug information to ufshcd_print_host_state()
FROMGIT: scsi: ufs-qcom: Remove testbus dump in ufs_qcom_dump_dbg_regs
FROMGIT: scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
FROMGIT: scsi: ufs: Add checks before setting clk-gating states
ANDROID: kbuild: don't preprocess module-lto.lds
ANDROID: vendor_hooks: Add vendor hook to the net
Revert "ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109"
Linux 5.4.59
io_uring: Fix NULL pointer dereference in loop_rw_iter()
s390/gmap: improve THP splitting
s390/dasd: fix inability to use DASD with DIAG driver
xen/gntdev: Fix dmabuf import with non-zero sgt offset
xen/balloon: make the balloon wait interruptible
xen/balloon: fix accounting in alloc_xenballooned_pages error path
fs/minix: reject too-large maximum file size
fs/minix: don't allow getting deleted inodes
fs/minix: check return value of sb_getblk()
bitfield.h: don't compile-time validate _val in FIELD_FIT
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
crypto: ccp - Fix use of merged scatterlists
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: hisilicon - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
pstore: Fix linking when crypto API disabled
tpm: Unify the mismatching TPM space buffer sizes
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
irqdomain/treewide: Free firmware node after domain removal
ARM: 8992/1: Fix unwind_frame for clang-built kernels
parisc: mask out enable and reserved bits from sba imask
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: Do not use an ordered store in pa_tlb_lock()
Revert "parisc: Revert "Release spinlocks using ordered store""
Revert "parisc: Use ldcw instruction for SMP spinlock release barrier"
Revert "parisc: Drop LDCW barrier in CAS code when running UP"
erofs: fix extended inode could cross boundary
mtd: rawnand: qcom: avoid write to unavailable register
spi: spidev: Align buffers for DMA
include/asm-generic/vmlinux.lds.h: align ro_after_init
cpufreq: dt: fix oops on armada37xx
cpufreq: Fix locking issues with governors
NFS: Don't return layout segments that are in use
NFS: Don't move layouts to plh_return_segs list while in use
io_uring: set ctx sq/cq entry count earlier
drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
media: media-request: Fix crash if memory allocation fails
9p: Fix memory leak in v9fs_mount
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO
USB: serial: cp210x: enable usb generic throttle/unthrottle
USB: serial: cp210x: re-enable auto-RTS on open
net: initialize fastreuse on inet_inherit_port
net: refactor bind_bucket fastreuse into helper
vmxnet3: use correct tcp hdr length when packet is encapsulated
tcp: correct read of TFO keys on big endian systems
net/tls: Fix kmap usage
net: Set fput_needed iff FDPUT_FPUT is set
net: phy: fix memory leak in device-create error path
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Fix potential memory leak in proto_register()
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
af_packet: TPACKET_V3: fix fill status rwlock imbalance
crypto: aesni - add compatibility with IAS
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
SUNRPC: Fix ("SUNRPC: Add "@len" parameter to gss_unwrap()")
svcrdma: Fix page leak in svc_rdma_recv_read_chunk()
pinctrl-single: fix pcs_parse_pinconf() return value
ocfs2: fix unbalanced locking
dlm: Fix kobject memleak
net: thunderx: initialize VF's mailbox mutex before first usage
fsl/fman: fix eth hash table allocation
fsl/fman: check dereferencing null pointer
fsl/fman: fix unreachable code
fsl/fman: fix dereference null return value
fsl/fman: use 32-bit unsigned integer
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: ethernet: aquantia: Fix wrong return value
net/mlx5: Delete extra dump stack that gives nothing
net/mlx5: DR, Change push vlan action sequence
tools, bpftool: Fix wrong return value in do_dump()
tools, build: Propagate build failures from tools/build/Makefile.build
wl1251: fix always return 0 error
rtw88: coex: only skip coex triggered by BT info
rtw88: fix short GI capability based on current bandwidth
rtw88: fix LDPC field for RA info
ice: Graceful error handling in HW table calloc failure
s390/qeth: don't process empty bridge port events
ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK
ASoC: meson: axg-tdm-formatters: fix sclk inversion
ASoC: meson: axg-tdmin: fix g12a skew
ASoC: meson: axg-tdm-interface: fix link fmt setup
selftests/powerpc: Fix online CPU selection
cpufreq: ap806: fix cpufreq driver needs ap cpu clk
PCI: Release IVRS table in AMD ACS quirk
RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP
selftests/powerpc: Fix CPU affinity for child process
powerpc/boot: Fix CONFIG_PPC_MPC52XX references
powerpc/32s: Fix CONFIG_BOOK3S_601 uses
selftests/powerpc: Squash spurious errors due to device removal
xfs: fix inode allocation block res calculation precedence
net: dsa: rtl8366: Fix VLAN set-up
net: dsa: rtl8366: Fix VLAN semantics
Bluetooth: hci_serdev: Only unregister device if it was registered
Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags
power: supply: check if calc_soc succeeded in pm860x_init_battery
Smack: prevent underflow in smk_set_cipso()
Smack: fix another vsscanf out of bounds
RDMA/core: Fix return error value in _ib_modify_qp() to negative
PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register
macintosh/via-macii: Access autopoll_devs when inside lock
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
scsi: mesh: Fix panic after host or bus reset
scsi: megaraid_sas: Clear affinity hint
usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength
usb: dwc2: Fix error path in gadget registration
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
phy: armada-38x: fix NETA lockup when repeatedly switching speeds
mt76: mt7615: fix potential memory leak in mcu message handler
powerpc/perf: Fix missing is_sier_aviable() during build
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
usb: core: fix quirks_param_set() writing to a const pointer
USB: serial: iuu_phoenix: fix led-activity helpers
spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM
gpu: ipu-v3: Restore RGB32, BGR32
drm/imx: tve: fix regulator_disable error path
drm/imx: fix use after free
powerpc/book3s64/pkeys: Use PVR check instead of cpu feature
phy: renesas: rcar-gen3-usb2: move irq registration to init
PCI/ASPM: Add missing newline in sysfs 'policy'
ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback
staging: rtl8192u: fix a dubious looking mask before a shift
ima: Have the LSM free its audit rule
RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue
RDMA/qedr: SRQ's bug fixes
powerpc/vdso: Fix vdso cpu truncation
powerpc/rtas: don't online CPUs for partition suspend
kernfs: do not call fsnotify() with name without a parent
mwifiex: Prevent memory corruption handling keys
scsi: scsi_debug: Add check for sdebug_max_queue during module init
drm/bridge: sil_sii8620: initialize return of sii8620_readb
phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY
drm: panel: simple: Fix bpc for LG LB070WV8 panel
leds: core: Flush scheduled work for system suspend
kobject: Avoid premature parent object freeing in kobject_cleanup()
drm/stm: repair runtime power management
PCI: Fix pci_cfg_wait queue locking problem
RDMA/rxe: Skip dgid check in loopback mode
xfs: fix reflink quota reservation accounting error
xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
media: cros-ec-cec: do not bail on device_init_wakeup failure
media: exynos4-is: Add missed check for pinctrl_lookup_state()
media: firewire: Using uninitialized values in node_probe()
ipvs: allow connection reuse for unconfirmed conntrack
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued()
iavf: Fix updating statistics
iavf: fix error return code in iavf_init_get_resources()
staging: vchiq_arm: Add a matching unregister call
drm/radeon: fix array out-of-bounds read and write issues
cxl: Fix kobject memleak
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
ASoC: Intel: bxt_rt298: add missing .owner field
ASoC: SOF: nocodec: add missing .owner field
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
media: marvell-ccic: Add missed v4l2_async_notifier_cleanup()
media: cxusb-analog: fix V4L2 dependency
Bluetooth: btmtksdio: fix up firmware download sequence
Bluetooth: btusb: fix up firmware download sequence
leds: lm355x: avoid enum conversion warning
clk: bcm63xx-gate: fix last clock availability
drm/arm: fix unintentional integer overflow on left shift
drm/etnaviv: Fix error path on failure to enable bus clk
iio: improve IIO_CONCENTRATION channel type description
ath10k: Acquire tx_lock in tx error paths
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
console: newport_con: fix an issue about leak related system resources
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
btmrvl: Fix firmware filename for sd8997 chipset
btmrvl: Fix firmware filename for sd8977 chipset
mwifiex: Fix firmware filename for sd8997 chipset
mwifiex: Fix firmware filename for sd8977 chipset
agp/intel: Fix a memory leak on module initialisation failure
drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers
drm/gem: Fix a leak in drm_gem_objects_lookup()
drm/msm: ratelimit crtc event overflow error
ACPICA: Do not increment operation_region reference counts for field units
bcache: fix super block seq numbers comparision in register_cache_set()
dyndbg: fix a BUG_ON in ddebug_describe_flags
usb: bdc: Halt controller on suspend
bdc: Fix bug causing crash after multiple disconnects
usb: gadget: net2280: fix memory leak on probe error handling paths
mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1
ionic: update eid test for overflow
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
iwlegacy: Check the return value of pcie_capability_read_*()
platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15
brcmfmac: set state of hanger slot to FREE when flushing PSQ
brcmfmac: To fix Bss Info flag definition Bug
brcmfmac: keep SDIO watchdog running when console_interval is non-zero
bpf: Fix fds_example SIGSEGV error
drm/amd/powerplay: fix compile error with ARCH=arc
drm/amdgpu/display bail early in dm_pp_get_static_clocks
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
drm/radeon: disable AGP by default
drm/debugfs: fix plain echo to connector "force" attribute
drm/msm: Fix a null pointer access in msm_gem_shrinker_count()
drm: msm: a6xx: fix gpu failure after system resume
usb: mtu3: clear dual mode of u3port when disable device
btrfs: fix lockdep splat from btrfs_dump_space_info
mmc: sdhci-cadence: do not use hardware tuning for SD mode
drm/nouveau: fix multiple instances of reference count leaks
drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek
drm/etnaviv: fix ref count leak via pm_runtime_get_sync
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
drm/nouveau/kms/nv50-: Fix disabling dithering
md-cluster: fix wild pointer of unlock_all_bitmaps()
bus: ti-sysc: Add missing quirk flags for usb_host_hs
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
video: fbdev: savage: fix memory leak on error handling path in probe
crypto: aesni - Fix build with LLVM_IAS=1
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
drm/amdgpu: avoid dereferencing a NULL pointer
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
ANDROID: fix a bug in quota2
loop: be paranoid on exit and prevent new additions / removals
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths
nvme-multipath: fix logic for non-optimized paths
nvme-rdma: fix controller reset hang during traffic
nvme-tcp: fix controller reset hang during traffic
md: raid0/linear: fix dereference before null check on pointer mddev
seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
irqchip/ti-sci-inta: Fix return value about devm_ioremap_resource()
iocost: Fix check condition of iocg abs_vdebt
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
spi: rockchip: Fix error in SPI slave pio read
io_uring: fix sq array offset calculation
regulator: fix memory leak on error path of regulator_register()
recordmcount: only record relocation of type R_AARCH64_CALL26 on arm64.
tpm: Require that all digests are present in TCG_PCR_EVENT2 structures
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages
ARM: dts: sunxi: bananapi-m2-plus-v1.2: Add regulator supply to all CPU cores
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: dts: gose: Fix ports node name for adv7612
ARM: dts: gose: Fix ports node name for adv7180
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
m68k: mac: Fix IOP status/control register writes
m68k: mac: Don't send IOP message until channel is idle
clk: scmi: Fix min and max rate when registering clocks with discrete rates
sched/uclamp: Fix initialization of struct uclamp_rq
arm64: dts: exynos: Fix silent hang after boot on Espresso
firmware: arm_scmi: Fix SCMI genpd domain probing
ARM: exynos: MCPM: Restore big.LITTLE cpuidle support
crypto: ccree - fix resource leak on error path
blktrace: fix debugfs use after free
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
crc-t10dif: Fix potential crypto notify dead-lock
EDAC: Fix reference count leaks
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
arm64: dts: rockchip: fix rk3368-lion gmac reset gpio
sched: correct SD_flags returned by tl->sd_flags()
sched/fair: Fix NOHZ next idle balance
x86/mce/inject: Fix a wrong assignment of i_mce.status
clk: qcom: clk-rpmh: Wait for completion when enabling clocks
fs/io_uring.c: Fix uninitialized variable is referenced in io_submit_sqe
nvme: add a Identify Namespace Identification Descriptor list quirk
HID: input: Fix devices that return multiple bytes in battery report
tracepoint: Mark __tracepoint_string's __used
ANDROID: ABI: Update allowed list for QCOM
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/iio/multiplexer/io-channel-mux.txt
android/abi_gki_aarch64_qcom
drivers/clk/qcom/clk-rpmh.c
drivers/hwtracing/coresight/coresight-tmc-etf.c
drivers/scsi/ufs/ufs-qcom.c
drivers/scsi/ufs/ufshcd.c
Change-Id: Ifd7b8337005ddb6c64a6f4e017e470e745170d98
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
c0b1779755 |
This is the 5.4.59 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl88xTwACgkQONu9yGCS
aT60Lw/9HV3JZ0KDYKHRRS/n4UWh2w7jHe5hwFTfX8/KibexzGzgV3gTaXsyQx75
Bj2ruJTGZKDvy+a9/IsjTe1v1/HPwPydDyfABNl/Rn8vQuyHzyyGzQo2owqGb57w
4wVuoqhPASn0n2QAMG05caAx1uqPlXcT/I4H8vpzieNEHbB/2TbwFiWvrDC2d+nw
mw1PkRmaFp2GSMOHSb68n2oYUv19EBHDtxF9WkwyftdKALQYz5x4O/n4lhpzMSmO
OeiUg/dpLi0bptL1SQAfaY/Lxa1gFb62YvP47WbWp/P6zespOInk2n8kmpoHxol3
MMZelRCdl9NtIKVXMEOFEv/asXPlF2wARGmNejGCYLaRqal1bH67yG4eja7biIJe
gr5OBOFVPol83sPAnb6V4P2SEs650WR95hshYpRL9lbmcHY4q5zoXVm9ul/Hp49R
qjjfxHDNQQoQgX4ZhEJLp2a5AEJUM4Kz28pZXHyczKYc2R6/AZWqHfnbQVURf+au
0xJ/tOFxn3yqRtTkmuuifkZcUTJ5iRnzxUUYiGyhTqZOTNZTD0FgiI+S7gckI//K
idoWGTszHZb6YkNBEwz4WJFtxCGpO95xgD95jOpJVxFcJ5f5PpfZE7RkXUDLR5UO
XzJopB3nOT1h3EoI3xq7aPDF1hKbkp+VRMWcVrBeP9KgcpLisS4=
=Tk2c
-----END PGP SIGNATURE-----
Merge 5.4.59 into android11-5.4
Changes in 5.4.59
tracepoint: Mark __tracepoint_string's __used
HID: input: Fix devices that return multiple bytes in battery report
nvme: add a Identify Namespace Identification Descriptor list quirk
fs/io_uring.c: Fix uninitialized variable is referenced in io_submit_sqe
clk: qcom: clk-rpmh: Wait for completion when enabling clocks
x86/mce/inject: Fix a wrong assignment of i_mce.status
sched/fair: Fix NOHZ next idle balance
sched: correct SD_flags returned by tl->sd_flags()
arm64: dts: rockchip: fix rk3368-lion gmac reset gpio
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
EDAC: Fix reference count leaks
crc-t10dif: Fix potential crypto notify dead-lock
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
blktrace: fix debugfs use after free
crypto: ccree - fix resource leak on error path
ARM: exynos: MCPM: Restore big.LITTLE cpuidle support
firmware: arm_scmi: Fix SCMI genpd domain probing
arm64: dts: exynos: Fix silent hang after boot on Espresso
sched/uclamp: Fix initialization of struct uclamp_rq
clk: scmi: Fix min and max rate when registering clocks with discrete rates
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: dts: gose: Fix ports node name for adv7180
ARM: dts: gose: Fix ports node name for adv7612
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: dts: sunxi: bananapi-m2-plus-v1.2: Add regulator supply to all CPU cores
ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages
spi: lantiq: fix: Rx overflow error in full duplex mode
tpm: Require that all digests are present in TCG_PCR_EVENT2 structures
recordmcount: only record relocation of type R_AARCH64_CALL26 on arm64.
regulator: fix memory leak on error path of regulator_register()
io_uring: fix sq array offset calculation
spi: rockchip: Fix error in SPI slave pio read
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
iocost: Fix check condition of iocg abs_vdebt
irqchip/ti-sci-inta: Fix return value about devm_ioremap_resource()
seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
md: raid0/linear: fix dereference before null check on pointer mddev
nvme-tcp: fix controller reset hang during traffic
nvme-rdma: fix controller reset hang during traffic
nvme-multipath: fix logic for non-optimized paths
nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
loop: be paranoid on exit and prevent new additions / removals
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/amdgpu: avoid dereferencing a NULL pointer
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
crypto: aesni - Fix build with LLVM_IAS=1
video: fbdev: savage: fix memory leak on error handling path in probe
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
bus: ti-sysc: Add missing quirk flags for usb_host_hs
md-cluster: fix wild pointer of unlock_all_bitmaps()
drm/nouveau/kms/nv50-: Fix disabling dithering
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
drm/etnaviv: fix ref count leak via pm_runtime_get_sync
drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek
drm/nouveau: fix multiple instances of reference count leaks
mmc: sdhci-cadence: do not use hardware tuning for SD mode
btrfs: fix lockdep splat from btrfs_dump_space_info
usb: mtu3: clear dual mode of u3port when disable device
drm: msm: a6xx: fix gpu failure after system resume
drm/msm: Fix a null pointer access in msm_gem_shrinker_count()
drm/debugfs: fix plain echo to connector "force" attribute
drm/radeon: disable AGP by default
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
drm/amdgpu/display bail early in dm_pp_get_static_clocks
drm/amd/powerplay: fix compile error with ARCH=arc
bpf: Fix fds_example SIGSEGV error
brcmfmac: keep SDIO watchdog running when console_interval is non-zero
brcmfmac: To fix Bss Info flag definition Bug
brcmfmac: set state of hanger slot to FREE when flushing PSQ
platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15
iwlegacy: Check the return value of pcie_capability_read_*()
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
ionic: update eid test for overflow
mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
usb: bdc: Halt controller on suspend
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
drm/msm: ratelimit crtc event overflow error
drm/gem: Fix a leak in drm_gem_objects_lookup()
drm/bridge: ti-sn65dsi86: Clear old error bits before AUX transfers
agp/intel: Fix a memory leak on module initialisation failure
mwifiex: Fix firmware filename for sd8977 chipset
mwifiex: Fix firmware filename for sd8997 chipset
btmrvl: Fix firmware filename for sd8977 chipset
btmrvl: Fix firmware filename for sd8997 chipset
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
ath10k: Acquire tx_lock in tx error paths
iio: improve IIO_CONCENTRATION channel type description
drm/etnaviv: Fix error path on failure to enable bus clk
drm/arm: fix unintentional integer overflow on left shift
clk: bcm63xx-gate: fix last clock availability
leds: lm355x: avoid enum conversion warning
Bluetooth: btusb: fix up firmware download sequence
Bluetooth: btmtksdio: fix up firmware download sequence
media: cxusb-analog: fix V4L2 dependency
media: marvell-ccic: Add missed v4l2_async_notifier_cleanup()
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
ASoC: SOF: nocodec: add missing .owner field
ASoC: Intel: bxt_rt298: add missing .owner field
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
staging: vchiq_arm: Add a matching unregister call
iavf: fix error return code in iavf_init_get_resources()
iavf: Fix updating statistics
RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued()
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
ipvs: allow connection reuse for unconfirmed conntrack
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
media: cros-ec-cec: do not bail on device_init_wakeup failure
xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
xfs: fix reflink quota reservation accounting error
RDMA/rxe: Skip dgid check in loopback mode
PCI: Fix pci_cfg_wait queue locking problem
drm/stm: repair runtime power management
kobject: Avoid premature parent object freeing in kobject_cleanup()
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY
drm/bridge: sil_sii8620: initialize return of sii8620_readb
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
kernfs: do not call fsnotify() with name without a parent
powerpc/rtas: don't online CPUs for partition suspend
powerpc/vdso: Fix vdso cpu truncation
RDMA/qedr: SRQ's bug fixes
RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue
ima: Have the LSM free its audit rule
staging: rtl8192u: fix a dubious looking mask before a shift
ASoC: meson: fixes the missed kfree() for axg_card_add_tdm_loopback
PCI/ASPM: Add missing newline in sysfs 'policy'
phy: renesas: rcar-gen3-usb2: move irq registration to init
powerpc/book3s64/pkeys: Use PVR check instead of cpu feature
drm/imx: fix use after free
drm/imx: tve: fix regulator_disable error path
gpu: ipu-v3: Restore RGB32, BGR32
spi: lantiq-ssc: Fix warning by using WQ_MEM_RECLAIM
USB: serial: iuu_phoenix: fix led-activity helpers
usb: core: fix quirks_param_set() writing to a const pointer
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
powerpc/perf: Fix missing is_sier_aviable() during build
mt76: mt7615: fix potential memory leak in mcu message handler
phy: armada-38x: fix NETA lockup when repeatedly switching speeds
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
usb: dwc2: Fix error path in gadget registration
usb: gadget: f_uac2: fix AC Interface Header Descriptor wTotalLength
scsi: megaraid_sas: Clear affinity hint
scsi: mesh: Fix panic after host or bus reset
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
macintosh/via-macii: Access autopoll_devs when inside lock
PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register
RDMA/core: Fix return error value in _ib_modify_qp() to negative
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags
Bluetooth: hci_serdev: Only unregister device if it was registered
net: dsa: rtl8366: Fix VLAN semantics
net: dsa: rtl8366: Fix VLAN set-up
xfs: fix inode allocation block res calculation precedence
selftests/powerpc: Squash spurious errors due to device removal
powerpc/32s: Fix CONFIG_BOOK3S_601 uses
powerpc/boot: Fix CONFIG_PPC_MPC52XX references
selftests/powerpc: Fix CPU affinity for child process
RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP
PCI: Release IVRS table in AMD ACS quirk
cpufreq: ap806: fix cpufreq driver needs ap cpu clk
selftests/powerpc: Fix online CPU selection
ASoC: meson: axg-tdm-interface: fix link fmt setup
ASoC: meson: axg-tdmin: fix g12a skew
ASoC: meson: axg-tdm-formatters: fix sclk inversion
ASoC: fsl_sai: Fix value of FSL_SAI_CR1_RFW_MASK
s390/qeth: don't process empty bridge port events
ice: Graceful error handling in HW table calloc failure
rtw88: fix LDPC field for RA info
rtw88: fix short GI capability based on current bandwidth
rtw88: coex: only skip coex triggered by BT info
wl1251: fix always return 0 error
tools, build: Propagate build failures from tools/build/Makefile.build
tools, bpftool: Fix wrong return value in do_dump()
net/mlx5: DR, Change push vlan action sequence
net/mlx5: Delete extra dump stack that gives nothing
net: ethernet: aquantia: Fix wrong return value
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
net: thunderx: initialize VF's mailbox mutex before first usage
dlm: Fix kobject memleak
ocfs2: fix unbalanced locking
pinctrl-single: fix pcs_parse_pinconf() return value
svcrdma: Fix page leak in svc_rdma_recv_read_chunk()
SUNRPC: Fix ("SUNRPC: Add "@len" parameter to gss_unwrap()")
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
crypto: aesni - add compatibility with IAS
af_packet: TPACKET_V3: fix fill status rwlock imbalance
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net: Fix potential memory leak in proto_register()
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: phy: fix memory leak in device-create error path
net: Set fput_needed iff FDPUT_FPUT is set
net/tls: Fix kmap usage
tcp: correct read of TFO keys on big endian systems
vmxnet3: use correct tcp hdr length when packet is encapsulated
net: refactor bind_bucket fastreuse into helper
net: initialize fastreuse on inet_inherit_port
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
media: media-request: Fix crash if memory allocation fails
drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
io_uring: set ctx sq/cq entry count earlier
NFS: Don't move layouts to plh_return_segs list while in use
NFS: Don't return layout segments that are in use
cpufreq: Fix locking issues with governors
cpufreq: dt: fix oops on armada37xx
include/asm-generic/vmlinux.lds.h: align ro_after_init
spi: spidev: Align buffers for DMA
mtd: rawnand: qcom: avoid write to unavailable register
erofs: fix extended inode could cross boundary
Revert "parisc: Drop LDCW barrier in CAS code when running UP"
Revert "parisc: Use ldcw instruction for SMP spinlock release barrier"
Revert "parisc: Revert "Release spinlocks using ordered store""
parisc: Do not use an ordered store in pa_tlb_lock()
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
irqdomain/treewide: Free firmware node after domain removal
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
tpm: Unify the mismatching TPM space buffer sizes
pstore: Fix linking when crypto API disabled
crypto: hisilicon - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
bitfield.h: don't compile-time validate _val in FIELD_FIT
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
xen/gntdev: Fix dmabuf import with non-zero sgt offset
s390/dasd: fix inability to use DASD with DIAG driver
s390/gmap: improve THP splitting
io_uring: Fix NULL pointer dereference in loop_rw_iter()
Linux 5.4.59
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4bc685ec9234d8f72a9c66ee2d509a2975f6d711
|
||
Paul E. McKenney
|
87834546ea |
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
[ Upstream commit 0a3b3c253a1eb2c7fe7f34086d46660c909abeb3 ] A large process running on a heavily loaded system can encounter the following RCU CPU stall warning: rcu: INFO: rcu_sched self-detected stall on CPU rcu: 3-....: (20998 ticks this GP) idle=4ea/1/0x4000000000000002 softirq=556558/556558 fqs=5190 (t=21013 jiffies g=1005461 q=132576) NMI backtrace for cpu 3 CPU: 3 PID: 501900 Comm: aio-free-ring-w Kdump: loaded Not tainted 5.2.9-108_fbk12_rc3_3858_gb83b75af7909 #1 Hardware name: Wiwynn HoneyBadger/PantherPlus, BIOS HBM6.71 02/03/2016 Call Trace: <IRQ> dump_stack+0x46/0x60 nmi_cpu_backtrace.cold.3+0x13/0x50 ? lapic_can_unplug_cpu.cold.27+0x34/0x34 nmi_trigger_cpumask_backtrace+0xba/0xca rcu_dump_cpu_stacks+0x99/0xc7 rcu_sched_clock_irq.cold.87+0x1aa/0x397 ? tick_sched_do_timer+0x60/0x60 update_process_times+0x28/0x60 tick_sched_timer+0x37/0x70 __hrtimer_run_queues+0xfe/0x270 hrtimer_interrupt+0xf4/0x210 smp_apic_timer_interrupt+0x5e/0x120 apic_timer_interrupt+0xf/0x20 </IRQ> RIP: 0010:kmem_cache_free+0x223/0x300 Code: 88 00 00 00 0f 85 ca 00 00 00 41 8b 55 18 31 f6 f7 da 41 f6 45 0a 02 40 0f 94 c6 83 c6 05 9c 41 5e fa e8 a0 a7 01 00 41 56 9d <49> 8b 47 08 a8 03 0f 85 87 00 00 00 65 48 ff 08 e9 3d fe ff ff 65 RSP: 0018:ffffc9000e8e3da8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff13 RAX: 0000000000020000 RBX: ffff88861b9de960 RCX: 0000000000000030 RDX: fffffffffffe41e8 RSI: 000060777fe3a100 RDI: 000000000001be18 RBP: ffffea00186e7780 R08: ffffffffffffffff R09: ffffffffffffffff R10: ffff88861b9dea28 R11: ffff88887ffde000 R12: ffffffff81230a1f R13: ffff888854684dc0 R14: 0000000000000206 R15: ffff8888547dbc00 ? remove_vma+0x4f/0x60 remove_vma+0x4f/0x60 exit_mmap+0xd6/0x160 mmput+0x4a/0x110 do_exit+0x278/0xae0 ? syscall_trace_enter+0x1d3/0x2b0 ? handle_mm_fault+0xaa/0x1c0 do_group_exit+0x3a/0xa0 __x64_sys_exit_group+0x14/0x20 do_syscall_64+0x42/0x100 entry_SYSCALL_64_after_hwframe+0x44/0xa9 And on a PREEMPT=n kernel, the "while (vma)" loop in exit_mmap() can run for a very long time given a large process. This commit therefore adds a cond_resched() to this loop, providing RCU any needed quiescent states. Cc: Andrew Morton <akpm@linux-foundation.org> Cc: <linux-mm@kvack.org> Reviewed-by: Shakeel Butt <shakeelb@google.com> Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Paul E. McKenney <paulmck@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Blagovest Kolenichev
|
40bffd325d |
Merge android11-5.4.54 (261a54f) into msm-5.4
* refs/heads/tmp-261a54f:
Revert "soc: qcom: rpmh: Update dirty flag only when data changes"
Revert "soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data"
Revert "soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS"
Revert "soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request"
Revert "soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner"
Linux 5.4.54
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
dm integrity: fix integrity recalculation that is improperly skipped
ASoC: topology: fix tlvs in error handling for widget_dmixer
ASoC: topology: fix kernel oops on route addition error
ASoC: qcom: Drop HAS_DMA dependency to fix link failure
ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10
x86, vmlinux.lds: Page-align end of ..page_aligned sections
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
drm/amd/powerplay: fix a crash when overclocking Vega M
drm/amdgpu: Fix NULL dereference in dpm sysfs handlers
mmc: sdhci-of-aspeed: Fix clock divider calculation
io-mapping: indicate mapping failure
khugepaged: fix null-pointer dereference due to race
mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
mm/memcg: fix refcount error while moving and swapping
mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
vt: Reject zero-sized screen buffer size.
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
/dev/mem: Add missing memory barriers for devmem_inode
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
serial: tegra: fix CREAD handling for PIO
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
tty: xilinx_uartps: Really fix id assignment
iwlwifi: mvm: don't call iwl_mvm_free_inactive_queue() under RCU
Revert "cifs: Fix the target file was deleted when rename failed."
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
usb: xhci-mtk: fix the failure of bandwidth allocation
binder: Don't use mmput() from shrinker function.
RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw
drivers/perf: Prevent forced unbinding of PMU drivers
asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible()
x86: math-emu: Fix up 'cmp' insn for clang ias
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling
ALSA: hda/realtek - fixup for yet another Intel reference board
hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe()
platform/x86: asus-wmi: allow BAT1 battery name
platform/x86: ISST: Add new PCI device ids
hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D
drm/amdgpu: fix preemption unit test
drm/amdgpu/gfx10: fix race condition for kiq
hwmon: (adm1275) Make sure we are reading enough data for different chips
usb: cdns3: trace: fix some endian issues
usb: cdns3: ep0: fix some endian issues
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
usb: dwc3: pci: add support for the Intel Jasper Lake
usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant
Input: elan_i2c - only increment wakeup count on touch
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
dmaengine: ioat setting ioat timeout as module parameter
dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
regmap: dev_get_regmap_match(): fix string comparison
spi: mediatek: use correct SPI_CFG2_REG MACRO
ARM: dts: n900: remove mmc1 card detect gpio
Input: add `SW_MACHINE_COVER`
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
HID: steam: fixes race in handling device list.
HID: alps: support devices with report id 2
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/gdb: fix lx-symbols 'gdb.error' while loading modules
scripts/decode_stacktrace: strip basepath from all paths
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
geneve: fix an uninitialized value in geneve_changelink()
bonding: check return value of register_netdevice() in bond_newlink()
i2c: i2c-qcom-geni: Fix DMA transfer race
i2c: rcar: always clear ICSAR to avoid side effects
enetc: Remove the mdio bus on PF probe bailout
nfsd4: fix NULL dereference in nfsd/clients display code
Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms"
net: ethernet: ave: Fix error returns in ave_init
ipvs: fix the connection sync failed in some cases
qed: suppress false-positives interrupt error messages on HW init
qed: suppress "don't support RoCE & iWARP" flooding on HW init
netdevsim: fix unbalaced locking in nsim_create()
net: dsa: microchip: call phy_remove_link_mode during probe
net: hns3: fix error handling for desc filling
net: ag71xx: add missed clk_disable_unprepare in error path of probe
ionic: fix up filter locks and debug msgs
ionic: use offset for ethtool regs data
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
bonding: check error value of register_netdevice() immediately
net: smc91x: Fix possible memory leak in smc_drv_probe()
drm: sun4i: hdmi: Fix inverted HPD result
ieee802154: fix one possible memleak in adf7242_probe
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ASoC: Intel: bytcht_es8316: Add missed put_device()
RDMA/mlx5: Use xa_lock_irq when access to SRQ table
ax88172a: fix ax88172a_unbind() failures
vsock/virtio: annotate 'the_virtio_vsock' RCU pointer
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
fpga: dfl: fix bug in port reset handshake
fpga: dfl: pci: reduce the scope of variable 'ret'
bnxt_en: Fix completion ring sizing with TPA enabled.
bnxt_en: Fix race when modifying pause settings.
btrfs: fix page leaks after failure to lock page for delalloc
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance
btrfs: reloc: fix reloc root leak and NULL pointer dereference
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
drm/amd/display: Check DMCU Exists Before Loading
dmabuf: use spinlock to access dmabuf->name
ARM: dts: imx6qdl-gw551x: fix audio SSI
ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link'
irqdomain/treewide: Keep firmware node unconditionally allocated
fuse: fix weird page warning
drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
dm: use bio_uninit instead of bio_disassociate_blkg
scsi: dh: Add Fujitsu device to devinfo and dh lists
scsi: mpt3sas: Fix error returns in BRM_status_show
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
drivers/net/wan/lapbether: Fixed the value of hard_header_len
scsi: mpt3sas: Fix unlock imbalance
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
gpio: arizona: put pm_runtime in case of failure
gpio: arizona: handle pm_runtime_get_sync failure case
soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner
ANDROID: build: update ABI definitions
ANDROID: update the kernel release format for GKI
ANDROID: GKI: update clocksource abi due to upstream fixes needed for VDSO backport
UPSTREAM: arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040
UPSTREAM: arm64: arch_timer: Allow an workaround descriptor to disable compat vdso
UPSTREAM: arm64: Introduce a way to disable the 32bit vdso
ANDROID: staging: android: ion: Fix compilation error for ion_trace.h
ANDROID: GKI: enable CONFIG_SCSI_UFS_BSG=y
ANDROID: Incremental fs: magic number compatible 32-bit
ANDROID: kbuild: don't merge .*..compoundliteral in modules
ANDROID: KABI updates for db845c (QCOM_COMMAND_DB fixups)
ANDROID: soc: qcom: cmd-db: Allow COMMAND_DB driver to be loaded as a module
ANDROID: GKI: preserve ABI for struct sock_cgroup_data
Revert "genetlink: remove genl_bind"
Revert "arm64/alternatives: use subsections for replacement sequences"
ANDROID: KABI updates for db845c (USB_EHCI_HCD, USB_EHCI_HCD_PLATFORM and DWC3 fixups)
ANDROID: db845c_gki.fragment: Remove DWC3 modules built into GKI
ANDROID: db845c_gki.fragment: Remove modules built into GKI
ANDROID: power: wakeup_reason: refine wakeup logs
ANDROID: power: wakeup_reason: export log_threaded_irq_wakeup_reason
Linux 5.4.53
gpio: pca953x: disable regmap locking for automatic address incrementing
drm/i915/gvt: Fix two CFL MMIO handling caused by regression.
iommu/vt-d: Make Intel SVM code 64-bit only
ionic: export features for vlans to use
spi: sprd: switch the sequence of setting WDG_LOAD_LOW and _HIGH
rxrpc: Fix trace string
libceph: don't omit recovery_deletes in target_copy()
block: fix get_max_segment_size() overflow on 32bit arch
block: fix splitting segments on boundary masks
drm/i915/gt: Ignore irq enabling on the virtual engines
drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr()
genirq/affinity: Handle affinity setting on inactive interrupts correctly
sched/fair: handle case of task_h_load() returning 0
sched: Fix unreliable rseq cpu_id for new tasks
arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return
arm64: ptrace: Consistently use pseudo-singlestep exceptions
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
thermal: int3403_thermal: Downgrade error message
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma-common: correct DSIZE_32BYTE
dmaengine: mcf-edma: Fix NULL pointer exception in mcf_edma_tx_handler
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
intel_th: Fix a NULL dereference when hub driver is not loaded
intel_th: pci: Add Emmitsburg PCH support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Jasper Lake CPU support
powerpc/pseries/svm: Fix incorrect check for shared_lppaca_size
powerpc/book3s64/pkeys: Fix pkey_access_permitted() for execute disable pkey
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
riscv: use 16KB kernel stack on 64-bit
timer: Fix wheel index calculation on last level
timer: Prevent base->clk from moving backward
scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro
uio_pdrv_genirq: fix use without device tree and no interrupt
uio_pdrv_genirq: Remove warning when irq is not specified
Input: elan_i2c - add more hardware ID for Lenovo laptops
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
fuse: use ->reconfigure() instead of ->remount_fs()
fuse: ignore 'data' argument of mount(..., MS_REMOUNT)
ovl: fix unneeded call to ovl_change_flags()
ovl: relax WARN_ON() when decoding lower directory file handle
ovl: inode reference leak in ovl_is_inuse true case.
ovl: fix regression with re-formatted lower squashfs
serial: mxs-auart: add missed iounmap() in probe failure and remove
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
Revert "tty: xilinx_uartps: Fix missing id assignment to the console"
virt: vbox: Fix guest capabilities mask check
virt: vbox: Fix VBGL_IOCTL_VMMDEV_REQUEST_BIG and _LOG req numbers to match upstream
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
ALSA: hda/realtek - Enable Speaker for ASUS UX563
ALSA: hda/realtek - Enable Speaker for ASUS UX533 and UX534
ALSA: hda/realtek: Enable headset mic of Acer TravelMate B311R-31 with ALC256
ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G14(G401) series with ALC289
ALSA: hda/realtek - change to suitable link model for ASUS platform
ALSA: usb-audio: Fix race against the error recovery URB submission
ALSA: line6: Sync the pending work cancel at disconnection
ALSA: line6: Perform sanity check for each URB creation
HID: quirks: Ignore Simply Automated UPB PIM
HID: quirks: Always poll Obins Anne Pro 2 keyboard
HID: magicmouse: do not set up autorepeat
HID: logitech-hidpp: avoid repeated "multiplier = " log messages
slimbus: core: Fix mismatch in of_node_get/put
clk: qcom: gcc: Add missing UFS clocks for SM8150
clk: qcom: gcc: Add GPU and NPU clocks for SM8150
mtd: rawnand: oxnas: Release all devices in the _remove() path
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: brcmnand: fix CS0 layout
mtd: rawnand: brcmnand: correctly verify erased pages
mtd: rawnand: timings: Fix default tR_max and tCCS_min timings
mtd: rawnand: marvell: Fix probe error path
mtd: rawnand: marvell: Use nand_cleanup() when the device is not yet registered
mtd: rawnand: marvell: Fix the condition on a return code
RDMA/mlx5: Verify that QP is created with RQ or SQ
soc: qcom: rpmh-rsc: Allow using free WAKE TCS for active request
soc: qcom: rpmh-rsc: Clear active mode configuration for wake TCS
soc: qcom: rpmh: Invalidate SLEEP and WAKE TCSes before flushing new data
soc: qcom: rpmh: Update dirty flag only when data changes
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
PCI/PM: Call .bridge_d3() hook only if non-NULL
habanalabs: Align protection bits configuration of all TPCs
apparmor: ensure that dfa state tables have entries
soc: qcom: socinfo: add missing soc_id sysfs entry
arm: dts: mt7623: add phy-mode property for gmac2
copy_xstate_to_kernel: Fix typo which caused GDB regression
regmap: debugfs: Don't sleep while atomic for fast_io regmaps
keys: asymmetric: fix error return code in software_key_query()
arm64: dts: spcfpga: Align GIC, NAND and UART nodenames with dtschema
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
xprtrdma: fix incorrect header size calculations
Revert "thermal: mediatek: fix register index error"
ARM: dts: Fix dcan driver probe failed on am437x platform
fuse: don't ignore errors from fuse_writepages_fill()
NFS: Fix interrupted slots by sending a solo SEQUENCE operation
clk: AST2600: Add mux for EMMC clock
clk: mvebu: ARMADA_AP_CPU_CLK needs to select ARMADA_AP_CP_HELPER
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
dmaengine: dmatest: stop completed threads when running without set channel
dmaengine: dw: Initialize channel before each transfer
iio: adc: ad7780: Fix a resource handling path in 'ad7780_probe()'
bus: ti-sysc: Do not disable on suspend for no-idle
bus: ti-sysc: Fix sleeping function called from invalid context for RTC quirk
bus: ti-sysc: Fix wakeirq sleeping function called from invalid context
arm64: dts: meson-gxl-s805x: reduce initial Mali450 core frequency
arm64: dts: meson: add missing gxl rng clock
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
dmaengine: sh: usb-dmac: set tx_result parameters
soundwire: intel: fix memory leak with devm_kasprintf
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S
bus: ti-sysc: Use optional clocks on for enable and wait for softreset bit
ACPI: video: Use native backlight on Acer TravelMate 5735Z
Input: mms114 - add extra compatible for mms345l
ALSA: usb-audio: Add quirk for Focusrite Scarlett 2i2
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
ACPI: video: Use native backlight on Acer Aspire 5783z
ALSA: usb-audio: Rewrite registration quirk handling
mmc: sdhci: do not enable card detect interrupt for gpio cd type
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp (0951:16d8)
Input: goodix - fix touch coordinates on Cube I15-TC
ALSA: usb-audio: Add support for MOTU MicroBook IIc
bus: ti-sysc: Detect EDMA and set quirk flags for tptc
arm64: dts: g12-common: add parkmode_disable_ss_quirk on DWC3 controller
bus: ti-sysc: Detect display subsystem related devices
bus: ti-sysc: Handle module unlock quirk needed for some RTC
bus: ti-sysc: Consider non-existing registers too when matching quirks
bus: ti-sysc: Rename clk related quirks to pre_reset and post_reset quirks
scsi: sr: remove references to BLK_DEV_SR_VENDOR, leave it enabled
drm/sun4i: tcon: Separate quirks for tcon0 and tcon1 on A20
ARM: at91: pm: add quirk for sam9x60's ulp1
HID: quirks: Remove ITE 8595 entry from hid_have_special_driver
mmc: mmci: Support any block sizes for ux500v2 and qcom variant
ARM: OMAP2+: use separate IOMMU pdata to fix DRA7 IPU1 boot
ARM: OMAP2+: Add workaround for DRA7 DSP MStandby errata i879
ARM: OMAP4+: remove pdata quirks for omap4+ iommus
net: sfp: add some quirks for GPON modules
net: sfp: add support for module quirks
Revert "usb/xhci-plat: Set PM runtime as active on resume"
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/ohci-platform: Fix a warning when hibernating"
net: ethernet: mvneta: Add back interface mode validation
net: ethernet: mvneta: Do not error out in non serdes modes
net: macb: call pm_runtime_put_sync on failure path
of: of_mdio: Correct loop scanning logic
net: dsa: bcm_sf2: Fix node reference count
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio:humidity:hts221 Fix alignment and data leak issues
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: core: add missing IIO_MOD_H2/ETHANOL string identifiers
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:humidity:hdc100x Fix alignment and data leak issues
iio:magnetometer:ak8974: Fix alignment and data leak issues
arm64/alternatives: don't patch up internal branches
i2c: eg20t: Load module automatically if ID matches
gfs2: read-only mounts should grab the sd_freeze_gl glock
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
arm64/alternatives: use subsections for replacement sequences
cifs: prevent truncation from long to int in wait_for_free_credits
dt-bindings: mailbox: zynqmp_ipi: fix unit address
m68k: mm: fix node memblock init
m68k: nommu: register start of the memory with memblock
blk-mq-debugfs: update blk_queue_flag_name[] accordingly for new flags
thermal/drivers: imx: Fix missing of_node_put() at probe time
x86/fpu: Reset MXCSR to default in kernel_fpu_begin()
drm/exynos: fix ref count leak in mic_pre_enable
drm/exynos: Properly propagate return value in drm_iommu_attach_device()
drm/msm/dpu: allow initialization of encoder locks during encoder init
drm/msm: fix potential memleak in error branch
arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040
arm64: arch_timer: Allow an workaround descriptor to disable compat vdso
arm64: Introduce a way to disable the 32bit vdso
ip: Fix SO_MARK in RST, ACK and ICMP packets
cgroup: Fix sock_cgroup_data on big-endian.
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
tcp: md5: allow changing MD5 keys in all socket states
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
vlan: consolidate VLAN parsing code and limit max parsing depth
tcp: md5: do not send silly options in SYNCOOKIES
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
tcp: make sure listeners don't initialize congestion-control state
tcp: fix SO_RCVLOWAT possible hangs under high mem pressure
sched: consistently handle layer3 header accesses in the presence of VLANs
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
net_sched: fix a memory leak in atm_tc_init()
net: dsa: microchip: set the correct number of ports
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
llc: make sure applications use ARPHRD_ETHER
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
ipv6: Fix use of anycast address with loopback
ipv6: fib6_select_path can not use out path for nexthop objects
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
genetlink: remove genl_bind
bridge: mcast: Fix MLD2 Report IPv6 payload length check
net: rmnet: fix lower interface leak
net: atlantic: fix ip dst and ipv6 address filters
crypto: atmel - Fix build error of CRYPTO_AUTHENC
crypto: atmel - Fix selection of CRYPTO_AUTHENC
ANDROID: GKI: update abi symbol lists now that CONFIG_DWC3 is enabled.
ANDROID: GKI: Enable CONFIG_USB_DWC3
ANDROID: ABI: add the symbols of dwc3.ko and sprd-dma.ko to unisoc
ANDROID: ABI: Update the ABI whitelist for QCOM
ANDROID: GKI: Update CF abi list for virtio-console
UPSTREAM: lkdtm/heap: Avoid edge and middle of slabs
UPSTREAM: lkdtm: Avoid more compiler optimizations for bad writes
ANDROID: GKI: Update ABI after RPMH config change
ANDROID: GKI: Adjust symbol lists after RPMH removed from gki_defconfig
ANDROID: db845c_gki.fragment: Add QCOM_RPMH and QCOM_RPMHPD as modules
ANDROID: gki_defconfig: Remove QCOM_RPMH from the gki_defconfig
ANDROID: Kconfig.gki: Remove GKI_QCOM_CLKS_CONFIGS and QCOM_RPMHPD from GKI_HACKS config option
FROMLIST: soc: qcom: rpmh: Allow RPMH driver to be loaded as a module
UPSTREAM: soc: qcom: rpmhpd: Allow RPMHPD driver to be loaded as a module
ANDROID: GKI: Export memblock_free to drivers
ANDROID: GKI: do not export symbol_get/put()
ANDROID: add xfs back to allmodconfig build tests
FROMLIST: rpmsg: core: Add signal API support
ANDROID: GKI: Fix x86 warning on DMA_VIRTUAL_CHANNELS
ANDROID: GKI: Update ABI and export list for qcom
Revert "ANDROID: net: enable wireless core features with GKI_LEGACY_WEXT_ALLCONFIG"
Revert "ALSA: compress: fix partial_drain completion state"
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/mailbox/xlnx,zynqmp-ipi-mailbox.txt
Documentation/devicetree/bindings/usb/dwc3.txt
android/abi_gki_aarch64_qcom
drivers/soc/qcom/Kconfig
drivers/soc/qcom/socinfo.c
drivers/usb/host/xhci-plat.c
kernel/sched/core.c
Change-Id: If4d45d5447eb2b1b86326bae8c3844fe565a0b42
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
261a54f37d |
This is the 5.4.54 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8hMPEACgkQONu9yGCS
aT4XTw/+KgIRJRuJb3FKXbV/ranj4gSLiOoDq86W7L6SNYqDoz/sqMmGhe0ttiu8
38xCl6YrPQQqA91w9fiy6Y6DcY15XRtUTWIbLtVO5GPwTNiZHskfWZ+KwjNcM1B9
q/fSR/791nJ1lpNo6XjPws7sbVUNdX0UbTIlLCEZayoxvHdar6u/XmNNUTPwbY01
kD5EmVVv3tbrkhiDQ+MXqEfsF7cae85SbkUVGRrGm7uL/s6PB2NwRGEn1XbN/ZKJ
jmuRc0T5nwbB9rh2TV8P1c8PP3iPrpRdWFbaTGhcxCkJh2gzwqVnRBIfpWNQo2Fz
LuLj5g3BfzSx5xQcWkjZrcn72zobZLF9Bvx6NIaYm1Ly3vtR9mjYmqOcRtv3T0sJ
xi+ObxI73dZhvv0yeJTFbAquQ3Js+ohzNpSr8zJcJp4WX7XDTd/dE+u3uOmSBMoE
UlD2cWf/HIaYZcLLIOqSIM0uHmfTTc4KTgR2bMXzwEMhtResJpUG1BDa8/MOCDxX
7UhgRmrZ99faOjNy5jrdI4x5MwTMQs/znMtZ8Y6OlE9RZIogHON8/mTRGqLV0cRF
Drw6XTfS6QOu55vvddqjmie4J8/aFvhWVw4A90n0DmXH8fY+XqFI8mCguBQw/mW3
xm4lSSCgRFuQ2YFctXjgwD5MBaCDKAW2rp6iwZmC8sONYeoVCfM=
=IZ2W
-----END PGP SIGNATURE-----
Merge 5.4.54 into android11-5.4
Changes in 5.4.54
soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner
gpio: arizona: handle pm_runtime_get_sync failure case
gpio: arizona: put pm_runtime in case of failure
pinctrl: amd: fix npins for uart0 in kerncz_groups
mac80211: allow rx of mesh eapol frames with default rx key
scsi: scsi_transport_spi: Fix function pointer check
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
xtensa: update *pos in cpuinfo_op.next
scsi: mpt3sas: Fix unlock imbalance
drivers/net/wan/lapbether: Fixed the value of hard_header_len
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
net: sky2: initialize return of gm_phy_read
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
scsi: mpt3sas: Fix error returns in BRM_status_show
scsi: dh: Add Fujitsu device to devinfo and dh lists
dm: use bio_uninit instead of bio_disassociate_blkg
drivers/firmware/psci: Fix memory leakage in alloc_init_cpu_groups()
fuse: fix weird page warning
irqdomain/treewide: Keep firmware node unconditionally allocated
ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link'
ARM: dts: imx6qdl-gw551x: fix audio SSI
dmabuf: use spinlock to access dmabuf->name
drm/amd/display: Check DMCU Exists Before Loading
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
btrfs: reloc: fix reloc root leak and NULL pointer dereference
btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
btrfs: fix double free on ulist after backref resolution failure
btrfs: fix mount failure caused by race with umount
btrfs: fix page leaks after failure to lock page for delalloc
bnxt_en: Fix race when modifying pause settings.
bnxt_en: Fix completion ring sizing with TPA enabled.
fpga: dfl: pci: reduce the scope of variable 'ret'
fpga: dfl: fix bug in port reset handshake
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
vsock/virtio: annotate 'the_virtio_vsock' RCU pointer
ax88172a: fix ax88172a_unbind() failures
RDMA/mlx5: Use xa_lock_irq when access to SRQ table
ASoC: Intel: bytcht_es8316: Add missed put_device()
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ieee802154: fix one possible memleak in adf7242_probe
drm: sun4i: hdmi: Fix inverted HPD result
net: smc91x: Fix possible memory leak in smc_drv_probe()
bonding: check error value of register_netdevice() immediately
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
ionic: use offset for ethtool regs data
ionic: fix up filter locks and debug msgs
net: ag71xx: add missed clk_disable_unprepare in error path of probe
net: hns3: fix error handling for desc filling
net: dsa: microchip: call phy_remove_link_mode during probe
netdevsim: fix unbalaced locking in nsim_create()
qed: suppress "don't support RoCE & iWARP" flooding on HW init
qed: suppress false-positives interrupt error messages on HW init
ipvs: fix the connection sync failed in some cases
net: ethernet: ave: Fix error returns in ave_init
Revert "PCI/PM: Assume ports without DLL Link Active train links in 100 ms"
nfsd4: fix NULL dereference in nfsd/clients display code
enetc: Remove the mdio bus on PF probe bailout
i2c: rcar: always clear ICSAR to avoid side effects
i2c: i2c-qcom-geni: Fix DMA transfer race
bonding: check return value of register_netdevice() in bond_newlink()
geneve: fix an uninitialized value in geneve_changelink()
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
scripts/decode_stacktrace: strip basepath from all paths
scripts/gdb: fix lx-symbols 'gdb.error' while loading modules
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
HID: alps: support devices with report id 2
HID: steam: fixes race in handling device list.
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
Input: add `SW_MACHINE_COVER`
ARM: dts: n900: remove mmc1 card detect gpio
spi: mediatek: use correct SPI_CFG2_REG MACRO
regmap: dev_get_regmap_match(): fix string comparison
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
dmaengine: fsl-edma: fix wrong tcd endianness for big-endian cpu
dmaengine: ioat setting ioat timeout as module parameter
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
Input: elan_i2c - only increment wakeup count on touch
usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant
usb: dwc3: pci: add support for the Intel Jasper Lake
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
usb: cdns3: ep0: fix some endian issues
usb: cdns3: trace: fix some endian issues
hwmon: (adm1275) Make sure we are reading enough data for different chips
drm/amdgpu/gfx10: fix race condition for kiq
drm/amdgpu: fix preemption unit test
hwmon: (nct6775) Accept PECI Calibration as temperature source for NCT6798D
platform/x86: ISST: Add new PCI device ids
platform/x86: asus-wmi: allow BAT1 battery name
hwmon: (scmi) Fix potential buffer overflow in scmi_hwmon_probe()
ALSA: hda/realtek - fixup for yet another Intel reference board
drivers/perf: Fix kernel panic when rmmod PMU modules during perf sampling
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
x86: math-emu: Fix up 'cmp' insn for clang ias
asm-generic/mmiowb: Allow mmiowb_set_pending() when preemptible()
drivers/perf: Prevent forced unbinding of PMU drivers
RISC-V: Upgrade smp_mb__after_spinlock() to iorw,iorw
binder: Don't use mmput() from shrinker function.
usb: xhci-mtk: fix the failure of bandwidth allocation
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
Revert "cifs: Fix the target file was deleted when rename failed."
iwlwifi: mvm: don't call iwl_mvm_free_inactive_queue() under RCU
tty: xilinx_uartps: Really fix id assignment
staging: wlan-ng: properly check endpoint types
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
serial: tegra: fix CREAD handling for PIO
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
serial: 8250_mtk: Fix high-speed baud rates clamping
/dev/mem: Add missing memory barriers for devmem_inode
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
vt: Reject zero-sized screen buffer size.
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
mm/memcg: fix refcount error while moving and swapping
mm: memcg/slab: fix memory leak at non-root kmem_cache destroy
khugepaged: fix null-pointer dereference due to race
io-mapping: indicate mapping failure
mmc: sdhci-of-aspeed: Fix clock divider calculation
drm/amdgpu: Fix NULL dereference in dpm sysfs handlers
drm/amd/powerplay: fix a crash when overclocking Vega M
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
x86, vmlinux.lds: Page-align end of ..page_aligned sections
ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10
ASoC: qcom: Drop HAS_DMA dependency to fix link failure
ASoC: topology: fix kernel oops on route addition error
ASoC: topology: fix tlvs in error handling for widget_dmixer
dm integrity: fix integrity recalculation that is improperly skipped
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9k: Fix regression with Atheros 9271
Linux 5.4.54
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic2a25ecd02cfc4a44ec53c73e200b72cd7d930ba
|
||
Kirill A. Shutemov
|
549bfc1427 |
mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
commit 246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c upstream.
VMA with VM_GROWSDOWN or VM_GROWSUP flag set can change their size under
mmap_read_lock(). It can lead to race with __do_munmap():
Thread A Thread B
__do_munmap()
detach_vmas_to_be_unmapped()
mmap_write_downgrade()
expand_downwards()
vma->vm_start = address;
// The VMA now overlaps with
// VMAs detached by the Thread A
// page fault populates expanded part
// of the VMA
unmap_region()
// Zaps pagetables partly
// populated by Thread B
Similar race exists for expand_upwards().
The fix is to avoid downgrading mmap_lock in __do_munmap() if detached
VMAs are next to VM_GROWSDOWN or VM_GROWSUP VMA.
[akpm@linux-foundation.org: s/mmap_sem/mmap_lock/ in comment]
Fixes:
|
||
Laurent Dufour
|
9db216b5c9 |
mm: protect mm_rb tree with a rwlock
This change is inspired by the Peter's proposal patch [1] which was protecting the VMA using SRCU. Unfortunately, SRCU is not scaling well in that particular case, and it is introducing major performance degradation due to excessive scheduling operations. To allow access to the mm_rb tree without grabbing the mmap_sem, this patch is protecting it access using a rwlock. As the mm_rb tree is a O(log n) search it is safe to protect it using such a lock. The VMA cache is not protected by the new rwlock and it should not be used without holding the mmap_sem. To allow the picked VMA structure to be used once the rwlock is released, a use count is added to the VMA structure. When the VMA is allocated it is set to 1. Each time the VMA is picked with the rwlock held its use count is incremented. Each time the VMA is released it is decremented. When the use count hits zero, this means that the VMA is no more used and should be freed. This patch is preparing for 2 kind of VMA access : - as usual, under the control of the mmap_sem, - without holding the mmap_sem for the speculative page fault handler. Access done under the control the mmap_sem doesn't require to grab the rwlock to protect read access to the mm_rb tree, but access in write must be done under the protection of the rwlock too. This affects inserting and removing of elements in the RB tree. The patch is introducing 2 new functions: - vma_get() to find a VMA based on an address by holding the new rwlock. - vma_put() to release the VMA when its no more used. These services are designed to be used when access are made to the RB tree without holding the mmap_sem. When a VMA is removed from the RB tree, its vma->vm_rb field is cleared and we rely on the WMB done when releasing the rwlock to serialize the write with the RMB done in a later patch to check for the VMA's validity. When free_vma is called, the file associated with the VMA is closed immediately, but the policy and the file structure remained in used until the VMA's use count reach 0, which may happens later when exiting an in progress speculative page fault. [1] https://patchwork.kernel.org/patch/5108281/ Change-Id: I9ecc922b8efa4b28975cc6a8e9531284c24ac14e Cc: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Matthew Wilcox <willy@infradead.org> Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Patch-mainline: linux-mm @ Tue, 17 Apr 2018 16:33:23 [vinmenon@codeaurora.org: fix the return of put_vma] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> Signed-off-by: Charan Teja Reddy <charante@codeaurora.org> |
||
|
Laurent Dufour
|
728a43dfff |
mm: protect mremap() against SPF hanlder
If a thread is remapping an area while another one is faulting on the destination area, the SPF handler may fetch the vma from the RB tree before the pte has been moved by the other thread. This means that the moved ptes will overwrite those create by the page fault handler leading to page leaked. CPU 1 CPU2 enter mremap() unmap the dest area copy_vma() Enter speculative page fault handler >> at this time the dest area is present in the RB tree fetch the vma matching dest area create a pte as the VMA matched Exit the SPF handler <data written in the new page> move_ptes() > it is assumed that the dest area is empty, > the move ptes overwrite the page mapped by the CPU2. To prevent that, when the VMA matching the dest area is extended or created by copy_vma(), it should be marked as non available to the SPF handler. The usual way to so is to rely on vm_write_begin()/end(). This is already in __vma_adjust() called by copy_vma() (through vma_merge()). But __vma_adjust() is calling vm_write_end() before returning which create a window for another thread. This patch adds a new parameter to vma_merge() which is passed down to vma_adjust(). The assumption is that copy_vma() is returning a vma which should be released by calling vm_raw_write_end() by the callee once the ptes have been moved. Change-Id: Icd338ad6e9b3c97b7334d3b8d30a8badfa2a4efa Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Patch-mainline: linux-mm @ Tue, 17 Apr 2018 16:33:16 [vinmenon@codeaurora.org: changes in vma_merge arguments related to the anon vma user name which is not suppported upstream.] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Laurent Dufour
|
06219e6c87 |
mm: protect VMA modifications using VMA sequence count
The VMA sequence count has been introduced to allow fast detection of VMA modification when running a page fault handler without holding the mmap_sem. This patch provides protection against the VMA modification done in : - madvise() - mpol_rebind_policy() - vma_replace_policy() - change_prot_numa() - mlock(), munlock() - mprotect() - mmap_region() - collapse_huge_page() - userfaultd registering services In addition, VMA fields which will be read during the speculative fault path needs to be written using WRITE_ONCE to prevent write to be split and intermediate values to be pushed to other CPUs. Change-Id: Ic36046b7254e538b6baf7144c50ae577ee7f2074 Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Patch-mainline: linux-mm @ Tue, 17 Apr 2018 16:33:15 [vinmenon@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> [charante@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Charan Teja Reddy <charante@codeaurora.org> |
||
Peter Zijlstra
|
662540931e |
mm: VMA sequence count
Wrap the VMA modifications (vma_adjust/unmap_page_range) with sequence counts such that we can easily test if a VMA is changed. The unmap_page_range() one allows us to make assumptions about page-tables; when we find the seqcount hasn't changed we can assume page-tables are still valid. The flip side is that we cannot distinguish between a vma_adjust() and the unmap_page_range() -- where with the former we could have re-checked the vma bounds against the address. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> [Port to 4.12 kernel] [Build depends on CONFIG_SPECULATIVE_PAGE_FAULT] [Introduce vm_write_* inline function depending on CONFIG_SPECULATIVE_PAGE_FAULT] [Fix lock dependency between mapping->i_mmap_rwsem and vma->vm_sequence by using vm_raw_write* functions] [Fix a lock dependency warning in mmap_region() when entering the error path] [move sequence initialisation INIT_VMA()] Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Change-Id: Ibc23ef3b9dbb80323c0f24cb06da34b4c3a8fa71 Patch-mainline: linux-mm @ 17 Apr 2018 16:33:14 [vinmenon@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> [charante@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Charan Teja Reddy <charante@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
2c2101d181 |
This is the 5.4.23 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5ZPksACgkQONu9yGCS aT4X0A//YvcKCCLgtWdQsWVJ0PEf5YE2KQI4rvbbD7wKkE5S6AWMhL3D+t46cWVe EgBtZLJYFkfqhdfF4JqjPsof/3CYS4o/LnAqzo0BgnnFccLV25SsGqDMn1b5Z6K2 2vUs3gRydFk8iAWFs6XxrxScUbYrqr+6rQcLvgWHuMXjOInYPBUdc6b+vYMRsY79 Eil6ROUy0daQPDJzfFrODW+OiUQ8uUx0F9Mq3fhuzNwx8E1QBv0qoH6fFkCYOzNa rmyjETil09hjLFMVThGjJoUPEzog6135T/s+eRo7vR13XdHPLo8lvrRJNGnuFBct CPVEZBNDVE20TRXGCaKDM/T8BMgqZ3V4Kx9BFwCyP34LdGebKvOsNvoNX7AxlyvQ lfOEpJU3rBuEUaM32J842NoMaSbIrOYBwtrA/0XEMQhIyA26FjJsE9foJFog68gQ 2fekQSKpzWHcw1k3kUPH5iYHjD4oEz3mVM+C12klszMeoGYmnkGpmW0GzhtDJZiL 94LxhUo3vNzBN5ut1am5FrYMaw5YF0Ptnk6n4CWvU9NnvHesFNE/BFzok7yv03M+ Mm0XDyGKO4xWnCIbj2nTfbKDoY3FL7nJJ1GhwmHb36V2ZURIkkSob4In2/JM18Gw ltYJTEPsK3SeomLQDNCpoSdRcp3G615b7k8H9agz14Loh4Tydh0= =ScbK -----END PGP SIGNATURE----- Merge 5.4.23 into android-5.4 Changes in 5.4.23 iommu/qcom: Fix bogus detach logic ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs ALSA: hda/realtek - Apply quirk for MSI GP63, too ALSA: hda/realtek - Apply quirk for yet another MSI laptop ASoC: codec2codec: avoid invalid/double-free of pcm runtime ASoC: sun8i-codec: Fix setting DAI data format tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST ecryptfs: fix a memory leak bug in parse_tag_1_packet() ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() btrfs: handle logged extent failure properly thunderbolt: Prevent crash if non-active NVMem file is read USB: misc: iowarrior: add support for 2 OEMed devices USB: misc: iowarrior: add support for the 28 and 28L devices USB: misc: iowarrior: add support for the 100 device e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm floppy: check FDC index for errors before assigning it vt: fix scrollback flushing on background consoles vt: selection, handle pending signals in paste_selection vt: vt_ioctl: fix race in VT_RESIZEX staging: android: ashmem: Disallow ashmem memory from being remapped staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi. xhci: Force Maximum Packet size for Full-speed bulk devices to valid range. xhci: fix runtime pm enabling for quirky Intel hosts xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms xhci: Fix memory leak when caching protocol extended capability PSI tables - take 2 usb: host: xhci: update event ring dequeue pointer on purpose USB: core: add endpoint-blacklist quirk USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 usb: uas: fix a plug & unplug racing USB: Fix novation SourceControl XL after suspend USB: hub: Don't record a connect-change event during reset-resume USB: hub: Fix the broken detection of USB3 device in SMSC hub usb: dwc2: Fix SET/CLEAR_FEATURE and GET_STATUS flows usb: dwc3: gadget: Check for IOC/LST bit in TRB->ctrl fields usb: dwc3: debug: fix string position formatting mixup with ret and len scsi: Revert "target/core: Inline transport_lun_remove_cmd()" staging: rtl8188eu: Fix potential security hole staging: rtl8188eu: Fix potential overuse of kernel memory staging: rtl8723bs: Fix potential security hole staging: rtl8723bs: Fix potential overuse of kernel memory drm/panfrost: perfcnt: Reserve/use the AS attached to the perfcnt MMU context powerpc/8xx: Fix clearing of bits 20-23 in ITLB miss powerpc/eeh: Fix deadlock handling dead PHB powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery powerpc/entry: Fix an #if which should be an #ifdef in entry_32.S powerpc/hugetlb: Fix 512k hugepages on 8xx with 16k page size powerpc/hugetlb: Fix 8M hugepages on 8xx arm64: memory: Add missing brackets to untagged_addr() macro jbd2: fix ocfs2 corrupt when clearing block group bits x86/ima: use correct identifier for SetupMode variable x86/mce/amd: Publish the bank pointer only after setup has succeeded x86/mce/amd: Fix kobject lifetime x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF serial: 8250: Check UPF_IRQ_SHARED in advance tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode tty: serial: imx: setup the correct sg entry for tx dma tty: serial: qcom_geni_serial: Fix RX cancel command failure serdev: ttyport: restore client ops on deregistration MAINTAINERS: Update drm/i915 bug filing URL ACPI: PM: s2idle: Check fixed wakeup events in acpi_s2idle_wake() Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() nvme-multipath: Fix memory leak with ana_log_buf genirq/irqdomain: Make sure all irq domain flags are distinct mm/vmscan.c: don't round up scan size for online memory cgroup mm/sparsemem: pfn_to_page is not valid yet on SPARSEMEM lib/stackdepot.c: fix global out-of-bounds in stack_slabs mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() drm/amdgpu/soc15: fix xclk for raven drm/amdgpu/gfx9: disable gfxoff when reading rlc clock drm/amdgpu/gfx10: disable gfxoff when reading rlc clock drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets drm/i915: Wean off drm_pci_alloc/drm_pci_free drm/i915: Update drm/i915 bug filing URL sched/psi: Fix OOB write when writing 0 bytes to PSI files KVM: nVMX: Don't emulate instructions in guest mode KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI ext4: fix a data race in EXT4_I(inode)->i_disksize ext4: add cond_resched() to __ext4_find_entry() ext4: fix potential race between online resizing and write operations ext4: fix potential race between s_group_info online resizing and access ext4: fix potential race between s_flex_groups online resizing and access ext4: fix mount failure with quota configured as module ext4: rename s_journal_flag_rwsem to s_writepages_rwsem ext4: fix race between writepages and enabling EXT4_EXTENTS_FL KVM: nVMX: Refactor IO bitmap checks into helper function KVM: nVMX: Check IO instruction VM-exit conditions KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 KVM: apic: avoid calculating pending eoi from an uninitialized val btrfs: destroy qgroup extent records on transaction abort btrfs: fix bytes_may_use underflow in prealloc error condtition btrfs: reset fs_root to NULL on error in open_ctree btrfs: do not check delayed items are empty for single transaction cleanup Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents Btrfs: fix race between shrinking truncate and fiemap btrfs: don't set path->leave_spinning for truncate Btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof Revert "dmaengine: imx-sdma: Fix memory leak" drm/i915/gt: Detect if we miss WaIdleLiteRestore drm/i915/execlists: Always force a context reload when rewinding RING_TAIL drm/i915/gvt: more locking for ppgtt mm LRU list drm/bridge: tc358767: fix poll timeouts drm/i915/gt: Protect defer_request() from new waiters drm/msm/dpu: fix BGR565 vs RGB565 confusion scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout" scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus usb: dwc2: Fix in ISOC request length checking staging: rtl8723bs: fix copy of overlapping memory staging: greybus: use after free in gb_audio_manager_remove_all() ASoC: atmel: fix atmel_ssc_set_audio link failure ASoC: fsl_sai: Fix exiting path on probing failure ecryptfs: replace BUG_ON with error handling code iommu/vt-d: Fix compile warning from intel-svm.h crypto: rename sm3-256 to sm3 in hash_algo_name genirq/proc: Reject invalid affinity masks (again) bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill arm64: lse: Fix LSE atomics with LLVM io_uring: fix __io_iopoll_check deadlock in io_sq_thread ALSA: rawmidi: Avoid bit fields for state flags ALSA: seq: Avoid concurrent access to queue flags ALSA: seq: Fix concurrent access to queue current tick/time netfilter: xt_hashlimit: limit the max size of hashtable rxrpc: Fix call RCU cleanup using non-bh-safe locks io_uring: prevent sq_thread from spinning when it should stop ata: ahci: Add shutdown to freeze hardware resources of ahci xen: Enable interrupts when calling _cond_resched() net/mlx5e: Reset RQ doorbell counter before moving RQ state from RST to RDY net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa net/mlx5e: Fix crash in recovery flow without devlink reporter s390/kaslr: Fix casts in get_random s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range bpf: Selftests build error in sockmap_basic.c ASoC: SOF: Intel: hda: Add iDisp4 DAI Linux 5.4.23 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1d60f06bcb6ee74e5601976c7af79153c41af11c |
||
Catalin Marinas
|
95236ae76b |
mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
commit dcde237319e626d1ec3c9d8b7613032f0fd4663a upstream. Currently the arm64 kernel ignores the top address byte passed to brk(), mmap() and mremap(). When the user is not aware of the 56-bit address limit or relies on the kernel to return an error, untagging such pointers has the potential to create address aliases in user-space. Passing a tagged address to munmap(), madvise() is permitted since the tagged pointer is expected to be inside an existing mapping. The current behaviour breaks the existing glibc malloc() implementation which relies on brk() with an address beyond 56-bit to be rejected by the kernel. Remove untagging in the above functions by partially reverting commit |
||
|
Greg Kroah-Hartman
|
813bf83282 |
This is the 5.4.9 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4W8EgACgkQONu9yGCS aT4szA//fqXI1OQ3xcCt5s9MYZYYa6IpX/VZ0H7lNC/7pkJzccKo+aSer7ppEn4o ND8sHNx/lhfZorhvLdqJK4PLThC+fXmXnLvFOzqvZeUVyesnv9zlhd/5JNu18Fvc RNjcIRIAHFwanZLAw8uft1DIZXcZ8wNkAAugn/WQV3FN/TG+FsrDzWYnmbBhRIQS XC/2jSlFpMTKoExNzEdbduG0XH5plWeE+AdY3a+DQsOBUO2XrAuk5HTEByM1jzPV W7U9vMqvw3OyrERcA0lmjs37Waw1e0qzfUaa8Bman5Uc0StOTq0UwschX21SB5yP MvbAKhqaKtSff7b4lNrDP9Kj1O/lH84WPSn/aao9D083m/ZYdkkd4AWMlS480lL5 oJ28tFbgwLayIqDbwCggHluTsNUdQSTwahVbnp4GMqxfjWrApdLPCqloSb+x9JCF 9pWJf3awI53mA864pH/uOM7pDOz5/c/oJ4QzVmOmR48dsddorY+gPcwk+YpElJcZ +xCBQDN5JkNC7lwqu2lvaoq/5cMC5lO/v6aeTfsYCRVnlNY12TY8z352zzMZfCKG GRkNvDqWZ5ZmQ+LblWRVbgdGxU42wIYXUS1jUdFd+5DRzz17+ZKUy7YbLNmZMcpY UyiM2Ij7X7HsNGrYDKFq0lZPw6k7v3FshvMwQ8C6dNk+l3o9oCA= =M+hs -----END PGP SIGNATURE----- Merge 5.4.9 into android-5.4 Changes in 5.4.9 drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found nvme_fc: add module to ops template to allow module references nvme-fc: fix double-free scenarios on hw queues drm/amdgpu: add check before enabling/disabling broadcast mode drm/amdgpu: add header line for power profile on Arcturus drm/amdgpu: add cache flush workaround to gfx8 emit_fence drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are equal drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle drm/amd/display: Change the delay time before enabling FEC drm/amd/display: Reset steer fifo before unblanking the stream drm/amd/display: update dispclk and dppclk vco frequency nvme/pci: Fix write and poll queue types nvme/pci: Fix read queue count iio: st_accel: Fix unused variable warning iio: adc: max9611: Fix too short conversion time delay PM / devfreq: Fix devfreq_notifier_call returning errno PM / devfreq: Set scaling_max_freq to max on OPP notifier error PM / devfreq: Don't fail devfreq_dev_release if not in list afs: Fix afs_find_server lookups for ipv4 peers afs: Fix SELinux setting security label on /afs RDMA/cma: add missed unregister_pernet_subsys in init failure rxe: correctly calculate iCRC for unaligned payloads scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func scsi: qla2xxx: Use explicit LOGO in target mode scsi: qla2xxx: Drop superfluous INIT_WORK of del_work scsi: qla2xxx: Don't call qlt_async_event twice scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length scsi: qla2xxx: Configure local loop for N2N target scsi: qla2xxx: Send Notify ACK after N2N PLOGI scsi: qla2xxx: Don't defer relogin unconditonally scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI scsi: iscsi: qla4xxx: fix double free in probe scsi: libsas: stop discovering if oob mode is disconnected scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func staging/wlan-ng: add CRC32 dependency in Kconfig drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware drm/nouveau/kms/nv50-: fix panel scaling usb: gadget: fix wrong endpoint desc net: make socket read/write_iter() honor IOCB_NOWAIT afs: Fix mountpoint parsing afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP raid5: need to set STRIPE_HANDLE for batch head md: raid1: check rdev before reference in raid1_sync_request func s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits s390/cpum_sf: Avoid SBD overflow condition in irq handler RDMA/counter: Prevent auto-binding a QP which are not tracked with res IB/mlx4: Follow mirror sequence of device add during device removal IB/mlx5: Fix steering rule of drop and count xen-blkback: prevent premature module unload xen/balloon: fix ballooned page accounting without hotplug enabled PM / hibernate: memory_bm_find_bit(): Tighten node optimisation ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC PCI: Add a helper to check Power Resource Requirements _PR3 existence ALSA: hda: Allow HDA to be runtime suspended when dGPU is not bound to a driver PCI: Fix missing inline for pci_pr3_present() ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen tcp: fix data-race in tcp_recvmsg() shmem: pin the file in shmem_fault() if mmap_sem is dropped taskstats: fix data-race ALSA: hda - Downgrade error message for single-cmd fallback netfilter: nft_tproxy: Fix port selector on Big Endian block: add bio_truncate to fix guard_bio_eod mm: drop mmap_sem before calling balance_dirty_pages() in write fault ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code ALSA: usb-audio: fix set_format altsetting sanity check ALSA: usb-audio: set the interface format after resume on Dell WD19 ALSA: hda - Apply sync-write workaround to old Intel platforms, too ALSA: hda/realtek - Add headset Mic no shutup for ALC283 drm/sun4i: hdmi: Remove duplicate cleanup calls drm/amdgpu/smu: add metrics table lock drm/amdgpu/smu: add metrics table lock for arcturus (v2) drm/amdgpu/smu: add metrics table lock for navi (v2) drm/amdgpu/smu: add metrics table lock for vega20 (v2) MIPS: BPF: Disable MIPS32 eBPF JIT MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig MIPS: Avoid VDSO ABI breakage due to global register variable media: pulse8-cec: fix lost cec_transmit_attempt_done() call media: cec: CEC 2.0-only bcast messages were ignored media: cec: avoid decrementing transmit_queue_sz if it is 0 media: cec: check 'transmit_in_progress', not 'transmitting' mm/memory_hotplug: shrink zones when offlining memory mm/zsmalloc.c: fix the migrated zspage statistics. memcg: account security cred as well to kmemcg mm: move_pages: return valid node id in status if the page is already on the target node mm/oom: fix pgtables units mismatch in Killed process message ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less pstore/ram: Write new dumps to start of recycled zones pstore/ram: Fix error-path memory leak in persistent_ram_new() callers gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again locks: print unsigned ino in /proc/locks selftests/seccomp: Zero out seccomp_notif seccomp: Check that seccomp_notif is zeroed out by the user samples/seccomp: Zero out members based on seccomp_notif_sizes selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV dmaengine: Fix access to uninitialized dma_slave_caps dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B Btrfs: fix infinite loop during nocow writeback due to race compat_ioctl: block: handle Persistent Reservations compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES bpf: Fix precision tracking for unbounded scalars ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys() ata: ahci_brcm: Fix AHCI resources management ata: ahci_brcm: Add missing clock management during recovery ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE libata: Fix retrieving of active qcs gpio: xtensa: fix driver build gpiolib: fix up emulated open drain outputs clocksource: riscv: add notrace to riscv_sched_clock riscv: ftrace: correct the condition logic in function graph tracer rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30 tracing: Fix lock inversion in trace_event_enable_tgid_record() tracing: Avoid memory leak in process_system_preds() tracing: Have the histogram compare functions convert to u64 first tracing: Fix endianness bug in histogram trigger samples/trace_printk: Wait for IRQ work to finish io_uring: use current task creds instead of allocating a new one mm/gup: fix memory leak in __gup_benchmark_ioctl apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock dmaengine: virt-dma: Fix access after free in vchan_complete() gen_initramfs_list.sh: fix 'bad variable name' error ALSA: cs4236: fix error return comparison of an unsigned integer ALSA: pcm: Yet another missing check of non-cached buffer type ALSA: firewire-motu: Correct a typo in the clock proc string scsi: lpfc: Fix rpi release when deleting vport exit: panic before exit_mm() on global init exit arm64: Revert support for execute-only user mappings ftrace: Avoid potential division by zero in function profiler spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode drm/msm: include linux/sched/task.h PM / devfreq: Check NULL governor in available_governors_show sunrpc: fix crash when cache_head become valid before update arm64: dts: qcom: msm8998-clamshell: Remove retention idle state nfsd4: fix up replay_matches_cache() powerpc: Chunk calls to flush_dcache_range in arch_*_memory HID: i2c-hid: Reset ALPS touchpads on resume net/sched: annotate lockless accesses to qdisc->empty kernel/module.c: wakeup processes in module_wq on module unload ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 perf callchain: Fix segfault in thread__resolve_callchain_sample() iommu/vt-d: Remove incorrect PSI capability check of: overlay: add_changeset_property() memory leak cifs: Fix potential softlockups while refreshing DFS cache firmware: arm_scmi: Avoid double free in error flow xfs: don't check for AG deadlock for realtime files in bunmapi platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table netfilter: nf_queue: enqueue skbs with NULL dst net, sysctl: Fix compiler warning when only cBPF is present watchdog: tqmx86_wdt: Fix build error regulator: axp20x: Fix axp20x_set_ramp_delay regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops spi: uniphier: Fix FIFO threshold regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace Bluetooth: btusb: fix PM leak in error case of setup Bluetooth: delete a stray unlock Bluetooth: Fix memory leak in hci_connect_le_scan arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth node arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node media: flexcop-usb: ensure -EIO is returned on error condition regulator: ab8500: Remove AB8505 USB regulator media: usb: fix memory leak in af9005_identify_state dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning phy: renesas: rcar-gen3-usb2: Use platform_get_irq_optional() for optional irq tty: serial: msm_serial: Fix lockup for sysrq and oops cifs: Fix lookup of root ses in DFS referral cache fs: cifs: Fix atime update check vs mtime fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP ath9k_htc: Modify byte order for an error message ath9k_htc: Discard undersized packets drm/i915/execlists: Fix annotation for decoupling virtual request xfs: periodically yield scrub threads to the scheduler net: add annotations on hh->hh_len lockless accesses ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps btrfs: get rid of unique workqueue helper functions Btrfs: only associate the locked page with one async_chunk struct s390/smp: fix physical to logical CPU map for SMT mm/sparse.c: mark populate_section_memmap as __meminit xen/blkback: Avoid unmapping unmapped grant pages lib/ubsan: don't serialize UBSAN report efi: Don't attempt to map RCI2 config table if it doesn't exist perf/x86/intel/bts: Fix the use of page_private() net: annotate lockless accesses to sk->sk_pacing_shift hsr: avoid debugfs warning message when module is remove hsr: fix error handling routine in hsr_dev_finalize() hsr: fix a race condition in node list insertion and deletion mm/hugetlb: defer freeing of huge pages if in non-task context Linux 5.4.9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8eebcdac421faf74f70af8e8666abfdcdc45c86b |
||
|
Catalin Marinas
|
623e5ae074 |
arm64: Revert support for execute-only user mappings
commit 24cecc37746393432d994c0dbc251fb9ac7c5d72 upstream. The ARMv8 64-bit architecture supports execute-only user permissions by clearing the PTE_USER and PTE_UXN bits, practically making it a mostly privileged mapping but from which user running at EL0 can still execute. The downside, however, is that the kernel at EL1 inadvertently reading such mapping would not trip over the PAN (privileged access never) protection. Revert the relevant bits from commit |
||
|
Greg Kroah-Hartman
|
94139142d9 |
Merge 5.4-rc1-prelrease into android-mainline
To make the 5.4-rc1 merge easier, merge at a prerelease point in time before the final release happens. Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: If613d657fd0abf9910c5bf3435a745f01b89765e |
||
|
Catalin Marinas
|
ce18d171cb |
mm: untag user pointers in mmap/munmap/mremap/brk
There isn't a good reason to differentiate between the user address space layout modification syscalls and the other memory permission/attributes ones (e.g. mprotect, madvise) w.r.t. the tagged address ABI. Untag the user addresses on entry to these functions. Link: http://lkml.kernel.org/r/20190821164730.47450-2-catalin.marinas@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Will Deacon <will@kernel.org> Acked-by: Andrey Konovalov <andreyknvl@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Szabolcs Nagy <szabolcs.nagy@arm.com> Cc: Kevin Brodsky <kevin.brodsky@arm.com> Cc: Dave P Martin <Dave.Martin@arm.com> Cc: Dave Hansen <dave.hansen@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Michel Lespinasse
|
315cc066b8 |
augmented rbtree: add new RB_DECLARE_CALLBACKS_MAX macro
Add RB_DECLARE_CALLBACKS_MAX, which generates augmented rbtree callbacks for the case where the augmented value is a scalar whose definition follows a max(f(node)) pattern. This actually covers all present uses of RB_DECLARE_CALLBACKS, and saves some (source) code duplication in the various RBCOMPUTE function definitions. [walken@google.com: fix mm/vmalloc.c] Link: http://lkml.kernel.org/r/CANN689FXgK13wDYNh1zKxdipeTuALG4eKvKpsdZqKFJ-rvtGiQ@mail.gmail.com [walken@google.com: re-add check to check_augmented()] Link: http://lkml.kernel.org/r/20190727022027.GA86863@google.com Link: http://lkml.kernel.org/r/20190703040156.56953-3-walken@google.com Signed-off-by: Michel Lespinasse <walken@google.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dbueso@suse.de> Cc: Uladzislau Rezki <urezki@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Ivan Khoronzhuk
|
76f3495077 |
mm: mmap: increase sockets maximum memory size pgoff for 32bits
The AF_XDP sockets umem mapping interface uses XDP_UMEM_PGOFF_FILL_RING and XDP_UMEM_PGOFF_COMPLETION_RING offsets. These offsets are established already and are part of the configuration interface. But for 32-bit systems, using AF_XDP socket configuration, these values are too large to pass the maximum allowed file size verification. The offsets can be tuned off, but instead of changing the existing interface, let's extend the max allowed file size for sockets. No one has been using this until this patch with 32 bits as without this fix af_xdp sockets can't be used at all, so it unblocks af_xdp socket usage for 32bit systems. All list of mmap cbs for sockets was verified for side effects and all of them contain dummy cb - sock_no_mmap() at this moment, except the following: xsk_mmap() - it's what this fix is needed for. tcp_mmap() - doesn't have obvious issues with pgoff - no any references on it. packet_mmap() - return -EINVAL if it's even set. Link: http://lkml.kernel.org/r/20190812124326.32146-1-ivan.khoronzhuk@linaro.org Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Björn Töpel <bjorn.topel@intel.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Magnus Karlsson <magnus.karlsson@intel.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: David Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Wei Yang
|
73848a9711 |
mm/mmap.c: refine find_vma_prev() with rb_last()
When addr is out of range of the whole rb_tree, pprev will point to the right-most node. rb_tree facility already provides a helper function, rb_last(), to do this task. We can leverage this instead of reimplementing it. This patch refines find_vma_prev() with rb_last() to make it a little nicer to read. [akpm@linux-foundation.org: little cleanup, per Vlastimil] Link: http://lkml.kernel.org/r/20190809001928.4950-1-richardw.yang@linux.intel.com Signed-off-by: Wei Yang <richardw.yang@linux.intel.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Greg Kroah-Hartman
|
bfa0399bc8 |
Merge Linus's 5.4-rc1-prerelease branch into android-mainline
This merges Linus's tree as of commit
|
||
Darrick J. Wong
|
dc617f29db |
vfs: don't allow writes to swap files
Don't let userspace write to an active swap file because the kernel effectively has a long term lease on the storage and things could get seriously corrupted if we let this happen. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> |
||
|
Greg Kroah-Hartman
|
b9c482880a |
Linux 5.2-rc2
-----BEGIN PGP SIGNATURE----- iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAlzrJgUeHHRvcnZhbGRz QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiG1XAIAJajJpeKc9MVQipi zWiI+WgHDg8gG/HnLKzP2Zp4MUjTCz30t0rnBbdo6AyK6LnPBL53yxg9q64XN7vI p/h2ys+/DvqhIYSPWX6C++HYQT4Cb5ghxJABEIsztd3G4nfB9L2vgq9zKSNFusTD UtfUxufciZPX515TuE4IqWMwS4Ut5daH7V3jjZunhPiayTFv64e1KbpKLLzHR0NR DfFbrPcdp7VyCT/A5AKrqfqeB6O9dm/Fe4CsdsaKuzASCXJ6GUc/A7iZDndv/KA4 f5Xh7SGlQ2TfT1ud/aMfdw3AcMjqB8zgMJenovJ7UuHDfULBWNeAmMh/cTDwY9eY Xgyvfm0= =S8p9 -----END PGP SIGNATURE----- Merge 5.2-rc2 into android-mainline Linux 5.2-rc2 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Thomas Gleixner
|
457c899653 |
treewide: Add SPDX license identifier for missed files
Add SPDX license identifiers to all files which: - Have no license information of any form - Have EXPORT_.*_SYMBOL_GPL inside which was used in the initial scan/conversion to ignore the file These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
1226c72a32 |
Linux 5.2-rc1
-----BEGIN PGP SIGNATURE----- iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAlzh3PgeHHRvcnZhbGRz QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGnhoH/jkl4X66KuOXvGXa 9pgFzyEa3Mhqs0j+AaJYmRyoRty1CbAfMLEWgr0JbZy56zm0PhtXOxcu56/tfdtw f5j8OJLDvld10imHXxUrom9zc546Ff90VTOvWmsYznszTz0rV5HLmKgVIIc7ZN8W 6hshDOy/rviUcPAVrLKdZffzgQZlASNS7To7IBE9okT4QHEtER7dgzM/Z0VAg9R1 guCPaN8tje4vq2Lv7+J5T9LOF1RObCbKXNADwXY1rMRK5ao3xS93eDnJ8Vn08utI UECIVfnYsA6pGl6v1ErCl9izx9MoTU3Crle7BRzVbrw7furvB2lJ1R4RGwqRbvcB HovhmHI= =TMir -----END PGP SIGNATURE----- Merge 5.2-rc1 into android-mainline Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Dave Hansen
|
5a28fc94c9 |
x86/mpx, mm/core: Fix recursive munmap() corruption
This is a bit of a mess, to put it mildly. But, it's a bug
that only seems to have showed up in 4.20 but wasn't noticed
until now, because nobody uses MPX.
MPX has the arch_unmap() hook inside of munmap() because MPX
uses bounds tables that protect other areas of memory. When
memory is unmapped, there is also a need to unmap the MPX
bounds tables. Barring this, unused bounds tables can eat 80%
of the address space.
But, the recursive do_munmap() that gets called vi arch_unmap()
wreaks havoc with __do_munmap()'s state. It can result in
freeing populated page tables, accessing bogus VMA state,
double-freed VMAs and more.
See the "long story" further below for the gory details.
To fix this, call arch_unmap() before __do_unmap() has a chance
to do anything meaningful. Also, remove the 'vma' argument
and force the MPX code to do its own, independent VMA lookup.
== UML / unicore32 impact ==
Remove unused 'vma' argument to arch_unmap(). No functional
change.
I compile tested this on UML but not unicore32.
== powerpc impact ==
powerpc uses arch_unmap() well to watch for munmap() on the
VDSO and zeroes out 'current->mm->context.vdso_base'. Moving
arch_unmap() makes this happen earlier in __do_munmap(). But,
'vdso_base' seems to only be used in perf and in the signal
delivery that happens near the return to userspace. I can not
find any likely impact to powerpc, other than the zeroing
happening a little earlier.
powerpc does not use the 'vma' argument and is unaffected by
its removal.
I compile-tested a 64-bit powerpc defconfig.
== x86 impact ==
For the common success case this is functionally identical to
what was there before. For the munmap() failure case, it's
possible that some MPX tables will be zapped for memory that
continues to be in use. But, this is an extraordinarily
unlikely scenario and the harm would be that MPX provides no
protection since the bounds table got reset (zeroed).
I can't imagine anyone doing this:
ptr = mmap();
// use ptr
ret = munmap(ptr);
if (ret)
// oh, there was an error, I'll
// keep using ptr.
Because if you're doing munmap(), you are *done* with the
memory. There's probably no good data in there _anyway_.
This passes the original reproducer from Richard Biener as
well as the existing mpx selftests/.
The long story:
munmap() has a couple of pieces:
1. Find the affected VMA(s)
2. Split the start/end one(s) if neceesary
3. Pull the VMAs out of the rbtree
4. Actually zap the memory via unmap_region(), including
freeing page tables (or queueing them to be freed).
5. Fix up some of the accounting (like fput()) and actually
free the VMA itself.
This specific ordering was actually introduced by:
|
||
Todd Kjos
|
0f2cb7cf80 |
Merge branch 'linux-mainline' into android-mainline-tmp
Change-Id: I4380c68c3474026a42ffa9f95c525f9a563ba7a3 |
||
Colin Cross
|
60500a4228 |
ANDROID: mm: add a field to store names for private anonymous memory
Userspace processes often have multiple allocators that each do
anonymous mmaps to get memory. When examining memory usage of
individual processes or systems as a whole, it is useful to be
able to break down the various heaps that were allocated by
each layer and examine their size, RSS, and physical memory
usage.
This patch adds a user pointer to the shared union in
vm_area_struct that points to a null terminated string inside
the user process containing a name for the vma. vmas that
point to the same address will be merged, but vmas that
point to equivalent strings at different addresses will
not be merged.
Userspace can set the name for a region of memory by calling
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
Setting the name to NULL clears it.
The names of named anonymous vmas are shown in /proc/pid/maps
as [anon:<name>] and in /proc/pid/smaps in a new "Name" field
that is only present for named vmas. If the userspace pointer
is no longer valid all or part of the name will be replaced
with "<fault>".
The idea to store a userspace pointer to reduce the complexity
within mm (at the expense of the complexity of reading
/proc/pid/mem) came from Dave Hansen. This results in no
runtime overhead in the mm subsystem other than comparing
the anon_name pointers when considering vma merging. The pointer
is stored in a union with fieds that are only used on file-backed
mappings, so it does not increase memory usage.
Includes fix from Jed Davis <jld@mozilla.com> for typo in
prctl_set_vma_anon_name, which could attempt to set the name
across two vmas at the same time due to a typo, which might
corrupt the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Bug: 120441514
Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
[AmitP: Fix get_user_pages_remote() call to align with upstream commit
|
||
Andrea Arcangeli
|
04f5866e41 |
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
The core dumping code has always run without holding the mmap_sem for
writing, despite that is the only way to ensure that the entire vma
layout will not change from under it. Only using some signal
serialization on the processes belonging to the mm is not nearly enough.
This was pointed out earlier. For example in Hugh's post from Jul 2017:
https://lkml.kernel.org/r/alpine.LSU.2.11.1707191716030.2055@eggly.anvils
"Not strictly relevant here, but a related note: I was very surprised
to discover, only quite recently, how handle_mm_fault() may be called
without down_read(mmap_sem) - when core dumping. That seems a
misguided optimization to me, which would also be nice to correct"
In particular because the growsdown and growsup can move the
vm_start/vm_end the various loops the core dump does around the vma will
not be consistent if page faults can happen concurrently.
Pretty much all users calling mmget_not_zero()/get_task_mm() and then
taking the mmap_sem had the potential to introduce unexpected side
effects in the core dumping code.
Adding mmap_sem for writing around the ->core_dump invocation is a
viable long term fix, but it requires removing all copy user and page
faults and to replace them with get_dump_page() for all binary formats
which is not suitable as a short term fix.
For the time being this solution manually covers the places that can
confuse the core dump either by altering the vma layout or the vma flags
while it runs. Once ->core_dump runs under mmap_sem for writing the
function mmget_still_valid() can be dropped.
Allowing mmap_sem protected sections to run in parallel with the
coredump provides some minor parallelism advantage to the swapoff code
(which seems to be safe enough by never mangling any vma field and can
keep doing swapins in parallel to the core dumping) and to some other
corner case.
In order to facilitate the backporting I added "Fixes: 86039bd3b4e6"
however the side effect of this same race condition in /proc/pid/mem
should be reproducible since before 2.6.12-rc2 so I couldn't add any
other "Fixes:" because there's no hash beyond the git genesis commit.
Because find_extend_vma() is the only location outside of the process
context that could modify the "mm" structures under mmap_sem for
reading, by adding the mmget_still_valid() check to it, all other cases
that take the mmap_sem for reading don't need the new check after
mmget_not_zero()/get_task_mm(). The expand_stack() in page fault
context also doesn't need the new check, because all tasks under core
dumping are frozen.
Link: http://lkml.kernel.org/r/20190325224949.11068-1-aarcange@redhat.com
Fixes:
|
||
Wei Yang
|
8bb4e7a2ee |
mm: fix some typos in mm directory
No functional change. Link: http://lkml.kernel.org/r/20190118235123.27843-1-richard.weiyang@gmail.com Signed-off-by: Wei Yang <richard.weiyang@gmail.com> Reviewed-by: Pekka Enberg <penberg@kernel.org> Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Yang Fan
|
43cca0b1c5 |
mm/mmap.c: remove some redundancy in arch_get_unmapped_area_topdown()
The variable 'addr' is redundant in arch_get_unmapped_area_topdown(), just use parameter 'addr0' directly. Then remove the const qualifier of the parameter, and change its name to 'addr'. And in according with other functions, remove the const qualifier of all other no-pointer parameters in function arch_get_unmapped_area_topdown(). Link: http://lkml.kernel.org/r/20190127041112.25599-1-nullptr.cpp@gmail.com Signed-off-by: Yang Fan <nullptr.cpp@gmail.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Cc: William Kucharski <william.kucharski@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |