android11-5.4
1971 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruno Martins
|
2f84185dd7 |
Merge branch 'android11-5.4-lts' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
* 'android11-5.4-lts' of https://android.googlesource.com/kernel/common: FROMGIT: clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Linux 5.4.268 arm64: dts: armada-3720-turris-mox: set irq type for RTC perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set i2c: s3c24xx: fix transferring more than one message in polling mode i2c: s3c24xx: fix read transfers in polling mode mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure kdb: Fix a potential buffer overflow in kdb_local() kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ ipvs: avoid stat macros calls from preemptible context netfilter: nf_tables: skip dead set elements in netlink dump net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe net: ravb: Fix dma_addr_t truncation in error case net: phy: micrel: populate .soft_reset for KSZ9131 net: qualcomm: rmnet: fix global oob in rmnet_policy s390/pci: fix max size calculation in zpci_memcpy_toio() PCI: keystone: Fix race condition when initializing PHYs nvmet-tcp: Fix the H2C expected PDU len calculation serial: imx: Correct clock error message in function probe() apparmor: avoid crash when parsed profile name is empty perf env: Avoid recursively taking env->bpf_progs.lock perf bpf: Decouple creating the evlist from adding the SB event perf top: Move sb_evlist to 'struct perf_top' perf record: Move sb_evlist to 'struct record' perf env: Add perf_env__numa_node() nvmet-tcp: fix a crash in nvmet_req_complete() nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length perf genelf: Set ELF program header addresses properly software node: Let args be NULL in software_node_get_reference_args acpi: property: Let args be NULL in __acpi_node_get_property_reference serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() mips: Fix incorrect max_low_pfn adjustment HID: wacom: Correct behavior when processing some confidence == false touches x86/kvm: Do not try to disable kvmclock if it was not enabled wifi: mwifiex: configure BSSID consistently when starting AP wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code rootfs: Fix support for rootfstype= when root= is given fbdev: flush deferred work in fb_deferred_io_fsync() ALSA: oxygen: Fix right channel of capture volume mixer usb: mon: Fix atomicity violation in mon_bin_vma_fault usb: typec: class: fix typec_altmode_put_partner to put plugs Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" usb: chipidea: wait controller resume finished for wakeup irq Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" Revert "usb: dwc3: Soft reset phy on probe for host" usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug binder: fix unused alloc->free_async_space binder: fix race between mmput() and do_exit() xen-netback: don't produce zero-size SKB frags Revert "ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek" Input: atkbd - use ab83 as id when skipping the getid command binder: fix use-after-free in shinker's callback binder: fix async space check for 0-sized buffers of: unittest: Fix of_count_phandle_with_args() expected value message of: Fix double free in of_parse_phandle_with_args_map mmc: sdhci_omap: Fix TI SoC dependencies clk: si5341: fix an error code problem in si5341_output_clk_set_rate watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO watchdog: set cdev owner before adding drivers: clk: zynqmp: calculate closest mux rate gpu/drm/radeon: fix two memleaks in radeon_vm_init drivers/amd/pm: fix a use-after-free in kv_parse_power_table drm/amd/pm: fix a double-free in si_dpm_init drm/amdgpu/debugfs: fix error code when smc register accessors are NULL media: dvbdev: drop refcount on error path in dvb_device_open() media: cx231xx: fix a memleak in cx231xx_init_isoc drm/bridge: tc358767: Fix return value on error case drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table drm/radeon/dpm: fix a memleak in sumo_parse_power_table drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() drm/drv: propagate errors from drm_modeset_register_all() drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks drm/msm/mdp4: flush vblank event on disable ASoC: cs35l34: Fix GPIO name and drop legacy include ASoC: cs35l33: Fix GPIO name and drop legacy include drm/radeon: check return value of radeon_ring_lock() drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() f2fs: fix to avoid dirent corruption drm/bridge: Fix typo in post_disable() description media: pvrusb2: fix use after free on context disconnection RDMA/usnic: Silence uninitialized symbol smatch warnings ARM: davinci: always select CONFIG_CPU_ARM926T ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() Bluetooth: btmtkuart: fix recv_buf() return value Bluetooth: Fix bogus check for re-auth no supported with non-ssp netfilter: nf_tables: mark newset as dead on transaction abort wifi: rtlwifi: rtl8192se: using calculate_bit_shift() wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() wifi: rtlwifi: rtl8192de: using calculate_bit_shift() rtlwifi: rtl8192de: make arrays static const, makes object smaller wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() wifi: rtlwifi: rtl8192c: using calculate_bit_shift() wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() wifi: rtlwifi: add calculate_bit_shift() dma-mapping: clear dev->dma_mem to NULL after freeing it virtio/vsock: fix logic which reduces credit update messages selftests/net: fix grep checking for fib_nexthop_multiprefix scsi: hisi_sas: Replace with standard error code return value arm64: dts: qcom: sdm845-db845c: correct LED panic indicator scsi: fnic: Return error if vmalloc() failed wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() net/ncsi: Fix netlink major/minor version numbers ncsi: internal.h: Fix a spello ARM: dts: qcom: apq8064: correct XOADC register address wifi: libertas: stop selecting wext bpf, lpm: Fix check prefixlen before walking trie wifi: rtw88: fix RX filter in FIF_ALLMULTI flag NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT blocklayoutdriver: Fix reference leak of pnfs_device_node crypto: scomp - fix req->dst buffer overflow crypto: sahara - do not resize req->src when doing hash operations crypto: sahara - fix processing hash requests with req->nbytes < sg->length crypto: sahara - improve error handling in sahara_sha_process() crypto: sahara - fix wait_for_completion_timeout() error handling crypto: sahara - fix ahash reqsize crypto: virtio - Wait for tasklet to complete on device remove gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() crypto: sahara - fix error handling in sahara_hw_descriptor_create() crypto: sahara - fix processing requests with cryptlen < sg->length crypto: sahara - fix ahash selftest failure crypto: sahara - remove FLAGS_NEW_KEY logic crypto: af_alg - Disallow multiple in-flight AIO requests crypto: ccp - fix memleak in ccp_init_dm_workarea virtio_crypto: Introduce VIRTIO_CRYPTO_NOSPC crypto: virtio - don't use 'default m' crypto: virtio - Handle dataq logic with tasklet selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket mtd: Fix gluebi NULL pointer dereference caused by ftl notifier spi: sh-msiof: Enforce fixed DTDL for R-Car H3 calipso: fix memory leak in netlbl_calipso_add_pass() netlabel: remove unused parameter in netlbl_netlink_auditinfo() net: netlabel: Fix kerneldoc warnings ACPI: LPIT: Avoid u32 multiplication overflow ACPI: video: check for error while searching for backlight device parent mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response powerpc/imc-pmu: Add a null pointer check in update_events_in_group() powerpc/powernv: Add a null pointer check in opal_powercap_init() powerpc/powernv: Add a null pointer check in opal_event_init() powerpc/powernv: Add a null pointer check to scom_debug_init_one() selftests/powerpc: Fix error handling in FPU/VMX preemption tests powerpc/pseries/memhp: Fix access beyond end of drmem array powerpc/pseries/memhotplug: Quieten some DLPAR operations powerpc/44x: select I2C for CURRITUCK powerpc: add crtsavres.o to always-y instead of extra-y EDAC/thunderx: Fix possible out-of-bounds string access x86/lib: Fix overflow when counting digits coresight: etm4x: Fix width of CCITMIN field parport: parport_serial: Add Brainboxes device IDs and geometry parport: parport_serial: Add Brainboxes BAR details uio: Fix use-after-free in uio_open binder: fix comment on binder_alloc_new_buf() return value binder: fix trivial typo of binder_free_buf_locked() binder: use EPOLLERR from eventpoll.h ACPI: resource: Add another DMI match for the TongFang GMxXGxx drm/crtc: fix uninitialized variable use ARM: sun9i: smp: fix return code check of of_property_match_string ida: Fix crash in ida_free when the bitmap is empty Input: xpad - add Razer Wolverine V2 support ARC: fix spare error s390/scm: fix virtual vs physical address confusion Input: i8042 - add nomux quirk for Acer P459-G2-M Input: atkbd - skip ATKBD_CMD_GETID in translated mode reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI tracing: Add size check when printing trace_marker output tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing neighbour: Don't let neigh_forced_gc() disable preemption for long drm/crtc: Fix uninit-value bug in drm_mode_setcrtc jbd2: correct the printing of write_flags in jbd2_write_superblock() clk: rockchip: rk3128: Fix HCLK_OTG gate register drm/exynos: fix a wrong error checking drm/exynos: fix a potential error pointer dereference nvme: introduce helper function to get ctrl state ASoC: da7219: Support low DC impedance headset net/tg3: fix race condition in tg3_reset_task() nouveau/tu102: flush all pdbs on vmm flush ASoC: rt5650: add mutex to avoid the jack detection failure ASoC: cs43130: Fix incorrect frame delay configuration ASoC: cs43130: Fix the position of const qualifier ASoC: Intel: Skylake: mem leak in skl register function ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 ASoC: Intel: Skylake: Fix mem leak in few functions ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro pinctrl: lochnagar: Don't build on MIPS f2fs: explicitly null-terminate the xattr list Revert "ipv6: make ip6_rt_gc_expire an atomic_t" Revert "ipv6: remove max_size check inline with ipv4" Linux 5.4.267 ASoC: meson: codec-glue: fix pcm format cast warning ipv6: remove max_size check inline with ipv4 ipv6: make ip6_rt_gc_expire an atomic_t net/dst: use a smaller percpu_counter batch for dst entries accounting PCI: Disable ATS for specific Intel IPU E2000 devices PCI: Extract ATS disabling to a helper function netfilter: nf_tables: Reject tables of unsupported family net: tls, update curr on splice as well ath10k: Get rid of "per_ce_irq" hw param ath10k: Keep track of which interrupts fired, don't poll them ath10k: Add interrupt summary based CE processing ath10k: Wait until copy complete is actually done before completing mmc: sdhci-sprd: Fix eMMC init failure after hw reset mmc: core: Cancel delayed work before releasing host mmc: rpmb: fixes pause retune on all RPMB partitions. mm: fix unmap_mapping_range high bits shift bug i2c: core: Fix atomic xfer check for non-preempt config firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards mm/memory-failure: check the mapcount of the precise page net: Implement missing SO_TIMESTAMPING_NEW cmsg support bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() asix: Add check for usbnet_get_endpoints net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues net/qla3xxx: switch from 'pci_' to 'dma_' API i40e: Restore VF MSI-X state during PCI reset ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux ASoC: meson: g12a-tohdmitx: Validate written enum values ASoC: meson: g12a: extract codec-to-codec utils i40e: fix use-after-free in i40e_aqc_add_filters() net: Save and restore msg_namelen in sock_sendmsg net: bcmgenet: Fix FCS generation for fragmented skbuffs ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps can: raw: add support for SO_MARK can: raw: add support for SO_TXTIME/SCM_TXTIME net: sched: em_text: fix possible memory leak in em_text_destroy() i40e: Fix filter input checks to prevent config with invalid values nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local ANDROID: db845c: Enable device tree overlay support Linux 5.4.266 block: Don't invalidate pagecache for invalid falloc modes ring-buffer: Fix wake ups when buffer_percent is set to 100 smb: client: fix OOB in smbCalcSize() usb: fotg210-hcd: delete an incorrect bounds test x86/alternatives: Sync core before enabling interrupts net: rfkill: gpio: set GPIO direction net: 9p: avoid freeing uninit memory in p9pdu_vreadf Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent USB: serial: option: add Quectel RM500Q R13 firmware support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel EG912Y module support USB: serial: ftdi_sio: update Actisense PIDs constant names wifi: cfg80211: fix certs build to not depend on file order wifi: cfg80211: Add my certificate iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() Input: ipaq-micro-keys - add error handling for devm_kmemdup iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw interconnect: Treat xlate() returning NULL node as an error btrfs: do not allow non subvolume root targets for snapshot smb: client: fix NULL deref in asn1_ber_decoder() ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 pinctrl: at91-pio4: use dedicated lock class for IRQ i2c: aspeed: Handle the coalesced stop conditions with the start conditions. afs: Fix overwriting of result of DNS query net: check dev->gso_max_size in gso_features_check() net: warn if gso_type isn't set for a GSO SKB afs: Fix dynamic root lookup DNS check afs: Fix the dynamic root's d_delete to always delete unused dentries net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() net/rose: fix races in rose_kill_by_device() ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net: sched: ife: fix potential use-after-free net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors net/mlx5: Fix fw tracer first block check net/mlx5: improve some comments Revert "net/mlx5e: fix double free of encap_header" wifi: mac80211: mesh_plink: fix matches_local logic s390/vx: fix save/restore of fpu kernel context reset: Fix crash when freeing non-existent optional resets ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ANDROID: GKI: fix crc issue in include/net/addrconf.h Revert "cred: switch to using atomic_long_t" Linux 5.4.265 powerpc/ftrace: Fix stack teardown in ftrace_no_trace powerpc/ftrace: Create a dummy stackframe to fix stack unwind mmc: block: Be sure to wait while busy in CQE error recovery ring-buffer: Fix memory leak of free page team: Fix use-after-free when an option instance allocation fails arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS soundwire: stream: fix NULL pointer dereference for multi_link perf: Fix perf_event_validate_size() lockdep splat HID: hid-asus: add const to read-only outgoing usb buffer net: usb: qmi_wwan: claim interface 4 for ZTE MF290 asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad HID: hid-asus: reset the backlight brightness level on resume HID: add ALWAYS_POLL quirk for Apple kb platform/x86: intel_telemetry: Fix kernel doc descriptions bcache: avoid NULL checking to c->root in run_cache_set() bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid oversize memory allocation by small stripe_size blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" usb: aqc111: check packet for fixup for true limit Revert "PCI: acpiphp: Reassign resources on bridge if necessary" ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants cred: switch to using atomic_long_t appletalk: Fix Use-After-Free in atalk_ioctl net: stmmac: Handle disabled MDIO busses from devicetree net: stmmac: use dev_err_probe() for reporting mdio bus registration failure vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() sign-file: Fix incorrect return values check net: Remove acked SYN flag from packet in the transmit queue correctly qed: Fix a potential use-after-free in qed_cxt_tables_alloc net/rose: Fix Use-After-Free in rose_ioctl atm: Fix Use-After-Free in do_vcc_ioctl atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: solos-pci: Fix potential deadlock on &cli_queue_lock qca_spi: Fix reset behavior qca_debug: Fix ethtool -G iface tx behavior qca_debug: Prevent crash on TX ring changes net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX afs: Fix refcount underflow from error handling race Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group" Revert "mmc: core: add helpers mmc_regulator_enable/disable_vqmmc" Revert "mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled" Revert "genetlink: add CAP_NET_ADMIN test for multicast bind" Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" Revert "perf/core: Add a new read format to get a number of lost samples" Revert "perf: Fix perf_event_validate_size()" Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier" Linux 5.4.264 devcoredump: Send uevent once devcd is ready devcoredump : Serialize devcd_del work smb: client: fix potential NULL deref in parse_dfs_referrals() cifs: Fix non-availability of dedup breaking generic/304 Revert "btrfs: add dmesg output for first mount and last unmount of a filesystem" tools headers UAPI: Sync linux/perf_event.h with the kernel sources drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group psample: Require 'CAP_NET_ADMIN' when joining "packets" group genetlink: add CAP_NET_ADMIN test for multicast bind netlink: don't call ->netlink_bind with table lock held io_uring/af_unix: disable sending io_uring over sockets nilfs2: fix missing error check for sb_set_blocksize call KVM: s390/mm: Properly reset no-dat x86/CPU/AMD: Check vendor in the AMD microcode callback serial: 8250_omap: Add earlycon support for the AM654 UART controller serial: sc16is7xx: address RX timeout interrupt errata ARM: PL011: Fix DMA support usb: typec: class: fix typec_altmode_put_partner to put plugs parport: Add support for Brainboxes IX/UC/PX parallel cards usb: gadget: f_hid: fix report descriptor allocation mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled mmc: core: add helpers mmc_regulator_enable/disable_vqmmc gpiolib: sysfs: Fix error handling on failed export perf: Fix perf_event_validate_size() perf/core: Add a new read format to get a number of lost samples arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names arm64: dts: mediatek: mt7622: fix memory node warning check packet: Move reference count in packet_sock to atomic_long_t tracing: Fix a possible race when disabling buffered events tracing: Fix incomplete locking when disabling buffered events tracing: Always update snapshot buffer size nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ARM: dts: imx: make gpt node name generic ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() tracing: Fix a warning when allocating buffered events fails ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate hwmon: (acpi_power_meter) Fix 4.29 MW bug RDMA/bnxt_re: Correct module description string bpf: sockmap, updating the sg structure should also update curr tcp: do not accept ACK of bytes we never sent netfilter: xt_owner: Fix for unsafe access of sk->sk_socket net: hns: fix fake link up on xge port ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() arcnet: restoring support for multiple Sohard Arcnet cards net: arcnet: com20020 fix error handling net: arcnet: Fix RESET flag handling hv_netvsc: rndis_filter needs to select NLS ipv6: fix potential NULL deref in fib6_add() of: dynamic: Fix of_reconfig_get_state_change() return value documentation of: Add missing 'Return' section in kerneldoc comments of: Fix kerneldoc output formatting of: base: Fix some formatting issues and provide missing descriptions of/irq: Make of_msi_map_rid() PCI bus agnostic of/irq: make of_msi_map_get_device_domain() bus agnostic of/iommu: Make of_map_rid() PCI agnostic ACPI/IORT: Make iort_msi_map_rid() PCI agnostic ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic of: base: Add of_get_cpu_state_node() to get idle states for a CPU node drm/amdgpu: correct chunk_ptr to a pointer to chunk. kconfig: fix memory leak from range properties tg3: Increment tx_dropped in tg3_tso_bug() tg3: Move the [rt]x_dropped counters to tg3_napi netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test hrtimers: Push pending hrtimers away from outgoing CPU earlier Revert "HID: core: store the unique system identifier in hid_device" Revert "HID: fix HID device resource race between HID core and debugging support" Linux 5.4.263 mmc: block: Retry commands in CQE error recovery mmc: core: convert comma to semicolon mmc: cqhci: Fix task clearing in CQE error recovery mmc: cqhci: Warn of halt or task clear failure mmc: cqhci: Increase recovery halt timeout cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily cpufreq: imx6q: don't warn for disabling a non-existing frequency scsi: qla2xxx: Fix system crash due to bad pointer access scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request scsi: core: Introduce the scsi_cmd_to_rq() function scsi: qla2xxx: Simplify the code for aborting SCSI commands ima: detect changes to the backing overlay file ovl: skip overlayfs superblocks at global sync ima: annotate iint mutex to avoid lockdep false positive warnings fbdev: stifb: Make the STI next font pointer a 32-bit signed offset mtd: cfi_cmdset_0001: Byte swap OTP info mtd: cfi_cmdset_0001: Support the absence of protection registers s390/cmma: fix detection of DAT pages s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family smb3: fix touch -h of symlink net: ravb: Start TX queues after HW initialization succeeded net: ravb: Use pm_runtime_resume_and_get() ravb: Fix races between ravb_tx_timeout_work() and net related ops net: stmmac: xgmac: Disable FPE MMC interrupts ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Input: xpad - add HyperX Clutch Gladiate Support btrfs: make error messages more clear when getting a chunk map btrfs: send: ensure send_fd is writable btrfs: fix off-by-one when checking chunk map includes logical address btrfs: add dmesg output for first mount and last unmount of a filesystem powerpc: Don't clobber f0/vs0 during fp|altivec register save bcache: revert replacing IS_ERR_OR_NULL with IS_ERR dm verity: don't perform FEC for failed readahead IO dm-verity: align struct dm_verity_fec_io properly ALSA: hda/realtek: Add supported ALC257 for ChromeOS ALSA: hda/realtek: Headset Mic VREF to 100% ALSA: hda: Disable power-save on KONTRON SinglePC mmc: block: Do not lose cache flush during CQE error recovery firewire: core: fix possible memory leak in create_units() pinctrl: avoid reload of p state in list iteration io_uring: fix off-by one bvec index USB: dwc3: qcom: fix wakeup after probe deferral USB: dwc3: qcom: fix resource leaks on probe deferral usb: dwc3: set the dma max_seg_size USB: dwc2: write HCINT with INTMASK applied USB: serial: option: don't claim interface 4 for ZTE MF290 USB: serial: option: fix FM101R-GL defines USB: serial: option: add Fibocom L7xx modules bcache: prevent potential division by zero error bcache: check return value from btree_node_alloc_replacement() dm-delay: fix a race between delay_presuspend and delay_bio hv_netvsc: Mark VF as slave before exposing it to user-mode hv_netvsc: Fix race of register_netdevice_notifier and VF register USB: serial: option: add Luat Air72*U series products s390/dasd: protect device queue against concurrent access bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 arm64: cpufeature: Extract capped perfmon fields ext4: make sure allocate pending entry not fail ext4: fix slab-use-after-free in ext4_es_insert_extent() ext4: using nofail preallocation in ext4_es_insert_extent() ext4: using nofail preallocation in ext4_es_insert_delayed_block() ext4: using nofail preallocation in ext4_es_remove_extent() ext4: use pre-allocated es in __es_remove_extent() ext4: use pre-allocated es in __es_insert_extent() ext4: factor out __es_alloc_extent() and __es_free_extent() ext4: add a new helper to check if es must be kept MIPS: KVM: Fix a build warning about variable set but not used nvmet: nul-terminate the NQNs passed in the connect command nvmet: remove unnecessary ctrl parameter afs: Fix file locking on R/O volumes to operate in local mode afs: Return ENOENT if no cell DNS record can be found net: axienet: Fix check for partial TX checksum amd-xgbe: propagate the correct speed and duplex status amd-xgbe: handle the corner-case during tx completion amd-xgbe: handle corner-case during sfp hotplug arm/xen: fix xen_vcpu_info allocation alignment net: usb: ax88179_178a: fix failed operations during ax88179_reset ipv4: Correct/silence an endian warning in __ip_do_redirect HID: fix HID device resource race between HID core and debugging support HID: core: store the unique system identifier in hid_device drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/panel: simple: Fix Innolux G101ICE-L01 timings drm/panel: simple: Fix Innolux G101ICE-L01 bus flags afs: Make error on cell lookup failure consistent with OpenAFS PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() RDMA/irdma: Prevent zero-length STAG registration driver core: Release all resources during unbind before updating device links ANDROID: GKI: db845c: Update symbols list and ABI on rpmsg_register_device_override Revert "tracing: Have trace_event_file have ref counters" Linux 5.4.262 netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: fix table flag updates netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: double hook unregistration in netns path netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: don't skip expired elements during walk netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nf_tables: drop map element references from preparation phase netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: pass context to nft_set_destroy() tracing: Have trace_event_file have ref counters drm/amdgpu: fix error handling in amdgpu_bo_list_get() ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct the start block of counting reserved clusters ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" nfsd: fix file memleak on client_opens_release media: venus: hfi: add checks to handle capabilities from firmware media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi_parser: Add check to keep the number of codecs within range media: sharp: fix sharp encoding media: lirc: drop trailing space from scancode transmit i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables bluetooth: Add device 13d3:3571 to device tables bluetooth: Add device 0bda:887b to device tables Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 Bluetooth: btusb: add Realtek 8822CE to usb_device_id table Bluetooth: btusb: Add flag to define wideband speech capability tty: serial: meson: fix hard LOCKUP on crtscts mode serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: retrieve port FIFO size from DT serial: meson: remove redundant initialization of variable id ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines i3c: master: cdns: Fix reading status register mm/cma: use nth_page() in place of direct struct page manipulation dmaengine: stm32-mdma: correct desc prep when channel running mcb: fix error handling for different scenarios when parsing i2c: core: Run atomic i2c xfer when !preemptible kernel/reboot: emergency_restart: Set correct system_state quota: explicitly forbid quota files from being encrypted jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev btrfs: don't arbitrarily slow down delalloc if we're committing PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list mmc: vub300: fix an error code clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks parisc/pdc: Add width field to struct pdc_model PCI: keystone: Don't discard .probe() callback PCI: keystone: Don't discard .remove() callback genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR ACPI: resource: Do IRQ override on TongFang GMxXGxx PCI/sysfs: Protect driver's D3cold preference from user space hvc/xen: fix error path in xen_hvc_init() to always register frontend driver audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() audit: don't take task_lock() in audit_exe_compare() code path KVM: x86: Ignore MSR_AMD64_TW_CFG access KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space x86/cpu/hygon: Fix the CPU topology evaluation for real scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END randstruct: Fix gcc-plugin performance mode to stay in group media: venus: hfi: add checks to perform sanity on queue pointers cifs: spnego: add ';' in HOST_KEY_LEN tools/power/turbostat: Fix a knl bug macvlan: Don't propagate promisc change to lower dev in passthru net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors net/mlx5_core: Clean driver version and name net/mlx5e: fix double free of encap_header net: stmmac: fix rx budget limit check net: stmmac: Rework stmmac_rx() netfilter: nf_conntrack_bridge: initialize err to 0 net: ethernet: cortina: Fix MTU max setting net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix max RX frame define bonding: stop the device in bond_setup_by_slave() ptp: annotate data-race around q->head and q->tail xen/events: fix delayed eoi list handling ppp: limit MRU to 64K tipc: Fix kernel-infoleak due to uninitialized TLV value net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() tty: Fix uninit-value access in ppp_sync_receive() ipvlan: add ipvlan_route_v6_outbound() helper NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO wifi: iwlwifi: Use FW rate for non-data frames pwm: Fix double shift bug ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings kgdb: Flush console before entering kgdb on panic drm/amd/display: Avoid NULL dereference of timing generator media: cobalt: Use FIELD_GET() to extract Link Width gfs2: ignore negated quota changes media: vivid: avoid integer overflow media: gspca: cpia1: shift-out-of-bounds in set_flicker i2c: sun6i-p2wi: Prevent potential division by zero usb: gadget: f_ncm: Always set current gadget in ncm_bind() tty: vcc: Add check for kstrdup() in vcc_probe() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() atm: iphase: Do PCI error checks on own line PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields ALSA: hda: Fix possible null-ptr-deref when assigning a stream ARM: 9320/1: fix stack depot IRQ stack filter jfs: fix array-index-out-of-bounds in diAlloc jfs: fix array-index-out-of-bounds in dbFindLeaf fs/jfs: Add validity check for db_maxag and db_agpref fs/jfs: Add check for negative db_l2nbperpage RDMA/hfi1: Use FIELD_GET() to extract Link Width crypto: pcrypt - Fix hungtask for PADATA_RESET selftests/efivarfs: create-read: fix a resource leak drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/komeda: drop all currently held locks if deadlock happens platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Bluetooth: Fix double free in hci_conn_cleanup wifi: ath10k: Don't touch the CE interrupt registers after power up net: annotate data-races around sk->sk_dst_pending_confirm net: annotate data-races around sk->sk_tx_queue_mapping wifi: ath10k: fix clang-specific fortify warning wifi: ath9k: fix clang-specific fortify warnings wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: mac80211_hwsim: fix clang-specific fortify warning x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware clocksource/drivers/timer-imx-gpt: Fix potential memory leak perf/core: Bail out early if the request AUX area is out of bound locking/ww_mutex/test: Fix potential workqueue corruption Revert "inet: shrink struct flowi_common" Revert "ipvlan: properly track tx_errors" ANDROID: fix up rpmsg_device ABI break ANDROID: fix up platform_device ABI break Linux 5.4.261 btrfs: use u64 for buffer sizes in the tree search ioctls Revert "mmc: core: Capture correct oemid-bits for eMMC cards" fbdev: fsl-diu-fb: mark wr_reg_wa() static fbdev: imsttfb: fix a resource leak in probe fbdev: imsttfb: Fix error path of imsttfb_probe() spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs netfilter: xt_recent: fix (increase) ipv6 literal buffer length r8169: respect userspace disabling IFF_MULTICAST tg3: power down device only on SYSTEM_POWER_OFF net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs Fix termination state for idr_for_each_entry_ul() net: r8169: Disable multicast filter for RTL8168H and RTL8107E dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. dccp: Call security_inet_conn_request() after setting IPv4 addresses. inet: shrink struct flowi_common tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING llc: verify mac len before reading mac header Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: sti: Avoid conditional gotos regmap: prevent noinc writes from clobbering cache media: dvb-usb-v2: af9035: fix missing unlock media: s3c-camif: Avoid inappropriate kfree() media: bttv: fix use after free error due to btv->timeout timer pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: cs: fix possible hung task and memory leak pccardd() rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs powerpc/pseries: fix potential memory leak in init_cpu_associativity() powerpc/imc-pmu: Use the correct spinlock initializer. powerpc/xive: Fix endian conversion size modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() USB: usbip: fix stub_dev hub disconnect tools: iio: iio_generic_buffer ensure alignment tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: privatize globals and functions in iio_generic_buffer.c file misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() dmaengine: ti: edma: handle irq_of_parse_and_map() errors usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency tty: tty_jobctrl: fix pid memleak in disassociate_ctty() leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' ledtrig-cpu: Limit to 8 CPUs leds: pwm: Don't disable the PWM when the LED should be off leds: pwm: convert to atomic PWM API leds: pwm: simplify if condition mfd: dln2: Fix double put in dln2_probe ASoC: ams-delta.c: use component after check ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails sh: bios: Revive earlyprintk support RDMA/hfi1: Workaround truncation compilation error scsi: ufs: core: Leave space for '\0' in utf8 desc string ext4: move 'ix' sanity check to corrent position ARM: 9321/1: memset: cast the constant byte to unsigned char hid: cp2112: Fix duplicate workqueue initialization HID: cp2112: Use irqchip template crypto: caam/jr - fix Chacha20 + Poly1305 self test failure crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure nd_btt: Make BTT lanes preemptible sched/rt: Provide migrate_disable/enable() inlines libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value hwrng: geode - fix accessing registers clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped firmware: ti_sci: Mark driver as non removable firmware: ti_sci: Replace HTTP links with HTTPS ones soc: qcom: llcc: Handle a second device without data corruption soc: qcom: Rename llcc-slice to llcc-qcom soc: qcom: llcc cleanup to get rid of sdm845 specific driver file ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator arm64: dts: qcom: sdm845-mtp: fix WiFi configuration drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() drm/radeon: possible buffer overflow drm/rockchip: vop: Fix call to crtc reset helper drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs hwmon: (coretemp) Fix potentially truncated sysfs attribute name platform/x86: wmi: Fix opening of char device platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix probe failure when failing to register WMI devices clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data clk: npcm7xx: Fix incorrect kfree clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: imx: Select MXC_CLK for CLK_IMX8QXP clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies regmap: debugfs: Fix a erroneous check after snprintf() ipvlan: properly track tx_errors net: add DEV_STATS_READ() helper ipv6: avoid atomic fragment on GSO packets ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() tcp: fix cookie_init_timestamp() overflows tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp chtls: fix tp->rcv_tstamp initialization r8169: fix rare issue with broken rx after link-down on RTL8125 r8169: use tp_to_dev instead of open code thermal: core: prevent potential string overflow can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() can: dev: can_restart(): don't crash kernel if carrier is OK wifi: rtlwifi: fix EDCA limit set by BT coexistence tcp_metrics: do not create an entry from tcp_init_metrics() tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: add missing barriers on delete wifi: mt76: mt7603: rework/fix rx pse hang check wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed i40e: fix potential memory leaks in i40e_remove() genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() vfs: fix readahead(2) on block devices Linux 5.4.260 tty: 8250: Add support for Intashield IS-100 tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Remove UC-257 and UC-431 usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device Revert "ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver" nvmet-tcp: Fix a possible UAF in queue intialization setup nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites remove the sx8 block driver ata: ahci: fix enum constants for gcc-13 net: chelsio: cxgb4: add an error code check in t4_load_phy_fw platform/mellanox: mlxbf-tmfifo: Fix a warning message platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e scsi: mpt3sas: Fix in error path fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() ASoC: rt5650: fix the wrong result of key button netfilter: nfnetlink_log: silence bogus compiler warning spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe irqchip/stm32-exti: add missing DT IRQ flag translation Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table x86: Fix .brk attribute in linker script rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg: glink: Release driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Constify local variable in field store macro driver: platform: Add helper for safer setting of driver_override ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow ext4: avoid overlapping preallocations due to overflow ext4: add two helper functions extent_logical_end() and pa_logical_end() x86/mm: Fix RESERVE_BRK() for older binutils x86/mm: Simplify RESERVE_BRK() nfsd: lock_rename() needs both directories to live on the same fs f2fs: fix to do sanity check on inode type during garbage collection smbdirect: missing rc checks while waiting for rdma events kobject: Fix slab-out-of-bounds in fill_kobj_path() arm64: fix a concurrency issue in emulation_proc_handler() drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name perf/core: Fix potential NULL deref nvmem: imx: correct nregs for i.MX6UL nvmem: imx: correct nregs for i.MX6SLL nvmem: imx: correct nregs for i.MX6ULL i2c: aspeed: Fix i2c bus hang in slave read i2c: stm32f7: Fix PEC handling in case of SMBUS transfers i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() iio: exynos-adc: request second interupt only when touchscreen mode is used gtp: fix fragmentation needed check with gso gtp: uapi: fix GTPA_MAX tcp: fix wrong RTO timeout when received SACK reneging r8152: Cancel hw_phy_work if we have an error in probe r8152: Run the unload routine if we have errors during probe r8152: Increase USB control msg timeout to 5000ms as per spec net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() igc: Fix ambiguity in the ethtool advertising neighbour: fix various data-races igb: Fix potential memory leak in igb_add_ethtool_nfc_entry treewide: Spelling fix in comment r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 virtio-mmio: fix memory leak of vm_dev virtio_balloon: Fix endless deflation and inflation on arm64 mcb-lpc: Reallocate memory region to avoid memory overlapping mcb: Return actual parsed size when reading chameleon table selftests/ftrace: Add new test case which checks non unique symbol mtd: rawnand: marvell: Ensure program page operations are successful Conflicts: drivers/clk/qcom/gcc-sm8150.c drivers/net/ethernet/stmicro/stmmac/stmmac_main.c drivers/soc/qcom/Kconfig drivers/soc/qcom/Makefile drivers/soc/qcom/llcc-qcom.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c include/linux/soc/qcom/llcc-qcom.h include/net/netfilter/nf_tables.h mm/memory-failure.c net/netfilter/nf_tables_api.c net/netfilter/nft_set_hash.c net/netfilter/nft_set_rbtree.c Notes: * Dropped the following upstream commits: |
||
Greg Kroah-Hartman
|
a3aeec7ab8 |
This is the 5.4.262 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmGmUACgkQONu9yGCS aT4V7A//YzFdP4ANGVpZ7tBob7OxpgGgvEu32zCDx51LQ8n2uJRJ8WBWW6kVOBUZ YyUEXzjPPaS7JRS1O7TpCGYFWrH0ue9c/xzyvUQyyHEBZvZVj0P3O1iHlAk2FWSG pOTEfW1cFp8vtHwGn82rmIDETu56LMWd+aeVhg6psb2L6ho2LPipCkxN79kbBGSB DLfD71O2Pb3mw8ZYHVC5KKIlfODLqjq9N6T+3VsG4uQCEMHTVAHjjoIvYFeSi1cR MqPXS4/3GUyYUDTe2tjYznkSfPbdARfD1aKKPEXLuq1+q6WqvHCAG7nwgtPT/gd9 JPCxm+9DPN9+YhmEsCJpMSq3pD2eTrD5ZXhYFNc5sOsNw0L4oFRLtrB782snerw+ ogQ8DED4qATn1+x7jfRD7hwMzHih4nAL7zqy32s8knKHfp1+rOOkXfIohfc9qrUI svUjb1B+guuGHwFq6YDzxpUxmhdGqOo262cnU4jfH8lxH+w03vyNxxyQn0ZUUe2I gkvJ5wNpq4QhD/++B/DaCptw0l5AzfjOO+0xlp20xMzn5qW/BS8W26zUXhGeLOAd MHu+fv9DU0mzs3V1MxRvbBQ5gI9TngRWXJSIBCJx5YhZ8gGIhfrzoIzY+IeF6l3F idjruirbfujAQv0vQHuz7JmhHrTG+T90slQ/R8pPud73WGz5BMI= =A+DX -----END PGP SIGNATURE----- Merge 5.4.262 into android11-5.4-lts Changes in 5.4.262 locking/ww_mutex/test: Fix potential workqueue corruption perf/core: Bail out early if the request AUX area is out of bound clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: mac80211_hwsim: fix clang-specific fortify warning wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_tx_queue_mapping net: annotate data-races around sk->sk_dst_pending_confirm wifi: ath10k: Don't touch the CE interrupt registers after power up Bluetooth: Fix double free in hci_conn_cleanup platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e drm/komeda: drop all currently held locks if deadlock happens drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL selftests/efivarfs: create-read: fix a resource leak crypto: pcrypt - Fix hungtask for PADATA_RESET RDMA/hfi1: Use FIELD_GET() to extract Link Width fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc ARM: 9320/1: fix stack depot IRQ stack filter ALSA: hda: Fix possible null-ptr-deref when assigning a stream PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields atm: iphase: Do PCI error checks on own line scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W tty: vcc: Add check for kstrdup() in vcc_probe() usb: gadget: f_ncm: Always set current gadget in ncm_bind() i2c: sun6i-p2wi: Prevent potential division by zero media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes media: cobalt: Use FIELD_GET() to extract Link Width drm/amd/display: Avoid NULL dereference of timing generator kgdb: Flush console before entering kgdb on panic ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings pwm: Fix double shift bug wifi: iwlwifi: Use FW rate for non-data frames NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO ipvlan: add ipvlan_route_v6_outbound() helper tty: Fix uninit-value access in ppp_sync_receive() net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() tipc: Fix kernel-infoleak due to uninitialized TLV value ppp: limit MRU to 64K xen/events: fix delayed eoi list handling ptp: annotate data-race around q->head and q->tail bonding: stop the device in bond_setup_by_slave() net: ethernet: cortina: Fix max RX frame define net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix MTU max setting netfilter: nf_conntrack_bridge: initialize err to 0 net: stmmac: Rework stmmac_rx() net: stmmac: fix rx budget limit check net/mlx5e: fix double free of encap_header net/mlx5_core: Clean driver version and name net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors macvlan: Don't propagate promisc change to lower dev in passthru tools/power/turbostat: Fix a knl bug cifs: spnego: add ';' in HOST_KEY_LEN media: venus: hfi: add checks to perform sanity on queue pointers randstruct: Fix gcc-plugin performance mode to stay in group bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers x86/cpu/hygon: Fix the CPU topology evaluation for real KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space KVM: x86: Ignore MSR_AMD64_TW_CFG access audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() hvc/xen: fix error path in xen_hvc_init() to always register frontend driver PCI/sysfs: Protect driver's D3cold preference from user space ACPI: resource: Do IRQ override on TongFang GMxXGxx mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware PCI: keystone: Don't discard .remove() callback PCI: keystone: Don't discard .probe() callback parisc/pdc: Add width field to struct pdc_model clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks mmc: vub300: fix an error code PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() btrfs: don't arbitrarily slow down delalloc if we're committing jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev quota: explicitly forbid quota files from being encrypted kernel/reboot: emergency_restart: Set correct system_state i2c: core: Run atomic i2c xfer when !preemptible mcb: fix error handling for different scenarios when parsing dmaengine: stm32-mdma: correct desc prep when channel running mm/cma: use nth_page() in place of direct struct page manipulation i3c: master: cdns: Fix reading status register parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address ALSA: info: Fix potential deadlock at disconnection ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC serial: meson: remove redundant initialization of variable id tty: serial: meson: retrieve port FIFO size from DT serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: fix hard LOCKUP on crtscts mode Bluetooth: btusb: Add flag to define wideband speech capability Bluetooth: btusb: add Realtek 8822CE to usb_device_id table Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 bluetooth: Add device 0bda:887b to device tables bluetooth: Add device 13d3:3571 to device tables Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE Revert ncsi: Propagate carrier gain/loss events to the NCSI controller net: dsa: lan9303: consequently nested-lock physical MDIO i2c: i801: fix potential race in i801_block_transaction_byte_by_byte media: lirc: drop trailing space from scancode transmit media: sharp: fix sharp encoding media: venus: hfi_parser: Add check to keep the number of codecs within range media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi: add checks to handle capabilities from firmware nfsd: fix file memleak on client_opens_release Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: correct return value of ext4_convert_meta_bg ext4: correct the start block of counting reserved clusters ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks drm/amdgpu: fix error handling in amdgpu_bo_list_get() tracing: Have trace_event_file have ref counters netfilter: nf_tables: pass context to nft_set_destroy() netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: drop map element references from preparation phase netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nf_tables: don't skip expired elements during walk netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: double hook unregistration in netns path netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: fix table flag updates netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) Linux 5.4.262 Change-Id: I93e0070751c904fd8a44800ce1756e6e93c1a95b Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Linkui Xiao
|
b2762d13df |
netfilter: nf_conntrack_bridge: initialize err to 0
[ Upstream commit a44af08e3d4d7566eeea98d7a29fe06e7b9de944 ]
K2CI reported a problem:
consume_skb(skb);
return err;
[nf_br_ip_fragment() error] uninitialized symbol 'err'.
err is not initialized, because returning 0 is expected, initialize err
to 0.
Fixes:
|
||
|
Greg Kroah-Hartman
|
c5c964fd2f |
Revert "net: bridge: use DEV_STATS_INC()"
This reverts commit
|
||
Michael Bestas
|
6ef34c09c6
|
Merge tag 'ASB-2023-10-06_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-10-01
* tag 'ASB-2023-10-06_11-5.4' of https://android.googlesource.com/kernel/common:
UPSTREAM: arm64: efi: Make efi_rt_lock a raw_spinlock
UPSTREAM: net: sched: sch_qfq: Fix UAF in qfq_dequeue()
UPSTREAM: net/sched: sch_hfsc: Ensure inner classes have fsc curve
UPSTREAM: net/sched: sch_qfq: account for stab overhead in qfq_enqueue
UPSTREAM: netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
UPSTREAM: af_unix: Fix null-ptr-deref in unix_stream_sendpage().
Linux 5.4.254
sch_netem: fix issues in netem_change() vs get_dist_table()
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
scsi: core: Fix legacy /proc parsing buffer overflow
netfilter: nf_tables: report use refcount overflow
nvme-rdma: fix potential unbalanced freeze & unfreeze
nvme-tcp: fix potential unbalanced freeze & unfreeze
btrfs: set cache_block_group_error if we find an error
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
net/mlx5: Allow 0 for total host VFs
dmaengine: mcf-edma: Fix a potential un-allocated memory access
wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
IB/hfi1: Fix possible panic during hotplug remove
drivers: net: prevent tun_build_skb() to exceed the packet size limit
dccp: fix data-race around dp->dccps_mss_cache
bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net/packet: annotate data-races around tp->status
mISDN: Update parameter type of dsp_cmx_send()
selftests/rseq: Fix build with undefined __weak
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
usb: common: usb-conn-gpio: Prevent bailing out if initial role is none
usb: dwc3: Properly handle processing of pending events
usb-storage: alauda: Fix uninit-value in alauda_check_media()
binder: fix memory leak in binder_init()
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
x86/pkeys: Revert
|
||
Eric Dumazet
|
ad8d39c7b4 |
net: bridge: use DEV_STATS_INC()
[ Upstream commit 44bdb313da57322c9b3c108eb66981c6ec6509f4 ]
syzbot/KCSAN reported data-races in br_handle_frame_finish() [1]
This function can run from multiple cpus without mutual exclusion.
Adopt SMP safe DEV_STATS_INC() to update dev->stats fields.
Handles updates to dev->stats.tx_dropped while we are at it.
[1]
BUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish
read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:
br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
br_nf_hook_thresh+0x1ed/0x220
br_nf_pre_routing_finish_ipv6+0x50f/0x540
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417
__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417
__netif_receive_skb_one_core net/core/dev.c:5521 [inline]
__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637
process_backlog+0x21f/0x380 net/core/dev.c:5965
__napi_poll+0x60/0x3b0 net/core/dev.c:6527
napi_poll net/core/dev.c:6594 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6727
__do_softirq+0xc1/0x265 kernel/softirq.c:553
run_ksoftirqd+0x17/0x20 kernel/softirq.c:921
smpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
read-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:
br_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189
br_nf_hook_thresh+0x1ed/0x220
br_nf_pre_routing_finish_ipv6+0x50f/0x540
NF_HOOK include/linux/netfilter.h:304 [inline]
br_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178
br_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508
nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
nf_hook_bridge_pre net/bridge/br_input.c:272 [inline]
br_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417
__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417
__netif_receive_skb_one_core net/core/dev.c:5521 [inline]
__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637
process_backlog+0x21f/0x380 net/core/dev.c:5965
__napi_poll+0x60/0x3b0 net/core/dev.c:6527
napi_poll net/core/dev.c:6594 [inline]
net_rx_action+0x32b/0x750 net/core/dev.c:6727
__do_softirq+0xc1/0x265 kernel/softirq.c:553
do_softirq+0x5e/0x90 kernel/softirq.c:454
__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:396 [inline]
batadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356
batadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703
worker_thread+0x525/0x730 kernel/workqueue.c:2784
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
value changed: 0x00000000000d7190 -> 0x00000000000d7191
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0
Fixes:
|
||
|
Michael Bestas
|
29949ccfbb
|
Merge tag 'ASB-2023-08-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-08-01 CVE-2023-21264 CVE-2020-29374 * tag 'ASB-2023-08-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() ANDROID: ABI: Update allowed list for QCOM UPSTREAM: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition UPSTREAM: x86/mm: Avoid using set_pgd() outside of real PGD pages UPSTREAM: net/sched: flower: fix possible OOB write in fl_set_geneve_opt() Linux 5.4.249 xfs: verify buffer contents when we skip log replay mm: make wait_on_page_writeback() wait for multiple pending writebacks mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback) i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl drm/exynos: vidi: fix a wrong error return ARM: dts: Fix erroneous ADS touchscreen polarities ASoC: nau8824: Add quirk to active-high jack-detect s390/cio: unregister device when the only path is gone usb: gadget: udc: fix NULL dereference in remove() nfcsim.c: Fix error checking for debugfs_create_dir media: cec: core: don't set last_initiator if tx in progress arm64: Add missing Set/Way CMO encodings HID: wacom: Add error check to wacom_parse_and_register() scsi: target: iscsi: Prevent login threads from racing between each other sch_netem: acquire qdisc lock in netem_change() Revert "net: phy: dp83867: perform soft reset and retain established link" netfilter: nfnetlink_osf: fix module autoload netfilter: nf_tables: disallow element updates of bound anonymous sets be2net: Extend xmit workaround to BE3 chip net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch ipvs: align inner_mac_header for encapsulation mmc: usdhi60rol0: fix deferred probing mmc: sh_mmcif: fix deferred probing mmc: sdhci-acpi: fix deferred probing mmc: omap_hsmmc: fix deferred probing mmc: omap: fix deferred probing mmc: mvsdio: fix deferred probing mmc: mvsdio: convert to devm_platform_ioremap_resource mmc: mtk-sd: fix deferred probing net: qca_spi: Avoid high load if QCA7000 is not available xfrm: Linearize the skb after offloading if needed. ieee802154: hwsim: Fix possible memory leaks rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer() x86/mm: Avoid using set_pgd() outside of real PGD pages cifs: Fix potential deadlock when updating vol in cifs_reconnect() cifs: Merge is_path_valid() into get_normalized_path() cifs: Introduce helpers for finding TCP connection cifs: Get rid of kstrdup_const()'d paths cifs: Clean up DFS referral cache nilfs2: prevent general protection fault in nilfs_clear_dirty_page() writeback: fix dereferencing NULL mapping->host on writeback_page_template ip_tunnels: allow VXLAN/GENEVE to inherit TOS/TTL from VLAN mmc: meson-gx: remove redundant mmc_request_done() call from irq context cgroup: Do not corrupt task iteration when rebinding subsystem PCI: hv: Fix a race condition bug in hv_pci_query_relations() Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs nilfs2: fix buffer corruption due to concurrent device reads media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: dvbdev: fix error logic at dvb_register_device() media: dvbdev: Fix memleak in dvb_register_device tick/common: Align tick period during sched_timer setup x86/purgatory: remove PGO flags tracing: Add tracing_reset_all_online_cpus_unlocked() function epoll: ep_autoremove_wake_function should use list_del_init_careful list: add "list_del_init_careful()" to go with "list_empty_careful()" mm: rewrite wait_on_page_bit_common() logic nilfs2: reject devices with insufficient block count Revert "neighbour: Replace zero-length array with flexible-array member" Revert "neighbour: fix unaligned access to pneigh_entry" Revert "tcp: deny tcp_disconnect() when threads are waiting" Linux 5.4.248 mmc: block: ensure error propagation for non-blk drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth neighbour: delete neigh_lookup_nodev as not used net: Remove unused inline function dst_hold_and_use() neighbour: Remove unused inline function neigh_key_eq16() afs: Fix vlserver probe RTT handling selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET net: tipc: resize nlattr array to correct size net: lapbether: only support ethernet devices net/sched: cls_api: Fix lockup on flushing explicitly created chain drm/nouveau: add nv_encoder pointer check for NULL drm/nouveau/kms: Don't change EDID when it hasn't actually changed drm/nouveau/dp: check for NULL nv_connector->native_mode igb: fix nvm.ops.read() error handling sctp: fix an error code in sctp_sf_eat_auth() ipvlan: fix bound dev checking for IPv6 l3s mode IB/isert: Fix incorrect release of isert connection IB/isert: Fix possible list corruption in CMA handler IB/isert: Fix dead lock in ib_isert IB/uverbs: Fix to consider event queue closing also upon non-blocking mode iavf: remove mask from iavf_irq_enable_queues() RDMA/rxe: Fix the use-before-initialization error of resp_pkts RDMA/rxe: Removed unused name from rxe_task struct RDMA/rxe: Remove the unused variable obj net/sched: cls_u32: Fix reference counter leak leading to overflow ping6: Fix send to link-local addresses with VRF. netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM spi: fsl-dspi: avoid SCK glitches with continuous transfers spi: spi-fsl-dspi: Remove unused chip->void_write_data usb: dwc3: gadget: Reset num TRBs before giving back the request serial: lantiq: add missing interrupt ack USB: serial: option: add Quectel EM061KGL series Remove DECnet support from kernel ALSA: hda/realtek: Add a quirk for Compaq N14JP6 net: usb: qmi_wwan: add support for Compal RXM-G1 RDMA/uverbs: Restrict usage of privileged QKEYs nouveau: fix client work fence deletion race powerpc/purgatory: remove PGO flags kexec: support purgatories with .text.hot sections nilfs2: fix possible out-of-bounds segment allocation in resize ioctl nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() nios2: dts: Fix tse_mac "max-frame-size" property ocfs2: check new file size on fallocate call ocfs2: fix use-after-free when unmounting read-only filesystem drm:amd:amdgpu: Fix missing buffer object unlock in failure path xen/blkfront: Only check REQ_FUA for writes mips: Move initrd_start check after initrd address sanitisation. MIPS: Alchemy: fix dbdma2 parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() btrfs: handle memory allocation failure in btrfs_csum_one_bio power: supply: Fix logic checking if system is running from battery irqchip/meson-gpio: Mark OF related data as maybe unused regulator: Fix error checking for debugfs_create_dir platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 power: supply: Ratelimit no data debug output ARM: dts: vexpress: add missing cache properties power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() power: supply: sc27xx: Fix external_power_changed race power: supply: ab8500: Fix external_power_changed race s390/dasd: Use correct lock while counting channel queue length dasd: refactor dasd_ioctl_information KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() test_firmware: fix a memory leak with reqs buffer Revert "firmware: arm_sdei: Fix sleep from invalid context BUG" Revert "PM: domains: Fix up terminology with parent/child" Revert "PM: domains: Restore comment indentation for generic_pm_domain.child_links" Revert "scripts/gdb: bail early if there are no generic PD" Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__" Revert "netfilter: nf_tables: don't write table validation state without mutex" Linux 5.4.247 Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE" mtd: spinand: macronix: Add support for MX35LFxGE4AD btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() btrfs: check return value of btrfs_commit_transaction in relocation rbd: get snapshot context after exclusive lock is ensured to be held drm/atomic: Don't pollute crtc_state->mode_blob with error pointers cifs: handle empty list of targets in cifs_reconnect() cifs: get rid of unused parameter in reconn_setup_dfs_targets() ext4: only check dquot_initialize_needed() when debugging eeprom: at24: also select REGMAP i2c: sprd: Delete i2c adapter in .remove's error path bonding (gcc13): synchronize bond_{a,t}lb_xmit() types usb: usbfs: Use consistent mmap functions usb: usbfs: Enforce page requirements for mmap pinctrl: meson-axg: add missing GPIOA_18 gpio group rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk ceph: fix use-after-free bug for inodes when flushing capsnaps can: j1939: avoid possible use-after-free when j1939_can_rx_register fails can: j1939: change j1939_netdev_lock type to mutex can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket drm/amdgpu: fix xclk freq on CHIP_STONEY ALSA: hda/realtek: Add Lenovo P3 Tower platform ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 Input: psmouse - fix OOB access in Elantech protocol Input: xpad - delete a Razer DeathAdder mouse VID/PID entry batman-adv: Broken sync while rescheduling delayed work bnxt_en: Query default VLAN before VNIC setup on a VF lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() net: sched: fix possible refcount leak in tc_chain_tmplt_add() net: sched: move rtm_tca_policy declaration to include file rfs: annotate lockless accesses to RFS sock flow table rfs: annotate lockless accesses to sk->sk_rxhash netfilter: ipset: Add schedule point in call_ad(). netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper Bluetooth: L2CAP: Add missing checks for invalid DCID Bluetooth: Fix l2cap_disconnect_req deadlock net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods neighbour: fix unaligned access to pneigh_entry neighbour: Replace zero-length array with flexible-array member spi: qup: Request DMA before enabling clocks i40e: fix build warnings in i40e_alloc.h i40iw: fix build warning in i40iw_manage_apbvt() block/blk-iocost (gcc13): keep large values in a new enum blk-iocost: avoid 64-bit division in ioc_timer_fn Linux 5.4.246 drm/edid: fix objtool warning in drm_cvt_modes() wifi: rtlwifi: 8192de: correct checking of IQK reload drm/edid: Fix uninitialized variable in drm_cvt_modes() RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds RDMA/bnxt_re: Remove set but not used variable 'dev_attr' scsi: dpt_i2o: Do not process completions with invalid addresses scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD) regmap: Account for register length when chunking test_firmware: fix the memory leak of the allocated firmware buffer fbcon: Fix null-ptr-deref in soft_cursor ext4: add lockdep annotations for i_data_sem for ea_inode's ext4: disallow ea_inodes with extended attributes ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() ext4: add EA_INODE checking to ext4_iget() tracing/probe: trace_probe_primary_from_call(): checked list_first_entry selinux: don't use make's grouped targets feature yet tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK mmc: vub300: fix invalid response handling wifi: rtlwifi: remove always-true condition pointed out by GCC 12 lib/dynamic_debug.c: use address-of operator on section symbols treewide: Remove uninitialized_var() usage kernel/extable.c: use address-of operator on section symbols eth: sun: cassini: remove dead code gcc-12: disable '-Wdangling-pointer' warning for now ACPI: thermal: drop an always true check x86/boot: Wrap literal addresses in absolute_pointer() flow_dissector: work around stack frame size warning ata: libata-scsi: Use correct device no in ata_find_dev() scsi: stex: Fix gcc 13 warnings misc: fastrpc: reject new invocations during device removal misc: fastrpc: return -EPIPE to invocations on device removal usb: gadget: f_fs: Add unbind event before functionfs_unbind net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 iio: dac: build ad5758 driver when AD5758 is selected iio: dac: mcp4725: Fix i2c_master_send() return value handling iio: light: vcnl4035: fixed chip ID check HID: wacom: avoid integer overflow in wacom_intuos_inout() HID: google: add jewel USB id iio: adc: mxs-lradc: fix the order of two cleanup operations mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() atm: hide unused procfs functions ALSA: oss: avoid missing-prototype warnings netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT wifi: b43: fix incorrect __packed annotation scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed arm64/mm: mark private VM_FAULT_X defines as vm_fault_t ARM: dts: stm32: add pin map for CAN controller on stm32f7 wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() media: dvb-core: Fix use-after-free due on race condition at dvb_net media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() media: dvb_ca_en50221: fix a size write bug media: netup_unidvb: fix irq init by register it at the end of probe media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() media: dvb_demux: fix a bug for the continuity counter ASoC: ssm2602: Add workaround for playback distortions xfrm: Check if_id in inbound policy/secpath match ASoC: dwc: limit the number of overrun messages nbd: Fix debugfs_create_dir error checking fbdev: stifb: Fix info entry in sti_struct on error path fbdev: modedb: Add 1920x1080 at 60 Hz video mode media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE ARM: 9295/1: unwind:fix unwind abort for uleb128 case mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() watchdog: menz069_wdt: fix watchdog initialisation mtd: rawnand: marvell: don't set the NAND frequency select mtd: rawnand: marvell: ensure timing values are written net: dsa: mv88e6xxx: Increase wait after reset deactivation net/sched: flower: fix possible OOB write in fl_set_geneve_opt() udp6: Fix race condition in udp6_sendmsg & connect net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use net: sched: fix NULL pointer dereference in mq_attach net/sched: Prohibit regrafting ingress or clsact Qdiscs net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs net/sched: sch_clsact: Only create under TC_H_CLSACT net/sched: sch_ingress: Only create under TC_H_INGRESS tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set tcp: deny tcp_disconnect() when threads are waiting af_packet: do not use READ_ONCE() in packet_bind() mtd: rawnand: ingenic: fix empty stub helper definitions amd-xgbe: fix the false linkup in xgbe_phy_status af_packet: Fix data-races of pkt_sk(sk)->num. netrom: fix info-leak in nr_write_internal() net/mlx5: fw_tracer, Fix event handling dmaengine: pl330: rename _start to prevent build error iommu/amd: Don't block updates to GATag if guest mode is on iommu/rockchip: Fix unwind goto issue RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx RDMA/bnxt_re: Refactor queue pair creation code RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series RDMA/efa: Fix unsupported page sizes in device Linux 5.4.245 netfilter: ctnetlink: Support offloaded conntrack entry deletion ipv{4,6}/raw: fix output xfrm lookup wrt protocol binder: fix UAF caused by faulty buffer cleanup bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() io_uring: have io_kill_timeout() honor the request references io_uring: don't drop completion lock before timer is fully initialized io_uring: always grab lock in io_cancel_async_work() cdc_ncm: Fix the build warning net/mlx5: Devcom, serialize devcom registration net/mlx5: devcom only supports 2 ports fs: fix undefined behavior in bit shift for SB_NOUSER power: supply: bq24190: Call power_supply_changed() after updating input current power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier() power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize cdc_ncm: Implement the 32-bit version of NCM Transfer Block Linux 5.4.244 3c589_cs: Fix an error handling path in tc589_probe() net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device net/mlx5: Fix error message when failing to allocate device memory forcedeth: Fix an error handling path in nv_probe() ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg x86/show_trace_log_lvl: Ensure stack pointer is aligned, again xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet() power: supply: sbs-charger: Fix INHIBITED bit for Status reg power: supply: bq27xxx: Fix poll_interval handling and races on remove power: supply: bq27xxx: Fix I2C IRQ race on remove power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition power: supply: leds: Fix blink to LED on transition ipv6: Fix out-of-bounds access in ipv6_find_tlv() bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields selftests: fib_tests: mute cleanup error message net: fix skb leak in __skb_tstamp_tx() media: radio-shark: Add endpoint checks USB: sisusbvga: Add endpoint checks USB: core: Add routines for endpoint checks in old drivers udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). net: fix stack overflow when LRO is disabled for virtual interfaces fbdev: udlfb: Fix endpoint check debugobjects: Don't wake up kswapd from fill_pool() x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms parisc: Fix flush_dcache_page() for usage from irq context selftests/memfd: Fix unknown type name build failure x86/mm: Avoid incomplete Global INVLPG flushes btrfs: use nofs when cleaning up aborted transactions gpio: mockup: Fix mode of debugfs files parisc: Allow to reboot machine after system halt parisc: Handle kgdb breakpoints only in kernel context m68k: Move signal frame following exception on 68020/030 ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/ca0132: add quirk for EVGA X299 DARK mt76: mt7615: Fix build with older compilers spi: fsl-cpm: Use 16 bit mode for large transfers with even size spi: fsl-spi: Re-organise transfer bits_per_word adaptation watchdog: sp5100_tco: Immediately trigger upon starting. s390/qdio: fix do_sqbs() inline assembly constraint s390/qdio: get rid of register asm vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF vc_screen: rewrite vcs_size to accept vc, not inode usb: gadget: u_ether: Fix host MAC address case usb: gadget: u_ether: Convert prints to device prints lib/string_helpers: Introduce string_upper() and string_lower() helpers HID: wacom: add three styli to wacom_intuos_get_tool_type HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs HID: wacom: Force pen out of prox if no events have been received in a while netfilter: nf_tables: hold mutex on netns pre_exit path netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag netfilter: nf_tables: stricter validation of element data netfilter: nf_tables: allow up to 64 bytes in the set element data area netfilter: nf_tables: add nft_setelem_parse_key() netfilter: nf_tables: validate registers coming from userspace. netfilter: nftables: statify nft_parse_register() netfilter: nftables: add nft_parse_register_store() and use it netfilter: nftables: add nft_parse_register_load() and use it nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() powerpc/64s/radix: Fix soft dirty tracking tpm/tpm_tis: Disable interrupts for more Lenovo devices ceph: force updating the msg pointer in non-split case serial: Add support for Advantech PCI-1611U card statfs: enforce statfs[64] structure initialization KVM: x86: do not report a vCPU as preempted outside instruction boundaries can: kvaser_pciefd: Disable interrupts in probe error path can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt can: kvaser_pciefd: Clear listen-only bit if not explicitly requested can: kvaser_pciefd: Empty SRB buffer in probe can: kvaser_pciefd: Call request_irq() before enabling interrupts can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table ALSA: hda: Fix Oops by 9.1 surround channel names usb: typec: altmodes/displayport: fix pin_assignment_show usb: dwc3: debugfs: Resume dwc3 before accessing registers USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value usb-storage: fix deadlock when a scsi command timeouts more than once USB: usbtmc: Fix direction for 0-length ioctl control messages vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() igb: fix bit_shift to be in [1..8] range cassini: Fix a memory leak in the error handling path of cas_init_one() wifi: iwlwifi: mvm: don't trust firmware n_channels net: bcmgenet: Restore phy_stop() depending upon suspend/close net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop() net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() drm/exynos: fix g2d_open/close helper function definitions media: netup_unidvb: fix use-after-free at del_timer() net: hns3: fix reset delay time to avoid configuration timeout net: hns3: fix sending pfc frames after reset issue erspan: get the proto with the md version for collect_md ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode ip6_gre: Make o_seqno start from 0 in native mode ip6_gre: Fix skb_under_panic in __gre6_xmit() serial: arc_uart: fix of_iomap leak in `arc_serial_probe` vsock: avoid to close connected socket after the timeout ALSA: firewire-digi00x: prevent potential use after free net: fec: Better handle pm_runtime_get() failing in .remove() af_key: Reject optional tunnel/BEET mode templates in outbound policies cpupower: Make TSC read per CPU for Mperf monitor ASoC: fsl_micfil: register platform component before registering cpu dai btrfs: fix space cache inconsistency after error loading it from disk btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid mfd: dln2: Fix memory leak in dln2_probe() phy: st: miphy28lp: use _poll_timeout functions for waits Input: xpad - add constants for GIP interface numbers iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any clk: tegra20: fix gcc-7 constant overflow warning RDMA/core: Fix multiple -Warray-bounds warnings recordmcount: Fix memory leaks in the uwrite function sched: Fix KCSAN noinstr violation mcb-pci: Reallocate memory region to avoid memory overlapping serial: 8250: Reinit port->pm on port specific driver unbind usb: typec: tcpm: fix multiple times discover svids error HID: wacom: generic: Set battery quirk only when we see battery data spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 HID: logitech-hidpp: Reconcile USB and Unifying serials HID: logitech-hidpp: Don't use the USB serial for USB devices staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf wifi: iwlwifi: pcie: fix possible NULL pointer dereference samples/bpf: Fix fout leak in hbm's run_bpf_prog f2fs: fix to drop all dirty pages during umount() if cp_error is set ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() ext4: set goal start correctly in ext4_mb_normalize_request gfs2: Fix inode height consistency check scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition lib: cpu_rmap: Avoid use after free on rmap->obj array entries scsi: target: iscsit: Free cmds before session free net: Catch invalid index in XPS mapping net: pasemi: Fix return type of pasemi_mac_start_tx() scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow ext2: Check block size validity during mount wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects ACPICA: Avoid undefined behavior: applying zero offset to null pointer drm/tegra: Avoid potential 32-bit integer overflow ACPI: EC: Fix oops when removing custom query handlers firmware: arm_sdei: Fix sleep from invalid context BUG memstick: r592: Fix UAF bug in r592_remove due to race condition regmap: cache: Return error in cache sync operations for REGCACHE_NONE drm/amd/display: Use DC_LOG_DC in the trasform pixel function fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() af_unix: Fix data races around sk->sk_shutdown. af_unix: Fix a data race of sk->sk_receive_queue->qlen. net: datagram: fix data-races in datagram_poll() ipvlan:Fix out-of-bounds caused by unclear skb->cb net: add vlan_get_protocol_and_depth() helper net: tap: check vlan with eth_type_vlan() method net: annotate sk->sk_err write from do_recvmmsg() netlink: annotate accesses to nlk->cb_running netfilter: conntrack: fix possible bug_on with enable_hooks=1 net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). linux/dim: Do nothing if no time delta between samples ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings drm/mipi-dsi: Set the fwnode for mipi_dsi_device driver core: add a helper to setup both the of_node and fwnode of a device Linux 5.4.243 drm/amd/display: Fix hang when skipping modeset mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock drm/exynos: move to use request_irq by IRQF_NO_AUTOEN flag drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() drm/msm: Fix double pm_runtime_disable() call PM: domains: Restore comment indentation for generic_pm_domain.child_links printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors drbd: correctly submit flush bio on barrier serial: 8250: Fix serial8250_tx_empty() race with DMA Tx tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH ext4: fix invalid free tracking in ext4_xattr_move_to_block() ext4: remove a BUG_ON in ext4_mb_release_group_pa() ext4: bail out of ext4_xattr_ibody_get() fails for any reason ext4: add bounds checking in get_max_inline_xattr_value_size() ext4: fix deadlock when converting an inline directory in nojournal mode ext4: improve error recovery code paths in __ext4_remount() ext4: fix data races when using cached status extents ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum ext4: fix WARNING in mb_find_extent HID: wacom: insert timestamp to packed Bluetooth (BT) events HID: wacom: Set a default resolution for older tablets drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() drm/panel: otm8009a: Set backlight parent to panel device f2fs: fix potential corruption when moving a directory ARM: dts: s5pv210: correct MIPI CSIS clock name ARM: dts: exynos: fix WM8960 clock name in Itop Elite remoteproc: st: Call of_node_put() on iteration error remoteproc: stm32: Call of_node_put() on iteration error sh: nmi_debug: fix return value of __setup handler sh: init: use OF_EARLY_FLATTREE for early init sh: math-emu: fix macro redefined warning inotify: Avoid reporting event with invalid wd platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i cifs: fix pcchunk length type in smb2_copychunk_range btrfs: print-tree: parent bytenr must be aligned to sector size btrfs: don't free qgroup space unless specified btrfs: fix btrfs_prev_leaf() to not return the same key twice perf symbols: Fix return incorrect build_id size in elf_read_build_id() perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() perf vendor events power9: Remove UTF-8 characters from JSON files virtio_net: suppress cpu stall when free_unused_bufs virtio_net: split free_unused_bufs() net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621 ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` drm/amdgpu: add a missing lock for AMDGPU_SCHED af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). ionic: remove noise from ethtool rxnfc error msg rxrpc: Fix hard call timeout units net/sched: act_mirred: Add carrier check writeback: fix call of incorrect macro net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() net/sched: cls_api: remove block_cb from driver_list before freeing net/ncsi: clear Tx enable mode when handling a Config required AEN relayfs: fix out-of-bounds access in relay_file_read kernel/relay.c: fix read_pos error when multiple readers crypto: safexcel - Cleanup ring IRQ workqueues on load failure crypto: inside-secure - irq balance dm verity: fix error handling for check_at_most_once on FEC dm verity: skip redundant verity_handle_err() on I/O errors mailbox: zynqmp: Fix counts of child nodes mailbox: zynq: Switch to flexible array to simplify code tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem nohz: Add TICK_DEP_BIT_RCU netfilter: nf_tables: deactivate anonymous set from preparation phase debugobject: Ensure pool refill (again) perf intel-pt: Fix CYC timestamps after standalone CBR perf auxtrace: Fix address filter entire kernel size dm ioctl: fix nested locking in table_clear() to remove deadlock concern dm flakey: fix a crash with invalid table line dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path dm clone: call kmem_cache_destroy() in dm_clone_init() error path s390/dasd: fix hanging blockdevice after request requeue btrfs: scrub: reject unsupported scrub flags scripts/gdb: fix lx-timerlist for Python3 clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent wifi: rtl8xxxu: RTL8192EU always needs full init mailbox: zynqmp: Fix typo in IPI documentation mailbox: zynqmp: Fix IPI isr handling md/raid10: fix null-ptr-deref in raid10_sync_request nilfs2: fix infinite loop in nilfs_mdt_get_block() nilfs2: do not write dirty data after degenerating to read-only parisc: Fix argument pointer in real64_call_asm() afs: Fix updating of i_size with dv jump from server dmaengine: at_xdmac: do not enable all cyclic channels dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing dmaengine: dw-edma: Fix to change for continuous transfer phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port pwm: mtk-disp: Disable shadow registers before setting backlight values pwm: mtk-disp: Adjust the clocks to avoid them mismatch pwm: mtk-disp: Don't check the return code of pwmchip_remove() dmaengine: mv_xor_v2: Fix an error code. leds: TI_LMU_COMMON: select REGMAP instead of depending on it ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline openrisc: Properly store r31 to pt_regs on unhandled exceptions clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails clocksource: davinci: axe a pointless __GFP_NOFAIL clocksource/drivers/davinci: Avoid trailing '\n' hidden in pr_fmt() RDMA/mlx5: Use correct device num_ports when modify DC SUNRPC: remove the maximum number of retries in call_bind_status Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe input: raspberrypi-ts: Release firmware handle when not needed firmware: raspberrypi: Introduce devm_rpi_firmware_get() firmware: raspberrypi: Keep count of all consumers NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order RDMA/siw: Remove namespace check from siw_netdev_event() clk: add missing of_node_put() in "assigned-clocks" property parsing power: supply: generic-adc-battery: fix unit scaling rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() rtc: omap: include header for omap_rtc_power_off_program prototype RDMA/rdmavt: Delete unnecessary NULL check RDMA/siw: Fix potential page_array out of range access perf/core: Fix hardlockup failure caused by perf throttle powerpc/rtas: use memmove for potentially overlapping buffer copy macintosh: via-pmu-led: requires ATA to be set powerpc/sysdev/tsi108: fix resource printk format warnings powerpc/wii: fix resource printk format warnings powerpc/mpc512x: fix resource printk format warning macintosh/windfarm_smu_sat: Add missing of_node_put() spmi: Add a check for remove callback when removing a SPMI driver staging: rtl8192e: Fix W_DISABLE# does not work after stop/start serial: 8250: Add missing wakeup event reporting tty: serial: fsl_lpuart: adjust buffer length to the intended size firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe usb: mtu3: fix kernel panic at qmu transfer done irq handler usb: chipidea: fix missing goto in `ci_hdrc_probe` sh: sq: Fix incorrect element size for allocating bitmap buffer uapi/linux/const.h: prefer ISO-friendly __typeof__ spi: cadence-quadspi: fix suspend-resume implementations mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure mtd: spi-nor: cadence-quadspi: Provide a way to disable DAC mode mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry scripts/gdb: bail early if there are no generic PD PM: domains: Fix up terminology with parent/child scripts/gdb: bail early if there are no clocks ia64: salinfo: placate defined-but-not-used warning ia64: mm/contig: fix section mismatch warning/error of: Fix modalias string generation vmci_host: fix a race condition in vmci_host_poll() causing GPF spi: fsl-spi: Fix CPM/QE mode Litte Endian spi: qup: Don't skip cleanup in remove's error path linux/vt_buffer.h: allow either builtin or modular for macros ASoC: es8316: Handle optional IRQ assignment ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() PCI: imx6: Install the fault handler only on compatible match usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition iio: light: max44009: add missing OF device matching fpga: bridge: fix kernel-doc parameter description usb: host: xhci-rcar: remove leftover quirk handling pstore: Revert pmsg_lock back to a normal mutex tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. net: amd: Fix link leak when verifying config failed netlink: Use copy_to_user() for optval in netlink_getsockopt(). Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" ipv4: Fix potential uninit variable access bug in __ip_make_skb() netfilter: nf_tables: don't write table validation state without mutex bpf: Don't EFAULT for getsockopt with optval=NULL ixgbe: Enable setting RSS table to default values ixgbe: Allow flow hash to be set via ethtool wifi: iwlwifi: mvm: check firmware response size wifi: iwlwifi: make the loop for card preparation effective md/raid10: fix memleak of md thread md: update the optimal I/O size on reshape md/raid10: fix memleak for 'conf->bio_split' md/raid10: fix leak of 'r10bio->remaining' for recovery bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" nvme: fix async event trace event nvme: handle the persistent internal error AER bpf, sockmap: fix deadlocks in the sockhash and sockmap scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() crypto: drbg - Only fail when jent is unavailable in FIPS mode crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors bpftool: Fix bug for long instructions in program CFG dumps wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() rtlwifi: Replace RT_TRACE with rtl_dbg rtlwifi: Start changing RT_TRACE into rtl_dbg f2fs: handle dqget error in f2fs_transfer_project_quota() scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS scsi: target: iscsit: Fix TAS handling during conn cleanup net/packet: convert po->auxdata to an atomic flag net/packet: convert po->origdev to an atomic flag net/packet: annotate accesses to po->xmit vlan: partially enable SIOCSHWTSTAMP in container scm: fix MSG_CTRUNC setting condition for SO_PASSSEC wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() tools: bpftool: Remove invalid \' json escape wifi: ath6kl: reduce WARN to dev_dbg() in callback wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() wifi: ath9k: hif_usb: fix memory leak of remain_skbs wifi: ath6kl: minor fix for allocation size tick/common: Align tick period with the HZ tick. tick: Get rid of tick_period tick/sched: Optimize tick_do_update_jiffies64() further tick/sched: Reduce seqcount held scope in tick_do_update_jiffies64() tick/sched: Use tick_next_period for lockless quick check timekeeping: Split jiffies seqlock debugobject: Prevent init race with static objects arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() regulator: stm32-pwr: fix of_iomap leak media: rc: gpio-ir-recv: Fix support for wake-up media: rcar_fdp1: Fix refcount leak in probe and remove function media: rcar_fdp1: Fix the correct variable assignments media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() media: rcar_fdp1: fix pm_runtime_get_sync() usage count media: rcar_fdp1: simplify error check logic at fdp_open() media: saa7134: fix use after free bug in saa7134_finidev due to race condition media: dm1105: Fix use after free bug in dm1105_remove due to race condition x86/apic: Fix atomic update of offset in reserve_eilvt_offset() regulator: core: Avoid lockdep reports when resolving supplies regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data drm/msm/adreno: drop bogus pm_runtime_set_active() drm/msm/adreno: Defer enabling runpm until hw_init() drm/msm: fix unbalanced pm_runtime_enable in adreno_gpu_{init, cleanup} firmware: qcom_scm: Clear download bit during reboot media: av7110: prevent underflow in write_ts_to_decoder() media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format. media: bdisp: Add missing check for create_workqueue ARM: dts: qcom: ipq8064: Fix the PCI I/O port range ARM: dts: qcom: ipq8064: reduce pci IO size to 64K ARM: dts: qcom: ipq4019: Fix the PCI I/O port range EDAC/skx: Fix overflows on the DRAM row address mapping arrays arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table drm/probe-helper: Cancel previous job before starting new one drm/vgem: add missing mutex_destroy drm/rockchip: Drop unbalanced obj unref erofs: fix potential overflow calculating xattr_isize erofs: stop parsing non-compact HEAD index if clusterofs is invalid tpm, tpm_tis: Do not skip reset of original interrupt vector selinux: ensure av_permissions.h is built when needed selinux: fix Makefile dependencies of flask.h ubifs: Free memory for tmpfile name ubi: Fix return value overwrite issue in try_write_vid_and_data() ubifs: Fix memleak when insert_old_idx() failed Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" i2c: omap: Fix standard mode false ACK readings KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted reiserfs: Add security prefix to xattr name in reiserfs_security_write() ring-buffer: Sync IRQ works before buffer destruction pwm: meson: Fix g12a ao clk81 name pwm: meson: Fix axg ao mux parents kheaders: Use array declaration instead of char ipmi: fix SSIF not responding under certain cond. ipmi:ssif: Add send_retries increment MIPS: fw: Allow firmware to pass a empty env xhci: fix debugfs register accesses while suspended debugfs: regset32: Add Runtime PM support staging: iio: resolver: ads1210: fix config mode perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE) USB: dwc3: fix runtime pm imbalance on unbind USB: dwc3: fix runtime pm imbalance on probe errors asm-generic/io.h: suppress endianness warnings for readq() and writeq() ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 iio: adc: palmas_gpadc: fix NULL dereference on rmmod USB: serial: option: add UNISOC vendor and TOZED LT70C product bluetooth: Perform careful capability checks in hci_sock_ioctl() drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() counter: 104-quad-8: Fix race condition between FLAG and CNTR reads Conflicts: drivers/firmware/qcom_scm.c drivers/md/dm-verity-target.c drivers/usb/dwc3/core.c drivers/usb/dwc3/debugfs.c drivers/usb/gadget/function/f_fs.c Change-Id: Iedad1fcca99a9b739e08ea6d60988800b3a7aefa |
||
Vladimir Oltean
|
e9c2687988 |
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
[ Upstream commit 6ca3c005d0604e8d2b439366e3923ea58db99641 ]
According to the synchronization rules for .ndo_get_stats() as seen in
Documentation/networking/netdevices.rst, acquiring a plain spin_lock()
should not be illegal, but the bridge driver implementation makes it so.
After running these commands, I am being faced with the following
lockdep splat:
$ ip link add link swp0 name macsec0 type macsec encrypt on && ip link set swp0 up
$ ip link add dev br0 type bridge vlan_filtering 1 && ip link set br0 up
$ ip link set macsec0 master br0 && ip link set macsec0 up
========================================================
WARNING: possible irq lock inversion dependency detected
6.4.0-04295-g31b577b4bd4a #603 Not tainted
--------------------------------------------------------
swapper/1/0 just changed the state of lock:
ffff6bd348724cd8 (&br->lock){+.-.}-{3:3}, at: br_forward_delay_timer_expired+0x34/0x198
but this lock took another, SOFTIRQ-unsafe lock in the past:
(&ocelot->stats_lock){+.+.}-{3:3}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Chain exists of:
&br->lock --> &br->hash_lock --> &ocelot->stats_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ocelot->stats_lock);
local_irq_disable();
lock(&br->lock);
lock(&br->hash_lock);
<Interrupt>
lock(&br->lock);
*** DEADLOCK ***
(details about the 3 locks skipped)
swp0 is instantiated by drivers/net/dsa/ocelot/felix.c, and this
only matters to the extent that its .ndo_get_stats64() method calls
spin_lock(&ocelot->stats_lock).
Documentation/locking/lockdep-design.rst says:
| A lock is irq-safe means it was ever used in an irq context, while a lock
| is irq-unsafe means it was ever acquired with irq enabled.
(...)
| Furthermore, the following usage based lock dependencies are not allowed
| between any two lock-classes::
|
| <hardirq-safe> -> <hardirq-unsafe>
| <softirq-safe> -> <softirq-unsafe>
Lockdep marks br->hash_lock as softirq-safe, because it is sometimes
taken in softirq context (for example br_fdb_update() which runs in
NET_RX softirq), and when it's not in softirq context it blocks softirqs
by using spin_lock_bh().
Lockdep marks ocelot->stats_lock as softirq-unsafe, because it never
blocks softirqs from running, and it is never taken from softirq
context. So it can always be interrupted by softirqs.
There is a call path through which a function that holds br->hash_lock:
fdb_add_hw_addr() will call a function that acquires ocelot->stats_lock:
ocelot_port_get_stats64(). This can be seen below:
ocelot_port_get_stats64+0x3c/0x1e0
felix_get_stats64+0x20/0x38
dsa_slave_get_stats64+0x3c/0x60
dev_get_stats+0x74/0x2c8
rtnl_fill_stats+0x4c/0x150
rtnl_fill_ifinfo+0x5cc/0x7b8
rtmsg_ifinfo_build_skb+0xe4/0x150
rtmsg_ifinfo+0x5c/0xb0
__dev_notify_flags+0x58/0x200
__dev_set_promiscuity+0xa0/0x1f8
dev_set_promiscuity+0x30/0x70
macsec_dev_change_rx_flags+0x68/0x88
__dev_set_promiscuity+0x1a8/0x1f8
__dev_set_rx_mode+0x74/0xa8
dev_uc_add+0x74/0xa0
fdb_add_hw_addr+0x68/0xd8
fdb_add_local+0xc4/0x110
br_fdb_add_local+0x54/0x88
br_add_if+0x338/0x4a0
br_add_slave+0x20/0x38
do_setlink+0x3a4/0xcb8
rtnl_newlink+0x758/0x9d0
rtnetlink_rcv_msg+0x2f0/0x550
netlink_rcv_skb+0x128/0x148
rtnetlink_rcv+0x24/0x38
the plain English explanation for it is:
The macsec0 bridge port is created without p->flags & BR_PROMISC,
because it is what br_manage_promisc() decides for a VLAN filtering
bridge with a single auto port.
As part of the br_add_if() procedure, br_fdb_add_local() is called for
the MAC address of the device, and this results in a call to
dev_uc_add() for macsec0 while the softirq-safe br->hash_lock is taken.
Because macsec0 does not have IFF_UNICAST_FLT, dev_uc_add() ends up
calling __dev_set_promiscuity() for macsec0, which is propagated by its
implementation, macsec_dev_change_rx_flags(), to the lower device: swp0.
This triggers the call path:
dev_set_promiscuity(swp0)
-> rtmsg_ifinfo()
-> dev_get_stats()
-> ocelot_port_get_stats64()
with a calling context that lockdep doesn't like (br->hash_lock held).
Normally we don't see this, because even though many drivers that can be
bridge ports don't support IFF_UNICAST_FLT, we need a driver that
(a) doesn't support IFF_UNICAST_FLT, *and*
(b) it forwards the IFF_PROMISC flag to another driver, and
(c) *that* driver implements ndo_get_stats64() using a softirq-unsafe
spinlock.
Condition (b) is necessary because the first __dev_set_rx_mode() calls
__dev_set_promiscuity() with "bool notify=false", and thus, the
rtmsg_ifinfo() code path won't be entered.
The same criteria also hold true for DSA switches which don't report
IFF_UNICAST_FLT. When the DSA master uses a spin_lock() in its
ndo_get_stats64() method, the same lockdep splat can be seen.
I think the deadlock possibility is real, even though I didn't reproduce
it, and I'm thinking of the following situation to support that claim:
fdb_add_hw_addr() runs on a CPU A, in a context with softirqs locally
disabled and br->hash_lock held, and may end up attempting to acquire
ocelot->stats_lock.
In parallel, ocelot->stats_lock is currently held by a thread B (say,
ocelot_check_stats_work()), which is interrupted while holding it by a
softirq which attempts to lock br->hash_lock.
Thread B cannot make progress because br->hash_lock is held by A. Whereas
thread A cannot make progress because ocelot->stats_lock is held by B.
When taking the issue at face value, the bridge can avoid that problem
by simply making the ports promiscuous from a code path with a saner
calling context (br->hash_lock not held). A bridge port without
IFF_UNICAST_FLT is going to become promiscuous as soon as we call
dev_uc_add() on it (which we do unconditionally), so why not be
preemptive and make it promiscuous right from the beginning, so as to
not be taken by surprise.
With this, we've broken the links between code that holds br->hash_lock
or br->lock and code that calls into the ndo_change_rx_flags() or
ndo_get_stats64() ops of the bridge port.
Fixes:
|
||
|
Michael Bestas
|
a8a0447e0d
|
Merge tag 'ASB-2023-06-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-06-01 * tag 'ASB-2023-06-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: io_uring: have io_kill_timeout() honor the request references UPSTREAM: io_uring: don't drop completion lock before timer is fully initialized UPSTREAM: io_uring: always grab lock in io_cancel_async_work() UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize UPSTREAM: cdc_ncm: Fix the build warning UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block() Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse"" FROMLIST: binder: fix UAF caused by faulty buffer cleanup Linux 5.4.242 ASN.1: Fix check for strdup() success iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() pwm: meson: Explicitly set .polarity in .get_state() xfs: fix forkoff miscalculation related to XFS_LITINO(mp) sctp: Call inet6_destroy_sock() via sk->sk_destruct(). dccp: Call inet6_destroy_sock() via sk->sk_destruct(). inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). ext4: fix use-after-free in ext4_xattr_set_entry ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() Revert "ext4: fix use-after-free in ext4_xattr_set_entry" x86/purgatory: Don't generate debug info for purgatory.ro MIPS: Define RUNTIME_DISCARD_EXIT in LD script mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 memstick: fix memory leak if card device is never registered nilfs2: initialize unused bytes in segment summary blocks iio: light: tsl2772: fix reading proximity-diodes from device tree xen/netback: use same error messages for same errors nvme-tcp: fix a possible UAF when failing to allocate an io queue s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling net: dsa: b53: mmap: add phy ops scsi: core: Improve scsi_vpd_inquiry() checks scsi: megaraid_sas: Fix fw_crash_buffer_show() selftests: sigaltstack: fix -Wuninitialized Input: i8042 - add quirk for Fujitsu Lifebook A574/H f2fs: Fix f2fs_truncate_partial_nodes ftrace event e1000e: Disable TSO on i219-LM card to increase speed bpf: Fix incorrect verifier pruning due to missing register precision taints mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() i40e: fix i40e_setup_misc_vector() error handling i40e: fix accessing vsi->active_filters without holding lock netfilter: nf_tables: fix ifdef to also consider nf_tables=m virtio_net: bugfix overflow inside xdp_linearize_page() net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg regulator: fan53555: Explicitly include bits header netfilter: br_netfilter: fix recent physdev match breakage arm64: dts: meson-g12-common: specify full DMC range ARM: dts: rockchip: fix a typo error for rk3288 spdif node Linux 5.4.241 xfs: force log and push AIL to clear pinned inodes when aborting mount xfs: don't reuse busy extents on extent trim xfs: consider shutdown in bmapbt cursor delete assert xfs: shut down the filesystem if we screw up quota reservation xfs: report corruption only as a regular error xfs: set inode size after creating symlink xfs: fix up non-directory creation in SGID directories xfs: remove the di_version field from struct icdinode xfs: simplify a check in xfs_ioctl_setattr_check_cowextsize xfs: simplify di_flags2 inheritance in xfs_ialloc xfs: only check the superblock version for dinode size calculation xfs: add a new xfs_sb_version_has_v3inode helper xfs: remove the kuid/kgid conversion wrappers xfs: remove the icdinode di_uid/di_gid members xfs: ensure that the inode uid/gid match values match the icdinode ones xfs: merge the projid fields in struct xfs_icdinode xfs: show the proper user quota options coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug watchdog: sbsa_wdog: Make sure the timeout programming is within the limits i2c: ocores: generate stop condition after timeout in polling mode ubi: Fix deadlock caused by recursively holding work_sem mtd: ubi: wl: Fix a couple of kernel-doc issues ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size asymmetric_keys: log on fatal failures in PE/pkcs7 verify_pefile: relax wrapper length check drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L i2c: imx-lpi2c: clean rx/tx buffers upon new message power: supply: cros_usbpd: reclassify "default case!" as debug net: macb: fix a memory corruption in extended buffer descriptor mode udp6: fix potential access to stale information RDMA/core: Fix GID entry ref leak when create_ah fails sctp: fix a potential overflow in sctp_ifwdtsn_skip qlcnic: check pci_reset_function result niu: Fix missing unwind goto in niu_alloc_channels() 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition mtd: rawnand: stm32_fmc2: remove unsupported EDO mode mtd: rawnand: meson: fix bitmask for length in command word mtdblock: tolerate corrected bit-flips btrfs: fix fast csum implementation detection btrfs: print checksum type and implementation at mount time Bluetooth: Fix race condition in hidp_session_thread Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() ALSA: i2c/cs8427: fix iec958 mixer control deactivation ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard ALSA: emu10k1: fix capture interrupt handler unlinking Revert "pinctrl: amd: Disable and mask interrupts on resume" irqdomain: Fix mapping-creation race irqdomain: Refactor __irq_domain_alloc_irqs() irqdomain: Look for existing mapping only once mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() ring-buffer: Fix race while reader and writer are on the same page drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path net_sched: prevent NULL dereference if default qdisc setup failed tracing: Free error logs of tracing instances can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access ftrace: Mark get_lock_parent_ip() __always_inline perf/core: Fix the same task check in perf_event_set_output ALSA: hda/realtek: Add quirk for Clevo X370SNW nilfs2: fix sysfs interface lifetime nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty tty: serial: sh-sci: Fix Rx on RZ/G2L SCI tty: serial: sh-sci: Fix transmit end interrupt handler iio: dac: cio-dac: Fix max DAC write value check for 12-bit iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip USB: serial: option: add Quectel RM500U-CN modem USB: serial: option: add Telit FE990 compositions usb: typec: altmodes/displayport: Fix configure initial pin assignment USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu NFSD: callback request does not use correct credential for AUTH_SYS sunrpc: only free unix grouplist after RCU settles gpio: davinci: Add irq chip flag to skip set wake ipv6: Fix an uninit variable access bug in __ip6_make_skb() sctp: check send stream number after wait_for_sndbuf net: don't let netpoll invoke NAPI if in xmit context icmp: guard against too small mtu wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta pwm: sprd: Explicitly set .polarity in .get_state() pwm: cros-ec: Explicitly set .polarity in .get_state() pinctrl: amd: Disable and mask interrupts on resume pinctrl: amd: disable and mask interrupts on probe pinctrl: amd: Use irqchip template smb3: fix problem with null cifs super block with previous patch treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() Revert "treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()" cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot scsi: ses: Handle enclosure with just a primary component gracefully Linux 5.4.240 gfs2: Always check inode size of inline inodes firmware: arm_scmi: Fix device node validation for mailbox transport net: sched: fix race condition in qdisc_graft() net_sched: add __rcu annotation to netdev->qdisc ext4: fix kernel BUG in 'ext4_write_inline_data_end()' btrfs: scan device in non-exclusive mode s390/uaccess: add missing earlyclobber annotations to __clear_user() drm/etnaviv: fix reference leak when mmaping imported buffer ALSA: usb-audio: Fix regression on detection of Roland VS-100 ALSA: hda/conexant: Partial revert of a quirk for Lenovo NFSv4: Fix hangs when recovering open state after a server reboot pinctrl: at91-pio4: fix domain name assignment xen/netback: don't do grant copy across page boundary Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL cifs: prevent infinite recursion in CIFSGetDFSRefer() Input: focaltech - use explicitly signed char type Input: alps - fix compatibility with -funsigned-char pinctrl: ocelot: Fix alt mode for ocelot net: mvneta: make tx buffer array agnostic net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only bnxt_en: Fix typo in PCI id to device description string mapping i40e: fix registers dump after run ethtool adapter self test s390/vfio-ap: fix memory leak in vfio_ap device driver can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write net/net_failover: fix txq exceeding warning regulator: Handle deferred clk regulator: fix spelling mistake "Cant" -> "Can't" ptp_qoriq: fix memory leak in probe() scsi: megaraid_sas: Fix crash after a double completion mtd: rawnand: meson: invalidate cache on polling ECC bit mips: bmips: BCM6358: disable RAC flush for TP1 dma-mapping: drop the dev argument to arch_sync_dma_for_* ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() fbdev: au1200fb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: nvidia: Fix potential divide by zero sched_getaffinity: don't assume 'cpumask_size()' is fully initialized fbdev: tgafb: Fix potential divide by zero ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() ALSA: asihpi: check pao in control_message() md: avoid signed overflow in slot_store() bus: imx-weim: fix branch condition evaluates to a garbage value fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY ocfs2: fix data corruption after failed write tun: avoid double free in tun_free_netdev sched/fair: Sanitize vruntime of entity being migrated sched/fair: sanitize vruntime of entity being placed dm crypt: add cond_resched() to dmcrypt_write() dm stats: check for and propagate alloc_percpu failure i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() wifi: mac80211: fix qos on mesh interfaces usb: chipidea: core: fix possible concurrent when switch role usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: cdns3: Fix issue with using incorrect PCI device function dm thin: fix deadlock when swapping to thin device igb: revert rtnl_lock() that causes deadlock fsverity: Remove WQ_UNBOUND from fsverity read workqueue usb: gadget: u_audio: don't let userspace block driver unbind scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR cifs: empty interface list when server doesn't support query interfaces sh: sanitize the flags on sigreturn net: usb: qmi_wwan: add Telit 0x1080 composition net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 scsi: lpfc: Avoid usage of list iterator variable after loop scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: target: iscsi: Fix an error message in iscsi_check_key() selftests/bpf: check that modifier resolves after pointer m68k: Only force 030 bus error if PC not in exception table ca8210: fix mac_len negative array access riscv: Bump COMMAND_LINE_SIZE value to 1024 thunderbolt: Use const qualifier for `ring_interrupt_index` uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 scsi: qla2xxx: Perform lockless command completion in abort path hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work Bluetooth: btqcomsmd: Fix command timeout after setting BD address net: mdio: thunder: Add missing fwnode_handle_put() hvc/xen: prevent concurrent accesses to the shared ring nvme-tcp: fix nvme_tcp_term_pdu to match spec net/sonic: use dma_mapping_error() for error check erspan: do not use skb_mac_header() in ndo_start_xmit() atm: idt77252: fix kmemleak when rmmod idt77252 net/mlx5: Read the TC mapping of all priorities on ETS query bpf: Adjust insufficient default bpf_jit_limit keys: Do not cache key in task struct if key is requested from kernel thread net/ps3_gelic_net: Use dma_mapping_error net/ps3_gelic_net: Fix RX sk_buff length net: qcom/emac: Fix use after free bug in emac_remove due to race condition xirc2ps_cs: Fix use after free bug in xirc2ps_detach qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info net: usb: smsc95xx: Limit packet length to skb->len scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() i2c: imx-lpi2c: check only for enabled interrupt flags igbvf: Regard vf reset nack as success intel/igbvf: free irq on the error path in igbvf_request_msix() iavf: fix non-tunneled IPv6 UDP packet type and hashing iavf: fix inverted Rx hash condition leading to disabled hash power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() Linux 5.4.239 selftests: Fix the executable permissions for fib_tests.sh BACKPORT: mac80211_hwsim: notify wmediumd of used MAC addresses FROMGIT: mac80211_hwsim: add concurrent channels scanning support over virtio Revert "HID: core: Provide new max_buffer_size attribute to over-ride the default" Revert "HID: uhid: Over-ride the default maximum data buffer value with our own" Linux 5.4.238 HID: uhid: Over-ride the default maximum data buffer value with our own HID: core: Provide new max_buffer_size attribute to over-ride the default PCI: Unify delay handling for reset and resume s390/ipl: add missing intersection check to ipl_report handling serial: 8250_em: Fix UART port type drm/i915: Don't use stolen memory for ring buffers with LLC x86/mm: Fix use of uninitialized buffer in sme_enable() fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks ftrace: Fix invalid address access in lookup_rec() when index is 0 KVM: nVMX: add missing consistency checks for CR0 and CR4 tracing: Make tracepoint lockdep check actually test something tracing: Check field value in hist_field_name() interconnect: fix mem leak when freeing nodes tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted ext4: fix possible double unlock when moving a directory sh: intc: Avoid spurious sizeof-pointer-div warning drm/amdkfd: Fix an illegal memory access ext4: fix task hung in ext4_xattr_delete_inode ext4: fail ext4_iget if special inode unallocated jffs2: correct logic when creating a hole in jffs2_write_begin mmc: atmel-mci: fix race between stop command and start of next command media: m5mols: fix off-by-one loop termination error hwmon: (ina3221) return prober error code hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition hwmon: (adt7475) Fix masking of hysteresis registers hwmon: (adt7475) Display smoothing attributes in correct order ethernet: sun: add check for the mdesc_grab() net/iucv: Fix size of interrupt data net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull ipv4: Fix incorrect table ID in IOCTL path block: sunvdc: add check for mdesc_grab() returning NULL nvmet: avoid potential UAF in nvmet_req_complete() net: usb: smsc75xx: Limit packet length to skb->len nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails net: tunnels: annotate lockless accesses to dev->needed_headroom qed/qed_dev: guard against a possible division by zero i40e: Fix kernel crash during reboot when adapter is in recovery mode ipvlan: Make skb->skb_iif track skb->dev for l3s mode nfc: pn533: initialize struct pn533_out_arg properly tcp: tcp_make_synack() can be called from process context scsi: core: Fix a procfs host directory removal regression scsi: core: Fix a comment in function scsi_host_dev_release() netfilter: nft_redir: correct value of inet type `.maxattrs` ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid ALSA: hda - controller is in GPU on the DG1 ALSA: hda - add Intel DG1 PCI and HDMI ids scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate clk: HI655X: select REGMAP instead of depending on it drm/meson: fix 1px pink line on GXM when scaling video overlay cifs: Move the in_send statistic to __smb_send_rqst() drm/panfrost: Don't sync rpm suspension after mmu flushing xfrm: Allow transport-mode states with AF_UNSPEC selector ext4: fix cgroup writeback accounting with fs-layer encryption ANDROID: preserve CRC for __irq_domain_add() Revert "drm/exynos: Don't reset bridge->next" Revert "drm/bridge: Rename bridge helpers targeting a bridge chain" Revert "drm/bridge: Introduce drm_bridge_get_next_bridge()" Revert "drm: Initialize struct drm_crtc_state.no_vblank from device settings" Revert "drm/msm/mdp5: Add check for kzalloc" Linux 5.4.237 s390/dasd: add missing discipline function UML: define RUNTIME_DISCARD_EXIT sh: define RUNTIME_DISCARD_EXIT s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT arch: fix broken BuildID for arm64 and riscv x86, vmlinux.lds: Add RUNTIME_DISCARD_EXIT to generic DISCARDS drm/i915: Don't use BAR mappings for ring buffers with LLC ipmi:watchdog: Set panic count to proper value on a panic ipmi/watchdog: replace atomic_add() and atomic_sub() media: ov5640: Fix analogue gain control PCI: Add SolidRun vendor ID macintosh: windfarm: Use unsigned type for 1-bit bitfields alpha: fix R_ALPHA_LITERAL reloc for large modules MIPS: Fix a compilation issue ext4: Fix deadlock during directory rename riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode net/smc: fix fallback failed while sendmsg with fastopen scsi: megaraid_sas: Update max supported LD IDs to 240 btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR netfilter: tproxy: fix deadlock due to missing BH disable bnxt_en: Avoid order-5 memory allocation for TPA data net: caif: Fix use-after-free in cfusbl_device_notify() net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver net: usb: lan78xx: Remove lots of set but unused 'ret' variables selftests: nft_nat: ensuring the listening side is up before starting the client ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register ext4: Fix possible corruption when moving a directory scsi: core: Remove the /proc/scsi/${proc_name} directory earlier cifs: Fix uninitialized memory read in smb3_qfs_tcon() SMB3: Backup intent flag missing from some more ops iommu/vt-d: Fix PASID directory pointer coherency irqdomain: Fix domain registration race irqdomain: Change the type of 'size' in __irq_domain_add() to be consistent ipmi:ssif: Add a timer between request retries ipmi:ssif: Increase the message retry time ipmi:ssif: Remove rtc_us_timer ipmi:ssif: resend_msg() cannot fail ipmi:ssif: make ssif_i2c_send() void iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands nfc: change order inside nfc_se_io error path ext4: zero i_disksize when initializing the bootloader inode ext4: fix WARNING in ext4_update_inline_data ext4: move where set the MAY_INLINE_DATA flag is set ext4: fix another off-by-one fsmap error on 1k block filesystems ext4: fix RENAME_WHITEOUT handling for inline directories drm/connector: print max_requested_bpc in state debugfs x86/CPU/AMD: Disable XSAVES on AMD family 0x17 fs: prevent out-of-bounds array speculation when closing a file descriptor Linux 5.4.236 staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" Linux 5.4.235 dt-bindings: rtc: sun6i-a31-rtc: Loosen the requirements on the clocks media: uvcvideo: Fix race condition with usb_kill_urb media: uvcvideo: Provide sync and async uvc_ctrl_status_event tcp: Fix listen() regression in 5.4.229. Bluetooth: hci_sock: purge socket queues in the destruct() callback x86/resctl: fix scheduler confusion with 'current' x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid} net: tls: avoid hanging tasks on the tx_lock phy: rockchip-typec: Fix unsigned comparison with less than zero PCI: Add ACS quirk for Wangxun NICs kernel/fail_function: fix memory leak with using debugfs_lookup() usb: uvc: Enumerate valid values for color matching USB: ene_usb6250: Allocate enough memory for full object usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() tools/iio/iio_utils:fix memory leak mei: bus-fixup:upon error print return values of send and receive tty: serial: fsl_lpuart: disable the CTS when send break signal tty: fix out-of-bounds access in tty_driver_lookup_tty() staging: emxx_udc: Add checks for dma_alloc_coherent() media: uvcvideo: Silence memcpy() run-time false positive warnings media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Handle cameras with invalid descriptors mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 tracing: Add NULL checks for buffer in ring_buffer_free_read_page() thermal: intel: BXT_PMIC: select REGMAP instead of depending on it thermal: intel: quark_dts: fix error pointer dereference scsi: ipr: Work around fortify-string warning rtc: sun6i: Always export the internal oscillator rtc: sun6i: Make external 32k oscillator optional vc_screen: modify vcs_size() handling in vcs_read() tcp: tcp_check_req() can be called from process context ARM: dts: spear320-hmi: correct STMPE GPIO compatible net/sched: act_sample: fix action bind logic nfc: fix memory leak of se_io context in nfc_genl_se_io net/mlx5: Geneve, Fix handling of Geneve object id as error code 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() 9p/xen: fix connection sequence 9p/xen: fix version parsing net: fix __dev_kfree_skb_any() vs drop monitor sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop ipv6: Add lwtunnel encap size of all siblings in nexthop calculation netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() watchdog: pcwd_usb: Fix attempting to access uninitialized memory watchdog: Fix kmemleak in watchdog_cdev_register watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: Re-statistic cleaned znode count if commit failed ubi: Fix possible null-ptr-deref in ubi_free_volume() ubifs: Fix memory leak in alloc_wbufs() ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubi: Fix use-after-free when volume resizing failed ubifs: Reserve one leb for each journal head while doing budget ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Fix wrong dirty space budget for dirty inode ubifs: Rectify space budget for ubifs_xrename() ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubifs: Fix build errors as symbol undefined ubi: ensure that VID header offset + VID header size <= alloc, size um: vector: Fix memory leak in vector_config fs: f2fs: initialize fsdata in pagecache_write() f2fs: use memcpy_{to,from}_page() where possible pwm: stm32-lp: fix the check on arr and cmp registers update pwm: sifive: Always let the first pwm_apply_state succeed pwm: sifive: Reduce time the controller lock is held fs/jfs: fix shift exponent db_agl2size negative net/sched: Retire tcindex classifier kbuild: Port silent mode detection to future gnu make. wifi: ath9k: use proper statements in conditionals drm/radeon: Fix eDP for single-display iMac11,2 drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv PCI: Avoid FLR for AMD FCH AHCI adapters PCI: hotplug: Allow marking devices as disconnected during bind/unbind PCI/PM: Observe reset delay irrespective of bridge_d3 scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() scsi: ses: Fix possible desc_ptr out-of-bounds accesses scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() scsi: ses: Don't attach if enclosure has no components scsi: qla2xxx: Fix erroneous link down scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests scsi: qla2xxx: Fix link failure in NPIV environment ktest.pl: Add RUN_TIMEOUT option with default unlimited ktest.pl: Fix missing "end_monitor" when machine check fails ktest.pl: Give back console on Ctrt^C on monitor mm/thp: check and bail out if page in deferred queue already mm: memcontrol: deprecate charge moving media: ipu3-cio2: Fix PM runtime usage_count in driver unbind mips: fix syscall_get_nr alpha: fix FEN fault handling rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails ARM: dts: exynos: correct TMU phandle in Odroid XU ARM: dts: exynos: correct TMU phandle in Exynos4 dm flakey: don't corrupt the zero page dm flakey: fix logic when corrupting a bio thermal: intel: powerclamp: Fix cur_state for multi package system wifi: cfg80211: Fix use after free for wext wifi: rtl8xxxu: Use a longer retry limit of 48 ext4: refuse to create ea block when umounted ext4: optimize ea_inode block expansion ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() irqdomain: Drop bogus fwspec-mapping error handling irqdomain: Fix disassociation race irqdomain: Fix association race ima: Align ima_file_mmap() parameters with mmap_file LSM hook Documentation/hw-vuln: Document the interaction between IBRS and STIBP x86/speculation: Allow enabling STIBP with legacy IBRS x86/microcode/AMD: Fix mixed steppings support x86/microcode/AMD: Add a @cpu parameter to the reloading functions x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range x86/kprobes: Fix __recover_optprobed_insn check optimizing logic x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/reboot: Disable virtualization in an emergency if SVM is supported x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) KVM: s390: disable migration mode when dirty tracking is disabled KVM: Destroy target device if coalesced MMIO unregistration fails udf: Fix file corruption when appending just after end of preallocated extent udf: Detect system inodes linked into directory hierarchy udf: Preserve link count of system files udf: Do not update file length for failed writes to inline files udf: Do not bother merging very long extents udf: Truncate added extents on failed expansion ocfs2: fix non-auto defrag path not working issue ocfs2: fix defrag path triggering jbd2 ASSERT f2fs: fix cgroup writeback accounting with fs-layer encryption f2fs: fix information leak in f2fs_move_inline_dirents() fs: hfsplus: fix UAF issue in hfsplus_put_super hfs: fix missing hfs_bnode_get() in __hfs_bnode_create ARM: dts: exynos: correct HDMI phy compatible in Exynos4 s390/kprobes: fix current_kprobe never cleared after kprobes reenter s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler s390: discard .interp section ipmi_ssif: Rename idle state and check rtc: pm8xxx: fix set-alarm race firmware: coreboot: framebuffer: Ignore reserved pixel color bits wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu nfsd: zero out pointers after putting nfsd_files on COPY setup error dm cache: add cond_resched() to various workqueue loops dm thin: add cond_resched() to various workqueue loops drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 pinctrl: at91: use devm_kasprintf() to avoid potential leaks hwmon: (coretemp) Simplify platform device handling regulator: s5m8767: Bounds check id indexing into arrays regulator: max77802: Bounds check regulator id against opmode ASoC: kirkwood: Iterate over array indexes instead of using pointer math docs/scripts/gdb: add necessary make scripts_gdb step drm/msm/dsi: Add missing check for alloc_ordered_workqueue drm/radeon: free iio for atombios when driver shutdown HID: Add Mapping for System Microphone Mute drm/omap: dsi: Fix excessive stack usage drm/amd/display: Fix potential null-deref in dm_resume uaccess: Add minimum bounds check on kernel buffer size coda: Avoid partial allocation of sig_inputArgs net/mlx5: fw_tracer: Fix debug print ACPI: video: Fix Lenovo Ideapad Z570 DMI match wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup m68k: Check syscall_trace_enter() return code net: bcmgenet: Add a check for oversized packets ACPI: Don't build ACPICA with '-Os' ice: add missing checks for PF vsi type inet: fix fast path in __inet_hash_connect() wifi: mt7601u: fix an integer underflow wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds x86/bugs: Reset speculation control settings on init timers: Prevent union confusion from unexpected restart_syscall() thermal: intel: Fix unsigned comparison with less than zero rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() blk-iocost: fix divide by 0 error in calc_lcoefs() ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy udf: Define EFSCORRUPTED error code rpmsg: glink: Avoid infinite loop on intent for missing channel media: usb: siano: Fix use after free bugs caused by do_submit_urb media: i2c: ov7670: 0 instead of -EINVAL was returned media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() media: i2c: ov772x: Fix memleak in ov772x_probe() media: ov5675: Fix memleak in ov5675_init_controls() powerpc: Remove linker flag from KBUILD_AFLAGS media: platform: ti: Add missing check for devm_regulator_get remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers MIPS: vpe-mt: drop physical_memsize MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set powerpc/eeh: Set channel state after notifying the drivers powerpc/eeh: Small refactor of eeh_handle_normal_event() powerpc/rtas: ensure 4KB alignment for rtas_data_buf powerpc/rtas: make all exports GPL powerpc/pseries/lparcfg: add missing RTAS retry status handling powerpc/pseries/lpar: add missing RTAS retry status handling clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() powerpc/powernv/ioda: Skip unallocated resources when mapping to PE clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC Input: ads7846 - don't check penirq immediately for 7845 Input: ads7846 - don't report pressure for ads7845 clk: renesas: cpg-mssr: Remove superfluous check in resume code clk: renesas: cpg-mssr: Use enum clk_reg_layout instead of a boolean flag clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed mtd: rawnand: sunxi: Fix the size of the last OOB region clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() selftests/ftrace: Fix bash specific "==" operator sparc: allow PM configs for sparc32 COMPILE_TEST perf tools: Fix auto-complete on aarch64 perf llvm: Fix inadvertent file creation gfs2: jdata writepage fix cifs: Fix warning and UAF when destroy the MR list cifs: Fix lost destroy smbd connection when MR allocate failed nfsd: fix race to check ls_layouts hid: bigben_probe(): validate report count HID: asus: Fix mute and touchpad-toggle keys on Medion Akoya E1239T HID: asus: Add support for multi-touch touchpad on Medion Akoya E1239T HID: asus: Add report_size to struct asus_touchpad_info HID: asus: Only set EV_REP if we are adding a mapping HID: bigben: use spinlock to safely schedule workers HID: bigben_worker() remove unneeded check on report_field HID: bigben: use spinlock to protect concurrent accesses ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared ASoC: dapm: declare missing structure prototypes spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() dm: remove flush_scheduled_work() during local_exit() hwmon: (mlxreg-fan) Return zero speed for broken fan spi: bcm63xx-hsspi: Fix multi-bit mode setting spi: bcm63xx-hsspi: fix pm_runtime scsi: aic94xx: Add missing check for dma_map_single() hwmon: (ltc2945) Handle error case in ltc2945_value_store gpio: vf610: connect GPIO label to dev name ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() drm/mediatek: Clean dangling pointer on bind error path drm/mediatek: Drop unbalanced obj unref drm/mediatek: Use NULL instead of 0 for NULL pointer drm/mediatek: remove cast to pointers passed to kfree gpu: host1x: Don't skip assigning syncpoints to channels drm/msm/mdp5: Add check for kzalloc drm: Initialize struct drm_crtc_state.no_vblank from device settings drm/bridge: Introduce drm_bridge_get_next_bridge() drm/bridge: Rename bridge helpers targeting a bridge chain drm/exynos: Don't reset bridge->next drm/msm/dpu: Add check for pstates drm/msm/dpu: Add check for cstate drm/msm: use strscpy instead of strncpy drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness ALSA: hda/ca0132: minor fix for allocation size ASoC: fsl_sai: initialize is_dsp_mode flag pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain drm/msm/hdmi: Add missing check for alloc_ordered_workqueue gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() drm/vc4: dpi: Fix format mapping for RGB565 drm/vc4: dpi: Add option for inverting pixel clock and output enable drm/bridge: megachips: Fix error handling in i2c_register_driver() drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats selftest: fib_tests: Always cleanup before exit selftests/net: Interpret UDP_GRO cmsg data as an int value irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error thermal/drivers/hisi: Drop second sensor hi3660 wifi: mac80211: make rate u32 in sta_set_rate_info_rx() crypto: crypto4xx - Call dma_unmap_page when done wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() wifi: iwl4965: Add missing check for create_singlethread_workqueue() wifi: iwl3945: Add missing check for create_singlethread_workqueue treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() usb: gadget: udc: Avoid tasklet passing a global RISC-V: time: initialize hrtimer based broadcast clock event device m68k: /proc/hardware should depend on PROC_FS crypto: rsa-pkcs1pad - Use akcipher_request_complete rds: rds_rm_zerocopy_callback() correct order for list_add_tail() libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() Bluetooth: L2CAP: Fix potential user-after-free OPP: fix error checking in opp_migrate_dentry() tap: tap_open(): correctly initialize socket uid tun: tun_chr_open(): correctly initialize socket uid net: add sock_init_data_uid() mptcp: add sk_stop_timer_sync helper irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains net/mlx5: Enhance debug print in page allocation failure powercap: fix possible name leak in powercap_register_zone() crypto: seqiv - Handle EBUSY correctly crypto: essiv - Handle EBUSY correctly crypto: essiv - remove redundant null pointer check before kfree crypto: ccp - Failure on re-initialization due to duplicate sysfs filename ACPI: battery: Fix missing NUL-termination with large strings wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails ath9k: htc: clean up statistics macros ath9k: hif_usb: simplify if-if to if-else wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function wifi: orinoco: check return value of hermes_write_wordrec() ACPICA: nsrepair: handle cases without a return value correctly lib/mpi: Fix buffer overrun when SG is too long genirq: Fix the return type of kstat_cpu_irqs_sum() ACPICA: Drop port I/O validation for some regions crypto: x86/ghash - fix unaligned access in ghash_setkey() wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() wilc1000: let wilc_mac_xmit() return NETDEV_TX_OK wifi: ipw2200: fix memory leak in ipw_wdev_init() wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() ipw2x00: switch from 'pci_' to 'dma_' API wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() rtlwifi: fix -Wpointer-sign warning wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() wifi: libertas: fix memory leak in lbs_init_adapter() wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave() net/wireless: Delete unnecessary checks before the macro call “dev_kfree_skb” wifi: rsi: Fix memory leak in rsi_coex_attach() block: bio-integrity: Copy flags when bio_integrity_payload is cloned sched/rt: pick_next_rt_entity(): check list_entry sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() s390/dasd: Fix potential memleak in dasd_eckd_init() s390/dasd: Prepare for additional path event handling blk-mq: correct stale comment of .get_budget blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx block: Limit number of items taken from the I/O scheduler in one go Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is idle" arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node ARM: dts: imx7s: correct iomuxc gpr mux controller cells arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name arm64: dts: amlogic: meson-gx: add missing unit address to rng node name arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name ARM: imx: Call ida_simple_remove() for ida_simple_get ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() arm64: dts: meson: remove CPU opps below 1GHz for G12A boards arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name arm64: dts: meson-gx: Fix Ethernet MAC address unit name ARM: zynq: Fix refcount leak in zynq_early_slcr_init arm64: dts: qcom: qcs404: use symbol names for PCIe resets ARM: OMAP2+: Fix memory leak in realtime_counter_init() HID: asus: use spinlock to safely schedule workers HID: asus: use spinlock to protect concurrent accesses HID: asus: Remove check for same LED brightness on set Linux 5.4.234 USB: core: Don't hold device lock while reading the "descriptors" sysfs file USB: serial: option: add support for VW/Skoda "Carstick LTE" dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size vc_screen: don't clobber return value in vcs_read net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state HID: core: Fix deadloop in hid_apply_multiplier. neigh: make sure used and confirmed times are valid IB/hfi1: Assign npages earlier btrfs: send: limit number of clones and allocated memory size ACPI: NFIT: fix a potential deadlock during NFIT teardown ARM: dts: rockchip: add power-domains property to dp node on rk3288 arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc Conflicts: Documentation/devicetree/bindings/rtc/allwinner,sun6i-a31-rtc.yaml Documentation/devicetree/bindings~HEAD arch/arm/mm/dma-mapping.c drivers/clk/qcom/gcc-qcs404.c drivers/iommu/dma-iommu.c drivers/mtd/ubi/wl.c kernel/dma/direct.c Change-Id: I804ccb5552f305c49ec17b323c6c933cc99e6d39 |
||
Pablo Neira Ayuso
|
7c788393d4 |
netfilter: nftables: add nft_parse_register_store() and use it
[ 345023b0db315648ccc3c1a36aee88304a8b4d91 ]
This new function combines the netlink register attribute parser
and the store validation function.
This update requires to replace:
enum nft_registers dreg:8;
in many of the expression private areas otherwise compiler complains
with:
error: cannot take address of bit-field ‘dreg’
when passing the register field as reference.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Eric Dumazet
|
4188c52694 |
net: add vlan_get_protocol_and_depth() helper
[ Upstream commit 4063384ef762cc5946fc7a3f89879e76c6ec51e2 ]
Before blamed commit, pskb_may_pull() was used instead
of skb_header_pointer() in __vlan_get_protocol() and friends.
Few callers depended on skb->head being populated with MAC header,
syzbot caught one of them (skb_mac_gso_segment())
Add vlan_get_protocol_and_depth() to make the intent clearer
and use it where sensible.
This is a more generic fix than commit e9d3f80935b6
("net/af_packet: make sure to pull mac header") which was
dealing with a similar issue.
kernel BUG at include/linux/skbuff.h:2655 !
invalid opcode: 0000 [#1] SMP KASAN
CPU: 0 PID: 1441 Comm: syz-executor199 Not tainted 6.1.24-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:__skb_pull include/linux/skbuff.h:2655 [inline]
RIP: 0010:skb_mac_gso_segment+0x68f/0x6a0 net/core/gro.c:136
Code: fd 48 8b 5c 24 10 44 89 6b 70 48 c7 c7 c0 ae 0d 86 44 89 e6 e8 a1 91 d0 00 48 c7 c7 00 af 0d 86 48 89 de 31 d2 e8 d1 4a e9 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41
RSP: 0018:ffffc90001bd7520 EFLAGS: 00010286
RAX: ffffffff8469736a RBX: ffff88810f31dac0 RCX: ffff888115a18b00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90001bd75e8 R08: ffffffff84697183 R09: fffff5200037adf9
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000012
R13: 000000000000fee5 R14: 0000000000005865 R15: 000000000000fed7
FS: 000055555633f300(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 0000000116fea000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
[<ffffffff847018dd>] __skb_gso_segment+0x32d/0x4c0 net/core/dev.c:3419
[<ffffffff8470398a>] skb_gso_segment include/linux/netdevice.h:4819 [inline]
[<ffffffff8470398a>] validate_xmit_skb+0x3aa/0xee0 net/core/dev.c:3725
[<ffffffff84707042>] __dev_queue_xmit+0x1332/0x3300 net/core/dev.c:4313
[<ffffffff851a9ec7>] dev_queue_xmit+0x17/0x20 include/linux/netdevice.h:3029
[<ffffffff851b4a82>] packet_snd net/packet/af_packet.c:3111 [inline]
[<ffffffff851b4a82>] packet_sendmsg+0x49d2/0x6470 net/packet/af_packet.c:3142
[<ffffffff84669a12>] sock_sendmsg_nosec net/socket.c:716 [inline]
[<ffffffff84669a12>] sock_sendmsg net/socket.c:736 [inline]
[<ffffffff84669a12>] __sys_sendto+0x472/0x5f0 net/socket.c:2139
[<ffffffff84669c75>] __do_sys_sendto net/socket.c:2151 [inline]
[<ffffffff84669c75>] __se_sys_sendto net/socket.c:2147 [inline]
[<ffffffff84669c75>] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147
[<ffffffff8551d40f>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
[<ffffffff8551d40f>] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80
[<ffffffff85600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Fixes: 469aceddfa3e ("vlan: consolidate VLAN parsing code and limit max parsing depth")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Toke Høiland-Jørgensen <toke@redhat.com>
Cc: Willem de Bruijn <willemb@google.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Florian Westphal
|
36f098e1e4 |
netfilter: br_netfilter: fix recent physdev match breakage
[ Upstream commit 94623f579ce338b5fa61b5acaa5beb8aa657fb9e ]
Recent attempt to ensure PREROUTING hook is executed again when a
decrypted ipsec packet received on a bridge passes through the network
stack a second time broke the physdev match in INPUT hook.
We can't discard the nf_bridge info strct from sabotage_in hook, as
this is needed by the physdev match.
Keep the struct around and handle this with another conditional instead.
Fixes: 2b272bb558f1 ("netfilter: br_netfilter: disable sabotage_in hook after first suppression")
Reported-and-tested-by: Farid BENAMROUCHE <fariouche@yahoo.fr>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Michael Bestas
|
f4b76e8165
|
Merge tag 'ASB-2023-04-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-04-01 CVE-2022-4696 CVE-2023-20941 * tag 'ASB-2023-04-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' UPSTREAM: hid: bigben_probe(): validate report count UPSTREAM: HID: bigben: use spinlock to safely schedule workers BACKPORT: of: base: Skip CPU nodes with "fail"/"fail-..." status UPSTREAM: HID: bigben_worker() remove unneeded check on report_field UPSTREAM: HID: bigben: use spinlock to protect concurrent accesses UPSTREAM: hwrng: virtio - add an internal buffer UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems UPSTREAM: ext4: refuse to create ea block when umounted UPSTREAM: ext4: optimize ea_inode block expansion UPSTREAM: ext4: allocate extended attribute value in vmalloc area BACKPORT: FROMGIT: cgroup: Use separate src/dst nodes when preloading css_sets for migration Revert "iommu: Add gfp parameter to iommu_ops::map" Revert "iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map()" Revert "RDMA/usnic: use iommu_map_atomic() under spin_lock()" Linux 5.4.233 bpf: add missing header file include Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" ext4: Fix function prototype mismatch for ext4_feat_ktype wifi: mwifiex: Add missing compatible string for SD8787 uaccess: Add speculation barrier to copy_from_user() mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh drm/i915/gvt: fix double free bug in split_2MB_gtt_entry alarmtimer: Prevent starvation by small intervals and SIG_IGN powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception random: always mix cycle counter in add_latent_entropy() powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G wifi: rtl8xxxu: gen2: Turn on the rate control drm/etnaviv: don't truncate physical page address drm: etnaviv: fix common struct sg_table related issues scatterlist: add generic wrappers for iterating over sgtable objects dma-mapping: add generic helpers for mapping sgtable objects Linux 5.4.232 iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map() net: sched: sch: Fix off by one in htb_activate_prios() ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak nilfs2: fix underflow in second superblock position calculations kvm: initialize all of the kvm_debugregs structure before sending it to userspace i40e: Add checking for null for nlmsg_find_attr() ipv6: Fix tcp socket connection with DSCP. ipv6: Fix datagram socket connection with DSCP. ixgbe: add double of VLAN header when computing the max MTU net: mpls: fix stale pointer if allocation fails during device rename net: stmmac: Restrict warning on disabling DMA store and fwd mode bnxt_en: Fix mqprio and XDP ring checking logic net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list net: bgmac: fix BCM5358 support by setting correct flags i40e: add double of VLAN header when computing the max MTU ixgbe: allow to increase MTU to 3K with XDP enabled revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" net: Fix unwanted sign extension in netdev_stats_to_stats64() Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." hugetlb: check for undefined shift on 32 bit architectures sched/psi: Fix use-after-free in ep_remove_wait_queue() ALSA: hda/realtek - fixed wrong gpio assigned ALSA: hda/conexant: add a new hda codec SN6180 mmc: mmc_spi: fix error handling in mmc_spi_probe() mmc: sdio: fix possible resource leaks in some error paths ipv4: Fix incorrect route flushing when source address is deleted Revert "ipv4: Fix incorrect route flushing when source address is deleted" xfs: sync lazy sb accounting on quiesce of read-only mounts xfs: prevent UAF in xfs_log_item_in_current_chkpt xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks xfs: ensure inobt record walks always make forward progress xfs: fix missing CoW blocks writeback conversion retry xfs: only relog deferred intent items if free space in the log gets low xfs: expose the log push threshold xfs: periodically relog deferred intent items xfs: change the order in which child and parent defer ops are finished xfs: fix an incore inode UAF in xfs_bui_recover xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering xfs: clean up bmap intent item recovery checking xfs: xfs_defer_capture should absorb remaining transaction reservation xfs: xfs_defer_capture should absorb remaining block reservations xfs: proper replay of deferred ops queued during log recovery xfs: fix finobt btree block recovery ordering xfs: log new intent items created as part of finishing recovered intent items xfs: refactor xfs_defer_finish_noroll xfs: turn dfp_intent into a xfs_log_item xfs: merge the ->diff_items defer op into ->create_intent xfs: merge the ->log_item defer op into ->create_intent xfs: factor out a xfs_defer_create_intent helper xfs: remove the xfs_inode_log_item_t typedef xfs: remove the xfs_efd_log_item_t typedef xfs: remove the xfs_efi_log_item_t typedef netfilter: nft_tproxy: restrict to prerouting hook btrfs: free device in btrfs_close_devices for a single device filesystem aio: fix mremap after fork null-deref nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association s390/decompressor: specify __decompress() buf len to avoid overflow net: sched: sch: Bounds check priority net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC net/rose: Fix to not accept on connected socket tools/virtio: fix the vringh test for virtio ring changes ASoC: cs42l56: fix DT probe selftests/bpf: Verify copy_register_state() preserves parent/live fields migrate: hugetlb: check for hugetlb shared PMD in node migration bpf: Always return target ifindex in bpf_fib_lookup nvme-pci: Move enumeration by class to be last in the table arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte ceph: flush cap releases when the session is flushed usb: typec: altmodes/displayport: Fix probe pin assign check usb: core: add quirk for Alcor Link AK9563 smartcard reader net: USB: Fix wrong-direction WARNING in plusb.c pinctrl: intel: Restore the pins that used to be in Direct IRQ mode pinctrl: single: fix potential NULL dereference pinctrl: aspeed: Fix confusing types in return value ALSA: pci: lx6464es: fix a debug loop selftests: forwarding: lib: quote the sysctl values rds: rds_rm_zerocopy_callback() use list_first_entry() ice: Do not use WQ_MEM_RECLAIM flag for workqueue ionic: clean interrupt before enabling queue to avoid credit race net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY bonding: fix error checking in bond_debug_reregister() xfrm: fix bug with DSCP copy to v6 from v4 tunnel RDMA/usnic: use iommu_map_atomic() under spin_lock() iommu: Add gfp parameter to iommu_ops::map IB/IPoIB: Fix legacy IPoIB due to wrong number of queues IB/hfi1: Restore allocated resources on failed copyout can: j1939: do not wait 250 ms if the same addr was already claimed tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() btrfs: zlib: zero-initialize zlib workspace btrfs: limit device extents to the device size iio:adc:twl6030: Enable measurement of VAC wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads f2fs: fix to do sanity check on i_extra_isize in is_alive() fbdev: smscufx: fix error handling code in ufx_usb_probe powerpc/imc-pmu: Revert nest_init_lock to being a mutex serial: 8250_dma: Fix DMA Rx rearm race serial: 8250_dma: Fix DMA Rx completion race xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() mm: swap: properly update readahead statistics in unuse_pte_range() nvmem: core: fix cell removal on error Squashfs: fix handling and sanity checking of xattr_ids count mm/swapfile: add cond_resched() in get_swap_pages() fpga: stratix10-soc: Fix return value check in s10_ops_write_init() mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps riscv: disable generation of unwind tables parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case parisc: Fix return code of pdc_iodc_print() iio:adc:twl6030: Enable measurements of VUSB, VBAT and others iio: adc: berlin2-adc: Add missing of_node_put() in error path iio: hid: fix the retval in accel_3d_capture_sample efi: Accept version 2 of memory attributes table watchdog: diag288_wdt: fix __diag288() inline assembly watchdog: diag288_wdt: do not use stack buffers for hardware data fbcon: Check font dimension limits Input: i8042 - add Clevo PCX0DX to i8042 quirk table Input: i8042 - add TUXEDO devices to i8042 quirk tables Input: i8042 - merge quirk tables Input: i8042 - move __initconst to fix code styling warning vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait usb: dwc3: qcom: enable vbus override when in OTG dr-mode usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API iio: adc: stm32-dfsdm: fill module aliases net/x25: Fix to not accept on connected socket i2c: rk3x: fix a bunch of kernel-doc warnings scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress scsi: target: core: Fix warning on RT kernels efi: fix potential NULL deref in efi_mem_reserve_persistent net: openvswitch: fix flow memory leak in ovs_flow_cmd_new virtio-net: Keep stop() to follow mirror sequence of open() selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning ata: libata: Fix sata_down_spd_limit() when no link speed is reported can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate net: phy: meson-gxl: Add generic dummy stubs for MMD register access squashfs: harden sanity check in squashfs_read_xattr_id_table netfilter: br_netfilter: disable sabotage_in hook after first suppression netrom: Fix use-after-free caused by accept on already connected socket fix "direction" argument of iov_iter_kvec() fix iov_iter_bvec() "direction" argument WRITE is "data source", not destination... scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region Linux 5.4.231 Revert "xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()" usb: host: xhci-plat: add wakeup entry at sysfs Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt ipv6: ensure sane device mtu in tunnels exit: Use READ_ONCE() for all oops/warn limit reads docs: Fix path paste-o for /sys/kernel/warn_count panic: Expose "warn_count" to sysfs panic: Introduce warn_limit panic: Consolidate open-coded panic_on_warn checks exit: Allow oops_limit to be disabled exit: Expose "oops_count" to sysfs exit: Put an upper limit on how often we can oops ia64: make IA64_MCA_RECOVERY bool instead of tristate csky: Fix function name in csky_alignment() and die() h8300: Fix build errors from do_exit() to make_task_dead() transition hexagon: Fix function name in die() objtool: Add a missing comma to avoid string concatenation exit: Add and use make_task_dead. mm: kasan: do not panic if both panic_on_warn and kasan_multishot set panic: unset panic_on_warn inside panic() sysctl: add a new register_sysctl_init() interface dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init blk-cgroup: fix missing pd_online_fn() while activating policy bpf: Skip task with pid=1 in send_signal_common() ARM: dts: imx: Fix pca9547 i2c-mux node name x86/asm: Fix an assembler warning with current binutils clk: Fix pointer casting to prevent oops in devm_clk_release() perf/x86/amd: fix potential integer overflow on shift of a int netfilter: conntrack: unify established states for SCTP paths x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL block: fix and cleanup bio_check_ro nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" net: mdio-mux-meson-g12a: force internal PHY off on mux switch net: xgene: Move shared header file into include/linux net/phy/mdio-i2c: Move header file to include/linux/mdio net/tg3: resolve deadlock in tg3_reset_task() during EEH thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() net: ravb: Fix possible hang if RIS2_QFF1 happen sctp: fail if no bound addresses can be used for a given scope net/sched: sch_taprio: do not schedule in taprio_reset() netrom: Fix use-after-free of a listening socket. netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE ipv4: prevent potential spectre v1 gadget in fib_metrics_match() ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() netlink: annotate data races around sk_state netlink: annotate data races around dst_portid and dst_group netlink: annotate data races around nlk->portid netfilter: nft_set_rbtree: skip elements in transaction from garbage collection net: fix UaF in netns ops registration error path netlink: prevent potential spectre v1 gadgets EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info EDAC/device: Respect any driver-supplied workqueue polling value ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment thermal: intel: int340x: Protect trip temperature from concurrent updates KVM: x86/vmx: Do not skip segment attributes if unusable bit is set cifs: Fix oops due to uncleared server->smbd_conn in reconnect ftrace/scripts: Update the instructions for ftrace-bisect.sh trace_events_hist: add check for return value of 'create_hist_field' tracing: Make sure trace_printk() can output as soon as it can be used module: Don't wait for GOING modules scsi: hpsa: Fix allocation size for scsi_host_alloc() Bluetooth: hci_sync: cancel cmd_timer if hci_open failed Revert "Revert "xhci: Set HCD flag to defer primary roothub registration"" fs: reiserfs: remove useless new_opts in reiserfs_remount netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci lockref: stop doing cpu_relax in the cmpxchg loop platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id KVM: s390: interrupt: use READ_ONCE() before cmpxchg() spi: spidev: remove debug messages that access spidev->spi without locking ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC cpufreq: armada-37xx: stop using 0 as NULL pointer s390/debug: add _ASM_S390_ prefix to header guard drm: Add orientation quirk for Lenovo ideapad D330-10IGL ASoC: fsl_micfil: Correct the number of steps on SX controls cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist tcp: fix rate_app_limited to default to 1 net: dsa: microchip: ksz9477: port map correction in ALU table entry register driver core: Fix test_async_probe_init saves device in wrong array w1: fix WARNING after calling w1_process() w1: fix deadloop in __w1_remove_master_device() tcp: avoid the lookup process failing to get sk in ehash table dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling dmaengine: xilinx_dma: use devm_platform_ioremap_resource() HID: betop: check shape of output reports net: macb: fix PTP TX timestamp failure due to packet padding dmaengine: Fix double increment of client_count in dma_chan_get() drm/panfrost: fix GENERIC_ATOMIC64 dependency net: mlx5: eliminate anonymous module_init & module_exit usb: gadget: f_fs: Ensure ep0req is dequeued before free_request usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait HID: revert CHERRY_MOUSE_000C quirk net: stmmac: fix invalid call to mdiobus_get_phy() HID: check empty report_list in bigben_probe() HID: check empty report_list in hid_validate_values() net: mdio: validate parameter addr in mdiobus_get_phy() net: usb: sr9700: Handle negative len l2tp: Don't sleep and disable BH under writer-side sk_callback_lock l2tp: Serialize access to sk_user_data with sk_callback_lock net: fix a concurrency bug in l2tp_tunnel_register() net/sched: sch_taprio: fix possible use-after-free wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs net: nfc: Fix use-after-free in local_cleanup() phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation amd-xgbe: Delay AN timeout during KR training amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent affs: initialize fsdata in affs_truncate() IB/hfi1: Fix expected receive setup error exit issues IB/hfi1: Reserve user expected TIDs IB/hfi1: Reject a zero-length user expected buffer RDMA/core: Fix ib block iterator counter overflow tomoyo: fix broken dependency on *.conf.default EDAC/highbank: Fix memory leak in highbank_mc_probe() HID: intel_ish-hid: Add check for ishtp_dma_tx_map ARM: imx: add missing of_node_put() ARM: imx35: Retrieve the IIM base address from devicetree ARM: imx31: Retrieve the IIM base address from devicetree ARM: imx27: Retrieve the SYSCTRL base address from devicetree ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() clk: Provide new devm_clk helpers for prepared and enabled clocks clk: generalize devm_clk_get() a bit Linux 5.4.230 mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix drm/amd/display: Fix set scaling doesn's work drm/i915: re-disable RC6p on Sandy Bridge gsmi: fix null-deref in gsmi_get_variable serial: atmel: fix incorrect baudrate setup dmaengine: tegra210-adma: fix global intr clear serial: pch_uart: Pass correct sg to dma_unmap_sg() dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() usb: gadget: g_webcam: Send color matching descriptor per frame usb: typec: altmodes/displayport: Fix pin assignment calculation usb: typec: altmodes/displayport: Add pin assignment helper usb: host: ehci-fsl: Fix module alias USB: serial: cp210x: add SCALANCE LPE-9000 device id USB: gadgetfs: Fix race between mounting and unmounting cifs: do not include page data when checking signature btrfs: fix race between quota rescan and disable leading to NULL pointer deref mmc: sunxi-mmc: Fix clock refcount imbalance during unbind comedi: adv_pci1760: Fix PWM instruction handling usb: core: hub: disable autosuspend for TI TUSB8041 misc: fastrpc: Fix use-after-free race condition for maps misc: fastrpc: Don't remove map on creater_process and device_release USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 USB: serial: option: add Quectel EM05CN modem USB: serial: option: add Quectel EM05CN (SG) modem USB: serial: option: add Quectel EC200U modem USB: serial: option: add Quectel EM05-G (RS) modem USB: serial: option: add Quectel EM05-G (CS) modem USB: serial: option: add Quectel EM05-G (GR) modem prlimit: do_prlimit needs to have a speculation check xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables usb: acpi: add helper to check port lpm capability using acpi _DSM xhci: Add a flag to disable USB3 lpm on a xhci root port level. xhci: Add update_hub_device override for PCI xHCI hosts xhci: Fix null pointer dereference when host dies usb: xhci: Check endpoint is valid before dereferencing it xhci-pci: set the dma max_seg_size ALSA: hda/realtek - Turn on power early drm/i915/gt: Reset twice efi: fix userspace infinite retry read efivars after EFI runtime services page fault nilfs2: fix general protection fault in nilfs_btree_insert() Add exception protection processing for vd in axi_chan_handle_err function wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices f2fs: let's avoid panic if extent_tree is not created RDMA/srp: Move large values to a new enum for gcc13 net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID pNFS/filelayout: Fix coalescing test for single DS Revert "net: add atomic_long_t to net_device_stats fields" Revert "PM/devfreq: governor: Add a private governor_data for governor" Linux 5.4.229 tipc: call tipc_lxc_xmit without holding node_read_lock ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown tipc: Add a missing case of TIPC_DIRECT_MSG type tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started tipc: fix use-after-free in tipc_disc_rcv() Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" mm: Always release pages to the buddy allocator in memblock_free_late(). efi: fix NULL-deref in init error path arm64: cmpxchg_double*: hazard against entire exchange variable arm64: atomics: remove LL/SC trampolines arm64: atomics: format whitespace consistently drm/virtio: Fix GEM handle creation UAF x86/resctrl: Fix task CLOSID/RMID update race x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() iommu/mediatek-v1: Add error handle for mtk_iommu_probe net/mlx5: Fix ptp max frequency adjustment range net/mlx5: Rename ptp clock info net/sched: act_mpls: Fix warning during failed attribute validation nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() hvc/xen: lock console list traversal tipc: fix unexpected link reset due to discovery messages tipc: eliminate checking netns if node established tipc: improve throughput between nodes in netns regulator: da9211: Use irq handler when ready EDAC/device: Fix period calculation in edac_device_reset_delay_period() x86/boot: Avoid using Intel mnemonics in AT&T syntax asm powerpc/imc-pmu: Fix use of mutex in IRQs disabled section netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. ext4: fix uninititialized value in 'ext4_evict_inode' ext4: fix use-after-free in ext4_orphan_cleanup ext4: lost matching-pair of trace in ext4_truncate ext4: fix bug_on in __es_tree_search caused by bad quota inode quota: Factor out setup of quota inode jbd2: use the correct print format usb: ulpi: defer ulpi_register on ulpi_read_id timeout wifi: wilc1000: sdio: fix module autoloading ipv6: raw: Deduct extension header length in rawv6_push_pending_frames ixgbe: fix pci device refcount leak platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe drm/msm/adreno: Make adreno quirks not overwrite each other cifs: Fix uninitialized memory read for smb311 posix symlink create ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF net/ulp: prevent ULP without clone op from entering the LISTEN status s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() s390/kexec: fix ipl report address for kdump perf auxtrace: Fix address filter duplicate symbol selection docs: Fix the docs build with Sphinx 6.0 efi: tpm: Avoid READ_ONCE() for accessing the event log KVM: arm64: Fix S1PTW handling on RO memslots net: sched: disallow noqueue for qdisc classes driver core: Fix bus_type.match() error handling in __driver_attach() selftests: set the BUILD variable to absolute path selftests: Fix kselftest O=objdir build from cluttering top level objdir parisc: Align parisc MADV_XXX constants with all other architectures mbcache: Avoid nesting of cache->c_list_lock under bit locks hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling hfs/hfsplus: use WARN_ON for sanity check ext4: don't allow journal inode to have encrypt flag riscv: uaccess: fix type of 0 variable on error in get_user() nfsd: fix handling of readdir in v4root vs. mount upcall timeout x86/bugs: Flush IBP in ib_prctl_set() ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet udf: Fix extension of the last extent in the file caif: fix memory leak in cfctrl_linkup_request() drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() usb: rndis_host: Secure rndis_query check against int overflow drivers/net/bonding/bond_3ad: return when there's no aggregator perf tools: Fix resources leak in perf_data__open_dir() net: sched: cbq: dont intepret cls results when asked to drop net: sched: atm: dont intepret cls results when asked to drop RDMA/mlx5: Fix validation of max_rd_atomic caps for DC RDMA/uverbs: Silence shiftTooManyBitsSigned warning net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe net: amd-xgbe: add missed tasklet_kill vhost: fix range used in translate_desc() nfc: Fix potential resource leaks qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure net: sched: fix memory leak in tcindex_set_parms net: hns3: add interrupts re-initialization while doing VF FLR nfsd: shut down the NFSv4 state objects before the filecache bpf: pull before calling skb_postpull_rcsum() SUNRPC: ensure the matching upcall is in-flight upon downcall ext4: fix deadlock due to mbcache entry corruption mbcache: automatically delete entries from cache on freeing ext4: fix race when reusing xattr blocks ext4: unindent codeblock in ext4_xattr_block_set() ext4: remove EA inode entry from mbcache on inode eviction mbcache: add functions to delete entry if unused mbcache: don't reclaim used entries ext4: use kmemdup() to replace kmalloc + memcpy fs: ext4: initialize fsdata in pagecache_write() ext4: use memcpy_to_page() in pagecache_write() mm/highmem: Lift memcpy_[to|from]_page to core ext4: correct inconsistent error msg in nojournal mode ext4: goto right label 'failed_mount3a' ravb: Fix "failed to switch device to config mode" message during unbind KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING KVM: VMX: Rename NMI_PENDING to NMI_WINDOW KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers KVM: x86: optimize more exit handlers in vmx.c perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor dm thin: resume even if in FAIL mode media: s5p-mfc: Fix in register read and write for H264 media: s5p-mfc: Clear workbit to handle error condition media: s5p-mfc: Fix to handle reference queue during finishing PM/devfreq: governor: Add a private governor_data for governor btrfs: replace strncpy() with strscpy() ext4: allocate extended attribute value in vmalloc area ext4: avoid unaccounted block allocation when expanding inode ext4: initialize quota before expanding inode in setproject ioctl ext4: fix inode leak in ext4_xattr_inode_create() on an error path ext4: avoid BUG_ON when creating xattrs ext4: fix error code return to user-space in ext4_get_branch() ext4: fix corruption when online resizing a 1K bigalloc fs ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline ext4: init quota for 'old.inode' in 'ext4_rename' ext4: fix bug_on in __es_tree_search caused by bad boot loader inode ext4: fix reserved cluster accounting in __es_remove_extent() ext4: add helper to check quota inums ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode ext4: fix undefined behavior in bit shift for ext4_check_flag_values ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop drm/vmwgfx: Validate the box size for the snooped cursor drm/connector: send hotplug uevent on connector cleanup device_cgroup: Roll back to original exceptions after copy failure parisc: led: Fix potential null-ptr-deref in start_task() iommu/amd: Fix ivrs_acpihid cmdline parsing code crypto: n2 - add missing hash statesize PCI/sysfs: Fix double free in error path PCI: Fix pci_device_is_present() for VFs by checking PF ipmi: fix use after free in _ipmi_destroy_user() ima: Fix a potential NULL pointer access in ima_restore_measurement_list mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() ipmi: fix long wait in unload when IPMI disconnect efi: Add iMac Pro 2017 to uefi skip cert quirk md/bitmap: Fix bitmap chunk size overflow issues cifs: fix missing display of three mount options cifs: fix confusing debug message media: dvb-core: Fix UAF due to refcount races at releasing media: dvb-core: Fix double free in dvb_register_device() ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line tracing/hist: Fix wrong return value in parse_action_params() x86/microcode/intel: Do not retry microcode reloading on the APs tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' dm cache: set needs_check flag after aborting metadata dm cache: Fix UAF in destroy() dm clone: Fix UAF in clone_dtr() dm integrity: Fix UAF in dm_integrity_dtr() dm thin: Fix UAF in run_timer_softirq() dm thin: Use last transaction's pmd->root when commit failed dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort binfmt: Fix error return code in load_elf_fdpic_binary() binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf cpufreq: Init completion before kobject_init_and_add() selftests: Use optional USERCFLAGS and USERLDFLAGS arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength ARM: ux500: do not directly dereference __iomem btrfs: fix resolving backrefs for inline extent followed by prealloc mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K ktest.pl minconfig: Unset configs instead of just removing them kest.pl: Fix grub2 menu handling for rebooting soc: qcom: Select REMAP_MMIO for LLCC driver media: stv0288: use explicitly signed char net/af_packet: make sure to pull mac header net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING f2fs: should put a page when checking the summary info mm, compaction: fix fast_isolate_around() to stay within boundaries md: fix a crash in mempool_free pnode: terminate at peers of source ALSA: line6: fix stack overflow in line6_midi_transmit ALSA: line6: correct midi status byte when receiving data from podxt ovl: Use ovl mounter's fsuid and fsgid in ovl_link() hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount HID: plantronics: Additional PIDs for double volume key presses quirk HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint powerpc/rtas: avoid scheduling in rtas_os_term() powerpc/rtas: avoid device tree lookups in rtas_os_term() objtool: Fix SEGFAULT nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition nvme: resync include/linux/nvme.h with nvmecli ata: ahci: Fix PCS quirk application for suspend nvme-pci: fix doorbell buffer value endianness cifs: fix oops during encryption media: dvbdev: fix refcnt bug media: dvbdev: fix build warning due to comments gcov: add support for checksum field regulator: core: fix deadlock on regulator enable iio: adc128s052: add proper .data members in adc128_of_match table iio: adc: ad_sigma_delta: do not use internal iio_dev lock reiserfs: Add missing calls to reiserfs_security_free() HID: wacom: Ensure bootloader PID is usable in hidraw mode usb: dwc3: core: defer probe on ulpi_read_id timeout ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion ASoC: rt5670: Remove unbalanced pm_runtime_put() ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() ASoC: wm8994: Fix potential deadlock ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() ASoC: Intel: Skylake: Fix driver hang during shutdown ALSA: hda: add snd_hdac_stop_streams() helper ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() clk: st: Fix memory leak in st_of_quadfs_setup() media: si470x: Fix use-after-free in si470x_int_in_callback() mmc: f-sdh30: Add quirks for broken timeout clock capability regulator: core: fix use_count leakage when handling boot-on blk-mq: fix possible memleak when register 'hctx' failed media: dvb-usb: fix memory leak in dvb_usb_adapter_init() media: dvbdev: adopts refcnt to avoid UAF media: dvb-frontends: fix leak of memory fw bpf: Prevent decl_tag from being referenced in func_proto arg ppp: associate skb with a device at tx mrp: introduce active flags to prevent UAF when applicant uninit net: add atomic_long_t to net_device_stats fields md/raid1: stop mdx_raid1 thread when raid1 array run failed drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() drm/sti: Use drm_mode_copy() drm/rockchip: Use drm_mode_copy() s390/lcs: Fix return type of lcs_start_xmit() s390/netiucv: Fix return type of netiucv_tx() s390/ctcm: Fix return type of ctc{mp,}m_tx() igb: Do not free q_vector unless new one was allocated wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() hamradio: baycom_epp: Fix return type of baycom_send_packet() net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() bpf: make sure skb->len != 0 when redirecting to a tunneling device ipmi: fix memleak when unload ipmi driver ASoC: codecs: rt298: Add quirk for KBL-R RVP platform wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out wifi: ath9k: verify the expected usb_endpoints are present brcmfmac: return error when getting invalid max_flowrings from dongle drm/etnaviv: add missing quirks for GC300 hfs: fix OOB Read in __hfs_brec_find acct: fix potential integer overflow in encode_comp_t() nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() ACPICA: Fix error code path in acpi_ds_call_control_method() fs: jfs: fix shift-out-of-bounds in dbDiscardAG udf: Avoid double brelse() in udf_rename() fs: jfs: fix shift-out-of-bounds in dbAllocAG binfmt_misc: fix shift-out-of-bounds in check_special_flags rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() net: stream: purge sk_error_queue in sk_stream_kill_queues() myri10ge: Fix an error handling path in myri10ge_probe() rxrpc: Fix missing unlock in rxrpc_do_sendmsg() net_sched: reject TCF_EM_SIMPLE case for complex ematch module mailbox: zynq-ipi: fix error handling while device_register() fails skbuff: Account for tail adjustment during pull operations openvswitch: Fix flow lookup to use unmasked key rtc: mxc_v2: Add missing clk_disable_unprepare() r6040: Fix kmemleak in probe and remove nfc: pn533: Clear nfc_target before being used mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure NFSD: Add tracepoints to NFSD's duplicate reply cache nfsd: Define the file access mode enum for tracing rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() pwm: sifive: Call pwm_sifive_update_clock() while mutex is held selftests/powerpc: Fix resource leaks powerpc/hv-gpci: Fix hv_gpci event list powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() powerpc/perf: callchain validate kernel stack pointer bounds powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() cxl: Fix refcount leak in cxl_calc_capp_routing powerpc/52xx: Fix a resource leak in an error handling path macintosh/macio-adb: check the return value of ioremap() macintosh: fix possible memory leak in macio_add_one_device() iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() iommu/amd: Fix pci device refcount leak in ppr_notifier() rtc: pcf85063: Fix reading alarm rtc: snvs: Allow a time difference on clock register read include/uapi/linux/swab: Fix potentially missing __always_inline RDMA/siw: Fix pointer cast warning power: supply: fix null pointer dereferencing in power_supply_get_battery_info HSI: omap_ssi_core: Fix error handling in ssi_init() perf symbol: correction while adjusting symbol perf trace: Handle failure when trace point folder is missed perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number perf trace: Add a strtoul() method to 'struct syscall_arg_fmt' perf trace: Allow associating scnprintf routines with well known arg names perf trace: Add the syscall_arg_fmt pointer to syscall_arg perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts variable perf trace: Return error if a system call doesn't exist power: supply: fix residue sysfs file in error handle route of __power_supply_register() HSI: omap_ssi_core: fix possible memory leak in ssi_probe() HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() fbdev: vermilion: decrease reference count in error path fbdev: via: Fix error in via_core_init() fbdev: pm2fb: fix missing pci_disable_device() fbdev: ssd1307fb: Drop optional dependency samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() tracing/hist: Fix issue of losting command info in error_log usb: storage: Add check for kcalloc i2c: ismt: Fix an out-of-bounds bug in ismt_access() vme: Fix error not catched in fake_init() staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() staging: rtl8192u: Fix use after free in ieee80211_rx() i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe chardev: fix error handling in cdev_device_add() mcb: mcb-parse: fix error handing in chameleon_parse_gdd() drivers: mcb: fix resource leak in mcb_probe() usb: gadget: f_hid: fix refcount leak on error path usb: gadget: f_hid: fix f_hidg lifetime vs cdev usb: gadget: f_hid: optional SETUP/SET_REPORT mode usb: roles: fix of node refcount leak in usb_role_switch_is_parent() counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() misc: ocxl: fix possible name leak in ocxl_file_register_afu() test_firmware: fix memory leak in test_firmware_init() serial: sunsab: Fix error handling in sunsab_init() serial: altera_uart: fix locking in polling mode tty: serial: altera_uart_{r,t}x_chars() need only uart_port tty: serial: clean up stop-tx part in altera_uart_tx_chars() serial: pch: Fix PCI device refcount leak in pch_request_dma() serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle. serial: amba-pl011: avoid SBSA UART accessing DMACR register usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() usb: typec: Check for ops->exit instead of ops->enter in altmode_exit staging: vme_user: Fix possible UAF in tsi148_dma_list_add usb: fotg210-udc: Fix ages old endianness issues uio: uio_dmem_genirq: Fix deadlock between irq config and handling uio: uio_dmem_genirq: Fix missing unlock in irq configuration vfio: platform: Do not pass return buffer to ACPI _RST method class: fix possible memory leak in __class_register() serial: tegra: Read DMA status before terminating tty: serial: tegra: Activate RX DMA transfer by request drivers: dio: fix possible memory leak in dio_init() IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces hwrng: geode - Fix PCI device refcount leak hwrng: amd - Fix PCI device refcount leak crypto: img-hash - Fix variable dereferenced before check 'hdev->req' orangefs: Fix sysfs not cleanup when dev init failed RDMA/hfi1: Fix error return code in parse_platform_config() crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() f2fs: avoid victim selection from previous victim section RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() scsi: snic: Fix possible UAF in snic_tgt_create() scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails scsi: ipr: Fix WARNING in ipr_init() scsi: fcoe: Fix possible name leak when device_register() fails scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() scsi: hpsa: Fix error handling in hpsa_add_sas_host() scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() crypto: tcrypt - Fix multibuffer skcipher speed test mem leak scsi: hpsa: Fix possible memory leak in hpsa_init_one() RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed crypto: ccree - Make cc_debugfs_global_fini() available for module init function RDMA/hfi: Decrease PCI device reference count in error path PCI: Check for alloc failure in pci_request_irq() crypto: ccree - Remove debugfs when platform_driver_register failed crypto: ccree - swap SHA384 and SHA512 larval hashes at build time scsi: scsi_debug: Fix a warning in resp_write_scat() RDMA/siw: Set defined status for work completion with undefined status RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port RDMA/siw: Fix immediate work request flush to completion queue f2fs: fix normal discard process RDMA/core: Fix order of nldev_exit call apparmor: Use pointer to struct aa_label for lbs_cred apparmor: Fix abi check to include v8 abi apparmor: fix lockdep warning when removing a namespace apparmor: fix a memleak in multi_transaction_new() stmmac: fix potential division by 0 Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() ntb_netdev: Use dev_kfree_skb_any() in interrupt context net: lan9303: Fix read error execution path can: tcan4x5x: Remove invalid write in clear_interrupts net: amd-xgbe: Check only the minimum speed for active/passive cables net: amd-xgbe: Fix logic around active and passive cables net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() net/tunnel: wait until all sk_user_data reader finish before releasing the sock net: farsync: Fix kmemleak when rmmods farsync ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload() net: defxx: Fix missing err handling in dfx_init() net: vmw_vsock: vmci: Check memcpy_from_msg() clk: socfpga: Fix memory leak in socfpga_gate_init() clk: socfpga: use clk_hw_register for a5/c5 clk: socfpga: clk-pll: Remove unused variable 'rc' blktrace: Fix output non-blktrace event when blk_classic option enabled wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode clk: samsung: Fix memory leak in _samsung_clk_register_pll() media: coda: Add check for kmalloc media: coda: Add check for dcoda_iram_alloc media: c8sectpfe: Add of_node_put() when breaking out of loop mmc: mmci: fix return value check of mmc_add_host() mmc: wbsd: fix return value check of mmc_add_host() mmc: via-sdmmc: fix return value check of mmc_add_host() mmc: meson-gx: fix return value check of mmc_add_host() mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc: atmel-mci: fix return value check of mmc_add_host() mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc: vub300: fix return value check of mmc_add_host() mmc: toshsd: fix return value check of mmc_add_host() mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc: pxamci: fix return value check of mmc_add_host() mmc: mxcmmc: fix return value check of mmc_add_host() mmc: moxart: fix return value check of mmc_add_host() mmc: alcor: fix return value check of mmc_add_host() NFSv4.x: Fail client initialisation if state manager thread can't run SUNRPC: Fix missing release socket in rpc_sockname() xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt media: saa7164: fix missing pci_disable_device() bpf, sockmap: fix race in sock_map_free() regulator: core: fix resource leak in regulator_register() configfs: fix possible memory leak in configfs_create_dir() hsr: Avoid double remove of a node. clk: qcom: clk-krait: fix wrong div2 functions regulator: core: fix module refcount leak in set_supply() wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE bonding: uninitialized variable in bond_miimon_inspect() bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data netfilter: conntrack: set icmpv6 redirects as RELATED ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() ASoC: mediatek: mt8173: Enable IRQ when pdata is ready wifi: iwlwifi: mvm: fix double free on tx path. ALSA: asihpi: fix missing pci_disable_device() NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn NFSv4.2: Fix initialisation of struct nfs4_label NFSv4.2: Fix a memory stomp in decode_attr_security_label NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd ASoC: dt-bindings: wcd9335: fix reset line polarity in example drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() media: dvb-core: Fix ignored return value in dvb_register_frontend() pinctrl: pinconf-generic: add missing of_node_put() clk: imx: replace osc_hdmi with dummy clk: imx8mn: correct the usb1_ctrl parent to be usb_bus media: imon: fix a race condition in send_packet() mtd: maps: pxa2xx-flash: fix memory leak in probe bonding: fix link recovery in mode 2 when updelay is nonzero bonding: Rename slave_arr to usable_slaves bonding: Export skip slave logic to function clk: rockchip: Fix memory leak in rockchip_clk_register_pll() regulator: core: use kfree_const() to free space conditionally ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT HID: hid-sensor-custom: set fixed size for custom attributes bpf: Move skb->len == 0 checks into __bpf_redirect media: videobuf-dma-contig: use dma_mmap_coherent media: platform: exynos4-is: Fix error handling in fimc_md_init() media: solo6x10: fix possible memory leak in solo_sysfs_init() Input: elants_i2c - properly handle the reset GPIO when power is off mtd: lpddr2_nvm: Fix possible null-ptr-deref wifi: ath10k: Fix return value in ath10k_pci_init() ima: Fix misuse of dereference of pointer in template_desc_init_fields() integrity: Fix memory leakage in keyring allocation error path amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() ASoC: pxa: fix null-pointer dereference in filter() drm/mediatek: Modify dpi power on/off sequence. drm/radeon: Add the missed acpi_put_table() to fix memory leak rxrpc: Fix ack.bufferSize to be 0 when generating an ack net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write() media: camss: Clean up received buffers on failed start of streaming wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port mtd: Fix device name leak when register device failed in add_mtd_device() bpf: propagate precision in ALU/ALU64 operations media: vivid: fix compose size exceed boundary ima: Handle -ESTALE returned by ima_filter_rule_match() ima: Fix fall-through warnings for Clang ima: Rename internal filter rule functions drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure spi: Update reference to struct spi_controller clk: renesas: r9a06g032: Repair grave increment error can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming can: kvaser_usb: Add struct kvaser_usb_busparams can: kvaser_usb_leaf: Fix bogus restart events can: kvaser_usb_leaf: Fix wrong CAN state after stopping can: kvaser_usb_leaf: Fix improved state not being reported can: kvaser_usb_leaf: Set Warning state even without bus errors can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device can: kvaser_usb: do not increase tx statistics when sending error message frames media: i2c: ad5820: Fix error path pata_ipx4xx_cf: Fix unsigned comparison with less than zero wifi: rtl8xxxu: Fix reading the vendor of combo chips wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() rapidio: devices: fix missing put_device in mport_cdev_open hfs: Fix OOB Write in hfs_asc2mac relay: fix type mismatch when allocating memory in relay_create_buf() eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD rapidio: fix possible UAF when kfifo_alloc() fails fs: sysv: Fix sysv_nblocks() returns wrong value MIPS: OCTEON: warn only once if deprecated link status is being used MIPS: BCM63xx: Add check for NULL for clk in clk_enable platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() PM: runtime: Do not call __rpm_callback() from rpm_idle() PM: runtime: Improve path in rpm_idle() when no callback xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() x86/xen: Fix memory leak in xen_init_lock_cpu() x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() xen/events: only register debug interrupt for 2-level events uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled rapidio: rio: fix possible name leak in rio_register_mport() rapidio: fix possible name leaks when rio_add_device() fails ocfs2: fix memory leak in ocfs2_mount_volume() ocfs2: rewrite error handling of ocfs2_fill_super ocfs2: ocfs2_mount_volume does cleanup job before return error debugfs: fix error when writing negative value to atomic_t debugfs file docs: fault-injection: fix non-working usage of negative values lib/notifier-error-inject: fix error when writing -errno to debugfs file libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() genirq/irqdesc: Don't try to remove non-existing sysfs files nfsd: don't call nfsd_file_put from client states seqfile display EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper() irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() PNP: fix name memory leak in pnp_alloc_dev() selftests/efivarfs: Add checking of the test return value MIPS: vpe-cmp: fix possible memory leak while module exiting MIPS: vpe-mt: fix possible memory leak while module exiting ocfs2: fix memory leak in ocfs2_stack_glue_init() lib/fonts: fix undefined behavior in bit shift for get_default_font proc: fixup uptime selftest timerqueue: Use rb_entry_safe() in timerqueue_getnext() perf: Fix possible memleak in pmu_dev_alloc() selftests/ftrace: event_triggers: wait longer for test_event_enable fs: don't audit the capability check in simple_xattr_list() PM: hibernate: Fix mistake in kerneldoc comment alpha: fix syscall entry in !AUDUT_SYSCALL case cpuidle: dt: Return the correct numbers of parsed idle states tpm/tpm_crb: Fix error message in __crb_relinquish_locality() pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP ARM: mmp: fix timer_read delay pstore/ram: Fix error return code in ramoops_probe() arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC ARM: dts: turris-omnia: Add switch port 6 node ARM: dts: turris-omnia: Add ethernet aliases ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name arm64: dts: mt2712-evb: Fix usb vbus regulators unit names arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names arm64: dts: mt2712e: Fix unit address for pinctrl node arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync arm: dts: spear600: Fix clcd interrupt drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias ARM: dts: qcom: apq8064: fix coresight compatible usb: musb: remove extra check in musb_gadget_vbus_draw net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Bluetooth: L2CAP: Fix u8 overflow HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E HID: ite: Add support for Acer S1002 keyboard-dock xen-netback: move removal of "hotplug-status" to the right place igb: Initialize mailbox message for VF reset USB: serial: f81534: fix division by zero on line-speed change USB: serial: f81232: fix division by zero on line-speed change USB: serial: cp210x: add Kamstrup RF sniffer PIDs USB: serial: option: add Quectel EM05-G modem usb: gadget: uvc: Prevent buffer overflow in setup handler udf: Fix extending file within last block udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size udf: Fix preallocation discarding at indirect extent boundary udf: Discard preallocation before extending file with a hole tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS ANDROID: Add more hvc devices for virtio-console. Revert "can: af_can: fix NULL pointer dereference in can_rcv_filter" ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark" Linux 5.4.228 ASoC: ops: Correct bounds check for second channel on SX controls can: mcba_usb: Fix termination command argument can: sja1000: fix size of OCR_MODE_MASK define pinctrl: meditatek: Startup with the IRQs disabled ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() nfp: fix use-after-free in area_cache_get() block: unhash blkdev part inode when the part is deleted mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page x86/smpboot: Move rcu_cpu_starting() earlier net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head Linux 5.4.227 can: esd_usb: Allow REC and TEC to return to zero net: mvneta: Fix an out of bounds check ipv6: avoid use-after-free in ip6_fragment() net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() xen/netback: fix build warning ethernet: aeroflex: fix potential skb leak in greth_init_rings() ipv4: Fix incorrect route flushing when table ID 0 is used ipv4: Fix incorrect route flushing when source address is deleted tipc: Fix potential OOB in tipc_link_proto_rcv() net: hisilicon: Fix potential use-after-free in hix5hd2_rx() net: hisilicon: Fix potential use-after-free in hisi_femac_rx() net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq net: stmmac: fix "snps,axi-config" node property parsing nvme initialize core quirks before calling nvme_init_subsystem NFC: nci: Bounds check struct nfc_target arrays i40e: Disallow ip4 and ip6 l4_4_bytes i40e: Fix for VF MAC address 0 i40e: Fix not setting default xps_cpus after reset net: mvneta: Prevent out of bounds read in mvneta_config_rss() xen-netfront: Fix NULL sring after live migration net: encx24j600: Fix invalid logic in reading of MISTAT register net: encx24j600: Add parentheses to fix precedence mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload net: dsa: ksz: Check return value Bluetooth: Fix not cleanup led when bt_init fails Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() af_unix: Get user_ns from in_skb in unix_diag_get_exact(). igb: Allocate MSI-X vector when testing e1000e: Fix TX dispatch condition gpio: amd8111: Fix PCI device reference count leak drm/bridge: ti-sn65dsi86: Fix output polarity setting bug ca8210: Fix crash by zero initializing data ieee802154: cc2520: Fix error return code in cc2520_hw_init() can: af_can: fix NULL pointer dereference in can_rcv_filter HID: core: fix shift-out-of-bounds in hid_report_raw_event HID: hid-lg4ff: Add check for empty lbuf HID: usbhid: Add ALWAYS_POLL quirk for some mice drm/shmem-helper: Remove errant put in error path KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field mm/gup: fix gup_pud_range() for dax memcg: fix possible use-after-free in memcg_write_event_control() media: v4l2-dv-timings.c: fix too strict blanking sanity checks Revert "net: dsa: b53: Fix valid setting for MDB entries" xen/netback: don't call kfree_skb() with interrupts disabled xen/netback: do some code cleanup xen/netback: Ensure protocol headers don't fall in the non-linear area mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths mm/khugepaged: fix GUP-fast interaction by sending IPI mm/khugepaged: take the right locks for page table retraction net: usb: qmi_wwan: add u-blox 0x1342 composition 9p/xen: check logical size for buffer size fbcon: Use kzalloc() in fbcon_prepare_logo() regulator: twl6030: fix get status of twl6032 regulators ASoC: soc-pcm: Add NULL check in BE reparenting btrfs: send: avoid unaligned encoded writes when attempting to clone range ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event regulator: slg51000: Wait after asserting CS pin 9p/fd: Use P9_HDRSZ for header size ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name ARM: dts: rockchip: fix ir-receiver node names arm: dts: rockchip: fix node name for hym8563 rtc arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series Conflicts: Documentation/devicetree/bindings/phy/amlogic,meson-g12a-usb3-pcie-phy.yaml arch/arm64/boot/dts/vendor/bindings/phy/amlogic,g12a-usb3-pcie-phy.yaml arch/arm64/boot/dts/vendor/bindings/phy/amlogic,meson-g12a-usb3-pcie-phy.yaml arch/arm64/include/asm/atomic_ll_sc.h drivers/edac/qcom_edac.c drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c drivers/net/ethernet/stmicro/stmmac/stmmac_main.c drivers/usb/gadget/function/f_fs.c drivers/usb/host/xhci-plat.c sound/soc/soc-pcm.c Change-Id: I4e8cffcac6c78ecf1a16d24ee01551747552fdf2 |
||
|
Florian Westphal
|
dffe83a198 |
netfilter: br_netfilter: disable sabotage_in hook after first suppression
[ Upstream commit 2b272bb558f1d3a5aa95ed8a82253786fd1a48ba ]
When using a xfrm interface in a bridged setup (the outgoing device is
bridged), the incoming packets in the xfrm interface are only tracked
in the outgoing direction.
$ brctl show
bridge name interfaces
br_eth1 eth1
$ conntrack -L
tcp 115 SYN_SENT src=192... dst=192... [UNREPLIED] ...
If br_netfilter is enabled, the first (encrypted) packet is received onR
eth1, conntrack hooks are called from br_netfilter emulation which
allocates nf_bridge info for this skb.
If the packet is for local machine, skb gets passed up the ip stack.
The skb passes through ip prerouting a second time. br_netfilter
ip_sabotage_in supresses the re-invocation of the hooks.
After this, skb gets decrypted in xfrm layer and appears in
network stack a second time (after decryption).
Then, ip_sabotage_in is called again and suppresses netfilter
hook invocation, even though the bridge layer never called them
for the plaintext incarnation of the packet.
Free the bridge info after the first suppression to avoid this.
I was unable to figure out where the regression comes from, as far as i
can see br_netfilter always had this problem; i did not expect that skb
is looped again with different headers.
Fixes:
|
||
|
Michael Bestas
|
635c74d37d
|
Merge tag 'ASB-2022-12-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2022-12-01 CVE-2022-23960 * tag 'ASB-2022-12-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: bpf: Ensure correct locking around vulnerable function find_vpid() UPSTREAM: HID: roccat: Fix use-after-free in roccat_read() ANDROID: arm64: mm: perform clean & invalidation in __dma_map_area UPSTREAM: mmc: hsq: Fix data stomping during mmc recovery UPSTREAM: pinctrl: sunxi: Fix name for A100 R_PIO BACKPORT: mmc: core: Fix UHS-I SD 1.8V workaround branch UPSTREAM: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression UPSTREAM: wifi: mac80211_hwsim: set virtio device ready in probe() BACKPORT: f2fs: don't use casefolded comparison for "." and ".." UPSTREAM: Revert "mm/cma.c: remove redundant cma_mutex lock" UPSTREAM: usb: dwc3: Try usb-role-switch first in dwc3_drd_init BACKPORT: usb: typec: ucsi: Fix reuse of completion structure BACKPORT: tipc: fix incorrect order of state message data sanity check UPSTREAM: net: fix up skbs delta_truesize in UDP GRO frag_list UPSTREAM: cgroup-v1: Correct privileges check in release_agent writes UPSTREAM: mm: don't try to NUMA-migrate COW pages that have other uses UPSTREAM: usb: raw-gadget: fix handling of dual-direction-capable endpoints UPSTREAM: selinux: check return value of sel_make_avc_files UPSTREAM: usb: musb: select GENERIC_PHY instead of depending on it BACKPORT: driver core: Fix error return code in really_probe() UPSTREAM: fscrypt: fix derivation of SipHash keys on big endian CPUs BACKPORT: fscrypt: rename FS_KEY_DERIVATION_NONCE_SIZE UPSTREAM: socionext: account for napi_gro_receive never returning GRO_DROP UPSTREAM: net: socionext: netsec: fix xdp stats accounting BACKPORT: fs: align IOCB_* flags with RWF_* flags UPSTREAM: efi: capsule-loader: Fix use-after-free in efi_capsule_write BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro UPSTREAM: drm/meson: Fix overflow implicit truncation warnings UPSTREAM: irqchip/tegra: Fix overflow implicit truncation warnings UPSTREAM: video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write ANDROID: GKI: db845c: Update symbols list and ABI Linux 5.4.219 wifi: mac80211: fix MBSSID parsing use-after-free wifi: mac80211: don't parse mbssid in assoc response mac80211: mlme: find auth challenge directly Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Linux 5.4.218 Input: xpad - fix wireless 360 controller breaking after suspend Input: xpad - add supported devices as contributed on github wifi: cfg80211: update hidden BSSes to avoid WARN_ON wifi: mac80211_hwsim: avoid mac80211 warning on bad rate wifi: cfg80211: avoid nontransmitted BSS list corruption wifi: cfg80211: fix BSS refcounting bugs wifi: cfg80211: ensure length byte is present before access wifi: cfg80211/mac80211: reject bad MBSSID elements wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() random: use expired timer rather than wq for mixing fast pool random: avoid reading two cache lines on irq randomness random: restore O_NONBLOCK support USB: serial: qcserial: add new usb-id for Dell branded EM7455 scsi: stex: Properly zero out the passthrough command structure efi: Correct Macmini DMI match in uefi cert quirk ALSA: hda: Fix position reporting on Poulsbo random: clamp credited irq bits to maximum mixed ceph: don't truncate file in atomic_open nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() rpmsg: qcom: glink: replace strncpy() with strscpy_pad() mmc: core: Terminate infinite loop in SD-UHS voltage switch mmc: core: Replace with already defined values for readability USB: serial: ftdi_sio: fix 300 bps rate for SIO usb: mon: make mmapped memory read only arch: um: Mark the stack non-executable to fix a binutils warning um: Cleanup compiler warning in arch/x86/um/tls_32.c um: Cleanup syscall_handler_t cast in syscalls_32.h net/ieee802154: fix uninit value bug in dgram_sendmsg scsi: qedf: Fix a UAF bug in __qedf_probe() ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property firmware: arm_scmi: Add SCMI PM driver remove routine fs: fix UAF/GPF bug in nilfs_mdt_destroy perf tools: Fixup get_current_dir_name() compilation mm: pagewalk: Fix race between unmap and page walker Linux 5.4.217 docs: update mediator information in CoC docs Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 Revert "drm/amdgpu: use dirty framebuffer helper" xfs: remove unused variable 'done' xfs: fix uninitialized variable in xfs_attr3_leaf_inactive xfs: streamline xfs_attr3_leaf_inactive xfs: move incore structures out of xfs_da_format.h xfs: fix memory corruption during remote attr value buffer invalidation xfs: refactor remote attr value buffer invalidation xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read xfs: fix s_maxbytes computation on 32-bit kernels xfs: truncate should remove all blocks, not just to the end of the page cache xfs: introduce XFS_MAX_FILEOFF xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag x86/speculation: Add RSB VM Exit protections x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current x86/speculation: Disable RRSBA behavior x86/bugs: Add Cannon lake to RETBleed affected CPU list x86/cpu/amd: Enumerate BTC_NO x86/common: Stamp out the stepping madness x86/speculation: Fill RSB on vmexit for IBRS KVM: VMX: Fix IBRS handling after vmexit KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS KVM: VMX: Convert launched argument to flags KVM: VMX: Flatten __vmx_vcpu_run() KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S x86/speculation: Remove x86_spec_ctrl_mask x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit x86/speculation: Fix SPEC_CTRL write on SMT state change x86/speculation: Fix firmware entry SPEC_CTRL handling x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n x86/speculation: Change FILL_RETURN_BUFFER to work with objtool intel_idle: Disable IBRS during long idle x86/bugs: Report Intel retbleed vulnerability x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS x86/bugs: Optimize SPEC_CTRL MSR writes x86/entry: Add kernel IBRS implementation x86/entry: Remove skip_r11rcx x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value x86/bugs: Add AMD retbleed= boot parameter x86/bugs: Report AMD retbleed vulnerability x86/cpufeatures: Move RETPOLINE flags to word 11 x86/kvm/vmx: Make noinstr clean x86/cpu: Add a steppings field to struct x86_cpu_id x86/cpu: Add consistent CPU match macros x86/devicetable: Move x86 specific macro out of generic code Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" Revert "x86/speculation: Add RSB VM Exit protections" Linux 5.4.216 clk: iproc: Do not rely on node name for correct PLL setup clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks selftests: Fix the if conditions of in test_extra_filter() nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices nvme: add new line after variable declatation usbnet: Fix memory leak in usbnet_disconnect() Input: melfas_mip4 - fix return value check in mip4_probe() Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" soc: sunxi: sram: Fix debugfs info for A64 SRAM C soc: sunxi: sram: Fix probe function ordering issues soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() soc: sunxi: sram: Prevent the driver from being unbound soc: sunxi: sram: Actually claim SRAM regions ARM: dts: am33xx: Fix MMCHS0 dma properties ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver media: dvb_vb2: fix possible out of bound access mm: fix madivse_pageout mishandling on non-LRU page mm/migrate_device.c: flush TLB while holding PTL mm: prevent page_frag_alloc() from corrupting the memory mm/page_alloc: fix race condition between build_all_zonelists and page allocation mmc: moxart: fix 4-bit bus width and remove 8-bit bus width libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 Revert "net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()" ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() ARM: dts: integrator: Tag PCI host with device_type clk: ingenic-tcu: Properly enable registers before accessing timers net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 uas: ignore UAS for Thinkplus chips usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS uas: add no-uas quirk for Hiksemi usb_disk Linux 5.4.215 ext4: make directory inode spreading reflect flexbg size xfs: fix use-after-free when aborting corrupt attr inactivation xfs: fix an ABBA deadlock in xfs_rename xfs: don't commit sunit/swidth updates to disk if that would cause repair failures xfs: split the sunit parameter update into two parts xfs: refactor agfl length computation function xfs: use bitops interface for buf log item AIL flag check xfs: stabilize insert range start boundary to avoid COW writeback race xfs: fix some memory leaks in log recovery xfs: always log corruption errors xfs: constify the buffer pointer arguments to error functions xfs: convert EIO to EFSCORRUPTED when log contents are invalid xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() xfs: attach dquots and reserve quota blocks during unwritten conversion xfs: range check ri_cnt when recovering log items xfs: add missing assert in xfs_fsmap_owner_from_rmap xfs: slightly tweak an assert in xfs_fs_map_blocks xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 workqueue: don't skip lockdep work dependency in cancel_work_sync() drm/rockchip: Fix return type of cdn_dp_connector_mode_valid drm/amd/display: Limit user regamma to a valid value drm/amdgpu: use dirty framebuffer helper Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region cifs: always initialize struct msghdr smb_msg completely usb: xhci-mtk: fix issue of out-of-bounds array access s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting serial: Create uart_xmit_advance() net: sched: fix possible refcount leak in tc_new_tfilter() net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD perf kcore_copy: Do not check /proc/modules is unchanged perf jit: Include program header in ELF files can: gs_usb: gs_can_open(): fix race dev->can.state condition netfilter: ebtables: fix memory leak when blob is malformed net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs net/sched: taprio: avoid disabling offload when it was never enabled of: mdio: Add of_node_put() when breaking out of for_each_xx i40e: Fix set max_tx_rate when it is lower than 1 Mbps i40e: Fix VF set max MTU size iavf: Fix set max MTU size with port VLAN and jumbo frames iavf: Fix bad page state MIPS: Loongson32: Fix PHY-mode being left unspecified MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko net: team: Unsync device addresses on ndo_stop ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header iavf: Fix cached head and tail value for iavf_get_tx_pending netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() netfilter: nf_conntrack_irc: Tighten matching on DCC message netfilter: nf_conntrack_sip: fix ct_sip_walk_headers arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob mm/slub: fix to return errno if kmalloc() fails efi: libstub: check Shim mode using MokSBStateRT ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop ALSA: hda/realtek: Add quirk for ASUS GA503R laptop ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack ALSA: hda/realtek: Re-arrange quirk table entries ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 ALSA: hda: add Intel 5 Series / 3400 PCI DID ALSA: hda/tegra: set depop delay for tegra USB: serial: option: add Quectel RM520N USB: serial: option: add Quectel BG95 0x0203 composition USB: core: Fix RST error in hub.c Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" Revert "usb: add quirks for Lenovo OneLink+ Dock" usb: cdns3: fix issue with rearming ISO OUT endpoint usb: gadget: udc-xilinx: replace memcpy with memcpy_toio usb: add quirks for Lenovo OneLink+ Dock tty: serial: atmel: Preserve previous USART mode if RS485 disabled serial: atmel: remove redundant assignment in rs485_config tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data wifi: mac80211: Fix UAF in ieee80211_scan_rx() usb: xhci-mtk: relax TT periodic bandwidth allocation usb: xhci-mtk: allow multiple Start-Split in a microframe usb: xhci-mtk: add some schedule error number usb: xhci-mtk: add a function to (un)load bandwidth info usb: xhci-mtk: use @sch_tt to check whether need do TT schedule usb: xhci-mtk: add only one extra CS for FS/LS INTR usb: xhci-mtk: get the microframe boundary for ESIT usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() usb: dwc3: gadget: Refactor pullup() usb: dwc3: gadget: Prevent repeat pullup() usb: dwc3: Issue core soft reset before enabling run/stop usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind ALSA: hda/sigmatel: Fix unused variable warning for beep power change cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write mksysmap: Fix the mismatch of 'L0' symbols in System.map MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked net: usb: qmi_wwan: add Quectel RM520N ALSA: hda/tegra: Align BDL entry to 4KB boundary ALSA: hda/sigmatel: Keep power up while beep is enabled rxrpc: Fix calc of resend age rxrpc: Fix local destruction being repeated regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() ASoC: nau8824: Fix semaphore unbalance at error paths iomap: iomap that extends beyond EOF should be marked dirty MAINTAINERS: add Chandan as xfs maintainer for 5.4.y cifs: don't send down the destination address to sendmsg for a SOCK_STREAM cifs: revalidate mapping when doing direct writes tracing: hold caller_addr to hardirq_{enable,disable}_ip task_stack, x86/cea: Force-inline stack helpers ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() drm/meson: Fix OSD1 RGB to YCbCr coefficient drm/meson: Correct OSD1 global alpha value gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 of: fdt: fix off-by-one error in unflatten_dt_nodes() Revert "USB: core: Prevent nested device-reset calls" Revert "io_uring: disable polling pollfree files" Revert "netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y" Revert "sched/deadline: Fix priority inheritance with multiple scheduling classes" Revert "kernel/sched: Remove dl_boosted flag comment" Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Linux 5.4.214 tracefs: Only clobber mode/uid/gid on remount if asked soc: fsl: select FSL_GUTS driver for DPIO net: dp83822: disable rx error interrupt mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes perf/arm_pmu_platform: fix tests for platform_get_irq() failure nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() Input: iforce - add support for Boeder Force Feedback Wheel ieee802154: cc2520: add rc code in cc2520_tx() tg3: Disable tg3 device on system reboot to avoid triggering AER hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo drm/msm/rd: Fix FIFO-full deadlock Linux 5.4.213 MIPS: loongson32: ls1c: Fix hang during startup x86/nospec: Fix i386 RSB stuffing sch_sfb: Also store skb len before calling child enqueue tcp: fix early ETIMEDOUT after spurious non-SACK RTO nvme-tcp: fix UAF when detecting digest errors RDMA/mlx5: Set local port to one when accessing counters ipv6: sr: fix out-of-bounds read when setting HMAC data. RDMA/siw: Pass a pointer to virt_to_page() i40e: Fix kernel crash during module removal tipc: fix shift wrapping bug in map_get() sch_sfb: Don't assume the skb is still around after enqueueing to child afs: Use the operation issue time instead of the reply time for callbacks rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() netfilter: nf_conntrack_irc: Fix forged IP logic netfilter: br_netfilter: Drop dst references before setting. RDMA/hns: Fix supported page size soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs RDMA/cma: Fix arguments order in net device validation regulator: core: Clean up on enable failure ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node smb3: missing inode locks in punch hole cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree cgroup: Optimize single thread migration scsi: lpfc: Add missing destroy_workqueue() in error path scsi: mpt3sas: Fix use-after-free warning nvmet: fix a use-after-free debugfs: add debugfs_lookup_and_remove() kprobes: Prohibit probes in gate area ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() drm/radeon: add a force flush to delay work when radeon drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. drm/gem: Fix GEM handle release errors scsi: megaraid_sas: Fix double kfree() USB: serial: ch341: fix disabled rx timer on older devices USB: serial: ch341: fix lost character on LCR updates usb: dwc3: disable USB core PHY management usb: dwc3: fix PHY disable sequence btrfs: harden identification of a stale device drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk ALSA: seq: Fix data-race at module auto-loading ALSA: seq: oss: Fix data-race for max_midi_devs access net: mac802154: Fix a condition in the receive path ip: fix triggering of 'icmp redirect' wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected driver core: Don't probe devices after bus_type.match() probe deferral usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS USB: core: Prevent nested device-reset calls s390: fix nospec table alignments s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages usb-storage: Add ignore-residue quirk for NXP PN7462AU USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb: dwc2: fix wrong order of phy_power_on and phy_init usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for OPPO R11 diag port USB: serial: cp210x: add Decagon UCA device id xhci: Add grace period after xHC start to prevent premature runtime suspend. thunderbolt: Use the actual buffer in tb_async_error() gpio: pca953x: Add mutex_lock for regcache sync in PM hwmon: (gpio-fan) Fix array out of bounds access clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate Input: rk805-pwrkey - fix module autoloading clk: core: Fix runtime PM sequence in clk_core_unprepare() Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup binder: fix UAF of ref->proc caused by race condition USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id misc: fastrpc: fix memory corruption on open misc: fastrpc: fix memory corruption on probe iio: adc: mcp3911: use correct formula for AD conversion Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete vt: Clear selection before changing the font powerpc: align syscall table for ppc32 staging: rtl8712: fix use after free bugs serial: fsl_lpuart: RS485 RTS polariy is inverse net/smc: Remove redundant refcount increase Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" tcp: annotate data-race around challenge_timestamp sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb kcm: fix strp_init() order and cleanup ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler net: sched: tbf: don't call qdisc_put() while holding tree lock Revert "xhci: turn off port power in shutdown" wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() ieee802154/adf7242: defer destroy_workqueue call iio: adc: mcp3911: make use of the sign bit platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg drm/msm/dsi: fix the inconsistent indenting net: dp83822: disable false carrier interrupt Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" fs: only do a memory barrier for the first set_buffer_uptodate() net: mvpp2: debugfs: fix memory leak when using debugfs_lookup() wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() efi: capsule-loader: Fix use-after-free in efi_capsule_write Linux 5.4.212 net: neigh: don't call kfree_skb() under spin_lock_irqsave() net/af_packet: check len when min_header_len equals to 0 io_uring: disable polling pollfree files kprobes: don't call disarm_kprobe() for disabled kprobes lib/vdso: Mark do_hres() and do_coarse() as __always_inline lib/vdso: Let do_coarse() return 0 to simplify the callsite btrfs: tree-checker: check for overlapping extent items netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y drm/amd/display: Fix pixel clock programming s390/hypfs: avoid error message under KVM neigh: fix possible DoS due to net iface start/stop loop drm/amd/display: clear optc underflow before turn off odm clock drm/amd/display: Avoid MPC infinite loop btrfs: unify lookup return value when dir entry is missing btrfs: do not pin logs too early during renames btrfs: introduce btrfs_lookup_match_dir mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse bpf: Don't redirect packets with invalid pkt_len ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead fbdev: fb_pm2fb: Avoid potential divide by zero error HID: hidraw: fix memory leak in hidraw_release() media: pvrusb2: fix memory leak in pvr_probe udmabuf: Set the DMA mask for the udmabuf device (v2) HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Bluetooth: L2CAP: Fix build errors in some archs kbuild: Fix include path in scripts/Makefile.modpost x86/bugs: Add "unknown" reporting for MMIO Stale Data s390/mm: do not trigger write fault when vma does not allow VM_WRITE mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU md: call __md_stop_writes in md_stop mm/hugetlb: fix hugetlb not supporting softdirty tracking ACPI: processor: Remove freq Qos request for all CPUs s390: fix double free of GS and RI CBs on fork() failure asm-generic: sections: refactor memory_intersects loop: Check for overflow while configuring loop x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry btrfs: check if root is readonly while setting security xattr btrfs: add info when mount fails due to stale replace target btrfs: replace: drop assert for suspended replace btrfs: fix silent failure when deleting root reference ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter net: Fix a data-race around sysctl_somaxconn. net: Fix a data-race around netdev_budget_usecs. net: Fix a data-race around netdev_budget. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_tstamp_allow_data. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around netdev_tstamp_prequeue. net: Fix data-races around weight_p and dev_weight_[rt]x_bias. netfilter: nft_tunnel: restrict it to netdev family netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nft_payload: report ERANGE for too long offset and length bnxt_en: fix NQ resource accounting during vf creation on 57500 chips netfilter: ebtables: reject blobs that don't provide all entry points net: ipvtap - add __init/__exit annotations to module init/exit funcs bonding: 802.3ad: fix no transmission of LACPDUs net: moxa: get rid of asymmetry in DMA mapping/unmapping net/mlx5e: Properly disable vlan strip on non-UL reps rose: check NULL rose_loopback_neigh->loopback SUNRPC: RPC level errors should set task->tk_rpc_status af_key: Do not call xfrm_probe_algs in parallel xfrm: fix refcount leak in __xfrm_policy_check() kernel/sched: Remove dl_boosted flag comment sched/deadline: Fix priority inheritance with multiple scheduling classes sched/deadline: Fix stale throttling on de-/boosted tasks sched/deadline: Unthrottle PI boosted threads while enqueuing pinctrl: amd: Don't save/restore interrupt status and wake status bits Revert "selftests/bpf: Fix test_align verifier log patterns" Revert "selftests/bpf: Fix "dubious pointer arithmetic" test" usb: cdns3: Fix issue for clear halt endpoint kernel/sys_ni: add compat entry for fadvise64_64 parisc: Fix exception handler for fldw and fstw instructions audit: fix potential double free on error path from fsnotify_add_inode_mark Revert "USB: HCD: Fix URB giveback issue in tasklet function" Linux 5.4.211 btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() btrfs: only write the sectors in the vertical stripe which has data stripes can: j1939: j1939_session_destroy(): fix memory leak of skbs can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() tracing/probes: Have kprobes and uprobes use $COMM too MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 video: fbdev: i740fb: Check the argument of i740_calc_vclk() powerpc/64: Init jump labels before parse_early_param() smb3: check xattr value length earlier f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() ALSA: timer: Use deferred fasync helper ALSA: core: Add async signal helpers powerpc/32: Don't always pass -mcpu=powerpc to the compiler watchdog: export lockup_detector_reconfigure RISC-V: Add fast call path of crash_kexec() riscv: mmap with PROT_WRITE but no PROT_READ is invalid mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start vfio: Clear the caps->buf to NULL after free tty: serial: Fix refcount leak bug in ucc_uart.c lib/list_debug.c: Detect uninitialized lists ext4: avoid resizing to a partial cluster size ext4: avoid remove directory when directory is corrupted drivers:md:fix a potential use-after-free bug nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed selftests/kprobe: Do not test for GRP/ without event failures um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups PCI/ACPI: Guard ARM64-specific mcfg_quirks cxl: Fix a memory leak in an error handling path gadgetfs: ep_io - wait until IRQ finishes scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input clk: qcom: ipq8074: dont disable gcc_sleep_clk_src vboxguest: Do not use devm for irq usb: renesas: Fix refcount leak bug usb: host: ohci-ppc-of: Fix refcount leak bug drm/meson: Fix overflow implicit truncation warnings irqchip/tegra: Fix overflow implicit truncation warnings usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info usb: cdns3 fix use-after-free at workaround 2 PCI: Add ACS quirk for Broadcom BCM5750x NICs drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() locking/atomic: Make test_and_*_bit() ordered on failure gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file igb: Add lock to avoid data race fec: Fix timer capture timing in `fec_ptp_enable_pps()` i40e: Fix to stop tx_timeout recovery if GLOBR fails ice: Ignore EEXIST when setting promisc mode net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry net: moxa: pass pdev instead of ndev to DMA functions net: dsa: mv88e6060: prevent crash on an unused port powerpc/pci: Fix get_phb_number() locking netfilter: nf_tables: really skip inactive sets when allocating name clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks iavf: Fix adminq error handling nios2: add force_successful_syscall_return() nios2: restarts apply only to the first sigframe we build... nios2: fix syscall restart checks nios2: traced syscall does need to check the syscall number nios2: don't leave NULLs in sys_call_table[] nios2: page fault et.al. are *not* restartable syscalls... tee: add overflow check in register_shm_helper() dpaa2-eth: trace the allocated address instead of page struct atm: idt77252: fix use-after-free bugs caused by tst_timer xen/xenbus: fix return type in xenbus_file_read() nfp: ethtool: fix the display error of `ethtool -m DEVNAME` NTB: ntb_tool: uninitialized heap data in tool_fn_write() tools build: Switch to new openssl API for test-libcrypto tools/vm/slabinfo: use alphabetic order when two values are equal dt-bindings: arm: qcom: fix MSM8916 MTP compatibles vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() vsock: Fix memory leak in vsock_connect() plip: avoid rcu debug splat geneve: do not use RT_TOS for IPv6 flowlabel ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool pinctrl: sunxi: Add I/O bias setting for H6 R-PIO pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map net: bgmac: Fix a BUG triggered by wrong bytes_compl devlink: Fix use-after-free after a failed reload SUNRPC: Reinitialise the backchannel request buffers before reuse sunrpc: fix expiry of auth creds can: mcp251x: Fix race condition on receive interrupt NFSv4/pnfs: Fix a use-after-free bug in open NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4: Fix races in the legacy idmapper upcall NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly NFSv4.1: Don't decrease the value of seq_nr_highest_sent Documentation: ACPI: EINJ: Fix obsolete example apparmor: Fix memleak in aa_simple_write_to_buffer() apparmor: fix reference count leak in aa_pivotroot() apparmor: fix overlapping attachment computation apparmor: fix aa_label_asxprint return check apparmor: Fix failed mount permission check error message apparmor: fix absroot causing audited secids to begin with = apparmor: fix quiet_denied for file rules can: ems_usb: fix clang's -Wunaligned-access warning tracing: Have filter accept "common_cpu" to be consistent btrfs: fix lost error handling when looking up extended ref on log replay mmc: pxamci: Fix an error handling path in pxamci_probe() mmc: pxamci: Fix another error handling path in pxamci_probe() ata: libata-eh: Add missing command name rds: add missing barrier to release_refill ALSA: info: Fix llseek return value when using callback net_sched: cls_route: disallow handle of 0 net/9p: Initialize the iounit field during fid creation Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" scsi: sg: Allow waiting for commands to complete on removed device tcp: fix over estimation in sk_forced_mem_schedule() KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: Add infrastructure and macro to mark VM as bugged btrfs: reject log replay if there is unsupported RO compat flag net_sched: cls_route: remove from list when handle is 0 iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails timekeeping: contribute wall clock to rng on time change ACPI: CPPC: Do not prevent CPPC from working in the future dm writecache: set a default MAX_WRITEBACK_JOBS dm thin: fix use-after-free crash in dm_sm_register_threshold_callback dm raid: fix address sanitizer warning in raid_status dm raid: fix address sanitizer warning in raid_resume intel_th: pci: Add Meteor Lake-P support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Raptor Lake-S CPU support ext4: correct the misjudgment in ext4_iget_extra_inode ext4: correct max_inline_xattr_value_size computing ext4: fix extent status tree race in writeback error recovery path ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix use-after-free in ext4_xattr_set_entry ext4: make sure ext4_append() always allocates new block ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h btrfs: reset block group chunk force if we have to wait tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification spmi: trace: fix stack-out-of-bound access in SPMI tracing functions x86/olpc: fix 'logical not is only applied to the left hand side' scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection scsi: qla2xxx: Turn off multi-queue for 8G adapters scsi: qla2xxx: Fix discovery issues in FC-AL topology scsi: zfcp: Fix missing auto port scan and thus missing target ports video: fbdev: s3fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: vt8623fb: Check the size of screen before memset_io() tools/thermal: Fix possible path truncations video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() x86/numa: Use cpumask_available instead of hardcoded NULL check scripts/faddr2line: Fix vmlinux detection on arm64 genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO powerpc/pci: Fix PHB numbering when using opal-phbid kprobes: Forbid probing on trampoline and BPF code areas perf symbol: Fail to read phdr workaround powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 video: fbdev: sis: fix typos in SiS_GetModeID() video: fbdev: amba-clcd: Fix refcount leak bugs watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() ASoC: audio-graph-card: Add of_node_put() in fail path fuse: Remove the control interface for virtio-fs ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() s390/zcore: fix race when reading from hardware system area iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop mfd: max77620: Fix refcount leak in max77620_initialise_fps mfd: t7l66xb: Drop platform disable callback kfifo: fix kfifo_to_user() return type rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge iommu/exynos: Handle failed IOMMU device registration properly tty: n_gsm: fix missing corner cases in gsmld_poll() tty: n_gsm: fix DM command tty: n_gsm: fix wrong T1 retry count handling vfio/ccw: Do not change FSM state in subchannel event remoteproc: qcom: wcnss: Fix handling of IRQs tty: n_gsm: fix race condition in gsmld_write() tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix non flow control frames during mux flow off profiling: fix shift too large makes kernel panic ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe opp: Fix error check in dev_pm_opp_attach_genpd() jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted ext4: recover csum seed of tmp_inode after migrating to extents jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() null_blk: fix ida error handling in null_add_dev() RDMA/rxe: Fix error unwind in rxe_create_qp() mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region platform/olpc: Fix uninitialized data in debugfs write USB: serial: fix tty-port initialized comments PCI: tegra194: Fix link up retry sequence PCI: tegra194: Fix Root Port interrupt handling HID: alps: Declare U1_UNICORN_LEGACY support mmc: cavium-thunderx: Add of_node_put() when breaking out of loop mmc: cavium-octeon: Add of_node_put() when breaking out of loop gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() RDMA/hfi1: fix potential memory leak in setup_base_ctxt() RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event RDMA/hns: Fix incorrect clearing of interrupt status register usb: gadget: udc: amd5536 depends on HAS_DMA scsi: smartpqi: Fix DMA direction for RAID requests mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R memstick/ms_block: Fix a memory leak memstick/ms_block: Fix some incorrect memory allocation mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback intel_th: msu: Fix vmalloced buffers intel_th: msu-sink: Potential dereference of null pointer intel_th: Fix a resource leak in an error handling path soundwire: bus_type: fix remove and shutdown support clk: qcom: camcc-sdm845: Fix topology around titan_top power domain clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks clk: qcom: ipq8074: fix NSS port frequency tables usb: host: xhci: use snprintf() in xhci_decode_trb() clk: qcom: clk-krait: unlock spin after mux completion driver core: fix potential deadlock in __driver_attach misc: rtsx: Fix an error handling path in rtsx_pci_probe() clk: mediatek: reset: Fix written reset bit offset usb: xhci: tegra: Fix error check usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe fpga: altera-pr-ip: fix unsigned comparison with less than zero mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path mtd: partitions: Fix refcount leak in parse_redboot_of mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: rawnand: meson: Fix a potential double free issue mtd: maps: Fix refcount leak in ap_flash_init mtd: maps: Fix refcount leak in of_flash_probe_versatile clk: renesas: r9a06g032: Fix UART clkgrp bitsel dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock net: rose: fix netdev reference changes netdevsim: Avoid allocation warnings triggered from user space iavf: Fix max_rate limiting crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS wifi: libertas: Fix possible refcount leak in if_usb_probe() wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` i2c: mux-gpmux: Add of_node_put() when breaking out of loop i2c: cadence: Support PEC for SMBus block read Bluetooth: hci_intel: Add check for platform_driver_register can: pch_can: pch_can_error(): initialize errc before using it can: error: specify the values of data[5..7] of CAN error frames can: usb_8dev: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: pch_can: do not report txerr and rxerr during bus-off selftests/bpf: fix a test for snprintf() overflow wifi: p54: add missing parentheses in p54_flush() wifi: p54: Fix an error handling path in p54spi_probe() wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() fs: check FMODE_LSEEK to control internal pipe splicing selftests: timers: clocksource-switch: fix passing errors from child selftests: timers: valid-adjtimex: build fix for newer toolchains libbpf: Fix the name of a reused map tcp: make retransmitted SKB fit into the send window drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq drm/msm/mdp5: Fix global state lock backoff drm: bridge: sii8620: fix possible off-by-one drm/mediatek: dpi: Only enable dpi after the bridge is enabled drm/mediatek: dpi: Remove output format of YUV drm/rockchip: Fix an error handling path rockchip_dp_probe() drm/rockchip: vop: Don't crash for invalid duplicate_state() crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE drm/vc4: dsi: Correct DSI divider calculations drm/vc4: plane: Fix margin calculations for the right/bottom edges drm/vc4: plane: Remove subpixel positioning check media: hdpvr: fix error value returns in hdpvr_read drm/mcde: Fix refcount leak in mcde_dsi_bind drm: bridge: adv7511: Add check for mipi_dsi_driver_register wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() ath9k: fix use-after-free in ath9k_hif_usb_rx_cb media: tw686x: Register the irq at the end of probe i2c: Fix a potential use after free drm: adv7511: override i2c address of cec before accessing it drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() drm/mipi-dbi: align max_chunk to 2 in spi_transfer wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() ath10k: do not enforce interrupt trigger type dm: return early from dm_pr_call() if DM device is suspended thermal/tools/tmon: Include pthread and time headers in tmon.h nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() regulator: of: Fix refcount leak bug in of_get_regulation_constraints() blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created erofs: avoid consecutive detection for Highmem memory arm64: dts: mt7622: fix BPI-R64 WPS button bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() ARM: dts: qcom: pm8841: add required thermal-sensor-cells soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register cpufreq: zynq: Fix refcount leak in zynq_get_revision ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init ARM: OMAP2+: Fix refcount leak in omapdss_init_of ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg soc: fsl: guts: machine variable might be unset ARM: dts: ast2600-evb: fix board compatible ARM: dts: ast2500-evb: fix board compatible x86/pmem: Fix platform-device leak in error path ARM: bcm: Fix refcount leak in bcm_kona_smc_init meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: findbit: fix overflowing offset spi: spi-rspi: Fix PIO fallback on RZ platforms selinux: Add boundary check in put_entry() PM: hibernate: defer device probing when resuming from hibernation ARM: shmobile: rcar-gen2: Increase refcount for new reference arm64: dts: allwinner: a64: orangepi-win: Fix LED node name arm64: dts: qcom: ipq8074: fix NAND node name ACPI: LPSS: Fix missing check in register_device_clock() ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ARM: OMAP2+: display: Fix refcount leak bug spi: synquacer: Add missing clk_disable_unprepare() ARM: dts: imx6ul: fix qspi node compatible ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: fix csi node compatible ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: add missing properties for sram wait: Fix __wait_event_hrtimeout for RT/DL tasks genirq: Don't return error on missing optional irq_request_resources() ext2: Add more validity checks for inode counts arm64: fix oops in concurrently setting insn_emulation sysctls arm64: Do not forget syscall when starting a new thread. x86: Handle idle=nomwait cmdline properly for x86_idle epoll: autoremove wakers even more aggressively netfilter: nf_tables: fix null deref due to zeroed list head netfilter: nf_tables: do not allow RULE_ID to refer to another chain netfilter: nf_tables: do not allow SET_ID to refer to another table arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC USB: HCD: Fix URB giveback issue in tasklet function coresight: Clear the connection field properly MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK powerpc/powernv: Avoid crashing if rng is NULL powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E powerpc/fsl-pci: Fix Class Code of PCIe Root Port PCI: Add defines for normal and subtractive PCI bridges ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() md-raid10: fix KASAN warning serial: mvebu-uart: uart2 error bits clearing fuse: limit nsec iio: light: isl29028: Fix the warning in isl29028_remove() drm/amdgpu: Check BO's requested pinning domains against its preferred_domains drm/nouveau: fix another off-by-one in nvbios_addr drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode parisc: Fix device names in /proc/iomem ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() usbnet: Fix linkwatch use-after-free on disconnect fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters thermal: sysfs: Fix cooling_device_stats_setup() error code path fs: Add missing umask strip in vfs_tmpfile vfs: Check the truncate maximum size in inode_newsize_ok() tty: vt: initialize unicode screen buffer ALSA: hda/realtek: Add quirk for another Asus K42JZ model ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model mm/mremap: hold the rmap lock in write mode when moving page table entries. KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case HID: wacom: Don't register pad_input for touch switch HID: wacom: Only report rotation for art pen add barriers to buffer_uptodate and set_buffer_uptodate wifi: mac80211_hwsim: use 32-bit skb cookie wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: fix race condition in pending packet igc: Remove _I_PHY_ID checking ALSA: bcd2000: Fix a UAF bug on the error path of probing scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments Makefile: link with -z noexecstack --no-warn-rwx-segments Conflicts: Documentation/devicetree/bindings/arm/qcom.yaml Documentation/devicetree/bindings~HEAD arch/x86/boot/compressed/Makefile drivers/mmc/core/sd.c drivers/rpmsg/qcom_glink_native.c drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c drivers/usb/typec/ucsi/ucsi.c net/core/dev.c net/netfilter/nf_conntrack_irc.c Change-Id: I796398110bc61fa6a8bb94f7ef41b9209683dbf7 |
||
|
Michael Bestas
|
9c70abfc5e
|
Merge tag 'ASB-2022-11-01_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2022-11-01 * tag 'ASB-2022-11-01_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: mm/mremap: hold the rmap lock in write mode when moving page table entries. FROMLIST: binder: fix UAF of alloc->vma in race with munmap() UPSTREAM: mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() UPSTREAM: mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() UPSTREAM: af_key: Do not call xfrm_probe_algs in parallel UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements UPSTREAM: wifi: cfg80211: ensure length byte is present before access UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption UPSTREAM: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON UPSTREAM: mac80211: mlme: find auth challenge directly UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO UPSTREAM: hardening: Clarify Kconfig text for auto-var-init ANDROID: GKI: Update FCNT KMI symbol list ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS BACKPORT: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report ANDROID: ABI: Update allowed list for QCOM UPSTREAM: wifi: mac80211_hwsim: use 32-bit skb cookie UPSTREAM: wifi: mac80211_hwsim: add back erroneously removed cast UPSTREAM: wifi: mac80211_hwsim: fix race condition in pending packet ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr Linux 5.4.210 x86/speculation: Add LFENCE to RSB fill sequence x86/speculation: Add RSB VM Exit protections macintosh/adb: fix oob read in do_adb_query() function media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls selftests: KVM: Handle compiler optimizations in ucall KVM: Don't null dereference ops->destroy selftests/bpf: Fix "dubious pointer arithmetic" test selftests/bpf: Fix test_align verifier log patterns bpf: Test_verifier, #70 error message updates for 32-bit right shift selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() ACPI: APEI: Better fix to avoid spamming the console with old error logs ACPI: video: Shortening quirk list by identifying Clevo by board_name only ACPI: video: Force backlight native for some TongFang devices thermal: Fix NULL pointer dereferences in of_thermal_ functions ANDROID: GKI: db845c: Update symbols list and ABI Linux 5.4.209 scsi: core: Fix race between handling STS_RESOURCE and completion mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. ARM: crypto: comment out gcc warning that breaks clang builds sctp: leave the err path free in sctp_stream_init to sctp_stream_free sfc: disable softirqs for ptp TX perf symbol: Correct address for bss symbols virtio-net: fix the race between refill work and close netfilter: nf_queue: do not allow packet truncation below transport header offset sctp: fix sleep in atomic context bug in timer handlers i40e: Fix interface init with MSI interrupts (no MSI-X) tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. Documentation: fix sctp_wmem in ip-sysctl.rst tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. tcp: Fix a data-race around sysctl_tcp_autocorking. tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. tcp: Fix a data-race around sysctl_tcp_min_tso_segs. net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() igmp: Fix data-races around sysctl_igmp_qrv. ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr net: ping6: Fix memleak in ipv6_renew_options(). tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. scsi: ufs: host: Hold reference returned by of_parse_phandle() ice: do not setup vlan for loopback VSI ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) tcp: Fix a data-race around sysctl_tcp_nometrics_save. tcp: Fix a data-race around sysctl_tcp_frto. tcp: Fix a data-race around sysctl_tcp_adv_win_scale. tcp: Fix a data-race around sysctl_tcp_app_win. tcp: Fix data-races around sysctl_tcp_dsack. s390/archrandom: prevent CPACF trng invocations in interrupt context ntfs: fix use-after-free in ntfs_ucsncmp() Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put ANDROID: restore some removed refcount functions ANDROID: add tty_schedule_flip() back to the kernel Linux 5.4.208 x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() net: usb: ax88179_178a needs FLAG_SEND_ZLP tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: drop tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drivers/tty/, stop using tty_schedule_flip() Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks Bluetooth: SCO: Fix sco_send_frame returning skb->len Bluetooth: Fix passing NULL to PTR_ERR Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg Bluetooth: Add bt_skb_sendmmsg helper Bluetooth: Add bt_skb_sendmsg helper ALSA: memalloc: Align buffer allocations in page size bitfield.h: Fix "type of reg too small for mask" test x86/mce: Deduplicate exception handling mmap locking API: initial implementation as rwsem wrappers x86/uaccess: Implement macros for CMPXCHG on user addresses x86: get rid of small constant size cases in raw_copy_{to,from}_user() locking/refcount: Consolidate implementations of refcount_t locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions locking/refcount: Move saturation warnings out of line locking/refcount: Improve performance of generic REFCOUNT_FULL code locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the <linux/refcount.h> header locking/refcount: Remove unused refcount_*_checked() variants locking/refcount: Ensure integer operands are treated as signed locking/refcount: Define constants for saturation and max refcount values ima: remove the IMA_TEMPLATE Kconfig option dlm: fix pending remove if msg allocation fails bpf: Make sure mac_header was set before using it mm/mempolicy: fix uninit-value in mpol_rebind_policy() spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers tcp: Fix data-races around sysctl_tcp_max_reordering. tcp: Fix a data-race around sysctl_tcp_rfc1337. tcp: Fix a data-race around sysctl_tcp_stdurg. tcp: Fix a data-race around sysctl_tcp_retrans_collapse. tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. tcp: Fix data-races around sysctl_tcp_recovery. tcp: Fix a data-race around sysctl_tcp_early_retrans. tcp: Fix data-races around sysctl knobs related to SYN option. udp: Fix a data-race around sysctl_udp_l3mdev_accept. ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. be2net: Fix buffer overflow in be_get_module_eeprom gpio: pca953x: only use single read/write for No AI mode ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero i40e: Fix erroneous adapter reinitialization during recovery process iavf: Fix handling of dummy receive descriptors tcp: Fix data-races around sysctl_tcp_fastopen. tcp: Fix data-races around sysctl_max_syn_backlog. tcp: Fix a data-race around sysctl_tcp_tw_reuse. tcp: Fix a data-race around sysctl_tcp_notsent_lowat. tcp: Fix data-races around some timeout sysctl knobs. tcp: Fix data-races around sysctl_tcp_reordering. tcp: Fix data-races around sysctl_tcp_syncookies. igmp: Fix a data-race around sysctl_igmp_max_memberships. igmp: Fix data-races around sysctl_igmp_llm_reports. net/tls: Fix race in TLS device down flow net: stmmac: fix dma queue left shift overflow issue i2c: cadence: Change large transfer count reset logic to be unconditional tcp: Fix a data-race around sysctl_tcp_probe_interval. tcp: Fix a data-race around sysctl_tcp_probe_threshold. tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. tcp: Fix data-races around sysctl_tcp_min_snd_mss. tcp: Fix data-races around sysctl_tcp_base_mss. tcp: Fix data-races around sysctl_tcp_mtu_probing. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. ip: Fix a data-race around sysctl_fwmark_reflect. ip: Fix data-races around sysctl_ip_nonlocal_bind. ip: Fix data-races around sysctl_ip_fwd_use_pmtu. ip: Fix data-races around sysctl_ip_no_pmtu_disc. igc: Reinstate IGC_REMOVED logic and implement it properly perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() pinctrl: ralink: Check for null return of devm_kcalloc power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() serial: mvebu-uart: correctly report configured baudrate value PCI: hv: Fix interrupt mapping for multi-MSI PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI PCI: hv: Fix multi-MSI to allow more than one MSI vector xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE lockdown: Fix kexec lockdown bypass with ima policy mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication riscv: add as-options for modules with assembly compontents pinctrl: stm32: fix optional IRQ support to gpios Revert "cgroup: Use separate src/dst nodes when preloading css_sets for migration" Linux 5.4.207 can: m_can: m_can_tx_handler(): fix use after free of skb serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle serial: stm32: Clear prev values before setting RTS delays serial: 8250: fix return error code in serial8250_request_std_resource() tty: serial: samsung_tty: set dma burst_size to 1 usb: dwc3: gadget: Fix event pending check usb: typec: add missing uevent when partner support PD USB: serial: ftdi_sio: add Belimo device ids signal handling: don't use BUG_ON() for debugging ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 soc: ixp4xx/npe: Fix unused match warning x86: Clear .brk area at early boot irqchip: or1k-pic: Undefine mask_ack for level triggered hardware ASoC: madera: Fix event generation for rate controls ASoC: madera: Fix event generation for OUT1 demux ASoC: cs47l15: Fix event generation for low power mux control ASoC: wm5110: Fix DRE control ASoC: ops: Fix off by one in range control validation net: sfp: fix memory leak in sfp_probe() nvme: fix regression when disconnect a recovering ctrl NFC: nxp-nci: don't print header length mismatch on i2c error net: tipc: fix possible refcount leak in tipc_sk_create() platform/x86: hp-wmi: Ignore Sanitization Mode event cpufreq: pmac32-cpufreq: Fix refcount leak bug netfilter: br_netfilter: do not skip all hooks with 0 priority virtio_mmio: Restore guest page size on resume virtio_mmio: Add missing PM calls to freeze/restore mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE sfc: fix kernel panic when creating VF seg6: bpf: fix skb checksum in bpf_push_seg6_encap() seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors seg6: fix skb checksum evaluation in SRH encapsulation/insertion sfc: fix use after free when disabling sriov net: ftgmac100: Hold reference returned by of_get_child_by_name() ipv4: Fix data-races around sysctl_ip_dynaddr. raw: Fix a data-race around sysctl_raw_l3mdev_accept. icmp: Fix a data-race around sysctl_icmp_ratemask. icmp: Fix a data-race around sysctl_icmp_ratelimit. drm/i915/gt: Serialize TLB invalidates with GT resets ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero ARM: dts: at91: sama5d2: Fix typo in i2s1 node ipv4: Fix a data-race around sysctl_fib_sync_mem. icmp: Fix data-races around sysctl. cipso: Fix data-races around sysctl. net: Fix data-races around sysctl_mem. inetpeer: Fix data-races around sysctl. net: stmmac: dwc-qos: Disable split header for Tegra194 ASoC: sgtl5000: Fix noise on shutdown/remove ima: Fix a potential integer overflow in ima_appraise_measurement drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() ARM: 9210/1: Mark the FDT_FIXED sections as shareable ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count ext4: fix race condition between ext4_write and ext4_convert_inline_data sched/rt: Disable RT_RUNTIME_SHARE by default Revert "evm: Fix memleak in init_desc" nilfs2: fix incorrect masking of permission flags for symlinks drm/panfrost: Fix shrinker list corruption by madvise IOCTL cgroup: Use separate src/dst nodes when preloading css_sets for migration wifi: mac80211: fix queue selection for mesh/OCB interfaces ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction ARM: 9213/1: Print message about disabled Spectre workarounds only once ip: fix dflt addr selection for connected nexthop net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer tracing/histograms: Fix memory leak problem xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model ALSA: hda - Add fixup for Dell Latitidue E5430 Linux 5.4.206 Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting" Linux 5.4.205 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly dmaengine: pl330: Fix lockdep warning about non-static key ida: don't use BUG_ON() for debugging dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo misc: rtsx_usb: set return value in rsp_buf alloc err path misc: rtsx_usb: use separate command and response buffers misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer dmaengine: imx-sdma: Allow imx8m for imx7 FW revs i2c: cadence: Unregister the clk notifier in error path selftests: forwarding: fix error message in learning_test selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT ibmvnic: Properly dispose of all skbs during a failover. ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt ARM: at91: pm: use proper compatible for sama5d2's rtc pinctrl: sunxi: sunxi_pconf_set: use correct offset pinctrl: sunxi: a83t: Fix NAND function name for some pins ARM: meson: Fix refcount leak in meson_smp_prepare_cpus xfs: remove incorrect ASSERT in xfs_rename can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info powerpc/powernv: delay rng platform device creation until later in boot video: of_display_timing.h: include errno.h fbcon: Prevent that screen size is smaller than font size fbcon: Disallow setting font bigger than screen size fbmem: Check virtual screen sizes in fb_set_var() fbdev: fbmem: Fix logo center image dx issue iommu/vt-d: Fix PCI bus rescan device hot add net: rose: fix UAF bug caused by rose_t0timer_expiry usbnet: fix memory leak in error case can: gs_usb: gs_usb_open/close(): fix memory leak can: grcan: grcan_probe(): remove extra of_node_get() can: bcm: use call_rcu() instead of costly synchronize_rcu() mm/slub: add missing TID updates on slab deactivation esp: limit skb_page_frag_refill use to a single page Linux 5.4.204 clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() net: usb: qmi_wwan: add Telit 0x1070 composition net: usb: qmi_wwan: add Telit 0x1060 composition xen/arm: Fix race in RB-tree based P2M accounting xen/blkfront: force data bouncing when backend is untrusted xen/netfront: force data bouncing when backend is untrusted xen/netfront: fix leaking data in shared pages xen/blkfront: fix leaking data in shared pages selftests/rseq: Change type of rseq_offset to ptrdiff_t selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area selftests/rseq: Fix: work-around asm goto compiler bugs selftests/rseq: Remove arm/mips asm goto compiler work-around selftests/rseq: Fix warnings about #if checks of undefined tokens selftests/rseq: Fix ppc32 offsets by using long rather than off_t selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 selftests/rseq: Introduce thread pointer getters selftests/rseq: Introduce rseq_get_abi() helper selftests/rseq: Remove volatile from __rseq_abi selftests/rseq: Remove useless assignment to cpu variable selftests/rseq: introduce own copy of rseq uapi header selftests/rseq: remove ARRAY_SIZE define from individual tests rseq/selftests,x86_64: Add rseq_offset_deref_addv() ipv6/sit: fix ipip6_tunnel_get_prl return value sit: use min net: dsa: bcm_sf2: force pause link settings hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails xen/gntdev: Avoid blocking in unmap_grant_pages() net: tun: avoid disabling NAPI twice NFC: nxp-nci: Don't issue a zero length i2c_master_read() nfc: nfcmrvl: Fix irq_of_parse_and_map() return value net: bonding: fix use-after-free after 802.3ad slave unbind net: bonding: fix possible NULL deref in rlb code net/sched: act_api: Notify user space if any actions were flushed before error netfilter: nft_dynset: restore set element counter when failing to update s390: remove unneeded 'select BUILD_BIN2C' PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events caif_virtio: fix race between virtio_device_ready() and ndo_open() net: ipv6: unexport __init-annotated seg6_hmac_net_init() usbnet: fix memory allocation in helpers linux/dim: Fix divide by 0 in RDMA DIM RDMA/qedr: Fix reporting QP timeout attribute net: tun: stop NAPI when detaching queues net: tun: unlink NAPI from device on destruction selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test virtio-net: fix race between ndo_open() and virtio_device_ready() net: usb: ax88179_178a: Fix packet receiving net: rose: fix UAF bugs caused by timer handler SUNRPC: Fix READ_PLUS crasher s390/archrandom: simplify back to earlier design and initialize earlier dm raid: fix KASAN warning in raid5_add_disks dm raid: fix accesses beyond end of raid member array powerpc/bpf: Fix use of user_pt_regs in uapi powerpc/prom_init: Fix kernel config grep nvdimm: Fix badblocks clear off-by-one error ipv6: take care of disable_policy when restoring routes Linux 5.4.203 crypto: arm/ghash-ce - define fpu before fpu registers are referenced crypto: arm - use Kconfig based compiler checks for crypto opcodes ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler ARM: OMAP2+: drop unnecessary adrl ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand ARM: 8933/1: replace Sun/Solaris style flag on section directive crypto: arm/sha512-neon - avoid ADRL pseudo instruction crypto: arm/sha256-neon - avoid ADRL pseudo instruction ARM: 8971/1: replace the sole use of a symbol with its definition ARM: 8990/1: use VFP assembler mnemonics in register load/store macros ARM: 8989/1: use .fpu assembler directives instead of assembler arguments net: mscc: ocelot: allow unregistered IP multicast flooding kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] powerpc/ftrace: Remove ftrace init tramp once kernel init is complete drm: remove drm_fb_helper_modinit Linux 5.4.202 powerpc/pseries: wire up rng during setup_arch() kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) random: update comment from copy_to_user() -> copy_to_iter() modpost: fix section mismatch check for exported init/exit sections ARM: cns3xxx: Fix refcount leak in cns3xxx_init ARM: Fix refcount leak in axxia_boot_secondary soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe ARM: exynos: Fix refcount leak in exynos_map_pmu ARM: dts: imx6qdl: correct PU regulator ramp delay powerpc/powernv: wire up rng during setup_arch powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address powerpc: Enable execve syscall exit tracepoint parisc: Enable ARCH_HAS_STRICT_MODULE_RWX xtensa: Fix refcount leak bug in time.c xtensa: xtfpga: Fix refcount leak bug in setup iio: adc: axp288: Override TS pin bias current for some models iio: adc: stm32: fix maximum clock rate for stm32mp15x iio: trigger: sysfs: fix use-after-free on remove iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() iio: accel: mma8452: ignore the return value of reset operation iio:accel:mxc4005: rearrange iio trigger get and register iio:accel:bma180: rearrange iio trigger get and register iio:chemical:ccs811: rearrange iio trigger get and register usb: chipidea: udc: check request status before setting device address xhci: turn off port power in shutdown iio: adc: vf610: fix conversion mode sysfs node name s390/cpumf: Handle events cycles and instructions identical gpio: winbond: Fix error code in winbond_gpio_get() Revert "net/tls: fix tls_sk_proto_close executed repeatedly" virtio_net: fix xdp_rxq_info bug after suspend/resume igb: Make DMA faster when CPU is active on the PCIe link regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips ice: ethtool: advertise 1000M speeds properly afs: Fix dynamic root getattr MIPS: Remove repetitive increase irq_err_count x86/xen: Remove undefined behavior in setup_features() udmabuf: add back sanity check net/tls: fix tls_sk_proto_close executed repeatedly erspan: do not assume transport header is always set drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers phy: aquantia: Fix AN when higher speeds than 1G are not advertised bpf: Fix request_sock leak in sk lookup helpers USB: serial: option: add Quectel RM500K module support USB: serial: option: add Quectel EM05-G modem USB: serial: option: add Telit LE910Cx 0x1250 composition random: quiet urandom warning ratelimit suppression message dm mirror log: clear log bits up to BITS_PER_LONG boundary dm era: commit metadata in postsuspend after worker stops ata: libata: add qc->flags in ata_qc_complete_template tracepoint mtd: rawnand: gpmi: Fix setting busy timeout setting mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing net: openvswitch: fix parsing of nw_proto for IPv6 fragments ALSA: hda/realtek: Add quirk for Clevo PD70PNT ALSA: hda/realtek - ALC897 headset MIC no sound ALSA: hda/conexant: Fix missing beep setup ALSA: hda/via: Fix missing beep setup random: schedule mix_interrupt_randomness() less often vt: drop old FONT ioctls Linux 5.4.201 Revert "hwmon: Make chip parameter for with_info API mandatory" arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer tcp: drop the hash_32() part from the index calculation tcp: increase source port perturb table to 2^16 tcp: dynamically allocate the perturb table used by source ports tcp: add small random increments to the source port tcp: use different parts of the port_offset for index and offset tcp: add some entropy in __inet_hash_connect() usb: gadget: u_ether: fix regression in setting fixed MAC address dm: remove special-casing of bio-based immutable singleton target on NVMe s390/mm: use non-quiescing sske for KVM switch to keyed guest UPSTREAM: ext4: verify dir block before splitting it UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled BACKPORT: ext4: fix no-key deletion for encrypt+casefold BACKPORT: ext4: optimize match for casefolded encrypted dirs BACKPORT: ext4: handle casefolding with encryption Revert "ANDROID: ext4: Handle casefolding with encryption" Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs" ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps ANDROID: change function signatures for some random functions. Revert "mailbox: forward the hrtimer if not queued and under a lock" Revert "drm: fix EDID struct for old ARM OABI format" Revert "ALSA: jack: Access input_dev under mutex" Linux 5.4.200 powerpc/mm: Switch obsolete dssall to .long riscv: Less inefficient gcc tishift helpers (and export their symbols) RISC-V: fix barrier() use in <vdso/processor.h> arm64: kprobes: Use BRK instead of single-step when executing instructions out-of-line net: openvswitch: fix leak of nested actions net: openvswitch: fix misuse of the cached connection on tuple changes net/sched: act_police: more accurate MTU policing virtio-pci: Remove wrong address verification in vp_del_vqs() ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 ext4: add reserved GDT blocks check ext4: make variable "count" signed ext4: fix bug_on ext4_mb_use_inode_pa dm mirror log: round up region bitmap size to BITS_PER_LONG serial: 8250: Store to lsr_save_flags after lsr read usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe usb: dwc2: Fix memory leak in dwc2_hcd_init USB: serial: io_ti: add Agilent E5805A support USB: serial: option: add support for Cinterion MV31 with new baseline comedi: vmk80xx: fix expression for tx buffer size i2c: designware: Use standard optional ref clock implementation irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions irqchip/gic/realview: Fix refcount leak in realview_gic_of_init faddr2line: Fix overlapping text section failures, the sequel certs/blacklist_hashes.c: fix const confusion in certs blacklist arm64: ftrace: fix branch range checks net: bgmac: Fix an erroneous kfree() in bgmac_remove() mlxsw: spectrum_cnt: Reorder counter pools misc: atmel-ssc: Fix IRQ check in ssc_probe tty: goldfish: Fix free_irq() on remove i40e: Fix call trace in setup_tx_descriptors i40e: Fix calculating the number of queue pairs i40e: Fix adding ADQ filter to TC0 clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE random: credit cpu and bootloader seeds by default net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed ALSA: hda/realtek - Add HW8326 support scsi: pmcraid: Fix missing resource cleanup in error case scsi: ipr: Fix missing/incorrect resource cleanup in error case scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology scsi: vmw_pvscsi: Expand vcpuHint to 16 bits ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() ASoC: es8328: Fix event generation for deemphasis control ASoC: wm8962: Fix suspend while playing music ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() ASoC: cs42l56: Correct typo in minimum level for SX volume controls ASoC: cs42l52: Correct TLV for Bypass Volume ASoC: cs53l30: Correct number of volume levels on SX controls ASoC: cs35l36: Update digital volume TLV ASoC: cs42l52: Fix TLV scales for mixer controls dma-debug: make things less spammy under memory pressure ASoC: nau8822: Add operation for internal PLL off and on powerpc/kasan: Silence KASAN warnings in __get_wchan() random: account for arch randomness in bits random: mark bootloader randomness code as __init random: avoid checking crng_ready() twice in random_init() crypto: drbg - make reseeding from get_random_bytes() synchronous crypto: drbg - always try to free Jitter RNG instance crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() crypto: drbg - prepare for more fine-grained tracking of seeding state crypto: drbg - always seeded with SP800-90B compliant noise source Revert "random: use static branch for crng_ready()" random: check for signals after page of pool writes random: wire up fops->splice_{read,write}_iter() random: convert to using fops->write_iter() random: convert to using fops->read_iter() random: unify batched entropy implementations random: move randomize_page() into mm where it belongs random: move initialization functions out of hot pages random: make consistent use of buf and len random: use proper return types on get_random_{int,long}_wait() random: remove extern from functions in header random: use static branch for crng_ready() random: credit architectural init the exact amount random: handle latent entropy and command line from random_init() random: use proper jiffies comparison macro random: remove ratelimiting for in-kernel unseeded randomness random: move initialization out of reseeding hot path random: avoid initializing twice in credit race random: use symbolic constants for crng_init states siphash: use one source of truth for siphash permutations random: help compiler out with fast_mix() by using simpler arguments random: do not use input pool from hard IRQs random: order timer entropy functions below interrupt functions random: do not pretend to handle premature next security model random: use first 128 bits of input as fast init random: do not use batches when !crng_ready() random: insist on random_get_entropy() existing in order to simplify xtensa: use fallback for random_get_entropy() instead of zero sparc: use fallback for random_get_entropy() instead of zero um: use fallback for random_get_entropy() instead of zero x86/tsc: Use fallback for random_get_entropy() instead of zero nios2: use fallback for random_get_entropy() instead of zero arm: use fallback for random_get_entropy() instead of zero mips: use fallback for random_get_entropy() instead of just c0 random m68k: use fallback for random_get_entropy() instead of zero timekeeping: Add raw clock fallback for random_get_entropy() powerpc: define get_cycles macro for arch-override alpha: define get_cycles macro for arch-override parisc: define get_cycles macro for arch-override s390: define get_cycles macro for arch-override ia64: define get_cycles macro for arch-override init: call time_init() before rand_initialize() random: fix sysctl documentation nits random: document crng_fast_key_erasure() destination possibility random: make random_get_entropy() return an unsigned long random: allow partial reads if later user copies fail random: check for signals every PAGE_SIZE chunk of /dev/[u]random random: check for signal_pending() outside of need_resched() check random: do not allow user to keep crng key around on stack random: do not split fast init input in add_hwgenerator_randomness() random: mix build-time latent entropy into pool at init random: re-add removed comment about get_random_{u32,u64} reseeding random: treat bootloader trust toggle the same way as cpu trust toggle random: skip fast_init if hwrng provides large chunk of entropy random: check for signal and try earlier when generating entropy random: reseed more often immediately after booting random: make consistent usage of crng_ready() random: use SipHash as interrupt entropy accumulator random: replace custom notifier chain with standard one random: don't let 644 read-only sysctls be written to random: give sysctl_random_min_urandom_seed a more sensible value random: do crng pre-init loading in worker rather than irq random: unify cycles_t and jiffies usage and types random: cleanup UUID handling random: only wake up writers after zap if threshold was passed random: round-robin registers as ulong, not u32 random: clear fast pool, crng, and batches in cpuhp bring up random: pull add_hwgenerator_randomness() declaration into random.h random: check for crng_init == 0 in add_device_randomness() random: unify early init crng load accounting random: do not take pool spinlock at boot random: defer fast pool mixing to worker random: rewrite header introductory comment random: group sysctl functions random: group userspace read/write functions random: group entropy collection functions random: group entropy extraction functions random: group crng functions random: group initialization wait functions random: remove whitespace and reorder includes random: remove useless header comment random: introduce drain_entropy() helper to declutter crng_reseed() random: deobfuscate irq u32/u64 contributions random: add proper SPDX header random: remove unused tracepoints random: remove ifdef'd out interrupt bench random: tie batched entropy generation to base_crng generation random: fix locking for crng_init in crng_reseed() random: zero buffer after reading entropy from userspace random: remove outdated INT_MAX >> 6 check in urandom_read() random: make more consistent use of integer types random: use hash function for crng_slow_load() random: use simpler fast key erasure flow on per-cpu keys random: absorb fast pool into input pool after fast load random: do not xor RDRAND when writing into /dev/random random: ensure early RDSEED goes through mixer on init random: inline leaves of rand_initialize() random: get rid of secondary crngs random: use RDSEED instead of RDRAND in entropy extraction random: fix locking in crng_fast_load() random: remove batched entropy locking random: remove use_input_pool parameter from crng_reseed() random: make credit_entropy_bits() always safe random: always wake up entropy writers after extraction random: use linear min-entropy accumulation crediting random: simplify entropy debiting random: use computational hash for entropy extraction random: only call crng_finalize_init() for primary_crng random: access primary_pool directly rather than through pointer random: continually use hwgenerator randomness random: simplify arithmetic function flow in account() random: selectively clang-format where it makes sense random: access input_pool_data directly rather than through pointer random: cleanup fractional entropy shift constants random: prepend remaining pool constants with POOL_ random: de-duplicate INPUT_POOL constants random: remove unused OUTPUT_POOL constants random: rather than entropy_store abstraction, use global random: remove unused extract_entropy() reserved argument random: remove incomplete last_data logic random: cleanup integer types random: cleanup poolinfo abstraction random: fix typo in comments random: don't reset crng_init_cnt on urandom_read() random: avoid superfluous call to RDRAND in CRNG extraction random: early initialization of ChaCha constants random: initialize ChaCha20 constants with correct endianness random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs random: harmonize "crng init done" messages random: mix bootloader randomness into pool random: do not re-init if crng_reseed completes before primary init random: do not sign extend bytes for rotation when mixing random: use BLAKE2s instead of SHA1 in extraction random: remove unused irq_flags argument from add_interrupt_randomness() random: document add_hwgenerator_randomness() with other input functions crypto: blake2s - adjust include guard naming crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> MAINTAINERS: co-maintain random.c random: remove dead code left over from blocking pool random: avoid arch_get_random_seed_long() when collecting IRQ randomness random: add arch_get_random_*long_early() powerpc: Use bool in archrandom.h linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check linux/random.h: Use false with bool linux/random.h: Remove arch_has_random, arch_has_random_seed s390: Remove arch_has_random, arch_has_random_seed powerpc: Remove arch_has_random, arch_has_random_seed x86: Remove arch_has_random, arch_has_random_seed random: avoid warnings for !CONFIG_NUMA builds random: split primary/secondary crng init paths random: remove some dead code of poolinfo random: fix typo in add_timer_randomness() random: Add and use pr_fmt() random: convert to ENTROPY_BITS for better code readability random: remove unnecessary unlikely() random: remove kernel.random.read_wakeup_threshold random: delete code to pull data into pools random: remove the blocking pool random: make /dev/random be almost like /dev/urandom random: ignore GRND_RANDOM in getentropy(2) random: add GRND_INSECURE to return best-effort non-cryptographic bytes random: Add a urandom_read_nowait() for random APIs that don't warn random: Don't wake crng_init_wait when crng_init == 1 random: don't forget compat_ioctl on urandom compat_ioctl: remove /dev/random commands lib/crypto: sha1: re-roll loops to reduce code size lib/crypto: blake2s: move hmac construction into wireguard crypto: blake2s - generic C library implementation and selftest nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION bpf: Fix incorrect memory charge cost calculation in stack_map_alloc() 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes" Revert "ext4: fix use-after-free in ext4_rename_dir_prepare" Revert "ext4: verify dir block before splitting it" Linux 5.4.199 x86/speculation/mmio: Print SMT warning KVM: x86/speculation: Disable Fill buffer clear within guests x86/speculation/mmio: Reuse SRBDS mitigation for SBDS x86/speculation/srbds: Update SRBDS mitigation selection x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data x86/speculation/mmio: Enable CPU Fill buffer clearing on idle x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data x86/speculation: Add a common function for MD_CLEAR mitigation update x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug Documentation: Add documentation for Processor MMIO Stale Data x86/cpu: Add another Alder Lake CPU to the Intel family x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family x86/cpu: Add Jasper Lake to Intel family cpu/speculation: Add prototype for cpu_show_srbds() Linux 5.4.198 tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N md/raid0: Ignore RAID0 layout if the second zone has only one device powerpc/32: Fix overread/overwrite of thread_struct via ptrace Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag ixgbe: fix unexpected VLAN Rx in promisc mode on VF ixgbe: fix bcast packets Rx on VF after promisc removal nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION mmc: block: Fix CQE recovery reset success ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files cifs: return errors during session setup during reconnects ALSA: hda/conexant - Fix loopback issue with CX20632 scripts/gdb: change kernel config dumping method vringh: Fix loop descriptors check in the indirect cases nodemask: Fix return values to be unsigned cifs: version operations for smb20 unneeded when legacy support disabled s390/gmap: voluntarily schedule during key setting nbd: fix io hung while disconnecting device nbd: fix race between nbd_alloc_config() and module removal nbd: call genl_unregister_family() first in nbd_cleanup() x86/cpu: Elide KCSAN for cpu_has() and friends modpost: fix undefined behavior of is_arm_mapping_symbol() drm/radeon: fix a possible null pointer dereference ceph: allow ceph.dir.rctime xattr to be updatable Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" scsi: myrb: Fix up null pointer access on myrb_cleanup() md: protect md_unregister_thread from reentrancy watchdog: wdat_wdt: Stop watchdog when rebooting the system kernfs: Separate kernfs_pr_cont_buf and rename_lock. serial: msm_serial: disable interrupts in __msm_console_write() staging: rtl8712: fix uninit-value in r871xu_drv_init() staging: rtl8712: fix uninit-value in usb_read8() and friends clocksource/drivers/sp804: Avoid error on multiple instances extcon: Modify extcon device to be created after driver data is set misc: rtsx: set NULL intfdata when probe fails usb: dwc2: gadget: don't reset gadget's driver->bus USB: hcd-pci: Fully suspend across freeze/thaw cycle drivers: usb: host: Fix deadlock in oxu_bus_suspend() drivers: tty: serial: Fix deadlock in sa1100_set_termios() USB: host: isp116x: check return value after calling platform_get_resource() drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() tty: Fix a possible resource leak in icom_probe tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() lkdtm/usercopy: Expand size of "out of frame" object iio: st_sensors: Add a local lock for protecting odr iio: dummy: iio_simple_dummy: check the return value of kstrdup() drm: imx: fix compiler warning with gcc-12 net: altera: Fix refcount leak in altera_tse_mdio_create ip_gre: test csum_start instead of transport header net/mlx5: fs, fail conflicting actions net/mlx5: Rearm the FW tracer after each tracer event net: ipv6: unexport __init-annotated seg6_hmac_init() net: xfrm: unexport __init-annotated xfrm4_protocol_init() net: mdio: unexport __init-annotated mdio_bus_init() SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list bpf, arm64: Clear prog->jited_len along prog->jited af_unix: Fix a data-race in unix_dgram_peer_wake_me(). xen: unexport __init-annotated xen_xlate_map_ballooned_pages() netfilter: nf_tables: memleak flow rule from commit path ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe netfilter: nat: really support inet nat without l3 address xprtrdma: treat all calls not a bcall when bc_serv is NULL video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() NFSv4: Don't hold the layoutget locks across multiple RPC calls dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type m68knommu: fix undefined reference to `_init_sp' m68knommu: set ZERO_PAGE() to the allocated zeroed page i2c: cadence: Increase timeout per message if necessary f2fs: remove WARN_ON in f2fs_is_valid_blkaddr tracing: Avoid adding tracer option before update_tracer_options tracing: Fix sleeping function called from invalid context on RT kernel mips: cpc: Fix refcount leak in mips_cpc_default_phys_base perf c2c: Fix sorting in percent_rmt_hitm_cmp() tipc: check attribute length for bearer name afs: Fix infinite loop found by xfstest generic/676 tcp: tcp_rtx_synack() can be called from process context net: sched: add barrier to fix packet stuck problem for lockless qdisc net/mlx5e: Update netdev features after changing XDP state net/mlx5: Don't use already freed action pointer nfp: only report pause frame configuration for physical device ubi: ubi_create_volume: Fix use-after-free when volume creation failed jffs2: fix memory leak in jffs2_do_fill_super modpost: fix removing numeric suffixes net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog s390/crypto: fix scatterwalk_unmap() callers in AES-GCM clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe driver core: fix deadlock in __device_attach driver: base: fix UAF when driver_attach failed bus: ti-sysc: Fix warnings for unbind for serial firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle serial: stm32-usart: Correct CSIZE, bits, and parity serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 serial: sifive: Sanitize CSIZE and c_iflag serial: sh-sci: Don't allow CS5-6 serial: txx9: Don't allow CS5-6 serial: rda-uart: Don't allow CS5-6 serial: digicolor-usart: Don't allow CS5-6 serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 serial: meson: acquire port->lock in startup() rtc: mt6397: check return value after calling platform_get_resource() clocksource/drivers/riscv: Events are stopped during CPU suspend soc: rockchip: Fix refcount leak in rockchip_grf_init coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier serial: sifive: Report actual baud base rather than fixed 115200 phy: qcom-qmp: fix pipe-clock imbalance on power-on failure rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails iio: adc: sc27xx: Fine tune the scale calibration values iio: adc: sc27xx: fix read big scale voltage not right iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check firmware: stratix10-svc: fix a missing check on list iterator usb: dwc3: pci: Fix pm_runtime_get_sync() error checking rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value pwm: lp3943: Fix duty calculation in case period was clamped staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() usb: musb: Fix missing of_node_put() in omap2430_probe USB: storage: karma: fix rio_karma_init return usb: usbip: add missing device lock on tweak configuration cmd usb: usbip: fix a refcount leak in stub_probe() tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe tty: goldfish: Use tty_port_destroy() to destroy port iio: adc: ad7124: Remove shift from scan_type staging: greybus: codecs: fix type confusion of list iterator variable pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards md: bcache: check the return value of kzalloc() in detached_dev_do_request() block: fix bio_clone_blkg_association() to associate with proper blkcg_gq bfq: Make sure bfqg for which we are queueing requests is online bfq: Get rid of __bio_blkcg() usage bfq: Remove pointless bfq_init_rq() calls bfq: Drop pointless unlock-lock pair bfq: Avoid merging queues with different parents MIPS: IP27: Remove incorrect `cpu_has_fpu' override RDMA/rxe: Generate a completion for unsupported/invalid opcode Kconfig: add config option for asm goto w/ outputs phy: qcom-qmp: fix reset-controller leak on probe errors blk-iolatency: Fix inflight count imbalances and IO hangs on offline dt-bindings: gpio: altera: correct interrupt-cells docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 ARM: pxa: maybe fix gpio lookup tables phy: qcom-qmp: fix struct clk leak on probe errors arm64: dts: qcom: ipq8074: fix the sleep clock frequency gma500: fix an incorrect NULL check on list iterator tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator serial: pch: don't overwrite xmit->buf[0] by x_char carl9170: tx: fix an incorrect use of list iterator ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control rtl818x: Prevent using not initialized queues hugetlb: fix huge_pmd_unshare address update nodemask.h: fix compilation error with GCC12 iommu/msm: Fix an incorrect NULL check on list iterator um: Fix out-of-bounds read in LDT setup um: chan_user: Fix winch_tramp() return value mac80211: upgrade passive scan to active scan on DFS channels after beacon rx irqchip: irq-xtensa-mx: fix initial IRQ affinity irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x RDMA/hfi1: Fix potential integer multiplication overflow errors Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug media: coda: Add more H264 levels for CODA960 media: coda: Fix reported H264 profile mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write md: fix an incorrect NULL check in md_reload_sb md: fix an incorrect NULL check in does_sb_need_changing drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX drm/nouveau/clk: Fix an incorrect NULL check on list iterator drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled scsi: dc395x: Fix a missing check on list iterator ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock dlm: fix missing lkb refcount handling dlm: fix plock invalid read mm, compaction: fast_find_migrateblock() should return pfn in the target zone PCI: qcom: Fix unbalanced PHY init on probe errors PCI: qcom: Fix runtime PM imbalance on probe errors PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 tracing: Fix potential double free in create_var_ref() ACPI: property: Release subnode properties with data nodes ext4: avoid cycles in directory h-tree ext4: verify dir block before splitting it ext4: fix bug_on in ext4_writepages ext4: fix warning in ext4_handle_inode_extension ext4: fix use-after-free in ext4_rename_dir_prepare netfilter: nf_tables: disallow non-stateful expression in sets earlier bfq: Track whether bfq_group is still online bfq: Update cgroup information before merging bio bfq: Split shared queues on move between cgroups efi: Do not import certificates from UEFI Secure Boot for T2 Macs fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages iwlwifi: mvm: fix assert 1F04 upon reconfig wifi: mac80211: fix use-after-free in chanctx code f2fs: fix fallocate to use file_modified to update permissions consistently f2fs: don't need inode lock for system hidden quota f2fs: fix deadloop in foreground GC f2fs: fix to clear dirty inode in f2fs_evict_inode() f2fs: fix to do sanity check on block address in f2fs_do_zero_range() f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() perf jevents: Fix event syntax error caused by ExtSel perf c2c: Use stdio interface if slang is not supported iommu/amd: Increase timeout waiting for GA log enablement dmaengine: stm32-mdma: remove GISR1 register video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout NFS: Don't report errors from nfs_pageio_complete() more than once NFS: Do not report flush errors in nfs_write_end() NFS: Do not report EINTR/ERESTARTSYS as mapping errors i2c: at91: Initialize dma_buf in at91_twi_xfer() i2c: at91: use dma safe buffers iommu/mediatek: Add list_del in mtk_iommu_remove f2fs: fix dereference of stale list iterator after loop body Input: stmfts - do not leave device disabled in stmfts_input_open RDMA/hfi1: Prevent use of lock before it is initialized mailbox: forward the hrtimer if not queued and under a lock mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup macintosh: via-pmu and via-cuda need RTC_LIB powerpc/perf: Fix the threshold compare group constraint for power9 powerpc/64: Only WARN if __pa()/__va() called with bad addresses Input: sparcspkr - fix refcount leak in bbc_beep_probe crypto: cryptd - Protect per-CPU resource by disabling BH. tty: fix deadlock caused by calling printk() under tty_port->lock PCI: imx6: Fix PERST# start-up sequence ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() proc: fix dentry/inode overinstantiating under /proc/${pid}/net powerpc/4xx/cpm: Fix return value of __setup() handler powerpc/idle: Fix return value of __setup() handler powerpc/8xx: export 'cpm_setbrg' for modules dax: fix cache flush on PMD-mapped pages drivers/base/node.c: fix compaction sysfs file leak pinctrl: mvebu: Fix irq_of_parse_and_map() return value nvdimm: Allow overwrite in the presence of disabled dimms firmware: arm_scmi: Fix list protocols enumeration in the base protocol scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() mfd: ipaq-micro: Fix error check return value of platform_get_irq() powerpc/fadump: fix PT_LOAD segment for boot memory area arm: mediatek: select arch timer for mt7629 crypto: marvell/cesa - ECB does not IV misc: ocxl: fix possible double free in ocxl_file_register_afu ARM: dts: bcm2835-rpi-b: Fix GPIO line names ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT can: xilinx_can: mark bit timing constants as const KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry PCI: rockchip: Fix find_first_zero_bit() limit PCI: cadence: Fix find_first_zero_bit() limit soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc ARM: dts: suniv: F1C100: fix watchdog compatible arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 net/smc: postpone sk_refcnt increment in connect() rxrpc: Fix decision on when to generate an IDLE ACK rxrpc: Don't let ack.previousPacket regress rxrpc: Fix overlapping ACK accounting rxrpc: Don't try to resend the request if we're receiving the reply rxrpc: Fix listen() setting the bar too high for the prealloc rings NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init ext4: reject the 'commit' option on ext2 filesystems media: ov7670: remove ov7670_power_off from ov7670_remove sctp: read sk->sk_bound_dev_if once in sctp_rcv() m68k: math-emu: Fix dependencies of math emulation support Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout media: vsp1: Fix offset calculation for plane cropping media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init media: exynos4-is: Change clk_disable to clk_disable_unprepare media: st-delta: Fix PM disable depth imbalance in delta_probe media: aspeed: Fix an error handling path in aspeed_video_probe() scripts/faddr2line: Fix overlapping text section failures regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe perf/amd/ibs: Use interrupt regs ip for stack unwinding Revert "cpufreq: Fix possible race in cpufreq online error path" iomap: iomap_write_failed fix media: uvcvideo: Fix missing check to determine if element is found in list drm/msm: return an error pointer in msm_gem_prime_get_sg_table() drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET x86/mm: Cleanup the control_va_addr_alignment() __setup handler irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value irqchip/exiu: Fix acknowledgment of edge triggered interrupts x86: Fix return value of __setup handlers virtio_blk: fix the discard_granularity and discard_alignment queue limits drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() drm/msm/hdmi: check return value after calling platform_get_resource_byname() drm/msm/dsi: fix error checks and return values for DSI xmit functions drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume perf tools: Add missing headers needed by util/data.h ASoC: rk3328: fix disabling mclk on pclk probe failure x86/speculation: Add missing prototype for unpriv_ebpf_notify() x86/pm: Fix false positive kmemleak report in msr_build_context() scsi: ufs: core: Exclude UECxx from SFR dump list of: overlay: do not break notify on NOTIFY_{OK|STOP} fsnotify: fix wrong lockdep annotations inotify: show inotify mask flags in proc fdinfo ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix cpufreq: Fix possible race in cpufreq online error path spi: img-spfi: Fix pm_runtime_get_sync() error checking sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq drm/bridge: Fix error handling in analogix_dp_probe HID: elan: Fix potential double free in elan_input_configured HID: hid-led: fix maximum brightness for Dream Cheeky drbd: fix duplicate array initializer efi: Add missing prototype for efi_capsule_setup_info NFC: NULL out the dev->rfkill to prevent UAF spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout drm: mali-dp: potential dereference of null pointer drm/komeda: Fix an undefined behavior bug in komeda_plane_add() nl80211: show SSID for P2P_GO interfaces bpf: Fix excessive memory allocation in stack_map_alloc() drm/vc4: txp: Force alpha to be 0xff if it's disabled drm/vc4: txp: Don't set TXP_VSTART_AT_EOF drm/mediatek: Fix mtk_cec_mask() x86/delay: Fix the wrong asm constraint in delay_loop() ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe drm/bridge: adv7511: clean up CEC adapter when probe fails drm/edid: fix invalid EDID extension block filtering ath9k: fix ar9003_get_eepmisc drm: fix EDID struct for old ARM OABI format RDMA/hfi1: Prevent panic when SDMA is disabled powerpc/iommu: Add missing of_node_put in iommu_init_early_dart macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled powerpc/powernv: fix missing of_node_put in uv_init() powerpc/xics: fix refcount leak in icp_opal_init() tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() ARM: hisi: Add missing of_node_put after of_find_compatible_node ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM ARM: versatile: Add missing of_node_put in dcscb_init fat: add ratelimit to fat*_ent_bread() powerpc/fadump: Fix fadump to work with a different endian capture kernel ARM: OMAP1: clock: Fix UART rate reporting algorithm fs: jfs: fix possible NULL pointer dereference in dbFree() PM / devfreq: rk3399_dmc: Disable edev on remove() ARM: dts: ox820: align interrupt controller node name with dtschema IB/rdmavt: add missing locks in rvt_ruc_loopback selftests/bpf: fix btf_dump/btf_dump due to recent clang change eth: tg3: silence the GCC 12 array-bounds warning rxrpc: Return an error to sendmsg if call failed hwmon: Make chip parameter for with_info API mandatory ASoC: max98357a: remove dependency on GPIOLIB media: exynos4-is: Fix compile warning net: phy: micrel: Allow probing without .driver_data nbd: Fix hung on disconnect request if socket is closed before ASoC: rt5645: Fix errorenous cleanup order nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags openrisc: start CPU timer early in boot media: cec-adap.c: fix is_configuring state media: coda: limit frame interval enumeration to supported encoder frame sizes rtlwifi: Use pr_warn instead of WARN_ONCE ipmi: Fix pr_fmt to avoid compilation issues ipmi:ssif: Check for NULL msg when handling events and messages ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC spi: stm32-qspi: Fix wait_cmd timeout in APM mode s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES ASoC: tscs454: Add endianness flag in snd_soc_component_driver HID: bigben: fix slab-out-of-bounds Write in bigben_probe drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo mlxsw: spectrum_dcb: Do not warn about priority changes ASoC: dapm: Don't fold register value changes into notifications net/mlx5: fs, delete the FTE when there are no rules attached to it ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL drm: msm: fix error check return value of irq_of_parse_and_map() arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall drm/amd/pm: fix the compile warning drm/plane: Move range check for format_count earlier scsi: megaraid: Fix error check return value of register_chrdev() mmc: jz4740: Apply DMA engine limits to maximum segment size md/bitmap: don't set sb values if can't pass sanity check media: cx25821: Fix the warning when removing the module media: pci: cx23885: Fix the error handling in cx23885_initdev() media: venus: hfi: avoid null dereference in deinit ath9k: fix QCA9561 PA bias level drm/amd/pm: fix double free in si_parse_power_table() tools/power turbostat: fix ICX DRAM power numbers spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction ALSA: jack: Access input_dev under mutex drm/komeda: return early if drm_universal_plane_init() fails. ACPICA: Avoid cache flush inside virtual machines fbcon: Consistently protect deferred_takeover with console_lock() ipv6: fix locking issues with loops over idev->addr_list ipw2x00: Fix potential NULL dereference in libipw_xmit() b43: Fix assigning negative value to unsigned variable b43legacy: Fix assigning negative value to unsigned variable mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes btrfs: repair super block num_devices automatically btrfs: add "0x" prefix for unsupported optional features ptrace: Reimplement PTRACE_KILL by always sending SIGKILL ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP perf/x86/intel: Fix event constraints for ICL usb: core: hcd: Add support for deferring roothub registration USB: new quirk for Dell Gen 2 devices USB: serial: option: add Quectel BG95 modem ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS binfmt_flat: do not stop relocating GOT entries prematurely on riscv Conflicts: Documentation/devicetree/bindings/dma/allwinner,sun50i-a64-dma.yaml Documentation/devicetree/bindings~HEAD drivers/char/Kconfig drivers/mmc/core/block.c kernel/sysctl.c Change-Id: If11e1865055bfb94b3268960268c88c3dfc032c3 |
||
|
Florian Westphal
|
11ebf32fde |
netfilter: ebtables: fix memory leak when blob is malformed
[ Upstream commit 62ce44c4fff947eebdf10bb582267e686e6835c9 ]
The bug fix was incomplete, it "replaced" crash with a memory leak.
The old code had an assignment to "ret" embedded into the conditional,
restore this.
Fixes: 7997eff82828 ("netfilter: ebtables: reject blobs that don't provide all entry points")
Reported-and-tested-by: syzbot+a24c5252f3e3ab733464@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Harsh Modi
|
323b6847e5 |
netfilter: br_netfilter: Drop dst references before setting.
[ Upstream commit d047283a7034140ea5da759a494fd2274affdd46 ]
The IPv6 path already drops dst in the daddr changed case, but the IPv4
path does not. This change makes the two code paths consistent.
Further, it is possible that there is already a metadata_dst allocated from
ingress that might already be attached to skbuff->dst while following
the bridge path. If it is not released before setting a new
metadata_dst, it will be leaked. This is similar to what is done in
bpf_set_tunnel_key() or ip6_route_input().
It is important to note that the memory being leaked is not the dst
being set in the bridge code, but rather memory allocated from some
other code path that is not being freed correctly before the skb dst is
overwritten.
An example of the leakage fixed by this commit found using kmemleak:
unreferenced object 0xffff888010112b00 (size 256):
comm "softirq", pid 0, jiffies 4294762496 (age 32.012s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 80 16 f1 83 ff ff ff ff ................
e1 4e f6 82 ff ff ff ff 00 00 00 00 00 00 00 00 .N..............
backtrace:
[<00000000d79567ea>] metadata_dst_alloc+0x1b/0xe0
[<00000000be113e13>] udp_tun_rx_dst+0x174/0x1f0
[<00000000a36848f4>] geneve_udp_encap_recv+0x350/0x7b0
[<00000000d4afb476>] udp_queue_rcv_one_skb+0x380/0x560
[<00000000ac064aea>] udp_unicast_rcv_skb+0x75/0x90
[<000000009a8ee8c5>] ip_protocol_deliver_rcu+0xd8/0x230
[<00000000ef4980bb>] ip_local_deliver_finish+0x7a/0xa0
[<00000000d7533c8c>] __netif_receive_skb_one_core+0x89/0xa0
[<00000000a879497d>] process_backlog+0x93/0x190
[<00000000e41ade9f>] __napi_poll+0x28/0x170
[<00000000b4c0906b>] net_rx_action+0x14f/0x2a0
[<00000000b20dd5d4>] __do_softirq+0xf4/0x305
[<000000003a7d7e15>] __irq_exit_rcu+0xc3/0x140
[<00000000968d39a2>] sysvec_apic_timer_interrupt+0x9e/0xc0
[<000000009e920794>] asm_sysvec_apic_timer_interrupt+0x16/0x20
[<000000008942add0>] native_safe_halt+0x13/0x20
Florian Westphal says: "Original code was likely fine because nothing
ever did set a skb->dst entry earlier than bridge in those days."
Fixes:
|
||
|
Florian Westphal
|
160c4eb47d |
netfilter: ebtables: reject blobs that don't provide all entry points
[ Upstream commit 7997eff82828304b780dc0a39707e1946d6f1ebf ]
Harshit Mogalapalli says:
In ebt_do_table() function dereferencing 'private->hook_entry[hook]'
can lead to NULL pointer dereference. [..] Kernel panic:
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[..]
RIP: 0010:ebt_do_table+0x1dc/0x1ce0
Code: 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5c 16 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 6c df 08 48 8d 7d 2c 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 88
[..]
Call Trace:
nf_hook_slow+0xb1/0x170
__br_forward+0x289/0x730
maybe_deliver+0x24b/0x380
br_flood+0xc6/0x390
br_dev_xmit+0xa2e/0x12c0
For some reason ebtables rejects blobs that provide entry points that are
not supported by the table, but what it should instead reject is the
opposite: blobs that DO NOT provide an entry point supported by the table.
t->valid_hooks is the bitmask of hooks (input, forward ...) that will see
packets. Providing an entry point that is not support is harmless
(never called/used), but the inverse isn't: it results in a crash
because the ebtables traverser doesn't expect a NULL blob for a location
its receiving packets for.
Instead of fixing all the individual checks, do what iptables is doing and
reject all blobs that differ from the expected hooks.
Fixes:
|
||
Srinivasarao Pathipati
|
630e7df8c5 |
Merge android11-5.4.197+ (3970bc6) into msm-5.4
* refs/heads/tmp-3970bc6:
UPSTREAM: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls
ANDROID: abi_gki_aarch64_qcom: Add vmemdup_user to qcom symbol list
ANDROID: GKI: update Sony KMI symbol list
UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
BACKPORT: mm: do_wp_page() simplification
UPSTREAM: mm/ksm: Remove reuse_ksm_page()
BACKPORT: ALSA: pcm: Fix races among concurrent prealloc proc writes
BACKPORT: ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
BACKPORT: ALSA: pcm: Fix races among concurrent read/write and buffer changes
ANDROID: Fix up abi issue with struct snd_pcm_runtime
BACKPORT: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
BACKPORT: nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
Linux 5.4.197
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
NFSD: Fix possible sleep during nfsd4_release_lockowner()
NFS: Memory allocation failures are not server fatal errors
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
HID: multitouch: Add support for Google Whiskers Touchpad
raid5: introduce MD_BROKEN
dm verity: set DM_TARGET_IMMUTABLE feature flag
dm stats: add cond_resched when looping over entries
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
zsmalloc: fix races between asynchronous zspage free and page migration
crypto: ecrdsa - Fix incorrect use of vli_cmp
netfilter: conntrack: re-fetch conntrack after insertion
exec: Force single empty string when argv is empty
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
cfg80211: set custom regdomain after wiphy registration
assoc_array: Fix BUG_ON during garbage collect
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
net: af_key: check encryption module availability consistency
pinctrl: sunxi: fix f1c100s uart2 function
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
media: vim2m: initialize the media device earlier
media: vim2m: Register video device after setting up internals
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: change source port randomizarion at connect() time
Input: goodix - fix spurious key release events
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
lockdown: also lock down previous kgdb use
Linux 5.4.196
afs: Fix afs_getattr() to refetch file status if callback break occurred
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
x86/xen: fix booting 32-bit pv guest
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
firmware_loader: use kernel credentials when reading firmware
net: stmmac: disable Split Header (SPH) for Intel platforms
block: return ELEVATOR_DISCARD_MERGE if possible
Input: ili210x - fix reset timing
net: atlantic: verify hw_head_ lies within TX buffer ring
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
selftests: add ping test with ping_group_range tuned
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
net: af_key: add check for pfkey_broadcast in function pfkey_process
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
ice: fix possible under reporting of ethtool Tx and Rx statistics
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net/sched: act_pedit: sanitize shift argument before usage
net: macb: Increment rx bd head after allocating skb and buffer
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
KVM: x86/mmu: Update number of zapped pages even if page list is stable
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
Fix double fget() in vhost_net_set_backend()
perf: Fix sys_perf_event_open() race against self
ALSA: wavefront: Proper check of get_user() error
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
SUNRPC: Don't call connect() more than once on a TCP socket
SUNRPC: Prevent immediate close+reconnect
SUNRPC: Clean up scheduling of autoclose
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
nvme-multipath: fix hang when disk goes live over reconnect
ALSA: hda/realtek: Enable headset mic on Lenovo P360
crypto: x86/chacha20 - Avoid spurious jumps to other functions
crypto: stm32 - fix reference leak in stm32_crc_remove
Input: stmfts - fix reference leak in stmfts_input_open
Input: add bounds checking to input_set_capability()
um: Cleanup syscall_handler_t definition/cast, fix warning
rtc: fix use-after-free on device removal
x86/xen: Make the secondary CPU idle tasks reliable
x86/xen: Make the boot CPU idle task reliable
floppy: use a statically allocated error counter
ANDROID: fix up abi issue with struct snd_pcm_runtime
Linux 5.4.195
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
ping: fix address binding wrt vrf
arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
net: phy: Fix race condition on link status change
MIPS: fix build with gcc-12
drm/vmwgfx: Initialize drm_mode_fb_cmd2
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
i40e: i40e_main: fix a missing check on list iterator
drm/nouveau/tegra: Stop using iommu_present()
serial: 8250_mtk: Fix register address for XON/XOFF character
serial: 8250_mtk: Fix UART_EFR register address
slimbus: qcom: Fix IRQ check in qcom_slim_probe
USB: serial: option: add Fibocom MA510 modem
USB: serial: option: add Fibocom L610 modem
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: pl2303: add device id for HP LM930 Display
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: cdc-wdm: fix reading stuck on device close
tty: n_gsm: fix mux activation issues in gsm_config()
tcp: resalt the secret every 10 seconds
net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
s390: disable -Warray-bounds
ASoC: ops: Validate input values in snd_soc_put_volsw_range()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: max98090: Reject invalid values in custom control put()
hwmon: (f71882fg) Fix negative temperature
gfs2: Fix filesystem block deallocation for short writes
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net/sched: act_pedit: really ensure the skb is writable
s390/lcs: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/ctcm: fix variable dereferenced before check
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
dim: initialize all struct fields
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
netlink: do not reset transport header in netlink_recvmsg()
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
ipv4: drop dst in multicast routing path
net: Fix features skip in for_each_netdev_feature()
mac80211: Reset MBSSID parameters upon connection
hwmon: (tmp401) Add OF device ID table
batman-adv: Don't skb_split skbuffs with frag_list
Linux 5.4.194
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: fix missing cache flush for all tail pages of compound page
Bluetooth: Fix the creation of hdev->name
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
x86: kprobes: Prohibit probing on instruction which has emulate prefix
x86: xen: insn: Decode Xen and KVM emulate-prefix signature
x86: xen: kvm: Gather the definition of emulate prefixes
x86/asm: Allow to pass macros to __ASM_FORM()
KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
can: grcan: only use the NAPI poll budget for RX
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
nfp: bpf: silence bitwise vs. logical OR warning
drm/i915: Cast remain to unsigned long in eb_relocate_vma
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
MIPS: Use address-of operator on section symbols
ANDROID: GKI: update the abi .xml file
Revert "tcp: ensure to use the most recently sent skb when filling the rate sample"
Linux 5.4.193
mmc: rtsx: add 74 Clocks in power on flow
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Clear all MSIs at setup
dm: interlock pending dm_io and dm_wait_for_bios_completion
dm: fix mempool NULL pointer race when completing IO
tcp: make sure treq->af_specific is initialized
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
mm: fix unexpected zeroed page mapping with zram swap
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
net: ipv6: ensure we call ipv6_mc_down() at most once
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
NFSv4: Don't invalidate inode attributes on delegation return
drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
btrfs: always log symlinks in full mode
smsc911x: allow using IRQ0
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
net: emaclite: Add error handling for of_address_to_resource()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
RDMA/siw: Fix a condition race issue in MPA request processing
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
hwmon: (adt7470) Fix warning on module removal
NFC: netlink: fix sleep in atomic bug when firmware download timeout
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
nfc: replace improper check device_is_registered() in netlink related functions
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_close(): fix deadlock
s390/dasd: Fix read inconsistency for ESE DASD devices
s390/dasd: Fix read for ESE with blksize < 4k
s390/dasd: prevent double format of tracks for ESE devices
s390/dasd: fix data corruption for ESE devices
ASoC: meson: Fix event generation for G12A tohdmi mux
ASoC: wm8958: Fix change notifications for DSP controls
ASoC: da7219: Fix change notifications for tone generator frequency
genirq: Synchronize interrupt thread startup
ACPICA: Always create namespace nodes using acpi_ns_create_node()
firewire: core: extend card->lock in fw_core_handle_bus_reset
firewire: remove check of list iterator against head past the loop body
firewire: fix potential uaf in outbound_phy_packet_callback()
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
parisc: Merge model and model name into one line in /proc/cpuinfo
MIPS: Fix CP0 counter erratum detection for R4k CPUs
Linux 5.4.192
mm, hugetlb: allow for "high" userspace addresses
hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix insufficient txframe size
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix malformed counter for out of frame data
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
x86/cpu: Load microcode during restore_processor_state()
net: ethernet: stmmac: fix write to sgmii_adapter_base
drivers: net: hippi: Fix deadlock in rr_close()
cifs: destage any unwritten data to the server before calling copychunk_write
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ASoC: wm8731: Disable the regulator when probing fails
tcp: fix F-RTO may not work correctly when receiving DSACK
ixgbe: ensure IPsec VF<->PF compatibility
bnx2x: fix napi API usage sequence
tls: Skip tls_append_frag on zero copy size
drm/amd/display: Fix memory leak in dcn21_clock_source_create
net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
net: bcmgenet: hide status block before TX timestamping
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
ip_gre: Make o_seqno start from 0 in native mode
net/smc: sync err code when tcp connection was refused
net: hns3: add validity check for message data length
cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
pinctrl: pistachio: fix use of irq_of_parse_and_map()
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
ARM: dts: imx6ull-colibri: fix vqmmc regulator
sctp: check asoc strreset_chunk in sctp_generate_reconf_event
tcp: ensure to use the most recently sent skb when filling the rate sample
tcp: md5: incorrect tcp_header_len for incoming connections
bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
mtd: rawnand: Fix return value check of wait_for_completion_timeout
ipvs: correctly print the memory size of ip_vs_conn_tab
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ARM: dts: am3517-evm: Fix misc pinmuxing
ARM: dts: Fix mmc order for omap3-gta04
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
USB: Fix xhci event ring dequeue pointer ERDP update issue
mtd: rawnand: fix ecc parameters for mt7622
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
video: fbdev: udlfb: properly check endpoint type
hex2bin: fix access beyond string end
hex2bin: make the function hex_to_bin constant-time
arch_topology: Do not set llc_sibling if llc_id is invalid
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
serial: 8250: Also set sticky MCR bits in console restoration
serial: imx: fix overrun interrupts in DMA mode
usb: dwc3: gadget: Return proper request status
usb: dwc3: core: Fix tx/rx threshold settings
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: typec: ucsi: Fix role swapping
usb: misc: fix improper handling of refcount in uss720_probe()
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: dac: ad5446: Fix read_raw not returning set value
iio: dac: ad5592r: Fix the missing return value.
xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
xhci: stop polling roothubs after shutdown
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
USB: quirks: add STRING quirk for VCOM device
USB: quirks: add a Realtek card reader
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
lightnvm: disable the subsystem
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
floppy: disable FDRAWCMD by default
Conflicts:
drivers/usb/dwc3/gadget.c
include/linux/dma-mapping.h
include/linux/stmmac.h
mm/memory.c
Change-Id: I3bf49e11ae4aeaf1db353efbdfee950cd12de8cf
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
|
Florian Westphal
|
b749af1b8f |
netfilter: br_netfilter: do not skip all hooks with 0 priority
[ Upstream commit c2577862eeb0be94f151f2f1fff662b028061b00 ] When br_netfilter module is loaded, skbs may be diverted to the ipv4/ipv6 hooks, just like as if we were routing. Unfortunately, bridge filter hooks with priority 0 may be skipped in this case. Example: 1. an nftables bridge ruleset is loaded, with a prerouting hook that has priority 0. 2. interface is added to the bridge. 3. no tcp packet is ever seen by the bridge prerouting hook. 4. flush the ruleset 5. load the bridge ruleset again. 6. tcp packets are processed as expected. After 1) the only registered hook is the bridge prerouting hook, but its not called yet because the bridge hasn't been brought up yet. After 2), hook order is: 0 br_nf_pre_routing // br_netfilter internal hook 0 chain bridge f prerouting // nftables bridge ruleset The packet is diverted to br_nf_pre_routing. If call-iptables is off, the nftables bridge ruleset is called as expected. But if its enabled, br_nf_hook_thresh() will skip it because it assumes that all 0-priority hooks had been called previously in bridge context. To avoid this, check for the br_nf_pre_routing hook itself, we need to resume directly after it, even if this hook has a priority of 0. Unfortunately, this still results in different packet flow. With this fix, the eval order after in 3) is: 1. br_nf_pre_routing 2. ip(6)tables (if enabled) 3. nftables bridge but after 5 its the much saner: 1. nftables bridge 2. br_nf_pre_routing 3. ip(6)tables (if enabled) Unfortunately I don't see a solution here: It would be possible to move br_nf_pre_routing to a higher priority so that it will be called later in the pipeline, but this also impacts ebtables evaluation order, and would still result in this very ordering problem for all nftables-bridge hooks with the same priority as the br_nf_pre_routing one. Searching back through the git history I don't think this has ever behaved in any other way, hence, no fixes-tag. Reported-by: Radim Hrazdil <rhrazdil@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Andrew Lunn
|
1fe6dc5f5d |
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
[ Upstream commit fbb3abdf2223cd0dfc07de85fe5a43ba7f435bdf ]
It is possible to stack bridges on top of each other. Consider the
following which makes use of an Ethernet switch:
br1
/ \
/ \
/ \
br0.11 wlan0
|
br0
/ | \
p1 p2 p3
br0 is offloaded to the switch. Above br0 is a vlan interface, for
vlan 11. This vlan interface is then a slave of br1. br1 also has a
wireless interface as a slave. This setup trunks wireless lan traffic
over the copper network inside a VLAN.
A frame received on p1 which is passed up to the bridge has the
skb->offload_fwd_mark flag set to true, indicating that the switch has
dealt with forwarding the frame out ports p2 and p3 as needed. This
flag instructs the software bridge it does not need to pass the frame
back down again. However, the flag is not getting reset when the frame
is passed upwards. As a result br1 sees the flag, wrongly interprets
it, and fails to forward the frame to wlan0.
When passing a frame upwards, clear the flag. This is the Rx
equivalent of br_switchdev_frame_unmark() in br_dev_xmit().
Fixes:
|
||
Srinivasarao Pathipati
|
f01f08906a |
Merge android11-5.4.180+ (598165f) into msm-5.4
* refs/heads/tmp-598165f:
Revert "arm: extend pfn_valid to take into account freed memory map alignment"
UPSTREAM: usb: gadget: clear related members when goto fail
UPSTREAM: usb: gadget: don't release an existing dev->buf
UPSTREAM: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
UPSTREAM: usb: gadget: rndis: prevent integer overflow in rndis_set_response()
UPSTREAM: fixup for "arm64 entry: Add macro for reading symbol address from the trampoline"
UPSTREAM: arm64: Use the clearbhb instruction in mitigations
UPSTREAM: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
UPSTREAM: arm64: Mitigate spectre style branch history side channels
UPSTREAM: KVM: arm64: Add templates for BHB mitigation sequences
UPSTREAM: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
UPSTREAM: arm64: Add percpu vectors for EL1
UPSTREAM: arm64: entry: Add macro for reading symbol addresses from the trampoline
UPSTREAM: arm64: entry: Add vectors that have the bhb mitigation sequences
UPSTREAM: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
UPSTREAM: arm64: entry: Allow the trampoline text to occupy multiple pages
UPSTREAM: arm64: entry: Make the kpti trampoline's kpti sequence optional
UPSTREAM: arm64: entry: Move trampoline macros out of ifdef'd section
UPSTREAM: arm64: entry: Don't assume tramp_vectors is the start of the vectors
UPSTREAM: arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
UPSTREAM: arm64: entry: Move the trampoline data page before the text page
UPSTREAM: arm64: entry: Free up another register on kpti's tramp_exit path
UPSTREAM: arm64: entry: Make the trampoline cleanup optional
UPSTREAM: arm64: entry.S: Add ventry overflow sanity checks
UPSTREAM: arm64: Add Cortex-X2 CPU part definition
UPSTREAM: arm64: add ID_AA64ISAR2_EL1 sys register
UPSTREAM: arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
UPSTREAM: arm64: Add part number for Arm Cortex-A77
UPSTREAM: sctp: fix the processing for INIT chunk
ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree
UPSTREAM: ARM: fix Thumb2 regression with Spectre BHB
UPSTREAM: ARM: Spectre-BHB: provide empty stub for non-config
UPSTREAM: ARM: fix build warning in proc-v7-bugs.c
UPSTREAM: ARM: Do not use NOCROSSREFS directive with ld.lld
UPSTREAM: ARM: fix co-processor register typo
UPSTREAM: ARM: fix build error when BPF_SYSCALL is disabled
UPSTREAM: ARM: include unprivileged BPF status in Spectre V2 reporting
UPSTREAM: ARM: Spectre-BHB workaround
UPSTREAM: ARM: use LOADADDR() to get load address of sections
UPSTREAM: ARM: early traps initialisation
UPSTREAM: ARM: report Spectre v2 status through sysfs
UPSTREAM: arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
UPSTREAM: arm/arm64: Provide a wrapper for SMCCC 1.1 calls
UPSTREAM: x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
UPSTREAM: x86/speculation: Warn about Spectre v2 LFENCE mitigation
UPSTREAM: x86/speculation: Update link to AMD speculation whitepaper
UPSTREAM: x86/speculation: Use generic retpoline by default on AMD
UPSTREAM: x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
UPSTREAM: Documentation/hw-vuln: Update spectre doc
UPSTREAM: x86/speculation: Add eIBRS + Retpoline options
UPSTREAM: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
UPSTREAM: x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
UPSTREAM: x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
UPSTREAM: bpf: Add kconfig knob for disabling unpriv bpf by default
UPSTREAM: mmc: block: fix read single on recovery logic
Linux 5.4.180
ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
perf: Fix list corruption in perf_cgroup_switch()
scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
hwmon: (dell-smm) Speed up setting of fan speed
seccomp: Invalidate seccomp mode to catch death failures
USB: serial: cp210x: add CPI Bulk Coin Recycler id
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: option: add ZTE MF286D modem
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
usb: gadget: f_uac2: Define specific wTerminalType
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: gadget: validate interface OS descriptor requests
usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
usb: dwc3: gadget: Prevent core from processing stale TRBs
usb: ulpi: Call of_node_put correctly
usb: ulpi: Move of_node_put to ulpi_dev_release
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
n_tty: wake up poll(POLLRDNORM) on receiving data
vt_ioctl: add array_index_nospec to VT_ACTIVATE
vt_ioctl: fix array_index_nospec in vt_setactivate
net: amd-xgbe: disable interrupts during pci removal
tipc: rate limit warning for received illegal binding update
net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
veth: fix races around rq->rx_notify_masked
net: fix a memleak when uncloning an skb dst and its metadata
net: do not keep the dst cache when uncloning an skb dst and its metadata
nfp: flower: fix ida_idx not being released
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
bonding: pair enable_port with slave_arr_updates
ixgbevf: Require large buffers for build_skb on 82599VF
misc: fastrpc: avoid double fput() on failed usercopy
usb: f_fs: Fix use-after-free for epfile
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: meson: Fix the UART compatible strings
perf probe: Fix ppc64 'perf probe add events failed' case
net: bridge: fix stale eth hdr pointer in br_dev_xmit
PM: s2idle: ACPI: Fix wakeup interrupts handling
ACPI/IORT: Check node revision for PMCG resources
nvme-tcp: fix bogus request completion when failing to send AER
ARM: socfpga: fix missing RESET_CONTROLLER
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
riscv: fix build with binutils 2.38
bpf: Add kconfig knob for disabling unpriv bpf by default
KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
PM: hibernate: Remove register_nosave_region_late()
scsi: myrs: Fix crash in error case
scsi: qedf: Fix refcount issue when LOGO is received during TMF
scsi: target: iscsi: Make sure the np under each tpg is unique
net: sched: Clarify error message when qdisc kind is unknown
drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
NFSv4 expose nfs_parse_server_name function
NFSv4 remove zero number of fs_locations entries error check
NFSv4.1: Fix uninitialised variable in devicenotify
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4 only print the label when its queried
nvme: Fix parsing of ANA log page
NFSD: Fix offset type in I/O trace points
NFSD: Clamp WRITE offsets
NFS: Fix initialisation of nfs_client cl_flags field
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
mmc: sdhci-of-esdhc: Check for error num after setting mask
ima: Do not print policy rule with inactive LSM labels
ima: Allow template selection with ima_template[_fmt]= after ima_hash=
ima: Remove ima_policy file before directory
integrity: check the return value of audit_log_start()
Linux 5.4.179
tipc: improve size validations for received domain records
moxart: fix potential use-after-free on remove path
Linux 5.4.178
cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
ext4: fix error handling in ext4_restore_inline_data()
EDAC/xgene: Fix deferred probing
EDAC/altera: Fix deferred probing
rtc: cmos: Evaluate century appropriate
selftests: futex: Use variable MAKE instead of make
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
pinctrl: bcm2835: Fix a few error paths
ASoC: max9759: fix underflow in speaker_gain_control_put()
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
drm/i915/overlay: Prevent divide by zero bugs in scaling
net: stmmac: ensure PTP time register reads are consistent
net: stmmac: dump gmac4 DMA registers correctly
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: ieee802154: Return meaningful error codes from the netlink helpers
net: ieee802154: ca8210: Stop leaking skb's
net: ieee802154: mcr20a: Fix lifs/sifs periods
net: ieee802154: hwsim: Ensure proper channel selection at probe time
spi: meson-spicc: add IRQ check in meson_spicc_probe
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: bcm-qspi: check for valid cs before applying chip select
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
RDMA/mlx4: Don't continue event handler after memory allocation failure
RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
IB/rdmavt: Validate remote_addr during loopback atomic tests
memcg: charge fs_context and legacy_fs_context
Revert "ASoC: mediatek: Check for error clk pointer"
block: bio-integrity: Advance seed correctly for larger interval sizes
mm/kmemleak: avoid scanning potential huge holes
drm/nouveau: fix off by one in BIOS boundary checking
btrfs: fix deadlock between quota disable and qgroup rescan worker
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
ALSA: hda/realtek: Add quirk for ASUS GU603
ALSA: usb-audio: Simplify quirk entries with a macro
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
audit: improve audit queue handling when "audit=1" on cmdline
Revert "net: fix information leakage in /proc/net/ptype"
Linux 5.4.177
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
net: sched: fix use-after-free in tc_new_tfilter()
net: amd-xgbe: Fix skb data length underflow
net: amd-xgbe: ensure to reset the tx_timer_active flag
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
cgroup-v1: Require capabilities to set release_agent
psi: Fix uaf issue when psi trigger is destroyed while being polled
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
Linux 5.4.176
mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
block: Fix wrong offset in bio_truncate()
fsnotify: invalidate dcache before IN_DELETE event
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
ipv4: remove sparse error in ip_neigh_gw4()
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
net: hns3: handle empty unknown interrupt for VF
yam: fix a memory leak in yam_siocdevprivate()
drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
ibmvnic: don't spin in tasklet
ibmvnic: init ->running_cap_crqs early
hwmon: (lm90) Mark alert as broken for MAX6654
rxrpc: Adjust retransmission backoff
phylib: fix potential use-after-free
net: phy: broadcom: hook up soft_reset for BCM54616S
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
NFS: Ensure the server has an up to date ctime before renaming
NFS: Ensure the server has an up to date ctime before hardlinking
ipv6: annotate accesses to fn->fn_sernum
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
NFSv4: Handle case where the lookup of a directory fails
hwmon: (lm90) Reduce maximum conversion rate for G781
ipv4: avoid using shared IP generator for connected sockets
ping: fix the sk_bound_dev_if match in ping_lookup
hwmon: (lm90) Mark alert as broken for MAX6680
hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
i40e: fix unsigned stat widths
i40e: Fix queues reservation for XDP
i40e: Fix issue when maximum queues is exceeded
i40e: Increase delay to 1 s after global EMP reset
powerpc/32: Fix boot failure with GCC latent entropy plugin
net: sfp: ignore disabled SFP node
ucsi_ccg: Check DEV_INT bit only when starting CCG4
usb: typec: tcpm: Do not disconnect while receiving VBUS off
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb: common: ulpi: Fix crash in ulpi_match()
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
serial: 8250: of: Fix mapped region size when using reg-offset property
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
arm64: errata: Fix exec handling in erratum
|
||
Nikolay Aleksandrov
|
b4a59eafcb |
net: bridge: fix stale eth hdr pointer in br_dev_xmit
commit 823d81b0fa2cd83a640734e74caee338b5d3c093 upstream.
In br_dev_xmit() we perform vlan filtering in br_allowed_ingress() but
if the packet has the vlan header inside (e.g. bridge with disabled
tx-vlan-offload) then the vlan filtering code will use skb_vlan_untag()
to extract the vid before filtering which in turn calls pskb_may_pull()
and we may end up with a stale eth pointer. Moreover the cached eth header
pointer will generally be wrong after that operation. Remove the eth header
caching and just use eth_hdr() directly, the compiler does the right thing
and calculates it only once so we don't lose anything.
Fixes:
|
||
|
Srinivasarao Pathipati
|
16e939c6e4 |
Merge android11-5.4.161+ (b9d179c) into msm-5.4
* refs/heads/tmp-b9d179c:
UPSTREAM: driver core: Fix possible memory leak in device_link_add()
UPSTREAM: blk-mq: fix kernel panic during iterating over flush request
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: binder: fix the missing BR_FROZEN_REPLY in binder_return_strings
ANDROID: incremental-fs: fix mount_fs issue
UPSTREAM: vfs: fs_context: fix up param length parsing in legacy_parse_param
ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE
Linux 5.4.161
erofs: fix unsafe pagevec reuse of hooked pclusters
erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
PCI: Add MSI masking quirk for Nvidia ION AHCI
PCI/MSI: Deal with devices lying about their MSI mask capability
PCI/MSI: Destroy sysfs before freeing entries
parisc/entry: fix trace test in syscall exit path
fortify: Explicitly disable Clang support
scsi: ufs: Fix tm request when non-fatal error happens
ext4: fix lazy initialization next schedule time computation in more granular unit
MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
scsi: ufs: Fix interrupt error message for shared interrupts
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
Revert "net: sched: update default qdisc visibility after Tx queue cnt changes"
Revert "serial: core: Fix initializing and restoring termios speed"
Linux 5.4.160
selftests/bpf: Fix also no-alu32 strobemeta selftest
ath10k: fix invalid dma_addr_t token assignment
SUNRPC: Partial revert of commit 6f9f17287e78
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
s390/cio: make ccw_device_dma_* more robust
s390/tape: fix timer initialization in tape_std_assign()
s390/cio: check the subchannel validity for dev_busid
video: backlight: Drop maximum brightness override for brightness zero
mm, oom: do not trigger out_of_memory from the #PF
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
powerpc/lib: Add helper to check if offset is within conditional branch range
ovl: fix deadlock in splice write
9p/net: fix missing error check in p9_check_errors
net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
f2fs: should use GFP_NOFS for directory inodes
irqchip/sifive-plic: Fixup EOI failed when masked
parisc: Fix set_fixmap() on PA1.x CPUs
parisc: Fix backtrace to always include init funtion names
ARM: 9156/1: drop cc-option fallbacks for architecture selection
ARM: 9155/1: fix early early_iounmap()
selftests/net: udpgso_bench_rx: fix port argument
cxgb4: fix eeprom len when diagnostics not implemented
net/smc: fix sk_refcnt underflow on linkdown and fallback
vsock: prevent unnecessary refcnt inc for nonblocking connect
net: hns3: allow configure ETS bandwidth of all TCs
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
llc: fix out-of-bound array index in llc_sk_dev_hash()
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
zram: off by one in read_block_state()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: vlan: fix a UAF in vlan_dev_real_dev()
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: Fix gnl list corruption
ar7: fix kernel builds for compiler test
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read
auxdisplay: ht16k33: Fix frame buffer device blanking
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: core: don't remove debugfs directory if device is in use
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
NFS: Fix deadlocks in nfs_scan_commit_list()
opp: Fix return in _opp_add_static_v2()
PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
PCI: aardvark: Don't spam about PIO Response Status
drm/plane-helper: fix uninitialized variable reference
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
apparmor: fix error check
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
mips: cm: Convert to bitfield API to fix out-of-bounds access
powerpc/44x/fsp2: add missing of_node_put
HID: u2fzero: properly handle timeouts in usb_submit_urb
HID: u2fzero: clarify error check and length calculations
serial: xilinx_uartps: Fix race condition causing stuck TX
phy: qcom-qusb2: Fix a memory leak on probe
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
ASoC: cs42l42: Correct some register default values
ARM: dts: stm32: fix SAI sub nodes register range
staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
clk: at91: check pmc node status before registering syscore ops
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
ALSA: hda: Reduce udelay() at SKL+ position reporting
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: dts: at91: tse850: the emac<->phy interface is rmii
arm64: dts: meson-g12a: Fix the pwm regulator supply properties
RDMA/bnxt_re: Fix query SRQ failure
ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
RDMA/rxe: Fix wrong port_cap_flags
ibmvnic: Process crqs after enabling interrupts
ibmvnic: don't stop queue in xmit
udp6: allow SO_MARK ctrl msg to affect routing
selftests/bpf: Fix fclose/pclose mismatch in test_progs
crypto: pcrypt - Delay write to padata->info
net: phylink: avoid mvneta warning when setting pause parameters
net: amd-xgbe: Toggle PLL settings during rate change
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
wcn36xx: add proper DMA memory barriers in rx path
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
KVM: s390: Fix handle_sske page fault handling
samples/kretprobes: Fix return value if register_kretprobe() failed
tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
libbpf: Fix BTF data layout checks and allow empty BTF
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
drm/msm: Fix potential NULL dereference in DPU SSPP
clocksource/drivers/timer-ti-dm: Select TIMER_OF
PM: hibernate: fix sparse warnings
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
rsi: stop thread firstly in rsi_91x_init() error handling
mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
block: ataflop: fix breakage introduced at blk-mq refactoring
mmc: mxs-mmc: disable regulator on error and in the remove function
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
hwmon: Fix possible memleak in __hwmon_device_register()
net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
hwrng: mtk - Force runtime pm ops for sleep ops
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
netfilter: nft_dynset: relax superfluous check on set updates
EDAC/amd64: Handle three rank interleaving mode
ath9k: Fix potential interrupt storm on queue reset
media: em28xx: Don't use ops->suspend if it is NULL
cpuidle: Fix kobject memory leaks in error paths
crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
kprobes: Do not use local variable when creating debugfs file
media: cx23885: Fix snd_card_free call on null card pointer
media: tm6000: Avoid card name truncation
media: si470x: Avoid card name truncation
media: radio-wl1273: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: TDA1997x: handle short reads of hdmi info frame.
media: dvb-usb: fix ununit-value in az6027_rc_query
media: cxd2880-spi: Fix a null pointer dereference on error handling path
media: em28xx: add missing em28xx_close_extension
drm/amdgpu: fix warning for overflow check
ath10k: Fix missing frame timestamp for beacon/probe-resp
net: dsa: rtl8366rb: Fix off-by-one bug
rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
crypto: caam - disable pkc for non-E SoCs
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
wilc1000: fix possible memory leak in cfg_scan_result()
cgroup: Make rebind_subsystems() disable v2 controllers all at once
net: net_namespace: Fix undefined member in key_remove_domain()
virtio-gpu: fix possible memory allocation failure
drm/v3d: fix wait for TMU write combiner flush
rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
Bluetooth: fix init and cleanup of sco_conn.timeout_work
selftests/bpf: Fix strobemeta selftest regression
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
parisc: fix warning in flush_tlb_all
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
btrfs: do not take the uuid_mutex in btrfs_rm_device
net: annotate data-race in neigh_output()
vrf: run conntrack only in context of lower/physdev for locally generated packets
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
selftests: kvm: fix mismatched fclose() after popen()
PM: hibernate: Get block device exclusively in swsusp_check()
nvme: drop scan_lock and always kick requeue list when removing namespaces
nvmet-tcp: fix use-after-free when a port is removed
nvmet: fix use-after-free when a port is removed
block: remove inaccurate requeue check
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
workqueue: make sysfs of unbound kworker cpumask more clever
lib/xz: Validate the value before assigning it to an enum variable
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
memstick: r592: Fix a UAF bug when removing the driver
leaking_addresses: Always print a trailing newline
ACPI: battery: Accept charges over the design capacity as full
iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
tracefs: Have tracefs directories not set OTH permission bits by default
net-sysfs: try not to restart the syscall if it will fail eventually
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
media: ipu3-imgu: imgu_fmt: Handle properly try
ACPICA: Avoid evaluating methods too early during system resume
ipmi: Disable some operations during a panic
media: rcar-csi2: Add checking to rcsi2_start_receiver()
brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: imx: set a media_device bus_info string
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Set unique vdev name based in type
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set capability in s_param
media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
ath10k: high latency fixes for beacon buffer
mwifiex: Properly initialize private structure on interface type changes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
net: sched: update default qdisc visibility after Tx queue cnt changes
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
drm/panel-orientation-quirks: add Valve Steam Deck
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
dma-buf: WARN on dmabuf release with pending attachments
USB: chipidea: fix interrupt deadlock
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
pinctrl: core: fix possible memory leak in pinctrl_enable()
quota: correct error number in free_dqentry()
quota: check block number when reading the block in quota file
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Fix reporting Data Link Layer Link Active
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: pci-bridge-emul: Fix emulation of W1C bits
xen/balloon: add late_initcall_sync() for initial ballooning done
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
serial: core: Fix initializing and restoring termios speed
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
can: j1939: j1939_can_recv(): ignore messages with invalid source address
can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal: Remove the bogus sigkill_pending in ptrace_stop
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
rsi: Fix module dev_oper_mode parameter description
rsi: fix rate mask set leading to P2P failure
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix occasional initialisation failure with BT coex
wcn36xx: handle connection loss indication
libata: fix checking of DMA state
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
PCI: Mark Atheros QCA6174 to avoid bus reset
ath10k: fix division by zero in send path
ath10k: fix control-message timeout
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
ia64: kprobes: Fix to pass correct trampoline address to the handler
btrfs: call btrfs_check_rw_degradable only if there is a missing device
btrfs: fix lost error handling when replaying directory deletes
btrfs: clear MISSING device status bit in btrfs_close_one_device
net/smc: Correct spelling mistake to TCPF_SYN_RECV
nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
vmxnet3: do not stop tx queues after netif_device_detach()
r8169: Add device 10ec:8162 to driver r8169
nvmet-tcp: fix header digest verification
drm: panel-orientation-quirks: Add quirk for GPD Win3
watchdog: Fix OMAP watchdog early handling
net: multicast: calculate csum of looped-back and forwarded packets
spi: spl022: fix Microwire full duplex mode
nvmet-tcp: fix a memory leak when releasing a queue
xen/netfront: stop tx queues during live migration
bpf: Prevent increasing bpf_jit_limit above max
bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
mmc: winbond: don't build on M68K
reset: socfpga: add empty driver allowing consumers to probe
ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
cavium: Fix return values of the probe function
scsi: qla2xxx: Fix unmap of already freed sgl
scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
cavium: Return negative value when pci_alloc_irq_vectors() fails
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
fuse: fix page stealing
ALSA: timer: Unconditionally unlink slave instances, too
ALSA: timer: Fix use-after-free problem
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: usb-audio: Add registration quirk for JBL Quantum 400
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
ALSA: hda/realtek: Add quirk for ASUS UX550VE
ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
ALSA: hda/realtek: Add quirk for Clevo PC70HS
media: v4l2-ioctl: Fix check_ext_ctrls
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: ite-cir: IR receiver stop working after receive overflow
crypto: s5p-sss - Add error handling in s5p_aes_probe()
firmware/psci: fix application of sizeof to pointer
tpm: Check for integer overflow in tpm2_map_response_body()
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
scsi: qla2xxx: Fix use after free in eh_abort path
scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
ocfs2: fix data corruption on truncate
libata: fix read log timeout value
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
Input: iforce - fix control-message timeout
binder: use cred instead of task for getsecid
binder: use cred instead of task for selinux checks
binder: use euid from cred instead of using task
usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
Linux 5.4.159
rsi: fix control-message timeout
media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
printk/console: Allow to disable console output by using console="" or console=null
binder: don't detect sender/target during buffer cleanup
usb-storage: Add compatibility quirk flags for iODD 2531/2541
usb: musb: Balance list entry in musb_gadget_queue
usb: gadget: Mark USB_FSL_QE broken on 64-bit
usb: ehci: handshake CMD_RUN instead of STS_HALT
Revert "x86/kvm: fix vcpu-id indexed array sizes"
Linux 5.4.158
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
Revert "drm/ttm: fix memleak in ttm_transfered_destroy"
sfc: Fix reading non-legacy supported link modes
Revert "usb: core: hcd: Add support for deferring roothub registration"
Revert "xhci: Set HCD flag to defer primary roothub registration"
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
net: ethernet: microchip: lan743x: Fix skb allocation failure
vrf: Revert "Reset skb conntrack connection..."
scsi: core: Put LLD module refcnt after SCSI device is released
Linux 5.4.157
perf script: Check session->header.env.arch before using it
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
KVM: s390: clear kicked_mask before sleeping again
cfg80211: correct bridge/4addr mode check
net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT
sctp: add vtag check in sctp_sf_ootb
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
sctp: add vtag check in sctp_sf_violation
sctp: fix the processing for COOKIE_ECHO chunk
sctp: fix the processing for INIT_ACK chunk
sctp: use init_tag from inithdr for ABORT chunk
phy: phy_start_aneg: Add an unlocked version
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
net/tls: Fix flipped sign in async_wait.err assignment
net: nxp: lpc_eth.c: avoid hang when bringing interface down
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
net: Prevent infinite while loop in skb_tx_hash()
net: batman-adv: fix error handling
regmap: Fix possible double-free in regcache_rbtree_exit()
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
RDMA/mlx5: Set user priority for DCT
nvme-tcp: fix data digest pointer calculation
nvmet-tcp: fix data digest pointer calculation
IB/hfi1: Fix abba locking issue with sc_disable()
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
drm/ttm: fix memleak in ttm_transfered_destroy
net: lan78xx: fix division by zero in send path
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
mmc: dw_mmc: exynos: fix the finding clock sample value
mmc: cqhci: clear HALT state after CQE enable
mmc: vub300: fix control-message timeouts
net/tls: Fix flipped sign in tls_err_abort() calls
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
nfc: port100: fix using -ERRNO as command type mask
ata: sata_mv: Fix the error handling of mv_chip_id()
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
usbnet: fix error return code in usbnet_probe()
usbnet: sanity check for maxpacket
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
ipv6: use siphash in rt6_exception_hash()
powerpc/bpf: Fix BPF_MOD when imm == 1
ARM: 9141/1: only warn about XIP address when not compile testing
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
ARM: 9134/1: remove duplicate memcpy() definition
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
Linux 5.4.156
pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
tracing: Have all levels of checks prevent recursion
net: mdiobus: Fix memory leak in __mdiobus_register
scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
Input: snvs_pwrkey - add clk handling
ALSA: hda: avoid write to STATESTS if controller is in reset
platform/x86: intel_scu_ipc: Update timeout value in comment
isdn: mISDN: Fix sleeping function called from invalid context
ARM: dts: spear3xx: Fix gmac node
net: stmmac: add support for dwmac 3.40a
btrfs: deal with errors when checking if a dir entry exists during log replay
gcc-plugins/structleak: add makefile var for disabling structleak
selftests: netfilter: remove stray bash debug line
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
isdn: cpai: check ctr->cnr to avoid array index out of bound
nfc: nci: fix the UAF of rf_conn_info object
mm, slub: fix potential memoryleak in kmem_cache_open()
mm, slub: fix mismatch between reconstructed freelist depth and cnt
powerpc/idle: Don't corrupt back chain when going idle
KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
powerpc64/idle: Fix SP offsets when saving GPRs
audit: fix possible null-pointer dereference in audit_filter_rules
ASoC: DAPM: Fix missing kctl change notifications
ALSA: hda/realtek: Add quirk for Clevo PC50HS
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
vfs: check fd has read access in kernel_read_file_from_fd()
elfcore: correct reference to CONFIG_UML
ocfs2: mount fails with buffer overflow in strlen
ocfs2: fix data corruption after conversion from inline format
ceph: fix handling of "meta" errors
can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
can: peak_pci: peak_pci_remove(): fix UAF
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: rcar_can: fix suspend/resume
net: enetc: fix ethtool counter name for PM0_TERR
net: stmmac: Fix E2E delay mechanism
net: hns3: disable sriov before unload hclge layer
net: hns3: add limit ets dwrr bandwidth cannot be 0
net: hns3: reset DWRR of unused tc to zero
NIOS2: irqflags: rename a redefined register name
net: dsa: lantiq_gswip: fix register definition
lan78xx: select CRC32
netfilter: ipvs: make global sysctl readonly in non-init netns
ASoC: wm8960: Fix clock configuration on slave mode
dma-debug: fix sg checks in debug_dma_map_sg()
NFSD: Keep existing listeners on portlist error
xtensa: xtfpga: Try software restart before simulating CPU reset
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
tee: optee: Fix missing devices unregister during optee_remove
net: switchdev: do not propagate bridge updates across bridges
parisc: math-emu: Fix fall-through warnings
Linux 5.4.155
ionic: don't remove netdev->dev_addr when syncing uc list
r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
qed: Fix missing error code in qed_slowpath_start()
mqprio: Correct stats in mqprio_dump_class_stats().
acpi/arm64: fix next_platform_timer() section mismatch error
drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
drm/msm: Fix null pointer dereference on pointer edp
drm/panel: olimex-lcd-olinuxino: select CRC32
platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
mlxsw: thermal: Fix out-of-bounds memory accesses
ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators()
pata_legacy: fix a couple uninitialized variable bugs
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
nfc: fix error handling of nfc_proto_register()
ethernet: s2io: fix setting mac address during resume
net: encx24j600: check error in devm_regmap_init_encx24j600
net: stmmac: fix get_hw_feature() on old hardware
net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
net: korina: select CRC32
net: arc: select CRC32
gpio: pca953x: Improve bias setting
sctp: account stream padding length for reconf chunk
iio: dac: ti-dac5571: fix an error code in probe()
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: light: opt3001: Fixed timeout error when 0 lux
iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
iio: adc: aspeed: set driver data when adc probe.
powerpc/xive: Discard disabled interrupts in get_irqchip_state()
x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
EDAC/armada-xp: Fix output of uncorrectable error counter
virtio: write back F_VERSION_1 before validate
USB: serial: option: add prod. id for Quectel EG91
USB: serial: option: add Telit LE910Cx composition 0x1204
USB: serial: option: add Quectel EC200S-CN module support
USB: serial: qcserial: add EM9191 QDL support
Input: xpad - add support for another USB ID of Nacon GC-100
usb: musb: dsps: Fix the probe error path
efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock()
efi/cper: use stack buffer for error record decoding
cb710: avoid NULL pointer subtraction
xhci: Enable trust tx length quirk for Fresco FL11 USB controller
xhci: Fix command ring pointer corruption while aborting a command
xhci: guard accesses to ep_state in xhci_endpoint_reset()
mei: me: add Ice Lake-N device id.
x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
watchdog: orion: use 0 for unset heartbeat
btrfs: check for error when looking up inode during dir entry replay
btrfs: deal with errors when adding inode reference during log replay
btrfs: deal with errors when replaying dir entry during log replay
btrfs: unlock newly allocated extent buffer after error
csky: Fixup regs.sr broken in ptrace
csky: don't let sigreturn play with priveleged bits of status register
s390: fix strrchr() implementation
nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - ALC236 headset MIC recording issue
ALSA: hda/realtek: Add quirk for Clevo X170KM-G
ALSA: hda/realtek: Complete partial device name to avoid ambiguity
ALSA: seq: Fix a potential UAF by wrong private_free call order
ALSA: usb-audio: Add quirk for VF0770
ovl: simplify file splice
Linux 5.4.154
sched: Always inline is_percpu_thread()
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
scsi: ses: Fix unsigned comparison with less than zero
drm/amdgpu: fix gart.bo pin_count leak
net: sun: SUNVNET_COMMON should depend on INET
mac80211: check return value of rhashtable_init
net: prevent user from passing illegal stab size
m68k: Handle arrivals of multiple signals correctly
mac80211: Drop frames from invalid MAC address in ad-hoc mode
netfilter: nf_nat_masquerade: defer conntrack walk to work queue
netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
netfilter: ip6_tables: zero-initialize fragment offset
HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
ext4: correct the error path of ext4_write_inline_data_end()
net: phy: bcm7xxx: Fixed indirect MMD operations
UPSTREAM: ovl: simplify file splice
Linux 5.4.153
x86/Kconfig: Correct reference to MWINCHIP3D
x86/hpet: Use another crystalball to evaluate HPET usability
x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
RISC-V: Include clone3() on rv32
bpf, s390: Fix potential memory leak about jit_data
i2c: acpi: fix resource leak in reconfiguration device addition
net: prefer socket bound to interface when not in VRF
i40e: Fix freeing of uninitialized misc IRQ vector
i40e: fix endless loop under rtnl
gve: fix gve_get_stats()
rtnetlink: fix if_nlmsg_stats_size() under estimation
gve: Correct available tx qpl check
drm/nouveau/debugfs: fix file release memory leak
video: fbdev: gbefb: Only instantiate device when built for IP32
bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893
netlink: annotate data races around nlk->bound
net: sfp: Fix typo in state machine debug string
net/sched: sch_taprio: properly cancel timer from taprio_destroy()
net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence
arm64: dts: ls1028a: add missing CAN nodes
arm64: dts: freescale: Fix SP805 clock-names
ptp_pch: Load module automatically if ID matches
powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
net_sched: fix NULL deref in fifo_set_limit()
phy: mdio: fix memory leak
bpf: Fix integer overflow in prealloc_elems_and_freelist()
bpf, arm: Fix register clobbering in div/mod implementation
xtensa: call irqchip_init only when CONFIG_USE_OF is selected
xtensa: use CONFIG_USE_OF instead of CONFIG_OF
xtensa: move XCHAL_KIO_* definitions to kmem_layout.h
arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding
ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo
ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo
soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference
soc: qcom: socinfo: Fixed argument passed to platform_set_data()
bpf, mips: Validate conditional branch offsets
MIPS: BPF: Restore MIPS32 cBPF JIT
ARM: dts: qcom: apq8064: use compatible which contains chipid
ARM: dts: omap3430-sdp: Fix NAND device node
xen/balloon: fix cancelled balloon action
nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
nfsd: fix error handling of register_pernet_subsys() in init_nfsd()
ovl: fix missing negative dentry check in ovl_rename()
mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
xen/privcmd: fix error handling in mmap-resource processing
usb: typec: tcpm: handle SRC_STARTUP state if cc changes
USB: cdc-acm: fix break reporting
USB: cdc-acm: fix racy tty buffer accesses
Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
ANDROID: Different fix for KABI breakage in 5.4.151 in struct sock
Linux 5.4.152
libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
silence nfscache allocation warnings with kvzalloc
perf/x86: Reset destroy callback on event init failure
kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[]
KVM: do not shrink halt_poll_ns below grow_start
tools/vm/page-types: remove dependency on opt_file for idle page tracking
scsi: ses: Retry failed Send/Receive Diagnostic commands
selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn
selftests: be sure to make khdr before other targets
usb: dwc2: check return value after calling platform_get_resource()
usb: testusb: Fix for showing the connection speed
scsi: sd: Free scsi_disk device via put_device()
ext2: fix sleeping in atomic bugs on error
sparc64: fix pci_iounmap() when CONFIG_PCI is not set
xen-netback: correct success/error reporting for the SKB-with-fraglist case
net: mdio: introduce a shutdown method to mdio device drivers
ANDROID: Fix up KABI breakage in 5.4.151 in struct sock
Linux 5.4.151
HID: usbhid: free raw_report buffers in usbhid_stop
netfilter: ipset: Fix oversized kvmalloc() calls
HID: betop: fix slab-out-of-bounds Write in betop_probe
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
usb: hso: remove the bailout parameter
usb: hso: fix error handling code of hso_create_net_device
hso: fix bailout in error case of probe
libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
PCI: Fix pci_host_bridge struct device release/free handling
net: stmmac: don't attach interface until resume finishes
net: udp: annotate data race around udp_sk(sk)->corkflag
HID: u2fzero: ignore incomplete packets without data
ext4: fix potential infinite loop in ext4_dx_readdir()
ext4: fix reserved space counter leakage
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ipack: ipoctal: fix module reference leak
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix stack information leak
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
perf/x86/intel: Update event constraints for ICX
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
net: sched: flower: protect fl_walk() with rcu
net: hns3: do not allow call hns3_nic_net_open repeatedly
scsi: csiostor: Add module softdep on cxgb4
Revert "block, bfq: honor already-setup queue merges"
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
e100: fix buffer overrun in e100_get_regs
e100: fix length calculation in e100_get_regs_len
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
hwmon: (tmp421) fix rounding for negative values
hwmon: (tmp421) report /PVLD condition as fault
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
mac80211-hwsim: fix late beacon hrtimer handling
mac80211: mesh: fix potentially unaligned access
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
drm/amd/display: Pass PCI deviceid into DC
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
mac80211: fix use-after-free in CCMP/GCMP RX
scsi: ufs: Fix illegal offset in UPIU event trace
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
fs-verity: fix signed integer overflow with i_size near S64_MAX
usb: cdns3: fix race condition before setting doorbell
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
tty: Fix out-of-bound vmalloc access in imageblit
Revert "crypto: public_key: fix overflow during implicit conversion"
Linux 5.4.150
qnx4: work around gcc false positive warning bug
xen/balloon: fix balloon kthread freezing
arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
thermal/drivers/int340x: Do not set a wrong tcc offset on resume
EDAC/synopsys: Fix wrong value type assignment for edac_mode
spi: Fix tegra20 build with CONFIG_PM=n
net: 6pack: Fix tx timeout and slot time
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
arm64: Mark __stack_chk_guard as __ro_after_init
parisc: Use absolute_pointer() to define PAGE0
qnx4: avoid stringop-overread errors
sparc: avoid stringop-overread errors
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
compiler.h: Introduce absolute_pointer macro
blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
sparc32: page align size in arch_dma_alloc
nvme-multipath: fix ANA state updates when a namespace is not present
xen/balloon: use a kernel thread instead a workqueue
bpf: Add oversize check before call kvcalloc()
ipv6: delay fib6_sernum increase in fib6_add
m68k: Double cast io functions to unsigned long
net: stmmac: allow CSR clock of 300MHz
net: macb: fix use after free on rmmod
blktrace: Fix uaf in blk_trace access after removing by sysfs
md: fix a lock order reversal in md_alloc
irqchip/gic-v3-its: Fix potential VPE leak on error
irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
scsi: lpfc: Use correct scnprintf() limit
scsi: qla2xxx: Restore initiator in dual mode
cifs: fix a sign extension bug
thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
fpga: machxo2-spi: Return an error on failure
tty: synclink_gt: rename a conflicting function name
tty: synclink_gt, drop unneeded forward declarations
scsi: iscsi: Adjust iface sysfs attr detection
net/mlx4_en: Don't allow aRFS for encapsulated packets
qed: rdma - don't wait for resources under hw error recovery flow
gpio: uniphier: Fix void functions to remove return value
net/smc: add missing error check in smc_clc_prfx_set()
bnxt_en: Fix TX timeout when TX ring size is set to the smallest
enetc: Fix illegal access when reading affinity_hint
platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
net: hso: fix muxed tty registration
serial: mvebu-uart: fix driver's tx_empty callback
xhci: Set HCD flag to defer primary roothub registration
btrfs: prevent __btrfs_dump_space_info() to underflow its free space
erofs: fix up erofs_lookup tracepoint
mcb: fix error handling in mcb_alloc_bus()
USB: serial: option: add device id for Foxconn T99W265
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: mos7840: remove duplicated 0xac24 device ID
usb: core: hcd: Add support for deferring roothub registration
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
staging: greybus: uart: fix tty use after free
binder: make sure fd closes complete
USB: cdc-acm: fix minor-number release
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
xen/x86: fix PV trap handling on secondary processors
cifs: fix incorrect check for null pointer in header_assemble
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
usb: gadget: r8a66597: fix a loop in set_feature()
ocfs2: drop acl cache for directories too
Linux 5.4.149
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
rtc: rx8010: select REGMAP_I2C
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
pwm: stm32-lp: Don't modify HW state in .remove() callback
pwm: rockchip: Don't modify HW state in .remove() callback
pwm: img: Don't modify HW state in .remove() callback
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
btrfs: fix lockdep warning while mounting sprout fs
ceph: lockdep annotations for try_nonblocking_invalidate
ceph: request Fw caps before updating the mtime in ceph_write_iter
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
dmaengine: ioat: depends on !UML
dmaengine: sprd: Add missing MODULE_DEVICE_TABLE
parisc: Move pci_dev_is_behind_card_dino to where it is used
drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
thermal/core: Fix thermal_cooling_device_register() prototype
Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
net: stmmac: reset Tx desc base address before restarting Tx
phy: avoid unnecessary link-up delay in polling mode
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
profiling: fix shift-out-of-bounds bugs
nilfs2: use refcount_dec_and_lock() to fix potential UAF
prctl: allow to setup brk for et_dyn executables
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
um: virtio_uml: fix memory leak on init failures
staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb()
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
ARM: 9079/1: ftrace: Add MODULE_PLTS support
ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
ARM: 9077/1: PLT: Move struct plt_entries definition to header
apparmor: remove duplicate macro list_entry_is_head()
ARM: Qualify enabling of swiotlb_init()
s390/pci_mmio: fully validate the VMA before calling follow_pte()
console: consume APC, DM, DCS
KVM: remember position in kvm->vcpus array
PCI/ACPI: Add Ampere Altra SOC MCFG quirk
PCI: aardvark: Fix reporting CRS value
PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
PCI: aardvark: Indicate error in 'val' when config read fails
PCI: pci-bridge-emul: Fix big-endian support
Linux 5.4.148
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
s390/bpf: Fix optimizing out zero-extensions
net: renesas: sh_eth: Fix freeing wrong tx descriptor
ip_gre: validate csum_start only on pull
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
fq_codel: reject silly quantum parameters
netfilter: socket: icmp6: fix use-after-scope
net: dsa: b53: Fix calculating number of switch ports
perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
KVM: arm64: Handle PSCI resets before userspace touches vCPU state
mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
PCI: Fix pci_dev_str_match_path() alloc while atomic bug
mfd: axp20x: Update AXP288 volatile ranges
NTB: perf: Fix an error code in perf_setup_inbuf()
NTB: Fix an error code in ntb_msit_probe()
ethtool: Fix an error code in cxgb2.c
PCI: ibmphp: Fix double unmap of io_mem
block, bfq: honor already-setup queue merges
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
PCI: Add ACS quirks for Cavium multi-function devices
tracing/probes: Reject events which have the same name of existing one
mfd: Don't use irq_create_mapping() to resolve a mapping
fuse: fix use after free in fuse_read_interrupt()
PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
mfd: db8500-prcmu: Adjust map to reality
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
net: hns3: fix the timing issue of VF clearing interrupt sources
net: hns3: disable mac in flr process
net: hns3: change affinity_mask to numa node range
net: hns3: pad the short tunnel frame before sending to hardware
KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers
ibmvnic: check failover_pending in login response
dt-bindings: arm: Fix Toradex compatible typo
qed: Handle management FW error
tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
net/af_unix: fix a data-race in unix_dgram_poll
vhost_net: fix OoB on sendmsg() failure.
events: Reuse value read using READ_ONCE instead of re-reading it
net/mlx5: Fix potential sleeping in atomic context
net/mlx5: FWTrace, cancel work on alloc pd error flow
perf machine: Initialize srcline string member in add_location struct
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
tipc: fix an use-after-free issue in tipc_recvmsg
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
s390/sclp: fix Secure-IPL facility detection
drm/etnaviv: add missing MMU context put when reaping MMU mapping
drm/etnaviv: reference MMU context when setting up hardware state
drm/etnaviv: fix MMU context leak on GPU reset
drm/etnaviv: exec and MMU state is lost when resetting the GPU
drm/etnaviv: keep MMU context across runtime suspend/resume
drm/etnaviv: stop abusing mmu_context as FE running marker
drm/etnaviv: put submit prev MMU context when it exists
drm/etnaviv: return context from etnaviv_iommu_context_get
drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
PCI: Add AMD GPU multi-function power dependencies
PM: base: power: don't try to use non-existing RTC for storing data
arm64/sve: Use correct size when reinitialising SVE state
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
btrfs: fix upper limit for max_inline for page size 64K
drm/panfrost: Clamp lock region to Bifrost minimum
drm/panfrost: Use u64 for size in lock_region
drm/panfrost: Simplify lock_region calculation
drm/amdgpu: Fix BUG_ON assert
drm/msi/mdp4: populate priv->kms in mdp4_kms_init
net: dsa: lantiq_gswip: fix maximum frame length
lib/test_stackinit: Fix static initializer test
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
mm,vmscan: fix divide by zero in get_scan_count
mm/hugetlb: initialize hugetlb_usage in mm_init
s390/pv: fix the forcing of the swiotlb
cpufreq: powernv: Fix init_chip_info initialization in numa=off
scsi: qla2xxx: Sync queue idx with queue_pair_map idx
scsi: qla2xxx: Changes to support kdump kernel
scsi: BusLogic: Fix missing pr_cont() use
ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
fix array-index-out-of-bounds in taprio_change
net: fix NULL pointer reference in cipso_v4_doi_free
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
net/mlx5: DR, Enable QP retransmission
iwlwifi: mvm: fix access to BSS elements
iwlwifi: mvm: avoid static queue number aliasing
iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
drm/amdkfd: Account for SH/SE count when setting up cu masks.
ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
ASoC: rockchip: i2s: Fix regmap_ops hang
usbip:vhci_hcd USB port can get stuck in the disabled state
usbip: give back URBs for unsent unlink requests during cleanup
usb: musb: musb_dsps: request_irq() after initializing musb
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: core: Return correct emmc response in case of ioctl error
selftests/bpf: Enlarge select() timeout for test_maps
mmc: rtsx_pci: Fix long reads when clock is prescaled
mmc: sdhci-of-arasan: Check return value of non-void funtions
of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
ASoC: Intel: Skylake: Fix passing loadable flag for module
ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
btrfs: tree-log: check btrfs_lookup_data_extent return value
m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
drm/exynos: Always initialize mapping in exynos_drm_register_dma()
lockd: lockd server-side shouldn't set fl_ops
usb: chipidea: host: fix port index underflow and UBSAN complains
gfs2: Don't call dlm after protocol is unmounted
staging: rts5208: Fix get_ms_information() heap buffer size
rpc: fix gss_svc_init cleanup on failure
tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
serial: sh-sci: fix break handling for sysrq
opp: Don't print an error if required-opps is missing
Bluetooth: Fix handling of LE Enhanced Connection Complete
nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
arm64: dts: ls1046a: fix eeprom entries
arm64: tegra: Fix compatible string for Tegra132 CPUs
ARM: tegra: tamonten: Fix UART pad setting
mac80211: Fix monitor MTU limit so that A-MSDUs get through
drm/display: fix possible null-pointer dereference in dcn10_set_clock()
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
net/mlx5: Fix variable type to match 64bit
Bluetooth: avoid circular locks in sco_sock_connect
Bluetooth: schedule SCO timeouts with delayed_work
selftests/bpf: Fix xdp_tx.c prog section name
drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
arm64: dts: qcom: sdm660: use reg value for memory node
ARM: dts: imx53-ppd: Fix ACHC entry
media: tegra-cec: Handle errors of clk_prepare_enable()
media: TDA1997x: fix tda1997x_query_dv_timings() return value
media: v4l2-dv-timings.c: fix wrong condition in two for-loops
media: imx258: Limit the max analogue gain to 480
media: imx258: Rectify mismatch of VTS value
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
arm64: tegra: Fix Tegra194 PCIe EP compatible string
bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler()
workqueue: Fix possible memory leaks in wq_numa_init()
Bluetooth: skip invalid hci_sync_conn_complete_evt
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
samples: bpf: Fix tracex7 error raised on the missing argument
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390: make PCI mio support a machine flag
s390/jump_label: print real address in a case of a jump label bug
flow_dissector: Fix out-of-bounds warnings
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
drm/amd/display: Fix timer_per_pixel unit error
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
usb: gadget: composite: Allow bMaxPower=0 if self-powered
USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
usb: gadget: u_ether: fix a potential null pointer dereference
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
igc: Check if num of q_vectors is smaller than max before array access
drm: avoid blocking in drm_clients_info's rcu section
Smack: Fix wrong semantics in smk_access_entry()
netlink: Deal with ESRCH error in nlmsg_notify()
video: fbdev: kyro: fix a DoS bug by restricting user input
ARM: dts: qcom: apq8064: correct clock names
iavf: fix locking of critical sections
iavf: do not override the adapter state in the watchdog task
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
tipc: keep the skb in rcv queue until the whole data is read
PCI: Use pci_update_current_state() in pci_enable_device_flags()
crypto: mxs-dcp - Use sg_mapping_iter to copy data
media: dib8000: rewrite the init prbs logic
ASoC: atmel: ATMEL drivers don't need HAS_DMA
drm/amdgpu: Fix amdgpu_ras_eeprom_init()
userfaultfd: prevent concurrent API initialization
kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
MIPS: Malta: fix alignment of the devicetree buffer
f2fs: fix to unmap pages from userspace process in punch_hole()
f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
f2fs: fix to account missing .skipped_gc_rwsem
KVM: PPC: Fix clearing never mapped TCEs in realmode
clk: at91: clk-generated: Limit the requested rate to our range
clk: at91: clk-generated: pass the id of changeable parent at registration
clk: at91: sam9x60: Don't use audio PLL
fscache: Fix cookie key hashing
platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call
KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live
HID: i2c-hid: Fix Elan touchpad regression
scsi: target: avoid per-loop XCOPY buffer allocations
powerpc/config: Renable MTD_PHYSMAP_OF
scsi: qedf: Fix error codes in qedf_alloc_global_queues()
scsi: qedi: Fix error codes in qedi_alloc_global_queues()
scsi: smartpqi: Fix an error code in pqi_get_raid_map()
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
scsi: fdomain: Fix error return code in fdomain_probe()
SUNRPC: Fix potential memory corruption
dma-debug: fix debugfs initialization order
openrisc: don't printk() unconditionally
f2fs: reduce the scope of setting fsck tag when de->name_len is zero
f2fs: show f2fs instance in printk_ratelimited
RDMA/efa: Remove double QP type assignment
powerpc/stacktrace: Include linux/delay.h
vfio: Use config not menuconfig for VFIO_NOIOMMU
pinctrl: samsung: Fix pinctrl bank pin count
docs: Fix infiniband uverbs minor number
RDMA/iwcm: Release resources if iw_cm module initialization fails
IB/hfi1: Adjust pkey entry in index 0
scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
f2fs: quota: fix potential deadlock
HID: input: do not report stylus battery state as "full"
PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
PCI: aardvark: Fix checking for PIO status
PCI: xilinx-nwl: Enable the clock through CCF
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
PCI/portdrv: Enable Bandwidth Notification only if port supports it
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
dmaengine: imx-sdma: remove duplicated sdma_load_context
Revert "dmaengine: imx-sdma: refine to load context only once"
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
power: supply: max17042: handle fails of reading status register
block: bfq: fix bfq_set_next_ioprio_data()
crypto: public_key: fix overflow during implicit conversion
arm64: head: avoid over-mapping in map_memory
soc: aspeed: p2a-ctrl: Fix boundary check for mmap
soc: aspeed: lpc-ctrl: Fix boundary check for mmap
soc: qcom: aoss: Fix the out of bound usage of cooling_devs
pinctrl: ingenic: Fix incorrect pull up/down info
pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
tools/thermal/tmon: Add cross compiling support
9p/xen: Fix end of loop tests for list_for_each_entry
include/linux/list.h: add a macro to test if entry is pointing to the head
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
PCI/MSI: Skip masking MSI-X on Xen PV
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
btrfs: reset replace target device to allocation state on close
btrfs: wake up async_delalloc_pages waiters after submit
rtc: tps65910: Correct driver module alias
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/arm/tegra.yaml
Documentation/devicetree/bindings/mtd/gpmc-nand.txt
Documentation/devicetree/bindings/regulator/samsung,s5m8767.txt
kernel/sched/cpufreq_schedutil.c
Change-Id: Id17c4366cdc6854cd23fba0f41d335b09fc6100e
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
|
||
|
Florian Westphal
|
54b5ab456e |
netfilter: bridge: add support for pppoe filtering
[ Upstream commit 28b78ecffea8078d81466b2e01bb5a154509f1ba ]
This makes 'bridge-nf-filter-pppoe-tagged' sysctl work for
bridged traffic.
Looking at the original commit it doesn't appear this ever worked:
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
[..]
if (skb->protocol == htons(ETH_P_8021Q)) {
skb_pull(skb, VLAN_HLEN);
skb->network_header += VLAN_HLEN;
+ } else if (skb->protocol == htons(ETH_P_PPP_SES)) {
+ skb_pull(skb, PPPOE_SES_HLEN);
+ skb->network_header += PPPOE_SES_HLEN;
}
[..]
NF_HOOK(... POST_ROUTING, ...)
... but the adjusted offsets are never restored.
The alternative would be to rip this code out for good,
but otoh we'd have to keep this anyway for the vlan handling
(which works because vlan tag info is in the skb, not the packet
payload).
Reported-and-tested-by: Amish Chana <amish@3g.co.za>
Fixes:
|
||
Pooventhiran G
|
af60234af1 |
bridge: Port Hy-Fi bridging hooks
Changes to port Hy-Fi bridging hooks and to export br_fdb_find_rcu symbol. Change-Id: Ife2a9ac76e02fff56b8c4acaa97794df7e98863d Signed-off-by: Muthuchamy Kumar <quic_muthucha@quicinc.com> Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com> |
||
|
Srinivasarao Pathipati
|
828abb51dd |
Merge android11-5.4.147+ (dc8c919) into msm-5.4
* refs/heads/tmp-dc8c919:
Revert dwc3 changes
ANDROID: GKI: Update FCNT KMI symbol list No new symbols added that are not already in the .xml file.
ANDROID: GKI : Update symbols to symbol list
BACKPORT: crypto: arch - conditionalize crypto api in arch glue for lib code
BACKPORT: crypto: arch/lib - limit simd usage to 4k chunks
UPSTREAM: crypto: arm/blake2s - fix for big endian
ANDROID: gki_defconfig: enable BLAKE2b support
BACKPORT: crypto: arm/blake2b - add NEON-accelerated BLAKE2b
BACKPORT: crypto: blake2b - update file comment
BACKPORT: crypto: blake2b - sync with blake2s implementation
UPSTREAM: crypto: arm/blake2s - add ARM scalar optimized BLAKE2s
UPSTREAM: crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
UPSTREAM: crypto: blake2s - adjust include guard naming
UPSTREAM: crypto: blake2s - add comment for blake2s_state fields
UPSTREAM: crypto: blake2s - optimize blake2s initialization
BACKPORT: crypto: blake2s - share the "shash" API boilerplate code
UPSTREAM: crypto: blake2s - move update and final logic to internal/blake2s.h
UPSTREAM: crypto: blake2s - remove unneeded includes
UPSTREAM: crypto: x86/blake2s - define shash_alg structs using macros
UPSTREAM: crypto: blake2s - define shash_alg structs using macros
UPSTREAM: crypto: lib/blake2s - Move selftest prototype into header file
UPSTREAM: crypto: blake2b - Fix clang optimization for ARMv7-M
UPSTREAM: crypto: blake2b - rename tfm context and _setkey callback
UPSTREAM: crypto: blake2b - merge _update to api callback
UPSTREAM: crypto: blake2b - open code set last block helper
UPSTREAM: crypto: blake2b - delete unused structs or members
UPSTREAM: crypto: blake2b - simplify key init
UPSTREAM: crypto: blake2b - merge blake2 init to api callback
UPSTREAM: crypto: blake2b - merge _final implementation to callback
BACKPORT: crypto: testmgr - add test vectors for blake2b
BACKPORT: crypto: blake2b - add blake2b generic implementation
UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
UPSTREAM: crypto: blake2s - implement generic shash driver
UPSTREAM: crypto: testmgr - add test cases for Blake2s
UPSTREAM: crypto: blake2s - generic C library implementation and selftest
UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
ANDROID: ion heap: init ion heaps in subsys_initcall
UPSTREAM: ovl: simplify file splice
ANDROID: ABI: update allowed list for galaxy
ANDROID: ABI: Update allowed list for QCOM
ANDROID: distribute Module.symvers
UPSTREAM: usb: max-3421: Prevent corruption of freed memory
ANDROID: ABI: Update allowed list for QCOM
UPSTREAM: driver core: Prevent warning when removing a device link from unregistered consumer
UPSTREAM: udp: properly flush normal packet at GRO time
UPSTREAM: net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
UPSTREAM: f2fs: Advertise encrypted casefolding in sysfs
UPSTREAM: loop: Fix missing discard support when using LOOP_CONFIGURE
UPSTREAM: thermal/drivers/sprd: Add missing MODULE_DEVICE_TABLE
UPSTREAM: nvmem: sprd: Fix an error message
UPSTREAM: usb: musb: Fix an error message
UPSTREAM: scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend
UPSTREAM: scsi: ufs: core: Do not put UFS power into LPM if link is broken
UPSTREAM: selinux: add proper NULL termination to the secclass_map permissions
UPSTREAM: of: property: fw_devlink: do not link ".*,nr-gpios"
UPSTREAM: udp: never accept GSO_FRAGLIST packets
UPSTREAM: udp: skip L4 aggregation for UDP tunnel packets
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: pinctrl: sunxi: fix irq bank map for the Allwinner A100 pin controller
UPSTREAM: loop: Set correct device size when using LOOP_CONFIGURE
UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
ANDROID: ion_system_heap: Add __GFP_NOWARN to mid-order allocations
ANDROID: drivers: gpu: drm: increase the MAX_DRM_OPEN_COUNT
UPSTREAM: af_unix: fix garbage collect vs MSG_PEEK
Linux 5.4.147
Revert "time: Handle negative seconds correctly in timespec64_to_ns()"
Revert "posix-cpu-timers: Force next expiration recalc after itimer reset"
Revert "block: nbd: add sanity check for first_minor"
Revert "Bluetooth: Move shutdown callback before flushing tx and rx queue"
Linux 5.4.146
clk: kirkwood: Fix a clocking boot regression
backlight: pwm_bl: Improve bootloader/kernel device handover
fbmem: don't allow too huge resolutions
IMA: remove the dependency on CRYPTO_MD5
IMA: remove -Wmissing-prototypes warning
fuse: flush extending writes
fuse: truncate pagecache on atomic_o_trunc
KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
KVM: s390: index kvm->arch.idle_mask by vcpu_idx
x86/resctrl: Fix a maybe-uninitialized build warning treated as error
perf/x86/amd/ibs: Extend PERF_PMU_CAP_NO_EXCLUDE to IBS Op
tty: Fix data race between tiocsti() and flush_to_ldisc()
time: Handle negative seconds correctly in timespec64_to_ns()
bpf: Fix pointer arithmetic mask tightening under state pruning
bpf: verifier: Allocate idmap scratch in verifier env
bpf: Fix leakage due to insufficient speculative store bypass mitigation
bpf: Introduce BPF nospec instruction for mitigating Spectre v4
ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
octeontx2-af: Fix loop in free and unmap counter
net: qualcomm: fix QCA7000 checksum handling
net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
ipv4: make exception cache less predictible
ipv6: make exception cache less predictible
brcmfmac: pcie: fix oops on failure to resume and reprobe
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
ASoC: wcd9335: Disable irq on slave ports in the remove function
ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function
ASoC: wcd9335: Fix a double irq free in the remove function
tty: serial: fsl_lpuart: fix the wrong mapbase value
usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
bpf: Fix possible out of bound write in narrow load handling
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
ASoC: Intel: Skylake: Fix module resource and format selection
ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
rsi: fix an error code in rsi_probe()
rsi: fix error code in rsi_load_9116_firmware()
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
Bluetooth: add timeout sanity check to hci_inquiry
mm/swap: consider max pages in iomap_swapfile_add_extent
usb: gadget: mv_u3d: request_irq() after initializing UDC
nfsd4: Fix forced-expiry locking
lockd: Fix invalid lockowner cast after vfs_test_lock
mac80211: Fix insufficient headroom issue for AMSDU
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
Bluetooth: Move shutdown callback before flushing tx and rx queue
usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
Bluetooth: fix repeated calls to sco_sock_kill
counter: 104-quad-8: Return error when invalid mode during ceiling_write
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs
PM: EM: Increase energy calculation precision
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
debugfs: Return error during {full/open}_proxy_open() on rmmod
soc: qcom: smsm: Fix missed interrupts if state changes while masked
PCI: PM: Enable PME if it can be signaled from D3cold
PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
media: venus: venc: Fix potential null pointer dereference on pointer fmt
media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
leds: trigger: audio: Add an activate callback to ensure the initial brightness is set
leds: lt3593: Put fwnode in any case during ->probe()
i2c: highlander: add IRQ check
net: cipso: fix warnings in netlbl_cipsov4_add_std
cgroup/cpuset: Fix a partition bug with hotplug
net/mlx5e: Prohibit inner indir TIRs in IPoIB
ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties
ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties
ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties
ARM: dts: meson8: Use a higher default GPU clock frequency
tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
drm/amdgpu/acp: Make PM domain really work
netns: protect netns ID lookups with RCU
6lowpan: iphc: Fix an off-by-one check of array index
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
media: go7007: remove redundant initialization
media: dvb-usb: Fix error handling in dvb_usb_i2c_init
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
soc: qcom: rpmhpd: Use corner in power_off
arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties
ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi
bpf: Fix potential memleak and UAF in the verifier.
bpf: Fix a typo of reuseport map in bpf.h.
media: cxd2880-spi: Fix an error handling path
soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally
media: TDA1997x: enable EDID support
drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init()
EDAC/i10nm: Fix NVDIMM detection
spi: spi-zynq-qspi: use wait_for_completion_timeout to make zynq_qspi_exec_mem_op not interruptible
spi: sprd: Fix the wrong WDG_LOAD_VAL
regulator: vctrl: Avoid lockdep warning in enable/disable ops
regulator: vctrl: Use locked regulator_get_voltage in probe path
certs: Trigger creation of RSA module signing key if it's not an RSA key
crypto: qat - use proper type for vf_mask
block: nbd: add sanity check for first_minor
clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel
lib/mpi: use kcalloc in mpi_resize
genirq/timings: Fix error return code in irq_timings_test_irqs()
spi: spi-pic32: Fix issue with uninitialized dma_slave_config
spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
sched: Fix UCLAMP_FLAG_IDLE setting
m68k: emu: Fix invalid free in nfeth_cleanup()
s390/debug: fix debug area life cycle
s390/kasan: fix large PMD pages address alignment check
udf_get_extendedattr() had no boundary checks.
fcntl: fix potential deadlock for &fasync_struct.fa_lock
crypto: qat - do not export adf_iov_putmsg()
crypto: qat - fix naming for init/shutdown VF to PF notifications
crypto: qat - fix reuse of completion variable
crypto: qat - handle both source of interrupt in VF ISR
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
s390/cio: add dev_busid sysfs entry for each subchannel
power: supply: max17042_battery: fix typo in MAx17042_TOFF
nvmet: pass back cntlid on successful completion
nvme-rdma: don't update queue count when failing to set io queues
nvme-tcp: don't update queue count when failing to set io queues
bcache: add proper error unwinding in bcache_device_init
isofs: joliet: Fix iocharset=utf8 mount option
udf: Fix iocharset=utf8 mount option
udf: Check LVID earlier
hrtimer: Ensure timerfd notification for HIGHRES=n
hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns()
posix-cpu-timers: Force next expiration recalc after itimer reset
rcu/tree: Handle VM stoppage in stall detection
sched/deadline: Fix missing clock update in migrate_task_rq_dl()
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
sched/deadline: Fix reset_on_fork reporting of DL tasks
crypto: mxs-dcp - Check for DMA mapping errors
regmap: fix the offset of register error log
locking/mutex: Fix HANDOFF condition
ANDROID: GKI: db845c: Update symbols list and ABI for lts v5.4.144
Linux 5.4.145
PCI: Call Max Payload Size-related fixup quirks early
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
xhci: fix unsafe memory usage in xhci tracing
usb: mtu3: fix the wrong HS mult value
usb: mtu3: use @mult for HS isoc or intr
usb: host: xhci-rcar: Don't reload firmware after the completion
ALSA: usb-audio: Add registration quirk for JBL Quantum 800
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating
Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM"
mm/page_alloc: speed up the iteration of max_order
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
igmp: Add ip_mc_list lock in ip_check_mc_rcu
media: stkwebcam: fix memory leak in stk_camera_probe
ARC: wireup clone3 syscall
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
ARM: 8918/2: only build return_address() if needed
cryptoloop: add a deprecation warning
perf/x86/amd/power: Assign pmu.module
perf/x86/amd/ibs: Work around erratum #1197
perf/x86/intel/pt: Fix mask of num_address_ranges
qede: Fix memset corruption
net: macb: Add a NULL check on desc_ptp
qed: Fix the VF msix vectors flow
reset: reset-zynqmp: Fixed the argument data type
gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
kthread: Fix PF_KTHREAD vs to_kthread() race
ubifs: report correct st_size for encrypted symlinks
f2fs: report correct st_size for encrypted symlinks
ext4: report correct st_size for encrypted symlinks
fscrypt: add fscrypt_symlink_getattr() for computing st_size
ext4: fix race writing to an inline_data file while its xattrs are changing
Revert "once: Fix panic when module unload"
Linux 5.4.144
audit: move put_tree() to avoid trim_trees refcount underflow and UAF
net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
Revert "parisc: Add assembly implementations for memset, strlen, strcpy, strncpy and strcat"
Revert "floppy: reintroduce O_NDELAY fix"
btrfs: fix NULL pointer dereference when deleting device by invalid id
arm64: dts: qcom: msm8994-angler: Fix gpio-reserved-ranges 85-88
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
net: dsa: mt7530: fix VLAN traffic leaks again
bpf: Fix cast to pointer from integer of different size warning
bpf: Track contents of read-only maps as scalars
vt_kdsetmode: extend console locking
btrfs: fix race between marking inode needs to be logged and log syncing
net/rds: dma_map_sg is entitled to merge entries
drm/nouveau/disp: power down unused DP links during init
drm: Copy drm_wait_vblank to user before returning
qed: Fix null-pointer dereference in qed_rdma_create_qp()
qed: qed ll2 race condition fixes
vringh: Use wiov->used to check for read/write desc order
virtio_pci: Support surprise removal of virtio pci device
virtio: Improve vq->broken access to avoid any compiler optimization
opp: remove WARN when no valid OPPs remain
perf/x86/intel/uncore: Fix integer overflow on 23 bit left shift of a u32
usb: gadget: u_audio: fix race condition on endpoint stop
drm/i915: Fix syncmap memory leak
net: hns3: fix get wrong pfc_en when query PFC configuration
net: hns3: fix duplicate node in VLAN list
net: hns3: clear hardware resource when loading driver
rtnetlink: Return correct error on changing device netns
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
ip_gre: add validation for csum_start
RDMA/efa: Free IRQ vectors on error flow
e1000e: Fix the max snoop/no-snoop latency for 10M
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
RDMA/bnxt_re: Add missing spin lock initialization
scsi: core: Fix hang of freezing queue between blocking and running device
usb: dwc3: gadget: Stop EP0 transfers during pullup disable
usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
mm, oom: make the calculation of oom badness more accurate
mmc: sdhci-msm: Update the software timeout value for sdhc
ovl: fix uninitialized pointer read in ovl_lookup_real_one()
once: Fix panic when module unload
netfilter: conntrack: collect all entries in one cycle
ARC: Fix CONFIG_STACKDEPOT
net: qrtr: fix another OOB Read in qrtr_endpoint_post
Revert "virtio: Protect vqs list access"
Revert "net: igmp: fix data-race in igmp_ifc_timer_expire()"
Revert "net: igmp: increase size of mr_ifc_count"
Revert "PCI/MSI: Protect msi_desc::masked for multi-MSI"
Linux 5.4.143
netfilter: nft_exthdr: fix endianness of tcp option cast
fs: warn about impending deprecation of mandatory locks
mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim
mm, memcg: avoid stale protection values when cgroup is above protection
ASoC: intel: atom: Fix breakage for PCM buffer address setup
PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
ipack: tpci200: fix memory leak in the tpci200_register
ipack: tpci200: fix many double free issues in tpci200_pci_probe
slimbus: ngd: reset dma setup during runtime pm
slimbus: messaging: check for valid transaction id
slimbus: messaging: start transaction ids from 1 instead of zero
tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
ALSA: hda - fix the 'Capture Switch' value change notifications
mmc: dw_mmc: Fix hang on data CRC error
ovl: add splice file read write helper
iavf: Fix ping is lost after untrusted VF had tried to change MAC
i40e: Fix ATR queue selection
ovs: clear skb->tstamp in forwarding path
net: mdio-mux: Handle -EPROBE_DEFER correctly
net: mdio-mux: Don't ignore memory allocation errors
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
virtio-net: support XDP when not more queues
vrf: Reset skb conntrack connection on VRF rcv
bnxt_en: Add missing DMA memory barriers
ptp_pch: Restore dependency on PCI
net: 6pack: fix slab-out-of-bounds in decode_data
bnxt: disable napi before canceling DIM
bnxt: don't lock the tx queue from napi poll
bpf: Clear zext_dst of dead insns
vhost: Fix the calculation in vhost_overflow()
virtio: Protect vqs list access
dccp: add do-while-0 stubs for dccp_pr_debug macros
cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
iommu: Check if group is NULL before remove device
Bluetooth: hidp: use correct wait queue when removing ctrl_wait
drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
net: usb: lan78xx: don't modify phy_device state concurrently
ARM: dts: nomadik: Fix up interrupt controller node names
scsi: core: Fix capacity set to zero after offlinining device
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
USB: core: Avoid WARNings for 0-length descriptor requests
media: drivers/media/usb: fix memory leak in zr364xx_probe
media: zr364xx: fix memory leaks in probe()
media: zr364xx: propagate errors from zr364xx_start_readpipe()
mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
x86/fpu: Make init_fpstate correct with optimized XSAVE
ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
Linux 5.4.142
KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
iommu/vt-d: Fix agaw for a supported 48 bit guest address width
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
ceph: take snap_empty_lock atomically with snaprealm refcount change
ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm
ceph: add some lockdep assertions around snaprealm handling
KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation
PCI/MSI: Protect msi_desc::masked for multi-MSI
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Correct misleading comments
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Enforce MSI[X] entry updates to be visible
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Enable and mask MSI-X early
genirq/timings: Prevent potential array overflow in __irq_timings_store()
genirq/msi: Ensure deactivation on teardown
x86/resctrl: Fix default monitoring groups reporting
x86/ioapic: Force affinity setup before startup
x86/msi: Force affinity setup before startup
genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
x86/tools: Fix objdump version check again
powerpc/kprobes: Fix kprobe Oops happens in booke
nbd: Aovid double completion of a request
vsock/virtio: avoid potential deadlock when vsock device remove
xen/events: Fix race in set_evtchn_to_irq
net: igmp: increase size of mr_ifc_count
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
net: linkwatch: fix failure to restore device state across suspend/resume
net: bridge: fix memleak in br_add_if()
net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
net: igmp: fix data-race in igmp_ifc_timer_expire()
net: Fix memory leak in ieee802154_raw_deliver
net: dsa: microchip: Fix ksz_read64()
drm/meson: fix colour distortion from HDR set during vendor u-boot
net/mlx5: Fix return value from tracer initialization
psample: Add a fwd declaration for skbuff
iavf: Set RSS LUT and key in reset handle path
net: sched: act_mirred: Reset ct info when mirror/redirect skb
ppp: Fix generating ifname when empty IFLA_IFNAME is specified
net: phy: micrel: Fix link detection on ksz87xx switch"
platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables
platform/x86: pcengines-apuv2: revert wiring up simswitch GPIO as LED
net: dsa: mt7530: add the missing RxUnicast MIB counter
ASoC: cs42l42: Fix LRCLK frame start edge
netfilter: nf_conntrack_bridge: Fix memory leak when error
ASoC: cs42l42: Remove duplicate control for WNF filter frequency
ASoC: cs42l42: Fix inversion of ADC Notch Switch control
ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J
ASoC: cs42l42: Correct definition of ADC Volume control
ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
libnvdimm/region: Fix label activation vs errors
ACPI: NFIT: Fix support for virtual SPA ranges
ceph: reduce contention in ceph_check_delayed_caps()
i2c: dev: zero out array used for i2c reads from userspace
ASoC: intel: atom: Fix reference to PCM buffer address
ASoC: xilinx: Fix reference to PCM buffer address
iio: adc: Fix incorrect exit of for-loop
iio: humidity: hdc100x: Add margin to the conversion time
iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
Linux 5.4.141
btrfs: don't flush from btrfs_delayed_inode_reserve_metadata
btrfs: export and rename qgroup_reserve_meta
btrfs: qgroup: don't commit transaction when we already hold the handle
net: xilinx_emaclite: Do not print real IOMEM pointer
btrfs: fix lockdep splat when enabling and disabling qgroups
btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of reserve retry-after-EDQUOT
btrfs: transaction: Cleanup unused TRANS_STATE_BLOCKED
btrfs: qgroup: try to flush qgroup space when we get -EDQUOT
btrfs: qgroup: allow to unreserve range without releasing other ranges
btrfs: make btrfs_qgroup_reserve_data take btrfs_inode
btrfs: make qgroup_free_reserved_data take btrfs_inode
ovl: prevent private clone if bind mount is not allowed
ppp: Fix generating ppp unit id when ifname is not specified
ALSA: hda: Add quirk for ASUS Flow x13
USB:ehci:fix Kunpeng920 ehci hardware problem
KVM: X86: MMU: Use the correct inherited permissions to get shadow page
usb: dwc3: gadget: Avoid runtime resume if disabling pullup
usb: dwc3: gadget: Disable gadget IRQ during pullup disable
usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable
usb: dwc3: gadget: Prevent EP queuing while stopping transfers
usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
usb: dwc3: Stop active transfers before halting the controller
tracing: Reject string operand in the histogram expression
media: v4l2-mem2mem: always consider OUTPUT queue during poll
tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag
KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB
Linux 5.4.140
arm64: fix compat syscall return truncation
net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset
alpha: Send stop IPI to send to online CPUs
virt_wifi: fix error on connect
reiserfs: check directory items on read from disk
reiserfs: add check for root_inode in reiserfs_fill_super
libata: fix ata_pio_sector for CONFIG_HIGHMEM
bpf, selftests: Adjust few selftest result_unpriv outcomes
perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
soc: ixp4xx/qmgr: fix invalid __iomem access
spi: meson-spicc: fix memory leak in meson_spicc_remove
soc: ixp4xx: fix printing resources
arm64: vdso: Avoid ISB after reading from cntvct_el0
KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
KVM: Do not leak memory for duplicate debugfs directories
KVM: x86: accept userspace interrupt only if no event is injected
md/raid10: properly indicate failure when ending a failed write request
pcmcia: i82092: fix a null pointer dereference bug
timers: Move clearing of base::timer_running under base:: Lock
serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts.
serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
MIPS: Malta: Do not byte-swap accesses to the CBUS UART
serial: 8250: Mask out floating 16/32-bit bus bits
serial: 8250_mtk: fix uart corruption issue when rx power off
serial: tegra: Only print FIFO error message when an error occurs
ext4: fix potential htree corruption when growing large_dir directories
pipe: increase minimum default pipe size to 2 pages
media: rtl28xxu: fix zero-length control request
staging: rtl8712: get rid of flush_scheduled_work
staging: rtl8723bs: Fix a resource leak in sd_int_dpc
tpm_ftpm_tee: Free and unregister TEE shared memory during kexec
optee: Fix memory leak when failing to register shm pages
tee: add tee_shm_alloc_kernel_buf()
optee: Clear stale cache entries during initialization
tracing / histogram: Give calculation hist_fields a size
scripts/tracing: fix the bug that can't parse raw_trace_func
clk: fix leak on devm_clk_bulk_get_all() unwind
usb: otg-fsm: Fix hrtimer list corruption
usb: gadget: f_hid: idle uses the highest byte for duration
usb: gadget: f_hid: fixed NULL pointer dereference
usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
usb: cdns3: Fixed incorrect gadget state
ALSA: usb-audio: Add registration quirk for JBL Quantum 600
ALSA: hda/realtek: add mic quirk for Acer SF314-42
firmware_loader: fix use-after-free in firmware_fallback_sysfs
firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback
USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
USB: serial: ch341: fix character loss at high transfer rates
USB: serial: option: add Telit FD980 composition 0x1056
USB: usbtmc: Fix RCU stall warning
Bluetooth: defer cleanup of resources in hci_unregister_dev()
blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
net: vxge: fix use-after-free in vxge_device_unregister
net: fec: fix use-after-free in fec_drv_remove
net: pegasus: fix uninit-value in get_interrupt_interval
bnx2x: fix an error code in bnx2x_nic_load()
mips: Fix non-POSIX regexp
net: ipv6: fix returned variable type in ip6_skb_dst_mtu
nfp: update ethtool reporting of pauseframe control
sctp: move the active_key update after sh_keys is added
gpio: tqmx86: really make IRQ optional
net: natsemi: Fix missing pci_disable_device() in probe and remove
net: phy: micrel: Fix detection of ksz87xx switch
net: dsa: sja1105: invalidate dynamic FDB entries learned concurrently with statically added ones
net: dsa: sja1105: overwrite dynamic FDB entries with static ones in .port_fdb_add
net, gro: Set inner transport header offset in tcp/udp GRO hook
dmaengine: imx-dma: configure the generic DMA type to make it work
media: videobuf2-core: dequeue if start_streaming fails
scsi: sr: Return correct event when media event code is 3
spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator
ARM: dts: am437x-l4: fix typo in can@0 node
clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
ALSA: usb-audio: fix incorrect clock source setting
arm64: dts: armada-3720-turris-mox: remove mrvl,i2c-fast-mode
ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out pins
ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init
ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz
ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms
ARM: imx: add missing clk_disable_unprepare()
ARM: imx: add missing iounmap()
arm64: dts: ls1028a: fix node name for the sysclk
ALSA: seq: Fix racy deletion of subscriber
Revert "ACPICA: Fix memory leak caused by _CID repair function"
ANDROID: GKI: fix up android/abi_gki_aarch64.xml merge
Linux 5.4.139
spi: mediatek: Fix fifo transfer
bpf, selftests: Adjust few selftest outcomes wrt unreachable code
bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones
bpf: Test_verifier, add alu32 bounds tracking tests
bpf: Fix leakage under speculation on mispredicted branches
bpf: Do not mark insn as seen under speculative path verification
bpf: Inherit expanded/patched seen count from old aux data
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
firmware: arm_scmi: Add delayed response status check
firmware: arm_scmi: Ensure drivers provide a probe function
Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
ACPI: fix NULL pointer dereference
nvme: fix nvme_setup_command metadata trace event
net: Fix zero-copy head len calculation.
qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
r8152: Fix potential PM refcount imbalance
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
spi: stm32h7: fix full duplex irq handler handling
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction
btrfs: fix race causing unnecessary inode logging during link and rename
btrfs: do not commit logs and transactions during link and rename operations
btrfs: delete duplicated words + other fixes in comments
Linux 5.4.138
can: j1939: j1939_session_deactivate(): clarify lifetime of session object
i40e: Add additional info to PHY type error
Revert "perf map: Fix dso->nsinfo refcounting"
powerpc/pseries: Fix regression while building external modules
PCI: mvebu: Setup BAR0 in order to fix MSI
can: hi311x: fix a signedness bug in hi3110_cmd()
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
sctp: fix return value check in __sctp_rcv_asconf_lookup
net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
net/mlx5: Fix flow table chaining
net: llc: fix skb_over_panic
mlx4: Fix missing error code in mlx4_load_one()
net: Set true network header for ECN decapsulation
tipc: fix sleeping in tipc accept routine
i40e: Fix log TC creation failure when max num of queues is exceeded
i40e: Fix queue-to-TC mapping on Tx
i40e: Fix firmware LLDP agent related warning
i40e: Fix logic of disabling queues
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
netfilter: conntrack: adjust stop timestamp to real expiry value
cfg80211: Fix possible memory leak in function cfg80211_bss_update
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
can: mcba_usb_start(): add missing urb->transfer_dma initialization
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
KVM: add missing compat KVM_CLEAR_DIRTY_LOG
x86/kvm: fix vcpu-id indexed array sizes
Revert "ACPI: resources: Add checks for ACPI IRQ override"
btrfs: mark compressed range uptodate only if all bio succeed
btrfs: fix rw device counting in __btrfs_free_extra_devids
x86/asm: Ensure asm/proto.h can be included stand-alone
net_sched: check error pointer in tcf_dump_walker()
Linux 5.4.137
ipv6: ip6_finish_output2: set sk into newly allocated nskb
ARM: dts: versatile: Fix up interrupt controller node names
iomap: remove the length variable in iomap_seek_hole
iomap: remove the length variable in iomap_seek_data
cifs: fix the out of range assignment to bit fields in parse_server_interfaces
firmware: arm_scmi: Fix range check for the maximum number of pending messages
firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
ipv6: allocate enough headroom in ip6_finish_output2()
sctp: move 198 addresses from unusable to private scope
net: annotate data race around sk_ll_usec
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
cgroup1: fix leaked context root causing sporadic NULL deref in LTP
workqueue: fix UAF in pwq_unbound_release_workfn()
af_unix: fix garbage collect vs MSG_PEEK
KVM: x86: determine if an exception has an error code only when injecting it.
tools: Allow proper CC/CXX/... override with LLVM=1 in Makefile.include
selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
ANDROID: Update android/abi_gki_aarch64.xml
ANDROID: Update android/abi_gki_aarch64_goldfish
Linux 5.4.136
xhci: add xhci_get_virt_ep() helper
perf inject: Close inject.output on exit
PCI: Mark AMD Navi14 GPU ATS as broken
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
drm: Return -ENOTTY for non-drm ioctls
nds32: fix up stack guard gap
rbd: always kick acquire on "acquired" and "released" notifications
rbd: don't hold lock_rwsem while running_list is being drained
hugetlbfs: fix mount mode command line processing
userfaultfd: do not untag user pointers
selftest: use mmap instead of posix_memalign to allocate memory
ixgbe: Fix packet corruption due to missing DMA sync
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
btrfs: check for missing device in btrfs_trim_fs
tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
tracing/histogram: Rename "cpu" to "common_cpu"
firmware/efi: Tell memblock about EFI iomem reservations
usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
usb: hub: Fix link power management max exit latency (MEL) calculations
usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
xhci: Fix lost USB 2 remote wake
ALSA: hdmi: Expose all pins on MSI MS-7C94 board
ALSA: sb: Fix potential ABBA deadlock in CSP driver
ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
s390/boot: fix use of expolines in the DMA code
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
proc: Avoid mixing integer types in mem_rw()
drm/panel: raspberrypi-touchscreen: Prevent double-free
net: sched: cls_api: Fix the the wrong parameter
sctp: update active_key for asoc when old key is being replaced
nvme: set the PRACT bit when using Write Zeroes with T10 PI
r8169: Avoid duplicate sysfs entry creation error
afs: Fix tracepoint string placement with built-in AFS
Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
net/sched: act_skbmod: Skip non-Ethernet packets
net: hns3: fix rx VLAN offload state inconsistent issue
net/tcp_fastopen: fix data races around tfo_active_disable_stamp
net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
bnxt_en: Check abort error state in bnxt_half_open_nic()
bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task()
bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence.
spi: cadence: Correct initialisation of runtime PM again
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
net: sched: fix memory leak in tcindex_partial_destroy_work
KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
net: decnet: Fix sleeping inside in af_decnet
efi/tpm: Differentiate missing and invalid final event log table.
net: fix uninit-value in caif_seqpkt_sendmsg
bpftool: Check malloc return value in mount_bpffs_for_pin
bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
liquidio: Fix unintentional sign extension issue on left shift of u16
ASoC: rt5631: Fix regcache sync errors on resume
spi: mediatek: fix fifo rx mode
regulator: hi6421: Fix getting wrong drvdata
regulator: hi6421: Use correct variable type for regmap api val argument
spi: stm32: fixes pm_runtime calls in probe/remove
spi: stm32: Use dma_request_chan() instead dma_request_slave_channel()
spi: imx: add a check for speed_hz before calculating the clock
perf data: Close all files in close_dir()
perf probe-file: Delete namelist in del_events() on the error path
perf lzma: Close lzma stream on exit
perf script: Fix memory 'threads' and 'cpus' leaks on exit
perf dso: Fix memory leak in dso__new_map()
perf test event_update: Fix memory leak of evlist
perf test session_topology: Delete session->evlist
perf env: Fix sibling_dies memory leak
perf probe: Fix dso->nsinfo refcounting
perf map: Fix dso->nsinfo refcounting
nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
cxgb4: fix IRQ free race during driver unload
pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped
selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect
selftests: icmp_redirect: remove from checking for IPv6 route get
ipv6: fix 'disable_policy' for fwd packets
gve: Fix an error handling path in 'gve_probe()'
igb: Fix position of assignment to *ring
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
igc: Fix an error handling path in 'igc_probe()'
igc: Prefer to use the pci_release_mem_regions method
ixgbe: Fix an error handling path in 'ixgbe_probe()'
igc: change default return of igc_read_phy_reg()
igb: Fix use-after-free error during reset
igc: Fix use-after-free error during reset
Linux 5.4.135
udp: annotate data races around unix_sk(sk)->gso_size
perf test bpf: Free obj_buf
bpftool: Properly close va_list 'ap' by va_end() on error
ipv6: tcp: drop silly ICMPv6 packet too big messages
tcp: annotate data races around tp->mtu_info
dma-buf/sync_file: Don't leak fences on merge failure
net: fddi: fix UAF in fza_probe
net: validate lwtstate->data before returning from skb_tunnel_info()
net: send SYNACK packet with accepted fwmark
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
net: bridge: sync fdb to new unicast-filtering ports
net/sched: act_ct: fix err check for nf_conntrack_confirm
netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
net: ipv6: fix return value of ip6_skb_dst_mtu
net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
dm writecache: return the exact table values that were set
mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
usb: cdns3: Enable TDL_CHK only for OUT ep
f2fs: Show casefolding support only when supported
arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file
firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible string
arm64: dts: armada-3720-turris-mox: add firmware node
cifs: prevent NULL deref in cifs_compose_mount_options()
s390: introduce proper type handling call_on_stack() macro
sched/fair: Fix CFS bandwidth hrtimer expiry type
scsi: qedf: Add check to synchronize abort and flush
scsi: libfc: Fix array index out of bound exception
scsi: libsas: Add LUN number check in .slave_alloc callback
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
thermal/core: Correct function name thermal_zone_device_unregister()
arm64: dts: imx8mq: assign PCIe clocks
arm64: dts: ls208xa: remove bus-num from dspi node
firmware: tegra: bpmp: Fix Tegra234-only builds
soc/tegra: fuse: Fix Tegra234-only builds
ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
ARM: dts: rockchip: fix supply properties in io-domains nodes
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios
kbuild: sink stdout from cmd for silent build
rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: Hurricane 2: Fix NAND nodes names
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: NSP: dts: fix NAND nodes names
ARM: Cygnus: dts: fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
arm64: dts: rockchip: Fix power-controller node names for rk3328
arm64: dts: rockchip: Fix power-controller node names for px30
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: Fix power-controller node names for rk3188
ARM: dts: rockchip: Fix power-controller node names for rk3066a
ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
ARM: dts: rockchip: Fix the timer clocks order
arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
ARM: dts: gemini: add device_type on pci
ARM: dts: gemini: rename mdio to the right name
Conflicts:
drivers/mmc/host/sdhci-msm.c
drivers/scsi/ufs/ufshcd.c
drivers/staging/android/ion/heaps/ion_cma_heap.c
drivers/usb/dwc3/gadget.c
include/linux/oom.h
kernel/time/hrtimer.c
mm/oom_kill.c
net/qrtr/qrtr.c
Change-Id: I1c29c9ef4233acd05550475b29b8f7d30b6c452d
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
|
||
|
Eric Dumazet
|
c2c45102ae |
net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
[ Upstream commit dbe0b88064494b7bb6a9b2aa7e085b14a3112d44 ]
bridge_fill_linkxstats() is using nla_reserve_64bit().
We must use nla_total_size_64bit() instead of nla_total_size()
for corresponding data structure.
Fixes:
|
||
qctecmdr
|
41f64e90a5 | Merge "bridge: fix eapol packet dropping issue" | ||
Zhu Ken
|
1c4532011c |
bridge: fix eapol packet dropping issue
wpa_supplicant would receive EAPOL packet to start 802.1x session even if its wireless STA interface enslaved in a bridge is disabled. Change-Id: I4e3f786049a19c5bc7aacdc0528b0099744e8674 Signed-off-by: Zhu Ken <guigenz@codeaurora.org> Signed-off-by: Pooventhiran G <pooventh@codeaurora.org> |
||
Stephen Hemminger
|
2777c75ba4 |
bridge: allow receiption on disabled port
When an ethernet device is enslaved to a bridge, and the bridge STP detects loss of carrier (or operational state down), then normally packet receiption is blocked. This breaks control applications like WPA which maybe expecting to receive packets to negotiate to bring link up. The bridge needs to block forwarding packets from these disabled ports, but there is no hard requirement to not allow local packet delivery. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> Git-Repo: https://git.openwrt.org/?p=openwrt/openwrt.git Git-Commit: c16517d26de30c90dabce1e456615fd7fbdce07c Change-Id: Ife5e4a02bfe86e792a80b6b0f50c3c77f8ad9221 [pooventh@codeaurora.org: fix indentation issue in net/bridge/br_input.c] Signed-off-by: Pooventhiran G <pooventh@codeaurora.org> |
||
Srinivasarao P
|
8bbb4abad0 |
Merge android11-5.4.134+ (dca02b1) into msm-5.4
* refs/heads/tmp-dca02b1:
ANDROID: GKI: Update abi_gki_aarch64_cuttlefish
ANDROID: GKI: Update abi_gki_aarch64_exynos
ANDROID: GKI: Update android/abi_gki_aarch64_sonywalkman
BACKPORT: blk-mq: fix is_flush_rq
BACKPORT: blk-mq: clearing flush request reference in tags->rqs[]
BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool
BACKPORT: blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter
ANDROID: gki_defconfig: set DEFAULT_MMAP_MIN_ADDR=32768
ANDROID: GKI: upate .xml file for new symbol addtions
ANDROID: xt_quota2: set usersize in xt_match registration object
ANDROID: xt_quota2: clear quota2_log message before sending
ANDROID: xt_quota2: remove trailing junk which might have a digit in it
UPSTREAM: io_uring: Fix current->fs handling in io_sq_wq_submit_work()
ANDROID: ABI: Update allowed list for QCOM
UPSTREAM: arm64: vdso: Avoid ISB after reading from cntvct_el0
ANDROID: GKI: Disable X86_MCE drivers
ANDROID: GKI: Add FCNT KMI symbol list
ANDROID: fuse: Allocate zeroed memory for canonical path
ANDROID: ABI: Update allowed list for Microsoft
ANDROID: GKI: add padding to struct hid_device
ANDROID: Update android/abi_gki_aarch64.xml
ANDROID: Update android/abi_gki_aarch64_goldfish
ANDROID: generate_initcall_order.pl: Use two dash long options for llvm-nm
Linux 5.4.134
seq_file: disallow extremely large seq buffer allocations
misc: alcor_pci: fix inverted branch condition
scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
firmware: turris-mox-rwtm: fail probing when firmware does not support hwrng
firmware: turris-mox-rwtm: report failures better
firmware: turris-mox-rwtm: fix reply status decoding function
thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
reset: bail if try_module_get() fails
ARM: dts: BCM5301X: Fixup SPI binding
firmware: arm_scmi: Reset Rx buffer to max size during async commands
firmware: tegra: Fix error return code in tegra210_bpmp_init()
ARM: dts: r8a7779, marzen: Fix DU clock names
arm64: dts: renesas: v3msk: Fix memory size
rtc: fix snprintf() checking in is_rtc_hctosys()
memory: pl353: Fix error return code in pl353_smc_probe()
reset: brcmstb: Add missing MODULE_DEVICE_TABLE
memory: atmel-ebi: add missing of_node_put for loop iteration
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
ARM: exynos: add missing of_node_put for loop iteration
reset: a10sr: add missing of_match_table reference
ARM: dts: gemini-rut1xx: remove duplicate ethernet node
hexagon: use common DISCARDS macro
NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
ALSA: isa: Fix error return code in snd_cmi8330_probe()
nvme-tcp: can't set sk_user_data without write_lock
virtio_net: move tx vq operation under tx queue lock
pwm: imx1: Don't disable clocks at device remove time
x86/fpu: Limit xstate copy size in xstateregs_set()
PCI: iproc: Support multi-MSI only on uniprocessor kernel
PCI: iproc: Fix multi-MSI base vector number allocation
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
NFSv4: Initialise connection to the server in nfs4_alloc_client()
power: supply: rt5033_battery: Fix device tree enumeration
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
x86/signal: Detect and prevent an alternate signal stack overflow
virtio_console: Assure used length from device is limited
virtio_net: Fix error handling in virtnet_restore()
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: video: Add quirk for the Dell Vostro 3350
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
pwm: img: Fix PM reference leak in img_pwm_enable()
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
NFS: nfs_find_open_context() may only select open files
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
PCI: tegra: Add missing MODULE_DEVICE_TABLE
x86/fpu: Return proper error codes from user access functions
watchdog: iTCO_wdt: Account for rebooting on second timeout
watchdog: imx_sc_wdt: fix pretimeout
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
PCI/P2PDMA: Avoid pci_get_slot(), which may sleep
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
i2c: core: Disable client irq on reboot/shutdown
intel_th: Wait until port is in reset before programming it
staging: rtl8723bs: fix macro value for 2.4Ghz only device
ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
usb: gadget: f_hid: fix endianness issue with descriptors
ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values
ALSA: usb-audio: scarlett2: Fix data_mutex lock
ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
ALSA: bebob: add support for ToneWeal FW66
Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
s390/mem_detect: fix tprot() program check new psw handling
s390/mem_detect: fix diag260() program check new psw handling
s390/ipl_parm: fix program check new psw handling
s390/processor: always inline stap() and __load_psw_mask()
ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
gpio: pca953x: Add support for the On Semi pca9655
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation
iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
selftests: timers: rtcpie: skip test if default RTC device does not exist
s390/sclp_vt220: fix console name to match device
serial: tty: uartlite: fix console setup
ASoC: img: Fix PM reference leak in img_i2s_in_probe()
mfd: cpcap: Fix cpcap dmamask not set warnings
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: qedi: Fix null ref during abort handling
scsi: iscsi: Fix shost->max_id use
scsi: iscsi: Fix conn use after free during resets
scsi: iscsi: Add iscsi_cls_conn refcount helpers
scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs
scsi: megaraid_sas: Early detection of VD deletion through RaidMap update
scsi: megaraid_sas: Fix resource leak in case of probe failure
fs/jfs: Fix missing error code in lmLogInit()
scsi: scsi_dh_alua: Check for negative result value
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
ALSA: ac97: fix PM reference leak in ac97_bus_remove()
scsi: core: Cap scsi_host cmd_per_lun at can_queue
scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
w1: ds2438: fixing bug that would always get page0
Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
ALSA: usx2y: Don't call free_pages_exact() with NULL address
iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get()
iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get().
misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
srcu: Fix broken node geometry after early ssp init
dmaengine: fsl-qdma: check dma_set_mask return value
net: moxa: Use devm_platform_get_and_ioremap_resource()
fbmem: Do not delete the mode that is still in use
cgroup: verify that source is a string
tracing: Do not reference char * as a string in histograms
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio
Revert "media: subdev: disallow ioctl for saa6588/davinci"
Linux 5.4.133
smackfs: restrict bytes count in smk_set_cipso()
jfs: fix GPF in diFree
pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
media: subdev: disallow ioctl for saa6588/davinci
PCI: aardvark: Implement workaround for the readback value of VEND_ID
PCI: aardvark: Fix checking for PIO Non-posted Request
PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
dm btree remove: assign new_root only when removal succeeds
coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
tracing: Simplify & fix saved_tgids logic
rq-qos: fix missed wake-ups in rq_qos_throttle try two
seq_buf: Fix overflow in seq_buf_putmem_hex()
extcon: intel-mrfld: Sync hardware and software state on init
nvmem: core: add a missing of_node_put
power: supply: ab8500: Fix an old bug
ubifs: Fix races between xattr_{set|get} and listxattr operations
thermal/drivers/int340x/processor_thermal: Fix tcc setting
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
MIPS: fix "mipsel-linux-ld: decompress.c:undefined reference to `memmove'"
fpga: stratix10-soc: Add missing fpga_mgr_free() call
clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
cpu/hotplug: Cure the cpusets trainwreck
ata: ahci_sunxi: Disable DIPM
mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
mmc: core: clear flags before allowing to retune
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drm/arm/malidp: Always list modifiers
drm/msm/mdp4: Fix modifier support enabling
drm/tegra: Don't set allow_fb_modifiers explicitly
drm/amd/display: Reject non-zero src_y and src_x for video planes
pinctrl/amd: Add device HID for new AMD GPIO controller
drm/amd/display: fix incorrrect valid irq check
drm/rockchip: dsi: remove extra component_del() call
drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
drm/amdgpu: Update NV SIMD-per-CU to 2
powerpc/barrier: Avoid collision with clang's __lwsync macro
powerpc/mm: Fix lockup on kernel exec fault
perf bench: Fix 2 memory sanitizer warnings
crypto: ccp - Annotate SEV Firmware file names
fscrypt: don't ignore minor_hash when hash is 0
MIPS: set mips32r5 for virt extensions
MIPS: loongsoon64: Reserve memory below starting pfn to prevent Oops
sctp: add size validation when walking chunks
sctp: validate from_addr_param return
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
Bluetooth: Fix the HCI to MGMT status conversion table
Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip.
RDMA/cma: Fix rdma_resolve_route() memory leak
net: ip: avoid OOM kills with large UDP sends over loopback
media, bpf: Do not copy more entries than user space requested
wireless: wext-spy: Fix out-of-bounds warning
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
iwlwifi: pcie: fix context info freeing
iwlwifi: pcie: free IML DMA memory allocation
iwlwifi: mvm: don't change band on bound PHY contexts
RDMA/rxe: Don't overwrite errno from ib_umem_get()
vsock: notify server to shutdown when client has pending signal
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
rtl8xxxu: Fix device info for RTL8192EU devices
drm/amdkfd: Walk through list with dqm lock hold
net: sched: fix error return code in tcf_del_walker()
net: fix mistake path for netdev_features_strings
mt76: mt7615: fix fixed-rate tx status reporting
bpf: Fix up register-based shifts in interpreter to silence KUBSAN
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
xfrm: Fix error reporting in xfrm_state_construct.
drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check
r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
fjes: check return value after calling platform_get_resource()
drm/amdkfd: use allowed domain for vmbo validation
drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7
drm/amd/display: Release MST resources on switch from MST to SST
drm/amd/display: Update scaling settings on modeset
net: micrel: check return value after calling platform_get_resource()
net: mvpp2: check return value after calling platform_get_resource()
net: bcmgenet: check return value after calling platform_get_resource()
virtio_net: Remove BUG() to avoid machine dead
ice: set the value of global config lock timeout longer
pinctrl: mcp23s08: fix race condition in irq handler
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
ipv6: use prandom_u32() for ID generation
clk: tegra: Ensure that PLLU configuration is applied properly
clk: renesas: r8a77995: Add ZA2 clock
drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
igb: handle vlan types with checker enabled
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/sched: Avoid data corruptions
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
drm/amd/display: fix use_max_lb flag for 420 pixel formats
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
drm/vc4: fix argument ordering in vc4_crtc_get_margins()
drm/amd/amdgpu/sriov disable all ip hw status by default
drm/zte: Don't select DRM_KMS_FB_HELPER
drm/mxsfb: Don't select DRM_KMS_FB_HELPER
ANDROID: GKI: fix up crc change in ip.h
Linux 5.4.132
iommu/dma: Fix compile warning in 32-bit builds
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
mmc: vub3000: fix control-request direction
mmc: block: Disable CMDQ on the ioctl path
block: return the correct bvec when checking for gaps
scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd()
perf llvm: Return -ENOMEM when asprintf() fails
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/z3fold: fix potential memory leak in z3fold_destroy_pool()
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
vfio/pci: Handle concurrent vma faults
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
serial: mvebu-uart: correctly calculate minimal possible baudrate
serial: mvebu-uart: do not allow changing baudrate when uartclk is not available
powerpc: Offline CPU in stop_this_cpu()
leds: ktd2692: Fix an error handling path
leds: as3645a: Fix error return code in as3645a_parse_node()
configfs: fix memleak in configfs_release_bin_file
ASoC: atmel-i2s: Fix usage of capture and playback at the same time
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
phy: uniphier-pcie: Fix updating phy parameters
soundwire: stream: Fix test for DP prepare complete
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume()
of: Fix truncation of memory sizes on 32-bit platforms
ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
staging: mt7621-dts: fix pci address for PCI memory range
staging: rtl8712: fix memory leak in rtl871x_load_fw_cb
staging: rtl8712: remove redundant check in r871xu_drv_init
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper
eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
usb: dwc2: Don't reset the core after setting turnaround time
usb: gadget: f_fs: Fix setting of device and driver data cross-references
ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()'
iommu/dma: Fix IOVA reserve dma ranges
s390: appldata depends on PROC_SYSCTL
visorbus: fix error return code in visorchipset_init()
fsi/sbefifo: Fix reset timeout
fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
fsi: occ: Don't accept response from un-initialized OCC
fsi: scom: Reset the FSI2PIB engine for any error
fsi: core: Fix return of error values on failures
scsi: FlashPoint: Rename si_flags field
leds: lm3692x: Put fwnode in any case during ->probe()
leds: lm36274: cosmetic: rename lm36274_data to chip
leds: lm3532: select regmap I2C API
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
firmware: stratix10-svc: Fix a resource leak in an error handling path
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
mtd: partitions: redboot: seek fis-index-block in the right node
Input: hil_kbd - fix error return code in hil_dev_connect()
ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
backlight: lm3630a_bl: Put fwnode in error case during ->probe()
ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup()
ASoC: rk3328: fix missing clk_disable_unprepare() on error in rk3328_platform_probe()
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: cros_ec_sensors: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: mxc4005: Fix overread of data and alignment issue.
iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis16400: do not return ints in irq handlers
iio: adis_buffer: do not return ints in irq handlers
mwifiex: re-fix for unaligned accesses
tty: nozomi: Fix a resource leak in an error handling function
rcu: Invoke rcu_spawn_core_kthreads() from rcu_spawn_gp_kthread()
staging: fbtft: Rectify GPIO handling
MIPS: Fix PKMAP with 32-bit MIPS huge page support
RDMA/mlx5: Don't access NULL-cleared mpi pointer
net: sched: fix warning in tcindex_alloc_perfect_hash
net: lwtunnel: handle MTU calculation in forwading
writeback: fix obtain a reference to a freeing memcg css
clk: si5341: Update initialization magic
clk: si5341: Avoid divide errors due to bogus register contents
clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC
clk: actions: Fix SD clocks factor table on Owl S500 SoC
clk: actions: Fix UART clock dividers on Owl S500 SoC
Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
Revert "be2net: disable bh with spin_lock in be_process_mcc"
gve: Fix swapped vars when fetching max queues
bpfilter: Specify the log level for the kmsg message
e1000e: Check the PCIm state
ipv6: fix out-of-bound access in ip6_parse_tlv()
ibmvnic: free tx_pool if tso_pool alloc fails
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
i40e: Fix autoneg disabling for non-10GBaseT links
i40e: Fix error handling in i40e_vsi_open
bpf: Do not change gso_size during bpf_skb_change_proto()
ipv6: exthdrs: do not blindly use init_net
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
mac80211: remove iwlwifi specific workaround NDPs of null_response
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
ieee802154: hwsim: Fix memory leak in hwsim_add_one
tc-testing: fix list handling
net/ipv4: swap flow ports when validating source
vxlan: add missing rcu_read_lock() in neigh_reduce()
pkt_sched: sch_qfq: fix qfq_change_class() error path
tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
net: sched: add barrier to ensure correct ordering for lockless qdisc
vrf: do not push non-ND strict packets with a source LLA through packet taps again
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
samples/bpf: Fix the error return code of xdp_redirect's main()
RDMA/rxe: Fix qp reference counting for atomic ops
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
netfilter: nft_osf: check for TCP packet before further processing
netfilter: nft_exthdr: check for IPv6 packet before further processing
RDMA/mlx5: Don't add slave port to unaffiliated list
netlabel: Fix memory leak in netlbl_mgmt_add_common
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
brcmfmac: correctly report average RSSI in station info
brcmfmac: fix setting of station info chains bitmask
ssb: Fix error return code in ssb_bus_scan()
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
wireless: carl9170: fix LEDS build errors & warnings
ath10k: add missing error return code in ath10k_pci_probe()
ath10k: go to path err_unsupported when chip id is not supported
tools/bpftool: Fix error return code in do_batch()
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
RDMA/core: Sanitize WQ state received from the userspace
net/sched: act_vlan: Fix modify to allow 0
ehea: fix error return code in ehea_restart_qps()
drm/rockchip: dsi: move all lane config except LCDC mux to bind()
drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write()
net: ftgmac100: add missing error return code in ftgmac100_probe()
clk: meson: g12a: fix gp0 and hifi ranges
pinctrl: renesas: r8a77990: JTAG pins do not have pull-down capabilities
pinctrl: renesas: r8a7796: Add missing bias for PRESET# pin
net: pch_gbe: Propagate error from devm_gpio_request_one()
net: mvpp2: Put fwnode in error case during ->probe()
video: fbdev: imxfb: Fix an error message
xfrm: xfrm_state_mtu should return at least 1280 for ipv6
dax: fix ENOMEM handling in grab_mapping_entry()
ocfs2: fix snprintf() checking
cpufreq: Make cpufreq_online() call driver->offline() on errors
ACPI: bgrt: Fix CFI violation
ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros
blk-wbt: make sure throttle is enabled properly
blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
extcon: extcon-max8997: Fix IRQ freeing at error path
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
sched/uclamp: Fix uclamp_tg_restrict()
sched/rt: Fix Deadline utilization tracking during policy change
sched/rt: Fix RT utilization tracking during policy change
btrfs: clear log tree recovering status if starting transaction fails
regulator: hi655x: Fix pass wrong pointer to config.driver_data
KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
arm64: consistently use reserved_pg_dir
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
crypto: omap-sham - Fix PM reference leak in omap sham ops
crypto: nitrox - fix unchecked variable in nitrox_register_interrupts
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
m68k: atari: Fix ATARI_KBD_CORE kconfig unmet dependency warning
media: gspca/gl860: fix zero-length control requests
media: tc358743: Fix error return code in tc358743_probe_of()
media: au0828: fix a NULL vs IS_ERR() check
media: exynos4-is: Fix a use after free in isp_video_release
pata_ep93xx: fix deferred probing
media: rc: i2c: Fix an error message
crypto: ccp - Fix a resource leak in an error handling path
evm: fix writing <securityfs>/evm overflow
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
kbuild: Fix objtool dependency for 'OBJECT_FILES_NON_STANDARD_<obj> := n'
kbuild: run the checker after the compiler
sched/uclamp: Fix locking around cpu_util_update_eff()
sched/uclamp: Fix wrong implementation of cpu.uclamp.min
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
writeback, cgroup: increment isw_nr_in_flight before grabbing an inode
ia64: mca_drv: fix incorrect array size calculation
kthread_worker: fix return value when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
block: fix discard request merge
cifs: fix missing spinlock around update to ses->status
HID: wacom: Correct base usage for capacitive ExpressKey status bits
ACPI: tables: Add custom DSDT file as makefile prerequisite
clocksource: Retry clock read if long delays detected
PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
EDAC/Intel: Do not load EDAC driver when running as a guest
nvmet-fc: do not check for invalid target port in nvmet_fc_handle_fcp_rqst()
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
block: fix race between adding/removing rq qos and normal IO
ACPI: resources: Add checks for ACPI IRQ override
ACPI: bus: Call kobject_put() in acpi_init() error path
ACPICA: Fix memory leak caused by _CID repair function
fs: dlm: fix memory leak when fenced
random32: Fix implicit truncation warning in prandom_seed_state()
fs: dlm: cancel work sync othercon
block_dump: remove block_dump feature in mark_inode_dirty()
ACPI: EC: Make more Asus laptops use ECDT _GPE
lib: vsprintf: Fix handling of number field widths in vsscanf
hv_utils: Fix passing zero to 'PTR_ERR' warning
ACPI: processor idle: Fix up C-state latency if not ordered
EDAC/ti: Add missing MODULE_DEVICE_TABLE
HID: do not use down_interruptible() when unbinding devices
media: Fix Media Controller API config checks
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
regulator: mt6358: Fix vdram2 .vsel_mask
KVM: s390: get rid of register asm usage
lockding/lockdep: Avoid to find wrong lock dep path in check_irq_usage()
locking/lockdep: Fix the dep path printing for backwards BFS
btrfs: disable build on platforms having page size 256K
btrfs: abort transaction if we fail to update the delayed inode
btrfs: fix error handling in __btrfs_update_delayed_inode
KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and POWER10 processors
drivers/perf: fix the missed ida_simple_remove() in ddr_perf_probe()
hwmon: (max31790) Fix pwmX_enable attributes
hwmon: (max31790) Report correct current pwm duty cycles
media: imx-csi: Skip first few frames from a BT.656 source
media: siano: fix device register error path
media: dvb_net: avoid speculation from net slot
crypto: shash - avoid comparing pointers to exported functions under CFI
mmc: via-sdmmc: add a check against NULL pointer dereference
mmc: sdhci-sprd: use sdhci_sprd_writew
memstick: rtsx_usb_ms: fix UAF
media: dvd_usb: memory leak in cinergyt2_fe_attach
Makefile: fix GDB warning with CONFIG_RELR
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: em28xx: Fix possible memory leak of em28xx struct
sched/fair: Fix ascii art by relpacing tabs
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: imx: imx7_mipi_csis: Fix logging of only error event counters
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
media: sti: fix obj-$(config) targets
crypto: nx - add missing MODULE_DEVICE_TABLE
hwrng: exynos - Fix runtime PM imbalance on error
regulator: uniphier: Add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
media: exynos-gsc: fix pm_runtime_get_sync() usage count
media: sti/bdisp: fix pm_runtime_get_sync() usage count
media: s5p-jpeg: fix pm_runtime_get_sync() usage count
media: mtk-vcodec: fix PM runtime get logic
media: sh_vou: fix pm_runtime_get_sync() usage count
media: s5p: fix pm_runtime_get_sync() usage count
media: mdk-mdp: fix pm_runtime_get_sync() usage count
spi: Make of_register_spi_device also set the fwnode
fuse: reject internal errno
fuse: check connected before queueing on fpq->io
fuse: ignore PG_workingset after stealing
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
seq_buf: Make trace_seq_putmem_hex() support data longer than 8
tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
tracing/histograms: Fix parsing of "sym-offset" modifier
rsi: fix AP mode with WPA failure due to encrypted EAPOL
rsi: Assign beacon rate settings to the correct rate_info descriptor field
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
serial: mvebu-uart: fix calculation of clock divisor
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: light: tcs3472: do not free unallocated IRQ
rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
s390/cio: dont call css_wait_for_slow_path() inside a lock
KVM: PPC: Book3S HV: Workaround high stack usage with clang
perf/smmuv3: Don't trample existing events with global filter
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
mac80211: remove iwlwifi specific workaround that broke sta NDP tx
can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path
can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
ext4: use ext4_grp_locked_error in mb_find_extent
ext4: fix avefreec in find_group_orlov
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: return error code when ext4_fill_flex_info() fails
ext4: fix kernel infoleak via ext4_extent_header
ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
btrfs: clear defrag status of a root if starting transaction fails
btrfs: send: fix invalid path for unlink operations after parent orphanization
ARM: dts: at91: sama5d4: fix pinctrl muxing
arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
iov_iter_fault_in_readable() should do nothing in xarray case
copy_page_to_iter(): fix ITER_DISCARD case
ntfs: fix validity check for file name attribute
xhci: solve a double free problem while doing s4
usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
usb: dwc3: Fix debugfs creation flow
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too
ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx
ALSA: hda/realtek: Add another ALC236 variant support
ALSA: intel8x0: Fix breakage at ac97 clock measurement
ALSA: usb-audio: scarlett2: Fix wrong resume call
ALSA: usb-audio: Fix OOB access at proc output
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
Linux 5.4.131
xen/events: reset active flag for lateeoi events later
KVM: SVM: Call SEV Guest Decommission if ASID binding fails
s390/stack: fix possible register corruption with stack switch helper
KVM: SVM: Periodically schedule when unregistering regions on destroy
Linux 5.4.130
RDMA/mlx5: Block FDB rules when not in switchdev mode
gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
x86/efi: remove unused variables
Linux 5.4.129
certs: Move load_system_certificate_list to a common function
certs: Add EFI_CERT_X509_GUID support for dbx entries
x86/efi: move common keyring handler functions to new file
certs: Add wrapper function to check blacklisted binary hash
mm, futex: fix shared futex pgoff on shmem huge page
mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
mm: page_vma_mapped_walk(): get vma_address_end() earlier
mm: page_vma_mapped_walk(): use goto instead of while (1)
mm: page_vma_mapped_walk(): add a level of indentation
mm: page_vma_mapped_walk(): crossing page table boundary
mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
mm: page_vma_mapped_walk(): settle PageHuge on entry
mm: page_vma_mapped_walk(): use page for pvmw->page
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
mm/thp: fix page_address_in_vma() on file THP tails
mm/thp: fix vma_address() if virtual address below file offset
mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
mm/thp: make is_huge_zero_pmd() safe and quicker
mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
mm, thp: use head page in __migration_entry_wait()
mm/rmap: use page_not_mapped in try_to_unmap()
mm/rmap: remove unneeded semicolon in page_not_mapped()
mm: add VM_WARN_ON_ONCE_PAGE() macro
kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kthread_worker: split code for canceling the delayed work timer
i2c: robotfuzz-osif: fix control-request directions
KVM: do not allow mapping valid but non-reference-counted pages
nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
pinctrl: stm32: fix the reported number of GPIO lines per bank
net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
net: ll_temac: Add memory-barriers for TX BD access
PCI: Add AMD RS690 quirk to enable 64-bit DMA
recordmcount: Correct st_shndx handling
net: qed: Fix memcpy() overflow of qed_dcbx_params()
KVM: selftests: Fix kvm_check_cap() assertion
r8169: Avoid memcpy() over-reading of ETH_SS_STATS
sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
r8152: Avoid memcpy() over-reading of ETH_SS_STATS
net/packet: annotate accesses to po->ifindex
net/packet: annotate accesses to po->bind
net: caif: fix memory leak in ldisc_open
net: phy: dp83867: perform soft reset and retain established link
inet: annotate date races around sk->sk_txhash
ping: Check return value of function 'ping_queue_rcv_skb'
net: ethtool: clear heap allocations for ethtool function
mac80211: drop multicast fragments
net: ipv4: Remove unneed BUG() function
dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma
dmaengine: mediatek: do not issue a new desc if one is still current
dmaengine: mediatek: free the proper desc in desc_free handler
dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe()
cfg80211: call cfg80211_leave_ocb when switching away from OCB
mac80211_hwsim: drop pending frames on stop
mac80211: remove warning in ieee80211_get_sband()
dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc()
Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
spi: spi-nxp-fspi: move the register operation after the clock enable
MIPS: generic: Update node names to avoid unit addresses
arm64: link with -z norelro for LLD or aarch64-elf
kbuild: add CONFIG_LD_IS_LLD
mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk
ARM: 9081/1: fix gcc-10 thumb2-kernel regression
drm/radeon: wait for moving fence after pinning
drm/nouveau: wait for moving fence after pinning v2
Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell."
Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue."
module: limit enabling module.sig_enforce
Revert "clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940"
Linux 5.4.128
usb: dwc3: core: fix kernel panic when do reboot
usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940
clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue
clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support
ARM: OMAP: replace setup_irq() by request_irq()
KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
tools headers UAPI: Sync linux/in.h copy with the kernel sources
net: fec_ptp: add clock rate zero check
net: stmmac: disable clocks in stmmac_remove_config_dt()
mm/slub.c: include swab.h
mm/slub: fix redzoning for small allocations
mm/slub: clarify verification reporting
net: bridge: fix vlan tunnel dst refcnt when egressing
net: bridge: fix vlan tunnel dst null pointer dereference
net: ll_temac: Fix TX BD buffer overwrite
net: ll_temac: Make sure to free skb when it is completely used
drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue.
drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell.
cfg80211: avoid double free of PMSR request
cfg80211: make certificate generation more robust
dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
x86/fpu: Reset state for all signal restore failures
x86/pkru: Write hardware init value to PKRU when xstate is init
x86/process: Check PF_KTHREAD and not current->mm for kernel threads
ARCv2: save ABI registers across signal handling
KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
PCI: Work around Huawei Intelligent NIC VF FLR erratum
PCI: Add ACS quirk for Broadcom BCM57414 NIC
PCI: aardvark: Fix kernel panic during PIO transfer
PCI: aardvark: Don't rely on jiffies while holding spinlock
PCI: Mark some NVIDIA GPUs to avoid bus reset
PCI: Mark TI C667X to avoid bus reset
tracing: Do no increment trace_clock_global() by one
tracing: Do not stop recording comms if the trace file is being read
tracing: Do not stop recording cmdlines when tracing is off
usb: core: hub: Disable autosuspend for Cypress CY7C65632
can: mcba_usb: fix memory leak in mcba_usb
can: j1939: fix Use-after-Free, hold skb ref while in use
can: bcm/raw/isotp: use per module netdevice notifier
can: bcm: fix infoleak in struct bcm_msg_head
hwmon: (scpi-hwmon) shows the negative temperature properly
radeon: use memcpy_to/fromio for UVD fw upload
pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled
spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd()
ASoC: rt5659: Fix the lost powers for the HDA header
regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
net: ethernet: fix potential use-after-free in ec_bhf_remove
icmp: don't send out ICMP messages with a source address of 0.0.0.0
bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
bnxt_en: Rediscover PHY capabilities after firmware reset
cxgb4: fix wrong shift.
net: cdc_eem: fix tx fixup skb leak
net: hamradio: fix memory leak in mkiss_close
be2net: Fix an error handling path in 'be_probe()'
net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
net: ipv4: fix memory leak in ip_mc_add1_src
net: fec_ptp: fix issue caused by refactor the fec_devtype
net: usb: fix possible use-after-free in smsc75xx_bind
lantiq: net: fix duplicated skb in rx descriptor ring
net: cdc_ncm: switch to eth%d interface naming
ptp: improve max_adj check against unreasonable values
net: qrtr: fix OOB Read in qrtr_endpoint_post
netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
qlcnic: Fix an error handling path in 'qlcnic_probe()'
net: make get_net_ns return error if NET_NS is disabled
net: stmmac: dwmac1000: Fix extended MAC address registers definition
alx: Fix an error handling path in 'alx_probe()'
sch_cake: Fix out of bounds when parsing TCP options and header
netfilter: synproxy: Fix out of bounds when parsing TCP options
net/mlx5e: Block offload of outer header csum for UDP tunnels
net/mlx5e: allow TSO on VXLAN over VLAN topologies
net/mlx5: Consider RoCE cap before init RDMA resources
net/mlx5e: Fix page reclaim for dead peer hairpin
net/mlx5e: Remove dependency in IPsec initialization flows
net/sched: act_ct: handle DNAT tuple collision
rtnetlink: Fix regression in bridge VLAN configuration
udp: fix race between close() and udp_abort()
net: lantiq: disable interrupt before sheduling NAPI
net: rds: fix memory leak in rds_recvmsg
vrf: fix maximum MTU
net: ipv4: fix memory leak in netlbl_cipsov4_add_std
batman-adv: Avoid WARN_ON timing related checks
kvm: LAPIC: Restore guard to prevent illegal APIC register access
mm/memory-failure: make sure wait for page writeback in memory_failure
afs: Fix an IS_ERR() vs NULL check
dmaengine: stedma40: add missing iounmap() on error in d40_probe()
dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM
Linux 5.4.127
fib: Return the correct errno code
net: Return the correct errno code
net/x25: Return the correct errno code
rtnetlink: Fix missing error code in rtnl_bridge_notify()
drm/amd/display: Allow bandwidth validation for 0 streams.
net: ipconfig: Don't override command-line hostnames or domains
nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue()
nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails
nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues()
scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
scsi: qedf: Do not put host in qedf_vport_create() unconditionally
ethernet: myri10ge: Fix missing error code in myri10ge_probe()
scsi: target: core: Fix warning on realtime kernels
gfs2: Fix use-after-free in gfs2_glock_shrink_scan
riscv: Use -mno-relax when using lld linker
HID: gt683r: add missing MODULE_DEVICE_TABLE
gfs2: Prevent direct-I/O write fallback errors from getting lost
ARM: OMAP2+: Fix build warning when mmc_omap is not built
drm/tegra: sor: Do not leak runtime PM reference
HID: usbhid: fix info leak in hid_submit_ctrl
HID: Add BUS_VIRTUAL to hid_connect logging
HID: multitouch: set Stylus suffix for Stylus-application devices, too
HID: quirks: Add quirk for Lenovo optical mouse
HID: hid-sensor-hub: Return error for hid_set_field() failure
HID: hid-input: add mapping for emoji picker key
HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
net: ieee802154: fix null deref in parse dev addr
Revert "RDMA/ipoib: Fix warning caused by destroying non-initial netns"
Linux 5.4.126
proc: only require mm_struct for writing
tracing: Correct the length check which causes memory corruption
ftrace: Do not blindly read the ip address in ftrace_bug()
scsi: core: Only put parent device if host state differs from SHOST_CREATED
scsi: core: Put .shost_dev in failure path if host state changes to RUNNING
scsi: core: Fix failure handling of scsi_add_host_with_dma()
scsi: core: Fix error handling of scsi_host_alloc()
NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
NFSv4: Fix second deadlock in nfs4_evict_inode()
NFS: Fix use-after-free in nfs4_init_client()
kvm: fix previous commit for 32-bit builds
perf session: Correct buffer copying when peeking events
NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode()
NFS: Fix a potential NULL dereference in nfs_get_client()
IB/mlx5: Fix initializing CQ fragments buffer
KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message
sched/fair: Make sure to update tg contrib for blocked load
perf: Fix data race between pin_count increment/decrement
vmlinux.lds.h: Avoid orphan section with !SMP
RDMA/mlx4: Do not map the core_clock page to user space unless enabled
RDMA/ipoib: Fix warning caused by destroying non-initial netns
usb: typec: mux: Fix copy-paste mistake in typec_mux_match
regulator: max77620: Use device_set_of_node_from_dev()
regulator: core: resolve supply for boot-on/always-on regulators
usb: fix various gadget panics on 10gbps cabling
usb: fix various gadgets null ptr deref on 10gbps cabling.
usb: gadget: eem: fix wrong eem header operation
USB: serial: cp210x: fix alternate function for CP2102N QFN20
USB: serial: quatech2: fix control-request directions
USB: serial: omninet: add device id for Zyxel Omni 56K Plus
USB: serial: ftdi_sio: add NovaTech OrionMX product ID
usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
usb: dwc3: ep0: fix NULL pointer exception
usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms
usb: f_ncm: only first packet of aggregate needs to start timer
USB: f_ncm: ncm_bitrate (speed) is unsigned
cgroup1: don't allow '\n' in renaming
btrfs: promote debugging asserts to full-fledged checks in validate_super
btrfs: return value from btrfs_mark_extent_written() in case of error
staging: rtl8723bs: Fix uninitialized variables
kvm: avoid speculation-based attacks from out-of-range memslot accesses
drm: Lock pointer access in drm_master_release()
drm: Fix use-after-free read in drm_getunique()
spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
x86/boot: Add .text.* to setup.ld
i2c: mpc: implement erratum A-004447 workaround
i2c: mpc: Make use of i2c_recover_bus()
spi: Cleanup on failure of initial setup
spi: Don't have controller clean up spi device before driver unbind
powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
bnx2x: Fix missing error code in bnx2x_iov_init_one()
dm verity: fix require_signatures module_param permissions
MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
nvme-fabrics: decode host pathing error for connect
net: dsa: microchip: enable phy errata workaround on 9567
net: appletalk: cops: Fix data race in cops_probe1
net: macb: ensure the device is available before accessing GEMGXL control registers
scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq
scsi: vmw_pvscsi: Set correct residual data length
scsi: bnx2fc: Return failure if io_req is already in ABTS processing
RDS tcp loopback connection can hang
net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
wq: handle VM suspension in stall detection
cgroup: disable controllers at parse time
net: mdiobus: get rid of a BUG_ON()
netlink: disable IRQs for netlink_lock_table()
bonding: init notify_work earlier to avoid uninitialized use
isdn: mISDN: netjet: Fix crash in nj_probe:
spi: sprd: Add missing MODULE_DEVICE_TABLE
ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
vfio-ccw: Serialize FSM IDLE state with I/O completion
ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
usb: cdns3: Fix runtime PM imbalance on error
net/nfc/rawsock.c: fix a permission check bug
spi: Fix spi device unregister flow
ASoC: max98088: fix ni clock divider calculation
proc: Track /proc/$pid/attr/ opener mm_struct
ANDROID: GKI: update .xml file
ANDROID: restore abi breakage in usbnet.h
Linux 5.4.125
neighbour: allow NUD_NOARP entries to be forced GCed
i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops
xen-pciback: redo VF placement in the virtual topology
lib/lz4: explicitly support in-place decompression
x86/kvm: Disable all PV features on crash
x86/kvm: Disable kvmclock on all CPUs on shutdown
x86/kvm: Teardown PV features on boot CPU as well
KVM: arm64: Fix debug register indexing
KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
btrfs: fix unmountable seed device after fstrim
mm/filemap: fix storing to a THP shadow entry
XArray: add xas_split
XArray: add xa_get_order
mm: add thp_order
bnxt_en: Remove the setting of dev_port.
mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
btrfs: fixup error handling in fixup_inode_link_counts
btrfs: return errors from btrfs_del_csums in cleanup_ref_head
btrfs: fix error handling in btrfs_del_csums
btrfs: mark ordered extent and inode with error if we fail to finish
x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
drm/amdgpu: make sure we unpin the UVD BO
drm/amdgpu: Don't query CE and UE errors
nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
ocfs2: fix data corruption by fallocate
pid: take a reference when initializing `cad_pid`
usb: dwc2: Fix build in periphal-only mode
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators
ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch
ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
ALSA: timer: Fix master timer notification
HID: multitouch: require Finger field to mark Win8 reports as MT
HID: magicmouse: fix NULL-deref on disconnect
HID: i2c-hid: Skip ELAN power-on command after reset
net: caif: fix memory leak in cfusbl_device_notify
net: caif: fix memory leak in caif_device_notify
net: caif: add proper error handling
net: caif: added cfserl_release function
Bluetooth: use correct lock to prevent UAF of hdev object
Bluetooth: fix the erroneous flush_work() order
tipc: fix unique bearer names sanity check
tipc: add extack messages for bearer/media failure
bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act
ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells
ARM: dts: imx7d-pico: Fix the 'tuning-step' property
ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property
arm64: dts: zii-ultra: fix 12V_MAIN voltage
arm64: dts: ls1028a: fix memory node
i40e: add correct exception tracing for XDP
i40e: optimize for XDP_REDIRECT in xsk path
i2c: qcom-geni: Add shutdown callback for i2c
ice: Allow all LLDP packets from PF to Tx
ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
ice: write register with correct offset
ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
ixgbevf: add correct exception tracing for XDP
ieee802154: fix error return code in ieee802154_llsec_getparams()
ieee802154: fix error return code in ieee802154_add_iface()
netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
netfilter: nft_ct: skip expectations for confirmed conntrack
ACPICA: Clean up context mutex during object deletion
net/sched: act_ct: Fix ct template allocation for zone 0
HID: i2c-hid: fix format string mismatch
HID: pidff: fix error return code in hid_pidff_init()
ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
vfio/platform: fix module_put call in error flow
samples: vfio-mdev: fix error handing in mdpy_fb_probe()
vfio/pci: zap_vma_ptes() needs MMU
vfio/pci: Fix error return code in vfio_ecap_init()
efi: cper: fix snprintf() use in cper_dimm_err_location()
efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
netfilter: conntrack: unregister ipv4 sockopts on error unwind
hwmon: (dell-smm-hwmon) Fix index values
nl80211: validate key indexes for cfg80211_registered_device
ALSA: usb: update old-style static const declaration
net: usb: cdc_ncm: don't spew notifications
btrfs: tree-checker: do not error out if extent ref hash doesn't match
ANDROID: GKI: Preserve abi change in ieee80211_data_to_8023_exthdr()
Linux 5.4.124
usb: core: reduce power-on-good delay time of root hub
neighbour: Prevent Race condition in neighbour subsytem
net: hso: bail out on interrupt URB allocation failure
Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference""
net: hns3: check the return of skb_checksum_help()
drivers/net/ethernet: clean up unused assignments
i915: fix build warning in intel_dp_get_link_status()
drm/i915/display: fix compiler warning about array overrun
MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
MIPS: alchemy: xxs1500: add gpio-au1000.h header file
sch_dsmark: fix a NULL deref in qdisc_reset()
net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88
ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static
ipv6: record frag_max_size in atomic fragments in input path
net: lantiq: fix memory corruption in RX ring
scsi: libsas: Use _safe() loop in sas_resume_port()
ixgbe: fix large MTU request from VF
bpf: Set mac_len in bpf_skb_change_head
ASoC: cs35l33: fix an error code in probe()
staging: emxx_udc: fix loop in _nbu2ss_nuke()
cxgb4: avoid accessing registers when clearing filters
gve: Correct SKB queue index validation.
gve: Upgrade memory barrier in poll routine
gve: Add NULL pointer checks when freeing irqs.
gve: Update mgmt_msix_idx if num_ntfy changes
gve: Check TX QPL was actually assigned
mld: fix panic in mld_newpack()
bnxt_en: Include new P5 HV definition in VF check.
net: bnx2: Fix error return code in bnx2_init_board()
net: hso: check for allocation failure in hso_create_bulk_serial_device()
net: sched: fix tx action reschedule issue with stopped queue
net: sched: fix tx action rescheduling issue during deactivation
net: sched: fix packet stuck problem for lockless qdisc
tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
openvswitch: meter: fix race when getting now_ms.
net: mdio: octeon: Fix some double free issues
net: mdio: thunder: Fix a double free issue in the .remove function
net: fec: fix the potential memory leak in fec_enet_init()
net: really orphan skbs tied to closing sk
vfio-ccw: Check initialized flag in cp_init()
ASoC: cs42l42: Regmap must use_single_read/write
net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count
net: netcp: Fix an error message
drm/amd/amdgpu: fix a potential deadlock in gpu reset
drm/amdgpu: Fix a use-after-free
drm/amd/amdgpu: fix refcount leak
drm/amd/display: Disconnect non-DP with no EDID
SMB3: incorrect file id in requests compounded with open
platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet
platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
platform/x86: hp-wireless: add AMD's hardware id to the supported list
btrfs: do not BUG_ON in link_to_fixup_dir
openrisc: Define memory barrier mb
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
btrfs: return whole extents in fiemap
brcmfmac: properly check for bus register errors
Revert "brcmfmac: add a check for the status of usb_register"
net: liquidio: Add missing null pointer checks
Revert "net: liquidio: fix a NULL pointer dereference"
media: gspca: properly check for errors in po1030_probe()
Revert "media: gspca: Check the return value of write_bridge for timeout"
media: gspca: mt9m111: Check write_bridge for timeout
Revert "media: gspca: mt9m111: Check write_bridge for timeout"
media: dvb: Add check on sp8870_readreg return
Revert "media: dvb: Add check on sp8870_readreg"
ASoC: cs43130: handle errors in cs43130_probe() properly
Revert "ASoC: cs43130: fix a NULL pointer dereference"
libertas: register sysfs groups properly
Revert "libertas: add checks for the return value of sysfs_create_group"
dmaengine: qcom_hidma: comment platform_driver_register call
Revert "dmaengine: qcom_hidma: Check for driver register failure"
isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info
Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc"
ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()
Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()"
isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference"
Revert "ALSA: usx2y: Fix potential NULL pointer dereference"
Revert "ALSA: gus: add a check of the status of snd_ctl_add"
char: hpet: add checks after calling ioremap
Revert "char: hpet: fix a missing check of ioremap"
net: caif: remove BUG_ON(dev == NULL) in caif_xmit
Revert "net/smc: fix a NULL pointer dereference"
net: fujitsu: fix potential null-ptr-deref
Revert "net: fujitsu: fix a potential NULL pointer dereference"
serial: max310x: unregister uart driver in case of failure and abort
Revert "serial: max310x: pass return value of spi_register_driver"
Revert "ALSA: sb: fix a missing check of snd_ctl_add"
Revert "media: usb: gspca: add a missed check for goto_low_power"
gpio: cadence: Add missing MODULE_DEVICE_TABLE
platform/x86: hp_accel: Avoid invoking _INI to speed up resume
perf jevents: Fix getting maximum number of fds
i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
i2c: i801: Don't generate an interrupt on bus reset
i2c: s3c2410: fix possible NULL pointer deref on read message after write
net: dsa: sja1105: error out on unsupported PHY mode
net: dsa: fix a crash if ->get_sset_count() fails
net: dsa: mt7530: fix VLAN traffic leaks
spi: spi-fsl-dspi: Fix a resource leak in an error handling path
tipc: skb_linearize the head skb when reassembling msgs
tipc: wait and exit until all work queues are done
Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
net/mlx4: Fix EEPROM dump support
net/mlx5e: Fix nullptr in add_vlan_push_action()
net/mlx5e: Fix multipath lag activation
drm/meson: fix shutdown crash when component not probed
NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
NFS: fix an incorrect limit in filelayout_decode_layout()
fs/nfs: Use fatal_signal_pending instead of signal_pending
Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
spi: spi-geni-qcom: Fix use-after-free on unbind
net: usb: fix memory leak in smsc75xx_bind
usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
usb: dwc3: gadget: Properly track pending and queued SG
thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID
USB: serial: pl2303: add device id for ADLINK ND-6530 GC
USB: serial: ftdi_sio: add IDs for IDS GmbH Products
USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
USB: serial: ti_usb_3410_5052: add startech.com device id
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
serial: tegra: Fix a mask operation that is always true
USB: usbfs: Don't WARN about excessively large memory allocations
USB: trancevibrator: fix control-request direction
serial: 8250_pci: handle FL_NOIRQ board flag
serial: 8250_pci: Add support for new HPE serial device
iio: adc: ad7793: Add missing error code in ad7793_setup()
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
iio: adc: ad7124: Fix missbalanced regulator enable / disable on error.
iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp()
iio: gyro: fxas21002c: balance runtime power in error path
staging: iio: cdc: ad7746: avoid overwrite of num_channels
mei: request autosuspend after sending rx flow control
thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
misc/uss720: fix memory leak in uss720_probe
serial: core: fix suspicious security_locked_down() call
Documentation: seccomp: Fix user notification documentation
kgdb: fix gcc-11 warnings harder
selftests/gpio: Fix build when source tree is read only
selftests/gpio: Move include of lib.mk up
selftests/gpio: Use TEST_GEN_PROGS_EXTENDED
drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate
drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
dm snapshot: properly fix a crash when an origin has no snapshots
ath10k: Validate first subframe of A-MSDU before processing the list
ath10k: Fix TKIP Michael MIC verification for PCIe
ath10k: drop MPDU which has discard flag set by firmware for SDIO
ath10k: drop fragments with multicast DA for SDIO
ath10k: drop fragments with multicast DA for PCIe
ath10k: add CCMP PN replay protection for fragmented frames for PCIe
mac80211: extend protection against mixed key and fragment cache attacks
mac80211: do not accept/forward invalid EAPOL frames
mac80211: prevent attacks on TKIP/WEP as well
mac80211: check defrag PN against current frame
mac80211: add fragment cache to sta_info
mac80211: drop A-MSDUs on old ciphers
cfg80211: mitigate A-MSDU aggregation attacks
mac80211: properly handle A-MSDUs that start with an RFC 1042 header
mac80211: prevent mixed key and fragment cache attacks
mac80211: assure all fragments are encrypted
net: hso: fix control-request directions
proc: Check /proc/$pid/attr/ writes against file opener
perf scripts python: exported-sql-viewer.py: Fix warning display
perf scripts python: exported-sql-viewer.py: Fix Array TypeError
perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report
perf intel-pt: Fix transaction abort handling
perf intel-pt: Fix sample instruction bytes
iommu/vt-d: Fix sysfs leak in alloc_iommu()
NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
cifs: set server->cipher_type to AES-128-CCM for SMB3.0
ALSA: usb-audio: scarlett2: Improve driver startup messages
ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
ALSA: hda/realtek: Headphone volume is controlled by Front mixer
ANDROID: GKI: update .xml file due to merge with `android11-5.4`
Linux 5.4.123
NFC: nci: fix memory leak in nci_allocate_device
perf unwind: Set userdata for all __report_module() paths
perf unwind: Fix separate debug info files when using elfutils' libdw's unwinder
usb: dwc3: gadget: Enable suspend events
bpf: No need to simulate speculative domain for immediates
bpf: Fix mask direction swap upon off reg sign change
bpf: Wrap aux data inside bpf_sanitize_info container
ANDROID: GKI: add thermal_zone_get_slope() to the .xml file
Linux 5.4.122
Bluetooth: SMP: Fail if remote and local public keys are identical
video: hgafb: correctly handle card detect failure during probe
nvmet: use new ana_log_size instead the old one
Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS
ext4: fix error handling in ext4_end_enable_verity()
nvme-multipath: fix double initialization of ANA state
tty: vt: always invoke vc->vc_sw->con_resize callback
vt: Fix character height handling with VT_RESIZEX
vgacon: Record video mode changes with VT_RESIZEX
video: hgafb: fix potential NULL pointer dereference
qlcnic: Add null check after calling netdev_alloc_skb
leds: lp5523: check return value of lp5xx_read and jump to cleanup code
ics932s401: fix broken handling of errors when word reading fails
net: rtlwifi: properly check for alloc_workqueue() failure
scsi: ufs: handle cleanup correctly on devm_reset_control_get error
net: stmicro: handle clk_prepare() failure during init
ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
Revert "niu: fix missing checks of niu_pci_eeprom_read"
Revert "qlcnic: Avoid potential NULL pointer dereference"
Revert "rtlwifi: fix a potential NULL pointer dereference"
Revert "media: rcar_drif: fix a memory disclosure"
cdrom: gdrom: initialize global variable at init time
cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
Revert "gdrom: fix a memory leak bug"
Revert "scsi: ufs: fix a missing check of devm_reset_control_get"
Revert "ecryptfs: replace BUG_ON with error handling code"
Revert "video: imsttfb: fix potential NULL pointer dereferences"
Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
Revert "net: stmicro: fix a missing check of clk_prepare"
Revert "video: hgafb: fix potential NULL pointer dereference"
dm snapshot: fix crash with transient storage and zero chunk size
xen-pciback: reconfigure also from backend watch handler
mmc: sdhci-pci-gli: increase 1.8V regulator wait
drm/amdgpu: update sdma golden setting for Navi12
drm/amdgpu: update gc golden setting for Navi12
drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang
Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference"
rapidio: handle create_workqueue() failure
Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails"
uio_hv_generic: Fix a memory leak in error handling paths
ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx
ALSA: hda/realtek: Add fixup for HP OMEN laptop
ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA
ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293
ALSA: hda/realtek: reset eapd coeff to default value for alc287
ALSA: firewire-lib: fix check for the size of isochronous packet payload
Revert "ALSA: sb8: add a check for request_region"
ALSA: hda: fixup headset for ASUS GU502 laptop
ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
ALSA: usb-audio: Validate MS endpoint descriptors
ALSA: firewire-lib: fix calculation for size of IR context payload
ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26
ALSA: line6: Fix racy initialization of LINE6 MIDI
ALSA: intel8x0: Don't update period unless prepared
ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
cifs: fix memory leak in smb2_copychunk_range
btrfs: avoid RCU stalls while running delayed iputs
locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
nvmet: seset ns->file when open fails
ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
RDMA/uverbs: Fix a NULL vs IS_ERR() bug
platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
RDMA/core: Don't access cm_id after its destruction
RDMA/mlx5: Recover from fatal event in dual port mode
scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
scsi: ufs: core: Increase the usable queue depth
RDMA/rxe: Clear all QP fields if creation failed
RDMA/siw: Release xarray entry
RDMA/siw: Properly check send and receive CQ pointers
openrisc: Fix a memory leak
firmware: arm_scpi: Prevent the ternary sign expansion bug
Linux 5.4.121
scripts: switch explicitly to Python 3
tweewide: Fix most Shebang lines
KVM: arm64: Initialize VCPU mdcr_el2 before loading it
ipv6: remove extra dev_hold() for fallback tunnels
ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
sit: proper dev_{hold|put} in ndo_[un]init methods
ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
net: stmmac: Do not enable RX FIFO overflow interrupts
lib: stackdepot: turn depot_lock spinlock to raw_spinlock
block: reexpand iov_iter after read/write
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
drm/amd/display: Fix two cursor duplication when using overlay
bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit
scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found
ceph: fix fscache invalidation
scsi: lpfc: Fix illegal memory access on Abort IOCBs
riscv: Workaround mcount name prior to clang-13
scripts/recordmcount.pl: Fix RISC-V regex for clang
ARM: 9075/1: kernel: Fix interrupted SMC calls
um: Disable CONFIG_GCOV with MODULES
um: Mark all kernel symbols as local
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
dmaengine: dw-edma: Fix crash on loading/unloading driver
PCI: thunder: Fix compile testing
virtio_net: Do not pull payload in skb->head
xsk: Simplify detection of empty and full rings
pinctrl: ingenic: Improve unreachable code generation
isdn: capi: fix mismatched prototypes
cxgb4: Fix the -Wmisleading-indentation warning
usb: sl811-hcd: improve misleading indentation
kgdb: fix gcc-11 warning on indentation
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
ANDROID: GKI: genksyms fixup for efed9a3337e3 ("kyber: fix out of bounds access when * preempted")
Revert "PM: runtime: Fix unpaired parent child_count for force_resume"
Revert "mm: fix struct page layout on 32-bit systems"
Linux 5.4.120
ASoC: rsnd: check all BUSIF status when error
nvme: do not try to reconfigure APST when the controller is not live
clk: exynos7: Mark aclk_fsys1_200 as critical
netfilter: conntrack: Make global sysctls readonly in non-init netns
kobject_uevent: remove warning in init_uevent_argv()
usb: typec: tcpm: Fix error while calculating PPS out values
ARM: 9027/1: head.S: explicitly map DT even if it lives in the first physical section
ARM: 9020/1: mm: use correct section size macro to describe the FDT virtual address
ARM: 9012/1: move device tree mapping out of linear region
ARM: 9011/1: centralize phys-to-virt conversion of DT/ATAGS address
f2fs: fix error handling in f2fs_end_enable_verity()
thermal/core/fair share: Lock the thermal zone while looping over instances
MIPS: Avoid handcoded DIVU in `__div64_32' altogether
MIPS: Avoid DIVU in `__div64_32' is result would be zero
MIPS: Reinstate platform `__div64_32' handler
FDDI: defxx: Make MMIO the configuration default except for EISA
mm: fix struct page layout on 32-bit systems
KVM: x86: Cancel pvclock_gtod_work on module removal
cdc-wdm: untangle a circular dependency between callback and softint
iio: tsl2583: Fix division by a zero lux_val
iio: gyro: mpu3050: Fix reported temperature value
xhci: Add reset resume quirk for AMD xhci controller.
xhci: Do not use GFP_KERNEL in (potentially) atomic context
usb: dwc3: gadget: Return success always for kick transfer in ep queue
usb: core: hub: fix race condition about TRSMRCY of resume
usb: dwc2: Fix gadget DMA unmap direction
usb: xhci: Increase timeout for HC halt
usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
usb: dwc3: omap: improve extcon initialization
iomap: fix sub-page uptodate handling
blk-mq: Swap two calls in blk_mq_exit_queue()
nbd: Fix NULL pointer in flush_workqueue
kyber: fix out of bounds access when preempted
ACPI: scan: Fix a memory leak in an error handling path
hwmon: (occ) Fix poll rate limiting
usb: fotg210-hcd: Fix an error message
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
drm/i915: Avoid div-by-zero on gen2
drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
mm/hugetlb: fix F_SEAL_FUTURE_WRITE
userfaultfd: release page in error path to avoid BUG_ON
squashfs: fix divide error in calculate_skip()
hfsplus: prevent corruption in shrinking truncate
powerpc/64s: Fix crashes when toggling entry flush barrier
powerpc/64s: Fix crashes when toggling stf barrier
ARC: mm: PAE: use 40-bit physical page mask
ARC: entry: fix off-by-one error in syscall number validation
i40e: Fix PHY type identifiers for 2.5G and 5G adapters
i40e: fix the restart auto-negotiation after FEC modified
i40e: Fix use-after-free in i40e_client_subtask()
netfilter: nftables: avoid overflows in nft_hash_buckets()
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
sched/fair: Fix unfairness caused by missing load decay
sched: Fix out-of-bound access in uclamp
can: m_can: m_can_tx_work_queue(): fix tx_skb race condition
netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
smc: disallow TCP_ULP in smc_setsockopt()
net: fix nla_strcmp to handle more then one trailing null character
ksm: fix potential missing rmap_item for stable_node
mm/migrate.c: fix potential indeterminate pte entry in migrate_vma_insert_page()
mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
drm/radeon: Avoid power table parsing memory leaks
drm/radeon: Fix off-by-one power_state index heap overwrite
netfilter: xt_SECMARK: add new revision to fix structure layout
sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
sunrpc: Fix misplaced barrier in call_decode
RISC-V: Fix error code returned by riscv_hartid_to_cpuid()
sctp: do asoc update earlier in sctp_sf_do_dupcook_a
net: hns3: disable phy loopback setting in hclge_mac_start_phy
net: hns3: use netif_tx_disable to stop the transmit queue
net: hns3: fix for vxlan gpe tx checksum bug
net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet()
net: hns3: initialize the message content in hclge_get_link_mode()
net: hns3: fix incorrect configuration for igu_egu_hw_err
rtc: ds1307: Fix wday settings for rx8130
ceph: fix inode leak on getattr error in __fh_to_dentry
rtc: fsl-ftm-alarm: add MODULE_TABLE()
NFSv4.2 fix handling of sr_eof in SEEK's reply
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
PCI: endpoint: Fix missing destroy_workqueue()
NFS: Deal correctly with attribute generation counter overflow
NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
PCI: Release OF node in pci_scan_device()'s error path
PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params()
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
ia64: module: fix symbolizer crash on fdescr
bnxt_en: Add PCI IDs for Hyper-V VF devices.
net: ethernet: mtk_eth_soc: fix RX VLAN offload
iavf: remove duplicate free resources calls
powerpc/iommu: Annotate nested lock for lockdep
qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
drm/amd/display: fixed divide by zero kernel crash during dsc enablement
powerpc/pseries: Stop calling printk in rtas_stop_self()
samples/bpf: Fix broken tracex1 due to kprobe argument change
net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule
ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
ASoC: rt286: Generalize support for ALC3263 codec
powerpc/smp: Set numa node before updating mask
flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target()
sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume
kconfig: nconf: stop endless search loops
selftests: Set CC to clang in lib.mk if LLVM is set
drm/amd/display: Force vsync flip when reconfiguring MPCC
iommu/amd: Remove performance counter pre-initialization test
Revert "iommu/amd: Fix performance counter initialization"
ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init()
cuse: prevent clone
mt76: mt76x0: disable GTK offloading
pinctrl: samsung: use 'int' for register masks in Exynos
mac80211: clear the beacon's CRC after channel switch
i2c: Add I2C_AQ_NO_REP_START adapter quirk
ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
Bluetooth: check for zapped sk before connecting
net: bridge: when suppression is enabled exclude RARP packets
Bluetooth: initialize skb_queue_head at l2cap_chan_create()
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
ALSA: bebob: enable to deliver MIDI messages for multiple ports
ALSA: rme9652: don't disable if not enabled
ALSA: hdspm: don't disable if not enabled
ALSA: hdsp: don't disable if not enabled
i2c: bail out early when RDWR parameters are wrong
ASoC: rsnd: core: Check convert rate in rsnd_hw_params
net: stmmac: Set FIFO sizes for ipq806x
ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
tipc: convert dest node's address to network order
fs: dlm: fix debugfs dump
PM: runtime: Fix unpaired parent child_count for force_resume
KVM: x86/mmu: Remove the defunct update_pte() paging hook
tpm, tpm_tis: Reserve locality in tpm_tis_resume()
tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt()
tpm: fix error return code in tpm2_get_cc_attrs_tbl()
Revert "smp: Fix smp_call_function_single_async prototype"
Revert "usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply"
Revert "usb: typec: tcpm: Address incorrect values of tcpm psy for pps supply"
Revert "usb: typec: tcpm: update power supply once partner accepts"
Revert "spi: Fix use-after-free with devm_spi_alloc_*"
Linux 5.4.119
Revert "fdt: Properly handle "no-map" field in the memory region"
Revert "of/fdt: Make sure no-map does not remove already reserved regions"
sctp: delay auto_asconf init until binding the first addr
Revert "net/sctp: fix race condition in sctp_destroy_sock"
smp: Fix smp_call_function_single_async prototype
net: Only allow init netns to set default tcp cong to a restricted algo
mm/memory-failure: unnecessary amount of unmapping
mm/sparse: add the missing sparse_buffer_fini() in error branch
kfifo: fix ternary sign extension bugs
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
RDMA/siw: Fix a use after free in siw_alloc_mr
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
bnxt_en: Fix RX consumer index logic in the error path.
selftests: net: mirror_gre_vlan_bridge_1q: Make an FDB entry static
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
net: phy: intel-xway: enable integrated led functions
net: renesas: ravb: Fix a stuck issue when a lot of frames are received
net: davinci_emac: Fix incorrect masking of tx and rx error channel
ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
RDMA/cxgb4: add missing qpid increment
gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check
vsock/vmci: log once the failed queue pair allocation
mwl8k: Fix a double Free in mwl8k_probe_hw
i2c: sh7760: fix IRQ error path
rtlwifi: 8821ae: upgrade PHY and RF parameters
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
MIPS: pci-legacy: stop using of_pci_range_to_resource
perf beauty: Fix fsconfig generator
drm/i915/gvt: Fix error code in intel_gvt_init_device()
ASoC: ak5558: correct reset polarity
powerpc/xive: Fix xmon command "dxi"
i2c: sh7760: add IRQ check
i2c: jz4780: add IRQ check
i2c: emev2: add IRQ check
i2c: cadence: add IRQ check
i2c: sprd: fix reference leak when pm_runtime_get_sync fails
i2c: omap: fix reference leak when pm_runtime_get_sync fails
i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails
i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
RDMA/srpt: Fix error return code in srpt_cm_req_recv()
net: thunderx: Fix unintentional sign extension issue
cxgb4: Fix unintentional sign extension issues
IB/hfi1: Fix error return code in parse_platform_config()
RDMA/qedr: Fix error return code in qedr_iw_connect()
KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit
mt7601u: fix always true expression
mac80211: bail out if cipher schemes are invalid
powerpc: iommu: fix build when neither PCI or IBMVIO is set
powerpc/perf: Fix PMU constraint check for EBB events
powerpc/64s: Fix pte update for kernel memory on radix
liquidio: Fix unintented sign extension of a left shift of a u16
ASoC: simple-card: fix possible uninitialized single_cpu local variable
ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
mips: bmips: fix syscon-reboot nodes
net: hns3: Limiting the scope of vector_ring_chain variable
nfc: pn533: prevent potential memory corruption
bug: Remove redundant condition check in report_bug
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
inet: use bigger hash table for IP ID generation
powerpc/prom: Mark identical_pvr_fixup as __init
powerpc/fadump: Mark fadump_calculate_reserve_size as __init
net: lapbether: Prevent racing when checking whether the netif is running
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
HID: plantronics: Workaround for double volume key presses
drivers/block/null_blk/main: Fix a double free in null_init.
sched/debug: Fix cgroup_path[] serialization
x86/events/amd/iommu: Fix sysfs type mismatch
HSI: core: fix resource leaks in hsi_add_client_from_dt()
nvme-pci: don't simple map sgl when sgls are disabled
mfd: stm32-timers: Avoid clearing auto reload register
scsi: ibmvfc: Fix invalid state machine BUG_ON()
scsi: sni_53c710: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: jazz_esp: Add IRQ check
scsi: hisi_sas: Fix IRQ checks
clk: uniphier: Fix potential infinite loop
clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
media: v4l2-ctrls.c: fix race condition in hdl->requests list
nvme: retrigger ANA log update if group descriptor isn't found
nvmet-tcp: fix incorrect locking in state_change sk callback
nvme-tcp: block BH in sk state_change sk callback
ata: libahci_platform: fix IRQ check
sata_mv: add IRQ checks
pata_ipx4xx_cf: fix IRQ check
pata_arasan_cf: fix IRQ check
x86/kprobes: Fix to check non boostable prefixes correctly
drm/amdkfd: fix build error with AMD_IOMMU_V2=m
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming()
media: aspeed: fix clock handling logic
media: omap4iss: return error code when omap4iss_get() failed
media: vivid: fix assignment of dev->fbuf_out_flags
soc: aspeed: fix a ternary sign expansion bug
xen-blkback: fix compatibility bug with single page rings
ttyprintk: Add TTY hangup callback.
usb: dwc2: Fix hibernation between host and device modes.
usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
Drivers: hv: vmbus: Increase wait time for VMbus unload
x86/platform/uv: Fix !KEXEC build failure
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
node: fix device cleanups in error handling code
firmware: qcom-scm: Fix QCOM_SCM configuration
serial: core: return early on unsupported ioctls
tty: fix return value for unsupported ioctls
tty: actually undefine superseded ASYNC flags
USB: cdc-acm: fix TIOCGSERIAL implementation
USB: cdc-acm: fix unprivileged TIOCCSERIAL
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()
cpufreq: armada-37xx: Fix determining base CPU frequency
cpufreq: armada-37xx: Fix driver cleanup when registration failed
clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
cpufreq: armada-37xx: Fix the AVS value for load L1
clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
cpufreq: armada-37xx: Fix setting TBG parent for load levels
crypto: qat - Fix a double free in adf_create_ring
ACPI: CPPC: Replace cppc_attr with kobj_attribute
soc: qcom: mdt_loader: Detect truncated read of segments
soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
spi: Fix use-after-free with devm_spi_alloc_*
PM / devfreq: Use more accurate returned new_freq as resume_freq
staging: greybus: uart: fix unprivileged TIOCCSERIAL
staging: rtl8192u: Fix potential infinite loop
irqchip/gic-v3: Fix OF_BAD_ADDR error handling
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
soundwire: stream: fix memory leak in stream config error path
memory: pl353: fix mask of ECC page_size config register
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
usb: gadget: aspeed: fix dma map failure
crypto: qat - fix error path in adf_isr_resource_alloc()
phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
soundwire: bus: Fix device found flag correctly
bus: qcom: Put child node before return
mtd: require write permissions for locking and badblock ioctls
fotg210-udc: Complete OUT requests on short packets
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Fix DMA on EP0 for length > max packet size
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
crypto: qat - don't release uninitialized resources
usb: gadget: pch_udc: Check for DMA mapping error
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
x86/microcode: Check for offline CPUs before requesting new microcode
arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding
spi: stm32: drop devres version of spi_register_master
arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges'
mtd: rawnand: qcom: Return actual error code instead of -ENODEV
mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
regmap: set debugfs_name to NULL after it is freed
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
serial: stm32: fix tx_empty condition
serial: stm32: fix incorrect characters on console
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
usb: gadget: pch_udc: Revert
|
||
Yang Yingliang
|
33597972a2 |
net: bridge: fix memleak in br_add_if()
[ Upstream commit 519133debcc19f5c834e7e28480b60bdc234fe02 ]
I got a memleak report:
BUG: memory leak
unreferenced object 0x607ee521a658 (size 240):
comm "syz-executor.0", pid 955, jiffies 4294780569 (age 16.449s)
hex dump (first 32 bytes, cpu 1):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d830ea5a>] br_multicast_add_port+0x1c2/0x300 net/bridge/br_multicast.c:1693
[<00000000274d9a71>] new_nbp net/bridge/br_if.c:435 [inline]
[<00000000274d9a71>] br_add_if+0x670/0x1740 net/bridge/br_if.c:611
[<0000000012ce888e>] do_set_master net/core/rtnetlink.c:2513 [inline]
[<0000000012ce888e>] do_set_master+0x1aa/0x210 net/core/rtnetlink.c:2487
[<0000000099d1cafc>] __rtnl_newlink+0x1095/0x13e0 net/core/rtnetlink.c:3457
[<00000000a01facc0>] rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3488
[<00000000acc9186c>] rtnetlink_rcv_msg+0x369/0xa10 net/core/rtnetlink.c:5550
[<00000000d4aabb9c>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504
[<00000000bc2e12a3>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
[<00000000bc2e12a3>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340
[<00000000e4dc2d0e>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929
[<000000000d22c8b3>] sock_sendmsg_nosec net/socket.c:654 [inline]
[<000000000d22c8b3>] sock_sendmsg+0x139/0x170 net/socket.c:674
[<00000000e281417a>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350
[<00000000237aa2ab>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404
[<000000004f2dc381>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433
[<0000000005feca6c>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47
[<000000007304477d>] entry_SYSCALL_64_after_hwframe+0x44/0xae
On error path of br_add_if(), p->mcast_stats allocated in
new_nbp() need be freed, or it will be leaked.
Fixes:
|
||
Yajun Deng
|
b036452082 |
netfilter: nf_conntrack_bridge: Fix memory leak when error
[ Upstream commit 38ea9def5b62f9193f6bad96c5d108e2830ecbde ]
It should be added kfree_skb_list() when err is not equal to zero
in nf_br_ip_fragment().
v2: keep this aligned with IPv6.
v3: modify iter.frag_list to iter.frag.
Fixes:
|
||
Wolfgang Bumiller
|
7ecd40801e |
net: bridge: sync fdb to new unicast-filtering ports
commit a019abd8022061b917da767cd1a66ed823724eab upstream. Since commit |
||
Nikolay Aleksandrov
|
79855be644 |
net: bridge: fix vlan tunnel dst refcnt when egressing
commit cfc579f9d89af4ada58c69b03bcaa4887840f3b3 upstream.
The egress tunnel code uses dst_clone() and directly sets the result
which is wrong because the entry might have 0 refcnt or be already deleted,
causing number of problems. It also triggers the WARN_ON() in dst_hold()[1]
when a refcnt couldn't be taken. Fix it by using dst_hold_safe() and
checking if a reference was actually taken before setting the dst.
[1] dmesg WARN_ON log and following refcnt errors
WARNING: CPU: 5 PID: 38 at include/net/dst.h:230 br_handle_egress_vlan_tunnel+0x10b/0x134 [bridge]
Modules linked in: 8021q garp mrp bridge stp llc bonding ipv6 virtio_net
CPU: 5 PID: 38 Comm: ksoftirqd/5 Kdump: loaded Tainted: G W 5.13.0-rc3+ #360
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014
RIP: 0010:br_handle_egress_vlan_tunnel+0x10b/0x134 [bridge]
Code: e8 85 bc 01 e1 45 84 f6 74 90 45 31 f6 85 db 48 c7 c7 a0 02 19 a0 41 0f 94 c6 31 c9 31 d2 44 89 f6 e8 64 bc 01 e1 85 db 75 02 <0f> 0b 31 c9 31 d2 44 89 f6 48 c7 c7 70 02 19 a0 e8 4b bc 01 e1 49
RSP: 0018:ffff8881003d39e8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffa01902a0
RBP: ffff8881040c6700 R08: 0000000000000000 R09: 0000000000000001
R10: 2ce93d0054fe0d00 R11: 54fe0d00000e0000 R12: ffff888109515000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000401
FS: 0000000000000000(0000) GS:ffff88822bf40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f42ba70f030 CR3: 0000000109926000 CR4: 00000000000006e0
Call Trace:
br_handle_vlan+0xbc/0xca [bridge]
__br_forward+0x23/0x164 [bridge]
deliver_clone+0x41/0x48 [bridge]
br_handle_frame_finish+0x36f/0x3aa [bridge]
? skb_dst+0x2e/0x38 [bridge]
? br_handle_ingress_vlan_tunnel+0x3e/0x1c8 [bridge]
? br_handle_frame_finish+0x3aa/0x3aa [bridge]
br_handle_frame+0x2c3/0x377 [bridge]
? __skb_pull+0x33/0x51
? vlan_do_receive+0x4f/0x36a
? br_handle_frame_finish+0x3aa/0x3aa [bridge]
__netif_receive_skb_core+0x539/0x7c6
? __list_del_entry_valid+0x16e/0x1c2
__netif_receive_skb_list_core+0x6d/0xd6
netif_receive_skb_list_internal+0x1d9/0x1fa
gro_normal_list+0x22/0x3e
dev_gro_receive+0x55b/0x600
? detach_buf_split+0x58/0x140
napi_gro_receive+0x94/0x12e
virtnet_poll+0x15d/0x315 [virtio_net]
__napi_poll+0x2c/0x1c9
net_rx_action+0xe6/0x1fb
__do_softirq+0x115/0x2d8
run_ksoftirqd+0x18/0x20
smpboot_thread_fn+0x183/0x19c
? smpboot_unregister_percpu_thread+0x66/0x66
kthread+0x10a/0x10f
? kthread_mod_delayed_work+0xb6/0xb6
ret_from_fork+0x22/0x30
---[ end trace 49f61b07f775fd2b ]---
dst_release: dst:00000000c02d677a refcnt:-1
dst_release underflow
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Nikolay Aleksandrov
|
a2241e62f6 |
net: bridge: fix vlan tunnel dst null pointer dereference
commit 58e2071742e38f29f051b709a5cca014ba51166f upstream.
This patch fixes a tunnel_dst null pointer dereference due to lockless
access in the tunnel egress path. When deleting a vlan tunnel the
tunnel_dst pointer is set to NULL without waiting a grace period (i.e.
while it's still usable) and packets egressing are dereferencing it
without checking. Use READ/WRITE_ONCE to annotate the lockless use of
tunnel_id, use RCU for accessing tunnel_dst and make sure it is read
only once and checked in the egress path. The dst is already properly RCU
protected so we don't need to do anything fancy than to make sure
tunnel_id and tunnel_dst are read only once and checked in the egress path.
Cc: stable@vger.kernel.org
Fixes:
|
||
Zhang Zhengming
|
6cc777c6ac |
bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit
[ Upstream commit 59259ff7a81b9eb6213891c6451221e567f8f22f ]
There is a crash in the function br_get_link_af_size_filtered,
as the port_exists(dev) is true and the rx_handler_data of dev is NULL.
But the rx_handler_data of dev is correct saved in vmcore.
The oops looks something like:
...
pc : br_get_link_af_size_filtered+0x28/0x1c8 [bridge]
...
Call trace:
br_get_link_af_size_filtered+0x28/0x1c8 [bridge]
if_nlmsg_size+0x180/0x1b0
rtnl_calcit.isra.12+0xf8/0x148
rtnetlink_rcv_msg+0x334/0x370
netlink_rcv_skb+0x64/0x130
rtnetlink_rcv+0x28/0x38
netlink_unicast+0x1f0/0x250
netlink_sendmsg+0x310/0x378
sock_sendmsg+0x4c/0x70
__sys_sendto+0x120/0x150
__arm64_sys_sendto+0x30/0x40
el0_svc_common+0x78/0x130
el0_svc_handler+0x38/0x78
el0_svc+0x8/0xc
In br_add_if(), we found there is no guarantee that
assigning rx_handler_data to dev->rx_handler_data
will before setting the IFF_BRIDGE_PORT bit of priv_flags.
So there is a possible data competition:
CPU 0: CPU 1:
(RCU read lock) (RTNL lock)
rtnl_calcit() br_add_slave()
if_nlmsg_size() br_add_if()
br_get_link_af_size_filtered() -> netdev_rx_handler_register
...
// The order is not guaranteed
... -> dev->priv_flags |= IFF_BRIDGE_PORT;
// The IFF_BRIDGE_PORT bit of priv_flags has been set
-> if (br_port_exists(dev)) {
// The dev->rx_handler_data has NOT been assigned
-> p = br_port_get_rcu(dev);
....
-> rcu_assign_pointer(dev->rx_handler_data, rx_handler_data);
...
Fix it in br_get_link_af_size_filtered, using br_port_get_check_rcu() and checking the return value.
Signed-off-by: Zhang Zhengming <zhangzhengming@huawei.com>
Reviewed-by: Zhao Lei <zhaolei69@huawei.com>
Reviewed-by: Wang Xiaogang <wangxiaogang3@huawei.com>
Suggested-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Nikolay Aleksandrov
|
29e498ff18 |
net: bridge: when suppression is enabled exclude RARP packets
[ Upstream commit 0353b4a96b7a9f60fe20d1b3ebd4931a4085f91c ] Recently we had an interop issue where RARP packets got suppressed with bridge neigh suppression enabled, but the check in the code was meant to suppress GARP. Exclude RARP packets from it which would allow some VMWare setups to work, to quote the report: "Those RARP packets usually get generated by vMware to notify physical switches when vMotion occurs. vMware may use random sip/tip or just use sip=tip=0. So the RARP packet sometimes get properly flooded by the vtep and other times get dropped by the logic" Reported-by: Amer Abdalamer <amer@nvidia.com> Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Linus Lüssing
|
07ef3f7bc5 |
net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
[ Upstream commit 99014088156cd78867d19514a0bc771c4b86b93b ]
The IPv6 Multicast Router Advertisements parsing has the following two
issues:
For one thing, ICMPv6 MRD Advertisements are smaller than ICMPv6 MLD
messages (ICMPv6 MRD Adv.: 8 bytes vs. ICMPv6 MLDv1/2: >= 24 bytes,
assuming MLDv2 Reports with at least one multicast address entry).
When ipv6_mc_check_mld_msg() tries to parse an Multicast Router
Advertisement its MLD length check will fail - and it will wrongly
return -EINVAL, even if we have a valid MRD Advertisement. With the
returned -EINVAL the bridge code will assume a broken packet and will
wrongly discard it, potentially leading to multicast packet loss towards
multicast routers.
The second issue is the MRD header parsing in
br_ip6_multicast_mrd_rcv(): It wrongly checks for an ICMPv6 header
immediately after the IPv6 header (IPv6 next header type). However
according to RFC4286, section 2 all MRD messages contain a Router Alert
option (just like MLD). So instead there is an IPv6 Hop-by-Hop option
for the Router Alert between the IPv6 and ICMPv6 header, again leading
to the bridge wrongly discarding Multicast Router Advertisements.
To fix these two issues, introduce a new return value -ENODATA to
ipv6_mc_check_mld() to indicate a valid ICMPv6 packet with a hop-by-hop
option which is not an MLD but potentially an MRD packet. This also
simplifies further parsing in the bridge code, as ipv6_mc_check_mld()
already fully checks the ICMPv6 header and hop-by-hop option.
These issues were found and fixed with the help of the mrdisc tool
(https://github.com/troglobit/mrdisc).
Fixes:
|
||
|
Srinivasarao P
|
b403cd66bd |
Merge android11-5.4.86+ (75c93eb) into msm-5.4
* refs/heads/tmp-75c93eb: Revert one chunk from |
||
|
Florian Westphal
|
ce23be37ec |
netfilter: bridge: add pre_exit hooks for ebtable unregistration
commit 7ee3c61dcd28bf6e290e06ad382f13511dc790e9 upstream.
Just like ip/ip6/arptables, the hooks have to be removed, then
synchronize_rcu() has to be called to make sure no more packets are being
processed before the ruleset data is released.
Place the hook unregistration in the pre_exit hook, then call the new
ebtables pre_exit function from there.
Years ago, when first netns support got added for netfilter+ebtables,
this used an older (now removed) netfilter hook unregister API, that did
a unconditional synchronize_rcu().
Now that all is done with call_rcu, ebtable_{filter,nat,broute} pernet exit
handlers may free the ebtable ruleset while packets are still in flight.
This can only happens on module removal, not during netns exit.
The new function expects the table name, not the table struct.
This is because upcoming patch set (targeting -next) will remove all
net->xt.{nat,filter,broute}_table instances, this makes it necessary
to avoid external references to those member variables.
The existing APIs will be converted, so follow the upcoming scheme of
passing name + hook type instead.
Fixes:
|
||
|
Vladimir Oltean
|
ad112654e2 |
net: bridge: use switchdev for port flags set through sysfs too
commit 8043c845b63a2dd88daf2d2d268a33e1872800f0 upstream.
Looking through patchwork I don't see that there was any consensus to
use switchdev notifiers only in case of netlink provided port flags but
not sysfs (as a sort of deprecation, punishment or anything like that),
so we should probably keep the user interface consistent in terms of
functionality.
http://patchwork.ozlabs.org/project/netdev/patch/20170605092043.3523-3-jiri@resnulli.us/
http://patchwork.ozlabs.org/project/netdev/patch/20170608064428.4785-3-jiri@resnulli.us/
Fixes:
|
||
Wang Hai
|
49de0a17e6 |
net: bridge: Fix a warning when del bridge sysfs
[ Upstream commit 989a1db06eb18ff605377eec87e18d795e0ec74b ]
I got a warining report:
br_sysfs_addbr: can't create group bridge4/bridge
------------[ cut here ]------------
sysfs group 'bridge' not found for kobject 'bridge4'
WARNING: CPU: 2 PID: 9004 at fs/sysfs/group.c:279 sysfs_remove_group fs/sysfs/group.c:279 [inline]
WARNING: CPU: 2 PID: 9004 at fs/sysfs/group.c:279 sysfs_remove_group+0x153/0x1b0 fs/sysfs/group.c:270
Modules linked in: iptable_nat
...
Call Trace:
br_dev_delete+0x112/0x190 net/bridge/br_if.c:384
br_dev_newlink net/bridge/br_netlink.c:1381 [inline]
br_dev_newlink+0xdb/0x100 net/bridge/br_netlink.c:1362
__rtnl_newlink+0xe11/0x13f0 net/core/rtnetlink.c:3441
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3500
rtnetlink_rcv_msg+0x385/0x980 net/core/rtnetlink.c:5562
netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2494
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x793/0xc80 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0x139/0x170 net/socket.c:671
____sys_sendmsg+0x658/0x7d0 net/socket.c:2353
___sys_sendmsg+0xf8/0x170 net/socket.c:2407
__sys_sendmsg+0xd3/0x190 net/socket.c:2440
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
In br_device_event(), if the bridge sysfs fails to be added,
br_device_event() should return error. This can prevent warining
when removing bridge sysfs that do not exist.
Fixes:
|
||
Joseph Huang
|
d8d39e1366 |
bridge: Fix a deadlock when enabling multicast snooping
[ Upstream commit 851d0a73c90e6c8c63fef106c6c1e73df7e05d9d ]
When enabling multicast snooping, bridge module deadlocks on multicast_lock
if 1) IPv6 is enabled, and 2) there is an existing querier on the same L2
network.
The deadlock was caused by the following sequence: While holding the lock,
br_multicast_open calls br_multicast_join_snoopers, which eventually causes
IP stack to (attempt to) send out a Listener Report (in igmp6_join_group).
Since the destination Ethernet address is a multicast address, br_dev_xmit
feeds the packet back to the bridge via br_multicast_rcv, which in turn
calls br_multicast_add_group, which then deadlocks on multicast_lock.
The fix is to move the call br_multicast_join_snoopers outside of the
critical section. This works since br_multicast_join_snoopers only deals
with IP and does not modify any multicast data structures of the bridge,
so there's no need to hold the lock.
Steps to reproduce:
1. sysctl net.ipv6.conf.all.force_mld_version=1
2. have another querier
3. ip link set dev bridge type bridge mcast_snooping 0 && \
ip link set dev bridge type bridge mcast_snooping 1 < deadlock >
A typical call trace looks like the following:
[ 936.251495] _raw_spin_lock+0x5c/0x68
[ 936.255221] br_multicast_add_group+0x40/0x170 [bridge]
[ 936.260491] br_multicast_rcv+0x7ac/0xe30 [bridge]
[ 936.265322] br_dev_xmit+0x140/0x368 [bridge]
[ 936.269689] dev_hard_start_xmit+0x94/0x158
[ 936.273876] __dev_queue_xmit+0x5ac/0x7f8
[ 936.277890] dev_queue_xmit+0x10/0x18
[ 936.281563] neigh_resolve_output+0xec/0x198
[ 936.285845] ip6_finish_output2+0x240/0x710
[ 936.290039] __ip6_finish_output+0x130/0x170
[ 936.294318] ip6_output+0x6c/0x1c8
[ 936.297731] NF_HOOK.constprop.0+0xd8/0xe8
[ 936.301834] igmp6_send+0x358/0x558
[ 936.305326] igmp6_join_group.part.0+0x30/0xf0
[ 936.309774] igmp6_group_added+0xfc/0x110
[ 936.313787] __ipv6_dev_mc_inc+0x1a4/0x290
[ 936.317885] ipv6_dev_mc_inc+0x10/0x18
[ 936.321677] br_multicast_open+0xbc/0x110 [bridge]
[ 936.326506] br_multicast_toggle+0xec/0x140 [bridge]
Fixes:
|
||
Zhang Changzhong
|
cae90bd22c |
net: bridge: vlan: fix error return code in __vlan_add()
[ Upstream commit ee4f52a8de2c6f78b01f10b4c330867d88c1653a ]
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Fixes:
|
||
Antoine Tenart
|
4615228a50 |
netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
[ Upstream commit 44f64f23bae2f0fad25503bc7ab86cd08d04cd47 ]
Netfilter changes PACKET_OTHERHOST to PACKET_HOST before invoking the
hooks as, while it's an expected value for a bridge, routing expects
PACKET_HOST. The change is undone later on after hook traversal. This
can be seen with pairs of functions updating skb>pkt_type and then
reverting it to its original value:
For hook NF_INET_PRE_ROUTING:
setup_pre_routing / br_nf_pre_routing_finish
For hook NF_INET_FORWARD:
br_nf_forward_ip / br_nf_forward_finish
But the third case where netfilter does this, for hook
NF_INET_POST_ROUTING, the packet type is changed in br_nf_post_routing
but never reverted. A comment says:
/* We assume any code from br_dev_queue_push_xmit onwards doesn't care
* about the value of skb->pkt_type. */
But when having a tunnel (say vxlan) attached to a bridge we have the
following call trace:
br_nf_pre_routing
br_nf_pre_routing_ipv6
br_nf_pre_routing_finish
br_nf_forward_ip
br_nf_forward_finish
br_nf_post_routing <- pkt_type is updated to PACKET_HOST
br_nf_dev_queue_xmit <- but not reverted to its original value
vxlan_xmit
vxlan_xmit_one
skb_tunnel_check_pmtu <- a check on pkt_type is performed
In this specific case, this creates issues such as when an ICMPv6 PTB
should be sent back. When CONFIG_BRIDGE_NETFILTER is enabled, the PTB
isn't sent (as skb_tunnel_check_pmtu checks if pkt_type is PACKET_HOST
and returns early).
If the comment is right and no one cares about the value of
skb->pkt_type after br_dev_queue_push_xmit (which isn't true), resetting
it to its original value should be safe.
Fixes:
|
||
Heiner Kallweit
|
805dfdb26e |
net: bridge: add missing counters to ndo_get_stats64 callback
[ Upstream commit 7a30ecc9237681bb125cbd30eee92bef7e86293d ]
In br_forward.c and br_input.c fields dev->stats.tx_dropped and
dev->stats.multicast are populated, but they are ignored in
ndo_get_stats64.
Fixes:
|
||
Ravinder Konka
|
e092c033d3 |
bridge: Add bridge API to access the bridge slave port
This API is needed by the NSS connection manager modules to enable NSS fast path for bridge flows. The connection manager needs to inspect the netdevice of the bridge slave port that has learned a given MAC address. Currently no such API exists that is exported out of the kernel network stack for this purpose. Change-Id: I3f8848739d820346135b09b93f760122874468fd Signed-off-by: Ravinder konka <rkonka@codeaurora.org> Signed-off-by: Mohammed Javid <mjavid@codeaurora.org> |