65785c676b
4601 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
f4b76e8165
|
Merge tag 'ASB-2023-04-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-04-01 CVE-2022-4696 CVE-2023-20941 * tag 'ASB-2023-04-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' UPSTREAM: hid: bigben_probe(): validate report count UPSTREAM: HID: bigben: use spinlock to safely schedule workers BACKPORT: of: base: Skip CPU nodes with "fail"/"fail-..." status UPSTREAM: HID: bigben_worker() remove unneeded check on report_field UPSTREAM: HID: bigben: use spinlock to protect concurrent accesses UPSTREAM: hwrng: virtio - add an internal buffer UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems UPSTREAM: ext4: refuse to create ea block when umounted UPSTREAM: ext4: optimize ea_inode block expansion UPSTREAM: ext4: allocate extended attribute value in vmalloc area BACKPORT: FROMGIT: cgroup: Use separate src/dst nodes when preloading css_sets for migration Revert "iommu: Add gfp parameter to iommu_ops::map" Revert "iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map()" Revert "RDMA/usnic: use iommu_map_atomic() under spin_lock()" Linux 5.4.233 bpf: add missing header file include Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" ext4: Fix function prototype mismatch for ext4_feat_ktype wifi: mwifiex: Add missing compatible string for SD8787 uaccess: Add speculation barrier to copy_from_user() mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh drm/i915/gvt: fix double free bug in split_2MB_gtt_entry alarmtimer: Prevent starvation by small intervals and SIG_IGN powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception random: always mix cycle counter in add_latent_entropy() powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G wifi: rtl8xxxu: gen2: Turn on the rate control drm/etnaviv: don't truncate physical page address drm: etnaviv: fix common struct sg_table related issues scatterlist: add generic wrappers for iterating over sgtable objects dma-mapping: add generic helpers for mapping sgtable objects Linux 5.4.232 iommu/amd: Pass gfp flags to iommu_map_page() in amd_iommu_map() net: sched: sch: Fix off by one in htb_activate_prios() ASoC: SOF: Intel: hda-dai: fix possible stream_tag leak nilfs2: fix underflow in second superblock position calculations kvm: initialize all of the kvm_debugregs structure before sending it to userspace i40e: Add checking for null for nlmsg_find_attr() ipv6: Fix tcp socket connection with DSCP. ipv6: Fix datagram socket connection with DSCP. ixgbe: add double of VLAN header when computing the max MTU net: mpls: fix stale pointer if allocation fails during device rename net: stmmac: Restrict warning on disabling DMA store and fwd mode bnxt_en: Fix mqprio and XDP ring checking logic net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list net: bgmac: fix BCM5358 support by setting correct flags i40e: add double of VLAN header when computing the max MTU ixgbe: allow to increase MTU to 3K with XDP enabled revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" net: Fix unwanted sign extension in netdev_stats_to_stats64() Revert "mm: Always release pages to the buddy allocator in memblock_free_late()." hugetlb: check for undefined shift on 32 bit architectures sched/psi: Fix use-after-free in ep_remove_wait_queue() ALSA: hda/realtek - fixed wrong gpio assigned ALSA: hda/conexant: add a new hda codec SN6180 mmc: mmc_spi: fix error handling in mmc_spi_probe() mmc: sdio: fix possible resource leaks in some error paths ipv4: Fix incorrect route flushing when source address is deleted Revert "ipv4: Fix incorrect route flushing when source address is deleted" xfs: sync lazy sb accounting on quiesce of read-only mounts xfs: prevent UAF in xfs_log_item_in_current_chkpt xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks xfs: ensure inobt record walks always make forward progress xfs: fix missing CoW blocks writeback conversion retry xfs: only relog deferred intent items if free space in the log gets low xfs: expose the log push threshold xfs: periodically relog deferred intent items xfs: change the order in which child and parent defer ops are finished xfs: fix an incore inode UAF in xfs_bui_recover xfs: clean up xfs_bui_item_recover iget/trans_alloc/ilock ordering xfs: clean up bmap intent item recovery checking xfs: xfs_defer_capture should absorb remaining transaction reservation xfs: xfs_defer_capture should absorb remaining block reservations xfs: proper replay of deferred ops queued during log recovery xfs: fix finobt btree block recovery ordering xfs: log new intent items created as part of finishing recovered intent items xfs: refactor xfs_defer_finish_noroll xfs: turn dfp_intent into a xfs_log_item xfs: merge the ->diff_items defer op into ->create_intent xfs: merge the ->log_item defer op into ->create_intent xfs: factor out a xfs_defer_create_intent helper xfs: remove the xfs_inode_log_item_t typedef xfs: remove the xfs_efd_log_item_t typedef xfs: remove the xfs_efi_log_item_t typedef netfilter: nft_tproxy: restrict to prerouting hook btrfs: free device in btrfs_close_devices for a single device filesystem aio: fix mremap after fork null-deref nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association s390/decompressor: specify __decompress() buf len to avoid overflow net: sched: sch: Bounds check priority net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC net/rose: Fix to not accept on connected socket tools/virtio: fix the vringh test for virtio ring changes ASoC: cs42l56: fix DT probe selftests/bpf: Verify copy_register_state() preserves parent/live fields migrate: hugetlb: check for hugetlb shared PMD in node migration bpf: Always return target ifindex in bpf_fib_lookup nvme-pci: Move enumeration by class to be last in the table arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte ceph: flush cap releases when the session is flushed usb: typec: altmodes/displayport: Fix probe pin assign check usb: core: add quirk for Alcor Link AK9563 smartcard reader net: USB: Fix wrong-direction WARNING in plusb.c pinctrl: intel: Restore the pins that used to be in Direct IRQ mode pinctrl: single: fix potential NULL dereference pinctrl: aspeed: Fix confusing types in return value ALSA: pci: lx6464es: fix a debug loop selftests: forwarding: lib: quote the sysctl values rds: rds_rm_zerocopy_callback() use list_first_entry() ice: Do not use WQ_MEM_RECLAIM flag for workqueue ionic: clean interrupt before enabling queue to avoid credit race net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY bonding: fix error checking in bond_debug_reregister() xfrm: fix bug with DSCP copy to v6 from v4 tunnel RDMA/usnic: use iommu_map_atomic() under spin_lock() iommu: Add gfp parameter to iommu_ops::map IB/IPoIB: Fix legacy IPoIB due to wrong number of queues IB/hfi1: Restore allocated resources on failed copyout can: j1939: do not wait 250 ms if the same addr was already claimed tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() btrfs: zlib: zero-initialize zlib workspace btrfs: limit device extents to the device size iio:adc:twl6030: Enable measurement of VAC wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads f2fs: fix to do sanity check on i_extra_isize in is_alive() fbdev: smscufx: fix error handling code in ufx_usb_probe powerpc/imc-pmu: Revert nest_init_lock to being a mutex serial: 8250_dma: Fix DMA Rx rearm race serial: 8250_dma: Fix DMA Rx completion race xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() mm: swap: properly update readahead statistics in unuse_pte_range() nvmem: core: fix cell removal on error Squashfs: fix handling and sanity checking of xattr_ids count mm/swapfile: add cond_resched() in get_swap_pages() fpga: stratix10-soc: Fix return value check in s10_ops_write_init() mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps riscv: disable generation of unwind tables parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case parisc: Fix return code of pdc_iodc_print() iio:adc:twl6030: Enable measurements of VUSB, VBAT and others iio: adc: berlin2-adc: Add missing of_node_put() in error path iio: hid: fix the retval in accel_3d_capture_sample efi: Accept version 2 of memory attributes table watchdog: diag288_wdt: fix __diag288() inline assembly watchdog: diag288_wdt: do not use stack buffers for hardware data fbcon: Check font dimension limits Input: i8042 - add Clevo PCX0DX to i8042 quirk table Input: i8042 - add TUXEDO devices to i8042 quirk tables Input: i8042 - merge quirk tables Input: i8042 - move __initconst to fix code styling warning vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait usb: dwc3: qcom: enable vbus override when in OTG dr-mode usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API iio: adc: stm32-dfsdm: fill module aliases net/x25: Fix to not accept on connected socket i2c: rk3x: fix a bunch of kernel-doc warnings scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress scsi: target: core: Fix warning on RT kernels efi: fix potential NULL deref in efi_mem_reserve_persistent net: openvswitch: fix flow memory leak in ovs_flow_cmd_new virtio-net: Keep stop() to follow mirror sequence of open() selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning ata: libata: Fix sata_down_spd_limit() when no link speed is reported can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate net: phy: meson-gxl: Add generic dummy stubs for MMD register access squashfs: harden sanity check in squashfs_read_xattr_id_table netfilter: br_netfilter: disable sabotage_in hook after first suppression netrom: Fix use-after-free caused by accept on already connected socket fix "direction" argument of iov_iter_kvec() fix iov_iter_bvec() "direction" argument WRITE is "data source", not destination... scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT" arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region Linux 5.4.231 Revert "xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()" usb: host: xhci-plat: add wakeup entry at sysfs Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt ipv6: ensure sane device mtu in tunnels exit: Use READ_ONCE() for all oops/warn limit reads docs: Fix path paste-o for /sys/kernel/warn_count panic: Expose "warn_count" to sysfs panic: Introduce warn_limit panic: Consolidate open-coded panic_on_warn checks exit: Allow oops_limit to be disabled exit: Expose "oops_count" to sysfs exit: Put an upper limit on how often we can oops ia64: make IA64_MCA_RECOVERY bool instead of tristate csky: Fix function name in csky_alignment() and die() h8300: Fix build errors from do_exit() to make_task_dead() transition hexagon: Fix function name in die() objtool: Add a missing comma to avoid string concatenation exit: Add and use make_task_dead. mm: kasan: do not panic if both panic_on_warn and kasan_multishot set panic: unset panic_on_warn inside panic() sysctl: add a new register_sysctl_init() interface dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init blk-cgroup: fix missing pd_online_fn() while activating policy bpf: Skip task with pid=1 in send_signal_common() ARM: dts: imx: Fix pca9547 i2c-mux node name x86/asm: Fix an assembler warning with current binutils clk: Fix pointer casting to prevent oops in devm_clk_release() perf/x86/amd: fix potential integer overflow on shift of a int netfilter: conntrack: unify established states for SCTP paths x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL block: fix and cleanup bio_check_ro nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" net: mdio-mux-meson-g12a: force internal PHY off on mux switch net: xgene: Move shared header file into include/linux net/phy/mdio-i2c: Move header file to include/linux/mdio net/tg3: resolve deadlock in tg3_reset_task() during EEH thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() net: ravb: Fix possible hang if RIS2_QFF1 happen sctp: fail if no bound addresses can be used for a given scope net/sched: sch_taprio: do not schedule in taprio_reset() netrom: Fix use-after-free of a listening socket. netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE ipv4: prevent potential spectre v1 gadget in fib_metrics_match() ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() netlink: annotate data races around sk_state netlink: annotate data races around dst_portid and dst_group netlink: annotate data races around nlk->portid netfilter: nft_set_rbtree: skip elements in transaction from garbage collection net: fix UaF in netns ops registration error path netlink: prevent potential spectre v1 gadgets EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info EDAC/device: Respect any driver-supplied workqueue polling value ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment thermal: intel: int340x: Protect trip temperature from concurrent updates KVM: x86/vmx: Do not skip segment attributes if unusable bit is set cifs: Fix oops due to uncleared server->smbd_conn in reconnect ftrace/scripts: Update the instructions for ftrace-bisect.sh trace_events_hist: add check for return value of 'create_hist_field' tracing: Make sure trace_printk() can output as soon as it can be used module: Don't wait for GOING modules scsi: hpsa: Fix allocation size for scsi_host_alloc() Bluetooth: hci_sync: cancel cmd_timer if hci_open failed Revert "Revert "xhci: Set HCD flag to defer primary roothub registration"" fs: reiserfs: remove useless new_opts in reiserfs_remount netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci lockref: stop doing cpu_relax in the cmpxchg loop platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id KVM: s390: interrupt: use READ_ONCE() before cmpxchg() spi: spidev: remove debug messages that access spidev->spi without locking ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC cpufreq: armada-37xx: stop using 0 as NULL pointer s390/debug: add _ASM_S390_ prefix to header guard drm: Add orientation quirk for Lenovo ideapad D330-10IGL ASoC: fsl_micfil: Correct the number of steps on SX controls cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist tcp: fix rate_app_limited to default to 1 net: dsa: microchip: ksz9477: port map correction in ALU table entry register driver core: Fix test_async_probe_init saves device in wrong array w1: fix WARNING after calling w1_process() w1: fix deadloop in __w1_remove_master_device() tcp: avoid the lookup process failing to get sk in ehash table dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling dmaengine: xilinx_dma: use devm_platform_ioremap_resource() HID: betop: check shape of output reports net: macb: fix PTP TX timestamp failure due to packet padding dmaengine: Fix double increment of client_count in dma_chan_get() drm/panfrost: fix GENERIC_ATOMIC64 dependency net: mlx5: eliminate anonymous module_init & module_exit usb: gadget: f_fs: Ensure ep0req is dequeued before free_request usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait HID: revert CHERRY_MOUSE_000C quirk net: stmmac: fix invalid call to mdiobus_get_phy() HID: check empty report_list in bigben_probe() HID: check empty report_list in hid_validate_values() net: mdio: validate parameter addr in mdiobus_get_phy() net: usb: sr9700: Handle negative len l2tp: Don't sleep and disable BH under writer-side sk_callback_lock l2tp: Serialize access to sk_user_data with sk_callback_lock net: fix a concurrency bug in l2tp_tunnel_register() net/sched: sch_taprio: fix possible use-after-free wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs net: nfc: Fix use-after-free in local_cleanup() phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation amd-xgbe: Delay AN timeout during KR training amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent affs: initialize fsdata in affs_truncate() IB/hfi1: Fix expected receive setup error exit issues IB/hfi1: Reserve user expected TIDs IB/hfi1: Reject a zero-length user expected buffer RDMA/core: Fix ib block iterator counter overflow tomoyo: fix broken dependency on *.conf.default EDAC/highbank: Fix memory leak in highbank_mc_probe() HID: intel_ish-hid: Add check for ishtp_dma_tx_map ARM: imx: add missing of_node_put() ARM: imx35: Retrieve the IIM base address from devicetree ARM: imx31: Retrieve the IIM base address from devicetree ARM: imx27: Retrieve the SYSCTRL base address from devicetree ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() clk: Provide new devm_clk helpers for prepared and enabled clocks clk: generalize devm_clk_get() a bit Linux 5.4.230 mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix drm/amd/display: Fix set scaling doesn's work drm/i915: re-disable RC6p on Sandy Bridge gsmi: fix null-deref in gsmi_get_variable serial: atmel: fix incorrect baudrate setup dmaengine: tegra210-adma: fix global intr clear serial: pch_uart: Pass correct sg to dma_unmap_sg() dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() usb: gadget: g_webcam: Send color matching descriptor per frame usb: typec: altmodes/displayport: Fix pin assignment calculation usb: typec: altmodes/displayport: Add pin assignment helper usb: host: ehci-fsl: Fix module alias USB: serial: cp210x: add SCALANCE LPE-9000 device id USB: gadgetfs: Fix race between mounting and unmounting cifs: do not include page data when checking signature btrfs: fix race between quota rescan and disable leading to NULL pointer deref mmc: sunxi-mmc: Fix clock refcount imbalance during unbind comedi: adv_pci1760: Fix PWM instruction handling usb: core: hub: disable autosuspend for TI TUSB8041 misc: fastrpc: Fix use-after-free race condition for maps misc: fastrpc: Don't remove map on creater_process and device_release USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 USB: serial: option: add Quectel EM05CN modem USB: serial: option: add Quectel EM05CN (SG) modem USB: serial: option: add Quectel EC200U modem USB: serial: option: add Quectel EM05-G (RS) modem USB: serial: option: add Quectel EM05-G (CS) modem USB: serial: option: add Quectel EM05-G (GR) modem prlimit: do_prlimit needs to have a speculation check xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables usb: acpi: add helper to check port lpm capability using acpi _DSM xhci: Add a flag to disable USB3 lpm on a xhci root port level. xhci: Add update_hub_device override for PCI xHCI hosts xhci: Fix null pointer dereference when host dies usb: xhci: Check endpoint is valid before dereferencing it xhci-pci: set the dma max_seg_size ALSA: hda/realtek - Turn on power early drm/i915/gt: Reset twice efi: fix userspace infinite retry read efivars after EFI runtime services page fault nilfs2: fix general protection fault in nilfs_btree_insert() Add exception protection processing for vd in axi_chan_handle_err function wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices f2fs: let's avoid panic if extent_tree is not created RDMA/srp: Move large values to a new enum for gcc13 net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID pNFS/filelayout: Fix coalescing test for single DS Revert "net: add atomic_long_t to net_device_stats fields" Revert "PM/devfreq: governor: Add a private governor_data for governor" Linux 5.4.229 tipc: call tipc_lxc_xmit without holding node_read_lock ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown tipc: Add a missing case of TIPC_DIRECT_MSG type tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started tipc: fix use-after-free in tipc_disc_rcv() Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" mm: Always release pages to the buddy allocator in memblock_free_late(). efi: fix NULL-deref in init error path arm64: cmpxchg_double*: hazard against entire exchange variable arm64: atomics: remove LL/SC trampolines arm64: atomics: format whitespace consistently drm/virtio: Fix GEM handle creation UAF x86/resctrl: Fix task CLOSID/RMID update race x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() iommu/mediatek-v1: Add error handle for mtk_iommu_probe net/mlx5: Fix ptp max frequency adjustment range net/mlx5: Rename ptp clock info net/sched: act_mpls: Fix warning during failed attribute validation nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() hvc/xen: lock console list traversal tipc: fix unexpected link reset due to discovery messages tipc: eliminate checking netns if node established tipc: improve throughput between nodes in netns regulator: da9211: Use irq handler when ready EDAC/device: Fix period calculation in edac_device_reset_delay_period() x86/boot: Avoid using Intel mnemonics in AT&T syntax asm powerpc/imc-pmu: Fix use of mutex in IRQs disabled section netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. ext4: fix uninititialized value in 'ext4_evict_inode' ext4: fix use-after-free in ext4_orphan_cleanup ext4: lost matching-pair of trace in ext4_truncate ext4: fix bug_on in __es_tree_search caused by bad quota inode quota: Factor out setup of quota inode jbd2: use the correct print format usb: ulpi: defer ulpi_register on ulpi_read_id timeout wifi: wilc1000: sdio: fix module autoloading ipv6: raw: Deduct extension header length in rawv6_push_pending_frames ixgbe: fix pci device refcount leak platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe drm/msm/adreno: Make adreno quirks not overwrite each other cifs: Fix uninitialized memory read for smb311 posix symlink create ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF net/ulp: prevent ULP without clone op from entering the LISTEN status s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() s390/kexec: fix ipl report address for kdump perf auxtrace: Fix address filter duplicate symbol selection docs: Fix the docs build with Sphinx 6.0 efi: tpm: Avoid READ_ONCE() for accessing the event log KVM: arm64: Fix S1PTW handling on RO memslots net: sched: disallow noqueue for qdisc classes driver core: Fix bus_type.match() error handling in __driver_attach() selftests: set the BUILD variable to absolute path selftests: Fix kselftest O=objdir build from cluttering top level objdir parisc: Align parisc MADV_XXX constants with all other architectures mbcache: Avoid nesting of cache->c_list_lock under bit locks hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling hfs/hfsplus: use WARN_ON for sanity check ext4: don't allow journal inode to have encrypt flag riscv: uaccess: fix type of 0 variable on error in get_user() nfsd: fix handling of readdir in v4root vs. mount upcall timeout x86/bugs: Flush IBP in ib_prctl_set() ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet udf: Fix extension of the last extent in the file caif: fix memory leak in cfctrl_linkup_request() drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() usb: rndis_host: Secure rndis_query check against int overflow drivers/net/bonding/bond_3ad: return when there's no aggregator perf tools: Fix resources leak in perf_data__open_dir() net: sched: cbq: dont intepret cls results when asked to drop net: sched: atm: dont intepret cls results when asked to drop RDMA/mlx5: Fix validation of max_rd_atomic caps for DC RDMA/uverbs: Silence shiftTooManyBitsSigned warning net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe net: amd-xgbe: add missed tasklet_kill vhost: fix range used in translate_desc() nfc: Fix potential resource leaks qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure net: sched: fix memory leak in tcindex_set_parms net: hns3: add interrupts re-initialization while doing VF FLR nfsd: shut down the NFSv4 state objects before the filecache bpf: pull before calling skb_postpull_rcsum() SUNRPC: ensure the matching upcall is in-flight upon downcall ext4: fix deadlock due to mbcache entry corruption mbcache: automatically delete entries from cache on freeing ext4: fix race when reusing xattr blocks ext4: unindent codeblock in ext4_xattr_block_set() ext4: remove EA inode entry from mbcache on inode eviction mbcache: add functions to delete entry if unused mbcache: don't reclaim used entries ext4: use kmemdup() to replace kmalloc + memcpy fs: ext4: initialize fsdata in pagecache_write() ext4: use memcpy_to_page() in pagecache_write() mm/highmem: Lift memcpy_[to|from]_page to core ext4: correct inconsistent error msg in nojournal mode ext4: goto right label 'failed_mount3a' ravb: Fix "failed to switch device to config mode" message during unbind KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING KVM: VMX: Rename NMI_PENDING to NMI_WINDOW KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers KVM: x86: optimize more exit handlers in vmx.c perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor dm thin: resume even if in FAIL mode media: s5p-mfc: Fix in register read and write for H264 media: s5p-mfc: Clear workbit to handle error condition media: s5p-mfc: Fix to handle reference queue during finishing PM/devfreq: governor: Add a private governor_data for governor btrfs: replace strncpy() with strscpy() ext4: allocate extended attribute value in vmalloc area ext4: avoid unaccounted block allocation when expanding inode ext4: initialize quota before expanding inode in setproject ioctl ext4: fix inode leak in ext4_xattr_inode_create() on an error path ext4: avoid BUG_ON when creating xattrs ext4: fix error code return to user-space in ext4_get_branch() ext4: fix corruption when online resizing a 1K bigalloc fs ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline ext4: init quota for 'old.inode' in 'ext4_rename' ext4: fix bug_on in __es_tree_search caused by bad boot loader inode ext4: fix reserved cluster accounting in __es_remove_extent() ext4: add helper to check quota inums ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode ext4: fix undefined behavior in bit shift for ext4_check_flag_values ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop drm/vmwgfx: Validate the box size for the snooped cursor drm/connector: send hotplug uevent on connector cleanup device_cgroup: Roll back to original exceptions after copy failure parisc: led: Fix potential null-ptr-deref in start_task() iommu/amd: Fix ivrs_acpihid cmdline parsing code crypto: n2 - add missing hash statesize PCI/sysfs: Fix double free in error path PCI: Fix pci_device_is_present() for VFs by checking PF ipmi: fix use after free in _ipmi_destroy_user() ima: Fix a potential NULL pointer access in ima_restore_measurement_list mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() ipmi: fix long wait in unload when IPMI disconnect efi: Add iMac Pro 2017 to uefi skip cert quirk md/bitmap: Fix bitmap chunk size overflow issues cifs: fix missing display of three mount options cifs: fix confusing debug message media: dvb-core: Fix UAF due to refcount races at releasing media: dvb-core: Fix double free in dvb_register_device() ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line tracing/hist: Fix wrong return value in parse_action_params() x86/microcode/intel: Do not retry microcode reloading on the APs tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' dm cache: set needs_check flag after aborting metadata dm cache: Fix UAF in destroy() dm clone: Fix UAF in clone_dtr() dm integrity: Fix UAF in dm_integrity_dtr() dm thin: Fix UAF in run_timer_softirq() dm thin: Use last transaction's pmd->root when commit failed dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort binfmt: Fix error return code in load_elf_fdpic_binary() binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf cpufreq: Init completion before kobject_init_and_add() selftests: Use optional USERCFLAGS and USERLDFLAGS arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength ARM: ux500: do not directly dereference __iomem btrfs: fix resolving backrefs for inline extent followed by prealloc mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K ktest.pl minconfig: Unset configs instead of just removing them kest.pl: Fix grub2 menu handling for rebooting soc: qcom: Select REMAP_MMIO for LLCC driver media: stv0288: use explicitly signed char net/af_packet: make sure to pull mac header net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING f2fs: should put a page when checking the summary info mm, compaction: fix fast_isolate_around() to stay within boundaries md: fix a crash in mempool_free pnode: terminate at peers of source ALSA: line6: fix stack overflow in line6_midi_transmit ALSA: line6: correct midi status byte when receiving data from podxt ovl: Use ovl mounter's fsuid and fsgid in ovl_link() hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount HID: plantronics: Additional PIDs for double volume key presses quirk HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint powerpc/rtas: avoid scheduling in rtas_os_term() powerpc/rtas: avoid device tree lookups in rtas_os_term() objtool: Fix SEGFAULT nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition nvme: resync include/linux/nvme.h with nvmecli ata: ahci: Fix PCS quirk application for suspend nvme-pci: fix doorbell buffer value endianness cifs: fix oops during encryption media: dvbdev: fix refcnt bug media: dvbdev: fix build warning due to comments gcov: add support for checksum field regulator: core: fix deadlock on regulator enable iio: adc128s052: add proper .data members in adc128_of_match table iio: adc: ad_sigma_delta: do not use internal iio_dev lock reiserfs: Add missing calls to reiserfs_security_free() HID: wacom: Ensure bootloader PID is usable in hidraw mode usb: dwc3: core: defer probe on ulpi_read_id timeout ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion ASoC: rt5670: Remove unbalanced pm_runtime_put() ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() ASoC: wm8994: Fix potential deadlock ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() ASoC: Intel: Skylake: Fix driver hang during shutdown ALSA: hda: add snd_hdac_stop_streams() helper ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() clk: st: Fix memory leak in st_of_quadfs_setup() media: si470x: Fix use-after-free in si470x_int_in_callback() mmc: f-sdh30: Add quirks for broken timeout clock capability regulator: core: fix use_count leakage when handling boot-on blk-mq: fix possible memleak when register 'hctx' failed media: dvb-usb: fix memory leak in dvb_usb_adapter_init() media: dvbdev: adopts refcnt to avoid UAF media: dvb-frontends: fix leak of memory fw bpf: Prevent decl_tag from being referenced in func_proto arg ppp: associate skb with a device at tx mrp: introduce active flags to prevent UAF when applicant uninit net: add atomic_long_t to net_device_stats fields md/raid1: stop mdx_raid1 thread when raid1 array run failed drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() drm/sti: Use drm_mode_copy() drm/rockchip: Use drm_mode_copy() s390/lcs: Fix return type of lcs_start_xmit() s390/netiucv: Fix return type of netiucv_tx() s390/ctcm: Fix return type of ctc{mp,}m_tx() igb: Do not free q_vector unless new one was allocated wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() hamradio: baycom_epp: Fix return type of baycom_send_packet() net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() bpf: make sure skb->len != 0 when redirecting to a tunneling device ipmi: fix memleak when unload ipmi driver ASoC: codecs: rt298: Add quirk for KBL-R RVP platform wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out wifi: ath9k: verify the expected usb_endpoints are present brcmfmac: return error when getting invalid max_flowrings from dongle drm/etnaviv: add missing quirks for GC300 hfs: fix OOB Read in __hfs_brec_find acct: fix potential integer overflow in encode_comp_t() nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() ACPICA: Fix error code path in acpi_ds_call_control_method() fs: jfs: fix shift-out-of-bounds in dbDiscardAG udf: Avoid double brelse() in udf_rename() fs: jfs: fix shift-out-of-bounds in dbAllocAG binfmt_misc: fix shift-out-of-bounds in check_special_flags rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() net: stream: purge sk_error_queue in sk_stream_kill_queues() myri10ge: Fix an error handling path in myri10ge_probe() rxrpc: Fix missing unlock in rxrpc_do_sendmsg() net_sched: reject TCF_EM_SIMPLE case for complex ematch module mailbox: zynq-ipi: fix error handling while device_register() fails skbuff: Account for tail adjustment during pull operations openvswitch: Fix flow lookup to use unmasked key rtc: mxc_v2: Add missing clk_disable_unprepare() r6040: Fix kmemleak in probe and remove nfc: pn533: Clear nfc_target before being used mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure NFSD: Add tracepoints to NFSD's duplicate reply cache nfsd: Define the file access mode enum for tracing rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() pwm: sifive: Call pwm_sifive_update_clock() while mutex is held selftests/powerpc: Fix resource leaks powerpc/hv-gpci: Fix hv_gpci event list powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() powerpc/perf: callchain validate kernel stack pointer bounds powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() cxl: Fix refcount leak in cxl_calc_capp_routing powerpc/52xx: Fix a resource leak in an error handling path macintosh/macio-adb: check the return value of ioremap() macintosh: fix possible memory leak in macio_add_one_device() iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() iommu/amd: Fix pci device refcount leak in ppr_notifier() rtc: pcf85063: Fix reading alarm rtc: snvs: Allow a time difference on clock register read include/uapi/linux/swab: Fix potentially missing __always_inline RDMA/siw: Fix pointer cast warning power: supply: fix null pointer dereferencing in power_supply_get_battery_info HSI: omap_ssi_core: Fix error handling in ssi_init() perf symbol: correction while adjusting symbol perf trace: Handle failure when trace point folder is missed perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number perf trace: Add a strtoul() method to 'struct syscall_arg_fmt' perf trace: Allow associating scnprintf routines with well known arg names perf trace: Add the syscall_arg_fmt pointer to syscall_arg perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts variable perf trace: Return error if a system call doesn't exist power: supply: fix residue sysfs file in error handle route of __power_supply_register() HSI: omap_ssi_core: fix possible memory leak in ssi_probe() HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() fbdev: vermilion: decrease reference count in error path fbdev: via: Fix error in via_core_init() fbdev: pm2fb: fix missing pci_disable_device() fbdev: ssd1307fb: Drop optional dependency samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() tracing/hist: Fix issue of losting command info in error_log usb: storage: Add check for kcalloc i2c: ismt: Fix an out-of-bounds bug in ismt_access() vme: Fix error not catched in fake_init() staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() staging: rtl8192u: Fix use after free in ieee80211_rx() i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe chardev: fix error handling in cdev_device_add() mcb: mcb-parse: fix error handing in chameleon_parse_gdd() drivers: mcb: fix resource leak in mcb_probe() usb: gadget: f_hid: fix refcount leak on error path usb: gadget: f_hid: fix f_hidg lifetime vs cdev usb: gadget: f_hid: optional SETUP/SET_REPORT mode usb: roles: fix of node refcount leak in usb_role_switch_is_parent() counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() misc: ocxl: fix possible name leak in ocxl_file_register_afu() test_firmware: fix memory leak in test_firmware_init() serial: sunsab: Fix error handling in sunsab_init() serial: altera_uart: fix locking in polling mode tty: serial: altera_uart_{r,t}x_chars() need only uart_port tty: serial: clean up stop-tx part in altera_uart_tx_chars() serial: pch: Fix PCI device refcount leak in pch_request_dma() serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle. serial: amba-pl011: avoid SBSA UART accessing DMACR register usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() usb: typec: Check for ops->exit instead of ops->enter in altmode_exit staging: vme_user: Fix possible UAF in tsi148_dma_list_add usb: fotg210-udc: Fix ages old endianness issues uio: uio_dmem_genirq: Fix deadlock between irq config and handling uio: uio_dmem_genirq: Fix missing unlock in irq configuration vfio: platform: Do not pass return buffer to ACPI _RST method class: fix possible memory leak in __class_register() serial: tegra: Read DMA status before terminating tty: serial: tegra: Activate RX DMA transfer by request drivers: dio: fix possible memory leak in dio_init() IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces hwrng: geode - Fix PCI device refcount leak hwrng: amd - Fix PCI device refcount leak crypto: img-hash - Fix variable dereferenced before check 'hdev->req' orangefs: Fix sysfs not cleanup when dev init failed RDMA/hfi1: Fix error return code in parse_platform_config() crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() f2fs: avoid victim selection from previous victim section RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() scsi: snic: Fix possible UAF in snic_tgt_create() scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails scsi: ipr: Fix WARNING in ipr_init() scsi: fcoe: Fix possible name leak when device_register() fails scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() scsi: hpsa: Fix error handling in hpsa_add_sas_host() scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() crypto: tcrypt - Fix multibuffer skcipher speed test mem leak scsi: hpsa: Fix possible memory leak in hpsa_init_one() RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed crypto: ccree - Make cc_debugfs_global_fini() available for module init function RDMA/hfi: Decrease PCI device reference count in error path PCI: Check for alloc failure in pci_request_irq() crypto: ccree - Remove debugfs when platform_driver_register failed crypto: ccree - swap SHA384 and SHA512 larval hashes at build time scsi: scsi_debug: Fix a warning in resp_write_scat() RDMA/siw: Set defined status for work completion with undefined status RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port RDMA/siw: Fix immediate work request flush to completion queue f2fs: fix normal discard process RDMA/core: Fix order of nldev_exit call apparmor: Use pointer to struct aa_label for lbs_cred apparmor: Fix abi check to include v8 abi apparmor: fix lockdep warning when removing a namespace apparmor: fix a memleak in multi_transaction_new() stmmac: fix potential division by 0 Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() ntb_netdev: Use dev_kfree_skb_any() in interrupt context net: lan9303: Fix read error execution path can: tcan4x5x: Remove invalid write in clear_interrupts net: amd-xgbe: Check only the minimum speed for active/passive cables net: amd-xgbe: Fix logic around active and passive cables net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() net/tunnel: wait until all sk_user_data reader finish before releasing the sock net: farsync: Fix kmemleak when rmmods farsync ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload() net: defxx: Fix missing err handling in dfx_init() net: vmw_vsock: vmci: Check memcpy_from_msg() clk: socfpga: Fix memory leak in socfpga_gate_init() clk: socfpga: use clk_hw_register for a5/c5 clk: socfpga: clk-pll: Remove unused variable 'rc' blktrace: Fix output non-blktrace event when blk_classic option enabled wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode clk: samsung: Fix memory leak in _samsung_clk_register_pll() media: coda: Add check for kmalloc media: coda: Add check for dcoda_iram_alloc media: c8sectpfe: Add of_node_put() when breaking out of loop mmc: mmci: fix return value check of mmc_add_host() mmc: wbsd: fix return value check of mmc_add_host() mmc: via-sdmmc: fix return value check of mmc_add_host() mmc: meson-gx: fix return value check of mmc_add_host() mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc: atmel-mci: fix return value check of mmc_add_host() mmc: wmt-sdmmc: fix return value check of mmc_add_host() mmc: vub300: fix return value check of mmc_add_host() mmc: toshsd: fix return value check of mmc_add_host() mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc: pxamci: fix return value check of mmc_add_host() mmc: mxcmmc: fix return value check of mmc_add_host() mmc: moxart: fix return value check of mmc_add_host() mmc: alcor: fix return value check of mmc_add_host() NFSv4.x: Fail client initialisation if state manager thread can't run SUNRPC: Fix missing release socket in rpc_sockname() xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt media: saa7164: fix missing pci_disable_device() bpf, sockmap: fix race in sock_map_free() regulator: core: fix resource leak in regulator_register() configfs: fix possible memory leak in configfs_create_dir() hsr: Avoid double remove of a node. clk: qcom: clk-krait: fix wrong div2 functions regulator: core: fix module refcount leak in set_supply() wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE bonding: uninitialized variable in bond_miimon_inspect() bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data netfilter: conntrack: set icmpv6 redirects as RELATED ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() ASoC: mediatek: mt8173: Enable IRQ when pdata is ready wifi: iwlwifi: mvm: fix double free on tx path. ALSA: asihpi: fix missing pci_disable_device() NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn NFSv4.2: Fix initialisation of struct nfs4_label NFSv4.2: Fix a memory stomp in decode_attr_security_label NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd ASoC: dt-bindings: wcd9335: fix reset line polarity in example drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() media: dvb-core: Fix ignored return value in dvb_register_frontend() pinctrl: pinconf-generic: add missing of_node_put() clk: imx: replace osc_hdmi with dummy clk: imx8mn: correct the usb1_ctrl parent to be usb_bus media: imon: fix a race condition in send_packet() mtd: maps: pxa2xx-flash: fix memory leak in probe bonding: fix link recovery in mode 2 when updelay is nonzero bonding: Rename slave_arr to usable_slaves bonding: Export skip slave logic to function clk: rockchip: Fix memory leak in rockchip_clk_register_pll() regulator: core: use kfree_const() to free space conditionally ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT HID: hid-sensor-custom: set fixed size for custom attributes bpf: Move skb->len == 0 checks into __bpf_redirect media: videobuf-dma-contig: use dma_mmap_coherent media: platform: exynos4-is: Fix error handling in fimc_md_init() media: solo6x10: fix possible memory leak in solo_sysfs_init() Input: elants_i2c - properly handle the reset GPIO when power is off mtd: lpddr2_nvm: Fix possible null-ptr-deref wifi: ath10k: Fix return value in ath10k_pci_init() ima: Fix misuse of dereference of pointer in template_desc_init_fields() integrity: Fix memory leakage in keyring allocation error path amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() ASoC: pxa: fix null-pointer dereference in filter() drm/mediatek: Modify dpi power on/off sequence. drm/radeon: Add the missed acpi_put_table() to fix memory leak rxrpc: Fix ack.bufferSize to be 0 when generating an ack net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write() media: camss: Clean up received buffers on failed start of streaming wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port mtd: Fix device name leak when register device failed in add_mtd_device() bpf: propagate precision in ALU/ALU64 operations media: vivid: fix compose size exceed boundary ima: Handle -ESTALE returned by ima_filter_rule_match() ima: Fix fall-through warnings for Clang ima: Rename internal filter rule functions drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure spi: Update reference to struct spi_controller clk: renesas: r9a06g032: Repair grave increment error can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming can: kvaser_usb: Add struct kvaser_usb_busparams can: kvaser_usb_leaf: Fix bogus restart events can: kvaser_usb_leaf: Fix wrong CAN state after stopping can: kvaser_usb_leaf: Fix improved state not being reported can: kvaser_usb_leaf: Set Warning state even without bus errors can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device can: kvaser_usb: do not increase tx statistics when sending error message frames media: i2c: ad5820: Fix error path pata_ipx4xx_cf: Fix unsigned comparison with less than zero wifi: rtl8xxxu: Fix reading the vendor of combo chips wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() rapidio: devices: fix missing put_device in mport_cdev_open hfs: Fix OOB Write in hfs_asc2mac relay: fix type mismatch when allocating memory in relay_create_buf() eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD rapidio: fix possible UAF when kfifo_alloc() fails fs: sysv: Fix sysv_nblocks() returns wrong value MIPS: OCTEON: warn only once if deprecated link status is being used MIPS: BCM63xx: Add check for NULL for clk in clk_enable platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() PM: runtime: Do not call __rpm_callback() from rpm_idle() PM: runtime: Improve path in rpm_idle() when no callback xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() x86/xen: Fix memory leak in xen_init_lock_cpu() x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() xen/events: only register debug interrupt for 2-level events uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled rapidio: rio: fix possible name leak in rio_register_mport() rapidio: fix possible name leaks when rio_add_device() fails ocfs2: fix memory leak in ocfs2_mount_volume() ocfs2: rewrite error handling of ocfs2_fill_super ocfs2: ocfs2_mount_volume does cleanup job before return error debugfs: fix error when writing negative value to atomic_t debugfs file docs: fault-injection: fix non-working usage of negative values lib/notifier-error-inject: fix error when writing -errno to debugfs file libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value cpufreq: amd_freq_sensitivity: Add missing pci_dev_put() genirq/irqdesc: Don't try to remove non-existing sysfs files nfsd: don't call nfsd_file_put from client states seqfile display EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper() irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() PNP: fix name memory leak in pnp_alloc_dev() selftests/efivarfs: Add checking of the test return value MIPS: vpe-cmp: fix possible memory leak while module exiting MIPS: vpe-mt: fix possible memory leak while module exiting ocfs2: fix memory leak in ocfs2_stack_glue_init() lib/fonts: fix undefined behavior in bit shift for get_default_font proc: fixup uptime selftest timerqueue: Use rb_entry_safe() in timerqueue_getnext() perf: Fix possible memleak in pmu_dev_alloc() selftests/ftrace: event_triggers: wait longer for test_event_enable fs: don't audit the capability check in simple_xattr_list() PM: hibernate: Fix mistake in kerneldoc comment alpha: fix syscall entry in !AUDUT_SYSCALL case cpuidle: dt: Return the correct numbers of parsed idle states tpm/tpm_crb: Fix error message in __crb_relinquish_locality() pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP ARM: mmp: fix timer_read delay pstore/ram: Fix error return code in ramoops_probe() arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC ARM: dts: turris-omnia: Add switch port 6 node ARM: dts: turris-omnia: Add ethernet aliases ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name arm64: dts: mt2712-evb: Fix usb vbus regulators unit names arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names arm64: dts: mt2712e: Fix unit address for pinctrl node arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync arm: dts: spear600: Fix clcd interrupt drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias ARM: dts: qcom: apq8064: fix coresight compatible usb: musb: remove extra check in musb_gadget_vbus_draw net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Bluetooth: L2CAP: Fix u8 overflow HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E HID: ite: Add support for Acer S1002 keyboard-dock xen-netback: move removal of "hotplug-status" to the right place igb: Initialize mailbox message for VF reset USB: serial: f81534: fix division by zero on line-speed change USB: serial: f81232: fix division by zero on line-speed change USB: serial: cp210x: add Kamstrup RF sniffer PIDs USB: serial: option: add Quectel EM05-G modem usb: gadget: uvc: Prevent buffer overflow in setup handler udf: Fix extending file within last block udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size udf: Fix preallocation discarding at indirect extent boundary udf: Discard preallocation before extending file with a hole tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS ANDROID: Add more hvc devices for virtio-console. Revert "can: af_can: fix NULL pointer dereference in can_rcv_filter" ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark" Linux 5.4.228 ASoC: ops: Correct bounds check for second channel on SX controls can: mcba_usb: Fix termination command argument can: sja1000: fix size of OCR_MODE_MASK define pinctrl: meditatek: Startup with the IRQs disabled ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() nfp: fix use-after-free in area_cache_get() block: unhash blkdev part inode when the part is deleted mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page x86/smpboot: Move rcu_cpu_starting() earlier net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head Linux 5.4.227 can: esd_usb: Allow REC and TEC to return to zero net: mvneta: Fix an out of bounds check ipv6: avoid use-after-free in ip6_fragment() net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq() xen/netback: fix build warning ethernet: aeroflex: fix potential skb leak in greth_init_rings() ipv4: Fix incorrect route flushing when table ID 0 is used ipv4: Fix incorrect route flushing when source address is deleted tipc: Fix potential OOB in tipc_link_proto_rcv() net: hisilicon: Fix potential use-after-free in hix5hd2_rx() net: hisilicon: Fix potential use-after-free in hisi_femac_rx() net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq net: stmmac: fix "snps,axi-config" node property parsing nvme initialize core quirks before calling nvme_init_subsystem NFC: nci: Bounds check struct nfc_target arrays i40e: Disallow ip4 and ip6 l4_4_bytes i40e: Fix for VF MAC address 0 i40e: Fix not setting default xps_cpus after reset net: mvneta: Prevent out of bounds read in mvneta_config_rss() xen-netfront: Fix NULL sring after live migration net: encx24j600: Fix invalid logic in reading of MISTAT register net: encx24j600: Add parentheses to fix precedence mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload net: dsa: ksz: Check return value Bluetooth: Fix not cleanup led when bt_init fails Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() af_unix: Get user_ns from in_skb in unix_diag_get_exact(). igb: Allocate MSI-X vector when testing e1000e: Fix TX dispatch condition gpio: amd8111: Fix PCI device reference count leak drm/bridge: ti-sn65dsi86: Fix output polarity setting bug ca8210: Fix crash by zero initializing data ieee802154: cc2520: Fix error return code in cc2520_hw_init() can: af_can: fix NULL pointer dereference in can_rcv_filter HID: core: fix shift-out-of-bounds in hid_report_raw_event HID: hid-lg4ff: Add check for empty lbuf HID: usbhid: Add ALWAYS_POLL quirk for some mice drm/shmem-helper: Remove errant put in error path KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field mm/gup: fix gup_pud_range() for dax memcg: fix possible use-after-free in memcg_write_event_control() media: v4l2-dv-timings.c: fix too strict blanking sanity checks Revert "net: dsa: b53: Fix valid setting for MDB entries" xen/netback: don't call kfree_skb() with interrupts disabled xen/netback: do some code cleanup xen/netback: Ensure protocol headers don't fall in the non-linear area mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths mm/khugepaged: fix GUP-fast interaction by sending IPI mm/khugepaged: take the right locks for page table retraction net: usb: qmi_wwan: add u-blox 0x1342 composition 9p/xen: check logical size for buffer size fbcon: Use kzalloc() in fbcon_prepare_logo() regulator: twl6030: fix get status of twl6032 regulators ASoC: soc-pcm: Add NULL check in BE reparenting btrfs: send: avoid unaligned encoded writes when attempting to clone range ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event regulator: slg51000: Wait after asserting CS pin 9p/fd: Use P9_HDRSZ for header size ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name ARM: dts: rockchip: fix ir-receiver node names arm: dts: rockchip: fix node name for hym8563 rtc arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series Conflicts: Documentation/devicetree/bindings/phy/amlogic,meson-g12a-usb3-pcie-phy.yaml arch/arm64/boot/dts/vendor/bindings/phy/amlogic,g12a-usb3-pcie-phy.yaml arch/arm64/boot/dts/vendor/bindings/phy/amlogic,meson-g12a-usb3-pcie-phy.yaml arch/arm64/include/asm/atomic_ll_sc.h drivers/edac/qcom_edac.c drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c drivers/net/ethernet/stmicro/stmmac/stmmac_main.c drivers/usb/gadget/function/f_fs.c drivers/usb/host/xhci-plat.c sound/soc/soc-pcm.c Change-Id: I4e8cffcac6c78ecf1a16d24ee01551747552fdf2 |
||
|
Michael Bestas
|
c066ac93be
|
Merge tag 'ASB-2023-02-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2023-02-01 CVE-2022-39189 CVE-2022-39842 CVE-2022-41222 CVE-2023-20937 CVE-2023-20938 CVE-2022-0850 * tag 'ASB-2023-02-05_11-5.4' of https://android.googlesource.com/kernel/common: ANDROID: ABI: Cuttlefish Symbol update UPSTREAM: media: dvb-core: Fix UAF due to refcount races at releasing ANDROID: abi_gki_aarch64_qcom: Add hrtimer_sleeper_start_expires UPSTREAM: ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF ANDROID: Revert "tracing/ring-buffer: Have polling block on watermark" UPSTREAM: usb: gadget: f_hid: fix f_hidg lifetime vs cdev UPSTREAM: usb: gadget: f_hid: optional SETUP/SET_REPORT mode ANDROID: add TEST_MAPPING for net/, include/net UPSTREAM: nfp: fix use-after-free in area_cache_get() UPSTREAM: proc: avoid integer type confusion in get_proc_long UPSTREAM: proc: proc_skip_spaces() shouldn't think it is working on C strings ANDROID: usb: f_accessory: Check buffer size when initialised via composite BACKPORT: mm: don't be stuck to rmap lock on reclaim path ANDROID: Add more hvc devices for virtio-console. Revert "mmc: sdhci: Fix voltage switch delay" ANDROID: gki_defconfig: add CONFIG_FUNCTION_ERROR_INJECTION Linux 5.4.226 ipc/sem: Fix dangling sem_array access in semtimedop race v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails proc: proc_skip_spaces() shouldn't think it is working on C strings proc: avoid integer type confusion in get_proc_long mmc: sdhci: Fix voltage switch delay mmc: sdhci: use FIELD_GET for preset value bit masks char: tpm: Protect tpm_pm_suspend with locks Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend" x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM x86/pm: Add enumeration check before spec MSRs save/restore setup x86/tsx: Add a feature bit for TSX control MSR support nvme: ensure subsystem reset is single threaded nvme: restrict management ioctls to admin epoll: check for events when removing a timed out thread from the wait queue epoll: call final ep_events_available() check under the lock tracing/ring-buffer: Have polling block on watermark ipv4: Fix route deletion when nexthop info is not specified ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference selftests: net: fix nexthop warning cleanup double ip typo selftests: net: add delete nexthop route warning test Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled parisc: Increase FRAME_WARN to 2048 bytes on parisc xtensa: increase size of gcc stack frame check parisc: Increase size of gcc stack frame check iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() pinctrl: single: Fix potential division by zero ASoC: ops: Fix bounds check for _sx controls mm: Fix '.data.once' orphan section warning arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors tracing: Free buffers when a used dynamic event is removed mmc: sdhci-sprd: Fix no reset data and command after voltage switch mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check mmc: core: Fix ambiguous TRIM and DISCARD arg mmc: mmc_test: Fix removal of debugfs file pinctrl: intel: Save and restore pins in "direct IRQ" mode x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" error-injection: Add prompt for function error injection net/mlx5: DR, Fix uninitialized var warning hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() hwmon: (coretemp) Check for null before removing sysfs attrs net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed sctp: fix memory leak in sctp_stream_outq_migrate() packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE net: tun: Fix use-after-free in tun_detach() afs: Fix fileserver probe RTT handling net: hsr: Fix potential use-after-free dsa: lan9303: Correct stat name net: ethernet: nixge: fix NULL dereference net/9p: Fix a potential socket leak in p9_socket_open net: net_netdev: Fix error handling in ntb_netdev_init_module() net: phy: fix null-ptr-deref while probe() failed wifi: cfg80211: fix buffer overflow in elem comparison qlcnic: fix sleep-in-atomic-context bugs caused by msleep can: cc770: cc770_isa_probe(): add missing free_cc770dev() can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() net/mlx5e: Fix use-after-free when reverting termination table net/mlx5: Fix uninitialized variable bug in outlen_write() of: property: decrement node refcount in of_fwnode_get_reference_args() hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails hwmon: (i5500_temp) fix missing pci_disable_device() scripts/faddr2line: Fix regression in name resolution on ppc64le iio: light: rpr0521: add missing Kconfig dependencies iio: health: |
||
Greg Kroah-Hartman
|
e367c7b762 |
This is the 5.4.231 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPgo/YACgkQONu9yGCS aT4o0RAAlt2uWRXaiDW2cYi1dKAuqk8Iyf0tlonzDkSESy6Qy28rw62BIbBRHFNv ObPjlz4FgI9ZfSVBsolFjBACTXvzS/fPvvqBEVmWqLA0+cN0/RRsJ8AJYV+wxV4U j0h+asxtkaWxhPmsnr0FtVG6KnqMCZkYCJYzkEwMmGZqmhkvqZVtGO5Hxwa+pTuD A+EpvsRCeqK42GqM1nn14er7Cej2bX6eM+MX1vhA/rNGgf4OrHSs5CQaLWFioFUO VN1I2/aiC+iqpF8poPC4evDgko291s+QYvtIRqcfCGjJqpfwGDWA8xReZPXKD4+4 JeY0WXHxtbjg1B+FQKZR4ESYlZfBLejI94CN32VJ3uI6CV+VgIyJMBXQ1Vs09OeN IEighGiXTHezS5NvHQTL/Y3CSooWuCxIQMmJelSW6Kr7tLpZ4/GMr4V2RU0XO9tF l3SRR/Q+w8IRtPsNNbmTB9wWJxcuyTHavrl6mG2DUy86UbJhoxjyYj7XUpiVyzbc /UmbHLXdeg9QCayhiHtCvPfcJF8EWoqoYfKSTJrj3B2ysQo7aPVK3D2/cYGRQ80A EssOD3IzC+QiBb30TzGJzJ5xaIMcaDZb61Hs7afYkhYUjQyqoQEh6ZxS8x0SCHFE 8YsVkwNm47Iw9ySPhfIIZiTfxMcK8n2zN85rAlfonlWasblr9Ok= =uM6z -----END PGP SIGNATURE----- Merge 5.4.231 into android11-5.4-lts Changes in 5.4.231 clk: generalize devm_clk_get() a bit clk: Provide new devm_clk helpers for prepared and enabled clocks memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' ARM: imx27: Retrieve the SYSCTRL base address from devicetree ARM: imx31: Retrieve the IIM base address from devicetree ARM: imx35: Retrieve the IIM base address from devicetree ARM: imx: add missing of_node_put() HID: intel_ish-hid: Add check for ishtp_dma_tx_map EDAC/highbank: Fix memory leak in highbank_mc_probe() tomoyo: fix broken dependency on *.conf.default RDMA/core: Fix ib block iterator counter overflow IB/hfi1: Reject a zero-length user expected buffer IB/hfi1: Reserve user expected TIDs IB/hfi1: Fix expected receive setup error exit issues affs: initialize fsdata in affs_truncate() amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent amd-xgbe: Delay AN timeout during KR training bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() net: nfc: Fix use-after-free in local_cleanup() net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid net/sched: sch_taprio: fix possible use-after-free net: fix a concurrency bug in l2tp_tunnel_register() l2tp: Serialize access to sk_user_data with sk_callback_lock l2tp: Don't sleep and disable BH under writer-side sk_callback_lock net: usb: sr9700: Handle negative len net: mdio: validate parameter addr in mdiobus_get_phy() HID: check empty report_list in hid_validate_values() HID: check empty report_list in bigben_probe() net: stmmac: fix invalid call to mdiobus_get_phy() HID: revert CHERRY_MOUSE_000C quirk usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait usb: gadget: f_fs: Ensure ep0req is dequeued before free_request net: mlx5: eliminate anonymous module_init & module_exit drm/panfrost: fix GENERIC_ATOMIC64 dependency dmaengine: Fix double increment of client_count in dma_chan_get() net: macb: fix PTP TX timestamp failure due to packet padding HID: betop: check shape of output reports dmaengine: xilinx_dma: use devm_platform_ioremap_resource() dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() tcp: avoid the lookup process failing to get sk in ehash table w1: fix deadloop in __w1_remove_master_device() w1: fix WARNING after calling w1_process() driver core: Fix test_async_probe_init saves device in wrong array net: dsa: microchip: ksz9477: port map correction in ALU table entry register tcp: fix rate_app_limited to default to 1 cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist ASoC: fsl_micfil: Correct the number of steps on SX controls drm: Add orientation quirk for Lenovo ideapad D330-10IGL s390/debug: add _ASM_S390_ prefix to header guard cpufreq: armada-37xx: stop using 0 as NULL pointer ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets spi: spidev: remove debug messages that access spidev->spi without locking KVM: s390: interrupt: use READ_ONCE() before cmpxchg() scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK lockref: stop doing cpu_relax in the cmpxchg loop mmc: sdhci-esdhc-imx: clear pending interrupt and halt cqhci mmc: sdhci-esdhc-imx: disable the CMD CRC check for standard tuning mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting Revert "selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID" netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state fs: reiserfs: remove useless new_opts in reiserfs_remount Revert "Revert "xhci: Set HCD flag to defer primary roothub registration"" Bluetooth: hci_sync: cancel cmd_timer if hci_open failed scsi: hpsa: Fix allocation size for scsi_host_alloc() module: Don't wait for GOING modules tracing: Make sure trace_printk() can output as soon as it can be used trace_events_hist: add check for return value of 'create_hist_field' ftrace/scripts: Update the instructions for ftrace-bisect.sh cifs: Fix oops due to uncleared server->smbd_conn in reconnect KVM: x86/vmx: Do not skip segment attributes if unusable bit is set thermal: intel: int340x: Protect trip temperature from concurrent updates ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment EDAC/device: Respect any driver-supplied workqueue polling value EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info netlink: prevent potential spectre v1 gadgets net: fix UaF in netns ops registration error path netfilter: nft_set_rbtree: skip elements in transaction from garbage collection netlink: annotate data races around nlk->portid netlink: annotate data races around dst_portid and dst_group netlink: annotate data races around sk_state ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() ipv4: prevent potential spectre v1 gadget in fib_metrics_match() netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE netrom: Fix use-after-free of a listening socket. net/sched: sch_taprio: do not schedule in taprio_reset() sctp: fail if no bound addresses can be used for a given scope net: ravb: Fix possible hang if RIS2_QFF1 happen thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() net/tg3: resolve deadlock in tg3_reset_task() during EEH net/phy/mdio-i2c: Move header file to include/linux/mdio net: xgene: Move shared header file into include/linux net: mdio-mux-meson-g12a: force internal PHY off on mux switch Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted block: fix and cleanup bio_check_ro x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL netfilter: conntrack: unify established states for SCTP paths perf/x86/amd: fix potential integer overflow on shift of a int clk: Fix pointer casting to prevent oops in devm_clk_release() x86/asm: Fix an assembler warning with current binutils ARM: dts: imx: Fix pca9547 i2c-mux node name bpf: Skip task with pid=1 in send_signal_common() blk-cgroup: fix missing pd_online_fn() while activating policy dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init sysctl: add a new register_sysctl_init() interface panic: unset panic_on_warn inside panic() mm: kasan: do not panic if both panic_on_warn and kasan_multishot set exit: Add and use make_task_dead. objtool: Add a missing comma to avoid string concatenation hexagon: Fix function name in die() h8300: Fix build errors from do_exit() to make_task_dead() transition csky: Fix function name in csky_alignment() and die() ia64: make IA64_MCA_RECOVERY bool instead of tristate exit: Put an upper limit on how often we can oops exit: Expose "oops_count" to sysfs exit: Allow oops_limit to be disabled panic: Consolidate open-coded panic_on_warn checks panic: Introduce warn_limit panic: Expose "warn_count" to sysfs docs: Fix path paste-o for /sys/kernel/warn_count exit: Use READ_ONCE() for all oops/warn limit reads ipv6: ensure sane device mtu in tunnels Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt usb: host: xhci-plat: add wakeup entry at sysfs Revert "xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()" Linux 5.4.231 Change-Id: I0f670158dd88a589d5f56246d094d3392a1784f9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Masahiro Yamada
|
048c17b619 |
tomoyo: fix broken dependency on *.conf.default
[ Upstream commit eaf2213ba563b2d74a1f2c13a6b258273f689802 ]
If *.conf.default is updated, builtin-policy.h should be rebuilt,
but this does not work when compiled with O= option.
[Without this commit]
$ touch security/tomoyo/policy/exception_policy.conf.default
$ make O=/tmp security/tomoyo/
make[1]: Entering directory '/tmp'
GEN Makefile
CALL /home/masahiro/ref/linux/scripts/checksyscalls.sh
DESCEND objtool
make[1]: Leaving directory '/tmp'
[With this commit]
$ touch security/tomoyo/policy/exception_policy.conf.default
$ make O=/tmp security/tomoyo/
make[1]: Entering directory '/tmp'
GEN Makefile
CALL /home/masahiro/ref/linux/scripts/checksyscalls.sh
DESCEND objtool
POLICY security/tomoyo/builtin-policy.h
CC security/tomoyo/common.o
AR security/tomoyo/built-in.a
make[1]: Leaving directory '/tmp'
$(srctree)/ is essential because $(wildcard ) does not follow VPATH.
Fixes:
|
||
|
Greg Kroah-Hartman
|
68fdd20442 |
This is the 5.4.229 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPHzUQACgkQONu9yGCS
aT7QohAAtxV33qGSKGUdKMZk1JzIYuc8tAa+CHZhTi6xjTsoy1a5MlQGrj8a9YQ7
/5VvwslGSn29h/ThO/ai04CfeOsWugMtnuo4mT4+198DgH0CNQMlfWq2c25cCvY6
dIrrMTA7B2YhpdbjM4vkX8QIAxBVCHOVkseSammhMnujP7d+k4LtC6rRV4uiF+lD
cKtsIJn8h+pezBeo5+pjvcTwndaAoApVOES4uOjJcf9pYOOoHxyi+8StpiO+j2Pv
sRvkbvvmpS+IWAH+DMa3SAFI3C3AihX2Fu0rIFzUZByAviB1NmyWluX5mU54wW3R
P80fl0rQFwuygEBU1UqTXe4hQ8YYwpJGAQzbLR22a11IT2MSO+vMRINdqG1un2BE
T9hHix5R0JMeIN9AP7nKGBLrEZ3V6DqxEBz6ZC1sOUIIVQv93twtiwb0rNM0e7pq
PpkIXpwXPIgqFDGXrd0y5ksRT08jJUKCRttuRVWkcGX8adotngWnrl0WBI5zqSuo
B+x8X9Dw7YblJ6yQ+8mAZGk0Mj3j+cb4uhuRaz/6rqHmFOrbHm+JDXvPzZY65xy3
k8Ebtq5CxINLDwahfb/o13MgbmzMPPNPPp0cz23zOhm88OmwVzB4hAoB/1CfHZvF
XhSbZMVBhhP9hYr2gYl902EQeZGE5yjk5xhFT5Wrh7QoZaPW2XM=
=as6n
-----END PGP SIGNATURE-----
Merge 5.4.229 into android11-5.4-lts
Changes in 5.4.229
tracing/ring-buffer: Only do full wait when cpu != RING_BUFFER_ALL_CPUS
udf: Discard preallocation before extending file with a hole
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: option: add Quectel EM05-G modem
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: f81232: fix division by zero on line-speed change
USB: serial: f81534: fix division by zero on line-speed change
igb: Initialize mailbox message for VF reset
xen-netback: move removal of "hotplug-status" to the right place
HID: ite: Add support for Acer S1002 keyboard-dock
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch 10E
HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
Bluetooth: L2CAP: Fix u8 overflow
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
usb: musb: remove extra check in musb_gadget_vbus_draw
ARM: dts: qcom: apq8064: fix coresight compatible
arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync
soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: turris-omnia: Add switch port 6 node
arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
pstore/ram: Fix error return code in ramoops_probe()
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
selftests/ftrace: event_triggers: wait longer for test_event_enable
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
proc: fixup uptime selftest
lib/fonts: fix undefined behavior in bit shift for get_default_font
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
selftests/efivarfs: Add checking of the test return value
PNP: fix name memory leak in pnp_alloc_dev()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
nfsd: don't call nfsd_file_put from client states seqfile display
genirq/irqdesc: Don't try to remove non-existing sysfs files
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
docs: fault-injection: fix non-working usage of negative values
debugfs: fix error when writing negative value to atomic_t debugfs file
ocfs2: ocfs2_mount_volume does cleanup job before return error
ocfs2: rewrite error handling of ocfs2_fill_super
ocfs2: fix memory leak in ocfs2_mount_volume()
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
xen/events: only register debug interrupt for 2-level events
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
x86/xen: Fix memory leak in xen_init_lock_cpu()
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
PM: runtime: Improve path in rpm_idle() when no callback
PM: runtime: Do not call __rpm_callback() from rpm_idle()
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
MIPS: OCTEON: warn only once if deprecated link status is being used
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
relay: fix type mismatch when allocating memory in relay_create_buf()
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: rtl8xxxu: Fix reading the vendor of combo chips
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
media: i2c: ad5820: Fix error path
can: kvaser_usb: do not increase tx statistics when sending error message frames
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
clk: renesas: r9a06g032: Repair grave increment error
spi: Update reference to struct spi_controller
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
ima: Rename internal filter rule functions
ima: Fix fall-through warnings for Clang
ima: Handle -ESTALE returned by ima_filter_rule_match()
media: vivid: fix compose size exceed boundary
bpf: propagate precision in ALU/ALU64 operations
mtd: Fix device name leak when register device failed in add_mtd_device()
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
media: camss: Clean up received buffers on failed start of streaming
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
rxrpc: Fix ack.bufferSize to be 0 when generating an ack
drm/radeon: Add the missed acpi_put_table() to fix memory leak
drm/mediatek: Modify dpi power on/off sequence.
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
integrity: Fix memory leakage in keyring allocation error path
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: videobuf-dma-contig: use dma_mmap_coherent
bpf: Move skb->len == 0 checks into __bpf_redirect
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
regulator: core: use kfree_const() to free space conditionally
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
bonding: Export skip slave logic to function
bonding: Rename slave_arr to usable_slaves
bonding: fix link recovery in mode 2 when updelay is nonzero
mtd: maps: pxa2xx-flash: fix memory leak in probe
media: imon: fix a race condition in send_packet()
clk: imx8mn: correct the usb1_ctrl parent to be usb_bus
clk: imx: replace osc_hdmi with dummy
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
ASoC: dt-bindings: wcd9335: fix reset line polarity in example
ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix initialisation of struct nfs4_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
wifi: iwlwifi: mvm: fix double free on tx path.
ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
netfilter: conntrack: set icmpv6 redirects as RELATED
bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
bonding: uninitialized variable in bond_miimon_inspect()
spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
regulator: core: fix module refcount leak in set_supply()
clk: qcom: clk-krait: fix wrong div2 functions
hsr: Avoid double remove of a node.
configfs: fix possible memory leak in configfs_create_dir()
regulator: core: fix resource leak in regulator_register()
bpf, sockmap: fix race in sock_map_free()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
SUNRPC: Fix missing release socket in rpc_sockname()
NFSv4.x: Fail client initialisation if state manager thread can't run
mmc: alcor: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: pxamci: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: omap_hsmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
clk: socfpga: clk-pll: Remove unused variable 'rc'
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: Fix memory leak in socfpga_gate_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd-xgbe: Fix logic around active and passive cables
net: amd-xgbe: Check only the minimum speed for active/passive cables
can: tcan4x5x: Remove invalid write in clear_interrupts
net: lan9303: Fix read error execution path
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
apparmor: fix a memleak in multi_transaction_new()
apparmor: fix lockdep warning when removing a namespace
apparmor: Fix abi check to include v8 abi
apparmor: Use pointer to struct aa_label for lbs_cred
RDMA/core: Fix order of nldev_exit call
f2fs: fix normal discard process
RDMA/siw: Fix immediate work request flush to completion queue
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
RDMA/siw: Set defined status for work completion with undefined status
scsi: scsi_debug: Fix a warning in resp_write_scat()
crypto: ccree - swap SHA384 and SHA512 larval hashes at build time
crypto: ccree - Remove debugfs when platform_driver_register failed
PCI: Check for alloc failure in pci_request_irq()
RDMA/hfi: Decrease PCI device reference count in error path
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
f2fs: avoid victim selection from previous victim section
crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
RDMA/hfi1: Fix error return code in parse_platform_config()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Read DMA status before terminating
class: fix possible memory leak in __class_register()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: pch: Fix PCI device refcount leak in pch_request_dma()
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
serial: altera_uart: fix locking in polling mode
serial: sunsab: Fix error handling in sunsab_init()
test_firmware: fix memory leak in test_firmware_init()
misc: ocxl: fix possible name leak in ocxl_file_register_afu()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: fix refcount leak on error path
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
tracing/hist: Fix issue of losting command info in error_log
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
perf trace: Return error if a system call doesn't exist
perf trace: Separate 'struct syscall_fmt' definition from syscall_fmts variable
perf trace: Factor out the initialization of syscal_arg_fmt->scnprintf
perf trace: Add the syscall_arg_fmt pointer to syscall_arg
perf trace: Allow associating scnprintf routines with well known arg names
perf trace: Add a strtoul() method to 'struct syscall_arg_fmt'
perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
perf trace: Handle failure when trace point folder is missed
perf symbol: correction while adjusting symbol
HSI: omap_ssi_core: Fix error handling in ssi_init()
power: supply: fix null pointer dereferencing in power_supply_get_battery_info
RDMA/siw: Fix pointer cast warning
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
rtc: pcf85063: Fix reading alarm
iommu/amd: Fix pci device refcount leak in ppr_notifier()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
nfsd: Define the file access mode enum for tracing
NFSD: Add tracepoints to NFSD's duplicate reply cache
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
rtc: mxc_v2: Add missing clk_disable_unprepare()
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
mailbox: zynq-ipi: fix error handling while device_register() fails
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
drm/etnaviv: add missing quirks for GC300
brcmfmac: return error when getting invalid max_flowrings from dongle
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
ipmi: fix memleak when unload ipmi driver
bpf: make sure skb->len != 0 when redirecting to a tunneling device
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/rockchip: Use drm_mode_copy()
drm/sti: Use drm_mode_copy()
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
net: add atomic_long_t to net_device_stats fields
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
bpf: Prevent decl_tag from being referenced in func_proto arg
media: dvb-frontends: fix leak of memory fw
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
regulator: core: fix use_count leakage when handling boot-on
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
ALSA: hda: add snd_hdac_stop_streams() helper
ASoC: Intel: Skylake: Fix driver hang during shutdown
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
usb: dwc3: core: defer probe on ulpi_read_id timeout
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
iio: adc128s052: add proper .data members in adc128_of_match table
regulator: core: fix deadlock on regulator enable
gcov: add support for checksum field
media: dvbdev: fix build warning due to comments
media: dvbdev: fix refcnt bug
cifs: fix oops during encryption
nvme-pci: fix doorbell buffer value endianness
ata: ahci: Fix PCS quirk application for suspend
nvme: resync include/linux/nvme.h with nvmecli
nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
objtool: Fix SEGFAULT
powerpc/rtas: avoid device tree lookups in rtas_os_term()
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mm, compaction: fix fast_isolate_around() to stay within boundaries
f2fs: should put a page when checking the summary info
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
net/af_packet: make sure to pull mac header
media: stv0288: use explicitly signed char
soc: qcom: Select REMAP_MMIO for LLCC driver
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl minconfig: Unset configs instead of just removing them
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
btrfs: fix resolving backrefs for inline extent followed by prealloc
ARM: ux500: do not directly dereference __iomem
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
selftests: Use optional USERCFLAGS and USERLDFLAGS
cpufreq: Init completion before kobject_init_and_add()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
binfmt: Fix error return code in load_elf_fdpic_binary()
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm integrity: Fix UAF in dm_integrity_dtr()
dm clone: Fix UAF in clone_dtr()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
x86/microcode/intel: Do not retry microcode reloading on the APs
tracing/hist: Fix wrong return value in parse_action_params()
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
media: dvb-core: Fix UAF due to refcount races at releasing
cifs: fix confusing debug message
cifs: fix missing display of three mount options
md/bitmap: Fix bitmap chunk size overflow issues
efi: Add iMac Pro 2017 to uefi skip cert quirk
ipmi: fix long wait in unload when IPMI disconnect
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix use after free in _ipmi_destroy_user()
PCI: Fix pci_device_is_present() for VFs by checking PF
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
ext4: add helper to check quota inums
ext4: fix reserved cluster accounting in __es_remove_extent()
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: initialize quota before expanding inode in setproject ioctl
ext4: avoid unaccounted block allocation when expanding inode
ext4: allocate extended attribute value in vmalloc area
btrfs: replace strncpy() with strscpy()
PM/devfreq: governor: Add a private governor_data for governor
media: s5p-mfc: Fix to handle reference queue during finishing
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix in register read and write for H264
dm thin: resume even if in FAIL mode
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
KVM: x86: optimize more exit handlers in vmx.c
KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
KVM: VMX: Rename INTERRUPT_PENDING to INTERRUPT_WINDOW
KVM: VMX: Rename NMI_PENDING to NMI_WINDOW
KVM: VMX: Fix the spelling of CPU_BASED_USE_TSC_OFFSETTING
KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
ravb: Fix "failed to switch device to config mode" message during unbind
ext4: goto right label 'failed_mount3a'
ext4: correct inconsistent error msg in nojournal mode
mm/highmem: Lift memcpy_[to|from]_page to core
ext4: use memcpy_to_page() in pagecache_write()
fs: ext4: initialize fsdata in pagecache_write()
ext4: use kmemdup() to replace kmalloc + memcpy
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
ext4: remove EA inode entry from mbcache on inode eviction
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
mbcache: automatically delete entries from cache on freeing
ext4: fix deadlock due to mbcache entry corruption
SUNRPC: ensure the matching upcall is in-flight upon downcall
bpf: pull before calling skb_postpull_rcsum()
nfsd: shut down the NFSv4 state objects before the filecache
net: hns3: add interrupts re-initialization while doing VF FLR
net: sched: fix memory leak in tcindex_set_parms
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
nfc: Fix potential resource leaks
vhost: fix range used in translate_desc()
net: amd-xgbe: add missed tasklet_kill
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
RDMA/uverbs: Silence shiftTooManyBitsSigned warning
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: sched: atm: dont intepret cls results when asked to drop
net: sched: cbq: dont intepret cls results when asked to drop
perf tools: Fix resources leak in perf_data__open_dir()
drivers/net/bonding/bond_3ad: return when there's no aggregator
usb: rndis_host: Secure rndis_query check against int overflow
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
caif: fix memory leak in cfctrl_linkup_request()
udf: Fix extension of the last extent in the file
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
x86/bugs: Flush IBP in ib_prctl_set()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
riscv: uaccess: fix type of 0 variable on error in get_user()
ext4: don't allow journal inode to have encrypt flag
hfs/hfsplus: use WARN_ON for sanity check
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
mbcache: Avoid nesting of cache->c_list_lock under bit locks
parisc: Align parisc MADV_XXX constants with all other architectures
selftests: Fix kselftest O=objdir build from cluttering top level objdir
selftests: set the BUILD variable to absolute path
driver core: Fix bus_type.match() error handling in __driver_attach()
net: sched: disallow noqueue for qdisc classes
KVM: arm64: Fix S1PTW handling on RO memslots
efi: tpm: Avoid READ_ONCE() for accessing the event log
docs: Fix the docs build with Sphinx 6.0
perf auxtrace: Fix address filter duplicate symbol selection
s390/kexec: fix ipl report address for kdump
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
net/ulp: prevent ULP without clone op from entering the LISTEN status
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
cifs: Fix uninitialized memory read for smb311 posix symlink create
drm/msm/adreno: Make adreno quirks not overwrite each other
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
ixgbe: fix pci device refcount leak
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
wifi: wilc1000: sdio: fix module autoloading
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
jbd2: use the correct print format
quota: Factor out setup of quota inode
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: lost matching-pair of trace in ext4_truncate
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: fix uninititialized value in 'ext4_evict_inode'
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
regulator: da9211: Use irq handler when ready
tipc: improve throughput between nodes in netns
tipc: eliminate checking netns if node established
tipc: fix unexpected link reset due to discovery messages
hvc/xen: lock console list traversal
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
net/sched: act_mpls: Fix warning during failed attribute validation
net/mlx5: Rename ptp clock info
net/mlx5: Fix ptp max frequency adjustment range
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
x86/resctrl: Fix task CLOSID/RMID update race
drm/virtio: Fix GEM handle creation UAF
arm64: atomics: format whitespace consistently
arm64: atomics: remove LL/SC trampolines
arm64: cmpxchg_double*: hazard against entire exchange variable
efi: fix NULL-deref in init error path
mm: Always release pages to the buddy allocator in memblock_free_late().
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
tipc: fix use-after-free in tipc_disc_rcv()
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
tipc: Add a missing case of TIPC_DIRECT_MSG type
ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
tipc: call tipc_lxc_xmit without holding node_read_lock
Linux 5.4.229
Change-Id: If8e35d5d3e707352766ae3e4b665fd2369d9382b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Wang Weiyang
|
fbfd6dee52 |
device_cgroup: Roll back to original exceptions after copy failure
commit e68bfbd3b3c3a0ec3cf8c230996ad8cabe90322f upstream.
When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's
exceptions will be cleaned and A's behavior is changed to
DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's
whitelist. If copy failure occurs, just return leaving A to grant
permissions to all devices. And A may grant more permissions than
parent.
Backup A's whitelist and recover original exceptions after copy
failure.
Cc: stable@vger.kernel.org
Fixes:
|
||
Huaxin Lu
|
cf19abbe4b |
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
commit 11220db412edae8dba58853238f53258268bdb88 upstream.
In restore_template_fmt, when kstrdup fails, a non-NULL value will still be
returned, which causes a NULL pointer access in template_desc_init_fields.
Fixes:
|
||
Aditya Garg
|
d4f48c648a |
efi: Add iMac Pro 2017 to uefi skip cert quirk
commit 0be56a116220f9e5731a6609e66a11accfe8d8e2 upstream. The iMac Pro 2017 is also a T2 Mac. Thus add it to the list of uefi skip cert. Cc: stable@vger.kernel.org Fixes: 155ca952c7ca ("efi: Do not import certificates from UEFI Secure Boot for T2 Macs") Link: https://lore.kernel.org/linux-integrity/9D46D92F-1381-4F10-989C-1A12CD2FFDD8@live.com/ Signed-off-by: Aditya Garg <gargaditya08@live.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Xiu Jianfeng
|
3339d808b6 |
apparmor: Use pointer to struct aa_label for lbs_cred
[ Upstream commit 37923d4321b1e38170086da2c117f78f2b0f49c6 ]
According to the implementations of cred_label() and set_cred_label(),
we should use pointer to struct aa_label for lbs_cred instead of struct
aa_task_ctx, this patch fixes it.
Fixes:
|
||
John Johansen
|
f7368ac846 |
apparmor: Fix abi check to include v8 abi
[ Upstream commit 1b5a6198f5a9d0aa5497da0dc4bcd4fc166ee516 ]
The v8 abi is supported by the kernel but the userspace supported
version check does not allow for it. This was missed when v8 was added
due to a bug in the userspace compiler which was setting an older abi
version for v8 encoding (which is forward compatible except on the
network encoding). However it is possible to detect the network
encoding by checking the policydb network support which the code
does. The end result was that missing the abi flag worked until
userspace was fixed and began correctly checking for the v8 abi
version.
Fixes:
|
||
|
John Johansen
|
e1a68ac015 |
apparmor: fix lockdep warning when removing a namespace
[ Upstream commit 9c4557efc558a68e4cd973490fd936d6e3414db8 ]
Fix the following lockdep warning
[ 1119.158984] ============================================
[ 1119.158988] WARNING: possible recursive locking detected
[ 1119.158996] 6.0.0-rc1+ #257 Tainted: G E N
[ 1119.158999] --------------------------------------------
[ 1119.159001] bash/80100 is trying to acquire lock:
[ 1119.159007] ffff88803e79b4a0 (&ns->lock/1){+.+.}-{4:4}, at: destroy_ns.part.0+0x43/0x140
[ 1119.159028]
but task is already holding lock:
[ 1119.159030] ffff8881009764a0 (&ns->lock/1){+.+.}-{4:4}, at: aa_remove_profiles+0x3f0/0x640
[ 1119.159040]
other info that might help us debug this:
[ 1119.159042] Possible unsafe locking scenario:
[ 1119.159043] CPU0
[ 1119.159045] ----
[ 1119.159047] lock(&ns->lock/1);
[ 1119.159051] lock(&ns->lock/1);
[ 1119.159055]
*** DEADLOCK ***
Which is caused by an incorrect lockdep nesting notation
Fixes:
|
||
Gaosheng Cui
|
eb0f78e28c |
apparmor: fix a memleak in multi_transaction_new()
[ Upstream commit c73275cf6834787ca090317f1d20dbfa3b7f05aa ]
In multi_transaction_new(), the variable t is not freed or passed out
on the failure of copy_from_user(t->data, buf, size), which could lead
to a memleak.
Fix this bug by adding a put_multi_transaction(t) in the error path.
Fixes:
|
||
|
Xiu Jianfeng
|
8176538866 |
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
[ Upstream commit 25369175ce84813dd99d6604e710dc2491f68523 ]
The input parameter @fields is type of struct ima_template_field ***, so
when allocates array memory for @fields, the size of element should be
sizeof(**field) instead of sizeof(*field).
Actually the original code would not cause any runtime error, but it's
better to make it logically right.
Fixes:
|
||
GUO Zihua
|
9b7c44885a |
integrity: Fix memory leakage in keyring allocation error path
[ Upstream commit 39419ef7af0916cc3620ecf1ed42d29659109bf3 ]
Key restriction is allocated in integrity_init_keyring(). However, if
keyring allocation failed, it is not freed, causing memory leaks.
Fixes:
|
||
|
GUO Zihua
|
38d48fd224 |
ima: Handle -ESTALE returned by ima_filter_rule_match()
[ Upstream commit c7423dbdbc9ecef7fff5239d144cad4b9887f4de ]
IMA relies on the blocking LSM policy notifier callback to update the
LSM based IMA policy rules.
When SELinux update its policies, IMA would be notified and starts
updating all its lsm rules one-by-one. During this time, -ESTALE would
be returned by ima_filter_rule_match() if it is called with a LSM rule
that has not yet been updated. In ima_match_rules(), -ESTALE is not
handled, and the LSM rule is considered a match, causing extra files
to be measured by IMA.
Fix it by re-initializing a temporary rule if -ESTALE is returned by
ima_filter_rule_match(). The origin rule in the rule list would be
updated by the LSM policy notifier callback.
Fixes:
|
||
Gustavo A. R. Silva
|
ecd0a6f81a |
ima: Fix fall-through warnings for Clang
[ Upstream commit 28073eb09c5aa29e879490edb88cfd3e7073821e ] In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple warnings by explicitly adding multiple break statements instead of just letting the code fall through to the next case. Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Stable-dep-of: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Tyler Hicks
|
55e2430e43 |
ima: Rename internal filter rule functions
[ Upstream commit b8867eedcf76caef8ae6412da97cd9abfd092ff8 ]
Rename IMA's internal filter rule functions from security_filter_rule_*()
to ima_filter_rule_*(). This avoids polluting the security_* namespace,
which is typically reserved for general security subsystem
infrastructure.
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Suggested-by: Casey Schaufler <casey@schaufler-ca.com>
[zohar@linux.ibm.com: reword using the term "filter", not "audit"]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Stable-dep-of: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Michael Bestas
|
635c74d37d
|
Merge tag 'ASB-2022-12-05_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2022-12-01 CVE-2022-23960 * tag 'ASB-2022-12-05_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: bpf: Ensure correct locking around vulnerable function find_vpid() UPSTREAM: HID: roccat: Fix use-after-free in roccat_read() ANDROID: arm64: mm: perform clean & invalidation in __dma_map_area UPSTREAM: mmc: hsq: Fix data stomping during mmc recovery UPSTREAM: pinctrl: sunxi: Fix name for A100 R_PIO BACKPORT: mmc: core: Fix UHS-I SD 1.8V workaround branch UPSTREAM: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression UPSTREAM: wifi: mac80211_hwsim: set virtio device ready in probe() BACKPORT: f2fs: don't use casefolded comparison for "." and ".." UPSTREAM: Revert "mm/cma.c: remove redundant cma_mutex lock" UPSTREAM: usb: dwc3: Try usb-role-switch first in dwc3_drd_init BACKPORT: usb: typec: ucsi: Fix reuse of completion structure BACKPORT: tipc: fix incorrect order of state message data sanity check UPSTREAM: net: fix up skbs delta_truesize in UDP GRO frag_list UPSTREAM: cgroup-v1: Correct privileges check in release_agent writes UPSTREAM: mm: don't try to NUMA-migrate COW pages that have other uses UPSTREAM: usb: raw-gadget: fix handling of dual-direction-capable endpoints UPSTREAM: selinux: check return value of sel_make_avc_files UPSTREAM: usb: musb: select GENERIC_PHY instead of depending on it BACKPORT: driver core: Fix error return code in really_probe() UPSTREAM: fscrypt: fix derivation of SipHash keys on big endian CPUs BACKPORT: fscrypt: rename FS_KEY_DERIVATION_NONCE_SIZE UPSTREAM: socionext: account for napi_gro_receive never returning GRO_DROP UPSTREAM: net: socionext: netsec: fix xdp stats accounting BACKPORT: fs: align IOCB_* flags with RWF_* flags UPSTREAM: efi: capsule-loader: Fix use-after-free in efi_capsule_write BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro UPSTREAM: drm/meson: Fix overflow implicit truncation warnings UPSTREAM: irqchip/tegra: Fix overflow implicit truncation warnings UPSTREAM: video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write ANDROID: GKI: db845c: Update symbols list and ABI Linux 5.4.219 wifi: mac80211: fix MBSSID parsing use-after-free wifi: mac80211: don't parse mbssid in assoc response mac80211: mlme: find auth challenge directly Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Linux 5.4.218 Input: xpad - fix wireless 360 controller breaking after suspend Input: xpad - add supported devices as contributed on github wifi: cfg80211: update hidden BSSes to avoid WARN_ON wifi: mac80211_hwsim: avoid mac80211 warning on bad rate wifi: cfg80211: avoid nontransmitted BSS list corruption wifi: cfg80211: fix BSS refcounting bugs wifi: cfg80211: ensure length byte is present before access wifi: cfg80211/mac80211: reject bad MBSSID elements wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() random: use expired timer rather than wq for mixing fast pool random: avoid reading two cache lines on irq randomness random: restore O_NONBLOCK support USB: serial: qcserial: add new usb-id for Dell branded EM7455 scsi: stex: Properly zero out the passthrough command structure efi: Correct Macmini DMI match in uefi cert quirk ALSA: hda: Fix position reporting on Poulsbo random: clamp credited irq bits to maximum mixed ceph: don't truncate file in atomic_open nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() rpmsg: qcom: glink: replace strncpy() with strscpy_pad() mmc: core: Terminate infinite loop in SD-UHS voltage switch mmc: core: Replace with already defined values for readability USB: serial: ftdi_sio: fix 300 bps rate for SIO usb: mon: make mmapped memory read only arch: um: Mark the stack non-executable to fix a binutils warning um: Cleanup compiler warning in arch/x86/um/tls_32.c um: Cleanup syscall_handler_t cast in syscalls_32.h net/ieee802154: fix uninit value bug in dgram_sendmsg scsi: qedf: Fix a UAF bug in __qedf_probe() ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property firmware: arm_scmi: Add SCMI PM driver remove routine fs: fix UAF/GPF bug in nilfs_mdt_destroy perf tools: Fixup get_current_dir_name() compilation mm: pagewalk: Fix race between unmap and page walker Linux 5.4.217 docs: update mediator information in CoC docs Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 Revert "drm/amdgpu: use dirty framebuffer helper" xfs: remove unused variable 'done' xfs: fix uninitialized variable in xfs_attr3_leaf_inactive xfs: streamline xfs_attr3_leaf_inactive xfs: move incore structures out of xfs_da_format.h xfs: fix memory corruption during remote attr value buffer invalidation xfs: refactor remote attr value buffer invalidation xfs: fix IOCB_NOWAIT handling in xfs_file_dio_aio_read xfs: fix s_maxbytes computation on 32-bit kernels xfs: truncate should remove all blocks, not just to the end of the page cache xfs: introduce XFS_MAX_FILEOFF xfs: fix misuse of the XFS_ATTR_INCOMPLETE flag x86/speculation: Add RSB VM Exit protections x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current x86/speculation: Disable RRSBA behavior x86/bugs: Add Cannon lake to RETBleed affected CPU list x86/cpu/amd: Enumerate BTC_NO x86/common: Stamp out the stepping madness x86/speculation: Fill RSB on vmexit for IBRS KVM: VMX: Fix IBRS handling after vmexit KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS KVM: VMX: Convert launched argument to flags KVM: VMX: Flatten __vmx_vcpu_run() KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S x86/speculation: Remove x86_spec_ctrl_mask x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit x86/speculation: Fix SPEC_CTRL write on SMT state change x86/speculation: Fix firmware entry SPEC_CTRL handling x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n x86/speculation: Change FILL_RETURN_BUFFER to work with objtool intel_idle: Disable IBRS during long idle x86/bugs: Report Intel retbleed vulnerability x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS x86/bugs: Optimize SPEC_CTRL MSR writes x86/entry: Add kernel IBRS implementation x86/entry: Remove skip_r11rcx x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value x86/bugs: Add AMD retbleed= boot parameter x86/bugs: Report AMD retbleed vulnerability x86/cpufeatures: Move RETPOLINE flags to word 11 x86/kvm/vmx: Make noinstr clean x86/cpu: Add a steppings field to struct x86_cpu_id x86/cpu: Add consistent CPU match macros x86/devicetable: Move x86 specific macro out of generic code Revert "x86/cpu: Add a steppings field to struct x86_cpu_id" Revert "x86/speculation: Add RSB VM Exit protections" Linux 5.4.216 clk: iproc: Do not rely on node name for correct PLL setup clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks selftests: Fix the if conditions of in test_extra_filter() nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices nvme: add new line after variable declatation usbnet: Fix memory leak in usbnet_disconnect() Input: melfas_mip4 - fix return value check in mip4_probe() Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" soc: sunxi: sram: Fix debugfs info for A64 SRAM C soc: sunxi: sram: Fix probe function ordering issues soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() soc: sunxi: sram: Prevent the driver from being unbound soc: sunxi: sram: Actually claim SRAM regions ARM: dts: am33xx: Fix MMCHS0 dma properties ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver media: dvb_vb2: fix possible out of bound access mm: fix madivse_pageout mishandling on non-LRU page mm/migrate_device.c: flush TLB while holding PTL mm: prevent page_frag_alloc() from corrupting the memory mm/page_alloc: fix race condition between build_all_zonelists and page allocation mmc: moxart: fix 4-bit bus width and remove 8-bit bus width libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 Revert "net: mvpp2: debugfs: fix memory leak when using debugfs_lookup()" ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() ARM: dts: integrator: Tag PCI host with device_type clk: ingenic-tcu: Properly enable registers before accessing timers net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 uas: ignore UAS for Thinkplus chips usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS uas: add no-uas quirk for Hiksemi usb_disk Linux 5.4.215 ext4: make directory inode spreading reflect flexbg size xfs: fix use-after-free when aborting corrupt attr inactivation xfs: fix an ABBA deadlock in xfs_rename xfs: don't commit sunit/swidth updates to disk if that would cause repair failures xfs: split the sunit parameter update into two parts xfs: refactor agfl length computation function xfs: use bitops interface for buf log item AIL flag check xfs: stabilize insert range start boundary to avoid COW writeback race xfs: fix some memory leaks in log recovery xfs: always log corruption errors xfs: constify the buffer pointer arguments to error functions xfs: convert EIO to EFSCORRUPTED when log contents are invalid xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename() xfs: attach dquots and reserve quota blocks during unwritten conversion xfs: range check ri_cnt when recovering log items xfs: add missing assert in xfs_fsmap_owner_from_rmap xfs: slightly tweak an assert in xfs_fs_map_blocks xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 workqueue: don't skip lockdep work dependency in cancel_work_sync() drm/rockchip: Fix return type of cdn_dp_connector_mode_valid drm/amd/display: Limit user regamma to a valid value drm/amdgpu: use dirty framebuffer helper Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region cifs: always initialize struct msghdr smb_msg completely usb: xhci-mtk: fix issue of out-of-bounds array access s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting serial: Create uart_xmit_advance() net: sched: fix possible refcount leak in tc_new_tfilter() net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD perf kcore_copy: Do not check /proc/modules is unchanged perf jit: Include program header in ELF files can: gs_usb: gs_can_open(): fix race dev->can.state condition netfilter: ebtables: fix memory leak when blob is malformed net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs net/sched: taprio: avoid disabling offload when it was never enabled of: mdio: Add of_node_put() when breaking out of for_each_xx i40e: Fix set max_tx_rate when it is lower than 1 Mbps i40e: Fix VF set max MTU size iavf: Fix set max MTU size with port VLAN and jumbo frames iavf: Fix bad page state MIPS: Loongson32: Fix PHY-mode being left unspecified MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko net: team: Unsync device addresses on ndo_stop ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header iavf: Fix cached head and tail value for iavf_get_tx_pending netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() netfilter: nf_conntrack_irc: Tighten matching on DCC message netfilter: nf_conntrack_sip: fix ct_sip_walk_headers arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob mm/slub: fix to return errno if kmalloc() fails efi: libstub: check Shim mode using MokSBStateRT ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop ALSA: hda/realtek: Add quirk for ASUS GA503R laptop ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack ALSA: hda/realtek: Re-arrange quirk table entries ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 ALSA: hda: add Intel 5 Series / 3400 PCI DID ALSA: hda/tegra: set depop delay for tegra USB: serial: option: add Quectel RM520N USB: serial: option: add Quectel BG95 0x0203 composition USB: core: Fix RST error in hub.c Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" Revert "usb: add quirks for Lenovo OneLink+ Dock" usb: cdns3: fix issue with rearming ISO OUT endpoint usb: gadget: udc-xilinx: replace memcpy with memcpy_toio usb: add quirks for Lenovo OneLink+ Dock tty: serial: atmel: Preserve previous USART mode if RS485 disabled serial: atmel: remove redundant assignment in rs485_config tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data wifi: mac80211: Fix UAF in ieee80211_scan_rx() usb: xhci-mtk: relax TT periodic bandwidth allocation usb: xhci-mtk: allow multiple Start-Split in a microframe usb: xhci-mtk: add some schedule error number usb: xhci-mtk: add a function to (un)load bandwidth info usb: xhci-mtk: use @sch_tt to check whether need do TT schedule usb: xhci-mtk: add only one extra CS for FS/LS INTR usb: xhci-mtk: get the microframe boundary for ESIT usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup() usb: dwc3: gadget: Refactor pullup() usb: dwc3: gadget: Prevent repeat pullup() usb: dwc3: Issue core soft reset before enabling run/stop usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind ALSA: hda/sigmatel: Fix unused variable warning for beep power change cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write mksysmap: Fix the mismatch of 'L0' symbols in System.map MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked net: usb: qmi_wwan: add Quectel RM520N ALSA: hda/tegra: Align BDL entry to 4KB boundary ALSA: hda/sigmatel: Keep power up while beep is enabled rxrpc: Fix calc of resend age rxrpc: Fix local destruction being repeated regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() ASoC: nau8824: Fix semaphore unbalance at error paths iomap: iomap that extends beyond EOF should be marked dirty MAINTAINERS: add Chandan as xfs maintainer for 5.4.y cifs: don't send down the destination address to sendmsg for a SOCK_STREAM cifs: revalidate mapping when doing direct writes tracing: hold caller_addr to hardirq_{enable,disable}_ip task_stack, x86/cea: Force-inline stack helpers ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() drm/meson: Fix OSD1 RGB to YCbCr coefficient drm/meson: Correct OSD1 global alpha value gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 of: fdt: fix off-by-one error in unflatten_dt_nodes() Revert "USB: core: Prevent nested device-reset calls" Revert "io_uring: disable polling pollfree files" Revert "netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y" Revert "sched/deadline: Fix priority inheritance with multiple scheduling classes" Revert "kernel/sched: Remove dl_boosted flag comment" Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Linux 5.4.214 tracefs: Only clobber mode/uid/gid on remount if asked soc: fsl: select FSL_GUTS driver for DPIO net: dp83822: disable rx error interrupt mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes perf/arm_pmu_platform: fix tests for platform_get_irq() failure nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() Input: iforce - add support for Boeder Force Feedback Wheel ieee802154: cc2520: add rc code in cc2520_tx() tg3: Disable tg3 device on system reboot to avoid triggering AER hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo drm/msm/rd: Fix FIFO-full deadlock Linux 5.4.213 MIPS: loongson32: ls1c: Fix hang during startup x86/nospec: Fix i386 RSB stuffing sch_sfb: Also store skb len before calling child enqueue tcp: fix early ETIMEDOUT after spurious non-SACK RTO nvme-tcp: fix UAF when detecting digest errors RDMA/mlx5: Set local port to one when accessing counters ipv6: sr: fix out-of-bounds read when setting HMAC data. RDMA/siw: Pass a pointer to virt_to_page() i40e: Fix kernel crash during module removal tipc: fix shift wrapping bug in map_get() sch_sfb: Don't assume the skb is still around after enqueueing to child afs: Use the operation issue time instead of the reply time for callbacks rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() netfilter: nf_conntrack_irc: Fix forged IP logic netfilter: br_netfilter: Drop dst references before setting. RDMA/hns: Fix supported page size soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs RDMA/cma: Fix arguments order in net device validation regulator: core: Clean up on enable failure ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node smb3: missing inode locks in punch hole cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree cgroup: Optimize single thread migration scsi: lpfc: Add missing destroy_workqueue() in error path scsi: mpt3sas: Fix use-after-free warning nvmet: fix a use-after-free debugfs: add debugfs_lookup_and_remove() kprobes: Prohibit probes in gate area ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() drm/radeon: add a force flush to delay work when radeon drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. drm/gem: Fix GEM handle release errors scsi: megaraid_sas: Fix double kfree() USB: serial: ch341: fix disabled rx timer on older devices USB: serial: ch341: fix lost character on LCR updates usb: dwc3: disable USB core PHY management usb: dwc3: fix PHY disable sequence btrfs: harden identification of a stale device drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk ALSA: seq: Fix data-race at module auto-loading ALSA: seq: oss: Fix data-race for max_midi_devs access net: mac802154: Fix a condition in the receive path ip: fix triggering of 'icmp redirect' wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected driver core: Don't probe devices after bus_type.match() probe deferral usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS USB: core: Prevent nested device-reset calls s390: fix nospec table alignments s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages usb-storage: Add ignore-residue quirk for NXP PN7462AU USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb: dwc2: fix wrong order of phy_power_on and phy_init usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for OPPO R11 diag port USB: serial: cp210x: add Decagon UCA device id xhci: Add grace period after xHC start to prevent premature runtime suspend. thunderbolt: Use the actual buffer in tb_async_error() gpio: pca953x: Add mutex_lock for regcache sync in PM hwmon: (gpio-fan) Fix array out of bounds access clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate Input: rk805-pwrkey - fix module autoloading clk: core: Fix runtime PM sequence in clk_core_unprepare() Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup binder: fix UAF of ref->proc caused by race condition USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id misc: fastrpc: fix memory corruption on open misc: fastrpc: fix memory corruption on probe iio: adc: mcp3911: use correct formula for AD conversion Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete vt: Clear selection before changing the font powerpc: align syscall table for ppc32 staging: rtl8712: fix use after free bugs serial: fsl_lpuart: RS485 RTS polariy is inverse net/smc: Remove redundant refcount increase Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" tcp: annotate data-race around challenge_timestamp sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb kcm: fix strp_init() order and cleanup ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler net: sched: tbf: don't call qdisc_put() while holding tree lock Revert "xhci: turn off port power in shutdown" wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() ieee802154/adf7242: defer destroy_workqueue call iio: adc: mcp3911: make use of the sign bit platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg drm/msm/dsi: fix the inconsistent indenting net: dp83822: disable false carrier interrupt Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" fs: only do a memory barrier for the first set_buffer_uptodate() net: mvpp2: debugfs: fix memory leak when using debugfs_lookup() wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() efi: capsule-loader: Fix use-after-free in efi_capsule_write Linux 5.4.212 net: neigh: don't call kfree_skb() under spin_lock_irqsave() net/af_packet: check len when min_header_len equals to 0 io_uring: disable polling pollfree files kprobes: don't call disarm_kprobe() for disabled kprobes lib/vdso: Mark do_hres() and do_coarse() as __always_inline lib/vdso: Let do_coarse() return 0 to simplify the callsite btrfs: tree-checker: check for overlapping extent items netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y drm/amd/display: Fix pixel clock programming s390/hypfs: avoid error message under KVM neigh: fix possible DoS due to net iface start/stop loop drm/amd/display: clear optc underflow before turn off odm clock drm/amd/display: Avoid MPC infinite loop btrfs: unify lookup return value when dir entry is missing btrfs: do not pin logs too early during renames btrfs: introduce btrfs_lookup_match_dir mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse bpf: Don't redirect packets with invalid pkt_len ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead fbdev: fb_pm2fb: Avoid potential divide by zero error HID: hidraw: fix memory leak in hidraw_release() media: pvrusb2: fix memory leak in pvr_probe udmabuf: Set the DMA mask for the udmabuf device (v2) HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Bluetooth: L2CAP: Fix build errors in some archs kbuild: Fix include path in scripts/Makefile.modpost x86/bugs: Add "unknown" reporting for MMIO Stale Data s390/mm: do not trigger write fault when vma does not allow VM_WRITE mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU md: call __md_stop_writes in md_stop mm/hugetlb: fix hugetlb not supporting softdirty tracking ACPI: processor: Remove freq Qos request for all CPUs s390: fix double free of GS and RI CBs on fork() failure asm-generic: sections: refactor memory_intersects loop: Check for overflow while configuring loop x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry btrfs: check if root is readonly while setting security xattr btrfs: add info when mount fails due to stale replace target btrfs: replace: drop assert for suspended replace btrfs: fix silent failure when deleting root reference ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter net: Fix a data-race around sysctl_somaxconn. net: Fix a data-race around netdev_budget_usecs. net: Fix a data-race around netdev_budget. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_tstamp_allow_data. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around netdev_tstamp_prequeue. net: Fix data-races around weight_p and dev_weight_[rt]x_bias. netfilter: nft_tunnel: restrict it to netdev family netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nft_payload: report ERANGE for too long offset and length bnxt_en: fix NQ resource accounting during vf creation on 57500 chips netfilter: ebtables: reject blobs that don't provide all entry points net: ipvtap - add __init/__exit annotations to module init/exit funcs bonding: 802.3ad: fix no transmission of LACPDUs net: moxa: get rid of asymmetry in DMA mapping/unmapping net/mlx5e: Properly disable vlan strip on non-UL reps rose: check NULL rose_loopback_neigh->loopback SUNRPC: RPC level errors should set task->tk_rpc_status af_key: Do not call xfrm_probe_algs in parallel xfrm: fix refcount leak in __xfrm_policy_check() kernel/sched: Remove dl_boosted flag comment sched/deadline: Fix priority inheritance with multiple scheduling classes sched/deadline: Fix stale throttling on de-/boosted tasks sched/deadline: Unthrottle PI boosted threads while enqueuing pinctrl: amd: Don't save/restore interrupt status and wake status bits Revert "selftests/bpf: Fix test_align verifier log patterns" Revert "selftests/bpf: Fix "dubious pointer arithmetic" test" usb: cdns3: Fix issue for clear halt endpoint kernel/sys_ni: add compat entry for fadvise64_64 parisc: Fix exception handler for fldw and fstw instructions audit: fix potential double free on error path from fsnotify_add_inode_mark Revert "USB: HCD: Fix URB giveback issue in tasklet function" Linux 5.4.211 btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() btrfs: only write the sectors in the vertical stripe which has data stripes can: j1939: j1939_session_destroy(): fix memory leak of skbs can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() tracing/probes: Have kprobes and uprobes use $COMM too MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 video: fbdev: i740fb: Check the argument of i740_calc_vclk() powerpc/64: Init jump labels before parse_early_param() smb3: check xattr value length earlier f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() ALSA: timer: Use deferred fasync helper ALSA: core: Add async signal helpers powerpc/32: Don't always pass -mcpu=powerpc to the compiler watchdog: export lockup_detector_reconfigure RISC-V: Add fast call path of crash_kexec() riscv: mmap with PROT_WRITE but no PROT_READ is invalid mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start vfio: Clear the caps->buf to NULL after free tty: serial: Fix refcount leak bug in ucc_uart.c lib/list_debug.c: Detect uninitialized lists ext4: avoid resizing to a partial cluster size ext4: avoid remove directory when directory is corrupted drivers:md:fix a potential use-after-free bug nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed selftests/kprobe: Do not test for GRP/ without event failures um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups PCI/ACPI: Guard ARM64-specific mcfg_quirks cxl: Fix a memory leak in an error handling path gadgetfs: ep_io - wait until IRQ finishes scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input clk: qcom: ipq8074: dont disable gcc_sleep_clk_src vboxguest: Do not use devm for irq usb: renesas: Fix refcount leak bug usb: host: ohci-ppc-of: Fix refcount leak bug drm/meson: Fix overflow implicit truncation warnings irqchip/tegra: Fix overflow implicit truncation warnings usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info usb: cdns3 fix use-after-free at workaround 2 PCI: Add ACS quirk for Broadcom BCM5750x NICs drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() locking/atomic: Make test_and_*_bit() ordered on failure gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file igb: Add lock to avoid data race fec: Fix timer capture timing in `fec_ptp_enable_pps()` i40e: Fix to stop tx_timeout recovery if GLOBR fails ice: Ignore EEXIST when setting promisc mode net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry net: moxa: pass pdev instead of ndev to DMA functions net: dsa: mv88e6060: prevent crash on an unused port powerpc/pci: Fix get_phb_number() locking netfilter: nf_tables: really skip inactive sets when allocating name clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks iavf: Fix adminq error handling nios2: add force_successful_syscall_return() nios2: restarts apply only to the first sigframe we build... nios2: fix syscall restart checks nios2: traced syscall does need to check the syscall number nios2: don't leave NULLs in sys_call_table[] nios2: page fault et.al. are *not* restartable syscalls... tee: add overflow check in register_shm_helper() dpaa2-eth: trace the allocated address instead of page struct atm: idt77252: fix use-after-free bugs caused by tst_timer xen/xenbus: fix return type in xenbus_file_read() nfp: ethtool: fix the display error of `ethtool -m DEVNAME` NTB: ntb_tool: uninitialized heap data in tool_fn_write() tools build: Switch to new openssl API for test-libcrypto tools/vm/slabinfo: use alphabetic order when two values are equal dt-bindings: arm: qcom: fix MSM8916 MTP compatibles vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() vsock: Fix memory leak in vsock_connect() plip: avoid rcu debug splat geneve: do not use RT_TOS for IPv6 flowlabel ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool pinctrl: sunxi: Add I/O bias setting for H6 R-PIO pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map net: bgmac: Fix a BUG triggered by wrong bytes_compl devlink: Fix use-after-free after a failed reload SUNRPC: Reinitialise the backchannel request buffers before reuse sunrpc: fix expiry of auth creds can: mcp251x: Fix race condition on receive interrupt NFSv4/pnfs: Fix a use-after-free bug in open NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4: Fix races in the legacy idmapper upcall NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly NFSv4.1: Don't decrease the value of seq_nr_highest_sent Documentation: ACPI: EINJ: Fix obsolete example apparmor: Fix memleak in aa_simple_write_to_buffer() apparmor: fix reference count leak in aa_pivotroot() apparmor: fix overlapping attachment computation apparmor: fix aa_label_asxprint return check apparmor: Fix failed mount permission check error message apparmor: fix absroot causing audited secids to begin with = apparmor: fix quiet_denied for file rules can: ems_usb: fix clang's -Wunaligned-access warning tracing: Have filter accept "common_cpu" to be consistent btrfs: fix lost error handling when looking up extended ref on log replay mmc: pxamci: Fix an error handling path in pxamci_probe() mmc: pxamci: Fix another error handling path in pxamci_probe() ata: libata-eh: Add missing command name rds: add missing barrier to release_refill ALSA: info: Fix llseek return value when using callback net_sched: cls_route: disallow handle of 0 net/9p: Initialize the iounit field during fid creation Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" scsi: sg: Allow waiting for commands to complete on removed device tcp: fix over estimation in sk_forced_mem_schedule() KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: Add infrastructure and macro to mark VM as bugged btrfs: reject log replay if there is unsupported RO compat flag net_sched: cls_route: remove from list when handle is 0 iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails timekeeping: contribute wall clock to rng on time change ACPI: CPPC: Do not prevent CPPC from working in the future dm writecache: set a default MAX_WRITEBACK_JOBS dm thin: fix use-after-free crash in dm_sm_register_threshold_callback dm raid: fix address sanitizer warning in raid_status dm raid: fix address sanitizer warning in raid_resume intel_th: pci: Add Meteor Lake-P support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Raptor Lake-S CPU support ext4: correct the misjudgment in ext4_iget_extra_inode ext4: correct max_inline_xattr_value_size computing ext4: fix extent status tree race in writeback error recovery path ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix use-after-free in ext4_xattr_set_entry ext4: make sure ext4_append() always allocates new block ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h btrfs: reset block group chunk force if we have to wait tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification spmi: trace: fix stack-out-of-bound access in SPMI tracing functions x86/olpc: fix 'logical not is only applied to the left hand side' scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection scsi: qla2xxx: Turn off multi-queue for 8G adapters scsi: qla2xxx: Fix discovery issues in FC-AL topology scsi: zfcp: Fix missing auto port scan and thus missing target ports video: fbdev: s3fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: vt8623fb: Check the size of screen before memset_io() tools/thermal: Fix possible path truncations video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() x86/numa: Use cpumask_available instead of hardcoded NULL check scripts/faddr2line: Fix vmlinux detection on arm64 genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO powerpc/pci: Fix PHB numbering when using opal-phbid kprobes: Forbid probing on trampoline and BPF code areas perf symbol: Fail to read phdr workaround powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 video: fbdev: sis: fix typos in SiS_GetModeID() video: fbdev: amba-clcd: Fix refcount leak bugs watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() ASoC: audio-graph-card: Add of_node_put() in fail path fuse: Remove the control interface for virtio-fs ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() s390/zcore: fix race when reading from hardware system area iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop mfd: max77620: Fix refcount leak in max77620_initialise_fps mfd: t7l66xb: Drop platform disable callback kfifo: fix kfifo_to_user() return type rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge iommu/exynos: Handle failed IOMMU device registration properly tty: n_gsm: fix missing corner cases in gsmld_poll() tty: n_gsm: fix DM command tty: n_gsm: fix wrong T1 retry count handling vfio/ccw: Do not change FSM state in subchannel event remoteproc: qcom: wcnss: Fix handling of IRQs tty: n_gsm: fix race condition in gsmld_write() tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix non flow control frames during mux flow off profiling: fix shift too large makes kernel panic ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe opp: Fix error check in dev_pm_opp_attach_genpd() jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted ext4: recover csum seed of tmp_inode after migrating to extents jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() null_blk: fix ida error handling in null_add_dev() RDMA/rxe: Fix error unwind in rxe_create_qp() mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region platform/olpc: Fix uninitialized data in debugfs write USB: serial: fix tty-port initialized comments PCI: tegra194: Fix link up retry sequence PCI: tegra194: Fix Root Port interrupt handling HID: alps: Declare U1_UNICORN_LEGACY support mmc: cavium-thunderx: Add of_node_put() when breaking out of loop mmc: cavium-octeon: Add of_node_put() when breaking out of loop gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() RDMA/hfi1: fix potential memory leak in setup_base_ctxt() RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event RDMA/hns: Fix incorrect clearing of interrupt status register usb: gadget: udc: amd5536 depends on HAS_DMA scsi: smartpqi: Fix DMA direction for RAID requests mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R memstick/ms_block: Fix a memory leak memstick/ms_block: Fix some incorrect memory allocation mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback intel_th: msu: Fix vmalloced buffers intel_th: msu-sink: Potential dereference of null pointer intel_th: Fix a resource leak in an error handling path soundwire: bus_type: fix remove and shutdown support clk: qcom: camcc-sdm845: Fix topology around titan_top power domain clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks clk: qcom: ipq8074: fix NSS port frequency tables usb: host: xhci: use snprintf() in xhci_decode_trb() clk: qcom: clk-krait: unlock spin after mux completion driver core: fix potential deadlock in __driver_attach misc: rtsx: Fix an error handling path in rtsx_pci_probe() clk: mediatek: reset: Fix written reset bit offset usb: xhci: tegra: Fix error check usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe fpga: altera-pr-ip: fix unsigned comparison with less than zero mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path mtd: partitions: Fix refcount leak in parse_redboot_of mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: rawnand: meson: Fix a potential double free issue mtd: maps: Fix refcount leak in ap_flash_init mtd: maps: Fix refcount leak in of_flash_probe_versatile clk: renesas: r9a06g032: Fix UART clkgrp bitsel dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock net: rose: fix netdev reference changes netdevsim: Avoid allocation warnings triggered from user space iavf: Fix max_rate limiting crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS wifi: libertas: Fix possible refcount leak in if_usb_probe() wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` i2c: mux-gpmux: Add of_node_put() when breaking out of loop i2c: cadence: Support PEC for SMBus block read Bluetooth: hci_intel: Add check for platform_driver_register can: pch_can: pch_can_error(): initialize errc before using it can: error: specify the values of data[5..7] of CAN error frames can: usb_8dev: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: pch_can: do not report txerr and rxerr during bus-off selftests/bpf: fix a test for snprintf() overflow wifi: p54: add missing parentheses in p54_flush() wifi: p54: Fix an error handling path in p54spi_probe() wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() fs: check FMODE_LSEEK to control internal pipe splicing selftests: timers: clocksource-switch: fix passing errors from child selftests: timers: valid-adjtimex: build fix for newer toolchains libbpf: Fix the name of a reused map tcp: make retransmitted SKB fit into the send window drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq drm/msm/mdp5: Fix global state lock backoff drm: bridge: sii8620: fix possible off-by-one drm/mediatek: dpi: Only enable dpi after the bridge is enabled drm/mediatek: dpi: Remove output format of YUV drm/rockchip: Fix an error handling path rockchip_dp_probe() drm/rockchip: vop: Don't crash for invalid duplicate_state() crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE drm/vc4: dsi: Correct DSI divider calculations drm/vc4: plane: Fix margin calculations for the right/bottom edges drm/vc4: plane: Remove subpixel positioning check media: hdpvr: fix error value returns in hdpvr_read drm/mcde: Fix refcount leak in mcde_dsi_bind drm: bridge: adv7511: Add check for mipi_dsi_driver_register wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() ath9k: fix use-after-free in ath9k_hif_usb_rx_cb media: tw686x: Register the irq at the end of probe i2c: Fix a potential use after free drm: adv7511: override i2c address of cec before accessing it drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() drm/mipi-dbi: align max_chunk to 2 in spi_transfer wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() ath10k: do not enforce interrupt trigger type dm: return early from dm_pr_call() if DM device is suspended thermal/tools/tmon: Include pthread and time headers in tmon.h nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() regulator: of: Fix refcount leak bug in of_get_regulation_constraints() blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created erofs: avoid consecutive detection for Highmem memory arm64: dts: mt7622: fix BPI-R64 WPS button bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() ARM: dts: qcom: pm8841: add required thermal-sensor-cells soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register cpufreq: zynq: Fix refcount leak in zynq_get_revision ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init ARM: OMAP2+: Fix refcount leak in omapdss_init_of ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg soc: fsl: guts: machine variable might be unset ARM: dts: ast2600-evb: fix board compatible ARM: dts: ast2500-evb: fix board compatible x86/pmem: Fix platform-device leak in error path ARM: bcm: Fix refcount leak in bcm_kona_smc_init meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: findbit: fix overflowing offset spi: spi-rspi: Fix PIO fallback on RZ platforms selinux: Add boundary check in put_entry() PM: hibernate: defer device probing when resuming from hibernation ARM: shmobile: rcar-gen2: Increase refcount for new reference arm64: dts: allwinner: a64: orangepi-win: Fix LED node name arm64: dts: qcom: ipq8074: fix NAND node name ACPI: LPSS: Fix missing check in register_device_clock() ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ARM: OMAP2+: display: Fix refcount leak bug spi: synquacer: Add missing clk_disable_unprepare() ARM: dts: imx6ul: fix qspi node compatible ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: fix csi node compatible ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: add missing properties for sram wait: Fix __wait_event_hrtimeout for RT/DL tasks genirq: Don't return error on missing optional irq_request_resources() ext2: Add more validity checks for inode counts arm64: fix oops in concurrently setting insn_emulation sysctls arm64: Do not forget syscall when starting a new thread. x86: Handle idle=nomwait cmdline properly for x86_idle epoll: autoremove wakers even more aggressively netfilter: nf_tables: fix null deref due to zeroed list head netfilter: nf_tables: do not allow RULE_ID to refer to another chain netfilter: nf_tables: do not allow SET_ID to refer to another table arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC USB: HCD: Fix URB giveback issue in tasklet function coresight: Clear the connection field properly MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK powerpc/powernv: Avoid crashing if rng is NULL powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E powerpc/fsl-pci: Fix Class Code of PCIe Root Port PCI: Add defines for normal and subtractive PCI bridges ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() md-raid10: fix KASAN warning serial: mvebu-uart: uart2 error bits clearing fuse: limit nsec iio: light: isl29028: Fix the warning in isl29028_remove() drm/amdgpu: Check BO's requested pinning domains against its preferred_domains drm/nouveau: fix another off-by-one in nvbios_addr drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode parisc: Fix device names in /proc/iomem ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() usbnet: Fix linkwatch use-after-free on disconnect fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters thermal: sysfs: Fix cooling_device_stats_setup() error code path fs: Add missing umask strip in vfs_tmpfile vfs: Check the truncate maximum size in inode_newsize_ok() tty: vt: initialize unicode screen buffer ALSA: hda/realtek: Add quirk for another Asus K42JZ model ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model mm/mremap: hold the rmap lock in write mode when moving page table entries. KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case HID: wacom: Don't register pad_input for touch switch HID: wacom: Only report rotation for art pen add barriers to buffer_uptodate and set_buffer_uptodate wifi: mac80211_hwsim: use 32-bit skb cookie wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: fix race condition in pending packet igc: Remove _I_PHY_ID checking ALSA: bcd2000: Fix a UAF bug on the error path of probing scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments Makefile: link with -z noexecstack --no-warn-rwx-segments Conflicts: Documentation/devicetree/bindings/arm/qcom.yaml Documentation/devicetree/bindings~HEAD arch/x86/boot/compressed/Makefile drivers/mmc/core/sd.c drivers/rpmsg/qcom_glink_native.c drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c drivers/usb/typec/ucsi/ucsi.c net/core/dev.c net/netfilter/nf_conntrack_irc.c Change-Id: I796398110bc61fa6a8bb94f7ef41b9209683dbf7 |
||
|
Greg Kroah-Hartman
|
d3df1dbcb2 |
Merge branch 'android11-5.4' into branch 'android11-5.4-lts'
Sync up with android11-5.4 for the following commits: |
||
|
Greg Kroah-Hartman
|
4338018da7 |
Merge tag 'android11-5.4.219_r00' into android11-5.4
This is the merge of the upstream LTS release of 5.4.219 into the android11-5.4 branch. It contains the following commits: |
||
Christian Göttsche
|
2119237920 |
UPSTREAM: selinux: check return value of sel_make_avc_files
sel_make_avc_files() might fail and return a negative errno value on
memory allocation failures. Re-add the check of the return value,
dropped in 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table").
Reported by clang-analyzer:
security/selinux/selinuxfs.c:2129:2: warning: Value stored to
'ret' is never read [deadcode.DeadStores]
ret = sel_make_avc_files(dentry);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
Bug: 254441685
Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
[PM: description line wrapping, added proper commit ref]
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit bcb62828e3e8c813b6613db6eb7fd9657db248fc)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Id75241f6c1c3b501bda6160cee9be1a9c3b83fd3
|
||
|
Greg Kroah-Hartman
|
0bd6dcc07a |
This is the 5.4.224 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmNtLZoACgkQONu9yGCS aT5VuQ/8CBRf5xVvPfDAGCXjoksCQWaVvSp4bs8UBRO7OM2bbzLOXgNR/aTXBYXS MmrHn/9vCy1EM/+MvsCF9BB7SBu5DN28/X18H/KvhNBXdSggYYSYiaHDsaU8YS89 PKCQouG9q5qNzMbiVx9ullBUQXNov3PMFs6La0AbRjiSuDnaQhwbhliZmbMWo+Wx YdxqT0PNrPdZsXA4aP6DZP1tHQ7rKt7BFZdDE2UhmMCkrycw3f4bm5nLyOIJgkCq JcnJu7mPbhGxwTVqBEBPH31cH+vC4TxMuRIgm7gmuTcIp883C2rhzYMfNK2aP8j6 5VdG+WZmlqkWJ7ipPGaMgT2el/+40Fy/TlAg+kdUQ7MDT9aLZM9ecv+q7o+qV8qn RxbkqBEUh3byJyx5hR6fmP+6QxF3x7X89QyAmQJ6+2thDhZtrZdM4cGk8AbK534u Pfv0Biu59u1rBHAcY2gFwtUMhPYQYK65liefeQoBFgc83ZQbPYOs3pk3gjPmOyy5 ce2JeyRIqWU9qN3/pxCDO8gVD7uUtMC/ut5fM2IPoatoGBmvpg0iFZLa+TF0PdVe U7+v6uakW86sWYzHdNLMXIaghzO3i04BVokOKoFHjP8WQeOaYBk5uUOP/qWS+Dke cSOhayYj7UALVAQww34mAWlPFN6l5sfW2GszN9a2GcfT1sLphDY= =bOv2 -----END PGP SIGNATURE----- Merge 5.4.224 into android11-5.4-lts Changes in 5.4.224 RDMA/cma: Use output interface for net_dev check IB/hfi1: Correctly move list in sc_disable() NFSv4.1: Handle RECLAIM_COMPLETE trunking errors NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot nfs4: Fix kmemleak when allocate slot failed net: dsa: Fix possible memory leaks in dsa_loop_init() RDMA/core: Fix null-ptr-deref in ib_core_cleanup() RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() net: fec: fix improper use of NETDEV_TX_BUSY ata: pata_legacy: fix pdc20230_set_piomode() net: sched: Fix use after free in red_enqueue() net: tun: fix bugs for oversize packet when napi frags enabled netfilter: nf_tables: release flow rule object from commit path ipvs: use explicitly signed chars ipvs: fix WARNING in __ip_vs_cleanup_batch() ipvs: fix WARNING in ip_vs_app_net_cleanup() rose: Fix NULL pointer dereference in rose_send_frame() mISDN: fix possible memory leak in mISDN_register_device() isdn: mISDN: netjet: fix wrong check of device registration btrfs: fix inode list leak during backref walking at resolve_indirect_refs() btrfs: fix inode list leak during backref walking at find_parent_nodes() btrfs: fix ulist leaks in error paths of qgroup self tests Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() net: mdio: fix undefined behavior in bit shift for __mdiobus_register net, neigh: Fix null-ptr-deref in neigh_table_clear() ipv6: fix WARNING in ip6_route_net_exit_late() media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE media: dvb-frontends/drxk: initialize err to 0 media: meson: vdec: fix possible refcount leak in vdec_probe() scsi: core: Restrict legal sdev_state transitions via sysfs HID: saitek: add madcatz variant of MMO7 mouse device ID i2c: xiic: Add platform module alias xfs: don't fail verifier on empty attr3 leaf block xfs: use ordered buffers to initialize dquot buffers during quotacheck xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() xfs: group quota should return EDQUOT when prj quota enabled xfs: don't fail unwritten extent conversion on writeback due to edquot xfs: Add the missed xfs_perag_put() for xfs_ifree_cluster() Bluetooth: L2CAP: Fix attempting to access uninitialized memory block, bfq: protect 'bfqd->queued' by 'bfqd->lock' tcp/udp: Fix memory leak in ipv6_renew_options(). memcg: enable accounting of ipc resources binder: fix UAF of alloc->vma in race with munmap() btrfs: fix type of parameter generation in btrfs_get_dentry tcp/udp: Make early_demux back namespacified. kprobe: reverse kp->flags when arm_kprobe failed tools/nolibc/string: Fix memcmp() implementation tracing/histogram: Update document for KEYS_MAX size capabilities: fix potential memleak on error path from vfs_getxattr_alloc() fuse: add file_modified() to fallocate efi: random: reduce seed size to 32 bytes perf/x86/intel: Fix pebs event constraints for ICL perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices parisc: Make 8250_gsc driver dependend on CONFIG_PARISC parisc: Export iosapic_serial_irq() symbol for serial port driver parisc: Avoid printing the hardware path twice ext4: fix warning in 'ext4_da_release_space' ext4: fix BUG_ON() when directory entry has invalid rec_len KVM: x86: Mask off reserved bits in CPUID.8000001AH KVM: x86: Mask off reserved bits in CPUID.80000008H KVM: x86: emulator: em_sysexit should update ctxt->mode KVM: x86: emulator: introduce emulator_recalc_and_set_mode KVM: x86: emulator: update the emulation mode after CR0 write mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times drm/rockchip: dsi: Force synchronous probe drm/i915/sdvo: Filter out invalid outputs more sensibly drm/i915/sdvo: Setup DDC fully before output init wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() ipc: remove memcg accounting for sops objects in do_semtimedop() Linux 5.4.224 Change-Id: I4620eca3873c24ff6e810a762a0977bae99dcaeb Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Gaosheng Cui
|
0c3e6288da |
capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
commit 8cf0a1bc12870d148ae830a4ba88cfdf0e879cee upstream.
In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to
complete the memory allocation of tmpbuf, if we have completed
the memory allocation of tmpbuf, but failed to call handler->get(...),
there will be a memleak in below logic:
|-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)
| /* ^^^ alloc for tmpbuf */
|-- value = krealloc(*xattr_value, error + 1, flags)
| /* ^^^ alloc memory */
|-- error = handler->get(handler, ...)
| /* error! */
|-- *xattr_value = value
| /* xattr_value is &tmpbuf (memory leak!) */
So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Michael Bestas
|
9c70abfc5e
|
Merge tag 'ASB-2022-11-01_11-5.4' of https://android.googlesource.com/kernel/common into android13-5.4-lahaina
https://source.android.com/docs/security/bulletin/2022-11-01 * tag 'ASB-2022-11-01_11-5.4' of https://android.googlesource.com/kernel/common: UPSTREAM: mm/mremap: hold the rmap lock in write mode when moving page table entries. FROMLIST: binder: fix UAF of alloc->vma in race with munmap() UPSTREAM: mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() UPSTREAM: mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() UPSTREAM: af_key: Do not call xfrm_probe_algs in parallel UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements UPSTREAM: wifi: cfg80211: ensure length byte is present before access UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption UPSTREAM: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON UPSTREAM: mac80211: mlme: find auth challenge directly UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO UPSTREAM: hardening: Clarify Kconfig text for auto-var-init ANDROID: GKI: Update FCNT KMI symbol list ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS BACKPORT: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report ANDROID: ABI: Update allowed list for QCOM UPSTREAM: wifi: mac80211_hwsim: use 32-bit skb cookie UPSTREAM: wifi: mac80211_hwsim: add back erroneously removed cast UPSTREAM: wifi: mac80211_hwsim: fix race condition in pending packet ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr Linux 5.4.210 x86/speculation: Add LFENCE to RSB fill sequence x86/speculation: Add RSB VM Exit protections macintosh/adb: fix oob read in do_adb_query() function media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls selftests: KVM: Handle compiler optimizations in ucall KVM: Don't null dereference ops->destroy selftests/bpf: Fix "dubious pointer arithmetic" test selftests/bpf: Fix test_align verifier log patterns bpf: Test_verifier, #70 error message updates for 32-bit right shift selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() ACPI: APEI: Better fix to avoid spamming the console with old error logs ACPI: video: Shortening quirk list by identifying Clevo by board_name only ACPI: video: Force backlight native for some TongFang devices thermal: Fix NULL pointer dereferences in of_thermal_ functions ANDROID: GKI: db845c: Update symbols list and ABI Linux 5.4.209 scsi: core: Fix race between handling STS_RESOURCE and completion mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. ARM: crypto: comment out gcc warning that breaks clang builds sctp: leave the err path free in sctp_stream_init to sctp_stream_free sfc: disable softirqs for ptp TX perf symbol: Correct address for bss symbols virtio-net: fix the race between refill work and close netfilter: nf_queue: do not allow packet truncation below transport header offset sctp: fix sleep in atomic context bug in timer handlers i40e: Fix interface init with MSI interrupts (no MSI-X) tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. Documentation: fix sctp_wmem in ip-sysctl.rst tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. tcp: Fix a data-race around sysctl_tcp_autocorking. tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. tcp: Fix a data-race around sysctl_tcp_min_tso_segs. net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() igmp: Fix data-races around sysctl_igmp_qrv. ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr net: ping6: Fix memleak in ipv6_renew_options(). tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. scsi: ufs: host: Hold reference returned by of_parse_phandle() ice: do not setup vlan for loopback VSI ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) tcp: Fix a data-race around sysctl_tcp_nometrics_save. tcp: Fix a data-race around sysctl_tcp_frto. tcp: Fix a data-race around sysctl_tcp_adv_win_scale. tcp: Fix a data-race around sysctl_tcp_app_win. tcp: Fix data-races around sysctl_tcp_dsack. s390/archrandom: prevent CPACF trng invocations in interrupt context ntfs: fix use-after-free in ntfs_ucsncmp() Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put ANDROID: restore some removed refcount functions ANDROID: add tty_schedule_flip() back to the kernel Linux 5.4.208 x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() net: usb: ax88179_178a needs FLAG_SEND_ZLP tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: drop tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drivers/tty/, stop using tty_schedule_flip() Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks Bluetooth: SCO: Fix sco_send_frame returning skb->len Bluetooth: Fix passing NULL to PTR_ERR Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg Bluetooth: Add bt_skb_sendmmsg helper Bluetooth: Add bt_skb_sendmsg helper ALSA: memalloc: Align buffer allocations in page size bitfield.h: Fix "type of reg too small for mask" test x86/mce: Deduplicate exception handling mmap locking API: initial implementation as rwsem wrappers x86/uaccess: Implement macros for CMPXCHG on user addresses x86: get rid of small constant size cases in raw_copy_{to,from}_user() locking/refcount: Consolidate implementations of refcount_t locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions locking/refcount: Move saturation warnings out of line locking/refcount: Improve performance of generic REFCOUNT_FULL code locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the <linux/refcount.h> header locking/refcount: Remove unused refcount_*_checked() variants locking/refcount: Ensure integer operands are treated as signed locking/refcount: Define constants for saturation and max refcount values ima: remove the IMA_TEMPLATE Kconfig option dlm: fix pending remove if msg allocation fails bpf: Make sure mac_header was set before using it mm/mempolicy: fix uninit-value in mpol_rebind_policy() spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers tcp: Fix data-races around sysctl_tcp_max_reordering. tcp: Fix a data-race around sysctl_tcp_rfc1337. tcp: Fix a data-race around sysctl_tcp_stdurg. tcp: Fix a data-race around sysctl_tcp_retrans_collapse. tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. tcp: Fix data-races around sysctl_tcp_recovery. tcp: Fix a data-race around sysctl_tcp_early_retrans. tcp: Fix data-races around sysctl knobs related to SYN option. udp: Fix a data-race around sysctl_udp_l3mdev_accept. ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. be2net: Fix buffer overflow in be_get_module_eeprom gpio: pca953x: only use single read/write for No AI mode ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero i40e: Fix erroneous adapter reinitialization during recovery process iavf: Fix handling of dummy receive descriptors tcp: Fix data-races around sysctl_tcp_fastopen. tcp: Fix data-races around sysctl_max_syn_backlog. tcp: Fix a data-race around sysctl_tcp_tw_reuse. tcp: Fix a data-race around sysctl_tcp_notsent_lowat. tcp: Fix data-races around some timeout sysctl knobs. tcp: Fix data-races around sysctl_tcp_reordering. tcp: Fix data-races around sysctl_tcp_syncookies. igmp: Fix a data-race around sysctl_igmp_max_memberships. igmp: Fix data-races around sysctl_igmp_llm_reports. net/tls: Fix race in TLS device down flow net: stmmac: fix dma queue left shift overflow issue i2c: cadence: Change large transfer count reset logic to be unconditional tcp: Fix a data-race around sysctl_tcp_probe_interval. tcp: Fix a data-race around sysctl_tcp_probe_threshold. tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. tcp: Fix data-races around sysctl_tcp_min_snd_mss. tcp: Fix data-races around sysctl_tcp_base_mss. tcp: Fix data-races around sysctl_tcp_mtu_probing. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. ip: Fix a data-race around sysctl_fwmark_reflect. ip: Fix data-races around sysctl_ip_nonlocal_bind. ip: Fix data-races around sysctl_ip_fwd_use_pmtu. ip: Fix data-races around sysctl_ip_no_pmtu_disc. igc: Reinstate IGC_REMOVED logic and implement it properly perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() pinctrl: ralink: Check for null return of devm_kcalloc power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() serial: mvebu-uart: correctly report configured baudrate value PCI: hv: Fix interrupt mapping for multi-MSI PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI PCI: hv: Fix multi-MSI to allow more than one MSI vector xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE lockdown: Fix kexec lockdown bypass with ima policy mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication riscv: add as-options for modules with assembly compontents pinctrl: stm32: fix optional IRQ support to gpios Revert "cgroup: Use separate src/dst nodes when preloading css_sets for migration" Linux 5.4.207 can: m_can: m_can_tx_handler(): fix use after free of skb serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle serial: stm32: Clear prev values before setting RTS delays serial: 8250: fix return error code in serial8250_request_std_resource() tty: serial: samsung_tty: set dma burst_size to 1 usb: dwc3: gadget: Fix event pending check usb: typec: add missing uevent when partner support PD USB: serial: ftdi_sio: add Belimo device ids signal handling: don't use BUG_ON() for debugging ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 soc: ixp4xx/npe: Fix unused match warning x86: Clear .brk area at early boot irqchip: or1k-pic: Undefine mask_ack for level triggered hardware ASoC: madera: Fix event generation for rate controls ASoC: madera: Fix event generation for OUT1 demux ASoC: cs47l15: Fix event generation for low power mux control ASoC: wm5110: Fix DRE control ASoC: ops: Fix off by one in range control validation net: sfp: fix memory leak in sfp_probe() nvme: fix regression when disconnect a recovering ctrl NFC: nxp-nci: don't print header length mismatch on i2c error net: tipc: fix possible refcount leak in tipc_sk_create() platform/x86: hp-wmi: Ignore Sanitization Mode event cpufreq: pmac32-cpufreq: Fix refcount leak bug netfilter: br_netfilter: do not skip all hooks with 0 priority virtio_mmio: Restore guest page size on resume virtio_mmio: Add missing PM calls to freeze/restore mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE sfc: fix kernel panic when creating VF seg6: bpf: fix skb checksum in bpf_push_seg6_encap() seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors seg6: fix skb checksum evaluation in SRH encapsulation/insertion sfc: fix use after free when disabling sriov net: ftgmac100: Hold reference returned by of_get_child_by_name() ipv4: Fix data-races around sysctl_ip_dynaddr. raw: Fix a data-race around sysctl_raw_l3mdev_accept. icmp: Fix a data-race around sysctl_icmp_ratemask. icmp: Fix a data-race around sysctl_icmp_ratelimit. drm/i915/gt: Serialize TLB invalidates with GT resets ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero ARM: dts: at91: sama5d2: Fix typo in i2s1 node ipv4: Fix a data-race around sysctl_fib_sync_mem. icmp: Fix data-races around sysctl. cipso: Fix data-races around sysctl. net: Fix data-races around sysctl_mem. inetpeer: Fix data-races around sysctl. net: stmmac: dwc-qos: Disable split header for Tegra194 ASoC: sgtl5000: Fix noise on shutdown/remove ima: Fix a potential integer overflow in ima_appraise_measurement drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() ARM: 9210/1: Mark the FDT_FIXED sections as shareable ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count ext4: fix race condition between ext4_write and ext4_convert_inline_data sched/rt: Disable RT_RUNTIME_SHARE by default Revert "evm: Fix memleak in init_desc" nilfs2: fix incorrect masking of permission flags for symlinks drm/panfrost: Fix shrinker list corruption by madvise IOCTL cgroup: Use separate src/dst nodes when preloading css_sets for migration wifi: mac80211: fix queue selection for mesh/OCB interfaces ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction ARM: 9213/1: Print message about disabled Spectre workarounds only once ip: fix dflt addr selection for connected nexthop net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer tracing/histograms: Fix memory leak problem xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model ALSA: hda - Add fixup for Dell Latitidue E5430 Linux 5.4.206 Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting" Linux 5.4.205 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly dmaengine: pl330: Fix lockdep warning about non-static key ida: don't use BUG_ON() for debugging dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo misc: rtsx_usb: set return value in rsp_buf alloc err path misc: rtsx_usb: use separate command and response buffers misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer dmaengine: imx-sdma: Allow imx8m for imx7 FW revs i2c: cadence: Unregister the clk notifier in error path selftests: forwarding: fix error message in learning_test selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT ibmvnic: Properly dispose of all skbs during a failover. ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt ARM: at91: pm: use proper compatible for sama5d2's rtc pinctrl: sunxi: sunxi_pconf_set: use correct offset pinctrl: sunxi: a83t: Fix NAND function name for some pins ARM: meson: Fix refcount leak in meson_smp_prepare_cpus xfs: remove incorrect ASSERT in xfs_rename can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info powerpc/powernv: delay rng platform device creation until later in boot video: of_display_timing.h: include errno.h fbcon: Prevent that screen size is smaller than font size fbcon: Disallow setting font bigger than screen size fbmem: Check virtual screen sizes in fb_set_var() fbdev: fbmem: Fix logo center image dx issue iommu/vt-d: Fix PCI bus rescan device hot add net: rose: fix UAF bug caused by rose_t0timer_expiry usbnet: fix memory leak in error case can: gs_usb: gs_usb_open/close(): fix memory leak can: grcan: grcan_probe(): remove extra of_node_get() can: bcm: use call_rcu() instead of costly synchronize_rcu() mm/slub: add missing TID updates on slab deactivation esp: limit skb_page_frag_refill use to a single page Linux 5.4.204 clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() net: usb: qmi_wwan: add Telit 0x1070 composition net: usb: qmi_wwan: add Telit 0x1060 composition xen/arm: Fix race in RB-tree based P2M accounting xen/blkfront: force data bouncing when backend is untrusted xen/netfront: force data bouncing when backend is untrusted xen/netfront: fix leaking data in shared pages xen/blkfront: fix leaking data in shared pages selftests/rseq: Change type of rseq_offset to ptrdiff_t selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area selftests/rseq: Fix: work-around asm goto compiler bugs selftests/rseq: Remove arm/mips asm goto compiler work-around selftests/rseq: Fix warnings about #if checks of undefined tokens selftests/rseq: Fix ppc32 offsets by using long rather than off_t selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 selftests/rseq: Introduce thread pointer getters selftests/rseq: Introduce rseq_get_abi() helper selftests/rseq: Remove volatile from __rseq_abi selftests/rseq: Remove useless assignment to cpu variable selftests/rseq: introduce own copy of rseq uapi header selftests/rseq: remove ARRAY_SIZE define from individual tests rseq/selftests,x86_64: Add rseq_offset_deref_addv() ipv6/sit: fix ipip6_tunnel_get_prl return value sit: use min net: dsa: bcm_sf2: force pause link settings hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails xen/gntdev: Avoid blocking in unmap_grant_pages() net: tun: avoid disabling NAPI twice NFC: nxp-nci: Don't issue a zero length i2c_master_read() nfc: nfcmrvl: Fix irq_of_parse_and_map() return value net: bonding: fix use-after-free after 802.3ad slave unbind net: bonding: fix possible NULL deref in rlb code net/sched: act_api: Notify user space if any actions were flushed before error netfilter: nft_dynset: restore set element counter when failing to update s390: remove unneeded 'select BUILD_BIN2C' PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events caif_virtio: fix race between virtio_device_ready() and ndo_open() net: ipv6: unexport __init-annotated seg6_hmac_net_init() usbnet: fix memory allocation in helpers linux/dim: Fix divide by 0 in RDMA DIM RDMA/qedr: Fix reporting QP timeout attribute net: tun: stop NAPI when detaching queues net: tun: unlink NAPI from device on destruction selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test virtio-net: fix race between ndo_open() and virtio_device_ready() net: usb: ax88179_178a: Fix packet receiving net: rose: fix UAF bugs caused by timer handler SUNRPC: Fix READ_PLUS crasher s390/archrandom: simplify back to earlier design and initialize earlier dm raid: fix KASAN warning in raid5_add_disks dm raid: fix accesses beyond end of raid member array powerpc/bpf: Fix use of user_pt_regs in uapi powerpc/prom_init: Fix kernel config grep nvdimm: Fix badblocks clear off-by-one error ipv6: take care of disable_policy when restoring routes Linux 5.4.203 crypto: arm/ghash-ce - define fpu before fpu registers are referenced crypto: arm - use Kconfig based compiler checks for crypto opcodes ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler ARM: OMAP2+: drop unnecessary adrl ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand ARM: 8933/1: replace Sun/Solaris style flag on section directive crypto: arm/sha512-neon - avoid ADRL pseudo instruction crypto: arm/sha256-neon - avoid ADRL pseudo instruction ARM: 8971/1: replace the sole use of a symbol with its definition ARM: 8990/1: use VFP assembler mnemonics in register load/store macros ARM: 8989/1: use .fpu assembler directives instead of assembler arguments net: mscc: ocelot: allow unregistered IP multicast flooding kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] powerpc/ftrace: Remove ftrace init tramp once kernel init is complete drm: remove drm_fb_helper_modinit Linux 5.4.202 powerpc/pseries: wire up rng during setup_arch() kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) random: update comment from copy_to_user() -> copy_to_iter() modpost: fix section mismatch check for exported init/exit sections ARM: cns3xxx: Fix refcount leak in cns3xxx_init ARM: Fix refcount leak in axxia_boot_secondary soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe ARM: exynos: Fix refcount leak in exynos_map_pmu ARM: dts: imx6qdl: correct PU regulator ramp delay powerpc/powernv: wire up rng during setup_arch powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address powerpc: Enable execve syscall exit tracepoint parisc: Enable ARCH_HAS_STRICT_MODULE_RWX xtensa: Fix refcount leak bug in time.c xtensa: xtfpga: Fix refcount leak bug in setup iio: adc: axp288: Override TS pin bias current for some models iio: adc: stm32: fix maximum clock rate for stm32mp15x iio: trigger: sysfs: fix use-after-free on remove iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() iio: accel: mma8452: ignore the return value of reset operation iio:accel:mxc4005: rearrange iio trigger get and register iio:accel:bma180: rearrange iio trigger get and register iio:chemical:ccs811: rearrange iio trigger get and register usb: chipidea: udc: check request status before setting device address xhci: turn off port power in shutdown iio: adc: vf610: fix conversion mode sysfs node name s390/cpumf: Handle events cycles and instructions identical gpio: winbond: Fix error code in winbond_gpio_get() Revert "net/tls: fix tls_sk_proto_close executed repeatedly" virtio_net: fix xdp_rxq_info bug after suspend/resume igb: Make DMA faster when CPU is active on the PCIe link regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips ice: ethtool: advertise 1000M speeds properly afs: Fix dynamic root getattr MIPS: Remove repetitive increase irq_err_count x86/xen: Remove undefined behavior in setup_features() udmabuf: add back sanity check net/tls: fix tls_sk_proto_close executed repeatedly erspan: do not assume transport header is always set drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers phy: aquantia: Fix AN when higher speeds than 1G are not advertised bpf: Fix request_sock leak in sk lookup helpers USB: serial: option: add Quectel RM500K module support USB: serial: option: add Quectel EM05-G modem USB: serial: option: add Telit LE910Cx 0x1250 composition random: quiet urandom warning ratelimit suppression message dm mirror log: clear log bits up to BITS_PER_LONG boundary dm era: commit metadata in postsuspend after worker stops ata: libata: add qc->flags in ata_qc_complete_template tracepoint mtd: rawnand: gpmi: Fix setting busy timeout setting mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing net: openvswitch: fix parsing of nw_proto for IPv6 fragments ALSA: hda/realtek: Add quirk for Clevo PD70PNT ALSA: hda/realtek - ALC897 headset MIC no sound ALSA: hda/conexant: Fix missing beep setup ALSA: hda/via: Fix missing beep setup random: schedule mix_interrupt_randomness() less often vt: drop old FONT ioctls Linux 5.4.201 Revert "hwmon: Make chip parameter for with_info API mandatory" arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer tcp: drop the hash_32() part from the index calculation tcp: increase source port perturb table to 2^16 tcp: dynamically allocate the perturb table used by source ports tcp: add small random increments to the source port tcp: use different parts of the port_offset for index and offset tcp: add some entropy in __inet_hash_connect() usb: gadget: u_ether: fix regression in setting fixed MAC address dm: remove special-casing of bio-based immutable singleton target on NVMe s390/mm: use non-quiescing sske for KVM switch to keyed guest UPSTREAM: ext4: verify dir block before splitting it UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled BACKPORT: ext4: fix no-key deletion for encrypt+casefold BACKPORT: ext4: optimize match for casefolded encrypted dirs BACKPORT: ext4: handle casefolding with encryption Revert "ANDROID: ext4: Handle casefolding with encryption" Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs" ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps ANDROID: change function signatures for some random functions. Revert "mailbox: forward the hrtimer if not queued and under a lock" Revert "drm: fix EDID struct for old ARM OABI format" Revert "ALSA: jack: Access input_dev under mutex" Linux 5.4.200 powerpc/mm: Switch obsolete dssall to .long riscv: Less inefficient gcc tishift helpers (and export their symbols) RISC-V: fix barrier() use in <vdso/processor.h> arm64: kprobes: Use BRK instead of single-step when executing instructions out-of-line net: openvswitch: fix leak of nested actions net: openvswitch: fix misuse of the cached connection on tuple changes net/sched: act_police: more accurate MTU policing virtio-pci: Remove wrong address verification in vp_del_vqs() ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8 ext4: add reserved GDT blocks check ext4: make variable "count" signed ext4: fix bug_on ext4_mb_use_inode_pa dm mirror log: round up region bitmap size to BITS_PER_LONG serial: 8250: Store to lsr_save_flags after lsr read usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe usb: dwc2: Fix memory leak in dwc2_hcd_init USB: serial: io_ti: add Agilent E5805A support USB: serial: option: add support for Cinterion MV31 with new baseline comedi: vmk80xx: fix expression for tx buffer size i2c: designware: Use standard optional ref clock implementation irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions irqchip/gic/realview: Fix refcount leak in realview_gic_of_init faddr2line: Fix overlapping text section failures, the sequel certs/blacklist_hashes.c: fix const confusion in certs blacklist arm64: ftrace: fix branch range checks net: bgmac: Fix an erroneous kfree() in bgmac_remove() mlxsw: spectrum_cnt: Reorder counter pools misc: atmel-ssc: Fix IRQ check in ssc_probe tty: goldfish: Fix free_irq() on remove i40e: Fix call trace in setup_tx_descriptors i40e: Fix calculating the number of queue pairs i40e: Fix adding ADQ filter to TC0 clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE random: credit cpu and bootloader seeds by default net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed ALSA: hda/realtek - Add HW8326 support scsi: pmcraid: Fix missing resource cleanup in error case scsi: ipr: Fix missing/incorrect resource cleanup in error case scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology scsi: vmw_pvscsi: Expand vcpuHint to 16 bits ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() ASoC: es8328: Fix event generation for deemphasis control ASoC: wm8962: Fix suspend while playing music ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() ASoC: cs42l56: Correct typo in minimum level for SX volume controls ASoC: cs42l52: Correct TLV for Bypass Volume ASoC: cs53l30: Correct number of volume levels on SX controls ASoC: cs35l36: Update digital volume TLV ASoC: cs42l52: Fix TLV scales for mixer controls dma-debug: make things less spammy under memory pressure ASoC: nau8822: Add operation for internal PLL off and on powerpc/kasan: Silence KASAN warnings in __get_wchan() random: account for arch randomness in bits random: mark bootloader randomness code as __init random: avoid checking crng_ready() twice in random_init() crypto: drbg - make reseeding from get_random_bytes() synchronous crypto: drbg - always try to free Jitter RNG instance crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() crypto: drbg - prepare for more fine-grained tracking of seeding state crypto: drbg - always seeded with SP800-90B compliant noise source Revert "random: use static branch for crng_ready()" random: check for signals after page of pool writes random: wire up fops->splice_{read,write}_iter() random: convert to using fops->write_iter() random: convert to using fops->read_iter() random: unify batched entropy implementations random: move randomize_page() into mm where it belongs random: move initialization functions out of hot pages random: make consistent use of buf and len random: use proper return types on get_random_{int,long}_wait() random: remove extern from functions in header random: use static branch for crng_ready() random: credit architectural init the exact amount random: handle latent entropy and command line from random_init() random: use proper jiffies comparison macro random: remove ratelimiting for in-kernel unseeded randomness random: move initialization out of reseeding hot path random: avoid initializing twice in credit race random: use symbolic constants for crng_init states siphash: use one source of truth for siphash permutations random: help compiler out with fast_mix() by using simpler arguments random: do not use input pool from hard IRQs random: order timer entropy functions below interrupt functions random: do not pretend to handle premature next security model random: use first 128 bits of input as fast init random: do not use batches when !crng_ready() random: insist on random_get_entropy() existing in order to simplify xtensa: use fallback for random_get_entropy() instead of zero sparc: use fallback for random_get_entropy() instead of zero um: use fallback for random_get_entropy() instead of zero x86/tsc: Use fallback for random_get_entropy() instead of zero nios2: use fallback for random_get_entropy() instead of zero arm: use fallback for random_get_entropy() instead of zero mips: use fallback for random_get_entropy() instead of just c0 random m68k: use fallback for random_get_entropy() instead of zero timekeeping: Add raw clock fallback for random_get_entropy() powerpc: define get_cycles macro for arch-override alpha: define get_cycles macro for arch-override parisc: define get_cycles macro for arch-override s390: define get_cycles macro for arch-override ia64: define get_cycles macro for arch-override init: call time_init() before rand_initialize() random: fix sysctl documentation nits random: document crng_fast_key_erasure() destination possibility random: make random_get_entropy() return an unsigned long random: allow partial reads if later user copies fail random: check for signals every PAGE_SIZE chunk of /dev/[u]random random: check for signal_pending() outside of need_resched() check random: do not allow user to keep crng key around on stack random: do not split fast init input in add_hwgenerator_randomness() random: mix build-time latent entropy into pool at init random: re-add removed comment about get_random_{u32,u64} reseeding random: treat bootloader trust toggle the same way as cpu trust toggle random: skip fast_init if hwrng provides large chunk of entropy random: check for signal and try earlier when generating entropy random: reseed more often immediately after booting random: make consistent usage of crng_ready() random: use SipHash as interrupt entropy accumulator random: replace custom notifier chain with standard one random: don't let 644 read-only sysctls be written to random: give sysctl_random_min_urandom_seed a more sensible value random: do crng pre-init loading in worker rather than irq random: unify cycles_t and jiffies usage and types random: cleanup UUID handling random: only wake up writers after zap if threshold was passed random: round-robin registers as ulong, not u32 random: clear fast pool, crng, and batches in cpuhp bring up random: pull add_hwgenerator_randomness() declaration into random.h random: check for crng_init == 0 in add_device_randomness() random: unify early init crng load accounting random: do not take pool spinlock at boot random: defer fast pool mixing to worker random: rewrite header introductory comment random: group sysctl functions random: group userspace read/write functions random: group entropy collection functions random: group entropy extraction functions random: group crng functions random: group initialization wait functions random: remove whitespace and reorder includes random: remove useless header comment random: introduce drain_entropy() helper to declutter crng_reseed() random: deobfuscate irq u32/u64 contributions random: add proper SPDX header random: remove unused tracepoints random: remove ifdef'd out interrupt bench random: tie batched entropy generation to base_crng generation random: fix locking for crng_init in crng_reseed() random: zero buffer after reading entropy from userspace random: remove outdated INT_MAX >> 6 check in urandom_read() random: make more consistent use of integer types random: use hash function for crng_slow_load() random: use simpler fast key erasure flow on per-cpu keys random: absorb fast pool into input pool after fast load random: do not xor RDRAND when writing into /dev/random random: ensure early RDSEED goes through mixer on init random: inline leaves of rand_initialize() random: get rid of secondary crngs random: use RDSEED instead of RDRAND in entropy extraction random: fix locking in crng_fast_load() random: remove batched entropy locking random: remove use_input_pool parameter from crng_reseed() random: make credit_entropy_bits() always safe random: always wake up entropy writers after extraction random: use linear min-entropy accumulation crediting random: simplify entropy debiting random: use computational hash for entropy extraction random: only call crng_finalize_init() for primary_crng random: access primary_pool directly rather than through pointer random: continually use hwgenerator randomness random: simplify arithmetic function flow in account() random: selectively clang-format where it makes sense random: access input_pool_data directly rather than through pointer random: cleanup fractional entropy shift constants random: prepend remaining pool constants with POOL_ random: de-duplicate INPUT_POOL constants random: remove unused OUTPUT_POOL constants random: rather than entropy_store abstraction, use global random: remove unused extract_entropy() reserved argument random: remove incomplete last_data logic random: cleanup integer types random: cleanup poolinfo abstraction random: fix typo in comments random: don't reset crng_init_cnt on urandom_read() random: avoid superfluous call to RDRAND in CRNG extraction random: early initialization of ChaCha constants random: initialize ChaCha20 constants with correct endianness random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs random: harmonize "crng init done" messages random: mix bootloader randomness into pool random: do not re-init if crng_reseed completes before primary init random: do not sign extend bytes for rotation when mixing random: use BLAKE2s instead of SHA1 in extraction random: remove unused irq_flags argument from add_interrupt_randomness() random: document add_hwgenerator_randomness() with other input functions crypto: blake2s - adjust include guard naming crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> MAINTAINERS: co-maintain random.c random: remove dead code left over from blocking pool random: avoid arch_get_random_seed_long() when collecting IRQ randomness random: add arch_get_random_*long_early() powerpc: Use bool in archrandom.h linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check linux/random.h: Use false with bool linux/random.h: Remove arch_has_random, arch_has_random_seed s390: Remove arch_has_random, arch_has_random_seed powerpc: Remove arch_has_random, arch_has_random_seed x86: Remove arch_has_random, arch_has_random_seed random: avoid warnings for !CONFIG_NUMA builds random: split primary/secondary crng init paths random: remove some dead code of poolinfo random: fix typo in add_timer_randomness() random: Add and use pr_fmt() random: convert to ENTROPY_BITS for better code readability random: remove unnecessary unlikely() random: remove kernel.random.read_wakeup_threshold random: delete code to pull data into pools random: remove the blocking pool random: make /dev/random be almost like /dev/urandom random: ignore GRND_RANDOM in getentropy(2) random: add GRND_INSECURE to return best-effort non-cryptographic bytes random: Add a urandom_read_nowait() for random APIs that don't warn random: Don't wake crng_init_wait when crng_init == 1 random: don't forget compat_ioctl on urandom compat_ioctl: remove /dev/random commands lib/crypto: sha1: re-roll loops to reduce code size lib/crypto: blake2s: move hmac construction into wireguard crypto: blake2s - generic C library implementation and selftest nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION bpf: Fix incorrect memory charge cost calculation in stack_map_alloc() 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes" Revert "ext4: fix use-after-free in ext4_rename_dir_prepare" Revert "ext4: verify dir block before splitting it" Linux 5.4.199 x86/speculation/mmio: Print SMT warning KVM: x86/speculation: Disable Fill buffer clear within guests x86/speculation/mmio: Reuse SRBDS mitigation for SBDS x86/speculation/srbds: Update SRBDS mitigation selection x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data x86/speculation/mmio: Enable CPU Fill buffer clearing on idle x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data x86/speculation: Add a common function for MD_CLEAR mitigation update x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug Documentation: Add documentation for Processor MMIO Stale Data x86/cpu: Add another Alder Lake CPU to the Intel family x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family x86/cpu: Add Jasper Lake to Intel family cpu/speculation: Add prototype for cpu_show_srbds() Linux 5.4.198 tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N md/raid0: Ignore RAID0 layout if the second zone has only one device powerpc/32: Fix overread/overwrite of thread_struct via ptrace Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag ixgbe: fix unexpected VLAN Rx in promisc mode on VF ixgbe: fix bcast packets Rx on VF after promisc removal nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION mmc: block: Fix CQE recovery reset success ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files cifs: return errors during session setup during reconnects ALSA: hda/conexant - Fix loopback issue with CX20632 scripts/gdb: change kernel config dumping method vringh: Fix loop descriptors check in the indirect cases nodemask: Fix return values to be unsigned cifs: version operations for smb20 unneeded when legacy support disabled s390/gmap: voluntarily schedule during key setting nbd: fix io hung while disconnecting device nbd: fix race between nbd_alloc_config() and module removal nbd: call genl_unregister_family() first in nbd_cleanup() x86/cpu: Elide KCSAN for cpu_has() and friends modpost: fix undefined behavior of is_arm_mapping_symbol() drm/radeon: fix a possible null pointer dereference ceph: allow ceph.dir.rctime xattr to be updatable Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" scsi: myrb: Fix up null pointer access on myrb_cleanup() md: protect md_unregister_thread from reentrancy watchdog: wdat_wdt: Stop watchdog when rebooting the system kernfs: Separate kernfs_pr_cont_buf and rename_lock. serial: msm_serial: disable interrupts in __msm_console_write() staging: rtl8712: fix uninit-value in r871xu_drv_init() staging: rtl8712: fix uninit-value in usb_read8() and friends clocksource/drivers/sp804: Avoid error on multiple instances extcon: Modify extcon device to be created after driver data is set misc: rtsx: set NULL intfdata when probe fails usb: dwc2: gadget: don't reset gadget's driver->bus USB: hcd-pci: Fully suspend across freeze/thaw cycle drivers: usb: host: Fix deadlock in oxu_bus_suspend() drivers: tty: serial: Fix deadlock in sa1100_set_termios() USB: host: isp116x: check return value after calling platform_get_resource() drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() tty: Fix a possible resource leak in icom_probe tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() lkdtm/usercopy: Expand size of "out of frame" object iio: st_sensors: Add a local lock for protecting odr iio: dummy: iio_simple_dummy: check the return value of kstrdup() drm: imx: fix compiler warning with gcc-12 net: altera: Fix refcount leak in altera_tse_mdio_create ip_gre: test csum_start instead of transport header net/mlx5: fs, fail conflicting actions net/mlx5: Rearm the FW tracer after each tracer event net: ipv6: unexport __init-annotated seg6_hmac_init() net: xfrm: unexport __init-annotated xfrm4_protocol_init() net: mdio: unexport __init-annotated mdio_bus_init() SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list bpf, arm64: Clear prog->jited_len along prog->jited af_unix: Fix a data-race in unix_dgram_peer_wake_me(). xen: unexport __init-annotated xen_xlate_map_ballooned_pages() netfilter: nf_tables: memleak flow rule from commit path ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe netfilter: nat: really support inet nat without l3 address xprtrdma: treat all calls not a bcall when bc_serv is NULL video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() NFSv4: Don't hold the layoutget locks across multiple RPC calls dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type m68knommu: fix undefined reference to `_init_sp' m68knommu: set ZERO_PAGE() to the allocated zeroed page i2c: cadence: Increase timeout per message if necessary f2fs: remove WARN_ON in f2fs_is_valid_blkaddr tracing: Avoid adding tracer option before update_tracer_options tracing: Fix sleeping function called from invalid context on RT kernel mips: cpc: Fix refcount leak in mips_cpc_default_phys_base perf c2c: Fix sorting in percent_rmt_hitm_cmp() tipc: check attribute length for bearer name afs: Fix infinite loop found by xfstest generic/676 tcp: tcp_rtx_synack() can be called from process context net: sched: add barrier to fix packet stuck problem for lockless qdisc net/mlx5e: Update netdev features after changing XDP state net/mlx5: Don't use already freed action pointer nfp: only report pause frame configuration for physical device ubi: ubi_create_volume: Fix use-after-free when volume creation failed jffs2: fix memory leak in jffs2_do_fill_super modpost: fix removing numeric suffixes net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog s390/crypto: fix scatterwalk_unmap() callers in AES-GCM clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe driver core: fix deadlock in __device_attach driver: base: fix UAF when driver_attach failed bus: ti-sysc: Fix warnings for unbind for serial firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle serial: stm32-usart: Correct CSIZE, bits, and parity serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 serial: sifive: Sanitize CSIZE and c_iflag serial: sh-sci: Don't allow CS5-6 serial: txx9: Don't allow CS5-6 serial: rda-uart: Don't allow CS5-6 serial: digicolor-usart: Don't allow CS5-6 serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 serial: meson: acquire port->lock in startup() rtc: mt6397: check return value after calling platform_get_resource() clocksource/drivers/riscv: Events are stopped during CPU suspend soc: rockchip: Fix refcount leak in rockchip_grf_init coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier serial: sifive: Report actual baud base rather than fixed 115200 phy: qcom-qmp: fix pipe-clock imbalance on power-on failure rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails iio: adc: sc27xx: Fine tune the scale calibration values iio: adc: sc27xx: fix read big scale voltage not right iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check firmware: stratix10-svc: fix a missing check on list iterator usb: dwc3: pci: Fix pm_runtime_get_sync() error checking rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value pwm: lp3943: Fix duty calculation in case period was clamped staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() usb: musb: Fix missing of_node_put() in omap2430_probe USB: storage: karma: fix rio_karma_init return usb: usbip: add missing device lock on tweak configuration cmd usb: usbip: fix a refcount leak in stub_probe() tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe tty: goldfish: Use tty_port_destroy() to destroy port iio: adc: ad7124: Remove shift from scan_type staging: greybus: codecs: fix type confusion of list iterator variable pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards md: bcache: check the return value of kzalloc() in detached_dev_do_request() block: fix bio_clone_blkg_association() to associate with proper blkcg_gq bfq: Make sure bfqg for which we are queueing requests is online bfq: Get rid of __bio_blkcg() usage bfq: Remove pointless bfq_init_rq() calls bfq: Drop pointless unlock-lock pair bfq: Avoid merging queues with different parents MIPS: IP27: Remove incorrect `cpu_has_fpu' override RDMA/rxe: Generate a completion for unsupported/invalid opcode Kconfig: add config option for asm goto w/ outputs phy: qcom-qmp: fix reset-controller leak on probe errors blk-iolatency: Fix inflight count imbalances and IO hangs on offline dt-bindings: gpio: altera: correct interrupt-cells docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 ARM: pxa: maybe fix gpio lookup tables phy: qcom-qmp: fix struct clk leak on probe errors arm64: dts: qcom: ipq8074: fix the sleep clock frequency gma500: fix an incorrect NULL check on list iterator tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator serial: pch: don't overwrite xmit->buf[0] by x_char carl9170: tx: fix an incorrect use of list iterator ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control rtl818x: Prevent using not initialized queues hugetlb: fix huge_pmd_unshare address update nodemask.h: fix compilation error with GCC12 iommu/msm: Fix an incorrect NULL check on list iterator um: Fix out-of-bounds read in LDT setup um: chan_user: Fix winch_tramp() return value mac80211: upgrade passive scan to active scan on DFS channels after beacon rx irqchip: irq-xtensa-mx: fix initial IRQ affinity irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x RDMA/hfi1: Fix potential integer multiplication overflow errors Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug media: coda: Add more H264 levels for CODA960 media: coda: Fix reported H264 profile mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write md: fix an incorrect NULL check in md_reload_sb md: fix an incorrect NULL check in does_sb_need_changing drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX drm/nouveau/clk: Fix an incorrect NULL check on list iterator drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled scsi: dc395x: Fix a missing check on list iterator ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock dlm: fix missing lkb refcount handling dlm: fix plock invalid read mm, compaction: fast_find_migrateblock() should return pfn in the target zone PCI: qcom: Fix unbalanced PHY init on probe errors PCI: qcom: Fix runtime PM imbalance on probe errors PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 tracing: Fix potential double free in create_var_ref() ACPI: property: Release subnode properties with data nodes ext4: avoid cycles in directory h-tree ext4: verify dir block before splitting it ext4: fix bug_on in ext4_writepages ext4: fix warning in ext4_handle_inode_extension ext4: fix use-after-free in ext4_rename_dir_prepare netfilter: nf_tables: disallow non-stateful expression in sets earlier bfq: Track whether bfq_group is still online bfq: Update cgroup information before merging bio bfq: Split shared queues on move between cgroups efi: Do not import certificates from UEFI Secure Boot for T2 Macs fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages iwlwifi: mvm: fix assert 1F04 upon reconfig wifi: mac80211: fix use-after-free in chanctx code f2fs: fix fallocate to use file_modified to update permissions consistently f2fs: don't need inode lock for system hidden quota f2fs: fix deadloop in foreground GC f2fs: fix to clear dirty inode in f2fs_evict_inode() f2fs: fix to do sanity check on block address in f2fs_do_zero_range() f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() perf jevents: Fix event syntax error caused by ExtSel perf c2c: Use stdio interface if slang is not supported iommu/amd: Increase timeout waiting for GA log enablement dmaengine: stm32-mdma: remove GISR1 register video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout NFS: Don't report errors from nfs_pageio_complete() more than once NFS: Do not report flush errors in nfs_write_end() NFS: Do not report EINTR/ERESTARTSYS as mapping errors i2c: at91: Initialize dma_buf in at91_twi_xfer() i2c: at91: use dma safe buffers iommu/mediatek: Add list_del in mtk_iommu_remove f2fs: fix dereference of stale list iterator after loop body Input: stmfts - do not leave device disabled in stmfts_input_open RDMA/hfi1: Prevent use of lock before it is initialized mailbox: forward the hrtimer if not queued and under a lock mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup macintosh: via-pmu and via-cuda need RTC_LIB powerpc/perf: Fix the threshold compare group constraint for power9 powerpc/64: Only WARN if __pa()/__va() called with bad addresses Input: sparcspkr - fix refcount leak in bbc_beep_probe crypto: cryptd - Protect per-CPU resource by disabling BH. tty: fix deadlock caused by calling printk() under tty_port->lock PCI: imx6: Fix PERST# start-up sequence ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() proc: fix dentry/inode overinstantiating under /proc/${pid}/net powerpc/4xx/cpm: Fix return value of __setup() handler powerpc/idle: Fix return value of __setup() handler powerpc/8xx: export 'cpm_setbrg' for modules dax: fix cache flush on PMD-mapped pages drivers/base/node.c: fix compaction sysfs file leak pinctrl: mvebu: Fix irq_of_parse_and_map() return value nvdimm: Allow overwrite in the presence of disabled dimms firmware: arm_scmi: Fix list protocols enumeration in the base protocol scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() mfd: ipaq-micro: Fix error check return value of platform_get_irq() powerpc/fadump: fix PT_LOAD segment for boot memory area arm: mediatek: select arch timer for mt7629 crypto: marvell/cesa - ECB does not IV misc: ocxl: fix possible double free in ocxl_file_register_afu ARM: dts: bcm2835-rpi-b: Fix GPIO line names ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT can: xilinx_can: mark bit timing constants as const KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry PCI: rockchip: Fix find_first_zero_bit() limit PCI: cadence: Fix find_first_zero_bit() limit soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc ARM: dts: suniv: F1C100: fix watchdog compatible arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 net/smc: postpone sk_refcnt increment in connect() rxrpc: Fix decision on when to generate an IDLE ACK rxrpc: Don't let ack.previousPacket regress rxrpc: Fix overlapping ACK accounting rxrpc: Don't try to resend the request if we're receiving the reply rxrpc: Fix listen() setting the bar too high for the prealloc rings NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init ext4: reject the 'commit' option on ext2 filesystems media: ov7670: remove ov7670_power_off from ov7670_remove sctp: read sk->sk_bound_dev_if once in sctp_rcv() m68k: math-emu: Fix dependencies of math emulation support Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout media: vsp1: Fix offset calculation for plane cropping media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init media: exynos4-is: Change clk_disable to clk_disable_unprepare media: st-delta: Fix PM disable depth imbalance in delta_probe media: aspeed: Fix an error handling path in aspeed_video_probe() scripts/faddr2line: Fix overlapping text section failures regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe perf/amd/ibs: Use interrupt regs ip for stack unwinding Revert "cpufreq: Fix possible race in cpufreq online error path" iomap: iomap_write_failed fix media: uvcvideo: Fix missing check to determine if element is found in list drm/msm: return an error pointer in msm_gem_prime_get_sg_table() drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET x86/mm: Cleanup the control_va_addr_alignment() __setup handler irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value irqchip/exiu: Fix acknowledgment of edge triggered interrupts x86: Fix return value of __setup handlers virtio_blk: fix the discard_granularity and discard_alignment queue limits drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() drm/msm/hdmi: check return value after calling platform_get_resource_byname() drm/msm/dsi: fix error checks and return values for DSI xmit functions drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume perf tools: Add missing headers needed by util/data.h ASoC: rk3328: fix disabling mclk on pclk probe failure x86/speculation: Add missing prototype for unpriv_ebpf_notify() x86/pm: Fix false positive kmemleak report in msr_build_context() scsi: ufs: core: Exclude UECxx from SFR dump list of: overlay: do not break notify on NOTIFY_{OK|STOP} fsnotify: fix wrong lockdep annotations inotify: show inotify mask flags in proc fdinfo ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix cpufreq: Fix possible race in cpufreq online error path spi: img-spfi: Fix pm_runtime_get_sync() error checking sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq drm/bridge: Fix error handling in analogix_dp_probe HID: elan: Fix potential double free in elan_input_configured HID: hid-led: fix maximum brightness for Dream Cheeky drbd: fix duplicate array initializer efi: Add missing prototype for efi_capsule_setup_info NFC: NULL out the dev->rfkill to prevent UAF spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout drm: mali-dp: potential dereference of null pointer drm/komeda: Fix an undefined behavior bug in komeda_plane_add() nl80211: show SSID for P2P_GO interfaces bpf: Fix excessive memory allocation in stack_map_alloc() drm/vc4: txp: Force alpha to be 0xff if it's disabled drm/vc4: txp: Don't set TXP_VSTART_AT_EOF drm/mediatek: Fix mtk_cec_mask() x86/delay: Fix the wrong asm constraint in delay_loop() ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe drm/bridge: adv7511: clean up CEC adapter when probe fails drm/edid: fix invalid EDID extension block filtering ath9k: fix ar9003_get_eepmisc drm: fix EDID struct for old ARM OABI format RDMA/hfi1: Prevent panic when SDMA is disabled powerpc/iommu: Add missing of_node_put in iommu_init_early_dart macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled powerpc/powernv: fix missing of_node_put in uv_init() powerpc/xics: fix refcount leak in icp_opal_init() tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() ARM: hisi: Add missing of_node_put after of_find_compatible_node ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM ARM: versatile: Add missing of_node_put in dcscb_init fat: add ratelimit to fat*_ent_bread() powerpc/fadump: Fix fadump to work with a different endian capture kernel ARM: OMAP1: clock: Fix UART rate reporting algorithm fs: jfs: fix possible NULL pointer dereference in dbFree() PM / devfreq: rk3399_dmc: Disable edev on remove() ARM: dts: ox820: align interrupt controller node name with dtschema IB/rdmavt: add missing locks in rvt_ruc_loopback selftests/bpf: fix btf_dump/btf_dump due to recent clang change eth: tg3: silence the GCC 12 array-bounds warning rxrpc: Return an error to sendmsg if call failed hwmon: Make chip parameter for with_info API mandatory ASoC: max98357a: remove dependency on GPIOLIB media: exynos4-is: Fix compile warning net: phy: micrel: Allow probing without .driver_data nbd: Fix hung on disconnect request if socket is closed before ASoC: rt5645: Fix errorenous cleanup order nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags openrisc: start CPU timer early in boot media: cec-adap.c: fix is_configuring state media: coda: limit frame interval enumeration to supported encoder frame sizes rtlwifi: Use pr_warn instead of WARN_ONCE ipmi: Fix pr_fmt to avoid compilation issues ipmi:ssif: Check for NULL msg when handling events and messages ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC spi: stm32-qspi: Fix wait_cmd timeout in APM mode s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES ASoC: tscs454: Add endianness flag in snd_soc_component_driver HID: bigben: fix slab-out-of-bounds Write in bigben_probe drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo mlxsw: spectrum_dcb: Do not warn about priority changes ASoC: dapm: Don't fold register value changes into notifications net/mlx5: fs, delete the FTE when there are no rules attached to it ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL drm: msm: fix error check return value of irq_of_parse_and_map() arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall drm/amd/pm: fix the compile warning drm/plane: Move range check for format_count earlier scsi: megaraid: Fix error check return value of register_chrdev() mmc: jz4740: Apply DMA engine limits to maximum segment size md/bitmap: don't set sb values if can't pass sanity check media: cx25821: Fix the warning when removing the module media: pci: cx23885: Fix the error handling in cx23885_initdev() media: venus: hfi: avoid null dereference in deinit ath9k: fix QCA9561 PA bias level drm/amd/pm: fix double free in si_parse_power_table() tools/power turbostat: fix ICX DRAM power numbers spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction ALSA: jack: Access input_dev under mutex drm/komeda: return early if drm_universal_plane_init() fails. ACPICA: Avoid cache flush inside virtual machines fbcon: Consistently protect deferred_takeover with console_lock() ipv6: fix locking issues with loops over idev->addr_list ipw2x00: Fix potential NULL dereference in libipw_xmit() b43: Fix assigning negative value to unsigned variable b43legacy: Fix assigning negative value to unsigned variable mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes btrfs: repair super block num_devices automatically btrfs: add "0x" prefix for unsupported optional features ptrace: Reimplement PTRACE_KILL by always sending SIGKILL ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP perf/x86/intel: Fix event constraints for ICL usb: core: hcd: Add support for deferring roothub registration USB: new quirk for Dell Gen 2 devices USB: serial: option: add Quectel BG95 modem ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS binfmt_flat: do not stop relocating GOT entries prematurely on riscv Conflicts: Documentation/devicetree/bindings/dma/allwinner,sun50i-a64-dma.yaml Documentation/devicetree/bindings~HEAD drivers/char/Kconfig drivers/mmc/core/block.c kernel/sysctl.c Change-Id: If11e1865055bfb94b3268960268c88c3dfc032c3 |
||
Kees Cook
|
0d4d3b41a5 |
UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
Now that Clang's -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang option is no longer required, remove it from the command line. Clang 16 and later will warn when it is used, which will cause Kconfig to think it can't use -ftrivial-auto-var-init=zero at all. Check for whether it is required and only use it when so. Cc: Nathan Chancellor <nathan@kernel.org> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: linux-kbuild@vger.kernel.org Cc: llvm@lists.linux.dev Cc: stable@vger.kernel.org Fixes: f02003c860d9 ("hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO") Signed-off-by: Kees Cook <keescook@chromium.org> (cherry picked from commit 607e57c6c62c00965ae276902c166834ce73014a) Change-Id: I30ecd0e5226852b7d5ee12c44c346ac79051a671 Signed-off-by: Nathan Chancellor <nathan@kernel.org> |
||
|
Kees Cook
|
9267f98065 |
UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
Currently under Clang, CC_HAS_AUTO_VAR_INIT_ZERO requires an extra -enable flag compared to CC_HAS_AUTO_VAR_INIT_PATTERN. GCC 12[1] will not, and will happily ignore the Clang-specific flag. However, its presence on the command-line is both cumbersome and confusing. Due to GCC's tolerant behavior, though, we can continue to use a single Kconfig cc-option test for the feature on both compilers, but then drop the Clang-specific option in the Makefile. In other words, this patch does not change anything other than making the compiler command line shorter once GCC supports -ftrivial-auto-var-init=zero. [1] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=a25e0b5e6ac8a77a71c229e0a7b744603365b0e9 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: llvm@lists.linux.dev Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init") Suggested-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/lkml/20210914102837.6172-1-will@kernel.org/ Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Will Deacon <will@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> (cherry picked from commit f02003c860d921171be4a27e2893766eb3bc6871) Change-Id: I572f9d1763dbc7b53f2ad0dc87ba074313f556eb Signed-off-by: Nathan Chancellor <nathan@kernel.org> |
||
|
Kees Cook
|
f086581010 |
UPSTREAM: hardening: Clarify Kconfig text for auto-var-init
Clarify the details around the automatic variable initialization modes available. Specifically this details the values used for pattern init and expands on the rationale for zero init safety. Additionally makes zero init the default when available. Cc: glider@google.com Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: linux-security-module@vger.kernel.org Cc: clang-built-linux@googlegroups.com Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Gustavo A. R. Silva <gustavoars@kernel.org> (cherry picked from commit dcb7c0b9461c2a30f6616262736daac6f01ecb09) Change-Id: Id2a3b2b2953677e29e6deb931350b04091474b08 Signed-off-by: Nathan Chancellor <nathan@kernel.org> |
||
|
Greg Kroah-Hartman
|
4fa407bf37 |
This is the 5.4.218 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmNKSyYACgkQONu9yGCS aT7eFhAAxIHNQdbLULupIiyUaKLmbso5Wjmd/pCPBhkSERDEahmQ6rfd7R3200R4 Fk8kbvXAfTlYGSa8dnZqIIJbRdq3dcyq9YbUMqJRd+Jsep24e4YmUd/9oeNdL7t9 6j4EEEPUW0I5xlFST1nPjOCRKF8XMh7aqH8CJdaMyTqv5lrePb6qnDlaUBmwaZVG 3TzBZG7Kfopdj8jCKyOcDBCZ8sOL8sUUTN9cblL+keBdSojZsSBKzw8OFSBVUBJU WTZrRf2tieMaeZICNhREwqp6vPdHSmvj6XiFdrw6aePR9XczuR1oxBMVR5jvhZIS 00jAk17D6t8Xy7pX4NW+WkwZoaL+TsLlvNlvHfgdlAE6uBMYOfwiVzE9/E8rx3cP BK/xoUH/lAnWJ7sQOcdQj761pgo+lBZjottQx3KIhPqvaZK1LtADx6OmnGMtJI11 4yF0+w60p3H4LiXa0fgLEjXDlXX/v9P47UjMkog2xeMFpsx1/a1HYDpiC938+uAw 9o9YeNja/mGm2xYwNi28vjdTyNJAVo1g80qYG+ExIO6gbtCr2yBR1MxXlrxH8HEY Y2qKHte6ppFJ6p4BpivcIt+Ft6MT1BrMyPakF2QwMScUGWElO6qGFiWS/Y6UI0fh bjQLRjB2rRwpoMtyl3HoFPfbHIR0C6xFvAwcx7mZbF0xrK2lI7Y= =Cli8 -----END PGP SIGNATURE----- Merge 5.4.218 into android11-5.4-lts Changes in 5.4.218 mm: pagewalk: Fix race between unmap and page walker perf tools: Fixup get_current_dir_name() compilation fs: fix UAF/GPF bug in nilfs_mdt_destroy firmware: arm_scmi: Add SCMI PM driver remove routine dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer scsi: qedf: Fix a UAF bug in __qedf_probe() net/ieee802154: fix uninit value bug in dgram_sendmsg um: Cleanup syscall_handler_t cast in syscalls_32.h um: Cleanup compiler warning in arch/x86/um/tls_32.c arch: um: Mark the stack non-executable to fix a binutils warning usb: mon: make mmapped memory read only USB: serial: ftdi_sio: fix 300 bps rate for SIO mmc: core: Replace with already defined values for readability mmc: core: Terminate infinite loop in SD-UHS voltage switch rpmsg: qcom: glink: replace strncpy() with strscpy_pad() nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure ceph: don't truncate file in atomic_open random: clamp credited irq bits to maximum mixed ALSA: hda: Fix position reporting on Poulsbo efi: Correct Macmini DMI match in uefi cert quirk scsi: stex: Properly zero out the passthrough command structure USB: serial: qcserial: add new usb-id for Dell branded EM7455 random: restore O_NONBLOCK support random: avoid reading two cache lines on irq randomness random: use expired timer rather than wq for mixing fast pool wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() wifi: cfg80211/mac80211: reject bad MBSSID elements wifi: cfg80211: ensure length byte is present before access wifi: cfg80211: fix BSS refcounting bugs wifi: cfg80211: avoid nontransmitted BSS list corruption wifi: mac80211_hwsim: avoid mac80211 warning on bad rate wifi: cfg80211: update hidden BSSes to avoid WARN_ON Input: xpad - add supported devices as contributed on github Input: xpad - fix wireless 360 controller breaking after suspend Linux 5.4.218 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I181935d163a9900b8e9e1201d3fde0c56b61dc58 |
||
Orlando Chamberlain
|
46b822a755 |
efi: Correct Macmini DMI match in uefi cert quirk
commit bab715bdaa9ebf28d99a6d1efb2704a30125e96d upstream. It turns out Apple doesn't capitalise the "mini" in "Macmini" in DMI, which is inconsistent with other model line names. Correct the capitalisation of Macmini in the quirk for skipping loading platform certs on T2 Macs. Currently users get: ------------[ cut here ]------------ [Firmware Bug]: Page fault caused by firmware at PA: 0xffffa30640054000 WARNING: CPU: 1 PID: 8 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x55/0xe0 Modules linked in: CPU: 1 PID: 8 Comm: kworker/u12:0 Not tainted 5.18.14-arch1-2-t2 #1 4535eb3fc40fd08edab32a509fbf4c9bc52d111e Hardware name: Apple Inc. Macmini8,1/Mac-7BA5B2DFE22DDD8C, BIOS 1731.120.10.0.0 (iBridge: 19.16.15071.0.0,0) 04/24/2022 Workqueue: efi_rts_wq efi_call_rts ... ---[ end trace 0000000000000000 ]--- efi: Froze efi_rts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list Fixes: 155ca952c7ca ("efi: Do not import certificates from UEFI Secure Boot for T2 Macs") Cc: stable@vger.kernel.org Cc: Aditya Garg <gargaditya08@live.com> Tested-by: Samuel Jiang <chyishian.jiang@gmail.com> Signed-off-by: Orlando Chamberlain <redecorating@protonmail.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
05426a3d4f |
This is the 5.4.211 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMHPogACgkQONu9yGCS aT6GgQ//eILgoV9jHOdWFDlOqWz80zTFxPo2d1Fyd+jKbxI9Joj6raMfyhbNQA5z sNS6B21FTC1V9TkPwt3/TaghYZlBvYutcIUWVgxvKHM2m2QCyiS6Y7VgfnqTVU2J C6Ri0zabWf0X2eahdDAd0uOxhejSbewo+3Xfv2Y090kOWKxj5b1SjQoo7/OapBFi 8ZZ60qamP5/Qfs3rTiVNDYHqY+n1okYuOpEL78Zh/imGC71ZfyKVZgAe/WHHaXtQ KBug0mmr/9K2yMFYdXmuPdOZrS66A2sklsaw+WdXIboZKhAMF16KkkNvN2BExX5G Hf03MRfCAEFDndhGO16X07WDNIr/CQaEYLjAn6PE1cGnIncQMw2vyWMHGiNlOdLO JZiOcyVEW6cao7vLmQD/Rk6x44nOlm+ttzxMD2spHwAU4tSM7aM0SrAvM201R8Vc 6hs6m1+NQr9XNEiH+QT+A4+cbIeOd/b8hkQdjB/uvlS0HTUNu4SGNlL7s3nwuB8D a1chV1VbmYfIjSyY6ffr3hNrTHfHSZN2M5otK2iDmvYlTrrbOAu6sPXCWHKskKSf Dm43Le+NaZmBHSS36ejcQKGdNpZ35H7uQ89bzuo5/kisQ4fY4VnQSYFNgmnRAY+s nOvbrj7M4K+QvumYBT1efoMrMYgXRYQSQOc03Mq7AQYuJBrQv/4= =U/Z1 -----END PGP SIGNATURE----- Merge 5.4.211 into android11-5.4-lts Changes in 5.4.211 Makefile: link with -z noexecstack --no-warn-rwx-segments x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" ALSA: bcd2000: Fix a UAF bug on the error path of probing igc: Remove _I_PHY_ID checking wifi: mac80211_hwsim: fix race condition in pending packet wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: use 32-bit skb cookie add barriers to buffer_uptodate and set_buffer_uptodate HID: wacom: Only report rotation for art pen HID: wacom: Don't register pad_input for touch switch KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP mm/mremap: hold the rmap lock in write mode when moving page table entries. ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/realtek: Add quirk for another Asus K42JZ model tty: vt: initialize unicode screen buffer vfs: Check the truncate maximum size in inode_newsize_ok() fs: Add missing umask strip in vfs_tmpfile thermal: sysfs: Fix cooling_device_stats_setup() error code path fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters usbnet: Fix linkwatch use-after-free on disconnect ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() parisc: Fix device names in /proc/iomem parisc: io_pgetevents_time64() needs compat syscall in 32-bit compat mode drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error drm/nouveau: fix another off-by-one in nvbios_addr drm/amdgpu: Check BO's requested pinning domains against its preferred_domains iio: light: isl29028: Fix the warning in isl29028_remove() fuse: limit nsec serial: mvebu-uart: uart2 error bits clearing md-raid10: fix KASAN warning ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() PCI: Add defines for normal and subtractive PCI bridges powerpc/fsl-pci: Fix Class Code of PCIe Root Port powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E powerpc/powernv: Avoid crashing if rng is NULL MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK coresight: Clear the connection field properly USB: HCD: Fix URB giveback issue in tasklet function ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC netfilter: nf_tables: do not allow SET_ID to refer to another table netfilter: nf_tables: do not allow RULE_ID to refer to another chain netfilter: nf_tables: fix null deref due to zeroed list head epoll: autoremove wakers even more aggressively x86: Handle idle=nomwait cmdline properly for x86_idle arm64: Do not forget syscall when starting a new thread. arm64: fix oops in concurrently setting insn_emulation sysctls ext2: Add more validity checks for inode counts genirq: Don't return error on missing optional irq_request_resources() wait: Fix __wait_event_hrtimeout for RT/DL tasks ARM: dts: imx6ul: add missing properties for sram ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: fix csi node compatible ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: fix qspi node compatible spi: synquacer: Add missing clk_disable_unprepare() ARM: OMAP2+: display: Fix refcount leak bug ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: LPSS: Fix missing check in register_device_clock() arm64: dts: qcom: ipq8074: fix NAND node name arm64: dts: allwinner: a64: orangepi-win: Fix LED node name ARM: shmobile: rcar-gen2: Increase refcount for new reference PM: hibernate: defer device probing when resuming from hibernation selinux: Add boundary check in put_entry() spi: spi-rspi: Fix PIO fallback on RZ platforms ARM: findbit: fix overflowing offset meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: bcm: Fix refcount leak in bcm_kona_smc_init x86/pmem: Fix platform-device leak in error path ARM: dts: ast2500-evb: fix board compatible ARM: dts: ast2600-evb: fix board compatible soc: fsl: guts: machine variable might be unset ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg ARM: OMAP2+: Fix refcount leak in omapdss_init_of ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init cpufreq: zynq: Fix refcount leak in zynq_get_revision soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register ARM: dts: qcom: pm8841: add required thermal-sensor-cells bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() arm64: dts: mt7622: fix BPI-R64 WPS button erofs: avoid consecutive detection for Highmem memory blk-mq: don't create hctx debugfs dir until q->debugfs_dir is created regulator: of: Fix refcount leak bug in of_get_regulation_constraints() nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() thermal/tools/tmon: Include pthread and time headers in tmon.h dm: return early from dm_pr_call() if DM device is suspended ath10k: do not enforce interrupt trigger type wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() drm/mipi-dbi: align max_chunk to 2 in spi_transfer drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm: adv7511: override i2c address of cec before accessing it i2c: Fix a potential use after free media: tw686x: Register the irq at the end of probe ath9k: fix use-after-free in ath9k_hif_usb_rx_cb wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() drm: bridge: adv7511: Add check for mipi_dsi_driver_register drm/mcde: Fix refcount leak in mcde_dsi_bind media: hdpvr: fix error value returns in hdpvr_read drm/vc4: plane: Remove subpixel positioning check drm/vc4: plane: Fix margin calculations for the right/bottom edges drm/vc4: dsi: Correct DSI divider calculations crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE drm/rockchip: vop: Don't crash for invalid duplicate_state() drm/rockchip: Fix an error handling path rockchip_dp_probe() drm/mediatek: dpi: Remove output format of YUV drm/mediatek: dpi: Only enable dpi after the bridge is enabled drm: bridge: sii8620: fix possible off-by-one drm/msm/mdp5: Fix global state lock backoff crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. tcp: make retransmitted SKB fit into the send window libbpf: Fix the name of a reused map selftests: timers: valid-adjtimex: build fix for newer toolchains selftests: timers: clocksource-switch: fix passing errors from child fs: check FMODE_LSEEK to control internal pipe splicing wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() wifi: p54: Fix an error handling path in p54spi_probe() wifi: p54: add missing parentheses in p54_flush() selftests/bpf: fix a test for snprintf() overflow can: pch_can: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: usb_8dev: do not report txerr and rxerr during bus-off can: error: specify the values of data[5..7] of CAN error frames can: pch_can: pch_can_error(): initialize errc before using it Bluetooth: hci_intel: Add check for platform_driver_register i2c: cadence: Support PEC for SMBus block read i2c: mux-gpmux: Add of_node_put() when breaking out of loop wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue wifi: libertas: Fix possible refcount leak in if_usb_probe() net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of iavf: Fix max_rate limiting netdevsim: Avoid allocation warnings triggered from user space net: rose: fix netdev reference changes dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock clk: renesas: r9a06g032: Fix UART clkgrp bitsel mtd: maps: Fix refcount leak in of_flash_probe_versatile mtd: maps: Fix refcount leak in ap_flash_init mtd: rawnand: meson: Fix a potential double free issue HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release mtd: partitions: Fix refcount leak in parse_redboot_of mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path fpga: altera-pr-ip: fix unsigned comparison with less than zero usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: xhci: tegra: Fix error check clk: mediatek: reset: Fix written reset bit offset misc: rtsx: Fix an error handling path in rtsx_pci_probe() driver core: fix potential deadlock in __driver_attach clk: qcom: clk-krait: unlock spin after mux completion usb: host: xhci: use snprintf() in xhci_decode_trb() clk: qcom: ipq8074: fix NSS port frequency tables clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks clk: qcom: camcc-sdm845: Fix topology around titan_top power domain soundwire: bus_type: fix remove and shutdown support intel_th: Fix a resource leak in an error handling path intel_th: msu-sink: Potential dereference of null pointer intel_th: msu: Fix vmalloced buffers staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch memstick/ms_block: Fix some incorrect memory allocation memstick/ms_block: Fix a memory leak mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R scsi: smartpqi: Fix DMA direction for RAID requests usb: gadget: udc: amd5536 depends on HAS_DMA RDMA/hns: Fix incorrect clearing of interrupt status register RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event RDMA/hfi1: fix potential memory leak in setup_base_ctxt() gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() mmc: cavium-octeon: Add of_node_put() when breaking out of loop mmc: cavium-thunderx: Add of_node_put() when breaking out of loop HID: alps: Declare U1_UNICORN_LEGACY support PCI: tegra194: Fix Root Port interrupt handling PCI: tegra194: Fix link up retry sequence USB: serial: fix tty-port initialized comments platform/olpc: Fix uninitialized data in debugfs write mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region RDMA/rxe: Fix error unwind in rxe_create_qp() null_blk: fix ida error handling in null_add_dev() jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() ext4: recover csum seed of tmp_inode after migrating to extents jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted opp: Fix error check in dev_pm_opp_attach_genpd() ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV profiling: fix shift too large makes kernel panic tty: n_gsm: fix non flow control frames during mux flow off tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix race condition in gsmld_write() remoteproc: qcom: wcnss: Fix handling of IRQs vfio/ccw: Do not change FSM state in subchannel event tty: n_gsm: fix wrong T1 retry count handling tty: n_gsm: fix DM command tty: n_gsm: fix missing corner cases in gsmld_poll() iommu/exynos: Handle failed IOMMU device registration properly rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge kfifo: fix kfifo_to_user() return type mfd: t7l66xb: Drop platform disable callback mfd: max77620: Fix refcount leak in max77620_initialise_fps iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop s390/zcore: fix race when reading from hardware system area ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() fuse: Remove the control interface for virtio-fs ASoC: audio-graph-card: Add of_node_put() in fail path watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() video: fbdev: amba-clcd: Fix refcount leak bugs video: fbdev: sis: fix typos in SiS_GetModeID() powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address perf symbol: Fail to read phdr workaround kprobes: Forbid probing on trampoline and BPF code areas powerpc/pci: Fix PHB numbering when using opal-phbid genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO scripts/faddr2line: Fix vmlinux detection on arm64 x86/numa: Use cpumask_available instead of hardcoded NULL check video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() tools/thermal: Fix possible path truncations video: fbdev: vt8623fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: s3fb: Check the size of screen before memset_io() scsi: zfcp: Fix missing auto port scan and thus missing target ports scsi: qla2xxx: Fix discovery issues in FC-AL topology scsi: qla2xxx: Turn off multi-queue for 8G adapters scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection x86/olpc: fix 'logical not is only applied to the left hand side' spmi: trace: fix stack-out-of-bound access in SPMI tracing functions kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH btrfs: reset block group chunk force if we have to wait ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h ext4: make sure ext4_append() always allocates new block ext4: fix use-after-free in ext4_xattr_set_entry ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix extent status tree race in writeback error recovery path ext4: correct max_inline_xattr_value_size computing ext4: correct the misjudgment in ext4_iget_extra_inode intel_th: pci: Add Raptor Lake-S CPU support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Meteor Lake-P support dm raid: fix address sanitizer warning in raid_resume dm raid: fix address sanitizer warning in raid_status dm thin: fix use-after-free crash in dm_sm_register_threshold_callback dm writecache: set a default MAX_WRITEBACK_JOBS ACPI: CPPC: Do not prevent CPPC from working in the future timekeeping: contribute wall clock to rng on time change firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) net_sched: cls_route: remove from list when handle is 0 btrfs: reject log replay if there is unsupported RO compat flag KVM: Add infrastructure and macro to mark VM as bugged KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() tcp: fix over estimation in sk_forced_mem_schedule() scsi: sg: Allow waiting for commands to complete on removed device Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression net/9p: Initialize the iounit field during fid creation net_sched: cls_route: disallow handle of 0 ALSA: info: Fix llseek return value when using callback rds: add missing barrier to release_refill ata: libata-eh: Add missing command name mmc: pxamci: Fix another error handling path in pxamci_probe() mmc: pxamci: Fix an error handling path in pxamci_probe() btrfs: fix lost error handling when looking up extended ref on log replay tracing: Have filter accept "common_cpu" to be consistent can: ems_usb: fix clang's -Wunaligned-access warning apparmor: fix quiet_denied for file rules apparmor: fix absroot causing audited secids to begin with = apparmor: Fix failed mount permission check error message apparmor: fix aa_label_asxprint return check apparmor: fix overlapping attachment computation apparmor: fix reference count leak in aa_pivotroot() apparmor: Fix memleak in aa_simple_write_to_buffer() Documentation: ACPI: EINJ: Fix obsolete example NFSv4.1: Don't decrease the value of seq_nr_highest_sent NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly NFSv4: Fix races in the legacy idmapper upcall NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4/pnfs: Fix a use-after-free bug in open can: mcp251x: Fix race condition on receive interrupt sunrpc: fix expiry of auth creds SUNRPC: Reinitialise the backchannel request buffers before reuse devlink: Fix use-after-free after a failed reload net: bgmac: Fix a BUG triggered by wrong bytes_compl pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: sunxi: Add I/O bias setting for H6 R-PIO ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool geneve: do not use RT_TOS for IPv6 flowlabel plip: avoid rcu debug splat vsock: Fix memory leak in vsock_connect() vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() dt-bindings: arm: qcom: fix MSM8916 MTP compatibles tools/vm/slabinfo: use alphabetic order when two values are equal tools build: Switch to new openssl API for test-libcrypto NTB: ntb_tool: uninitialized heap data in tool_fn_write() nfp: ethtool: fix the display error of `ethtool -m DEVNAME` xen/xenbus: fix return type in xenbus_file_read() atm: idt77252: fix use-after-free bugs caused by tst_timer dpaa2-eth: trace the allocated address instead of page struct tee: add overflow check in register_shm_helper() nios2: page fault et.al. are *not* restartable syscalls... nios2: don't leave NULLs in sys_call_table[] nios2: traced syscall does need to check the syscall number nios2: fix syscall restart checks nios2: restarts apply only to the first sigframe we build... nios2: add force_successful_syscall_return() iavf: Fix adminq error handling clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks netfilter: nf_tables: really skip inactive sets when allocating name powerpc/pci: Fix get_phb_number() locking net: dsa: mv88e6060: prevent crash on an unused port net: moxa: pass pdev instead of ndev to DMA functions net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry ice: Ignore EEXIST when setting promisc mode i40e: Fix to stop tx_timeout recovery if GLOBR fails fec: Fix timer capture timing in `fec_ptp_enable_pps()` igb: Add lock to avoid data race gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file locking/atomic: Make test_and_*_bit() ordered on failure drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() PCI: Add ACS quirk for Broadcom BCM5750x NICs usb: cdns3 fix use-after-free at workaround 2 usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info irqchip/tegra: Fix overflow implicit truncation warnings drm/meson: Fix overflow implicit truncation warnings usb: host: ohci-ppc-of: Fix refcount leak bug usb: renesas: Fix refcount leak bug vboxguest: Do not use devm for irq clk: qcom: ipq8074: dont disable gcc_sleep_clk_src scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input gadgetfs: ep_io - wait until IRQ finishes cxl: Fix a memory leak in an error handling path PCI/ACPI: Guard ARM64-specific mcfg_quirks um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups selftests/kprobe: Do not test for GRP/ without event failures dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown drivers:md:fix a potential use-after-free bug ext4: avoid remove directory when directory is corrupted ext4: avoid resizing to a partial cluster size lib/list_debug.c: Detect uninitialized lists tty: serial: Fix refcount leak bug in ucc_uart.c vfio: Clear the caps->buf to NULL after free mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start riscv: mmap with PROT_WRITE but no PROT_READ is invalid RISC-V: Add fast call path of crash_kexec() watchdog: export lockup_detector_reconfigure powerpc/32: Don't always pass -mcpu=powerpc to the compiler ALSA: core: Add async signal helpers ALSA: timer: Use deferred fasync helper f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() smb3: check xattr value length earlier powerpc/64: Init jump labels before parse_early_param() video: fbdev: i740fb: Check the argument of i740_calc_vclk() MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 tracing/probes: Have kprobes and uprobes use $COMM too can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() can: j1939: j1939_session_destroy(): fix memory leak of skbs btrfs: only write the sectors in the vertical stripe which has data stripes btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() Linux 5.4.211 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I509fd58b7896bfeaa41497f558a2bfc079e46656 |
||
|
Xiu Jianfeng
|
7db182a2eb |
apparmor: Fix memleak in aa_simple_write_to_buffer()
commit 417ea9fe972d2654a268ad66e89c8fcae67017c3 upstream.
When copy_from_user failed, the memory is freed by kvfree. however the
management struct and data blob are allocated independently, so only
kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to
fix this issue.
Fixes:
|
||
Xin Xiong
|
ef6fb6f0d0 |
apparmor: fix reference count leak in aa_pivotroot()
commit 11c3627ec6b56c1525013f336f41b79a983b4d46 upstream.
The aa_pivotroot() function has a reference counting bug in a specific
path. When aa_replace_current_label() returns on success, the function
forgets to decrement the reference count of “target”, which is
increased earlier by build_pivotroot(), causing a reference leak.
Fix it by decreasing the refcount of “target” in that path.
Fixes:
|
||
|
John Johansen
|
7f6092dc8f |
apparmor: fix overlapping attachment computation
commit 2504db207146543736e877241f3b3de005cbe056 upstream.
When finding the profile via patterned attachments, the longest left
match is being set to the static compile time value and not using the
runtime computed value.
Fix this by setting the candidate value to the greater of the
precomputed value or runtime computed value.
Fixes:
|
||
Tom Rix
|
98ab8dfa04 |
apparmor: fix aa_label_asxprint return check
commit 3e2a3a0830a2090e766d0d887d52c67de2a6f323 upstream.
Clang static analysis reports this issue
label.c:1802:3: warning: 2nd function call argument
is an uninitialized value
pr_info("%s", str);
^~~~~~~~~~~~~~~~~~
str is set from a successful call to aa_label_asxprint(&str, ...)
On failure a negative value is returned, not a -1. So change
the check.
Fixes:
|
||
|
John Johansen
|
1b4c44823a |
apparmor: Fix failed mount permission check error message
commit ec240b5905bbb09a03dccffee03062cf39e38dc2 upstream.
When the mount check fails due to a permission check failure instead
of explicitly at one of the subcomponent checks, AppArmor is reporting
a failure in the flags match. However this is not true and AppArmor
can not attribute the error at this point to any particular component,
and should only indicate the mount failed due to missing permissions.
Fixes:
|
||
|
John Johansen
|
825b0f6bb0 |
apparmor: fix absroot causing audited secids to begin with =
commit 511f7b5b835726e844a5fc7444c18e4b8672edfd upstream.
AppArmor is prefixing secids that are converted to secctx with the =
to indicate the secctx should only be parsed from an absolute root
POV. This allows catching errors where secctx are reparsed back into
internal labels.
Unfortunately because audit is using secid to secctx conversion this
means that subject and object labels can result in a very unfortunate
== that can break audit parsing.
eg. the subj==unconfined term in the below audit message
type=USER_LOGIN msg=audit(1639443365.233:160): pid=1633 uid=0 auid=1000
ses=3 subj==unconfined msg='op=login id=1000 exe="/usr/sbin/sshd"
hostname=192.168.122.1 addr=192.168.122.1 terminal=/dev/pts/1 res=success'
Fix this by switch the prepending of = to a _. This still works as a
special character to flag this case without breaking audit. Also move
this check behind debug as it should not be needed during normal
operqation.
Fixes:
|
||
|
John Johansen
|
dd78c35a27 |
apparmor: fix quiet_denied for file rules
commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream.
Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.
Fixes:
|
||
|
Xiu Jianfeng
|
90bdf50ae7 |
selinux: Add boundary check in put_entry()
[ Upstream commit 15ec76fb29be31df2bccb30fc09875274cba2776 ] Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Srinivasarao Pathipati
|
630e7df8c5 |
Merge android11-5.4.197+ (3970bc6) into msm-5.4
* refs/heads/tmp-3970bc6:
UPSTREAM: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls
ANDROID: abi_gki_aarch64_qcom: Add vmemdup_user to qcom symbol list
ANDROID: GKI: update Sony KMI symbol list
UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
BACKPORT: mm: do_wp_page() simplification
UPSTREAM: mm/ksm: Remove reuse_ksm_page()
BACKPORT: ALSA: pcm: Fix races among concurrent prealloc proc writes
BACKPORT: ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
BACKPORT: ALSA: pcm: Fix races among concurrent read/write and buffer changes
ANDROID: Fix up abi issue with struct snd_pcm_runtime
BACKPORT: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
BACKPORT: nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
Linux 5.4.197
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
NFSD: Fix possible sleep during nfsd4_release_lockowner()
NFS: Memory allocation failures are not server fatal errors
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
HID: multitouch: Add support for Google Whiskers Touchpad
raid5: introduce MD_BROKEN
dm verity: set DM_TARGET_IMMUTABLE feature flag
dm stats: add cond_resched when looping over entries
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
zsmalloc: fix races between asynchronous zspage free and page migration
crypto: ecrdsa - Fix incorrect use of vli_cmp
netfilter: conntrack: re-fetch conntrack after insertion
exec: Force single empty string when argv is empty
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
cfg80211: set custom regdomain after wiphy registration
assoc_array: Fix BUG_ON during garbage collect
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
net: af_key: check encryption module availability consistency
pinctrl: sunxi: fix f1c100s uart2 function
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
media: vim2m: initialize the media device earlier
media: vim2m: Register video device after setting up internals
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: change source port randomizarion at connect() time
Input: goodix - fix spurious key release events
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
lockdown: also lock down previous kgdb use
Linux 5.4.196
afs: Fix afs_getattr() to refetch file status if callback break occurred
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
x86/xen: fix booting 32-bit pv guest
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
firmware_loader: use kernel credentials when reading firmware
net: stmmac: disable Split Header (SPH) for Intel platforms
block: return ELEVATOR_DISCARD_MERGE if possible
Input: ili210x - fix reset timing
net: atlantic: verify hw_head_ lies within TX buffer ring
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
selftests: add ping test with ping_group_range tuned
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
net: af_key: add check for pfkey_broadcast in function pfkey_process
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
ice: fix possible under reporting of ethtool Tx and Rx statistics
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net/sched: act_pedit: sanitize shift argument before usage
net: macb: Increment rx bd head after allocating skb and buffer
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
KVM: x86/mmu: Update number of zapped pages even if page list is stable
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
Fix double fget() in vhost_net_set_backend()
perf: Fix sys_perf_event_open() race against self
ALSA: wavefront: Proper check of get_user() error
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
SUNRPC: Don't call connect() more than once on a TCP socket
SUNRPC: Prevent immediate close+reconnect
SUNRPC: Clean up scheduling of autoclose
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
nvme-multipath: fix hang when disk goes live over reconnect
ALSA: hda/realtek: Enable headset mic on Lenovo P360
crypto: x86/chacha20 - Avoid spurious jumps to other functions
crypto: stm32 - fix reference leak in stm32_crc_remove
Input: stmfts - fix reference leak in stmfts_input_open
Input: add bounds checking to input_set_capability()
um: Cleanup syscall_handler_t definition/cast, fix warning
rtc: fix use-after-free on device removal
x86/xen: Make the secondary CPU idle tasks reliable
x86/xen: Make the boot CPU idle task reliable
floppy: use a statically allocated error counter
ANDROID: fix up abi issue with struct snd_pcm_runtime
Linux 5.4.195
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
ping: fix address binding wrt vrf
arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
net: phy: Fix race condition on link status change
MIPS: fix build with gcc-12
drm/vmwgfx: Initialize drm_mode_fb_cmd2
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
i40e: i40e_main: fix a missing check on list iterator
drm/nouveau/tegra: Stop using iommu_present()
serial: 8250_mtk: Fix register address for XON/XOFF character
serial: 8250_mtk: Fix UART_EFR register address
slimbus: qcom: Fix IRQ check in qcom_slim_probe
USB: serial: option: add Fibocom MA510 modem
USB: serial: option: add Fibocom L610 modem
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: pl2303: add device id for HP LM930 Display
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: cdc-wdm: fix reading stuck on device close
tty: n_gsm: fix mux activation issues in gsm_config()
tcp: resalt the secret every 10 seconds
net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
s390: disable -Warray-bounds
ASoC: ops: Validate input values in snd_soc_put_volsw_range()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: max98090: Reject invalid values in custom control put()
hwmon: (f71882fg) Fix negative temperature
gfs2: Fix filesystem block deallocation for short writes
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net/sched: act_pedit: really ensure the skb is writable
s390/lcs: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/ctcm: fix variable dereferenced before check
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
dim: initialize all struct fields
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
netlink: do not reset transport header in netlink_recvmsg()
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
ipv4: drop dst in multicast routing path
net: Fix features skip in for_each_netdev_feature()
mac80211: Reset MBSSID parameters upon connection
hwmon: (tmp401) Add OF device ID table
batman-adv: Don't skb_split skbuffs with frag_list
Linux 5.4.194
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: fix missing cache flush for all tail pages of compound page
Bluetooth: Fix the creation of hdev->name
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
x86: kprobes: Prohibit probing on instruction which has emulate prefix
x86: xen: insn: Decode Xen and KVM emulate-prefix signature
x86: xen: kvm: Gather the definition of emulate prefixes
x86/asm: Allow to pass macros to __ASM_FORM()
KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL
can: grcan: only use the NAPI poll budget for RX
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
nfp: bpf: silence bitwise vs. logical OR warning
drm/i915: Cast remain to unsigned long in eb_relocate_vma
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
MIPS: Use address-of operator on section symbols
ANDROID: GKI: update the abi .xml file
Revert "tcp: ensure to use the most recently sent skb when filling the rate sample"
Linux 5.4.193
mmc: rtsx: add 74 Clocks in power on flow
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Clear all MSIs at setup
dm: interlock pending dm_io and dm_wait_for_bios_completion
dm: fix mempool NULL pointer race when completing IO
tcp: make sure treq->af_specific is initialized
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
mm: fix unexpected zeroed page mapping with zram swap
block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
net: ipv6: ensure we call ipv6_mc_down() at most once
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
NFSv4: Don't invalidate inode attributes on delegation return
drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
btrfs: always log symlinks in full mode
smsc911x: allow using IRQ0
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
net: emaclite: Add error handling for of_address_to_resource()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
RDMA/siw: Fix a condition race issue in MPA request processing
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
hwmon: (adt7470) Fix warning on module removal
NFC: netlink: fix sleep in atomic bug when firmware download timeout
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
nfc: replace improper check device_is_registered() in netlink related functions
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_close(): fix deadlock
s390/dasd: Fix read inconsistency for ESE DASD devices
s390/dasd: Fix read for ESE with blksize < 4k
s390/dasd: prevent double format of tracks for ESE devices
s390/dasd: fix data corruption for ESE devices
ASoC: meson: Fix event generation for G12A tohdmi mux
ASoC: wm8958: Fix change notifications for DSP controls
ASoC: da7219: Fix change notifications for tone generator frequency
genirq: Synchronize interrupt thread startup
ACPICA: Always create namespace nodes using acpi_ns_create_node()
firewire: core: extend card->lock in fw_core_handle_bus_reset
firewire: remove check of list iterator against head past the loop body
firewire: fix potential uaf in outbound_phy_packet_callback()
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
parisc: Merge model and model name into one line in /proc/cpuinfo
MIPS: Fix CP0 counter erratum detection for R4k CPUs
Linux 5.4.192
mm, hugetlb: allow for "high" userspace addresses
hugetlbfs: get unmapped area below TASK_UNMAPPED_BASE for hugetlbfs
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix insufficient txframe size
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix malformed counter for out of frame data
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
x86/cpu: Load microcode during restore_processor_state()
net: ethernet: stmmac: fix write to sgmii_adapter_base
drivers: net: hippi: Fix deadlock in rr_close()
cifs: destage any unwritten data to the server before calling copychunk_write
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ASoC: wm8731: Disable the regulator when probing fails
tcp: fix F-RTO may not work correctly when receiving DSACK
ixgbe: ensure IPsec VF<->PF compatibility
bnx2x: fix napi API usage sequence
tls: Skip tls_append_frag on zero copy size
drm/amd/display: Fix memory leak in dcn21_clock_source_create
net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
net: bcmgenet: hide status block before TX timestamping
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
ip_gre: Make o_seqno start from 0 in native mode
net/smc: sync err code when tcp connection was refused
net: hns3: add validity check for message data length
cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
pinctrl: pistachio: fix use of irq_of_parse_and_map()
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
ARM: dts: imx6ull-colibri: fix vqmmc regulator
sctp: check asoc strreset_chunk in sctp_generate_reconf_event
tcp: ensure to use the most recently sent skb when filling the rate sample
tcp: md5: incorrect tcp_header_len for incoming connections
bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
mtd: rawnand: Fix return value check of wait_for_completion_timeout
ipvs: correctly print the memory size of ip_vs_conn_tab
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ARM: dts: am3517-evm: Fix misc pinmuxing
ARM: dts: Fix mmc order for omap3-gta04
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
USB: Fix xhci event ring dequeue pointer ERDP update issue
mtd: rawnand: fix ecc parameters for mt7622
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
video: fbdev: udlfb: properly check endpoint type
hex2bin: fix access beyond string end
hex2bin: make the function hex_to_bin constant-time
arch_topology: Do not set llc_sibling if llc_id is invalid
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
serial: 8250: Also set sticky MCR bits in console restoration
serial: imx: fix overrun interrupts in DMA mode
usb: dwc3: gadget: Return proper request status
usb: dwc3: core: Fix tx/rx threshold settings
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: typec: ucsi: Fix role swapping
usb: misc: fix improper handling of refcount in uss720_probe()
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: dac: ad5446: Fix read_raw not returning set value
iio: dac: ad5592r: Fix the missing return value.
xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
xhci: stop polling roothubs after shutdown
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
USB: quirks: add STRING quirk for VCOM device
USB: quirks: add a Realtek card reader
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
lightnvm: disable the subsystem
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
floppy: disable FDRAWCMD by default
Conflicts:
drivers/usb/dwc3/gadget.c
include/linux/dma-mapping.h
include/linux/stmmac.h
mm/memory.c
Change-Id: I3bf49e11ae4aeaf1db353efbdfee950cd12de8cf
Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
|
||
|
Greg Kroah-Hartman
|
b1e3be07f2 |
This is the 5.4.208 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLj+VAACgkQONu9yGCS
aT4kpQ//YdoyxUW1lOvPk9PIRm67ZADUXUwKKTTTO9hvOt886YkOaYghZj+nfTQ/
SKsEFCh+jKRSG2bvnwUBh/sTTBBwUZeMpvfZZl2polhQT6JhJbBOt9+P/5enXN1O
9grqt2i2QWA4+l52vnDAA7v5UD+td310GiyKmxiKqzAGaVte29kNLPwujZJM7J+Y
8PUMI9gGEI8skCtjz7VsSIdvqB+p4B67iNnrDRKubOVUlXdr9f8xKj02DbiQxcnR
TWc1+h7GIjD/Uibsne+pxAi90/V9A3RsNviZ7U3Igf3kCQ+HS7RH4hcSlU0v6GKy
HDQrr/BHhGtPFtVCR0HJLbHVYmp/J+7H8V7LFY2mTd0lfkT1q58NRfUuGgRmDETI
Ug3Dx8uxtUHgBPD1hsbyoSo0nYnleoCQZV+DFWTOF26nb1/85fyC+16U6uvagNw5
Cdpt8ZVW9/qD8WnxnOuP6yvqw4MFZ0pFyhdQxxsyZpBj2sp5gLz6wRKLgUJX3a8q
hrbWuR17cg+EA86EKZHxa5y4Wzv02FvljfTD60KvXqY67L4iPzrZWDV+ql9FVm/0
wEYTLCjfDgDG9iY1e7Ns8ajD6KsBGfs0zO0vUFU4/LmX+EsJzJhfJ3c3zJhwrnDA
ys2N1tvuSoef/4+JKhVfuxuGGl+mFdT+2yzKYCv3g16sX1OVcbA=
=UvEH
-----END PGP SIGNATURE-----
Merge 5.4.208 into android11-5.4-lts
Changes in 5.4.208
pinctrl: stm32: fix optional IRQ support to gpios
riscv: add as-options for modules with assembly compontents
mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
lockdown: Fix kexec lockdown bypass with ima policy
xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
PCI: hv: Fix multi-MSI to allow more than one MSI vector
PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
PCI: hv: Fix interrupt mapping for multi-MSI
serial: mvebu-uart: correctly report configured baudrate value
xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
pinctrl: ralink: Check for null return of devm_kcalloc
perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
igc: Reinstate IGC_REMOVED logic and implement it properly
ip: Fix data-races around sysctl_ip_no_pmtu_disc.
ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
ip: Fix data-races around sysctl_ip_nonlocal_bind.
ip: Fix a data-race around sysctl_fwmark_reflect.
tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
tcp: Fix data-races around sysctl_tcp_mtu_probing.
tcp: Fix data-races around sysctl_tcp_base_mss.
tcp: Fix data-races around sysctl_tcp_min_snd_mss.
tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
tcp: Fix a data-race around sysctl_tcp_probe_threshold.
tcp: Fix a data-race around sysctl_tcp_probe_interval.
i2c: cadence: Change large transfer count reset logic to be unconditional
net: stmmac: fix dma queue left shift overflow issue
net/tls: Fix race in TLS device down flow
igmp: Fix data-races around sysctl_igmp_llm_reports.
igmp: Fix a data-race around sysctl_igmp_max_memberships.
tcp: Fix data-races around sysctl_tcp_syncookies.
tcp: Fix data-races around sysctl_tcp_reordering.
tcp: Fix data-races around some timeout sysctl knobs.
tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
tcp: Fix a data-race around sysctl_tcp_tw_reuse.
tcp: Fix data-races around sysctl_max_syn_backlog.
tcp: Fix data-races around sysctl_tcp_fastopen.
iavf: Fix handling of dummy receive descriptors
i40e: Fix erroneous adapter reinitialization during recovery process
ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
gpio: pca953x: only use single read/write for No AI mode
be2net: Fix buffer overflow in be_get_module_eeprom
ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
udp: Fix a data-race around sysctl_udp_l3mdev_accept.
tcp: Fix data-races around sysctl knobs related to SYN option.
tcp: Fix a data-race around sysctl_tcp_early_retrans.
tcp: Fix data-races around sysctl_tcp_recovery.
tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
tcp: Fix a data-race around sysctl_tcp_stdurg.
tcp: Fix a data-race around sysctl_tcp_rfc1337.
tcp: Fix data-races around sysctl_tcp_max_reordering.
spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
bpf: Make sure mac_header was set before using it
dlm: fix pending remove if msg allocation fails
ima: remove the IMA_TEMPLATE Kconfig option
locking/refcount: Define constants for saturation and max refcount values
locking/refcount: Ensure integer operands are treated as signed
locking/refcount: Remove unused refcount_*_checked() variants
locking/refcount: Move the bulk of the REFCOUNT_FULL implementation into the <linux/refcount.h> header
locking/refcount: Improve performance of generic REFCOUNT_FULL code
locking/refcount: Move saturation warnings out of line
locking/refcount: Consolidate REFCOUNT_{MAX,SATURATED} definitions
locking/refcount: Consolidate implementations of refcount_t
x86: get rid of small constant size cases in raw_copy_{to,from}_user()
x86/uaccess: Implement macros for CMPXCHG on user addresses
mmap locking API: initial implementation as rwsem wrappers
x86/mce: Deduplicate exception handling
bitfield.h: Fix "type of reg too small for mask" test
ALSA: memalloc: Align buffer allocations in page size
Bluetooth: Add bt_skb_sendmsg helper
Bluetooth: Add bt_skb_sendmmsg helper
Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
Bluetooth: Fix passing NULL to PTR_ERR
Bluetooth: SCO: Fix sco_send_frame returning skb->len
Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
tty: drivers/tty/, stop using tty_schedule_flip()
tty: the rest, stop using tty_schedule_flip()
tty: drop tty_schedule_flip()
tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
net: usb: ax88179_178a needs FLAG_SEND_ZLP
x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
Linux 5.4.208
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia53caf9bc847b0bb332a5b14972142d46ae5a740
|
||
|
GUO Zihua
|
3f71d0e292 |
ima: remove the IMA_TEMPLATE Kconfig option
[ Upstream commit 891163adf180bc369b2f11c9dfce6d2758d2a5bd ]
The original 'ima' measurement list template contains a hash, defined
as 20 bytes, and a null terminated pathname, limited to 255
characters. Other measurement list templates permit both larger hashes
and longer pathnames. When the "ima" template is configured as the
default, a new measurement list template (ima_template=) must be
specified before specifying a larger hash algorithm (ima_hash=) on the
boot command line.
To avoid this boot command line ordering issue, remove the legacy "ima"
template configuration option, allowing it to still be specified on the
boot command line.
The root cause of this issue is that during the processing of ima_hash,
we would try to check whether the hash algorithm is compatible with the
template. If the template is not set at the moment we do the check, we
check the algorithm against the configured default template. If the
default template is "ima", then we reject any hash algorithm other than
sha1 and md5.
For example, if the compiled default template is "ima", and the default
algorithm is sha1 (which is the current default). In the cmdline, we put
in "ima_hash=sha256 ima_template=ima-ng". The expected behavior would be
that ima starts with ima-ng as the template and sha256 as the hash
algorithm. However, during the processing of "ima_hash=",
"ima_template=" has not been processed yet, and hash_setup would check
the configured hash algorithm against the compiled default: ima, and
reject sha256. So at the end, the hash algorithm that is actually used
will be sha1.
With template "ima" removed from the configured default, we ensure that
the default tempalte would at least be "ima-ng" which allows for
basically any hash algorithm.
This change would not break the algorithm compatibility checks for IMA.
Fixes:
|
||
Eric Snowberg
|
ed3fea5506 |
lockdown: Fix kexec lockdown bypass with ima policy
commit 543ce63b664e2c2f9533d089a4664b559c3e6b5b upstream.
The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
This LSM may also be used on machines without UEFI. It can also be
enabled when UEFI Secure Boot is disabled. One of lockdown's features
is to prevent kexec from loading untrusted kernels. Lockdown can be
enabled through a bootparam or after the kernel has booted through
securityfs.
If IMA appraisal is used with the "ima_appraise=log" boot param,
lockdown can be defeated with kexec on any machine when Secure Boot is
disabled or unavailable. IMA prevents setting "ima_appraise=log" from
the boot param when Secure Boot is enabled, but this does not cover
cases where lockdown is used without Secure Boot.
To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
the kernel command line; then:
$ echo "integrity" > /sys/kernel/security/lockdown
$ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
/sys/kernel/security/ima/policy
$ kexec -ls unsigned-kernel
Add a call to verify ima appraisal is set to "enforce" whenever lockdown
is enabled. This fixes CVE-2022-21505.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
836d95bfdc |
This is the 5.4.207 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLZohoACgkQONu9yGCS aT4D3RAA1Je6ingEk1e/IMmfWhNu/0AOrULMbrNBdM/WDOlIQLNBchhMa81UXEh7 OJzt+NyBcuV4x5UdXj1fK3erJXA7tKM3s7BGY7OcXPDMpZjf9uOUV2Tg1Jw1jDbW TV7lnWv1YA7ze3eOx6qoR9sNPh4kYiW5DG2ivY8JMblKEz5EPCdvyPSSW+s8kmpg ZdyJ0pa3fnS0Di421DzJ+7R1U2t4C1eAz1FkngAyPM47GzwJoJxgcP4Q8syBmwGY qylUnrLTBMRtpngayaP15tQtYckGTbsnTUNCTjoW7BhbABkWysc2aVnCYZDLqBck C4XjEfBMLByICokuab0ewrzeVzvvHaY31hnhf33hYn6pgIoS5oy4T3mN7T8yEJz9 zsr+unBioZFiIOqiVgu5A2Rwn3+1x8qOmLZ/x35jqZQCmh0ndlmHUhkdjl3y/68S XWvP4zpYBAR7QlW3WsGtFeI9Kbeh6y2tH0J79N5CjctAZFAvUaZd3cSfh3Vck02/ 7Wo9vs5zV8ZvRkdRWEawkrfe/PUImnDmvkv56nTH79bI7qIlpOU6kS6gy0sDzdGl YRKv4+jwE9/hJAcWW5S/U3wbfZMxMA6wdt8QcWsn0pXs1WFUQgWeNuyO2HNodff3 jlp25lEi3C3NSUycmm9IjuG2241hPDYnhqeX0Q4B5ciPHCD4w3o= =KtMr -----END PGP SIGNATURE----- Merge 5.4.207 into android11-5.4-lts Changes in 5.4.207 ALSA: hda - Add fixup for Dell Latitidue E5430 ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue tracing/histograms: Fix memory leak problem net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer ip: fix dflt addr selection for connected nexthop ARM: 9213/1: Print message about disabled Spectre workarounds only once ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction wifi: mac80211: fix queue selection for mesh/OCB interfaces cgroup: Use separate src/dst nodes when preloading css_sets for migration drm/panfrost: Fix shrinker list corruption by madvise IOCTL nilfs2: fix incorrect masking of permission flags for symlinks Revert "evm: Fix memleak in init_desc" sched/rt: Disable RT_RUNTIME_SHARE by default ext4: fix race condition between ext4_write and ext4_convert_inline_data ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle ARM: 9210/1: Mark the FDT_FIXED sections as shareable drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() ima: Fix a potential integer overflow in ima_appraise_measurement ASoC: sgtl5000: Fix noise on shutdown/remove net: stmmac: dwc-qos: Disable split header for Tegra194 inetpeer: Fix data-races around sysctl. net: Fix data-races around sysctl_mem. cipso: Fix data-races around sysctl. icmp: Fix data-races around sysctl. ipv4: Fix a data-race around sysctl_fib_sync_mem. ARM: dts: at91: sama5d2: Fix typo in i2s1 node ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero drm/i915/gt: Serialize TLB invalidates with GT resets icmp: Fix a data-race around sysctl_icmp_ratelimit. icmp: Fix a data-race around sysctl_icmp_ratemask. raw: Fix a data-race around sysctl_raw_l3mdev_accept. ipv4: Fix data-races around sysctl_ip_dynaddr. net: ftgmac100: Hold reference returned by of_get_child_by_name() sfc: fix use after free when disabling sriov seg6: fix skb checksum evaluation in SRH encapsulation/insertion seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors seg6: bpf: fix skb checksum in bpf_push_seg6_encap() sfc: fix kernel panic when creating VF mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE virtio_mmio: Add missing PM calls to freeze/restore virtio_mmio: Restore guest page size on resume netfilter: br_netfilter: do not skip all hooks with 0 priority cpufreq: pmac32-cpufreq: Fix refcount leak bug platform/x86: hp-wmi: Ignore Sanitization Mode event net: tipc: fix possible refcount leak in tipc_sk_create() NFC: nxp-nci: don't print header length mismatch on i2c error nvme: fix regression when disconnect a recovering ctrl net: sfp: fix memory leak in sfp_probe() ASoC: ops: Fix off by one in range control validation ASoC: wm5110: Fix DRE control ASoC: cs47l15: Fix event generation for low power mux control ASoC: madera: Fix event generation for OUT1 demux ASoC: madera: Fix event generation for rate controls irqchip: or1k-pic: Undefine mask_ack for level triggered hardware x86: Clear .brk area at early boot soc: ixp4xx/npe: Fix unused match warning ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 signal handling: don't use BUG_ON() for debugging USB: serial: ftdi_sio: add Belimo device ids usb: typec: add missing uevent when partner support PD usb: dwc3: gadget: Fix event pending check tty: serial: samsung_tty: set dma burst_size to 1 serial: 8250: fix return error code in serial8250_request_std_resource() serial: stm32: Clear prev values before setting RTS delays serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle can: m_can: m_can_tx_handler(): fix use after free of skb Linux 5.4.207 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ica75b787bd813b75db73739df2a831dbb4958668 |
||
|
Huaxin Lu
|
388f3df7c3 |
ima: Fix a potential integer overflow in ima_appraise_measurement
[ Upstream commit d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999 ]
When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be
negative, which may cause the integer overflow problem.
Fixes:
|
||
|
Xiu Jianfeng
|
31e99fa969 |
Revert "evm: Fix memleak in init_desc"
commit 51dd64bb99e4478fc5280171acd8e1b529eadaf7 upstream.
This reverts commit ccf11dbaa07b328fa469415c362d33459c140a37.
Commit ccf11dbaa07b ("evm: Fix memleak in init_desc") said there is
memleak in init_desc. That may be incorrect, as we can see, tmp_tfm is
saved in one of the two global variables hmac_tfm or evm_tfm[hash_algo],
then if init_desc is called next time, there is no need to alloc tfm
again, so in the error path of kmalloc desc or crypto_shash_init(desc),
It is not a problem without freeing tmp_tfm.
And also that commit did not reset the global variable to NULL after
freeing tmp_tfm and this makes *tfm a dangling pointer which may cause a
UAF issue.
Reported-by: Guozihua (Scott) <guozihua@huawei.com>
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
a778a36923 |
This is the 5.4.198 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKos2QACgkQONu9yGCS
aT4QYQ//WQD/rHjO021lbo/z4eZbWUxjDiQNisJQY4MTCnIJgPYROJ6YLBLL2+of
VwDdZ0yQNpf3hBA3qgTZ8RgaBinVf+WNAk37Ap/3VFXTExxgyGCx7p/PG+Jx9Jk4
qd9YPHZCu8g9rQjJoex95fd8Fedu47tzBSd88MoAKiLz90JsNbYUZb+gqdRrLAYc
6krd7zm7T8Grk31xUWOl/tlUSxveuUuz6QQr5mwPmSyspz4gQXsBlrKSrNSWmk0o
qtqgqUCypvpKTF7RYiEoS3F8wy4XvWpGsET+W79SJ84inVx3EMsZKXB9GsWVZZgI
fm3eFjn10NcgA+lvc7TJpwKg0f5g8uHW/06FcfYwgBhbI+otCFDLQkkHtViN0wY2
gks3PLPsYJdAZTlwIvjNY0XY7wRqjS7Ta1pf+d1po1EndEFAyH76KJaIGCzdVKb4
OeSEy4Xw8HxmuCO+mrUtRVRqV3Y7x88GuJC359iDKYdDpc+Z21FcvaVcgrR5cy2V
A7ICKIfNyArgNmWnXQ6UBXqS1rDcoyfJe+0CYyRRdgDO/ON48Mx8FIW9YJrSrMeS
XEx6cw6VKZ7hE1G71us/ITOOeUlHO93V7Ju+oOcx9Fgew8TZ0mdNMliOFUFaNWPb
iAG+zZD0jwP5iyx0KFfOJyyuoovEtjBh9ZgVIF5BP3Ry1xRHuHY=
=oE7B
-----END PGP SIGNATURE-----
Merge 5.4.198 into android11-5.4-lts
Changes in 5.4.198
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
USB: serial: option: add Quectel BG95 modem
USB: new quirk for Dell Gen 2 devices
usb: core: hcd: Add support for deferring roothub registration
perf/x86/intel: Fix event constraints for ICL
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
btrfs: add "0x" prefix for unsupported optional features
btrfs: repair super block num_devices automatically
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
b43legacy: Fix assigning negative value to unsigned variable
b43: Fix assigning negative value to unsigned variable
ipw2x00: Fix potential NULL dereference in libipw_xmit()
ipv6: fix locking issues with loops over idev->addr_list
fbcon: Consistently protect deferred_takeover with console_lock()
ACPICA: Avoid cache flush inside virtual machines
drm/komeda: return early if drm_universal_plane_init() fails.
ALSA: jack: Access input_dev under mutex
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
tools/power turbostat: fix ICX DRAM power numbers
drm/amd/pm: fix double free in si_parse_power_table()
ath9k: fix QCA9561 PA bias level
media: venus: hfi: avoid null dereference in deinit
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: cx25821: Fix the warning when removing the module
md/bitmap: don't set sb values if can't pass sanity check
mmc: jz4740: Apply DMA engine limits to maximum segment size
scsi: megaraid: Fix error check return value of register_chrdev()
drm/plane: Move range check for format_count earlier
drm/amd/pm: fix the compile warning
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
drm: msm: fix error check return value of irq_of_parse_and_map()
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
net/mlx5: fs, delete the FTE when there are no rules attached to it
ASoC: dapm: Don't fold register value changes into notifications
mlxsw: spectrum_dcb: Do not warn about priority changes
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
ipmi:ssif: Check for NULL msg when handling events and messages
ipmi: Fix pr_fmt to avoid compilation issues
rtlwifi: Use pr_warn instead of WARN_ONCE
media: coda: limit frame interval enumeration to supported encoder frame sizes
media: cec-adap.c: fix is_configuring state
openrisc: start CPU timer early in boot
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
ASoC: rt5645: Fix errorenous cleanup order
nbd: Fix hung on disconnect request if socket is closed before
net: phy: micrel: Allow probing without .driver_data
media: exynos4-is: Fix compile warning
ASoC: max98357a: remove dependency on GPIOLIB
hwmon: Make chip parameter for with_info API mandatory
rxrpc: Return an error to sendmsg if call failed
eth: tg3: silence the GCC 12 array-bounds warning
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
IB/rdmavt: add missing locks in rvt_ruc_loopback
ARM: dts: ox820: align interrupt controller node name with dtschema
PM / devfreq: rk3399_dmc: Disable edev on remove()
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
powerpc/fadump: Fix fadump to work with a different endian capture kernel
fat: add ratelimit to fat*_ent_bread()
ARM: versatile: Add missing of_node_put in dcscb_init
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: hisi: Add missing of_node_put after of_find_compatible_node
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
powerpc/xics: fix refcount leak in icp_opal_init()
powerpc/powernv: fix missing of_node_put in uv_init()
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
RDMA/hfi1: Prevent panic when SDMA is disabled
drm: fix EDID struct for old ARM OABI format
ath9k: fix ar9003_get_eepmisc
drm/edid: fix invalid EDID extension block filtering
drm/bridge: adv7511: clean up CEC adapter when probe fails
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
x86/delay: Fix the wrong asm constraint in delay_loop()
drm/mediatek: Fix mtk_cec_mask()
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/vc4: txp: Force alpha to be 0xff if it's disabled
bpf: Fix excessive memory allocation in stack_map_alloc()
nl80211: show SSID for P2P_GO interfaces
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
drm: mali-dp: potential dereference of null pointer
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
NFC: NULL out the dev->rfkill to prevent UAF
efi: Add missing prototype for efi_capsule_setup_info
drbd: fix duplicate array initializer
HID: hid-led: fix maximum brightness for Dream Cheeky
HID: elan: Fix potential double free in elan_input_configured
drm/bridge: Fix error handling in analogix_dp_probe
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
spi: img-spfi: Fix pm_runtime_get_sync() error checking
cpufreq: Fix possible race in cpufreq online error path
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
inotify: show inotify mask flags in proc fdinfo
fsnotify: fix wrong lockdep annotations
of: overlay: do not break notify on NOTIFY_{OK|STOP}
scsi: ufs: core: Exclude UECxx from SFR dump list
x86/pm: Fix false positive kmemleak report in msr_build_context()
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
ASoC: rk3328: fix disabling mclk on pclk probe failure
perf tools: Add missing headers needed by util/data.h
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
virtio_blk: fix the discard_granularity and discard_alignment queue limits
x86: Fix return value of __setup handlers
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
media: uvcvideo: Fix missing check to determine if element is found in list
iomap: iomap_write_failed fix
Revert "cpufreq: Fix possible race in cpufreq online error path"
perf/amd/ibs: Use interrupt regs ip for stack unwinding
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
scripts/faddr2line: Fix overlapping text section failures
media: aspeed: Fix an error handling path in aspeed_video_probe()
media: st-delta: Fix PM disable depth imbalance in delta_probe
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: vsp1: Fix offset calculation for plane cropping
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
m68k: math-emu: Fix dependencies of math emulation support
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
media: ov7670: remove ov7670_power_off from ov7670_remove
ext4: reject the 'commit' option on ext2 filesystems
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
rxrpc: Fix listen() setting the bar too high for the prealloc rings
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix overlapping ACK accounting
rxrpc: Don't let ack.previousPacket regress
rxrpc: Fix decision on when to generate an IDLE ACK
net/smc: postpone sk_refcnt increment in connect()
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
ARM: dts: suniv: F1C100: fix watchdog compatible
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
PCI: cadence: Fix find_first_zero_bit() limit
PCI: rockchip: Fix find_first_zero_bit() limit
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
can: xilinx_can: mark bit timing constants as const
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
misc: ocxl: fix possible double free in ocxl_file_register_afu
crypto: marvell/cesa - ECB does not IV
arm: mediatek: select arch timer for mt7629
powerpc/fadump: fix PT_LOAD segment for boot memory area
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
nvdimm: Allow overwrite in the presence of disabled dimms
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
drivers/base/node.c: fix compaction sysfs file leak
dax: fix cache flush on PMD-mapped pages
powerpc/8xx: export 'cpm_setbrg' for modules
powerpc/idle: Fix return value of __setup() handler
powerpc/4xx/cpm: Fix return value of __setup() handler
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
PCI: imx6: Fix PERST# start-up sequence
tty: fix deadlock caused by calling printk() under tty_port->lock
crypto: cryptd - Protect per-CPU resource by disabling BH.
Input: sparcspkr - fix refcount leak in bbc_beep_probe
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
powerpc/perf: Fix the threshold compare group constraint for power9
macintosh: via-pmu and via-cuda need RTC_LIB
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
mailbox: forward the hrtimer if not queued and under a lock
RDMA/hfi1: Prevent use of lock before it is initialized
Input: stmfts - do not leave device disabled in stmfts_input_open
f2fs: fix dereference of stale list iterator after loop body
iommu/mediatek: Add list_del in mtk_iommu_remove
i2c: at91: use dma safe buffers
i2c: at91: Initialize dma_buf in at91_twi_xfer()
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
NFS: Do not report flush errors in nfs_write_end()
NFS: Don't report errors from nfs_pageio_complete() more than once
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
dmaengine: stm32-mdma: remove GISR1 register
iommu/amd: Increase timeout waiting for GA log enablement
perf c2c: Use stdio interface if slang is not supported
perf jevents: Fix event syntax error caused by ExtSel
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
f2fs: fix to clear dirty inode in f2fs_evict_inode()
f2fs: fix deadloop in foreground GC
f2fs: don't need inode lock for system hidden quota
f2fs: fix fallocate to use file_modified to update permissions consistently
wifi: mac80211: fix use-after-free in chanctx code
iwlwifi: mvm: fix assert 1F04 upon reconfig
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
bfq: Split shared queues on move between cgroups
bfq: Update cgroup information before merging bio
bfq: Track whether bfq_group is still online
netfilter: nf_tables: disallow non-stateful expression in sets earlier
ext4: fix use-after-free in ext4_rename_dir_prepare
ext4: fix warning in ext4_handle_inode_extension
ext4: fix bug_on in ext4_writepages
ext4: verify dir block before splitting it
ext4: avoid cycles in directory h-tree
ACPI: property: Release subnode properties with data nodes
tracing: Fix potential double free in create_var_ref()
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
PCI: qcom: Fix runtime PM imbalance on probe errors
PCI: qcom: Fix unbalanced PHY init on probe errors
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
dlm: fix plock invalid read
dlm: fix missing lkb refcount handling
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
scsi: dc395x: Fix a missing check on list iterator
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
md: fix an incorrect NULL check in does_sb_need_changing
md: fix an incorrect NULL check in md_reload_sb
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
media: coda: Fix reported H264 profile
media: coda: Add more H264 levels for CODA960
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
RDMA/hfi1: Fix potential integer multiplication overflow errors
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
irqchip: irq-xtensa-mx: fix initial IRQ affinity
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
um: chan_user: Fix winch_tramp() return value
um: Fix out-of-bounds read in LDT setup
iommu/msm: Fix an incorrect NULL check on list iterator
nodemask.h: fix compilation error with GCC12
hugetlb: fix huge_pmd_unshare address update
rtl818x: Prevent using not initialized queues
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
carl9170: tx: fix an incorrect use of list iterator
serial: pch: don't overwrite xmit->buf[0] by x_char
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
gma500: fix an incorrect NULL check on list iterator
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
phy: qcom-qmp: fix struct clk leak on probe errors
ARM: pxa: maybe fix gpio lookup tables
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
dt-bindings: gpio: altera: correct interrupt-cells
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
phy: qcom-qmp: fix reset-controller leak on probe errors
Kconfig: add config option for asm goto w/ outputs
RDMA/rxe: Generate a completion for unsupported/invalid opcode
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
bfq: Avoid merging queues with different parents
bfq: Drop pointless unlock-lock pair
bfq: Remove pointless bfq_init_rq() calls
bfq: Get rid of __bio_blkcg() usage
bfq: Make sure bfqg for which we are queueing requests is online
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
staging: greybus: codecs: fix type confusion of list iterator variable
iio: adc: ad7124: Remove shift from scan_type
tty: goldfish: Use tty_port_destroy() to destroy port
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
usb: usbip: fix a refcount leak in stub_probe()
usb: usbip: add missing device lock on tweak configuration cmd
USB: storage: karma: fix rio_karma_init return
usb: musb: Fix missing of_node_put() in omap2430_probe
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
pwm: lp3943: Fix duty calculation in case period was clamped
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
firmware: stratix10-svc: fix a missing check on list iterator
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
iio: adc: sc27xx: fix read big scale voltage not right
iio: adc: sc27xx: Fine tune the scale calibration values
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
serial: sifive: Report actual baud base rather than fixed 115200
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
soc: rockchip: Fix refcount leak in rockchip_grf_init
clocksource/drivers/riscv: Events are stopped during CPU suspend
rtc: mt6397: check return value after calling platform_get_resource()
serial: meson: acquire port->lock in startup()
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
serial: digicolor-usart: Don't allow CS5-6
serial: rda-uart: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: sh-sci: Don't allow CS5-6
serial: sifive: Sanitize CSIZE and c_iflag
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: stm32-usart: Correct CSIZE, bits, and parity
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
bus: ti-sysc: Fix warnings for unbind for serial
driver: base: fix UAF when driver_attach failed
driver core: fix deadlock in __device_attach
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
modpost: fix removing numeric suffixes
jffs2: fix memory leak in jffs2_do_fill_super
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
nfp: only report pause frame configuration for physical device
net/mlx5: Don't use already freed action pointer
net/mlx5e: Update netdev features after changing XDP state
net: sched: add barrier to fix packet stuck problem for lockless qdisc
tcp: tcp_rtx_synack() can be called from process context
afs: Fix infinite loop found by xfstest generic/676
tipc: check attribute length for bearer name
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
tracing: Fix sleeping function called from invalid context on RT kernel
tracing: Avoid adding tracer option before update_tracer_options
f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
i2c: cadence: Increase timeout per message if necessary
m68knommu: set ZERO_PAGE() to the allocated zeroed page
m68knommu: fix undefined reference to `_init_sp'
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
NFSv4: Don't hold the layoutget locks across multiple RPC calls
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
xprtrdma: treat all calls not a bcall when bc_serv is NULL
netfilter: nat: really support inet nat without l3 address
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
netfilter: nf_tables: memleak flow rule from commit path
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
bpf, arm64: Clear prog->jited_len along prog->jited
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net: mdio: unexport __init-annotated mdio_bus_init()
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net: ipv6: unexport __init-annotated seg6_hmac_init()
net/mlx5: Rearm the FW tracer after each tracer event
net/mlx5: fs, fail conflicting actions
ip_gre: test csum_start instead of transport header
net: altera: Fix refcount leak in altera_tse_mdio_create
drm: imx: fix compiler warning with gcc-12
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
iio: st_sensors: Add a local lock for protecting odr
lkdtm/usercopy: Expand size of "out of frame" object
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
tty: Fix a possible resource leak in icom_probe
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
USB: hcd-pci: Fully suspend across freeze/thaw cycle
usb: dwc2: gadget: don't reset gadget's driver->bus
misc: rtsx: set NULL intfdata when probe fails
extcon: Modify extcon device to be created after driver data is set
clocksource/drivers/sp804: Avoid error on multiple instances
staging: rtl8712: fix uninit-value in usb_read8() and friends
staging: rtl8712: fix uninit-value in r871xu_drv_init()
serial: msm_serial: disable interrupts in __msm_console_write()
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
watchdog: wdat_wdt: Stop watchdog when rebooting the system
md: protect md_unregister_thread from reentrancy
scsi: myrb: Fix up null pointer access on myrb_cleanup()
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
ceph: allow ceph.dir.rctime xattr to be updatable
drm/radeon: fix a possible null pointer dereference
modpost: fix undefined behavior of is_arm_mapping_symbol()
x86/cpu: Elide KCSAN for cpu_has() and friends
nbd: call genl_unregister_family() first in nbd_cleanup()
nbd: fix race between nbd_alloc_config() and module removal
nbd: fix io hung while disconnecting device
s390/gmap: voluntarily schedule during key setting
cifs: version operations for smb20 unneeded when legacy support disabled
nodemask: Fix return values to be unsigned
vringh: Fix loop descriptors check in the indirect cases
scripts/gdb: change kernel config dumping method
ALSA: hda/conexant - Fix loopback issue with CX20632
cifs: return errors during session setup during reconnects
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
mmc: block: Fix CQE recovery reset success
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
ixgbe: fix bcast packets Rx on VF after promisc removal
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
md/raid0: Ignore RAID0 layout if the second zone has only one device
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
Linux 5.4.198
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I05615e33dbd0029f93c9724c9abc9cb9035122d2
|
||
|
Aditya Garg
|
b1cda6dd2c |
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
commit 155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb upstream. On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmware code and EFI runtime services are disabled with the following logs: [Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000 WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0 (Removed some logs from here) Call Trace: <TASK> page_fault_oops+0x4f/0x2c0 ? search_bpf_extables+0x6b/0x80 ? search_module_extables+0x50/0x80 ? search_exception_tables+0x5b/0x60 kernelmode_fixup_or_oops+0x9e/0x110 __bad_area_nosemaphore+0x155/0x190 bad_area_nosemaphore+0x16/0x20 do_kern_addr_fault+0x8c/0xa0 exc_page_fault+0xd8/0x180 asm_exc_page_fault+0x1e/0x30 (Removed some logs from here) ? __efi_call+0x28/0x30 ? switch_mm+0x20/0x30 ? efi_call_rts+0x19a/0x8e0 ? process_one_work+0x222/0x3f0 ? worker_thread+0x4a/0x3d0 ? kthread+0x17a/0x1a0 ? process_one_work+0x3f0/0x3f0 ? set_kthread_struct+0x40/0x40 ? ret_from_fork+0x22/0x30 </TASK> ---[ end trace 1f82023595a5927f ]--- efi: Froze efi_rts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get mokx list integrity: Couldn't get size: 0x80000000 So we avoid reading these UEFI variables and thus prevent the crash. Cc: stable@vger.kernel.org Signed-off-by: Aditya Garg <gargaditya08@live.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Srinivasarao Pathipati
|
a965799388 |
Merge android11-5.4.191+ (375c2e2) into msm-5.4
* refs/heads/tmp-375c2e2:
Revert "oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup"
Linux 5.4.191
Revert "net: micrel: fix KS8851_MLL Kconfig"
block/compat_ioctl: fix range check in BLKGETSIZE
staging: ion: Prevent incorrect reference counting behavour
spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
jbd2: fix a potential race while discarding reserved buffers after an abort
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4, doc: fix incorrect h_reserved size
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ext4: fix use-after-free in ext4_search_dir
ext4: fix symlink file size not match to file content
arm_pmu: Validate single/group leader events
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
xtensa: fix a7 clobbering in coprocessor context load/store
xtensa: patch_text: Fixup last cpu should be master
powerpc/perf: Fix power9 event alternatives
drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
KVM: PPC: Fix TCE handling for VFIO
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
EDAC/synopsys: Read the error count from the correct register
stat: fix inconsistency between struct stat and struct compat_stat
scsi: qedi: Fix failed disconnect handling
net: macb: Restart tx only if queue pointer is lagging
drm/msm/mdp5: check the return of kzalloc()
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
mt76: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
reset: tegra-bpmp: Restore Handle errors in BPMP response
ARM: vexpress/spc: Avoid negative array index when !SMP
selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
netlink: reset network and mac headers in netlink_dump()
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
net/sched: cls_u32: fix possible leak in u32_init_knode()
net/packet: fix packet_sock xmit return value checking
net/smc: Fix sock leak when release after smc_shutdown()
rxrpc: Restore removed timer deletion
igc: Fix BUG: scheduling while atomic
igc: Fix infinite loop in release_swfw_sync
dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
ALSA: usb-audio: Clear MIDI port active flag after draining
tcp: Fix potential use-after-free due to double kfree()
net/sched: cls_u32: fix netns refcount changes in u32_change()
tcp: fix race condition when creating child sockets from syncookies
gfs2: assign rgrp glock before compute_bitstructs
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
tracing: Dump stacktrace trigger to the corresponding instance
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 5.4.190
ax25: Fix UAF bugs in ax25 timers
ax25: Fix NULL pointer dereferences in ax25 timers
ax25: fix NPD bug in ax25_disconnect
ax25: fix UAF bug in ax25_send_control()
ax25: Fix refcount leaks caused by ax25_cb_del()
ax25: fix UAF bugs of net_device caused by rebinding operation
ax25: fix reference count leaks of ax25_dev
ax25: add refcount in ax25_dev to avoid UAF bugs
dma-direct: avoid redundant memory sync for swiotlb
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
dm integrity: fix memory corruption when tag_size is less than digest size
ARM: davinci: da850-evm: Avoid NULL pointer dereference
tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
genirq/affinity: Consider that CPUs on nodes can be unbalanced
drm/amd/display: don't ignore alpha property on pre-multiplied mode
ipv6: fix panic when forwarding a pkt with no in6 dev
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
btrfs: mark resumed async balance as writing
btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
ath9k: Fix usage of driver-private space in tx_info
ath9k: Properly clear TX status area before reporting to mac80211
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
perf/imx_ddr: Fix undefined behavior due to shift overflowing the constant
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan
scsi: mvsas: Add PCI ID of RocketRaid 2640
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
drm/amd/display: Fix allocate_mst_payload assert on resume
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
arm64: alternatives: mark patch_alternative() as `noinstr`
regulator: wm8994: Add an off-on delay for WM8994 variant
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amdkfd: Fix Incorrect VMIDs passed to HWS
drm/amd/display: Update VTEM Infopacket definition
drm/amd/display: fix audio format not updated after edid updated
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
sctp: Initialize daddr on peeled off socket
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()
cfg80211: hold bss_lock while updating nontrans_list
net/sched: taprio: Check if socket flags are valid
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
net/sched: fix initialization order when updating chain 0 head
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
veth: Ensure eth header is in skb's linear part
net/sched: flower: fix parsing of ethertype following VLAN header
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
ANDROID: GKI: fix crc issue with commit
|
||
|
Greg Kroah-Hartman
|
9eae8fc396 |
This is the 5.4.197 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKdn9MACgkQONu9yGCS
aT4bpg//X6xA3rkYaTO2ymBqhqwvZ47OvS5M6dL4N5wTKhkuGk89Ij4XDI/z65lm
WeaRbVhvFbmnjm44lLvP8Ly5rHk/PTOVWqtGkbsFe05CStZb9VThJ9Eqrl2RfY1h
QswWZe1V3QquBCMaXVP85VjvsUmqxRz1Sq1XL7u3DE56LRzzjgBBFO6Iu3+tfI4X
6e1FOQec9nn2TRT3EQdYWy11EZawnoir5YF7wz1ao3epUu57xRLJogsaovA8Zu1l
xJPpss0wro+9aB1VSwrpSggDtYqDOnarKBst0Q2i43wSPOlcjy7DcqYpnn9JaTKf
zGchCQf/Zz0GrAuASqkwtc9ap3OhGNMv2x6RTtiH2MrKs8bH8/iQAhwwAvkgxQQg
yAUw7DxB4L069dOYXoQQw+jPH1YIsqY4k6w9KtmyjcA8S5FJh2jHuhOw5lWL9y4+
0Gz1LjoF59ZZZh49cNmKKuSmfFN3xO8CpWvz3qvd/2kjzus/dJXs7gq9+PS9uCC6
e6SccW9vp0RZ9yhSy59xHuyhEZQdeU2Wp5RGcyUEN0mXdXFGaj0asWouu2H/gm1y
coWZpcOlALk+uaP9+tYc+kLFCash98xhX10mNzb+nHODM/Mwxh+tzGbtOmQ8UuNX
KkUqXjGz3AXQZzxKOUePvq9mrAFkEkdIKZDOjdwQvoEq+iQg9Lc=
=JE5x
-----END PGP SIGNATURE-----
Merge 5.4.197 into android11-5.4-lts
Changes in 5.4.197
lockdown: also lock down previous kgdb use
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
Input: goodix - fix spurious key release events
tcp: change source port randomizarion at connect() time
secure_seq: use the 64 bits of the siphash for port offset calculation
media: vim2m: Register video device after setting up internals
media: vim2m: initialize the media device earlier
ACPI: sysfs: Make sparse happy about address space in use
ACPI: sysfs: Fix BERT error region memory mapping
pinctrl: sunxi: fix f1c100s uart2 function
net: af_key: check encryption module availability consistency
net: ftgmac100: Disable hardware checksum on AST2600
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
assoc_array: Fix BUG_ON during garbage collect
cfg80211: set custom regdomain after wiphy registration
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
exec: Force single empty string when argv is empty
netfilter: conntrack: re-fetch conntrack after insertion
crypto: ecrdsa - Fix incorrect use of vli_cmp
zsmalloc: fix races between asynchronous zspage free and page migration
dm integrity: fix error code in dm_integrity_ctr()
dm crypt: make printing of the key constant-time
dm stats: add cond_resched when looping over entries
dm verity: set DM_TARGET_IMMUTABLE feature flag
raid5: introduce MD_BROKEN
HID: multitouch: Add support for Google Whiskers Touchpad
tpm: Fix buffer access in tpm2_get_tpm_pt()
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
NFS: Memory allocation failures are not server fatal errors
NFSD: Fix possible sleep during nfsd4_release_lockowner()
bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
Linux 5.4.197
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1b3af44df22d11027b65b96eaac53fe2c3b5db92
|
||
Daniel Thompson
|
8bb828229d |
lockdown: also lock down previous kgdb use
commit eadb2f47a3ced5c64b23b90fd2a3463f63726066 upstream. KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port (for example, via a hypervisor console, which some cloud vendors provide over the network) could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. Fix this by integrating lockdown into kdb's existing permissions mechanism. Unfortunately kgdb does not have any permissions mechanism (although it certainly could be added later) so, for now, kgdb is simply and brutally disabled by immediately exiting the gdb stub without taking any action. For lockdowns established early in the boot (e.g. the normal case) then this should be fine but on systems where kgdb has set breakpoints before the lockdown is enacted than "bad things" will happen. CVE: CVE-2022-21499 Co-developed-by: Stephen Brennan <stephen.s.brennan@oracle.com> Signed-off-by: Stephen Brennan <stephen.s.brennan@oracle.com> Reviewed-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |