Define the MAC_PUSH action which pushes an MPLS LSE before the mac
header (instead of between the mac and the network headers as the
plain PUSH action does).
The only special case is when the skb has an offloaded VLAN. In that
case, it has to be inlined before pushing the MPLS header.
Change-Id: Iea0792dac8682bccc4a6a506244c81ed799f779f
Signed-off-by: Guillaume Nault gnault@redhat.com
Signed-off-by: David S. Miller davem@davemloft.net
Git-commit: a45294af9e96a3e060b6272fa7cd2c4b196de335
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[quic_jguidry@quicinc.com: Enabled net/sched filtering and classification in
sdxlemur.config]
Signed-off-by: James Wyatt Guidry <quic_jguidry@quicinc.com>
* refs/heads/tmp-3970bc6:
UPSTREAM: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls
ANDROID: abi_gki_aarch64_qcom: Add vmemdup_user to qcom symbol list
ANDROID: GKI: update Sony KMI symbol list
UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
BACKPORT: mm: do_wp_page() simplification
UPSTREAM: mm/ksm: Remove reuse_ksm_page()
BACKPORT: ALSA: pcm: Fix races among concurrent prealloc proc writes
BACKPORT: ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
BACKPORT: ALSA: pcm: Fix races among concurrent read/write and buffer changes
ANDROID: Fix up abi issue with struct snd_pcm_runtime
BACKPORT: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
BACKPORT: nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
Linux 5.4.197
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
NFSD: Fix possible sleep during nfsd4_release_lockowner()
NFS: Memory allocation failures are not server fatal errors
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
HID: multitouch: Add support for Google Whiskers Touchpad
raid5: introduce MD_BROKEN
dm verity: set DM_TARGET_IMMUTABLE feature flag
dm stats: add cond_resched when looping over entries
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
zsmalloc: fix races between asynchronous zspage free and page migration
crypto: ecrdsa - Fix incorrect use of vli_cmp
netfilter: conntrack: re-fetch conntrack after insertion
exec: Force single empty string when argv is empty
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
cfg80211: set custom regdomain after wiphy registration
assoc_array: Fix BUG_ON during garbage collect
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
net: af_key: check encryption module availability consistency
pinctrl: sunxi: fix f1c100s uart2 function
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
media: vim2m: initialize the media device earlier
media: vim2m: Register video device after setting up internals
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: change source port randomizarion at connect() time
Input: goodix - fix spurious key release events
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
lockdown: also lock down previous kgdb use
Linux 5.4.196
afs: Fix afs_getattr() to refetch file status if callback break occurred
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
x86/xen: fix booting 32-bit pv guest
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
firmware_loader: use kernel credentials when reading firmware
net: stmmac: disable Split Header (SPH) for Intel platforms
block: return ELEVATOR_DISCARD_MERGE if possible
Input: ili210x - fix reset timing
net: atlantic: verify hw_head_ lies within TX buffer ring
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
selftests: add ping test with ping_group_range tuned
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
net: af_key: add check for pfkey_broadcast in function pfkey_process
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
ice: fix possible under reporting of ethtool Tx and Rx statistics
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net/sched: act_pedit: sanitize shift argument before usage
net: macb: Increment rx bd head after allocating skb and buffer
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
KVM: x86/mmu: Update number of zapped pages even if page list is stable
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
Fix double fget() in vhost_net_set_backend()
perf: Fix sys_perf_event_open() race against self
ALSA: wavefront: Proper check of get_user() error
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
SUNRPC: Don't call connect() more than once on a TCP socket
SUNRPC: Prevent immediate close+reconnect
SUNRPC: Clean up scheduling of autoclose
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
nvme-multipath: fix hang when disk goes live over reconnect
ALSA: hda/realtek: Enable headset mic on Lenovo P360
crypto: x86/chacha20 - Avoid spurious jumps to other functions
crypto: stm32 - fix reference leak in stm32_crc_remove
Input: stmfts - fix reference leak in stmfts_input_open
Input: add bounds checking to input_set_capability()
um: Cleanup syscall_handler_t definition/cast, fix warning
rtc: fix use-after-free on device removal
x86/xen: Make the secondary CPU idle tasks reliable
x86/xen: Make the boot CPU idle task reliable
floppy: use a statically allocated error counter
ANDROID: fix up abi issue with struct snd_pcm_runtime
Linux 5.4.195
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
ping: fix address binding wrt vrf
arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
net: phy: Fix race condition on link status change
MIPS: fix build with gcc-12
drm/vmwgfx: Initialize drm_mode_fb_cmd2
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
i40e: i40e_main: fix a missing check on list iterator
drm/nouveau/tegra: Stop using iommu_present()
serial: 8250_mtk: Fix register address for XON/XOFF character
serial: 8250_mtk: Fix UART_EFR register address
slimbus: qcom: Fix IRQ check in qcom_slim_probe
USB: serial: option: add Fibocom MA510 modem
USB: serial: option: add Fibocom L610 modem
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: pl2303: add device id for HP LM930 Display
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: cdc-wdm: fix reading stuck on device close
tty: n_gsm: fix mux activation issues in gsm_config()
tcp: resalt the secret every 10 seconds
net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
s390: disable -Warray-bounds
ASoC: ops: Validate input values in snd_soc_put_volsw_range()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: max98090: Reject invalid values in custom control put()
hwmon: (f71882fg) Fix negative temperature
gfs2: Fix filesystem block deallocation for short writes
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net/sched: act_pedit: really ensure the skb is writable
s390/lcs: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/ctcm: fix variable dereferenced before check
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
dim: initialize all struct fields
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
netlink: do not reset transport header in netlink_recvmsg()
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
ipv4: drop dst in multicast routing path
net: Fix features skip in for_each_netdev_feature()
mac80211: Reset MBSSID parameters upon connection
hwmon: (tmp401) Add OF device ID table
batman-adv: Don't skb_split skbuffs with frag_list
Linux 5.4.194
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: fix missing cache flush for all tail pages of compound page
Bluetooth: Fix the creation of hdev->name
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
x86: kprobes: Prohibit probing on instruction which has emulate prefix
x86: xen: insn: Decode Xen and KVM emulate-prefix signature
x86: xen: kvm: Gather the definition of emulate prefixes
x86/asm: Allow to pass macros to __ASM_FORM()
KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
can: grcan: only use the NAPI poll budget for RX
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
nfp: bpf: silence bitwise vs. logical OR warning
drm/i915: Cast remain to unsigned long in eb_relocate_vma
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
MIPS: Use address-of operator on section symbols
ANDROID: GKI: update the abi .xml file
Revert "tcp: ensure to use the most recently sent skb when filling the rate sample"
Linux 5.4.193
mmc: rtsx: add 74 Clocks in power on flow
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Clear all MSIs at setup
dm: interlock pending dm_io and dm_wait_for_bios_completion
dm: fix mempool NULL pointer race when completing IO
tcp: make sure treq->af_specific is initialized
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
mm: fix unexpected zeroed page mapping with zram swap
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
net: ipv6: ensure we call ipv6_mc_down() at most once
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
NFSv4: Don't invalidate inode attributes on delegation return
drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
btrfs: always log symlinks in full mode
smsc911x: allow using IRQ0
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
net: emaclite: Add error handling for of_address_to_resource()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
RDMA/siw: Fix a condition race issue in MPA request processing
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
hwmon: (adt7470) Fix warning on module removal
NFC: netlink: fix sleep in atomic bug when firmware download timeout
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
nfc: replace improper check device_is_registered() in netlink related functions
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_close(): fix deadlock
s390/dasd: Fix read inconsistency for ESE DASD devices
s390/dasd: Fix read for ESE with blksize < 4k
s390/dasd: prevent double format of tracks for ESE devices
s390/dasd: fix data corruption for ESE devices
ASoC: meson: Fix event generation for G12A tohdmi mux
ASoC: wm8958: Fix change notifications for DSP controls
ASoC: da7219: Fix change notifications for tone generator frequency
genirq: Synchronize interrupt thread startup
ACPICA: Always create namespace nodes using acpi_ns_create_node()
firewire: core: extend card->lock in fw_core_handle_bus_reset
firewire: remove check of list iterator against head past the loop body
firewire: fix potential uaf in outbound_phy_packet_callback()
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
parisc: Merge model and model name into one line in /proc/cpuinfo
MIPS: Fix CP0 counter erratum detection for R4k CPUs
Linux 5.4.192
mm, hugetlb: allow for "high" userspace addresses
hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix insufficient txframe size
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix malformed counter for out of frame data
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
x86/cpu: Load microcode during restore_processor_state()
net: ethernet: stmmac: fix write to sgmii_adapter_base
drivers: net: hippi: Fix deadlock in rr_close()
cifs: destage any unwritten data to the server before calling copychunk_write
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ASoC: wm8731: Disable the regulator when probing fails
tcp: fix F-RTO may not work correctly when receiving DSACK
ixgbe: ensure IPsec VF<->PF compatibility
bnx2x: fix napi API usage sequence
tls: Skip tls_append_frag on zero copy size
drm/amd/display: Fix memory leak in dcn21_clock_source_create
net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
net: bcmgenet: hide status block before TX timestamping
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
ip_gre: Make o_seqno start from 0 in native mode
net/smc: sync err code when tcp connection was refused
net: hns3: add validity check for message data length
cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
pinctrl: pistachio: fix use of irq_of_parse_and_map()
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
ARM: dts: imx6ull-colibri: fix vqmmc regulator
sctp: check asoc strreset_chunk in sctp_generate_reconf_event
tcp: ensure to use the most recently sent skb when filling the rate sample
tcp: md5: incorrect tcp_header_len for incoming connections
bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
mtd: rawnand: Fix return value check of wait_for_completion_timeout
ipvs: correctly print the memory size of ip_vs_conn_tab
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ARM: dts: am3517-evm: Fix misc pinmuxing
ARM: dts: Fix mmc order for omap3-gta04
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
USB: Fix xhci event ring dequeue pointer ERDP update issue
mtd: rawnand: fix ecc parameters for mt7622
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
video: fbdev: udlfb: properly check endpoint type
hex2bin: fix access beyond string end
hex2bin: make the function hex_to_bin constant-time
arch_topology: Do not set llc_sibling if llc_id is invalid
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
serial: 8250: Also set sticky MCR bits in console restoration
serial: imx: fix overrun interrupts in DMA mode
usb: dwc3: gadget: Return proper request status
usb: dwc3: core: Fix tx/rx threshold settings
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: typec: ucsi: Fix role swapping
usb: misc: fix improper handling of refcount in uss720_probe()
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: dac: ad5446: Fix read_raw not returning set value
iio: dac: ad5592r: Fix the missing return value.
xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
xhci: stop polling roothubs after shutdown
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
USB: quirks: add STRING quirk for VCOM device
USB: quirks: add a Realtek card reader
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
lightnvm: disable the subsystem
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
floppy: disable FDRAWCMD by default
Conflicts:
drivers/usb/dwc3/gadget.c
include/linux/dma-mapping.h
include/linux/stmmac.h
mm/memory.c
Change-Id: I3bf49e11ae4aeaf1db353efbdfee950cd12de8cf
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
Implement TCA_VLAN_ACT_POP_ETH and TCA_VLAN_ACT_PUSH_ETH, to
respectively pop and push a base Ethernet header at the beginning of a
frame.
POP_ETH is just a matter of pulling ETH_HLEN bytes. VLAN tags, if any,
must be stripped before calling POP_ETH.
PUSH_ETH is restricted to skbs with no mac_header, and only the MAC
addresses can be configured. The Ethertype is automatically set from
skb->protocol. These restrictions ensure that all skb's fields remain
consistent, so that this action can't confuse other part of the
networking stack (like GSO).
Since openvswitch already had these actions, consolidate the code in
skbuff.c (like for vlan and mpls push/pop).
Change-Id: Ifce1d5fee3eb1741bdc88b22f9000226744cc56c
Signed-off-by: Guillaume Nault gnault@redhat.com
Signed-off-by: David S. Miller davem@davemloft.net
Git-commit: 19fbcb36a39eefbe8912a13ccc02e937b1c418d6
Git-repo: https://android.googlesource.com/kernel/common/
[quic_jguidry@quicinc.com: Added CONFIG_NET_SCHED_ACT_VLAN_QGKI to
sdxlemur.config]
Signed-off-by: James Wyatt Guidry <quic_jguidry@quicinc.com>
[ Upstream commit 9c90c9b3e50e16d03c7f87d63e9db373974781e0 ]
This reverts commit 4dc2a5a8f6754492180741facf2a8787f2c415d7.
A non-zero return value from pfkey_broadcast() does not necessarily mean
an error occurred as this function returns -ESRCH when no registered
listener received the message. In particular, a call with
BROADCAST_PROMISC_ONLY flag and null one_sk argument can never return
zero so that this commit in fact prevents processing any PF_KEY message.
One visible effect is that racoon daemon fails to find encryption
algorithms like aes and refuses to start.
Excluding -ESRCH return value would fix this but it's not obvious that
we really want to bail out here and most other callers of
pfkey_broadcast() also ignore the return value. Also, as pointed out by
Steffen Klassert, PF_KEY is kind of deprecated and newer userspace code
should use netlink instead so that we should only disturb the code for
really important fixes.
v2: add a comment explaining why is the return value ignored
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 7df12bee54)
Bug: 235429059
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ica140cb11cd174eded4121d66de6a7239ee4a21d
This is the merge of the upstream LTS release of 5.4.197 into the
android11-5.4 branch.
It contains the following commits:
9eae8fc396 Merge 5.4.197 into android11-5.4-lts
35c6471fd2 Linux 5.4.197
e00c2f22fb bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
a2235bc65a NFSD: Fix possible sleep during nfsd4_release_lockowner()
f5b6bc69a7 NFS: Memory allocation failures are not server fatal errors
0490cd2aee docs: submitting-patches: Fix crossref to 'The canonical patch format'
72ef5d01fe tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
7ecd237e50 tpm: Fix buffer access in tpm2_get_tpm_pt()
396d1f5176 HID: multitouch: Add support for Google Whiskers Touchpad
25f0e9459f raid5: introduce MD_BROKEN
fd2f7e9984 dm verity: set DM_TARGET_IMMUTABLE feature flag
f005973502 dm stats: add cond_resched when looping over entries
65e6282f0d dm crypt: make printing of the key constant-time
a4415f39e3 dm integrity: fix error code in dm_integrity_ctr()
fc658c0839 zsmalloc: fix races between asynchronous zspage free and page migration
7632451ad9 crypto: ecrdsa - Fix incorrect use of vli_cmp
b16bb37398 netfilter: conntrack: re-fetch conntrack after insertion
1fe82bfd9e exec: Force single empty string when argv is empty
241b566e04 drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
3dbab9e37c cfg80211: set custom regdomain after wiphy registration
039fa25d95 assoc_array: Fix BUG_ON during garbage collect
8c668da61b drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
fdcbdb3d08 i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
827980029d net: ftgmac100: Disable hardware checksum on AST2600
e619506ed0 net: af_key: check encryption module availability consistency
fa77d2a3a7 pinctrl: sunxi: fix f1c100s uart2 function
2208c31d86 ACPI: sysfs: Fix BERT error region memory mapping
92d4b5e148 ACPI: sysfs: Make sparse happy about address space in use
5a73bd4f47 media: vim2m: initialize the media device earlier
b7248281af media: vim2m: Register video device after setting up internals
ab5b00cfe0 secure_seq: use the 64 bits of the siphash for port offset calculation
80cca53a48 tcp: change source port randomizarion at connect() time
9ce35dad5a Input: goodix - fix spurious key release events
bdbc7ef3eb staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
4f07508394 x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
8bb828229d lockdown: also lock down previous kgdb use
0cf7a2be06 Merge 5.4.196 into android11-5.4-lts
04b092e4a0 Linux 5.4.196
dba1941f5b afs: Fix afs_getattr() to refetch file status if callback break occurred
ef5374d532 i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
10a221e2d3 x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
a12884ff43 x86/xen: fix booting 32-bit pv guest
b2f140a9f9 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
060f38b1df ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
b38cf3cb17 firmware_loader: use kernel credentials when reading firmware
e14e3856e9 net: stmmac: disable Split Header (SPH) for Intel platforms
9ea8e6a832 block: return ELEVATOR_DISCARD_MERGE if possible
36ac6caf74 Input: ili210x - fix reset timing
1c450bdf2e net: atlantic: verify hw_head_ lies within TX buffer ring
e5307704c4 net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
91d8d7edf1 ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
dd5de66f5c selftests: add ping test with ping_group_range tuned
9919585e5f mac80211: fix rx reordering with non explicit / psmp ack policy
19e2cd737c scsi: qla2xxx: Fix missed DMA unmap for aborted commands
74168c2207 perf bench numa: Address compiler error on s390
d1915d9c9f gpio: mvebu/pwm: Refuse requests with inverted polarity
3fdd67e83c gpio: gpio-vf610: do not touch other bits when set the target bit
1fe6dc5f5d net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
622be11fa3 igb: skip phy status check where unavailable
eb92a8ecce ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
463a7b957d ARM: 9196/1: spectre-bhb: enable for Cortex-A15
1b93631c77 net: af_key: add check for pfkey_broadcast in function pfkey_process
c0be5fec78 net/mlx5e: Properly block LRO when XDP is enabled
3277789f33 NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
b368e07fb4 net/qla3xxx: Fix a test in ql_reset_work()
d672eee9e4 clk: at91: generated: consider range when calculating best rate
8cb1a05fe3 ice: fix possible under reporting of ethtool Tx and Rx statistics
dc64e8874e net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
32f779e6fb net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
1eb2d78581 net/sched: act_pedit: sanitize shift argument before usage
50f70ee302 net: macb: Increment rx bd head after allocating skb and buffer
a42ffe8833 ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
6493ff94c0 ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
fe2a9469ec dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
8cf6c24ed4 drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
8be06f62b4 crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
f4a093215b KVM: x86/mmu: Update number of zapped pages even if page list is stable
de87451827 PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
3a12b2c413 Fix double fget() in vhost_net_set_backend()
dd0ea88b0a perf: Fix sys_perf_event_open() race against self
c8a5e14cb4 ALSA: wavefront: Proper check of get_user() error
2f8f6c393b SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
975a0f14d5 SUNRPC: Don't call connect() more than once on a TCP socket
aa4d71edd6 SUNRPC: Prevent immediate close+reconnect
2d6f096476 SUNRPC: Clean up scheduling of autoclose
f3fe8d13ac mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
def047ae12 mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
f10260f359 mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
1e93f93992 nilfs2: fix lockdep warnings during disk space reclamation
307d021b1a nilfs2: fix lockdep warnings in page operations for btree nodes
77b71a4c87 ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
54f7358be1 platform/chrome: cros_ec_debugfs: detach log reader wq from devm
232128f6e6 drbd: remove usage of list iterator variable after loop
83abb076f4 MIPS: lantiq: check the return value of kzalloc()
e7947c031f rtc: mc146818-lib: Fix the AltCentury for AMD platforms
7be785032c nvme-multipath: fix hang when disk goes live over reconnect
ee0323cc8b ALSA: hda/realtek: Enable headset mic on Lenovo P360
c0d86f2a3c crypto: x86/chacha20 - Avoid spurious jumps to other functions
f021389433 crypto: stm32 - fix reference leak in stm32_crc_remove
8c015cd524 Input: stmfts - fix reference leak in stmfts_input_open
bb83a744bc Input: add bounds checking to input_set_capability()
4fd3966956 um: Cleanup syscall_handler_t definition/cast, fix warning
0c319b9988 rtc: fix use-after-free on device removal
05df3bdbc2 x86/xen: Make the secondary CPU idle tasks reliable
0d3817cb4e x86/xen: Make the boot CPU idle task reliable
67e2b62461 floppy: use a statically allocated error counter
abcfb6abb7 Merge 5.4.195 into android11-5.4-lts
e44bd11b47 Merge 5.4.194 into android11-5.4-lts
c336f131c4 ANDROID: fix up abi issue with struct snd_pcm_runtime
0187300e6a Linux 5.4.195
8fcefb43ec tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
6d80857c4f ping: fix address binding wrt vrf
7845532adb arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
c0b735fef2 net: phy: Fix race condition on link status change
a60def7568 MIPS: fix build with gcc-12
a3112d5da1 drm/vmwgfx: Initialize drm_mode_fb_cmd2
463c743149 cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
f25145c37c i40e: i40e_main: fix a missing check on list iterator
17c744716a drm/nouveau/tegra: Stop using iommu_present()
c8f567c465 serial: 8250_mtk: Fix register address for XON/XOFF character
aa3ea7451b serial: 8250_mtk: Fix UART_EFR register address
031fda28d0 slimbus: qcom: Fix IRQ check in qcom_slim_probe
7de6f30596 USB: serial: option: add Fibocom MA510 modem
65732f62f7 USB: serial: option: add Fibocom L610 modem
6c78537f3e USB: serial: qcserial: add support for Sierra Wireless EM7590
e40d004947 USB: serial: pl2303: add device id for HP LM930 Display
056a56f8fb usb: typec: tcpci: Don't skip cleanup in .remove() on error
457d9401b8 usb: cdc-wdm: fix reading stuck on device close
4d93303fd8 tty: n_gsm: fix mux activation issues in gsm_config()
6e34ee5b5b tcp: resalt the secret every 10 seconds
39c26fe93c net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
638bfbc84c s390: disable -Warray-bounds
f66d3fa508 ASoC: ops: Validate input values in snd_soc_put_volsw_range()
13b850a6cc ASoC: max98090: Generate notifications on changes for custom control
5c766c000a ASoC: max98090: Reject invalid values in custom control put()
22f6c68b49 hwmon: (f71882fg) Fix negative temperature
208200e573 gfs2: Fix filesystem block deallocation for short writes
42daae7d84 net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
e038c457bd net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
2ec2dd7d51 net/sched: act_pedit: really ensure the skb is writable
48c6a40e2f s390/lcs: fix variable dereferenced before check
467ddbbe7e s390/ctcm: fix potential memory leak
2cbce01100 s390/ctcm: fix variable dereferenced before check
1c40e85d0a hwmon: (ltq-cputemp) restrict it to SOC_XWAY
0a778db931 dim: initialize all struct fields
522986cc39 mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
0729594cb7 netlink: do not reset transport header in netlink_recvmsg()
33ce32587c drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
5809a1c530 ipv4: drop dst in multicast routing path
c9d75e87f4 net: Fix features skip in for_each_netdev_feature()
5c90576705 mac80211: Reset MBSSID parameters upon connection
cfe74fd41f hwmon: (tmp401) Add OF device ID table
3915341a93 batman-adv: Don't skb_split skbuffs with frag_list
00c4652b41 Merge 5.4.193 into android11-5.4-lts
9065948757 Linux 5.4.194
2f4e0bf651 mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
e4db0c3ce0 mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
ea9cad1c5d mm: fix missing cache flush for all tail pages of compound page
45c05171d6 Bluetooth: Fix the creation of hdev->name
f52c4c067a KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
c1bdf1e6e7 x86: kprobes: Prohibit probing on instruction which has emulate prefix
6af6427a96 x86: xen: insn: Decode Xen and KVM emulate-prefix signature
c67a4a91f5 x86: xen: kvm: Gather the definition of emulate prefixes
4c39e1ace3 x86/asm: Allow to pass macros to __ASM_FORM()
29afcd5af0 KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
ea65a7d76c arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
5755f946a8 can: grcan: only use the NAPI poll budget for RX
caba5c13a8 can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
76b64c690f nfp: bpf: silence bitwise vs. logical OR warning
86ccefb83e drm/i915: Cast remain to unsigned long in eb_relocate_vma
de542bd765 drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
e6ff94d31c block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
f668da98ad MIPS: Use address-of operator on section symbols
44a1f2e6dc ANDROID: GKI: update the abi .xml file
52509afded Revert "tcp: ensure to use the most recently sent skb when filling the rate sample"
01565c91b7 Linux 5.4.193
8a7f92053d mmc: rtsx: add 74 Clocks in power on flow
d789b98917 PCI: aardvark: Fix reading MSI interrupt number
253bc43ca5 PCI: aardvark: Clear all MSIs at setup
786dc86c84 dm: interlock pending dm_io and dm_wait_for_bios_completion
ad1393b92e dm: fix mempool NULL pointer race when completing IO
40bcd39a00 tcp: make sure treq->af_specific is initialized
9661bf674d ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
37b12c16be ALSA: pcm: Fix races among concurrent prealloc proc writes
2a559eec81 ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
08d1807f09 ALSA: pcm: Fix races among concurrent read/write and buffer changes
fbeb492694 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
f098f8b982 mm: fix unexpected zeroed page mapping with zram swap
c7337efd1d block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
9588ac2edd net: ipv6: ensure we call ipv6_mc_down() at most once
367b49086b KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
c2fadf2d0a x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
8b78939f4b kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
f455c8e657 NFSv4: Don't invalidate inode attributes on delegation return
89e7a625ec drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
1d14c1c7a3 net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
2b99ff4c3e btrfs: always log symlinks in full mode
dc47844894 smsc911x: allow using IRQ0
cff6cb162f bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
64ece01adb selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
52401926c8 net: emaclite: Add error handling for of_address_to_resource()
354cac1e39 net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
0510b6ccfb net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
102986592f RDMA/siw: Fix a condition race issue in MPA request processing
e6ae21eb94 ASoC: dmaengine: Restore NULL prepare_slave_config() callback
df3ea6cc1a hwmon: (adt7470) Fix warning on module removal
01d4363dd7 NFC: netlink: fix sleep in atomic bug when firmware download timeout
33d3e76fc7 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
85aecdef77 nfc: replace improper check device_is_registered() in netlink related functions
da9eb43b9a can: grcan: use ofdev->dev when allocating DMA memory
8b451b7d7e can: grcan: grcan_close(): fix deadlock
8f4246450a s390/dasd: Fix read inconsistency for ESE DASD devices
91193a2c2f s390/dasd: Fix read for ESE with blksize < 4k
1aa75808ed s390/dasd: prevent double format of tracks for ESE devices
061a424dd1 s390/dasd: fix data corruption for ESE devices
860db6cdc5 ASoC: meson: Fix event generation for G12A tohdmi mux
d4864e8c4b ASoC: wm8958: Fix change notifications for DSP controls
6723ab2ed8 ASoC: da7219: Fix change notifications for tone generator frequency
ac5894fb86 genirq: Synchronize interrupt thread startup
8624e2c5af ACPICA: Always create namespace nodes using acpi_ns_create_node()
27183539cf firewire: core: extend card->lock in fw_core_handle_bus_reset
2fefc62598 firewire: remove check of list iterator against head past the loop body
34b9b91829 firewire: fix potential uaf in outbound_phy_packet_callback()
f6b6e93369 Revert "SUNRPC: attempt AF_LOCAL connect on setup"
d403ff32e5 gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
94842485b4 ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
73ce49fa59 parisc: Merge model and model name into one line in /proc/cpuinfo
0d5bb59858 MIPS: Fix CP0 counter erratum detection for R4k CPUs
aa172204d5 Merge 5.4.192 into android11-5.4-lts
1d72b776f6 Linux 5.4.192
aa2a047b58 mm, hugetlb: allow for "high" userspace addresses
6a79b2433e hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
b69e60f6fc tty: n_gsm: fix incorrect UA handling
0f4be29feb tty: n_gsm: fix wrong command frame length field encoding
21cc640385 tty: n_gsm: fix wrong command retry handling
49c40febd4 tty: n_gsm: fix missing explicit ldisc flush
85522dcf00 tty: n_gsm: fix insufficient txframe size
563bb0f794 netfilter: nft_socket: only do sk lookups when indev is available
fae2095210 tty: n_gsm: fix malformed counter for out of frame data
cec2d0782a tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
a6d9847a4f x86/cpu: Load microcode during restore_processor_state()
9e9d12b81d net: ethernet: stmmac: fix write to sgmii_adapter_base
10ba1ac9a2 drivers: net: hippi: Fix deadlock in rr_close()
a827521975 cifs: destage any unwritten data to the server before calling copychunk_write
5335370366 x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
0ecc5304e8 ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
7815710349 ASoC: wm8731: Disable the regulator when probing fails
a71df406a6 tcp: fix F-RTO may not work correctly when receiving DSACK
a4ed61e30e ixgbe: ensure IPsec VF<->PF compatibility
406aaef0fe bnx2x: fix napi API usage sequence
c3e7ea5860 tls: Skip tls_append_frag on zero copy size
cd5cec3a0c drm/amd/display: Fix memory leak in dcn21_clock_source_create
ffce11a391 net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
3a179538bf net: bcmgenet: hide status block before TX timestamping
8ef6d60aa2 clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
194f474ad9 bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
e80054ea0c tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
685ff7d244 ip_gre: Make o_seqno start from 0 in native mode
69555bb27b net/smc: sync err code when tcp connection was refused
daca23846e net: hns3: add validity check for message data length
7763a79566 cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
f5bb5940d7 pinctrl: pistachio: fix use of irq_of_parse_and_map()
d22fc60369 arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
68f5200a1f ARM: dts: imx6ull-colibri: fix vqmmc regulator
c45180375a sctp: check asoc strreset_chunk in sctp_generate_reconf_event
2cba635570 tcp: ensure to use the most recently sent skb when filling the rate sample
3ea6190be9 tcp: md5: incorrect tcp_header_len for incoming connections
2b9a13d98d bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
2e7f70d324 mtd: rawnand: Fix return value check of wait_for_completion_timeout
2a36ba067b ipvs: correctly print the memory size of ip_vs_conn_tab
abe86a10dc ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
54212850e3 ARM: dts: am3517-evm: Fix misc pinmuxing
bba67fe6b0 ARM: dts: Fix mmc order for omap3-gta04
416e0f8907 phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
6ff7c1b827 phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
59bdaed5dd ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
dbce8fc16a phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
b7fc45354b ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
dd99939b70 phy: samsung: exynos5250-sata: fix missing device put in probe error paths
6331b77fdc phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
fccbc3168e ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
b8f0c19d48 USB: Fix xhci event ring dequeue pointer ERDP update issue
1f47c26257 mtd: rawnand: fix ecc parameters for mt7622
0405bd7f18 arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
5f80b5c5f4 arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
f6db63819d video: fbdev: udlfb: properly check endpoint type
c00f3892f4 hex2bin: fix access beyond string end
15b78a8e38 hex2bin: make the function hex_to_bin constant-time
73f4668ee8 arch_topology: Do not set llc_sibling if llc_id is invalid
a3cdd33ca1 serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
89a5728b05 serial: 8250: Also set sticky MCR bits in console restoration
42f749f223 serial: imx: fix overrun interrupts in DMA mode
d29c197df7 usb: dwc3: gadget: Return proper request status
0f3d081315 usb: dwc3: core: Fix tx/rx threshold settings
e2ec7b1f6a usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
debb276670 usb: gadget: uvc: Fix crash when encoding data for usb request
324e67c3b2 usb: typec: ucsi: Fix role swapping
0366beb402 usb: misc: fix improper handling of refcount in uss720_probe()
2c97a2b5ef iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
e82c726c94 iio: dac: ad5446: Fix read_raw not returning set value
1aea30f87c iio: dac: ad5592r: Fix the missing return value.
1e8716a5c0 xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
b8d3a4681f xhci: stop polling roothubs after shutdown
c8fbc2f875 USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
68088dec9b USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
56cbdb9d95 USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
6b10dd966c USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
890fc65448 USB: quirks: add STRING quirk for VCOM device
c4b31d41f5 USB: quirks: add a Realtek card reader
5666334ce3 usb: mtu3: fix USB 3.0 dual-role-switch from device to host
b258964700 lightnvm: disable the subsystem
c9af90f0c6 hamradio: remove needs_free_netdev to avoid UAF
7361a35bf3 hamradio: defer 6pack kfree after unregister_netdev
7dea591300 floppy: disable FDRAWCMD by default
Update the .xml file with the following needed changes that came in from
the -lts branch to handle ABI issues with LTS security fixes:
Leaf changes summary: 2 artifacts changed
Changed leaf types summary: 1 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 1 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
1 function with some sub-type change:
[C] 'function int hex_to_bin(char)' at hexdump.c:52:1 has some sub-type changes:
parameter 1 of type 'char' changed:
type name changed from 'char' to 'unsigned char'
type size hasn't changed
'struct snd_pcm_runtime at pcm.h:342:1' changed:
type size changed from 6336 to 6400 (in bits)
1 data member insertion:
'atomic_t buffer_accessing', at offset 6336 (in bits) at pcm.h:429:1
107 impacted interfaces
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2cc9bdcc4c587e34362082b93990bf9837241a37
* refs/heads/tmp-375c2e2:
Revert "oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup"
Linux 5.4.191
Revert "net: micrel: fix KS8851_MLL Kconfig"
block/compat_ioctl: fix range check in BLKGETSIZE
staging: ion: Prevent incorrect reference counting behavour
spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
jbd2: fix a potential race while discarding reserved buffers after an abort
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4, doc: fix incorrect h_reserved size
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ext4: fix use-after-free in ext4_search_dir
ext4: fix symlink file size not match to file content
arm_pmu: Validate single/group leader events
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
xtensa: fix a7 clobbering in coprocessor context load/store
xtensa: patch_text: Fixup last cpu should be master
powerpc/perf: Fix power9 event alternatives
drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
KVM: PPC: Fix TCE handling for VFIO
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
EDAC/synopsys: Read the error count from the correct register
stat: fix inconsistency between struct stat and struct compat_stat
scsi: qedi: Fix failed disconnect handling
net: macb: Restart tx only if queue pointer is lagging
drm/msm/mdp5: check the return of kzalloc()
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
mt76: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
reset: tegra-bpmp: Restore Handle errors in BPMP response
ARM: vexpress/spc: Avoid negative array index when !SMP
selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
netlink: reset network and mac headers in netlink_dump()
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
net/sched: cls_u32: fix possible leak in u32_init_knode()
net/packet: fix packet_sock xmit return value checking
net/smc: Fix sock leak when release after smc_shutdown()
rxrpc: Restore removed timer deletion
igc: Fix BUG: scheduling while atomic
igc: Fix infinite loop in release_swfw_sync
dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
ALSA: usb-audio: Clear MIDI port active flag after draining
tcp: Fix potential use-after-free due to double kfree()
net/sched: cls_u32: fix netns refcount changes in u32_change()
tcp: fix race condition when creating child sockets from syncookies
gfs2: assign rgrp glock before compute_bitstructs
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
tracing: Dump stacktrace trigger to the corresponding instance
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 5.4.190
ax25: Fix UAF bugs in ax25 timers
ax25: Fix NULL pointer dereferences in ax25 timers
ax25: fix NPD bug in ax25_disconnect
ax25: fix UAF bug in ax25_send_control()
ax25: Fix refcount leaks caused by ax25_cb_del()
ax25: fix UAF bugs of net_device caused by rebinding operation
ax25: fix reference count leaks of ax25_dev
ax25: add refcount in ax25_dev to avoid UAF bugs
dma-direct: avoid redundant memory sync for swiotlb
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
dm integrity: fix memory corruption when tag_size is less than digest size
ARM: davinci: da850-evm: Avoid NULL pointer dereference
tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
genirq/affinity: Consider that CPUs on nodes can be unbalanced
drm/amd/display: don't ignore alpha property on pre-multiplied mode
ipv6: fix panic when forwarding a pkt with no in6 dev
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
btrfs: mark resumed async balance as writing
btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
ath9k: Fix usage of driver-private space in tx_info
ath9k: Properly clear TX status area before reporting to mac80211
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
scsi: mvsas: Add PCI ID of RocketRaid 2640
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
drm/amd/display: Fix allocate_mst_payload assert on resume
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
arm64: alternatives: mark patch_alternative() as `noinstr`
regulator: wm8994: Add an off-on delay for WM8994 variant
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amdkfd: Fix Incorrect VMIDs passed to HWS
drm/amd/display: Update VTEM Infopacket definition
drm/amd/display: fix audio format not updated after edid updated
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
sctp: Initialize daddr on peeled off socket
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
cfg80211: hold bss_lock while updating nontrans_list
net/sched: taprio: Check if socket flags are valid
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
net/sched: fix initialization order when updating chain 0 head
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
veth: Ensure eth header is in skb's linear part
net/sched: flower: fix parsing of ethertype following VLAN header
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
ANDROID: GKI: fix crc issue with commit 3f91687e6e ("block: don't merge across cgroup boundaries if blkcg is enabled")
Revert "PCI: Reduce warnings on possible RW1C corruption"
Linux 5.4.189
ACPI: processor idle: Check for architectural support for LPI
cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function
selftests: cgroup: Test open-time cgroup namespace usage for migration checks
selftests: cgroup: Test open-time credential usage for migration checks
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
cgroup: Use open-time cgroup namespace for process migration perm checks
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
cgroup: Use open-time credentials for process migraton perm checks
io_uring: fix fs->users overflow
drm/amdkfd: Fix -Wstrict-prototypes from amdgpu_amdkfd_gfx_10_0_get_functions()
drm/amdkfd: add missing void argument to function kgd2kfd_init
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
arm64: module: remove (NOLOAD) from linker script
mm: don't skip swap entry even if zap_details specified
mmc: mmci: stm32: correctly check all elements of sg list
mmc: mmci_sdmmc: Replace sg_dma_xxx macros
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
tools build: Filter out options and warnings not supported by clang
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
ata: sata_dwc_460ex: Fix crash due to OOB write
arm64: patch_text: Fixup last cpu should be master
btrfs: fix qgroup reserve overflow the qgroup limit
x86/speculation: Restore speculation related MSRs during S3 resume
x86/pm: Save the MSR validity status at context setup
mm/mempolicy: fix mpol_new leak in shared_policy_replace
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
lz4: fix LZ4_decompress_safe_partial read out of bound
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
perf session: Remap buf if there is no space for event
perf tools: Fix perf's libperf_print callback
SUNRPC: Handle low memory situations in call_status()
SUNRPC: Handle ENOMEM in call_transmit_status()
drbd: Fix five use after free bugs in get_initial_state
bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
qede: confirm skb is allocated before using
rxrpc: fix a race in rxrpc_exit_net()
net: openvswitch: don't send internal clone attribute to the userspace.
ipv6: Fix stats accounting in ip6_pkt_drop
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
bnxt_en: reserve space inside receive page for skb_shared_info
drm/imx: Fix memory leak in imx_pd_connector_get_modes
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
net: ipv4: fix route with nexthop object delete warning
net/tls: fix slab-out-of-bounds bug in decrypt_internal
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
Drivers: hv: vmbus: Fix potential crash on module unload
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
parisc: Fix patch code locking and flushing
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
SUNRPC: Fix socket waits for write buffer space
jfs: prevent NULL deref in diFree
virtio_console: eliminate anonymous module_init & module_exit
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
NFS: swap-out must always use STABLE writes.
NFS: swap IO handling is slightly different for O_DIRECT IO
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
clk: Enforce that disjoints limits are invalid
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
NFSv4: Protect the state recovery thread against direct reclaim
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
clk: si5341: fix reported clk_rate when output divider is 2
minix: fix bug when opening a file with O_DIRECT
init/main.c: return 1 from handled __setup() functions
netlabel: fix out-of-bounds memory accesses
Bluetooth: Fix use after free in hci_send_acl
xtensa: fix DTC warning unit_address_format
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
scsi: libfc: Fix use after free in fc_exch_abts_resp()
MIPS: fix fortify panic when copying asm exception handlers
bnxt_en: Eliminate unintended link toggle during FW reset
tuntap: add sanity checks about msg_controllen in sendmsg
macvtap: advertise link netns via netlink
mips: ralink: fix a refcount leak in ill_acc_of_setup()
net/smc: correct settings of RMB window update limit
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
drm/amdkfd: make CRAT table missing message informational only
dm ioctl: prevent potential spectre v1 gadget
ipv4: Invalidate neighbour for broadcast address upon address addition
power: supply: axp288-charger: Set Vhold to 4.4V
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
usb: ehci: add pci device support for Aspeed platforms
iommu/arm-smmu-v3: fix event handling soft lockup
PCI: aardvark: Fix support for MSI interrupts
drm/amdgpu: Fix recursive locking warning
powerpc: Set crashkernel offset to mid of RMA region
ipv6: make mc_forwarding atomic
power: supply: axp20x_battery: properly report current when discharging
scsi: bfa: Replace snprintf() with sysfs_emit()
scsi: mvsas: Replace snprintf() with sysfs_emit()
bpf: Make dst_port field in struct bpf_sock 16-bit wide
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ptp: replace snprintf with sysfs_emit
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
drm: Add orientation quirk for GPD Win Max
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
ARM: 9187/1: JIVE: fix return value of __setup handler
riscv module: remove (NOLOAD)
rtc: wm8350: Handle error for wm8350_register_irq
ubifs: Rectify space amount budget for mkdir/tmpfile operations
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
openvswitch: Fixed nd target mask field in the flow dump.
um: Fix uml_mconsole stop/go
ARM: dts: spear13xx: Update SPI dma properties
ARM: dts: spear1340: Update serial node properties
ASoC: topology: Allow TLV control to be either read or write
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
dt-bindings: spi: mxic: The interrupt property is not mandatory
dt-bindings: mtd: nand-controller: Fix a comment in the examples
dt-bindings: mtd: nand-controller: Fix the reg property description
bpf: Fix comment for helper bpf_current_task_under_cgroup()
mm/usercopy: return 1 from hardened_usercopy __setup() handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/mmap: return 1 from stack_guard_gap __setup() handler
ASoC: soc-compress: Change the check for codec_dai
powerpc/kasan: Fix early region not updated correctly
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
ARM: iop32x: offset IRQ numbers by 1
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
pinctrl: pinconf-generic: Print arguments for bias-pull-*
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
gfs2: Make sure FITRIM minlen is rounded up to fs block size
rtc: check if __rtc_read_time was successful
XArray: Update the LRU list in xas_split()
can: mcba_usb: properly check endpoint type
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
XArray: Fix xas_create_range() when multi-order entry present
ubifs: rename_whiteout: correct old_dir size computing
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
KVM: x86: fix sending PV IPI
KVM: Prevent module exit until all VMs are freed
scsi: qla2xxx: Use correct feature type field during RFF_ID processing
scsi: qla2xxx: Reduce false trigger to login
scsi: qla2xxx: Fix N2N inconsistent PLOGI
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
scsi: qla2xxx: Fix hang due to session stuck
scsi: qla2xxx: Fix incorrect reporting of task management failure
scsi: qla2xxx: Fix disk failure to rediscover
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
scsi: qla2xxx: Check for firmware dump already collected
scsi: qla2xxx: Add devids and conditionals for 28xx
scsi: qla2xxx: Fix device reconnect in loop topology
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
scsi: qla2xxx: Fix stuck session in gpdb
powerpc: Fix build errors with newer binutils
powerpc/lib/sstep: Fix build errors with newer binutils
powerpc/lib/sstep: Fix 'sthcx' instruction
ALSA: hda/realtek: Add alc256-samsung-headphone fixup
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
media: Revert "media: em28xx: add missing em28xx_close_extension"
video: fbdev: sm712fb: Fix crash in smtcfb_write()
ARM: mmp: Fix failure to remove sram device
ARM: tegra: tamonten: Fix I2C3 pad setting
media: cx88-mpeg: clear interrupt status register before streaming video
ASoC: soc-core: skip zero num_dai component in searching dai name
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
ASoC: madera: Add dependencies on MFD
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: w100fb: Reset global state
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
ntfs: add sanity check on allocation size
ext4: don't BUG if someone dirty pages without asking ext4 first
spi: tegra20: Use of_device_get_match_data()
PM: core: keep irq flags in device_pm_check_callbacks()
ACPI/APEI: Limit printable size of BERT table data
Revert "Revert "block, bfq: honor already-setup queue merges""
lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
ACPICA: Avoid walking the ACPI Namespace if it is not there
bfq: fix use-after-free in bfq_dispatch_request
irqchip/nvic: Release nvic_base upon failure
irqchip/qcom-pdc: Fix broken locking
Fix incorrect type in assignment of ipv6 port for audit
loop: use sysfs_emit() in the sysfs xxx show()
selinux: use correct type for context length
block, bfq: don't move oom_bfqq
pinctrl: npcm: Fix broken references to chip->parent_device
gcc-plugins/stackleak: Exactly match strings instead of prefixes
LSM: general protection fault in legacy_parse_param
lib/test: use after free in register_test_dev_kmod()
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
net/x25: Fix null-ptr-deref caused by x25_disconnect
qlcnic: dcb: default to returning -EOPNOTSUPP
selftests: test_vxlan_under_vrf: Fix broken test case
net: phy: broadcom: Fix brcm_fet_config_init()
xen: fix is_xen_pmu()
clk: Initialize orphan req_rate
clk: qcom: gcc-msm8994: Fix gpll4 width
NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
jfs: fix divide error in dbNextAG
driver core: dd: fix return value of __setup handler
firmware: google: Properly state IOMEM dependency
kgdbts: fix return value of __setup handler
kgdboc: fix return value of __setup handler
tty: hvc: fix return value of __setup handler
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl: mediatek: paris: Fix pingroup pin config state readback
pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
NFS: remove unneeded check in decode_devicenotify_args()
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
clk: clps711x: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
clk: actions: Terminate clk_div_table with sentinel element
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
clk: qcom: clk-rcg2: Update the frac table for pixel clock
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
clk: imx7d: Remove audio_mclk_root_clk
dma-debug: fix return value of __setup handlers
NFS: Return valid errors from nfs2/3_decode_dirent()
iio: adc: Add check for devm_request_threaded_irq
serial: 8250: Fix race condition in RTS-after-send handling
serial: 8250_mid: Balance reference count for PCI DMA device
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
clk: qcom: ipq8074: Use floor ops for SDCC1 clock
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
misc: alcor_pci: Fix an error handling path
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
mxser: fix xmit_buf leak in activate when LSR == 0xff
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
tipc: fix the timer expires after interval 100ms
openvswitch: always update flow key after nat
tcp: ensure PMTU updates are processed during fastopen
selftests/bpf/test_lirc_mode2.sh: Exit with proper code
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
af_netlink: Fix shift out of bounds in group mask calculation
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
bpf, sockmap: Fix double uncharge the mem of sk_msg
bpf, sockmap: Fix more uncharged while msg has more_data
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
MIPS: RB532: fix return value of __setup handler
vxcan: enable local echo for sent CAN frames
powerpc: 8xx: fix a return value error in mpc8xx_pic_init
selftests/bpf: Make test_lwt_ip_encap more stable and faster
mfd: mc13xxx: Add check for mc13xxx_irq_request
powerpc/sysdev: fix incorrect use to determine if list is empty
mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
PCI: Reduce warnings on possible RW1C corruption
power: supply: wm8350-power: Add missing free in free_charger_irq
power: supply: wm8350-power: Handle error for wm8350_register_irq
i2c: xiic: Make bus names unique
hv_balloon: rate-limit "Unhandled message" warning
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
KVM: x86: Fix emulation in writing cr8
powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
libbpf: Skip forward declaration when counting duplicated type names
bpf, arm64: Feed byte-offset into bpf line info
bpf, arm64: Call build_prologue() first in first JIT pass
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
scsi: hisi_sas: Change permission of parameter prot_mask
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
ext2: correct max file size computing
TOMOYO: fix __setup handlers return values
drm/amd/display: Remove vupdate_int_entry definition
scsi: pm8001: Fix abort all task initialization
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
iwlwifi: mvm: Fix an error code in iwl_mvm_up()
iwlwifi: Fix -EIO error code that is never returned
dax: make sure inodes are flushed before destroy cache
IB/cma: Allow XRC INI QPs to set their local ACK timeout
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
iommu/ipmmu-vmsa: Check for error num after setting mask
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
net: dsa: mv88e6xxx: Enable port policy support on 6097
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
powerpc/perf: Don't use perf_hw_context for trace IMC PMU
ray_cs: Check ioremap return value
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
KVM: PPC: Fix vmx/vsx mixup in mmio emulation
ath9k_htc: fix uninit value bugs
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
drm/edid: Don't clear formats if using deep color
mtd: rawnand: gpmi: fix controller timings setting
mtd: onenand: Check for error irq
Bluetooth: hci_serdev: call init_rwsem() before p->open()
udmabuf: validate ubuf->pagecount
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
mmc: davinci_mmc: Handle error for clk_enable
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ivtv: fix incorrect device_caps for ivtvfb
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ASoC: fsi: Add check for clk_enable
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
memory: emif: check the pointer temp in get_device_details()
memory: emif: Add check for setup_interrupts
ASoC: soc-compress: prevent the potentially use of null pointer
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: mxs-saif: Handle errors for clk_enable
printk: fix return value of printk.devkmsg __setup handler
arm64: dts: broadcom: Fix sata nodename
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
ALSA: spi: Add check for clk_enable()
ASoC: ti: davinci-i2s: Add check for clk_enable()
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
uaccess: fix nios2 and microblaze get_user_8()
media: usb: go7007: s2250-board: fix leak in probe()
media: em28xx: initialize refcount before kref_get
media: video/hdmi: handle short reads of hdmi info frame.
ARM: dts: imx: Add missing LVDS decoder on M53Menlo
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
soc: qcom: rpmpd: Check for null return of devm_kcalloc
ARM: dts: qcom: ipq4019: fix sleep clock
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
media: aspeed: Correct value for h-total-pixels
media: hantro: Fix overfill bottom register field name
media: coda: Fix missing put_device() call in coda_get_vdoa_data
media: bttv: fix WARNING regression on tunerless devices
f2fs: fix to avoid potential deadlock
f2fs: fix missing free nid in f2fs_handle_failed_inode
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
perf/core: Fix address filter parser for multiple filters
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
clocksource: acpi_pm: fix return value of __setup handler
hwmon: (pmbus) Add Vin unit off handling
crypto: ccp - ccp_dmaengine_unregister release dma channels
ACPI: APEI: fix return value of __setup handlers
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
crypto: vmx - add missing dependencies
hwrng: atmel - disable trng on failure path
PM: suspend: fix return value of __setup handler
PM: hibernate: fix __setup handler error handling
block: don't delete queue kobject before its children
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
hwmon: (pmbus) Add mutex to regulator ops
spi: pxa2xx-pci: Balance reference count for PCI DMA device
crypto: ccree - don't attempt 0 len DMA mappings
audit: log AUDIT_TIME_* records only from rules
selftests/x86: Add validity check and allow field splitting
spi: tegra114: Add missing IRQ check in tegra_spi_probe
crypto: mxs-dcp - Fix scatterlist processing
crypto: authenc - Fix sleep in atomic context in decrypt_tail
regulator: qcom_smd: fix for_each_child.cocci warnings
PCI: pciehp: Clear cmd_busy bit in polling mode
brcmfmac: pcie: Fix crashes due to early IRQs
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
brcmfmac: firmware: Allocate space for default boardrev in nvram
xtensa: fix xtensa_wsr always writing 0
xtensa: fix stop_machine_cpuslocked call in patch_text
media: davinci: vpif: fix unbalanced runtime PM get
DEC: Limit PMAX memory probing to R3k systems
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
crypto: rsa-pkcs1pad - restore signature length check
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
lib/raid6/test: fix multiple definition linking error
thermal: int340x: Increase bitmap size
carl9170: fix missing bit-wise or operator for tx_params
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
video: fbdev: sm712fb: Fix crash in smtcfb_read()
drm/edid: check basic audio support on CEA extension block
block: don't merge across cgroup boundaries if blkcg is enabled
mailbox: tegra-hsp: Flush whole channel
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
ACPI: properties: Consistently return -ENOENT if there are no more references
udp: call udp_encap_enable for v6 sockets when enabling encap
powerpc/kvm: Fix kvm_use_magic_page
drbd: fix potential silent data corruption
mm/kmemleak: reset tag when compare object pointer
mm,hwpoison: unmap poisoned page before invalidation
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
ALSA: cs4236: fix an incorrect NULL check on list iterator
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
riscv: Fix fill_callchain return value
qed: validate and restrict untrusted VFs vlan promisc mode
qed: display VF trust config
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
mempolicy: mbind_range() set_policy() after vma_merge()
mm: invalidate hwpoison page cache page in fault path
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
jffs2: fix memory leak in jffs2_scan_medium
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
spi: mxic: Fix the transmit path
pinctrl: samsung: drop pin banks references on error paths
f2fs: fix to do sanity check on .cp_pack_total_block_count
f2fs: quota: fix loop condition at f2fs_quota_sync()
f2fs: fix to unlock page correctly in error path of is_alive()
NFSD: prevent integer overflow on 32 bit systems
NFSD: prevent underflow in nfssvc_decode_writeargs()
SUNRPC: avoid race between mod_timer() and del_timer_sync()
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
Documentation: update stable tree link
Documentation: add link to stable release candidate tree
KEYS: fix length validation in keyctl_pkey_params_get_2()
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
clk: uniphier: Fix fixed-rate initialization
greybus: svc: fix an error handling bug in gb_svc_hello()
iio: inkern: make a best effort on offset calculation
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: afe: rescale: use s64 for temporary scale calculations
coresight: Fix TRCCONFIGR.QE sysfs interface
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
xhci: make xhci_handshake timeout for xhci_reset() adjustable
xhci: fix runtime PM imbalance in USB2 resume
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
virtio-blk: Use blk_validate_block_size() to validate block size
block: Add a helper to validate the block size
tpm: fix reference counting for struct tpm_chip
iommu/iova: Improve 32-bit free space estimate
net: dsa: microchip: add spi_device_id tables
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
spi: Fix erroneous sgs value with min_t()
net:mcf8390: Use platform_get_irq() to get the interrupt
spi: Fix invalid sgs value
ethernet: sun: Free the coherent when failing in probing
virtio_console: break out of buf poll on remove
xfrm: fix tunnel model fragmentation behavior
HID: logitech-dj: add new lightspeed receiver id
netdevice: add the case if dev is NULL
USB: serial: simple: add Nokia phone driver
USB: serial: pl2303: add IBM device IDs
swiotlb: fix info leak with DMA_FROM_DEVICE
Linux 5.4.188
llc: only change llc->dev when bind() succeeds
nds32: fix access_ok() checks in get/put_user
tpm: use try_get_ops() in tpm-space.c
mac80211: fix potential double free on mesh join
rcu: Don't deboost before reporting expedited quiescent state
crypto: qat - disable registration of algorithms
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
netfilter: nf_tables: initialize registers in nft_do_chain()
ALSA: hda/realtek: Add quirk for ASUS GA402
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
ALSA: oss: Fix PCM OSS buffer allocation overflow
ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
drivers: net: xgene: Fix regression in CRC stripping
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
ALSA: cmipci: Restore aux vol on suspend/resume
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
ALSA: pcm: Add stream lock during PCM reset ioctl operations
llc: fix netdevice reference leaks in llc_ui_bind()
thermal: int340x: fix memory leak in int3400_notify()
staging: fbtft: fb_st7789v: reset display before initialization
tpm: Fix error handling in async work
esp: Fix possible buffer overflow in ESP transformation
net: ipv6: fix skb_over_panic in __ip6_append_data
nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
nfsd: Containerise filecache laundrette
nfsd: cleanup nfsd_file_lru_dispose()
Linux 5.4.187
Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
perf symbols: Fix symbol size calculation condition
Input: aiptek - properly check endpoint type
usb: usbtmc: Fix bug in pipe direction for control transfers
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
arm64: fix clang warning about TRAMP_VALIAS
net: dsa: Add missing of_node_put() in dsa_port_parse_of
net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
hv_netvsc: Add check for kvmalloc_array
atm: eni: Add check for dma_map_single
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
net: phy: marvell: Fix invalid comparison in the resume and suspend functions
efi: fix return value of __setup handlers
ocfs2: fix crash when initialize filecheck kobj fails
crypto: qcom-rng - ensure buffer for generate is completely filled
Linux 5.4.186
fixup for "arm64 entry: Add macro for reading symbol address from the trampoline"
kselftest/vm: fix tests build with old libc
sfc: extend the locking on mcdi->seqno
tcp: make tcp_read_sock() more robust
nl80211: Update bss channel on channel switch for P2P_CLIENT
drm/vrr: Set VRR capable prop only if it is attached to connector
iwlwifi: don't advertise TWT support
atm: firestream: check the return value of ioremap() in fs_init()
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
MIPS: smp: fill in sibling and core maps earlier
mac80211: refuse aggregations sessions before authorized
ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
ARM: dts: rockchip: reorder rk322x hmdi clocks
arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg"
arm64: dts: rockchip: reorder rk3399 hdmi clocks
arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity
xfrm: Fix xfrm migrate issues when address family changes
xfrm: Check if_id in xfrm_migrate
arm64: Use the clearbhb instruction in mitigations
KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
arm64: Mitigate spectre style branch history side channels
KVM: arm64: Add templates for BHB mitigation sequences
arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
arm64: Add percpu vectors for EL1
arm64: entry: Add macro for reading symbol addresses from the trampoline
arm64: entry: Add vectors that have the bhb mitigation sequences
arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
arm64: entry: Allow the trampoline text to occupy multiple pages
arm64: entry: Make the kpti trampoline's kpti sequence optional
arm64: entry: Move trampoline macros out of ifdef'd section
arm64: entry: Don't assume tramp_vectors is the start of the vectors
arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
arm64: entry: Move the trampoline data page before the text page
arm64: entry: Free up another register on kpti's tramp_exit path
arm64: entry: Make the trampoline cleanup optional
arm64: entry.S: Add ventry overflow sanity checks
arm64: Add Cortex-X2 CPU part definition
arm64: add ID_AA64ISAR2_EL1 sys register
arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
arm64: Add part number for Arm Cortex-A77
sctp: fix the processing for INIT chunk
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
Linux 5.4.185
KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains
x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains
x86/cpu: Add hardware-enforced cache coherency as a CPUID feature
x86/cpufeatures: Mark two free bits in word 3
ext4: add check to prevent attempting to resize an fs with sparse_super2
ARM: fix Thumb2 regression with Spectre BHB
virtio: acknowledge all features before access
virtio: unexport virtio_finalize_features
arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
riscv: Fix auipc+jalr relocation range checks
mmc: meson: Fix usage of meson_mmc_post_req()
net: macb: Fix lost RX packet wakeup race in NAPI receive
staging: gdm724x: fix use after free in gdm_lte_rx()
fuse: fix pipe buffer lifetime for direct_io
ARM: Spectre-BHB: provide empty stub for non-config
selftests/memfd: clean up mapping in mfd_fail_write
selftest/vm: fix map_fixed_noreplace test failure
tracing: Ensure trace buffer is at least 4096 bytes large
ipv6: prevent a possible race condition with lifetimes
Revert "xen-netback: Check for hotplug-status existence before watching"
Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
net-sysfs: add check for netdevice being present to speed_show
selftests/bpf: Add test for bpf_timer overwriting crash
net: bcmgenet: Don't claim WOL when its not available
sctp: fix kernel-infoleak for SCTP sockets
net: phy: DP83822: clear MISR2 register to disable interrupts
gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
gpio: ts4900: Do not set DAT and OE together
selftests: pmtu.sh: Kill tcpdump processes launched by subshell.
NFC: port100: fix use-after-free in port100_send_complete
net/mlx5: Fix a race on command flush flow
net/mlx5: Fix size field in bufferx_reg struct
ax25: Fix NULL pointer dereference in ax25_kill_by_device
net: ethernet: lpc_eth: Handle error for clk_enable
net: ethernet: ti: cpts: Handle error for clk_enable
ethernet: Fix error handling in xemaclite_of_probe
ARM: dts: aspeed: Fix AST2600 quad spi group
drm/sun4i: mixer: Fix P010 and P210 format numbers
qed: return status of qed_iov_get_link
net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
clk: qcom: gdsc: Add support to update GDSC transition delay
ANDROID: fix up rndis ABI breakage
Linux 5.4.184
Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
xen/gnttab: fix gnttab_end_foreign_access() without page specified
xen/pvcalls: use alloc/free_pages_exact()
xen/9p: use alloc/free_pages_exact()
xen: remove gnttab_query_foreign_access()
xen/gntalloc: don't use gnttab_query_foreign_access()
xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
xen/netfront: don't use gnttab_query_foreign_access() for mapped status
xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
xen/grant-table: add gnttab_try_end_foreign_access()
xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
ARM: fix build warning in proc-v7-bugs.c
ARM: Do not use NOCROSSREFS directive with ld.lld
ARM: fix co-processor register typo
ARM: fix build error when BPF_SYSCALL is disabled
ARM: include unprivileged BPF status in Spectre V2 reporting
ARM: Spectre-BHB workaround
ARM: use LOADADDR() to get load address of sections
ARM: early traps initialisation
ARM: report Spectre v2 status through sysfs
arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
arm/arm64: Provide a wrapper for SMCCC 1.1 calls
x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
x86/speculation: Warn about Spectre v2 LFENCE mitigation
x86/speculation: Update link to AMD speculation whitepaper
x86/speculation: Use generic retpoline by default on AMD
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
Documentation/hw-vuln: Update spectre doc
x86/speculation: Add eIBRS + Retpoline options
x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
Linux 5.4.183
hamradio: fix macro redefine warning
net: dcb: disable softirqs in dcbnl_flush_dev()
Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
btrfs: add missing run of delayed items after unlink during log replay
btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
btrfs: fix lost prealloc extents beyond eof after full fsync
tracing: Fix return value of __setup handlers
tracing/histogram: Fix sorting on old "cpu" value
HID: add mapping for KEY_ALL_APPLICATIONS
HID: add mapping for KEY_DICTATE
Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
nl80211: Handle nla_memdup failures in handle_nan_filter
net: chelsio: cxgb3: check the return value of pci_find_capability()
soc: fsl: qe: Check of ioremap return value
memfd: fix F_SEAL_WRITE after shmem huge page allocated
ibmvnic: free reset-work-item when flushing
igc: igc_write_phy_reg_gpy: drop premature return
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
ARM: Fix kgdb breakpoint for Thumb2
igc: igc_read_phy_reg_gpy: drop premature return
arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
can: gs_usb: change active_channels's type from atomic_t to u8
ASoC: cs4265: Fix the duplicated control name
firmware: arm_scmi: Remove space in MODULE_ALIAS name
efivars: Respect "block" flag in efivar_entry_set_safe()
ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
net: sxgbe: fix return value of __setup handler
iavf: Fix missing check for running netdev
net: stmmac: fix return value of __setup handler
mac80211: fix forwarded mesh frames AC & queue selection
ia64: ensure proper NUMA distance and possible map initialization
sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
sched/topology: Make sched_init_numa() use a set for the deduplicating sort
xen/netfront: destroy queues before real_num_tx_queues is zeroed
block: Fix fsync always failed if once failed
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
net: dcb: flush lingering app table entries for unregistered devices
batman-adv: Don't expect inter-netns unique iflink indices
batman-adv: Request iflink once in batadv_get_real_netdevice
batman-adv: Request iflink once in batadv-on-batadv check
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: don't assume sk is full socket
xfrm: enforce validity of offload input flags
xfrm: fix the if_id check in changelink
netfilter: fix use-after-free in __nf_register_net_hook()
xfrm: fix MTU regression
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
ALSA: intel_hdmi: Fix reference to PCM buffer address
ata: pata_hpt37x: fix PCI clock detection
usb: gadget: clear related members when goto fail
usb: gadget: don't release an existing dev->buf
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
i2c: qup: allow COMPILE_TEST
i2c: cadence: allow COMPILE_TEST
dmaengine: shdma: Fix runtime PM imbalance on error
cifs: fix double free race when mount fails in cifs_get_root()
Input: clear BTN_RIGHT/MIDDLE on buttonpads
ASoC: rt5682: do not block workqueue if card is unbound
ASoC: rt5668: do not block workqueue if card is unbound
i2c: bcm2835: Avoid clock stretching timeouts
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
mac80211_hwsim: report NOACK frames in tx_status
Linux 5.4.182
fget: clarify and improve __fget_files() implementation
memblock: use kfree() to release kmalloced memblock regions
Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR"
gpio: tegra186: Fix chip_data type confusion
tty: n_gsm: fix NULL pointer access due to DLCI release
tty: n_gsm: fix proper link termination after failed open
tty: n_gsm: fix encoding of control signal octet bit DV
xhci: Prevent futile URB re-submissions due to incorrect return value.
xhci: re-initialize the HC during resume if HCE was set
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
USB: serial: option: add Telit LE910R1 compositions
USB: serial: option: add support for DW5829e
tracefs: Set the group ownership in apply_options() not parse_options()
USB: gadget: validate endpoint index for xilinx udc
usb: gadget: rndis: add spinlock for rndis response list
Revert "USB: serial: ch341: add new Product ID for CH341A"
ata: pata_hpt37x: disable primary channel on HPT371
iio: Fix error handling for PM
iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
tracing: Have traceon and traceoff trigger honor the instance
RDMA/ib_srp: Fix a deadlock
configfs: fix a race in configfs_{,un}register_subsystem()
spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
net/mlx5: Fix wrong limitation of metadata match on ecpf
net/mlx5: Fix possible deadlock on rule deletion
netfilter: nf_tables: fix memory leak during stateful obj update
nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
net: Force inlining of checksum functions in net/checksum.h
net: ll_temac: check the return value of devm_kmalloc()
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
drm/edid: Always set RGB444
openvswitch: Fix setting ipv6 fields causing hw csum failure
gso: do not skip outer ip header in case of ipip and net_failover
tipc: Fix end of loop tests for list_for_each_entry()
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
bpf: Do not try bpf_msg_push_data with len 0
perf data: Fix double free in perf_session__delete()
ping: remove pr_err from ping_lookup
lan743x: fix deadlock in lan743x_phy_link_status_change()
optee: use driver internal tee_context for some rpc
tee: export teedev_open() and teedev_close_context()
x86/fpu: Correct pkru/xstate inconsistency
netfilter: nf_tables_offload: incorrect flow offload action array size
USB: zaurus: support another broken Zaurus
sr9700: sanity check for packet length
drm/amdgpu: disable MMHUB PG for Picasso
parisc/unaligned: Fix ldw() and stw() unalignment handlers
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
clk: jz4725b: fix mmc0 clock gating
cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
Revert "netfilter: conntrack: don't refresh sctp entries in closed state"
Linux 5.4.181
kconfig: fix failing to generate auto.conf
net: macb: Align the dma and coherent dma masks
net: usb: qmi_wwan: Add support for Dell DW5829e
tracing: Fix tp_printk option related with tp_printk_stop_on_boot
drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
ata: libata-core: Disable TRIM on M88V29
kconfig: let 'shell' return enough output for deep path names
arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
arm64: dts: meson-g12: add ATF BL32 reserved-memory region
arm64: dts: meson-gx: add ATF BL32 reserved-memory region
netfilter: conntrack: don't refresh sctp entries in closed state
irqchip/sifive-plic: Add missing thead,c900-plic match string
ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
ARM: OMAP2+: hwmod: Add of_node_put() before break
KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
i2c: brcmstb: fix support for DSL and CM variants
copy_process(): Move fd_install() out of sighand->siglock critical section
dmaengine: sh: rcar-dmac: Check for error num after setting mask
net: sched: limit TC_ACT_REPEAT loops
lib/iov_iter: initialize "flags" in new pipe_buffer
EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
NFS: Do not report writeback errors in nfs_getattr()
NFS: LOOKUP_DIRECTORY is also ok with symlinks
block/wbt: fix negative inflight counter when remove scsi device
mtd: rawnand: gpmi: don't leak PM reference in error path
powerpc/lib/sstep: fix 'ptesync' build error
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
ALSA: hda: Fix missing codec probe on Shenker Dock 15
ALSA: hda: Fix regression on forced probe mask option
libsubcmd: Fix use-after-free for realloc(..., 0)
bonding: fix data-races around agg_select_timer
drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
bonding: force carrier update when releasing slave
ping: fix the dif and sdif check in ping_lookup
net: ieee802154: ca8210: Fix lifs/sifs periods
net: dsa: lan9303: fix reset on probe
netfilter: nft_synproxy: unregister hooks on init error path
iwlwifi: pcie: gen2: fix locking when "HW not ready"
iwlwifi: pcie: fix locking when "HW not ready"
mmc: block: fix read single on recovery logic
vsock: remove vsock from connected table when connect is interrupted by a signal
dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
taskstats: Cleanup the use of task->exit_code
ext4: prevent partial update of the extent blocks
ext4: check for inconsistent extents between index and leaf block
ext4: check for out-of-order index extents in ext4_valid_extent_entries()
drm/radeon: Fix backlight control on iMac 12,1
iwlwifi: fix use-after-free
arm64: module/ftrace: intialize PLT at load time
arm64: module: rework special section handling
module/ftrace: handle patchable-function-entry
ftrace: add ftrace_init_nop()
Revert "module, async: async_synchronize_full() on module init iff async is used"
drm/amdgpu: fix logic inversion in check
nvme-rdma: fix possible use-after-free in transport error_recovery work
nvme-tcp: fix possible use-after-free in transport error_recovery work
nvme: fix a possible use-after-free in controller reset during load
quota: make dquot_quota_sync return errors from ->sync_fs
vfs: make freeze_super abort when sync_filesystem returns error
ax25: improve the incomplete fix to avoid UAF and NPD bugs
selftests/zram: Adapt the situation that /dev/zram0 is being used
selftests/zram01.sh: Fix compression ratio calculation
selftests/zram: Skip max_comp_streams interface on newer kernel
net: ieee802154: at86rf230: Stop leaking skb's
selftests: rtc: Increase test timeout so that all tests run
platform/x86: ISST: Fix possible circular locking dependency detected
btrfs: send: in case of IO error log it
parisc: Fix sglist access in ccio-dma.c
parisc: Fix data TLB miss in sba_unmap_sg
parisc: Drop __init from map_pages declaration
serial: parisc: GSC: fix build when IOSAPIC is not set
Revert "svm: Add warning message for AVIC IPI invalid target"
HID:Add support for UGTABLET WP5540
Makefile.extrawarn: Move -Wunaligned-access to W=1
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/mtd/nand-controller.yaml
Documentation/devicetree/bindings/spi/spi-mxic.txt
drivers/clk/qcom/clk-rcg2.c
drivers/irqchip/qcom-pdc.c
drivers/mmc/core/host.c
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
include/linux/dma-mapping.h
Change-Id: I9c58b8d579ed2c613ff4903ecca688a35ed5dbbe
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKdn9MACgkQONu9yGCS
aT4bpg//X6xA3rkYaTO2ymBqhqwvZ47OvS5M6dL4N5wTKhkuGk89Ij4XDI/z65lm
WeaRbVhvFbmnjm44lLvP8Ly5rHk/PTOVWqtGkbsFe05CStZb9VThJ9Eqrl2RfY1h
QswWZe1V3QquBCMaXVP85VjvsUmqxRz1Sq1XL7u3DE56LRzzjgBBFO6Iu3+tfI4X
6e1FOQec9nn2TRT3EQdYWy11EZawnoir5YF7wz1ao3epUu57xRLJogsaovA8Zu1l
xJPpss0wro+9aB1VSwrpSggDtYqDOnarKBst0Q2i43wSPOlcjy7DcqYpnn9JaTKf
zGchCQf/Zz0GrAuASqkwtc9ap3OhGNMv2x6RTtiH2MrKs8bH8/iQAhwwAvkgxQQg
yAUw7DxB4L069dOYXoQQw+jPH1YIsqY4k6w9KtmyjcA8S5FJh2jHuhOw5lWL9y4+
0Gz1LjoF59ZZZh49cNmKKuSmfFN3xO8CpWvz3qvd/2kjzus/dJXs7gq9+PS9uCC6
e6SccW9vp0RZ9yhSy59xHuyhEZQdeU2Wp5RGcyUEN0mXdXFGaj0asWouu2H/gm1y
coWZpcOlALk+uaP9+tYc+kLFCash98xhX10mNzb+nHODM/Mwxh+tzGbtOmQ8UuNX
KkUqXjGz3AXQZzxKOUePvq9mrAFkEkdIKZDOjdwQvoEq+iQg9Lc=
=JE5x
-----END PGP SIGNATURE-----
Merge 5.4.197 into android11-5.4-lts
Changes in 5.4.197
lockdown: also lock down previous kgdb use
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
Input: goodix - fix spurious key release events
tcp: change source port randomizarion at connect() time
secure_seq: use the 64 bits of the siphash for port offset calculation
media: vim2m: Register video device after setting up internals
media: vim2m: initialize the media device earlier
ACPI: sysfs: Make sparse happy about address space in use
ACPI: sysfs: Fix BERT error region memory mapping
pinctrl: sunxi: fix f1c100s uart2 function
net: af_key: check encryption module availability consistency
net: ftgmac100: Disable hardware checksum on AST2600
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
assoc_array: Fix BUG_ON during garbage collect
cfg80211: set custom regdomain after wiphy registration
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
exec: Force single empty string when argv is empty
netfilter: conntrack: re-fetch conntrack after insertion
crypto: ecrdsa - Fix incorrect use of vli_cmp
zsmalloc: fix races between asynchronous zspage free and page migration
dm integrity: fix error code in dm_integrity_ctr()
dm crypt: make printing of the key constant-time
dm stats: add cond_resched when looping over entries
dm verity: set DM_TARGET_IMMUTABLE feature flag
raid5: introduce MD_BROKEN
HID: multitouch: Add support for Google Whiskers Touchpad
tpm: Fix buffer access in tpm2_get_tpm_pt()
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
NFS: Memory allocation failures are not server fatal errors
NFSD: Fix possible sleep during nfsd4_release_lockowner()
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
Linux 5.4.197
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1b3af44df22d11027b65b96eaac53fe2c3b5db92
commit 45969b4152c1752089351cd6836a42a566d49bcf upstream.
The data length of skb frags + frag_list may be greater than 0xffff, and
skb_header_pointer can not handle negative offset. So, here INT_MAX is used
to check the validity of offset. Add the same change to the related function
skb_store_bytes.
Fixes: 05c74e5e53 ("bpf: add bpf_skb_load_bytes helper")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20220416105801.88708-2-liujian56@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1b7b3ac8ff3317cdcf07a1c413de9bdb68019c2b upstream.
We used to set regulatory info before the registration of
the device and then the regulatory info didn't get set, because
the device isn't registered so there isn't a device to set the
regulatory info for. So set the regulatory info after the device
registration.
Call reg_process_self_managed_hints() once again after the device
registration because it does nothing before it.
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20210618133832.c96eadcffe80.I86799c2c866b5610b4cf91115c21d8ceb525c5aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 015c44d7bff3f44d569716117becd570c179ca32 ]
Since the recent introduction supporting the SM3 and SM4 hash algos for IPsec, the kernel
produces invalid pfkey acquire messages, when these encryption modules are disabled. This
happens because the availability of the algos wasn't checked in all necessary functions.
This patch adds these checks.
Signed-off-by: Thomas Bartschies <thomas.bartschies@cvk.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit b2d057560b8107c633b39aabe517ff9d93f285e3 upstream.
SipHash replaced MD5 in secure_ipv{4,6}_port_ephemeral() via commit
7cd23e5300 ("secure_seq: use SipHash in place of MD5"), but the output
remained truncated to 32-bit only. In order to exploit more bits from the
hash, let's make the functions return the full 64-bit of siphash_3u32().
We also make sure the port offset calculation in __inet_hash_connect()
remains done on 32-bit to avoid the need for div_u64_rem() and an extra
cost on 32-bit systems.
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[SG: Adjusted context]
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 190cc82489f46f9d88e73c81a47e14f80a791e1a upstream.
RFC 6056 (Recommendations for Transport-Protocol Port Randomization)
provides good summary of why source selection needs extra care.
David Dworken reminded us that linux implements Algorithm 3
as described in RFC 6056 3.3.3
Quoting David :
In the context of the web, this creates an interesting info leak where
websites can count how many TCP connections a user's computer is
establishing over time. For example, this allows a website to count
exactly how many subresources a third party website loaded.
This also allows:
- Distinguishing between different users behind a VPN based on
distinct source port ranges.
- Tracking users over time across multiple networks.
- Covert communication channels between different browsers/browser
profiles running on the same computer
- Tracking what applications are running on a computer based on
the pattern of how fast source ports are getting incremented.
Section 3.3.4 describes an enhancement, that reduces
attackers ability to use the basic information currently
stored into the shared 'u32 hint'.
This change also decreases collision rate when
multiple applications need to connect() to
different destinations.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: David Dworken <ddworken@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKN12MACgkQONu9yGCS
aT4Uvg/8DPgL4dM+jKZ4R16cbJU1rpvY0pJEcYsepqLFXdHDSLBA04eakCXO8k+x
Ksy0kXvZuVGRRl25OuTGoTPvsmdx/D0R+XNSEvh9KPWVHdcB5FoDM4TskBz8vENR
NDfNyWImmnE2xRCxi7GjTXI7RAyaiEDGbHtpoO+E7EN3EWv1JyhkhBhL0mBpQLGk
gfzjdn7W2s5RbvH4XQFxdF5AgvnQZdMp5L92DC14/77Uo7fZXcU1VUGvASacpYu8
A2z3jZBRI+YDMeLSGXdha5LDT2KoAUu5WE9Ms3OjEOn4jfoOmPDxEwsbpupFlk/i
PRclY1oitWkOgLTTg+ZO/h72tj+kPaczVryVcdM4NKvC+10xyXHk2snW0JUxO1cI
Kls9d3f0ADBeb5bUrHc6zBk0sj4Bx8sGWigZCUEU1QCirTj/83F3g+RwM0dSuS6g
HFw5DTZ8WvPfn9SH2RQi6D4lOZydifxOOcD72iZiyt4rOpsNkO1BY74L8oNHPcuv
ukYQinLttpCiuHJFU4SYjsqH5FRkpqaun0ovD9SF8icEIJM0igI0ZJ+AMZf9ZnQJ
Ws7aijqwzoFw1GcKxNYFwDxRa5Q85pVwXkl6YS46lZGP70hqrVBgxBG/pBDBY+M7
lPtszi1Pp/9LpUIZdJLjEDIULWM3qVPLEY6EEtC70syue+XKevU=
=ZjkQ
-----END PGP SIGNATURE-----
Merge 5.4.196 into android11-5.4-lts
Changes in 5.4.196
floppy: use a statically allocated error counter
x86/xen: Make the boot CPU idle task reliable
x86/xen: Make the secondary CPU idle tasks reliable
rtc: fix use-after-free on device removal
um: Cleanup syscall_handler_t definition/cast, fix warning
Input: add bounds checking to input_set_capability()
Input: stmfts - fix reference leak in stmfts_input_open
crypto: stm32 - fix reference leak in stm32_crc_remove
crypto: x86/chacha20 - Avoid spurious jumps to other functions
ALSA: hda/realtek: Enable headset mic on Lenovo P360
nvme-multipath: fix hang when disk goes live over reconnect
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
MIPS: lantiq: check the return value of kzalloc()
drbd: remove usage of list iterator variable after loop
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
nilfs2: fix lockdep warnings in page operations for btree nodes
nilfs2: fix lockdep warnings during disk space reclamation
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
SUNRPC: Clean up scheduling of autoclose
SUNRPC: Prevent immediate close+reconnect
SUNRPC: Don't call connect() more than once on a TCP socket
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
ALSA: wavefront: Proper check of get_user() error
perf: Fix sys_perf_event_open() race against self
Fix double fget() in vhost_net_set_backend()
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
KVM: x86/mmu: Update number of zapped pages even if page list is stable
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
net: macb: Increment rx bd head after allocating skb and buffer
net/sched: act_pedit: sanitize shift argument before usage
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
ice: fix possible under reporting of ethtool Tx and Rx statistics
clk: at91: generated: consider range when calculating best rate
net/qla3xxx: Fix a test in ql_reset_work()
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/mlx5e: Properly block LRO when XDP is enabled
net: af_key: add check for pfkey_broadcast in function pfkey_process
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
igb: skip phy status check where unavailable
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
gpio: gpio-vf610: do not touch other bits when set the target bit
gpio: mvebu/pwm: Refuse requests with inverted polarity
perf bench numa: Address compiler error on s390
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
mac80211: fix rx reordering with non explicit / psmp ack policy
selftests: add ping test with ping_group_range tuned
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
net: atlantic: verify hw_head_ lies within TX buffer ring
Input: ili210x - fix reset timing
block: return ELEVATOR_DISCARD_MERGE if possible
net: stmmac: disable Split Header (SPH) for Intel platforms
firmware_loader: use kernel credentials when reading firmware
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
x86/xen: fix booting 32-bit pv guest
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
afs: Fix afs_getattr() to refetch file status if callback break occurred
Linux 5.4.196
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8464b114a6d5d655386f3c794bbb8bbc3a94e0ec
[ Upstream commit 5e469ed9764d4722c59562da13120bd2dc6834c5 ]
When the QoS ack policy was set to non explicit / psmp ack, frames are treated
as not being part of a BA session, which causes extra latency on reordering.
Fix this by only bypassing reordering for packets with no-ack policy
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://lore.kernel.org/r/20220420105038.36443-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fbb3abdf2223cd0dfc07de85fe5a43ba7f435bdf ]
It is possible to stack bridges on top of each other. Consider the
following which makes use of an Ethernet switch:
br1
/ \
/ \
/ \
br0.11 wlan0
|
br0
/ | \
p1 p2 p3
br0 is offloaded to the switch. Above br0 is a vlan interface, for
vlan 11. This vlan interface is then a slave of br1. br1 also has a
wireless interface as a slave. This setup trunks wireless lan traffic
over the copper network inside a VLAN.
A frame received on p1 which is passed up to the bridge has the
skb->offload_fwd_mark flag set to true, indicating that the switch has
dealt with forwarding the frame out ports p2 and p3 as needed. This
flag instructs the software bridge it does not need to pass the frame
back down again. However, the flag is not getting reset when the frame
is passed upwards. As a result br1 sees the flag, wrongly interprets
it, and fails to forward the frame to wlan0.
When passing a frame upwards, clear the flag. This is the Rx
equivalent of br_switchdev_frame_unmark() in br_dev_xmit().
Fixes: f1c2eddf4c ("bridge: switchdev: Use an helper to clear forward mark")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20220518005840.771575-1-andrew@lunn.ch
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4dc2a5a8f6754492180741facf2a8787f2c415d7 ]
If skb_clone() returns null pointer, pfkey_broadcast() will
return error.
Therefore, it should be better to check the return value of
pfkey_broadcast() and return error if fails.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 23dd4581350d4ffa23d58976ec46408f8f4c1e16 ]
There are sleep in atomic context bugs when the request to secure
element of st-nci is timeout. The root cause is that nci_skb_alloc
with GFP_KERNEL parameter is called in st_nci_se_wt_timeout which is
a timer handler. The call paths that could trigger bugs are shown below:
(interrupt context 1)
st_nci_se_wt_timeout
nci_hci_send_event
nci_hci_send_data
nci_skb_alloc(..., GFP_KERNEL) //may sleep
(interrupt context 2)
st_nci_se_wt_timeout
nci_hci_send_event
nci_hci_send_data
nci_send_data
nci_queue_tx_data_frags
nci_skb_alloc(..., GFP_KERNEL) //may sleep
This patch changes allocation mode of nci_skb_alloc from GFP_KERNEL to
GFP_ATOMIC in order to prevent atomic context sleeping. The GFP_ATOMIC
flag makes memory allocation operation could be used in atomic context.
Fixes: ed06aeefda ("nfc: st-nci: Rename st21nfcb to st-nci")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220517012530.75714-1-duoming@zju.edu.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4d42d54a7d6aa6d29221d3fd4f2ae9503e94f011 ]
syzbot was able to trigger an Out-of-Bound on the pedit action:
UBSAN: shift-out-of-bounds in net/sched/act_pedit.c:238:43
shift exponent 1400735974 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 3606 Comm: syz-executor151 Not tainted 5.18.0-rc5-syzkaller-00165-g810c2f0a3f86 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
ubsan_epilogue+0xb/0x50 lib/ubsan.c:151
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322
tcf_pedit_init.cold+0x1a/0x1f net/sched/act_pedit.c:238
tcf_action_init_1+0x414/0x690 net/sched/act_api.c:1367
tcf_action_init+0x530/0x8d0 net/sched/act_api.c:1432
tcf_action_add+0xf9/0x480 net/sched/act_api.c:1956
tc_ctl_action+0x346/0x470 net/sched/act_api.c:2015
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5993
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x6e2/0x800 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2496
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe36e9e1b59
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffef796fe88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe36e9e1b59
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00007fe36e9a5d00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe36e9a5d90
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
The 'shift' field is not validated, and any value above 31 will
trigger out-of-bounds. The issue predates the git history, but
syzbot was able to trigger it only after the commit mentioned in
the fixes tag, and this change only applies on top of such commit.
Address the issue bounding the 'shift' value to the maximum allowed
by the relevant operator.
Reported-and-tested-by: syzbot+8ed8fc4c57e9dcf23ca6@syzkaller.appspotmail.com
Fixes: 8b796475fd78 ("net/sched: act_pedit: really ensure the skb is writable")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit f00432063db1a0db484e85193eccc6845435b80e upstream.
We must ensure that all sockets are closed before we call xprt_free()
and release the reference to the net namespace. The problem is that
calling fput() will defer closing the socket until delayed_fput() gets
called.
Let's fix the situation by allowing rpciod and the transport teardown
code (which runs on the system wq) to call __fput_sync(), and directly
close the socket.
Reported-by: Felix Fu <foyjog@gmail.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Fixes: a73881c96d ("SUNRPC: Fix an Oops in udp_poll()")
Cc: stable@vger.kernel.org # 5.1.x: 3be232f11a3c: SUNRPC: Prevent immediate close+reconnect
Cc: stable@vger.kernel.org # 5.1.x: 89f42494f92f: SUNRPC: Don't call connect() more than once on a TCP socket
Cc: stable@vger.kernel.org # 5.1.x
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
[meenashanmugam: Fix merge conflict in xprt_connect]
Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 89f42494f92f448747bd8a7ab1ae8b5d5520577d upstream.
Avoid socket state races due to repeated calls to ->connect() using the
same socket. If connect() returns 0 due to the connection having
completed, but we are in fact in a closing state, then we may leave the
XPRT_CONNECTING flag set on the transport.
Reported-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Fixes: 3be232f11a3c ("SUNRPC: Prevent immediate close+reconnect")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
[meenashanmugam: Fix merge conflict in xs_tcp_setup_socket]
Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
From: Trond Myklebust <trond.myklebust@hammerspace.com>
commit 3be232f11a3cc9b0ef0795e39fa11bdb8e422a06 upstream.
If we have already set up the socket and are waiting for it to connect,
then don't immediately close and retry.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is the merge of the upstream LTS release of 5.4.191 into the
android11-5.4 branch.
It contains the following commits:
d81463675427 Merge tag 'android11-5.4.191_r01' into android11-5.4
84c84ac7a3 Revert "oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup"
36dda9143f Merge 5.4.191 into android11-5.4-lts
4426e6017f Linux 5.4.191
3c946909a3 Revert "net: micrel: fix KS8851_MLL Kconfig"
c028b81d06 block/compat_ioctl: fix range check in BLKGETSIZE
27da8d16e4 staging: ion: Prevent incorrect reference counting behavour
cb158b152e spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
1b6ad24210 jbd2: fix a potential race while discarding reserved buffers after an abort
0b1ba14ab2 ext4: force overhead calculation if the s_overhead_cluster makes no sense
425301ef60 ext4: fix overhead calculation to account for the reserved gdt blocks
ea9c206111 ext4, doc: fix incorrect h_reserved size
259dc49dea ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
faadbf7ac4 ext4: fix use-after-free in ext4_search_dir
0309665eb2 ext4: fix symlink file size not match to file content
ddfe3babc5 arm_pmu: Validate single/group leader events
852b02d1f8 ARC: entry: fix syscall_trace_exit argument
016ba7cbed e1000e: Fix possible overflow in LTR decoding
1217cf141b ASoC: soc-dapm: fix two incorrect uses of list iterator
aa70705560 openvswitch: fix OOB access in reserve_sfa_size()
d24e0d9d69 xtensa: fix a7 clobbering in coprocessor context load/store
4c26a96d0c xtensa: patch_text: Fixup last cpu should be master
8d6937c1e0 powerpc/perf: Fix power9 event alternatives
0dafb826ed drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
013231f75f KVM: PPC: Fix TCE handling for VFIO
9cf05812cb drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
4f08e85ca0 drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
23f0ba5585 dma: at_xdmac: fix a missing check on list iterator
a22f3c9926 ata: pata_marvell: Check the 'bmdma_addr' beforing reading
0441d3e95b oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
530d32ac52 EDAC/synopsys: Read the error count from the correct register
91367af460 stat: fix inconsistency between struct stat and struct compat_stat
837e319ebe scsi: qedi: Fix failed disconnect handling
4b813ce289 net: macb: Restart tx only if queue pointer is lagging
a1419bee4d drm/msm/mdp5: check the return of kzalloc()
80b188da30 dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
46f9fa0a66 brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
12a753edd9 mt76: Fix undefined behavior due to shift overflowing the constant
7c48a6e62d cifs: Check the IOCB_DIRECT flag, not O_DIRECT
435142fbdc vxlan: fix error return code in vxlan_fdb_append
99c2d9a52f ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
3e28d157e5 platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
54be94d336 reset: tegra-bpmp: Restore Handle errors in BPMP response
0cb2c00dd1 ARM: vexpress/spc: Avoid negative array index when !SMP
3a5ad1b8db selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
d37295129e netlink: reset network and mac headers in netlink_dump()
4c4f2a019f l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
8c5ca6492a net/sched: cls_u32: fix possible leak in u32_init_knode()
f883def546 net/packet: fix packet_sock xmit return value checking
e1bc684c81 net/smc: Fix sock leak when release after smc_shutdown()
f10e5c9f22 rxrpc: Restore removed timer deletion
9a9c481593 igc: Fix BUG: scheduling while atomic
f9d5d17d23 igc: Fix infinite loop in release_swfw_sync
6d6271dbbb dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
65c36555bd dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ccf554d148 ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
6a20bf46c6 ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
6a54979c78 ALSA: usb-audio: Clear MIDI port active flag after draining
9c99aacfb4 tcp: Fix potential use-after-free due to double kfree()
5a4f3eba21 net/sched: cls_u32: fix netns refcount changes in u32_change()
b01b700e0c tcp: fix race condition when creating child sockets from syncookies
ebb3b84596 gfs2: assign rgrp glock before compute_bitstructs
660784e719 can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
2da11442a1 tracing: Dump stacktrace trigger to the corresponding instance
bad7ed5575 mm: page_alloc: fix building error on -Werror=array-compare
ac94e87675 etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
af912bfbcd Merge branch 'android11-5.4' into 'android11-5.4-lts'
4bd8a3c04c Merge 5.4.190 into android11-5.4-lts
dc213ac856 Linux 5.4.190
a83a18c4c9 ax25: Fix UAF bugs in ax25 timers
40cb8b3b19 ax25: Fix NULL pointer dereferences in ax25 timers
d2be5b563e ax25: fix NPD bug in ax25_disconnect
eaa7eb23fa ax25: fix UAF bug in ax25_send_control()
9e1e088a57 ax25: Fix refcount leaks caused by ax25_cb_del()
7528d0f221 ax25: fix UAF bugs of net_device caused by rebinding operation
1db0b2c55c ax25: fix reference count leaks of ax25_dev
418993bbaa ax25: add refcount in ax25_dev to avoid UAF bugs
4459946e86 dma-direct: avoid redundant memory sync for swiotlb
7efb8e49f6 i2c: pasemi: Wait for write xfers to finish
659855c62c smp: Fix offline cpu check in flush_smp_call_function_queue()
7f84c93722 dm integrity: fix memory corruption when tag_size is less than digest size
89931d4762 ARM: davinci: da850-evm: Avoid NULL pointer dereference
28956e530b tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
f4fb50ee25 genirq/affinity: Consider that CPUs on nodes can be unbalanced
f616ecec0f drm/amd/display: don't ignore alpha property on pre-multiplied mode
ab2f5afb7a ipv6: fix panic when forwarding a pkt with no in6 dev
377a80ca65 ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
5f77b1c0e6 ALSA: hda/realtek: Add quirk for Clevo PD50PNT
358e7b451a btrfs: mark resumed async balance as writing
d5b0b11c06 btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
0aad67337f ath9k: Fix usage of driver-private space in tx_info
7fb98e4f5b ath9k: Properly clear TX status area before reporting to mac80211
7a9e1327cc gcc-plugins: latent_entropy: use /dev/urandom
534d0aebe1 mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
b56d305274 mm, page_alloc: fix build_zonerefs_node()
e07a70ca83 perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
d05cd68ed8 drivers: net: slip: fix NPD bug in sl_tx_timeout()
6d41134f30 scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
3ecd43dcda scsi: mvsas: Add PCI ID of RocketRaid 2640
deab81144d powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
dd9b4b435a drm/amd/display: Fix allocate_mst_payload assert on resume
404998a137 net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
4a24416796 tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
29c2910c50 arm64: alternatives: mark patch_alternative() as `noinstr`
8c4db601ac regulator: wm8994: Add an off-on delay for WM8994 variant
066180758f gpu: ipu-v3: Fix dev_dbg frequency output
b4ef44c7c2 ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
4cd3c9e070 net: micrel: fix KS8851_MLL Kconfig
6117facb44 scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
fb7a511542 scsi: target: tcmu: Fix possible page UAF
70b97c1546 Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
c7a268b338 drm/amdkfd: Check for potential null return of kmalloc_array()
2f3e1f3863 drm/amdkfd: Fix Incorrect VMIDs passed to HWS
46ca8233f1 drm/amd/display: Update VTEM Infopacket definition
74090c44c1 drm/amd/display: fix audio format not updated after edid updated
0b3c2222d7 drm/amd: Add USBC connector ID
22d658c6c5 cifs: potential buffer overflow in handling symlinks
5c63ad2b0a nfc: nci: add flush_workqueue to prevent uaf
1407cc68aa testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
37e54d151e sctp: Initialize daddr on peeled off socket
a05f5e26cb net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
1ac7c6d75e drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
02ee10d2a4 cfg80211: hold bss_lock while updating nontrans_list
99a435c378 net/sched: taprio: Check if socket flags are valid
7e59fdf954 net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
94541468c1 net/sched: fix initialization order when updating chain 0 head
4f83ba16a1 mlxsw: i2c: Fix initialization error flow
8cefae8c40 gpiolib: acpi: use correct format characters
2fd90b86df veth: Ensure eth header is in skb's linear part
5f2e543918 net/sched: flower: fix parsing of ethertype following VLAN header
9250186785 memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
347d6f40b8 ANDROID: GKI: fix crc issue with commit 3f91687e6e ("block: don't merge across cgroup boundaries if blkcg is enabled")
ebb848e772 Revert "PCI: Reduce warnings on possible RW1C corruption"
023cd1cf3f Merge 5.4.189 into android11-5.4-lts
e7f5213d75 Linux 5.4.189
b15feb09a3 ACPI: processor idle: Check for architectural support for LPI
60b6aae072 cpuidle: PSCI: Move the `has_lpi` check to the beginning of the function
598a22a077 selftests: cgroup: Test open-time cgroup namespace usage for migration checks
a3f6c5949f selftests: cgroup: Test open-time credential usage for migration checks
48848242d3 selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
8a887060af cgroup: Use open-time cgroup namespace for process migration perm checks
9bd1ced646 cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
691a0fd625 cgroup: Use open-time credentials for process migraton perm checks
1a623d361f io_uring: fix fs->users overflow
33fcb359a6 drm/amdkfd: Fix -Wstrict-prototypes from amdgpu_amdkfd_gfx_10_0_get_functions()
1549bc8cc1 drm/amdkfd: add missing void argument to function kgd2kfd_init
fdfb9ae261 mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
a0c0867f06 arm64: module: remove (NOLOAD) from linker script
2bd5b0d56d mm: don't skip swap entry even if zap_details specified
dfa87d9a5d mmc: mmci: stm32: correctly check all elements of sg list
c645de49e9 mmc: mmci_sdmmc: Replace sg_dma_xxx macros
0d99cce85e dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
9e6980c68c tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
f0752ee5ef tools build: Filter out options and warnings not supported by clang
3c07cc242b irqchip/gic-v3: Fix GICR_CTLR.RWP polling
e44d6af17b perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
55e1465ba7 ata: sata_dwc_460ex: Fix crash due to OOB write
b0c4b3fc01 arm64: patch_text: Fixup last cpu should be master
44277c50fd btrfs: fix qgroup reserve overflow the qgroup limit
17f3e31c86 x86/speculation: Restore speculation related MSRs during S3 resume
0b8043e0fc x86/pm: Save the MSR validity status at context setup
25f506273b mm/mempolicy: fix mpol_new leak in shared_policy_replace
c19d8de4e6 mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
73953dfa9d lz4: fix LZ4_decompress_safe_partial read out of bound
3b35143888 mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
0869cb9f62 Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
c79c1846bd perf session: Remap buf if there is no space for event
9b6894db7c perf tools: Fix perf's libperf_print callback
4ecef6f28a SUNRPC: Handle low memory situations in call_status()
9a0da98a36 SUNRPC: Handle ENOMEM in call_transmit_status()
b6a4055036 drbd: Fix five use after free bugs in get_initial_state
a581b08921 bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
eb175e0606 spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
034a92c6a8 qede: confirm skb is allocated before using
7ee84d29f2 rxrpc: fix a race in rxrpc_exit_net()
fee500c335 net: openvswitch: don't send internal clone attribute to the userspace.
c154cf184b ipv6: Fix stats accounting in ip6_pkt_drop
fbe5f4c0dd dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
8a50937227 IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
1ef586a864 bnxt_en: reserve space inside receive page for skb_shared_info
c539a6a589 drm/imx: Fix memory leak in imx_pd_connector_get_modes
cc9c2f51cd net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
f5064531c2 net: ipv4: fix route with nexthop object delete warning
2b7d14c105 net/tls: fix slab-out-of-bounds bug in decrypt_internal
34a47f7ddb scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
2133c422a1 Drivers: hv: vmbus: Fix potential crash on module unload
c5e12c3a47 drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
0091429095 KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL
18e0097daf mm: fix race between MADV_FREE reclaim and blkdev direct IO read
abb1f310e7 parisc: Fix patch code locking and flushing
bab8e3b4f6 parisc: Fix CPU affinity for Lasi, WAX and Dino chips
1b8a6d1bda SUNRPC: Fix socket waits for write buffer space
e19c3149a8 jfs: prevent NULL deref in diFree
3504b0a177 virtio_console: eliminate anonymous module_init & module_exit
60ade478c9 serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
14e6bab373 NFS: swap-out must always use STABLE writes.
66cf5de084 NFS: swap IO handling is slightly different for O_DIRECT IO
fa47286c01 SUNRPC/call_alloc: async tasks mustn't block waiting for memory
e427cd0ad5 clk: Enforce that disjoints limits are invalid
8a7462b521 xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
3f8f3a1c10 NFSv4: Protect the state recovery thread against direct reclaim
96cdf2fdbe w1: w1_therm: fixes w1_seq for ds28ea00 sensors
823f0364d4 clk: si5341: fix reported clk_rate when output divider is 2
f4e16d12bc minix: fix bug when opening a file with O_DIRECT
a95bbfea8f init/main.c: return 1 from handled __setup() functions
b4be80aa4b netlabel: fix out-of-bounds memory accesses
3803d896dd Bluetooth: Fix use after free in hci_send_acl
8beb760f63 xtensa: fix DTC warning unit_address_format
d41bdccb3c usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
5cf2ce8967 scsi: libfc: Fix use after free in fc_exch_abts_resp()
0aeaadc52b MIPS: fix fortify panic when copying asm exception handlers
c871b83748 bnxt_en: Eliminate unintended link toggle during FW reset
1166f5c139 tuntap: add sanity checks about msg_controllen in sendmsg
c68dd44fb8 macvtap: advertise link netns via netlink
060a485df4 mips: ralink: fix a refcount leak in ill_acc_of_setup()
1dd7569b8c net/smc: correct settings of RMB window update limit
2fda284a3a scsi: aha152x: Fix aha152x_setup() __setup handler return value
a0ef536256 scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
a45af7e340 drm/amdkfd: make CRAT table missing message informational only
0320bac580 dm ioctl: prevent potential spectre v1 gadget
73dd98ac19 ipv4: Invalidate neighbour for broadcast address upon address addition
f5e4f728d5 power: supply: axp288-charger: Set Vhold to 4.4V
6e2dff272c PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
4225947957 usb: ehci: add pci device support for Aspeed platforms
ea057ac8c9 iommu/arm-smmu-v3: fix event handling soft lockup
4e85f5ab58 PCI: aardvark: Fix support for MSI interrupts
c0e9d868a1 drm/amdgpu: Fix recursive locking warning
cee00fd800 powerpc: Set crashkernel offset to mid of RMA region
fbb7b03320 ipv6: make mc_forwarding atomic
9f24efe239 power: supply: axp20x_battery: properly report current when discharging
3575fa75da scsi: bfa: Replace snprintf() with sysfs_emit()
9cd46ee374 scsi: mvsas: Replace snprintf() with sysfs_emit()
ca5da71a58 bpf: Make dst_port field in struct bpf_sock 16-bit wide
90dbc4c664 powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
9388d87609 ptp: replace snprintf with sysfs_emit
4009f104b0 drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
c4e2f57727 ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
61ffe21833 drm: Add orientation quirk for GPD Win Max
01f700bae4 KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
a5476f8d35 ARM: 9187/1: JIVE: fix return value of __setup handler
63efb90030 riscv module: remove (NOLOAD)
68a7bb6948 rtc: wm8350: Handle error for wm8350_register_irq
d95e0367fd ubifs: Rectify space amount budget for mkdir/tmpfile operations
9e24d03dd4 KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
1553126ecc KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
eb05ef70b6 openvswitch: Fixed nd target mask field in the flow dump.
ce8043771f um: Fix uml_mconsole stop/go
337eb95570 ARM: dts: spear13xx: Update SPI dma properties
4e48a66623 ARM: dts: spear1340: Update serial node properties
7f19400e59 ASoC: topology: Allow TLV control to be either read or write
32a76a5574 ubi: fastmap: Return error code if memory allocation fails in add_aeb()
0c1a26c3d3 dt-bindings: spi: mxic: The interrupt property is not mandatory
97ba943e99 dt-bindings: mtd: nand-controller: Fix a comment in the examples
a42ab650d3 dt-bindings: mtd: nand-controller: Fix the reg property description
7d418a0a56 bpf: Fix comment for helper bpf_current_task_under_cgroup()
a075e95614 mm/usercopy: return 1 from hardened_usercopy __setup() handler
abc0b4ea02 mm/memcontrol: return 1 from cgroup.memory __setup() handler
2e16f48838 mm/mmap: return 1 from stack_guard_gap __setup() handler
d650ed0617 ASoC: soc-compress: Change the check for codec_dai
7f19245c36 powerpc/kasan: Fix early region not updated correctly
cb249f8c00 ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
7d4a3c930d ARM: iop32x: offset IRQ numbers by 1
d727fd32cb ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
4f9a59cf84 ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
230987c2bb pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
18455cc74e pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
9611d8ef68 pinctrl: pinconf-generic: Print arguments for bias-pull-*
b0c0f40570 net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
2a548fbf09 gfs2: Make sure FITRIM minlen is rounded up to fs block size
8d67f67361 rtc: check if __rtc_read_time was successful
9a8835902e XArray: Update the LRU list in xas_split()
cbd110b8dd can: mcba_usb: properly check endpoint type
2dfe9422d5 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
3e2852eda1 XArray: Fix xas_create_range() when multi-order entry present
a840286f13 ubifs: rename_whiteout: correct old_dir size computing
b80ccbec0e ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
1afe219e4a ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
786013ecba ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
37bdf1ad59 ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
14276d38c8 ubifs: rename_whiteout: Fix double free for whiteout_ui->data
01df5f7627 ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
4c277c846a KVM: x86: fix sending PV IPI
a1c03f11cc KVM: Prevent module exit until all VMs are freed
8f608ee87e scsi: qla2xxx: Use correct feature type field during RFF_ID processing
af744ef8f1 scsi: qla2xxx: Reduce false trigger to login
7f9ce17a1d scsi: qla2xxx: Fix N2N inconsistent PLOGI
2d087c7e55 scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
4a0a3c66a5 scsi: qla2xxx: Fix hang due to session stuck
9d1651c8a4 scsi: qla2xxx: Fix incorrect reporting of task management failure
2eb1274176 scsi: qla2xxx: Fix disk failure to rediscover
8077a7162b scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
c478b2cde9 scsi: qla2xxx: Check for firmware dump already collected
96391480ab scsi: qla2xxx: Add devids and conditionals for 28xx
08d04784cc scsi: qla2xxx: Fix device reconnect in loop topology
167debaeaa scsi: qla2xxx: Fix warning for missing error code
e67e9620a0 scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
8e561cbb78 scsi: qla2xxx: Fix stuck session in gpdb
f196d94cc7 powerpc: Fix build errors with newer binutils
71ca99a509 powerpc/lib/sstep: Fix build errors with newer binutils
d42b045e92 powerpc/lib/sstep: Fix 'sthcx' instruction
0af21531f5 ALSA: hda/realtek: Add alc256-samsung-headphone fixup
95d65bca6e mmc: host: Return an error when ->enable_sdio_irq() ops is missing
813553e4a9 media: hdpvr: initialize dev->worker at hdpvr_register_videodev
236311be09 media: Revert "media: em28xx: add missing em28xx_close_extension"
3b36c05f68 video: fbdev: sm712fb: Fix crash in smtcfb_write()
11186875ba ARM: mmp: Fix failure to remove sram device
dc958cd4c8 ARM: tegra: tamonten: Fix I2C3 pad setting
691b0c0cb6 media: cx88-mpeg: clear interrupt status register before streaming video
b239e9d52d ASoC: soc-core: skip zero num_dai component in searching dai name
7d0afbc41b video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
efe9631a76 video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
ee7ce43367 video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
046d9fd86b ASoC: madera: Add dependencies on MFD
46ac0e768d ARM: dts: bcm2837: Add the missing L1/L2 cache information
bf27f5dfcf ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
3856562e94 video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
53a2088a39 video: fbdev: cirrusfb: check pixclock to avoid divide by zero
b19c7df304 video: fbdev: w100fb: Reset global state
055cdd2e7b video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
fe41ad8be0 ntfs: add sanity check on allocation size
5a016c053f ext4: don't BUG if someone dirty pages without asking ext4 first
07150842fa spi: tegra20: Use of_device_get_match_data()
0cccf9d4fb PM: core: keep irq flags in device_pm_check_callbacks()
f24e2362d6 ACPI/APEI: Limit printable size of BERT table data
931aff6274 Revert "Revert "block, bfq: honor already-setup queue merges""
7a7b11d694 lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
c7f6ae51b1 ACPICA: Avoid walking the ACPI Namespace if it is not there
5117c9ff4c bfq: fix use-after-free in bfq_dispatch_request
e464aafd35 irqchip/nvic: Release nvic_base upon failure
c159eb634e irqchip/qcom-pdc: Fix broken locking
c345724f2b Fix incorrect type in assignment of ipv6 port for audit
927649f3f3 loop: use sysfs_emit() in the sysfs xxx show()
799f22279e selinux: use correct type for context length
c4f5a678ad block, bfq: don't move oom_bfqq
f409e9d178 pinctrl: npcm: Fix broken references to chip->parent_device
f36dd10d1b gcc-plugins/stackleak: Exactly match strings instead of prefixes
ddcdda888e LSM: general protection fault in legacy_parse_param
1f316b42a8 lib/test: use after free in register_test_dev_kmod()
7a2ba24cee net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
910a98e5c1 NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
9acf05b4e7 net/x25: Fix null-ptr-deref caused by x25_disconnect
d15a70fcda qlcnic: dcb: default to returning -EOPNOTSUPP
8ba93ab509 selftests: test_vxlan_under_vrf: Fix broken test case
ae713d7d99 net: phy: broadcom: Fix brcm_fet_config_init()
ab2c789d1c xen: fix is_xen_pmu()
d85841e4b2 clk: Initialize orphan req_rate
025c75ba38 clk: qcom: gcc-msm8994: Fix gpll4 width
f6f1c9a51e NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
806ef544cf netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
cec71a718c jfs: fix divide error in dbNextAG
b3ac1e0196 driver core: dd: fix return value of __setup handler
1bb231de81 firmware: google: Properly state IOMEM dependency
e9f2a8c642 kgdbts: fix return value of __setup handler
16fe77f86a kgdboc: fix return value of __setup handler
7c617cb38c tty: hvc: fix return value of __setup handler
0615a444c5 pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
bc1e29a351 pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
27681f9e02 pinctrl: mediatek: paris: Fix pingroup pin config state readback
e9eacc8952 pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
b348618c17 pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
6e0d696188 staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
efc605469e NFS: remove unneeded check in decode_devicenotify_args()
110c038779 clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
2b5e68095c clk: clps711x: Terminate clk_div_table with sentinel element
166c0185f3 clk: loongson1: Terminate clk_div_table with sentinel element
1d04467bbb clk: actions: Terminate clk_div_table with sentinel element
50b48ba439 remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
b5625e7a16 remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
16ad029942 clk: qcom: clk-rcg2: Update the frac table for pixel clock
52592f9afb clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
b576488fa3 clk: imx7d: Remove audio_mclk_root_clk
79467b9563 dma-debug: fix return value of __setup handlers
fe334765e4 NFS: Return valid errors from nfs2/3_decode_dirent()
546604de8a iio: adc: Add check for devm_request_threaded_irq
1da082f728 serial: 8250: Fix race condition in RTS-after-send handling
617d9c0b98 serial: 8250_mid: Balance reference count for PCI DMA device
61d3fdef61 phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
84ee0c81dd clk: qcom: ipq8074: Use floor ops for SDCC1 clock
dd719fca42 pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
b82465c1ff staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
3ba0143128 misc: alcor_pci: Fix an error handling path
af1fdbbb7b pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
996291d068 mxser: fix xmit_buf leak in activate when LSR == 0xff
58200dedbd mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
043b197013 tipc: fix the timer expires after interval 100ms
6e2e80b2e9 openvswitch: always update flow key after nat
7a970dbb7d tcp: ensure PMTU updates are processed during fastopen
b4725ad1e4 selftests/bpf/test_lirc_mode2.sh: Exit with proper code
1c7b252a60 i2c: mux: demux-pinctrl: do not deactivate a master that is not active
41249fff50 af_netlink: Fix shift out of bounds in group mask calculation
874eca9396 Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
2fe415601b USB: storage: ums-realtek: fix error code in rts51x_read_mem()
94c6ac22ab bpf, sockmap: Fix double uncharge the mem of sk_msg
244ce90c8d bpf, sockmap: Fix more uncharged while msg has more_data
6d03722c34 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
0174a89663 RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
9b08d211db mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
443121c994 MIPS: RB532: fix return value of __setup handler
9a9a62846c vxcan: enable local echo for sent CAN frames
6f259b1a4a powerpc: 8xx: fix a return value error in mpc8xx_pic_init
d87803ba6b selftests/bpf: Make test_lwt_ip_encap more stable and faster
ac6edd6fcb mfd: mc13xxx: Add check for mc13xxx_irq_request
d2577dc2b3 powerpc/sysdev: fix incorrect use to determine if list is empty
7192df97a0 mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
10705a4305 PCI: Reduce warnings on possible RW1C corruption
90bec38f6a power: supply: wm8350-power: Add missing free in free_charger_irq
a16d8f4191 power: supply: wm8350-power: Handle error for wm8350_register_irq
c703292315 i2c: xiic: Make bus names unique
6f41e4a69b hv_balloon: rate-limit "Unhandled message" warning
c00a91aca2 KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
5f43ec383e KVM: x86: Fix emulation in writing cr8
e91ba23f55 powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
3c660fa0f9 libbpf: Skip forward declaration when counting duplicated type names
b62e615a61 bpf, arm64: Feed byte-offset into bpf line info
8f3192a241 bpf, arm64: Call build_prologue() first in first JIT pass
54bc98a0ab drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
30c5cf4bf2 scsi: hisi_sas: Change permission of parameter prot_mask
e2cd206815 power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
a725070701 drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
cc16d0bc1c ext2: correct max file size computing
b689622cc4 TOMOYO: fix __setup handlers return values
aa7981012a drm/amd/display: Remove vupdate_int_entry definition
765674e3b3 scsi: pm8001: Fix abort all task initialization
442685f952 scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
e7336d4775 scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
898c73387e scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
5e3359ed09 dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
37e847b674 iwlwifi: mvm: Fix an error code in iwl_mvm_up()
4ad7d29ee4 iwlwifi: Fix -EIO error code that is never returned
770d42fff1 dax: make sure inodes are flushed before destroy cache
c10980c522 IB/cma: Allow XRC INI QPs to set their local ACK timeout
2eaa9d86e0 drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
8ae97a595b iommu/ipmmu-vmsa: Check for error num after setting mask
a29ce9592c HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
41ed613642 power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
af5ad6e837 PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
93b47d22d6 net: dsa: mv88e6xxx: Enable port policy support on 6097
b03c06171b mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
eb5932160e mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
d2ee8da9f7 powerpc/perf: Don't use perf_hw_context for trace IMC PMU
135eb4e2be ray_cs: Check ioremap return value
3be1bb175f power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
9a0e270c40 i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
5607badbb1 KVM: PPC: Fix vmx/vsx mixup in mmio emulation
4d244b7311 ath9k_htc: fix uninit value bugs
57f4ad5e28 drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
1feb6ff89d drm/edid: Don't clear formats if using deep color
0d0ee651e7 mtd: rawnand: gpmi: fix controller timings setting
750d2dc19f mtd: onenand: Check for error irq
d58d281d6a Bluetooth: hci_serdev: call init_rwsem() before p->open()
5d50f851dd udmabuf: validate ubuf->pagecount
2cf7d537d3 ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
820e469a2f drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
e7a0c8546f drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
f419751373 ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
1f31073b77 mmc: davinci_mmc: Handle error for clk_enable
93476f9f82 ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
9e1fdf18fe ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
67e12f1cb2 ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ed41d104be ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
29e91a49b6 ivtv: fix incorrect device_caps for ivtvfb
0342da6350 video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
58e42ee4a0 ASoC: fsi: Add check for clk_enable
ea9adaa598 ASoC: wm8350: Handle error for wm8350_register_irq
0325193cf4 ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
3cc050df73 media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
97398470c9 arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
7025f40690 ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
fd5dda439e memory: emif: check the pointer temp in get_device_details()
0ead05f721 memory: emif: Add check for setup_interrupts
68a69ad8df ASoC: soc-compress: prevent the potentially use of null pointer
af6e1d11f7 ASoC: atmel_ssc_dai: Handle errors for clk_enable
fd0c4082fd ASoC: mxs-saif: Handle errors for clk_enable
5847873140 printk: fix return value of printk.devkmsg __setup handler
38bc92ae39 arm64: dts: broadcom: Fix sata nodename
9873232fde arm64: dts: ns2: Fix spi-cpol and spi-cpha property
c6475df1e7 ALSA: spi: Add check for clk_enable()
e0cfb41d46 ASoC: ti: davinci-i2s: Add check for clk_enable()
3905742f93 ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
a975000e7a uaccess: fix nios2 and microblaze get_user_8()
14cd5a8e61 media: usb: go7007: s2250-board: fix leak in probe()
92f84aa82d media: em28xx: initialize refcount before kref_get
c6f0999461 media: video/hdmi: handle short reads of hdmi info frame.
a9d0bb2988 ARM: dts: imx: Add missing LVDS decoder on M53Menlo
cac1473d83 soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
fb7f2eabfe arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
583fcb66ab soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
755dbc3d73 soc: qcom: rpmpd: Check for null return of devm_kcalloc
12081a1520 ARM: dts: qcom: ipq4019: fix sleep clock
547d36fa41 video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
125d10f0be video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
da8b269cc0 video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
4d847e455d media: aspeed: Correct value for h-total-pixels
bd342c7bef media: hantro: Fix overfill bottom register field name
db1b3b99d6 media: coda: Fix missing put_device() call in coda_get_vdoa_data
b0f6b41490 media: bttv: fix WARNING regression on tunerless devices
0478ccdc8e f2fs: fix to avoid potential deadlock
005f9cdab7 f2fs: fix missing free nid in f2fs_handle_failed_inode
a2e534c6a0 perf/x86/intel/pt: Fix address filter config for 32-bit kernel
015d31165d perf/core: Fix address filter parser for multiple filters
841f5b235d sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
715a343172 clocksource: acpi_pm: fix return value of __setup handler
4c0173521d hwmon: (pmbus) Add Vin unit off handling
acba286182 crypto: ccp - ccp_dmaengine_unregister release dma channels
39a521faf4 ACPI: APEI: fix return value of __setup handlers
8dc887ae33 clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
b305975a66 crypto: vmx - add missing dependencies
b7f3e230ca hwrng: atmel - disable trng on failure path
63266a1488 PM: suspend: fix return value of __setup handler
6c4c026c3d PM: hibernate: fix __setup handler error handling
84fe3ca6e7 block: don't delete queue kobject before its children
b68d1742f4 hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
bf78aca8e4 hwmon: (pmbus) Add mutex to regulator ops
00d67f54b8 spi: pxa2xx-pci: Balance reference count for PCI DMA device
40e6d5d1de crypto: ccree - don't attempt 0 len DMA mappings
c3a5acf91c audit: log AUDIT_TIME_* records only from rules
152ebc0ee9 selftests/x86: Add validity check and allow field splitting
f8a3de8d7c spi: tegra114: Add missing IRQ check in tegra_spi_probe
e5e748a6ff crypto: mxs-dcp - Fix scatterlist processing
30d3f45bcf crypto: authenc - Fix sleep in atomic context in decrypt_tail
9b19022137 regulator: qcom_smd: fix for_each_child.cocci warnings
accf175d0c PCI: pciehp: Clear cmd_busy bit in polling mode
a92f720554 brcmfmac: pcie: Fix crashes due to early IRQs
51fffd722e brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
d0ab87f8dc brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
2c894b12b2 brcmfmac: firmware: Allocate space for default boardrev in nvram
34a57be0f9 xtensa: fix xtensa_wsr always writing 0
54c9fb17be xtensa: fix stop_machine_cpuslocked call in patch_text
4df9d88a9c media: davinci: vpif: fix unbalanced runtime PM get
28859c3a77 DEC: Limit PMAX memory probing to R3k systems
baa4aa800d crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
058b2e59db crypto: rsa-pkcs1pad - restore signature length check
7973dc9118 crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
002288800e lib/raid6/test: fix multiple definition linking error
e73efa5ad5 thermal: int340x: Increase bitmap size
5d553ed5c5 carl9170: fix missing bit-wise or operator for tx_params
55f078dc66 ARM: dts: exynos: add missing HDMI supplies on SMDK5420
0e0d9bd6be ARM: dts: exynos: add missing HDMI supplies on SMDK5250
a77dd759bd ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
2fafe8b57c ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
51186190c4 video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
478154be3a video: fbdev: sm712fb: Fix crash in smtcfb_read()
67643b89fb drm/edid: check basic audio support on CEA extension block
3f91687e6e block: don't merge across cgroup boundaries if blkcg is enabled
8d3a7b2064 mailbox: tegra-hsp: Flush whole channel
28c8fd84be drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
5217ae080e ACPI: properties: Consistently return -ENOENT if there are no more references
f3ec0c9db5 udp: call udp_encap_enable for v6 sockets when enabling encap
11dc8286f9 powerpc/kvm: Fix kvm_use_magic_page
ded6277630 drbd: fix potential silent data corruption
35b72d8e2c mm/kmemleak: reset tag when compare object pointer
d102fcacfc mm,hwpoison: unmap poisoned page before invalidation
099553a1a8 ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
a86bde8930 ALSA: cs4236: fix an incorrect NULL check on list iterator
8489774120 Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
097479aeb2 riscv: Fix fill_callchain return value
c82cbbefc6 qed: validate and restrict untrusted VFs vlan promisc mode
5081cbfb62 qed: display VF trust config
930a3ed5d8 scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
ae2a271ed5 mempolicy: mbind_range() set_policy() after vma_merge()
d1313f5e8f mm: invalidate hwpoison page cache page in fault path
2efe956a74 mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
455f4a2349 jffs2: fix memory leak in jffs2_scan_medium
0978e9af45 jffs2: fix memory leak in jffs2_do_mount_fs
30bf7244ac jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
e27caad38b can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
00a856fa69 spi: mxic: Fix the transmit path
e05221d201 pinctrl: samsung: drop pin banks references on error paths
0996eaaddf f2fs: fix to do sanity check on .cp_pack_total_block_count
f1d5946d47 f2fs: quota: fix loop condition at f2fs_quota_sync()
947ca26390 f2fs: fix to unlock page correctly in error path of is_alive()
ce1aa09cc1 NFSD: prevent integer overflow on 32 bit systems
85259340fc NFSD: prevent underflow in nfssvc_decode_writeargs()
1cfeeeee8c SUNRPC: avoid race between mod_timer() and del_timer_sync()
1a1e73e9ad HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
beb7d96906 Documentation: update stable tree link
20de1038e2 Documentation: add link to stable release candidate tree
d312c0035e KEYS: fix length validation in keyctl_pkey_params_get_2()
2458ecd21f ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
8a609c88fe clk: uniphier: Fix fixed-rate initialization
9d97610e74 greybus: svc: fix an error handling bug in gb_svc_hello()
468757502e iio: inkern: make a best effort on offset calculation
be2b89a909 iio: inkern: apply consumer scale when no channel scale is available
5be8a07b95 iio: inkern: apply consumer scale on IIO_VAL_INT cases
c459b27945 iio: afe: rescale: use s64 for temporary scale calculations
576a1ce64c coresight: Fix TRCCONFIGR.QE sysfs interface
d8f98a23b4 xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
b310e82e77 xhci: make xhci_handshake timeout for xhci_reset() adjustable
a771cc784a xhci: fix runtime PM imbalance in USB2 resume
b5a7ab0e1a USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
212765c94f virtio-blk: Use blk_validate_block_size() to validate block size
40f282870d block: Add a helper to validate the block size
a27ed2f369 tpm: fix reference counting for struct tpm_chip
631bb18e83 iommu/iova: Improve 32-bit free space estimate
2e2dee5e22 net: dsa: microchip: add spi_device_id tables
ef388db2fe af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
0cdb512da0 spi: Fix erroneous sgs value with min_t()
ab951c9c23 net:mcf8390: Use platform_get_irq() to get the interrupt
e62e6c2d7a spi: Fix invalid sgs value
96f9c386fe ethernet: sun: Free the coherent when failing in probing
aa3c3746e7 virtio_console: break out of buf poll on remove
291efbad3d xfrm: fix tunnel model fragmentation behavior
a83df90a3b HID: logitech-dj: add new lightspeed receiver id
5c727ba42c netdevice: add the case if dev is NULL
7e9c9e3f62 USB: serial: simple: add Nokia phone driver
80e5bf89a8 USB: serial: pl2303: add IBM device IDs
6bfc5377a2 swiotlb: fix info leak with DMA_FROM_DEVICE
5789342ce9 Merge 5.4.188 into android11-5.4-lts
2845ff3fd3 Linux 5.4.188
993c23880b llc: only change llc->dev when bind() succeeds
bb4878b39d nds32: fix access_ok() checks in get/put_user
5b1d2561a0 tpm: use try_get_ops() in tpm-space.c
3bbd0000d0 mac80211: fix potential double free on mesh join
cda27a2c6d rcu: Don't deboost before reporting expedited quiescent state
edcc12ae32 crypto: qat - disable registration of algorithms
b0222e222d ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
d7f29f397b ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
2374007850 ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
06f0ff82c7 netfilter: nf_tables: initialize registers in nft_do_chain()
5061bf0f79 ALSA: hda/realtek: Add quirk for ASUS GA402
f7a7cd530a ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
0c4190b41a ALSA: oss: Fix PCM OSS buffer allocation overflow
ab49515f7d ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
d5c7e1987c drivers: net: xgene: Fix regression in CRC stripping
7870321eaf ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
1f4eefc585 ALSA: cmipci: Restore aux vol on suspend/resume
d86bf7e073 ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
0f27a350f8 ALSA: pcm: Add stream lock during PCM reset ioctl operations
572f9a0d3f llc: fix netdevice reference leaks in llc_ui_bind()
2e798814e0 thermal: int340x: fix memory leak in int3400_notify()
5ff048f4ab staging: fbtft: fb_st7789v: reset display before initialization
637d12f9dc tpm: Fix error handling in async work
fee4dfbda6 esp: Fix possible buffer overflow in ESP transformation
2774edd43a net: ipv6: fix skb_over_panic in __ip6_append_data
0aef718463 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
628adfa218 nfsd: Containerise filecache laundrette
c32f104138 nfsd: cleanup nfsd_file_lru_dispose()
400a374bce Merge 5.4.187 into android11-5.4-lts
055c4cf7e6 Linux 5.4.187
1771bc0d04 Revert "selftests/bpf: Add test for bpf_timer overwriting crash"
0dd366cfdf perf symbols: Fix symbol size calculation condition
e732b0412f Input: aiptek - properly check endpoint type
700a071585 usb: usbtmc: Fix bug in pipe direction for control transfers
2282a6eb6d usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
2182937626 usb: gadget: rndis: prevent integer overflow in rndis_set_response()
58ee8e2cb3 arm64: fix clang warning about TRAMP_VALIAS
d7b9296375 net: dsa: Add missing of_node_put() in dsa_port_parse_of
f96aa063ff net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
3fd96bc64c drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
b01e2df5fb hv_netvsc: Add check for kvmalloc_array
97ccef56e5 atm: eni: Add check for dma_map_single
268dcf1f7b net/packet: fix slab-out-of-bounds access in packet_recvmsg()
9369748366 net: phy: marvell: Fix invalid comparison in the resume and suspend functions
d0f3c2d1d8 efi: fix return value of __setup handlers
e61655430d ocfs2: fix crash when initialize filecheck kobj fails
184f7bd08c crypto: qcom-rng - ensure buffer for generate is completely filled
8aca45f6ed Merge branch 'android11-5.4' into 'android11-5.4-lts'
f54aeabbaa Merge 5.4.186 into android11-5.4-lts
8e24ff11b5 Linux 5.4.186
fcbdaa6a3c fixup for "arm64 entry: Add macro for reading symbol address from the trampoline"
b8bc0718ba kselftest/vm: fix tests build with old libc
2643ca24f5 sfc: extend the locking on mcdi->seqno
46fd0a0740 tcp: make tcp_read_sock() more robust
16a2e50fe9 nl80211: Update bss channel on channel switch for P2P_CLIENT
941e8bcd2b drm/vrr: Set VRR capable prop only if it is attached to connector
6becb05724 iwlwifi: don't advertise TWT support
51969ebe7f atm: firestream: check the return value of ioremap() in fs_init()
23352749f0 can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
4006447f55 ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
c2420bc333 MIPS: smp: fill in sibling and core maps earlier
d1df59e312 mac80211: refuse aggregations sessions before authorized
fb35b0cfba ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
4857a9b291 ARM: dts: rockchip: reorder rk322x hmdi clocks
ba14ba2d4c arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg"
aca8fdddee arm64: dts: rockchip: reorder rk3399 hdmi clocks
e49ebea3f5 arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity
bd33f9b864 xfrm: Fix xfrm migrate issues when address family changes
3c21ece775 xfrm: Check if_id in xfrm_migrate
970a21404e arm64: Use the clearbhb instruction in mitigations
fb65675f66 KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
9013fd4bc9 arm64: Mitigate spectre style branch history side channels
26129ea295 KVM: arm64: Add templates for BHB mitigation sequences
1b735c8dc1 arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
c45d885c5a arm64: Add percpu vectors for EL1
1bb1944970 arm64: entry: Add macro for reading symbol addresses from the trampoline
3abf6e8a7a arm64: entry: Add vectors that have the bhb mitigation sequences
2933ca8c81 arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
9232867e4f arm64: entry: Allow the trampoline text to occupy multiple pages
ad8800443b arm64: entry: Make the kpti trampoline's kpti sequence optional
4b91f35c87 arm64: entry: Move trampoline macros out of ifdef'd section
0bfdd73348 arm64: entry: Don't assume tramp_vectors is the start of the vectors
fb117a27c6 arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
788fbb5fe2 arm64: entry: Move the trampoline data page before the text page
33397322d4 arm64: entry: Free up another register on kpti's tramp_exit path
3f95cc642c arm64: entry: Make the trampoline cleanup optional
8aa1257128 arm64: entry.S: Add ventry overflow sanity checks
503fdc244a arm64: Add Cortex-X2 CPU part definition
7103651c98 arm64: add ID_AA64ISAR2_EL1 sys register
f5f94aa500 arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
ed5bf8a507 arm64: Add part number for Arm Cortex-A77
0b84cfaefe sctp: fix the processing for INIT chunk
57e401a53c Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
80b62a22cd Merge 5.4.185 into android11-5.4-lts
70f77a2cb5 Linux 5.4.185
afb684cb97 KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains
690909c6d9 x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains
6b13a18860 x86/cpu: Add hardware-enforced cache coherency as a CPUID feature
9dd71ec106 x86/cpufeatures: Mark two free bits in word 3
a4eef9e769 ext4: add check to prevent attempting to resize an fs with sparse_super2
269db254c3 ARM: fix Thumb2 regression with Spectre BHB
635959a821 virtio: acknowledge all features before access
ffeb42e05d virtio: unexport virtio_finalize_features
19d57cfbf8 arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0
978e4f2648 riscv: Fix auipc+jalr relocation range checks
d6948de3b6 mmc: meson: Fix usage of meson_mmc_post_req()
ba0d7beec2 net: macb: Fix lost RX packet wakeup race in NAPI receive
403e3afe24 staging: gdm724x: fix use after free in gdm_lte_rx()
a9174077fe fuse: fix pipe buffer lifetime for direct_io
d72c79b60d ARM: Spectre-BHB: provide empty stub for non-config
ad66df9064 selftests/memfd: clean up mapping in mfd_fail_write
849c78024e selftest/vm: fix map_fixed_noreplace test failure
500158df87 tracing: Ensure trace buffer is at least 4096 bytes large
090e73fb9c ipv6: prevent a possible race condition with lifetimes
1d4bdaaa8d Revert "xen-netback: Check for hotplug-status existence before watching"
60e4e3198c Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
8879b5313e net-sysfs: add check for netdevice being present to speed_show
dcf55b071d selftests/bpf: Add test for bpf_timer overwriting crash
e0eca9285c net: bcmgenet: Don't claim WOL when its not available
bbf59d7ae5 sctp: fix kernel-infoleak for SCTP sockets
e934371971 net: phy: DP83822: clear MISR2 register to disable interrupts
f7b3b52034 gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
54fd6b2eb1 gpio: ts4900: Do not set DAT and OE together
82b298e014 selftests: pmtu.sh: Kill tcpdump processes launched by subshell.
cd2a5c0da0 NFC: port100: fix use-after-free in port100_send_complete
1a4017926e net/mlx5: Fix a race on command flush flow
6102e2e5c6 net/mlx5: Fix size field in bufferx_reg struct
0a64aea5fe ax25: Fix NULL pointer dereference in ax25_kill_by_device
45bfd0a937 net: ethernet: lpc_eth: Handle error for clk_enable
e84d37af40 net: ethernet: ti: cpts: Handle error for clk_enable
8ee065a7a9 ethernet: Fix error handling in xemaclite_of_probe
4c0b769d95 ARM: dts: aspeed: Fix AST2600 quad spi group
7db2bc0861 drm/sun4i: mixer: Fix P010 and P210 format numbers
7f8f564141 qed: return status of qed_iov_get_link
f59e786090 net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
45d470e4f8 virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero
278b2c7d9f arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
f62922b601 clk: qcom: gdsc: Add support to update GDSC transition delay
9ed911a069 Merge 5.4.184 into android11-5.4-lts
8f2333be80 Merge 5.4.183 into android11-5.4-lts
55d2e3e494 ANDROID: fix up rndis ABI breakage
1346e17653 Linux 5.4.184
f7fc9c3487 Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE"
0e35f3ab69 xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
782e5ebcc8 xen/gnttab: fix gnttab_end_foreign_access() without page specified
051c4cc7bd xen/pvcalls: use alloc/free_pages_exact()
be63ea883e xen/9p: use alloc/free_pages_exact()
8efaf0c862 xen: remove gnttab_query_foreign_access()
d193785a4b xen/gntalloc: don't use gnttab_query_foreign_access()
089a8e491d xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
b507879c1e xen/netfront: don't use gnttab_query_foreign_access() for mapped status
a83400456f xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
44d86dccd2 xen/grant-table: add gnttab_try_end_foreign_access()
95ff823832 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
56f1b3c5c8 ARM: fix build warning in proc-v7-bugs.c
40da947ba0 ARM: Do not use NOCROSSREFS directive with ld.lld
583662bfd8 ARM: fix co-processor register typo
21a466c32f ARM: fix build error when BPF_SYSCALL is disabled
d1cfdd5077 ARM: include unprivileged BPF status in Spectre V2 reporting
920f7970cf ARM: Spectre-BHB workaround
dcf33beb49 ARM: use LOADADDR() to get load address of sections
31814db6e4 ARM: early traps initialisation
fdfc0baf82 ARM: report Spectre v2 status through sysfs
26171b016b arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
baaaba74e0 arm/arm64: Provide a wrapper for SMCCC 1.1 calls
6c1599fd1b x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
7c77025694 x86/speculation: Warn about Spectre v2 LFENCE mitigation
865da3868b x86/speculation: Update link to AMD speculation whitepaper
b1bacf22a8 x86/speculation: Use generic retpoline by default on AMD
1e47ab3df9 x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
327a4da9b0 Documentation/hw-vuln: Update spectre doc
96b3d45aea x86/speculation: Add eIBRS + Retpoline options
41b50510e5 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
b70bc2e355 x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
22aed24089 x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
e7d1268f56 Linux 5.4.183
5817c13cd6 hamradio: fix macro redefine warning
3c7d63cfa1 net: dcb: disable softirqs in dcbnl_flush_dev()
5f53a6a8ae Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
f73eb7342b btrfs: add missing run of delayed items after unlink during log replay
f8d4a8eebb btrfs: qgroup: fix deadlock between rescan worker and remove qgroup
39403d72b4 btrfs: fix lost prealloc extents beyond eof after full fsync
4dd5d3310c tracing: Fix return value of __setup handlers
c0f7253376 tracing/histogram: Fix sorting on old "cpu" value
35fa6f2a31 HID: add mapping for KEY_ALL_APPLICATIONS
ecefb8cc0f HID: add mapping for KEY_DICTATE
52b984b17d Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
16eb602ead Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
3f123c305e nl80211: Handle nla_memdup failures in handle_nan_filter
ec89b27646 net: chelsio: cxgb3: check the return value of pci_find_capability()
6650fa5f3b soc: fsl: qe: Check of ioremap return value
e89c53fcd2 memfd: fix F_SEAL_WRITE after shmem huge page allocated
58b07100c2 ibmvnic: free reset-work-item when flushing
2e7abe2efc igc: igc_write_phy_reg_gpy: drop premature return
5c215ea574 ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
89b881f339 ARM: Fix kgdb breakpoint for Thumb2
87765309bf igc: igc_read_phy_reg_gpy: drop premature return
44ff6c29b2 arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
d59120a489 can: gs_usb: change active_channels's type from atomic_t to u8
bc65372492 ASoC: cs4265: Fix the duplicated control name
cff3987e09 firmware: arm_scmi: Remove space in MODULE_ALIAS name
461a26ebf0 efivars: Respect "block" flag in efivar_entry_set_safe()
b4f4659843 ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
e50c589678 net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
044e209c72 net: sxgbe: fix return value of __setup handler
a54dedf620 iavf: Fix missing check for running netdev
150b8a05d0 net: stmmac: fix return value of __setup handler
e9fa400903 mac80211: fix forwarded mesh frames AC & queue selection
f17b27f3d4 ia64: ensure proper NUMA distance and possible map initialization
80998dbde1 sched/topology: Fix sched_domain_topology_level alloc in sched_init_numa()
407ec382ba sched/topology: Make sched_init_numa() use a set for the deduplicating sort
b40c912624 xen/netfront: destroy queues before real_num_tx_queues is zeroed
fa84d44df4 block: Fix fsync always failed if once failed
849339fd72 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
8e306a76b9 net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
1f5abd671d net: dcb: flush lingering app table entries for unregistered devices
ed05368024 batman-adv: Don't expect inter-netns unique iflink indices
8639532271 batman-adv: Request iflink once in batadv_get_real_netdevice
a1ccea6183 batman-adv: Request iflink once in batadv-on-batadv check
43c25da41e netfilter: nf_queue: fix possible use-after-free
3c934f1087 netfilter: nf_queue: don't assume sk is full socket
d2c96b1930 xfrm: enforce validity of offload input flags
019b4b9d59 xfrm: fix the if_id check in changelink
49c24579ce netfilter: fix use-after-free in __nf_register_net_hook()
ac858e4462 xfrm: fix MTU regression
f3537f1b2b ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
75a471401b ALSA: intel_hdmi: Fix reference to PCM buffer address
e28372b295 ata: pata_hpt37x: fix PCI clock detection
58b419d16e usb: gadget: clear related members when goto fail
ba6fdd55b1 usb: gadget: don't release an existing dev->buf
0babb778ff net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
a7ef01d25a i2c: qup: allow COMPILE_TEST
da9bf89344 i2c: cadence: allow COMPILE_TEST
bb07c8bb77 dmaengine: shdma: Fix runtime PM imbalance on error
e208668ef7 cifs: fix double free race when mount fails in cifs_get_root()
2ed93e3e3f Input: clear BTN_RIGHT/MIDDLE on buttonpads
7b6d98f869 ASoC: rt5682: do not block workqueue if card is unbound
e2106e429f ASoC: rt5668: do not block workqueue if card is unbound
7b7c65abeb i2c: bcm2835: Avoid clock stretching timeouts
964f155c38 mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
1a7d2fccd8 mac80211_hwsim: report NOACK frames in tx_status
31855d74fd Merge 5.4.182 into android11-5.4-lts
866ae42cf4 Linux 5.4.182
fb2bbb7d30 fget: clarify and improve __fget_files() implementation
d6a29ce52a memblock: use kfree() to release kmalloced memblock regions
5d9453bf41 Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR"
1fb051bbbc gpio: tegra186: Fix chip_data type confusion
2782b05d02 tty: n_gsm: fix NULL pointer access due to DLCI release
c03a495814 tty: n_gsm: fix proper link termination after failed open
912144e8a3 tty: n_gsm: fix encoding of control signal octet bit DV
1879db4f25 xhci: Prevent futile URB re-submissions due to incorrect return value.
80922d7b52 xhci: re-initialize the HC during resume if HCE was set
0139a10090 usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
6e74aebbf7 usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
ba3e83e5a0 USB: serial: option: add Telit LE910R1 compositions
92ac25b79d USB: serial: option: add support for DW5829e
40256addf5 tracefs: Set the group ownership in apply_options() not parse_options()
6b23eda989 USB: gadget: validate endpoint index for xilinx udc
9ab652d41d usb: gadget: rndis: add spinlock for rndis response list
39848d7e4e Revert "USB: serial: ch341: add new Product ID for CH341A"
7c453de366 ata: pata_hpt37x: disable primary channel on HPT371
a28f8dbd47 iio: Fix error handling for PM
8fff0310e6 iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
ce1076b33e iio: adc: men_z188_adc: Fix a resource leak in an error handling path
cb90ab3f09 tracing: Have traceon and traceoff trigger honor the instance
901206f71e RDMA/ib_srp: Fix a deadlock
b7e2b91fcb configfs: fix a race in configfs_{,un}register_subsystem()
df14d2bed8 spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
a62f4266d5 net/mlx5: Fix wrong limitation of metadata match on ecpf
45618e9157 net/mlx5: Fix possible deadlock on rule deletion
53026346a9 netfilter: nf_tables: fix memory leak during stateful obj update
5ad5886f85 nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
dfe537b0c9 net: Force inlining of checksum functions in net/checksum.h
eee01c88c9 net: ll_temac: check the return value of devm_kmalloc()
fc92a14fa0 net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
3cbf1f98d8 drm/edid: Always set RGB444
d0251c38df openvswitch: Fix setting ipv6 fields causing hw csum failure
2b3cdd70ea gso: do not skip outer ip header in case of ipip and net_failover
0240bb276f tipc: Fix end of loop tests for list_for_each_entry()
2ed1326376 net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
97a6c07d6f bpf: Do not try bpf_msg_push_data with len 0
dffce58f6f perf data: Fix double free in perf_session__delete()
3174b09fe1 ping: remove pr_err from ping_lookup
767099f0ec lan743x: fix deadlock in lan743x_phy_link_status_change()
5d76e0b69d optee: use driver internal tee_context for some rpc
0e526f533f tee: export teedev_open() and teedev_close_context()
64e0b5894c x86/fpu: Correct pkru/xstate inconsistency
49c011a44e netfilter: nf_tables_offload: incorrect flow offload action array size
49a4536a46 USB: zaurus: support another broken Zaurus
b95d71abeb sr9700: sanity check for packet length
d0dac454b9 drm/amdgpu: disable MMHUB PG for Picasso
eb88a38831 parisc/unaligned: Fix ldw() and stw() unalignment handlers
b783ef3eb6 parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
0b608b3392 vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
dd0de35102 clk: jz4725b: fix mmc0 clock gating
d1f1de5dff cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
2867afd647 Revert "netfilter: conntrack: don't refresh sctp entries in closed state"
56f5213db8 Merge 5.4.181 into android11-5.4-lts
b6e8856b8a Linux 5.4.181
3e73b02af6 kconfig: fix failing to generate auto.conf
90c0d3cc67 net: macb: Align the dma and coherent dma masks
f1c3f41245 net: usb: qmi_wwan: Add support for Dell DW5829e
6b364ca481 tracing: Fix tp_printk option related with tp_printk_stop_on_boot
8bf73d5ea9 drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
5a21d50723 ata: libata-core: Disable TRIM on M88V29
41da91158e kconfig: let 'shell' return enough output for deep path names
913932a306 arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
d2fd1c7804 arm64: dts: meson-g12: add ATF BL32 reserved-memory region
daa8680809 arm64: dts: meson-gx: add ATF BL32 reserved-memory region
ba4b40356a netfilter: conntrack: don't refresh sctp entries in closed state
d4de2bbcbc irqchip/sifive-plic: Add missing thead,c900-plic match string
2d7a327a12 ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
fff21185f5 ARM: OMAP2+: hwmod: Add of_node_put() before break
3deabc3f60 KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
fe595759c2 Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
ba71b1b30d i2c: brcmstb: fix support for DSL and CM variants
6f08452c56 copy_process(): Move fd_install() out of sighand->siglock critical section
e52dfd2a49 dmaengine: sh: rcar-dmac: Check for error num after setting mask
c83049cb88 net: sched: limit TC_ACT_REPEAT loops
87c575d2a2 lib/iov_iter: initialize "flags" in new pipe_buffer
091dac5c63 EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
f0c2c023c2 scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
56f9abba98 mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
bdc70b603d mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
3758a57076 NFS: Do not report writeback errors in nfs_getattr()
357d42d593 NFS: LOOKUP_DIRECTORY is also ok with symlinks
20f4ee3c33 block/wbt: fix negative inflight counter when remove scsi device
4cd3281a91 mtd: rawnand: gpmi: don't leak PM reference in error path
c6fee7c854 powerpc/lib/sstep: fix 'ptesync' build error
edfac6b77b ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
d6d8d1db80 ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
99c2b13ce9 ALSA: hda: Fix missing codec probe on Shenker Dock 15
2b2b531ceb ALSA: hda: Fix regression on forced probe mask option
aca7e5b6a5 libsubcmd: Fix use-after-free for realloc(..., 0)
7af6164cee bonding: fix data-races around agg_select_timer
aeb993412e drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
db3ffc5d33 bonding: force carrier update when releasing slave
fb8c98f92a ping: fix the dif and sdif check in ping_lookup
8198c4d4c2 net: ieee802154: ca8210: Fix lifs/sifs periods
a06440508a net: dsa: lan9303: fix reset on probe
73f8575216 netfilter: nft_synproxy: unregister hooks on init error path
5e8c5b217c iwlwifi: pcie: gen2: fix locking when "HW not ready"
e1d0e738b0 iwlwifi: pcie: fix locking when "HW not ready"
902528183f mmc: block: fix read single on recovery logic
5f326fe2ae vsock: remove vsock from connected table when connect is interrupted by a signal
f48a38703c dmaengine: at_xdmac: Start transfer for cyclic channels in issue_pending
41ce06a3ec taskstats: Cleanup the use of task->exit_code
8583d2ea90 ext4: prevent partial update of the extent blocks
d57fcf0d91 ext4: check for inconsistent extents between index and leaf block
6a332d095c ext4: check for out-of-order index extents in ext4_valid_extent_entries()
13f6ebef03 drm/radeon: Fix backlight control on iMac 12,1
494de920d9 iwlwifi: fix use-after-free
6194b46897 arm64: module/ftrace: intialize PLT at load time
adcc4b795f arm64: module: rework special section handling
dfe928f16c module/ftrace: handle patchable-function-entry
30af4dcfa8 ftrace: add ftrace_init_nop()
42c8cccf83 Revert "module, async: async_synchronize_full() on module init iff async is used"
5c7726bd57 drm/amdgpu: fix logic inversion in check
d411b2a5da nvme-rdma: fix possible use-after-free in transport error_recovery work
61a26ffd5a nvme-tcp: fix possible use-after-free in transport error_recovery work
70356b756a nvme: fix a possible use-after-free in controller reset during load
89d2bd1325 quota: make dquot_quota_sync return errors from ->sync_fs
f124d9eff9 vfs: make freeze_super abort when sync_filesystem returns error
cfc8b37ef0 ax25: improve the incomplete fix to avoid UAF and NPD bugs
dd2fcac324 selftests/zram: Adapt the situation that /dev/zram0 is being used
c3a9afa824 selftests/zram01.sh: Fix compression ratio calculation
8d1c50c868 selftests/zram: Skip max_comp_streams interface on newer kernel
455ef08d6e net: ieee802154: at86rf230: Stop leaking skb's
3bd8bebb16 selftests: rtc: Increase test timeout so that all tests run
bc6ac6c0f6 platform/x86: ISST: Fix possible circular locking dependency detected
bd6492930a btrfs: send: in case of IO error log it
3ff48a67ed parisc: Fix sglist access in ccio-dma.c
efccc9b0c7 parisc: Fix data TLB miss in sba_unmap_sg
3434d8837f parisc: Drop __init from map_pages declaration
bd282ee53e serial: parisc: GSC: fix build when IOSAPIC is not set
9d2aad133b Revert "svm: Add warning message for AVIC IPI invalid target"
1902725520 HID:Add support for UGTABLET WP5540
866a85813b Makefile.extrawarn: Move -Wunaligned-access to W=1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic789d7f387b2848b0c0a9a72d4867720841a5e2b
Changes in 5.4.195
batman-adv: Don't skb_split skbuffs with frag_list
hwmon: (tmp401) Add OF device ID table
mac80211: Reset MBSSID parameters upon connection
net: Fix features skip in for_each_netdev_feature()
ipv4: drop dst in multicast routing path
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
netlink: do not reset transport header in netlink_recvmsg()
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
dim: initialize all struct fields
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
s390/ctcm: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/lcs: fix variable dereferenced before check
net/sched: act_pedit: really ensure the skb is writable
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
gfs2: Fix filesystem block deallocation for short writes
hwmon: (f71882fg) Fix negative temperature
ASoC: max98090: Reject invalid values in custom control put()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: ops: Validate input values in snd_soc_put_volsw_range()
s390: disable -Warray-bounds
net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
tcp: resalt the secret every 10 seconds
tty: n_gsm: fix mux activation issues in gsm_config()
usb: cdc-wdm: fix reading stuck on device close
usb: typec: tcpci: Don't skip cleanup in .remove() on error
USB: serial: pl2303: add device id for HP LM930 Display
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: option: add Fibocom L610 modem
USB: serial: option: add Fibocom MA510 modem
slimbus: qcom: Fix IRQ check in qcom_slim_probe
serial: 8250_mtk: Fix UART_EFR register address
serial: 8250_mtk: Fix register address for XON/XOFF character
drm/nouveau/tegra: Stop using iommu_present()
i40e: i40e_main: fix a missing check on list iterator
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
drm/vmwgfx: Initialize drm_mode_fb_cmd2
MIPS: fix build with gcc-12
net: phy: Fix race condition on link status change
arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
ping: fix address binding wrt vrf
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
Linux 5.4.195
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icd426aa749f8b2c3e33d79ef95150624c203b5bf
Changes in 5.4.194
MIPS: Use address-of operator on section symbols
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
drm/i915: Cast remain to unsigned long in eb_relocate_vma
nfp: bpf: silence bitwise vs. logical OR warning
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
can: grcan: only use the NAPI poll budget for RX
arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
x86/asm: Allow to pass macros to __ASM_FORM()
x86: xen: kvm: Gather the definition of emulate prefixes
x86: xen: insn: Decode Xen and KVM emulate-prefix signature
x86: kprobes: Prohibit probing on instruction which has emulate prefix
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
Bluetooth: Fix the creation of hdev->name
mm: fix missing cache flush for all tail pages of compound page
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
Linux 5.4.194
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib6799ab085043b5cc60cf8e39a22f48dc4520378
commit e1a7ac6f3ba6e157adcd0ca94d92a401f1943f56 upstream.
When ping_group_range is updated, 'ping' uses the DGRAM ICMP socket,
instead of an IP raw socket. In this case, 'ping' is unable to bind its
socket to a local address owned by a vrflite.
Before the patch:
$ sysctl -w net.ipv4.ping_group_range='0 2147483647'
$ ip link add blue type vrf table 10
$ ip link add foo type dummy
$ ip link set foo master blue
$ ip link set foo up
$ ip addr add 192.168.1.1/24 dev foo
$ ip addr add 2001::1/64 dev foo
$ ip vrf exec blue ping -c1 -I 192.168.1.1 192.168.1.2
ping: bind: Cannot assign requested address
$ ip vrf exec blue ping6 -c1 -I 2001::1 2001::2
ping6: bind icmp socket: Cannot assign requested address
CC: stable@vger.kernel.org
Fixes: 1b69c6d0ae ("net: Introduce L3 Master device abstraction")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4dfa9b438ee34caca4e6a4e5e961641807367f6f ]
In order to limit the ability for an observer to recognize the source
ports sequence used to contact a set of destinations, we should
periodically shuffle the secret. 10 seconds looks effective enough
without causing particular issues.
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f3c46e41b32b6266cf60b0985c61748f53bf1c61 ]
Non blocking sendmsg will return -EAGAIN when any signal pending
and no send space left, while non blocking recvmsg return -EINTR
when signal pending and no data received. This may makes confused.
As TCP returns -EAGAIN in the conditions described above. Align the
behavior of smc with TCP.
Fixes: 846e344eb7 ("net/smc: add receive timeout check")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Reviewed-by: Tony Lu <tonylu@linux.alibaba.com>
Acked-by: Karsten Graul <kgraul@linux.ibm.com>
Link: https://lore.kernel.org/r/20220512030820.73848-1-guangguan.wang@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8b796475fd7882663a870456466a4fb315cc1bd6 ]
Currently pedit tries to ensure that the accessed skb offset
is writable via skb_unclone(). The action potentially allows
touching any skb bytes, so it may end-up modifying shared data.
The above causes some sporadic MPTCP self-test failures, due to
this code:
tc -n $ns2 filter add dev ns2eth$i egress \
protocol ip prio 1000 \
handle 42 fw \
action pedit munge offset 148 u8 invert \
pipe csum tcp \
index 100
The above modifies a data byte outside the skb head and the skb is
a cloned one, carrying a TCP output packet.
This change addresses the issue by keeping track of a rough
over-estimate highest skb offset accessed by the action and ensuring
such offset is really writable.
Note that this may cause performance regressions in some scenarios,
but hopefully pedit is not in the critical path.
Fixes: db2c24175d ("act_pedit: access skb->data safely")
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Tested-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/1fcf78e6679d0a287dd61bb0f04730ce33b3255d.1652194627.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d5076fe4049cadef1f040eda4aaa001bb5424225 ]
netlink_recvmsg() does not need to change transport header.
If transport header was needed, it should have been reset
by the producer (netlink_dump()), not the consumer(s).
The following trace probably happened when multiple threads
were using MSG_PEEK.
BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg
write to 0xffff88811e9f15b2 of 2 bytes by task 32012 on cpu 1:
skb_reset_transport_header include/linux/skbuff.h:2760 [inline]
netlink_recvmsg+0x1de/0x790 net/netlink/af_netlink.c:1978
sock_recvmsg_nosec net/socket.c:948 [inline]
sock_recvmsg net/socket.c:966 [inline]
__sys_recvfrom+0x204/0x2c0 net/socket.c:2097
__do_sys_recvfrom net/socket.c:2115 [inline]
__se_sys_recvfrom net/socket.c:2111 [inline]
__x64_sys_recvfrom+0x74/0x90 net/socket.c:2111
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
write to 0xffff88811e9f15b2 of 2 bytes by task 32005 on cpu 0:
skb_reset_transport_header include/linux/skbuff.h:2760 [inline]
netlink_recvmsg+0x1de/0x790 net/netlink/af_netlink.c:1978
____sys_recvmsg+0x162/0x2f0
___sys_recvmsg net/socket.c:2674 [inline]
__sys_recvmsg+0x209/0x3f0 net/socket.c:2704
__do_sys_recvmsg net/socket.c:2714 [inline]
__se_sys_recvmsg net/socket.c:2711 [inline]
__x64_sys_recvmsg+0x42/0x50 net/socket.c:2711
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0xffff -> 0x0000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 32005 Comm: syz-executor.4 Not tainted 5.18.0-rc1-syzkaller-00328-ge1f700ebd6be-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Link: https://lore.kernel.org/r/20220505161946.2867638-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 86af062f40a73bf63321694e6bf637144f0383fe ]
Currently MBSSID parameters in struct ieee80211_bss_conf
are not reset upon connection. This could be problematic
with some drivers in a scenario where the device first
connects to a non-transmit BSS and then connects to a
transmit BSS of a Multi BSS AP. The MBSSID parameters
which are set after connecting to a non-transmit BSS will
not be reset and the same parameters will be passed on to
the driver during the subsequent connection to a transmit
BSS of a Multi BSS AP.
For example, firmware running on the ath11k device uses the
Multi BSS data for tracking the beacon of a non-transmit BSS
and reports the driver when there is a beacon miss. If we do
not reset the MBSSID parameters during the subsequent
connection to a transmit BSS, then the driver would have
wrong MBSSID data and FW would be looking for an incorrect
BSSID in the MBSSID beacon of a Multi BSS AP and reports
beacon loss leading to an unstable connection.
Reset the MBSSID parameters upon every connection to solve this
problem.
Fixes: 78ac51f815 ("mac80211: support multi-bssid")
Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
Link: https://lore.kernel.org/r/20220428052744.27040-1-quic_mpubbise@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a063f2fba3fa633a599253b62561051ac185fa99 ]
The receiving interface might have used GRO to receive more fragments than
MAX_SKB_FRAGS fragments. In this case, these will not be stored in
skb_shinfo(skb)->frags but merged into the frag list.
batman-adv relies on the function skb_split to split packets up into
multiple smaller packets which are not larger than the MTU on the outgoing
interface. But this function cannot handle frag_list entries and is only
operating on skb_shinfo(skb)->frags. If it is still trying to split such an
skb and xmit'ing it on an interface without support for NETIF_F_FRAGLIST,
then validate_xmit_skb() will try to linearize it. But this fails due to
inconsistent information. And __pskb_pull_tail will trigger a BUG_ON after
skb_copy_bits() returns an error.
In case of entries in frag_list, just linearize the skb before operating on
it with skb_split().
Reported-by: Felix Kaechele <felix@kaechele.ca>
Fixes: c6c8fea297 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Tested-by: Felix Kaechele <felix@kaechele.ca>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJ84EgACgkQONu9yGCS
aT75fxAAj9FUW/Vi1U4/QwbAE3ZHI46D++xmpVsuoXJg8M49twIFwLAtae+oeaFL
D0AoAhdXJx4kHIOk6XHty3sQb2TZnQw7eSRY4BuB4vT/Tnsy3Ap3L2rbwjwdjSr4
NJWJ+Cr7w8arU4ZgQks+sGamSBWIm69+36VD6N9LjuHofwL0mJi9bZ5JbLvc1pv1
+t5InguLQXvFK1ZZ/0IMpVnhrmm+lMynUKCif9yN7CXiRATmktSfguUGMO5sae7X
X3SG64cxp1wh2P+gDEVytZfI/7FWCW/Uu5w1sDnXNhjG3Mizm+3j+olK1/wmj4uo
UmP2K8CGfTGVlRG6GXVFmWXJLlUYJfyRC13L2t6fuqio9HK/anNGrsqQiD1YOTTF
TgaFOTkPVfeNI+stAX/pxfiRihlF9INyH32yMacKJ5nKZYgJBTWiamktDwL2FRx3
8N5UdnYqeHWHNQdnT3Z0c8qIW9uHamvs7hwphPV6tr9iJqZafBlt4mD+livrHcg9
s/MF1rodYeHP2a/oGBNmWlHFf31lqY/cciy0PPCNfrK4WPS0KaLC87YGxigqhxfi
MNdcOX2akUEAOVDIOyuO3tES2rKj6ffL5B/F+YAQO/4wNqBCQPsLs4hGlJBLlBI7
PNuT3hf3sV2n2NWavFSKuyfIzupzjqeybi+wZdmOT/mXKuoza0I=
=Isyq
-----END PGP SIGNATURE-----
Merge 5.4.193 into android11-5.4-lts
Changes in 5.4.193
MIPS: Fix CP0 counter erratum detection for R4k CPUs
parisc: Merge model and model name into one line in /proc/cpuinfo
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
firewire: fix potential uaf in outbound_phy_packet_callback()
firewire: remove check of list iterator against head past the loop body
firewire: core: extend card->lock in fw_core_handle_bus_reset
ACPICA: Always create namespace nodes using acpi_ns_create_node()
genirq: Synchronize interrupt thread startup
ASoC: da7219: Fix change notifications for tone generator frequency
ASoC: wm8958: Fix change notifications for DSP controls
ASoC: meson: Fix event generation for G12A tohdmi mux
s390/dasd: fix data corruption for ESE devices
s390/dasd: prevent double format of tracks for ESE devices
s390/dasd: Fix read for ESE with blksize < 4k
s390/dasd: Fix read inconsistency for ESE DASD devices
can: grcan: grcan_close(): fix deadlock
can: grcan: use ofdev->dev when allocating DMA memory
nfc: replace improper check device_is_registered() in netlink related functions
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
NFC: netlink: fix sleep in atomic bug when firmware download timeout
hwmon: (adt7470) Fix warning on module removal
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
RDMA/siw: Fix a condition race issue in MPA request processing
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
net: emaclite: Add error handling for of_address_to_resource()
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
smsc911x: allow using IRQ0
btrfs: always log symlinks in full mode
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
NFSv4: Don't invalidate inode attributes on delegation return
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
net: ipv6: ensure we call ipv6_mc_down() at most once
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
mm: fix unexpected zeroed page mapping with zram swap
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
tcp: make sure treq->af_specific is initialized
dm: fix mempool NULL pointer race when completing IO
dm: interlock pending dm_io and dm_wait_for_bios_completion
PCI: aardvark: Clear all MSIs at setup
PCI: aardvark: Fix reading MSI interrupt number
mmc: rtsx: add 74 Clocks in power on flow
Linux 5.4.193
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I535ab835023ebb753a9bf8073c15f8e434862567
commit 103a2f3255a95991252f8f13375c3a96a75011cd upstream.
Set a size limit of 8 bytes of the written buffer to "hdev->name"
including the terminating null byte, as the size of "hdev->name" is 8
bytes. If an id value which is greater than 9999 is allocated,
then the "snprintf(hdev->name, sizeof(hdev->name), "hci%d", id)"
function call would lead to a truncation of the id value in decimal
notation.
Set an explicit maximum id parameter in the id allocation function call.
The id allocation function defines the maximum allocated id value as the
maximum id parameter value minus one. Therefore, HCI_MAX_ID is defined
as 10000.
Signed-off-by: Itay Iellin <ieitayie@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ebe48d368e97d007bfeb76fcb065d6cfc4c96645 upstream.
The maximum message size that can be send is bigger than
the maximum site that skb_page_frag_refill can allocate.
So it is possible to write beyond the allocated buffer.
Fix this by doing a fallback to COW in that case.
v2:
Avoid get get_order() costs as suggested by Linus Torvalds.
Bug: 227452856
Fixes: cac2661c53 ("esp4: Avoid skb_cow_data whenever possible")
Fixes: 03e2a30f6a ("esp6: Avoid skb_cow_data whenever possible")
Reported-by: valis <sec@valis.email>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I2c7f97914138271e7788adfcebbd0b2b8b43cdcb
Signed-off-by: Lee Jones <lee.jones@linaro.org>
This reverts commit 2cba635570 which is
commit b253a0680ceadc5d7b4acca7aa2d870326cad8ad upstream.
It breaks the abi and is not needed for Android systems, so revert it.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6c40e8900bcc80b03e3d5fb2c99c9e95615b81ff
commit 9995b408f17ff8c7f11bc725c8aa225ba3a63b1c upstream.
There are two reasons for addrconf_notify() to be called with NETDEV_DOWN:
either the network device is actually going down, or IPv6 was disabled
on the interface.
If either of them stays down while the other is toggled, we repeatedly
call the code for NETDEV_DOWN, including ipv6_mc_down(), while never
calling the corresponding ipv6_mc_up() in between. This will cause a
new entry in idev->mc_tomb to be allocated for each multicast group
the interface is subscribed to, which in turn leaks one struct ifmcaddr6
per nontrivial multicast group the interface is subscribed to.
The following reproducer will leak at least $n objects:
ip addr add ff2e::4242/32 dev eth0 autojoin
sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
for i in $(seq 1 $n); do
ip link set up eth0; ip link set down eth0
done
Joining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the
sysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2)
can also be used to create a nontrivial idev->mc_list, which will the
leak objects with the right up-down-sequence.
Based on both sources for NETDEV_DOWN events the interface IPv6 state
should be considered:
- not ready if the network interface is not ready OR IPv6 is disabled
for it
- ready if the network interface is ready AND IPv6 is enabled for it
The functions ipv6_mc_up() and ipv6_down() should only be run when this
state changes.
Implement this by remembering when the IPv6 state is ready, and only
run ipv6_mc_down() if it actually changed from ready to not ready.
The other direction (not ready -> ready) already works correctly, as:
- the interface notification triggered codepath for NETDEV_UP /
NETDEV_CHANGE returns early if ipv6 is disabled, and
- the disable_ipv6=0 triggered codepath skips fully initializing the
interface as long as addrconf_link_ready(dev) returns false
- calling ipv6_mc_up() repeatedly does not leak anything
Fixes: 3ce62a84d5 ("ipv6: exit early in addrconf_notify() if IPv6 is disabled")
Signed-off-by: Johannes Nixdorf <j.nixdorf@avm.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
[jnixdorf: context updated for bpo to v4.19/v5.4]
Signed-off-by: Johannes Nixdorf <j.nixdorf@avm.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4071bf121d59944d5cd2238de0642f3d7995a997 upstream.
There are sleep in atomic bug that could cause kernel panic during
firmware download process. The root cause is that nlmsg_new with
GFP_KERNEL parameter is called in fw_dnld_timeout which is a timer
handler. The call trace is shown below:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:265
Call Trace:
kmem_cache_alloc_node
__alloc_skb
nfc_genl_fw_download_done
call_timer_fn
__run_timers.part.0
run_timer_softirq
__do_softirq
...
The nlmsg_new with GFP_KERNEL parameter may sleep during memory
allocation process, and the timer handler is run as the result of
a "software interrupt" that should not call any other function
that could sleep.
This patch changes allocation mode of netlink message from GFP_KERNEL
to GFP_ATOMIC in order to prevent sleep in atomic bug. The GFP_ATOMIC
flag makes memory allocation operation could be used in atomic context.
Fixes: 9674da8759 ("NFC: Add firmware upload netlink command")
Fixes: 9ea7187c53 ("NFC: netlink: Rename CMD_FW_UPLOAD to CMD_FW_DOWNLOAD")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220504055847.38026-1-duoming@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit da5c0f119203ad9728920456a0f52a6d850c01cd upstream.
The device_is_registered() in nfc core is used to check whether
nfc device is registered in netlink related functions such as
nfc_fw_download(), nfc_dev_up() and so on. Although device_is_registered()
is protected by device_lock, there is still a race condition between
device_del() and device_is_registered(). The root cause is that
kobject_del() in device_del() is not protected by device_lock.
(cleanup task) | (netlink task)
|
nfc_unregister_device | nfc_fw_download
device_del | device_lock
... | if (!device_is_registered)//(1)
kobject_del//(2) | ...
... | device_unlock
The device_is_registered() returns the value of state_in_sysfs and
the state_in_sysfs is set to zero in kobject_del(). If we pass check in
position (1), then set zero in position (2). As a result, the check
in position (1) is useless.
This patch uses bool variable instead of device_is_registered() to judge
whether the nfc device is registered, which is well synchronized.
Fixes: 3e256b8f8d ("NFC: add nfc subsystem core")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d0562d4dc039bca39445e1cddde7951662e17d upstream.
This reverts commit 7073ea8799.
We must not try to connect the socket while the transport is under
construction, because the mechanisms to safely tear it down are not in
place. As the code stands, we end up leaking the sockets on a connection
error.
Reported-by: wanghai (M) <wanghai38@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When clatd starts with ebpf offloaing, and NETIF_F_GRO_FRAGLIST is enable,
several skbs are gathered in skb_shinfo(skb)->frag_list. The first skb's
ipv6 header will be changed to ipv4 after bpf_skb_proto_6_to_4,
network_header\transport_header\mac_header have been updated as ipv4 acts,
but other skbs in frag_list didnot update anything, just ipv6 packets.
udp_queue_rcv_skb will call skb_segment_list to traverse other skbs in
frag_list and make sure right udp payload is delivered to user space.
Unfortunately, other skbs in frag_list who are still ipv6 packets are
updated like the first skb and will have wrong transport header length.
e.g.before bpf_skb_proto_6_to_4,the first skb and other skbs in frag_list
has the same network_header(24)& transport_header(64), after
bpf_skb_proto_6_to_4, ipv6 protocol has been changed to ipv4, the first
skb's network_header is 44,transport_header is 64, other skbs in frag_list
didnot change.After skb_segment_list, the other skbs in frag_list has
different network_header(24) and transport_header(44), so there will be 20
bytes different from original,that is difference between ipv6 header and
ipv4 header. Just change transport_header to be the same with original.
Actually, there are two solutions to fix it, one is traversing all skbs
and changing every skb header in bpf_skb_proto_6_to_4, the other is
modifying frag_list skb's header in skb_segment_list. Considering
efficiency, adopt the second one--- when the first skb and other skbs in
frag_list has different network_header length, restore them to make sure
right udp payload is delivered to user space.
Signed-off-by: Lina Wang <lina.wang@mediatek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit cf3ab8d4a797960b4be20565abb3bcd227b18a68 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master)
Bug: 218157620
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I36f2f329ec1a56bb0742141a7fa482cafa183ad3
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJ4vNYACgkQONu9yGCS
aT7xvw//e6m5llwO0aXOVFLca2TvAdN1L3shREY57P2TgNejrmrdFzYXu+6AE+ia
MhdcQL5LphFB1lIfSM/MKYFgmOVYkYpjz4AM+rqPPAv99sj0lAWslppJQAPU4a/O
V2qyKzj9f78ojr9TacgooCqwuHaJtrhXKBrjG18UTmHgcFV5hDTNtIwVWxG8NF5R
/ma/nY62kwzTvu2e4Ic+7LgKqhFkndQ/N9uB9owJ5IzJOE68Rzj1AWklbb1AMI4+
wv0J2WO+fZRiA0q9WT88G/ZJKpXLdEO7VwiarXFeBfIHTi0RsOp7SSpKkgk0QxtV
K4SBUl44ma3v5vlKprN18mNZxoJ3fu88UZSSPDfnms/gGzKIlLedsb02Er4qC6wb
EAiSuOzjEOwqh5BCRiaUgrWGyN4DQ+qrtDVRwrJ4NV6EAQ3ASehm5jevxotRuZ+M
g1nqnIJVtx0jpXjPhUTxTNC1pswQo6ZpTqKB0TNtoBvp24x2y3HmMNJDS+1noCAg
r4KSrO+DQ7gxrjqJiewpFUSbeXDyRkUyqbyYLqmXkRYdzGN0YuSchzY0xRoqW0hS
tCW8yYpki2a1IwOiEoEfLMaudKVEeiYbDisD58wTVjNG7k5A3UCyZ3btigg9FbOq
w76VJH6tZPePcYpmoI0XH0vzgmESd6gK4c/8EB9yH2gyfSwRIiM=
=eySc
-----END PGP SIGNATURE-----
Merge 5.4.192 into android11-5.4-lts
Changes in 5.4.192
floppy: disable FDRAWCMD by default
hamradio: defer 6pack kfree after unregister_netdev
hamradio: remove needs_free_netdev to avoid UAF
lightnvm: disable the subsystem
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
USB: quirks: add a Realtek card reader
USB: quirks: add STRING quirk for VCOM device
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
xhci: stop polling roothubs after shutdown
xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
iio: dac: ad5592r: Fix the missing return value.
iio: dac: ad5446: Fix read_raw not returning set value
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
usb: misc: fix improper handling of refcount in uss720_probe()
usb: typec: ucsi: Fix role swapping
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
usb: dwc3: core: Fix tx/rx threshold settings
usb: dwc3: gadget: Return proper request status
serial: imx: fix overrun interrupts in DMA mode
serial: 8250: Also set sticky MCR bits in console restoration
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
arch_topology: Do not set llc_sibling if llc_id is invalid
hex2bin: make the function hex_to_bin constant-time
hex2bin: fix access beyond string end
video: fbdev: udlfb: properly check endpoint type
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
mtd: rawnand: fix ecc parameters for mt7622
USB: Fix xhci event ring dequeue pointer ERDP update issue
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
ARM: dts: Fix mmc order for omap3-gta04
ARM: dts: am3517-evm: Fix misc pinmuxing
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ipvs: correctly print the memory size of ip_vs_conn_tab
mtd: rawnand: Fix return value check of wait_for_completion_timeout
bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
tcp: md5: incorrect tcp_header_len for incoming connections
tcp: ensure to use the most recently sent skb when filling the rate sample
sctp: check asoc strreset_chunk in sctp_generate_reconf_event
ARM: dts: imx6ull-colibri: fix vqmmc regulator
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
pinctrl: pistachio: fix use of irq_of_parse_and_map()
cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
net: hns3: add validity check for message data length
net/smc: sync err code when tcp connection was refused
ip_gre: Make o_seqno start from 0 in native mode
tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
net: bcmgenet: hide status block before TX timestamping
net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
drm/amd/display: Fix memory leak in dcn21_clock_source_create
tls: Skip tls_append_frag on zero copy size
bnx2x: fix napi API usage sequence
ixgbe: ensure IPsec VF<->PF compatibility
tcp: fix F-RTO may not work correctly when receiving DSACK
ASoC: wm8731: Disable the regulator when probing fails
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
cifs: destage any unwritten data to the server before calling copychunk_write
drivers: net: hippi: Fix deadlock in rr_close()
net: ethernet: stmmac: fix write to sgmii_adapter_base
x86/cpu: Load microcode during restore_processor_state()
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
tty: n_gsm: fix malformed counter for out of frame data
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix insufficient txframe size
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix incorrect UA handling
hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
mm, hugetlb: allow for "high" userspace addresses
Linux 5.4.192
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I151e1623022f3629b0cec0685db3ea08c62ab95d
commit 743b83f15d4069ea57c3e40996bf4a1077e0cdc1 upstream.
Check if the incoming interface is available and NFT_BREAK
in case neither skb->sk nor input device are set.
Because nf_sk_lookup_slow*() assume packet headers are in the
'in' direction, use in postrouting is not going to yield a meaningful
result. Same is true for the forward chain, so restrict the use
to prerouting, input and output.
Use in output work if a socket is already attached to the skb.
Fixes: 554ced0a6e ("netfilter: nf_tables: add support for native socket matching")
Reported-and-tested-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit f40c064e933d7787ca7411b699504d7a2664c1f5 ]
Do not update tunnel->tun_hlen in data plane code. Use a local variable
instead, just like "tunnel_hlen" in net/ipv4/ip_gre.c:gre_fb_xmit().
Co-developed-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
qctecmdr
Guillaume Nault
Srinivasarao Pathipati
Michal Kubecek
Greg Kroah-Hartman
Liu Jian
Miri Korenblit
Thomas Bartschies
Willy Tarreau
Eric Dumazet
Felix Fietkau
Andrew Lunn
Jiasheng Jiang
Duoming Zhou
Paolo Abeni
Meena Shanmugam
Nicolas Dichtel
Guangguan Wang
Lokesh Dhoundiyal
Manikanta Pubbisetty
Sven Eckelmann
Itay Iellin
Steffen Klassert
j.nixdorf@avm.de
Trond Myklebust
Lina Wang
Florian Westphal
Peilin Ye
Pengcheng Yang