Add a flag: __ANDROID_COMMON_KERNEL__ which out-of-tree vendor drivers
can use to check if they are compiling against an Android Common Kernel.
These out-of-tree vendor drivers can use this flag +
LINUX_KERNEL_VERSION to determine if a feature has been backported.
Bug: 229953929
Change-Id: I832344d63f3639479784753edfb7ac405068312f
Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>
commit 570b1cac477643cbf01a45fa5d018430a1fddbce upstream.
There are some duplicated codes to validate the block
size in block drivers. This limitation actually comes
from block layer, so this patch tries to add a new block
layer helper for that.
Bug: 226679849
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Link: https://lore.kernel.org/r/20211026144015.188-2-xieyongji@bytedance.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I869a720a18f85fac878459f719cae6a7183a8745
commit 0c4bcfdecb1ac0967619ee7ff44871d93c08c909 upstream.
In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(), which then
imports the write buffer with fuse_get_user_pages(), which uses
iov_iter_get_pages() to grab references to userspace pages instead of
actually copying memory.
On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.
This is wrong because after fuse_dev_do_read() unlocks the FUSE request,
the userspace filesystem can mark the request as completed, causing write()
to return. At that point, the userspace filesystem should no longer have
access to the pipe buffer.
Fix by copying pages coming from the user address space to new pipe
buffers.
Bug: 226679409
Reported-by: Jann Horn <jannh@google.com>
Fixes: c3021629a0 ("fuse: support splice() reading from fuse device")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I57a98e96e36bb97ce3e7b1ebf88917c6c8b0247d
[ Upstream commit cc5095747edfb054ca2068d01af20be3fcc3634f ]
[un]pin_user_pages_remote is dirtying pages without properly warning
the file system in advance. A related race was noted by Jan Kara in
2018[1]; however, more recently instead of it being a very hard-to-hit
race, it could be reliably triggered by process_vm_writev(2) which was
discovered by Syzbot[2].
This is technically a bug in mm/gup.c, but arguably ext4 is fragile in
that if some other kernel subsystem dirty pages without properly
notifying the file system using page_mkwrite(), ext4 will BUG, while
other file systems will not BUG (although data will still be lost).
So instead of crashing with a BUG, issue a warning (since there may be
potential data loss) and just mark the page as clean to avoid
unprivileged denial of service attacks until the problem can be
properly fixed. More discussion and background can be found in the
thread starting at [2].
[1] https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz
[2] https://lore.kernel.org/r/Yg0m6IjcNmfaSokM@google.com
Reported-by: syzbot+d59332e2db681cf18f0318a06e994ebbb529a8db@syzkaller.appspotmail.com
Reported-by: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/YiDS9wVfq4mM2jGK@mit.edu
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I894c3ada3eadfb9dce596d07d2ec496d28d0ecfe
Syzbot recently found a number of issues related to incremental-fs
(see bug numbers below). All have to do with the fact that incr-fs
allows mounts of the same source and target multiple times.
This is a design decision and the user space component "Data Loader"
expects this to work for app re-install use case.
The mounting depth needs to be controlled, however, and only allowed
to be two levels deep. In case of more than two mount attempts the
driver needs to return an error.
In case of the issues listed below the common pattern is that the
reproducer calls:
mount("./file0", "./file0", "incremental-fs", 0, NULL)
many times and then invokes a file operation like chmod, setxattr,
or open on the ./file0. This causes a recursive call for all the
mounted instances, which eventually causes a stack overflow and
a kernel crash:
BUG: stack guard page was hit at ffffc90000c0fff8
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
This change also cleans up the mount error path to properly clean
allocated resources and call deactivate_locked_super(), which
causes the incfs_kill_sb() to be called, where the sb is freed.
Bug: 211066171
Bug: 213140206
Bug: 213215835
Bug: 211914587
Bug: 211213635
Bug: 213137376
Bug: 211161296
Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
Change-Id: I08d9b545a2715423296bf4beb67bdbbed78d1be1
On Android 32-bit system, the following Cts Verifier testcase failed:
manualTests#com.android.cts.verifier.usb.accessory.UsbAccessoryTestActivity
The reason is that compat_ioctl() needs to be called.
So let's add compat_ioctl() for 32-bit applications to solve this issue.
Bug: 223101878
Change-Id: I6e1f797d919494d293184411041955c33ad08aef
Signed-off-by: Aran Dalton <arda@allwinnertech.com>
(cherry picked from commit 77bf53b4861491ad49414d8fceefda2602274519)
[ Upstream commit e9da0b56fe27206b49f39805f7dcda8a89379062 ]
A malicious device can leak heap data to user space
providing bogus frame lengths. Introduce a sanity check.
Bug: 225469258
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I2f17bd57b5c4228d0420f716527316a878a34efd
(cherry picked from commit e7f39d0aa294f998ddd55c5becb5e9601912da0d)
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
https://github.com/cilium/cilium/pull/18789 and
https://github.com/cilium/cilium/pull/19019).
Bug: 220227367
Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57e401a53c)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1
commit 501e38a5531efbd77d5c73c0ba838a889bfc1d74 upstream.
dev->config and dev->hs_config and dev->dev need to be cleaned if
dev_config fails to avoid UAF.
Bug: 220261709
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20211231172138.7993-3-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I149a16bc8db7262c3ab9c2f72a0f10c6caebee83
commit 89f3594d0de58e8a57d92d497dea9fee3d4b9cda upstream.
dev->buf does not need to be released if it already exists before
executing dev_config.
Bug: 220261709
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20211231172138.7993-2-hbh25y@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: Id53d6770fbae0a7fcf0fa136157c0ab34fb5da64
This is the merge of the upstream LTS release of 5.4.180 into the
android11-5.4 branch.
It contains the following commits:
20d2140d23 Merge 5.4.180 into android11-5.4-lts
7b3eb66d0d Linux 5.4.180
9d09cb1108 ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
a2ed7b29d0 perf: Fix list corruption in perf_cgroup_switch()
f79cbf75ac scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
a1a018e2a0 hwmon: (dell-smm) Speed up setting of fan speed
1e30073c0e seccomp: Invalidate seccomp mode to catch death failures
a3769078c9 USB: serial: cp210x: add CPI Bulk Coin Recycler id
fade0cbf66 USB: serial: cp210x: add NCR Retail IO box id
697b9ed28b USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
ed4fddac9d USB: serial: option: add ZTE MF286D modem
f729dfd364 USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
f297b6109c usb: gadget: f_uac2: Define specific wTerminalType
c9e952871a usb: gadget: rndis: check size of RNDIS_MSG_SET command
38fd68f55a USB: gadget: validate interface OS descriptor requests
3054dfef06 usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
8f032eaebc usb: dwc3: gadget: Prevent core from processing stale TRBs
3a9953b280 usb: ulpi: Call of_node_put correctly
12ab57a213 usb: ulpi: Move of_node_put to ulpi_dev_release
a0fd5492ee net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
3937c35493 eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
d4dc28db1b n_tty: wake up poll(POLLRDNORM) on receiving data
0e31f914d7 vt_ioctl: add array_index_nospec to VT_ACTIVATE
ae3d574115 vt_ioctl: fix array_index_nospec in vt_setactivate
311c82a680 net: amd-xgbe: disable interrupts during pci removal
b3e998a5dc tipc: rate limit warning for received illegal binding update
e7daad5c28 net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
c99e66350c veth: fix races around rq->rx_notify_masked
a80817adc2 net: fix a memleak when uncloning an skb dst and its metadata
0b6087c635 net: do not keep the dst cache when uncloning an skb dst and its metadata
3f41ec8c83 nfp: flower: fix ida_idx not being released
16dcfde98a ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
4bcfbec337 bonding: pair enable_port with slave_arr_updates
e432f25c77 ixgbevf: Require large buffers for build_skb on 82599VF
4e6fd2b5fc misc: fastrpc: avoid double fput() on failed usercopy
c9fc422c9a usb: f_fs: Fix use-after-free for epfile
336222182a ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
94888cf755 staging: fbtft: Fix error path in fbtft_driver_module_init()
2650ed4707 ARM: dts: meson: Fix the UART compatible strings
4ccb639bde perf probe: Fix ppc64 'perf probe add events failed' case
b4a59eafcb net: bridge: fix stale eth hdr pointer in br_dev_xmit
b55a0cdbec PM: s2idle: ACPI: Fix wakeup interrupts handling
e37a2a6b52 ACPI/IORT: Check node revision for PMCG resources
153d0f357b nvme-tcp: fix bogus request completion when failing to send AER
a44ca40387 ARM: socfpga: fix missing RESET_CONTROLLER
8a0bad445a ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
9d5e5832ff riscv: fix build with binutils 2.38
c230f6ba10 bpf: Add kconfig knob for disabling unpriv bpf by default
e2424c010a KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
a437c52439 net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
032065cc5b usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
0863dedf58 PM: hibernate: Remove register_nosave_region_late()
5c5ceea00c scsi: myrs: Fix crash in error case
7cc32ff0cd scsi: qedf: Fix refcount issue when LOGO is received during TMF
c6a7077144 scsi: target: iscsi: Make sure the np under each tpg is unique
9babdef288 net: sched: Clarify error message when qdisc kind is unknown
978264fbc5 drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
162e8d7885 NFSv4 expose nfs_parse_server_name function
852c95db75 NFSv4 remove zero number of fs_locations entries error check
75e67eed75 NFSv4.1: Fix uninitialised variable in devicenotify
6efe396140 nfs: nfs4clinet: check the return value of kstrdup()
2acac498a5 NFSv4 only print the label when its queried
891c4ebf3b nvme: Fix parsing of ANA log page
d7d345c807 NFSD: Fix offset type in I/O trace points
34217d7730 NFSD: Clamp WRITE offsets
5fde7ca7b1 NFS: Fix initialisation of nfs_client cl_flags field
09295a9893 net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
f84d17e6dd net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
6002783411 mmc: sdhci-of-esdhc: Check for error num after setting mask
8a9511fd10 ima: Do not print policy rule with inactive LSM labels
89e51f2ab8 ima: Allow template selection with ima_template[_fmt]= after ima_hash=
0939988b16 ima: Remove ima_policy file before directory
ea58704f06 integrity: check the return value of audit_log_start()
82b6e1787f Merge branch 'android11-5.4' into 'android11-5.4-lts'
58b361784b Merge 5.4.179 into android11-5.4-lts
5287167109 Linux 5.4.179
d692e3406e tipc: improve size validations for received domain records
3a0a7ec557 moxart: fix potential use-after-free on remove path
88fc697aae Merge 5.4.178 into android11-5.4-lts
92070960c5 Merge 5.4.177 into android11-5.4-lts
76fd334f07 Linux 5.4.178
ed33906972 cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
c8d7d7c58e ext4: fix error handling in ext4_restore_inline_data()
f4a575eada EDAC/xgene: Fix deferred probing
0f1ca7cea5 EDAC/altera: Fix deferred probing
66c5aa5726 rtc: cmos: Evaluate century appropriate
2ffe36c9c4 selftests: futex: Use variable MAKE instead of make
c17a316f3d nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
53e4f71763 scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
bfba4e8088 pinctrl: bcm2835: Fix a few error paths
71e60c1701 ASoC: max9759: fix underflow in speaker_gain_control_put()
e7e396324f ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
7709133f1f ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
e51b323f89 ASoC: fsl: Add missing error handling in pcm030_fabric_probe
04698be843 drm/i915/overlay: Prevent divide by zero bugs in scaling
4a674b8e8a net: stmmac: ensure PTP time register reads are consistent
9afc028640 net: stmmac: dump gmac4 DMA registers correctly
77454c9ada net: macsec: Verify that send_sci is on when setting Tx sci explicitly
dc8c2f0d01 net: ieee802154: Return meaningful error codes from the netlink helpers
6f38d3a6ec net: ieee802154: ca8210: Stop leaking skb's
859ded7ac2 net: ieee802154: mcr20a: Fix lifs/sifs periods
13be1165ef net: ieee802154: hwsim: Ensure proper channel selection at probe time
8cfa026a21 spi: meson-spicc: add IRQ check in meson_spicc_probe
fe58eb96bb spi: mediatek: Avoid NULL pointer crash in interrupt
c9fc48511c spi: bcm-qspi: check for valid cs before applying chip select
6e0498e24b iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
5c43d46daa iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
cff7faba88 RDMA/mlx4: Don't continue event handler after memory allocation failure
bc5d3e8b70 RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
60af6e6860 IB/rdmavt: Validate remote_addr during loopback atomic tests
4bbb6e6a1c memcg: charge fs_context and legacy_fs_context
2f837785c2 Revert "ASoC: mediatek: Check for error clk pointer"
9527177852 block: bio-integrity: Advance seed correctly for larger interval sizes
d3533ee20e mm/kmemleak: avoid scanning potential huge holes
acc887ba88 drm/nouveau: fix off by one in BIOS boundary checking
26b3901d20 btrfs: fix deadlock between quota disable and qgroup rescan worker
e680e4d301 ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
7e59f05544 ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
d8fbf567e7 ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
66b5dd10c2 ALSA: hda/realtek: Add quirk for ASUS GU603
f2c5fde84c ALSA: usb-audio: Simplify quirk entries with a macro
fd9a23319f ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
c33402b056 ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
68fd718724 ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
01baaf3bed audit: improve audit queue handling when "audit=1" on cmdline
454e00abb3 Revert "net: fix information leakage in /proc/net/ptype"
b8f53f9171 Linux 5.4.177
4fc41403f0 af_packet: fix data-race in packet_setsockopt / packet_setsockopt
db6c57d266 cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
bd43771ee9 rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
b1d17e920d net: sched: fix use-after-free in tc_new_tfilter()
9892742f03 net: amd-xgbe: Fix skb data length underflow
28bdf65a56 net: amd-xgbe: ensure to reset the tx_timer_active flag
f2a186a44e ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
0e8283cbe4 cgroup-v1: Require capabilities to set release_agent
2fd752ed77 psi: Fix uaf issue when psi trigger is destroyed while being polled
464da38ba8 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
46c68a5628 Merge 5.4.176 into android11-5.4-lts
2570bb2729 Linux 5.4.176
5e2a4d0225 mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
6cbf4c731d block: Fix wrong offset in bio_truncate()
33a9ba52d5 fsnotify: invalidate dcache before IN_DELETE event
b52103cbb6 dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
e913171594 ipv4: remove sparse error in ip_neigh_gw4()
c30ecdba9e ipv4: tcp: send zero IPID in SYNACK messages
51dde4ae5a ipv4: raw: lock the socket in raw_bind()
2d334469c2 net: hns3: handle empty unknown interrupt for VF
7afc09c891 yam: fix a memory leak in yam_siocdevprivate()
51edc483af drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
a15ed3e988 ibmvnic: don't spin in tasklet
c09702f43a ibmvnic: init ->running_cap_crqs early
86217a4ebd hwmon: (lm90) Mark alert as broken for MAX6654
18684bb996 rxrpc: Adjust retransmission backoff
f39027cbad phylib: fix potential use-after-free
218cccb521 net: phy: broadcom: hook up soft_reset for BCM54616S
0d26470b25 netfilter: conntrack: don't increment invalid counter on NF_REPEAT
abcb9d80a4 NFS: Ensure the server has an up to date ctime before renaming
30965c7682 NFS: Ensure the server has an up to date ctime before hardlinking
cdfaf8e985 ipv6: annotate accesses to fn->fn_sernum
581317b1f0 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
b3e3d584f0 drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
4abd2a7735 drm/msm: Fix wrong size calculation
9f0a6acac4 net-procfs: show net devices bound packet types
4fd45ff2b4 NFSv4: nfs_atomic_open() can race when looking up a non-regular file
0dfacee400 NFSv4: Handle case where the lookup of a directory fails
c27abaa040 hwmon: (lm90) Reduce maximum conversion rate for G781
1f748455a8 ipv4: avoid using shared IP generator for connected sockets
ca5355771c ping: fix the sk_bound_dev_if match in ping_lookup
0b567a24ad hwmon: (lm90) Mark alert as broken for MAX6680
b63031651a hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
e372ecd455 net: fix information leakage in /proc/net/ptype
20b7af4131 ipv6_tunnel: Rate limit warning messages
bf2bd892a0 scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
d380beb5e5 rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
da27b834c1 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
cb24af19e5 i40e: fix unsigned stat widths
be6998f232 i40e: Fix queues reservation for XDP
b16f1a078d i40e: Fix issue when maximum queues is exceeded
f18aadbdf6 i40e: Increase delay to 1 s after global EMP reset
7e94539448 powerpc/32: Fix boot failure with GCC latent entropy plugin
ff19d70b66 net: sfp: ignore disabled SFP node
5ede72d48c ucsi_ccg: Check DEV_INT bit only when starting CCG4
3922b6e1c9 usb: typec: tcpm: Do not disconnect while receiving VBUS off
9c61fce322 USB: core: Fix hang in usb_kill_urb by adding memory barriers
4fc6519bde usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
64e671a221 usb: common: ulpi: Fix crash in ulpi_match()
d66dc656c5 usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
a06cba5ad1 tty: Add support for Brainboxes UC cards.
f5e6c94673 tty: n_gsm: fix SW flow control encoding/handling
05b3301188 serial: stm32: fix software flow control transfer
0b92eda2d8 serial: 8250: of: Fix mapped region size when using reg-offset property
2bf7dee6f4 netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
a6d5885725 arm64: errata: Fix exec handling in erratum 1418040 workaround
5cbcd1f5a2 drm/etnaviv: relax submit size limits
5463cfd833 fsnotify: fix fsnotify hooks in pseudo filesystems
1614bd844e tracing: Don't inc err_log entry count if entry allocation fails
8a8878ebb5 tracing/histogram: Fix a potential memory leak for kstrdup()
73578a9b2b PM: wakeup: simplify the output logic of pm_show_wakelocks()
31136e5467 udf: Fix NULL ptr deref when converting from inline format
86bcc670d3 udf: Restore i_lenAlloc when inode expansion fails
c54445af64 scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
4d041e75c4 s390/hypfs: include z/VM guests with access control group set
835d370685 Bluetooth: refactor malicious adv data check
970ce66acd Merge 5.4.175 into android11-5.4-lts
a075d1beb1 ANDROID: Fix CRC issue up with xfrm headers in 5.4.174
b3174205cf Merge 5.4.174 into android11-5.4-lts
7cdf2951f8 Linux 5.4.175
84b1259fe3 drm/vmwgfx: Fix stale file descriptors on failed usercopy
16895e4eac select: Fix indefinitely sleeping task in poll_schedule_timeout()
53d5b08d8e mmc: sdhci-esdhc-imx: disable CMDQ support
c3fa7ce43c ARM: dts: gpio-ranges property is now required
75278f1aff pinctrl: bcm2835: Change init order for gpio hogs
0d006bb08d pinctrl: bcm2835: Add support for wake-up interrupts
08fd627438 pinctrl: bcm2835: Match BCM7211 compatible string
ac3daf50c1 pinctrl: bcm2835: Add support for all GPIOs on BCM2711
e523717111 pinctrl: bcm2835: Refactor platform data
33e48b5305 pinctrl: bcm2835: Drop unused define
75ca9c1d96 rcu: Tighten rcu_advance_cbs_nowake() checks
1b5553c79d drm/i915: Flush TLBs before releasing backing store
411d8da1c8 Linux 5.4.174
2c9650faa1 Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
d106693dfd mtd: nand: bbt: Fix corner case in bad block table handling
0c1b203819 lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
a836180fc5 lib82596: Fix IRQ check in sni_82596_probe
3903f65a5a scripts/dtc: dtx_diff: remove broken example from help text
b0e5b352fe dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
e3e561707c dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
810d3fac21 net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
e81d42e544 bcmgenet: add WOL IRQ check
3bd7629eb8 net_sched: restore "mpu xxx" handling
918b3dbf03 arm64: dts: qcom: msm8996: drop not documented adreno properties
1e0e01eb25 dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
ca48aa7de7 dmaengine: at_xdmac: Fix lld view setting
0366901b7b dmaengine: at_xdmac: Fix concurrency over xfers_list
d56e1fcb7b dmaengine: at_xdmac: Print debug message after realeasing the lock
7163076f25 dmaengine: at_xdmac: Don't start transactions at tx_submit level
9fbe8ea8df perf script: Fix hex dump character output
e7e3f9634a libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
91e58091a6 gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
1e06cb37fe xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
d6bfcc8d95 netns: add schedule point in ops_exit_list()
577d3c5291 inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
967ec4b059 rtc: pxa: fix null pointer dereference
1623e00e40 net: axienet: increase default TX ring size to 128
88d7727796 net: axienet: fix number of TX ring slots for available check
d2765d89fe net: axienet: limit minimum TX ring size
2612e35676 clk: si5341: Fix clock HW provider cleanup
7a831993a9 af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
fdc1ce9790 f2fs: fix to reserve space for IO align feature
f852afb6c0 parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
d25fe9c255 net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
682a1e0ecb ipv4: avoid quadratic behavior in netns dismantle
e6669fba04 bpftool: Remove inclusion of utilities.mak from Makefiles
9e5a74b632 powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
461aedcf68 powerpc/cell: Fix clang -Wimplicit-fallthrough warning
261f991764 Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
6926d42794 dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
d2d453940b RDMA/rxe: Fix a typo in opcode name
1a3f263e05 RDMA/hns: Modify the mapping attribute of doorbell to device
0cb05af4bf scsi: core: Show SCMD_LAST in text form
59c7ff9509 Documentation: fix firewire.rst ABI file path error
dafbd79e42 Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
2ecbe50b2b Documentation: ACPI: Fix data node reference documentation
49daee5500 Documentation: dmaengine: Correctly describe dmatest with channel unset
05594394dc media: rcar-csi2: Optimize the selection PHTW register
547ea2d23e firmware: Update Kconfig help text for Google firmware
515ca9f568 of: base: Improve argument length mismatch error
227afbfe47 drm/radeon: fix error handling in radeon_driver_open_kms
d820cb6365 ext4: don't use the orphan list when migrating an inode
85c121cf17 ext4: Fix BUG_ON in ext4_bread when write quota data
b985c8521d ext4: set csum seed in tmp inode while migrating to extents
6e23e0bb1a ext4: make sure quota gets properly shutdown on error
86be63aea2 ext4: make sure to reset inode lockdep class when quota enabling fails
e5999c49cd btrfs: respect the max size in the header when activating swap file
85dc4aac7e btrfs: check the root node for uptodate before returning it
eeec77bb53 btrfs: fix deadlock between quota enable and other quota operations
e895140826 xfrm: fix policy lookup for ipv6 gre packets
09af149541 PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
e904b46073 PCI: pci-bridge-emul: Correctly set PCIe capabilities
ab57ac7299 PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
db531b57cb drm/bridge: analogix_dp: Make PSR-exit block less
17d492d39e drm/nouveau/kms/nv04: use vzalloc for nv04_display
0d0e56a1a9 drm/etnaviv: limit submit sizes
72a953efcb s390/mm: fix 2KB pgtable release race
da4e1faccc iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
11604a3a6b tracing/kprobes: 'nmissed' not showed correctly for kretprobe
ae2e0b2f2b cputime, cpuacct: Include guest time in user time in cpuacct.stat
c526d53edd serial: Fix incorrect rs485 polarity on uart open
19a61f92fa fuse: Pass correct lend value to filemap_write_and_wait_range()
8130a1c0bf ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
011024b0f6 crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
973669290a crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
0c0fd11c9c crypto: omap-aes - Fix broken pm_runtime_and_get() usage
b728b5295d rpmsg: core: Clean up resources on announce_create failure.
9e2c8bd784 power: bq25890: Enable continuous conversion for ADC at charging
f16a5bce3f ASoC: mediatek: mt8173: fix device_node leak
5d635c2598 scsi: sr: Don't use GFP_DMA
1785538d27 MIPS: Octeon: Fix build errors using clang
bb7d1de681 i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
6abdf6722c MIPS: OCTEON: add put_device() after of_find_device_by_node()
2a8870f5cb powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
2dbb618e24 ALSA: seq: Set upper limit of processed events
1ad4f94630 scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
73ed9127b8 w1: Misuse of get_user()/put_user() reported by sparse
b8e5376c27 KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
aecdb1d242 powerpc/powermac: Add missing lockdep_register_key()
2c146cf97b clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
e441d3cb76 i2c: mpc: Correct I2C reset procedure
f231d1d22b powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
aca56c298e i2c: i801: Don't silently correct invalid transfer size
aea9d36848 powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
5a3cda54ff powerpc/btext: add missing of_node_put
fd0135fc6f powerpc/cell: add missing of_node_put
67329fb6a8 powerpc/powernv: add missing of_node_put
5bea763aec powerpc/6xx: add missing of_node_put
ecfe73aec6 parisc: Avoid calling faulthandler_disabled() twice
5e126f6880 random: do not throw away excess input to crng_fast_load
8f6cecfff3 serial: core: Keep mctrl register state and cached copy in sync
6f7bd9f7c8 serial: pl010: Drop CR register reset on set_termios
c5e156a627 regulator: qcom_smd: Align probe function with rpmh-regulator
4a55b02b64 net: gemini: allow any RGMII interface mode
4bee2316c5 net: phy: marvell: configure RGMII delays for 88E1118
b3fbe7565f dm space map common: add bounds check to sm_ll_lookup_bitmap()
052f640137 dm btree: add a defensive bounds check to insert_at()
aaefb18333 mac80211: allow non-standard VHT MCS-10/11
5253794b19 net: mdio: Demote probed message to debug print
8508caebe6 btrfs: remove BUG_ON(!eie) in find_parent_nodes
7d4f4075e7 btrfs: remove BUG_ON() in find_parent_nodes()
ba72fa2cb2 ACPI: battery: Add the ThinkPad "Not Charging" quirk
7c366d75a4 drm/amdgpu: fixup bad vram size on gmc v8
88b5abc0c6 ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
de85f58618 ACPICA: Fix wrong interpretation of PCC address
1fa8e71d00 ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
aee78b668e ACPICA: Utilities: Avoid deleting the same object twice in a row
a4c6cde223 ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
56c308c730 jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
c02454b3c8 um: registers: Rename function names to avoid conflicts and build problems
51b44e9b14 iwlwifi: mvm: Fix calculation of frame length
95017cf0a3 iwlwifi: remove module loading failure message
0446cafa84 iwlwifi: fix leaks/bad data after failed firmware load
c8fe499c45 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
46fdba26cd usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
8ac2cf0253 cpufreq: Fix initialization of min and max frequency QoS requests
bfcc1e9c2e arm64: tegra: Adjust length of CCPLEX cluster MMIO region
65816c1034 arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
dcf1d9f76f audit: ensure userspace is penalized the same as the kernel when under pressure
5cc8a36785 mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
3a7f37eb20 media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
71b6d05db5 media: igorplugusb: receiver overflow should be reported
1af9e1d488 HID: quirks: Allow inverting the absolute X/Y values
75f7885dc2 bpf: Do not WARN in bpf_warn_invalid_xdp_action()
086181b0ff net: bonding: debug: avoid printing debug logs when bond is not notifying peers
fcd7e8ccc4 x86/mce: Mark mce_read_aux() noinstr
a0d171398d x86/mce: Mark mce_end() noinstr
bca5aa9202 x86/mce: Mark mce_panic() noinstr
2481ee0ce5 gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
743911a2bf net: phy: prefer 1000baseT over 1000baseKX
a5d8e6189b net-sysfs: update the queue counts in the unregistration path
d08cc0223a ath10k: Fix tx hanging
054281b354 iwlwifi: mvm: synchronize with FW after multicast commands
fe791612af media: m920x: don't use stack on USB reads
a821532ce5 media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
b867a9c3de media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
ff867910e8 x86/mm: Flush global TLB when switching to trampoline page-table
16f2ef98cc floppy: Add max size check for user space request
3ad5c9e502 usb: uhci: add aspeed ast2600 uhci support
c27a523211 rsi: Fix out-of-bounds read in rsi_read_pkt()
51ad4c4486 rsi: Fix use-after-free in rsi_rx_done_handler()
ae56c5524a mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
4ff69cf3b1 HSI: core: Fix return freed object in hsi_new_client
009d6d9fea gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
50ad94f865 drm/bridge: megachips: Ensure both bridges are probed before registration
c640dc459b mlxsw: pci: Add shutdown method in PCI driver
f6b6509419 EDAC/synopsys: Use the quirk for version instead of ddr version
2134ebc2d0 media: b2c2: Add missing check in flexcop_pci_isr:
2933aa5109 HID: apple: Do not reset quirks when the Fn key is not found
a625239881 drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
0cba42c09a usb: gadget: f_fs: Use stream_open() for endpoint files
c7e4004b38 batman-adv: allow netlink usage in unprivileged containers
c93a934f81 ARM: shmobile: rcar-gen2: Add missing of_node_put()
c9ec3d85c0 drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
3642493839 ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
c7186605d8 drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
58cddfe677 fs: dlm: filter user dlm messages for kernel locks
fa4ca508c2 Bluetooth: Fix debugfs entry leak in hci_register_dev()
2b09cb8d92 of: base: Fix phandle argument length mismatch error message
f88ccfb3f2 RDMA/cxgb4: Set queue pair state when being queried
38d97204a2 mips: bcm63xx: add support for clk_set_parent()
d12b5cfab4 mips: lantiq: add support for clk_set_parent()
770e92dbc9 misc: lattice-ecp3-config: Fix task hung when firmware load failed
458c253b25 ASoC: samsung: idma: Check of ioremap return value
8b894d503e ASoC: mediatek: Check for error clk pointer
41d2dc9110 phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
dc03527ca1 iommu/iova: Fix race between FQ timeout and teardown
86233ee4b4 dmaengine: pxa/mmp: stop referencing config->slave_id
741a26cf31 clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
35d7be242c ASoC: rt5663: Handle device_property_read_u32_array error codes
200f00382f RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
6314e22a99 RDMA/core: Let ib_find_gid() continue search even after empty entry
2e89a39fd7 powerpc/powermac: Add additional missing lockdep_register_key()
9367675e76 PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
27a90275e8 scsi: ufs: Fix race conditions related to driver data
b9b691de3c iommu/io-pgtable-arm: Fix table descriptor paddr formatting
48fc8eebd1 binder: fix handling of error during copy
f3c2c7f3f8 char/mwave: Adjust io port register size
e607cd712d ALSA: oss: fix compile error when OSS_DEBUG is enabled
5daf392570 ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
7e2ce332aa powerpc/prom_init: Fix improper check of prom_getprop()
506184ded6 clk: imx8mn: Fix imx8mn_clko1_sels
852f447ce0 RDMA/hns: Validate the pkey index
9927848b1c ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
79b89d3ab5 ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
86fecb7f50 ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
970d908204 ext4: avoid trim error on fs with small groups
2e5f08a5f8 net: mcs7830: handle usb read errors properly
ff09d5951b pcmcia: fix setting of kthread task states
f56b423bce can: xilinx_can: xcan_probe(): check for error irq
58533bbd5c can: softing: softing_startstop(): fix set but not used variable warning
13af3a9b1b tpm: add request_locality before write TPM_INT_ENABLE
5d5223beb6 spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
74dd45122b net/mlx5: Set command entry semaphore up once got index free
2b7816b1e9 Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
2f2336ca68 net/mlx5e: Don't block routes with nexthop objects in SW
fca92bb20c debugfs: lockdown: Allow reading debugfs files that are not world readable
46541f21de HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
f6fbc6a050 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
1f660b3ff5 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
3f4823c651 HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
1b7443f4eb Bluetooth: hci_bcm: Check for error irq
4ceb319006 fsl/fman: Check for null pointer after calling devm_ioremap
e2e1ceb8ca staging: greybus: audio: Check null pointer
b78473575f rocker: fix a sleeping in atomic bug
385b8fe398 ppp: ensure minimum packet size in ppp_write()
c7a99af48c bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
4e8307203d netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
ad66745628 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
17162e2601 pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
6cdbf5b6e4 ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
d49992de00 x86/mce/inject: Avoid out-of-bounds write when setting flags
a259c73ddd bpftool: Enable line buffering for stdout
eb599bf3ba selinux: fix potential memleak in selinux_add_opt()
8fe5e6ed36 mmc: meson-mx-sdio: add IRQ check
db6eb2f94a ARM: dts: armada-38x: Add generic compatible to UART nodes
1b10eb460d usb: ftdi-elan: fix memory leak on device disconnect
3f8edc28c0 ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
25dfc85fce xfrm: state and policy should fail if XFRMA_IF_ID 0
b34fadb521 xfrm: interface with if_id 0 should return error
ba7d5b3e33 media: hantro: Fix probe func error path
26cf595abd drm/bridge: ti-sn65dsi86: Set max register for regmap
a6d408452c drm/msm/dpu: fix safe status debugfs file
036fcde6c7 media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
7089b97b46 media: msi001: fix possible null-ptr-deref in msi001_probe()
04691afdbc media: dw2102: Fix use after free
b153346f0f ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
4c66717867 crypto: stm32/cryp - fix lrw chaining mode
46d85cdd47 crypto: stm32/cryp - fix double pm exit
17bb09710c crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
fe211ebe8e xfrm: fix a small bug in xfrm_sa_len()
b3e50e041b mwifiex: Fix possible ABBA deadlock
236399a60e rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
b67881059f sched/rt: Try to restart rt period timer when rt runtime exceeded
a26a338f4d media: si2157: Fix "warm" tuner state detection
dc3b4b60a0 media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
f39bd2900f media: dib8000: Fix a memleak in dib8000_init()
62bff2a806 Bluetooth: btmtksdio: fix resume failure
80f81e4bcc staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
9f49cf5196 staging: rtl8192e: return error code from rtllib_softmac_init()
84e568531b floppy: Fix hang in watchdog when disk is ejected
6a4160c9f2 serial: amba-pl011: do not request memory region twice
96591a7e66 tty: serial: uartlite: allow 64 bit address
d3aee4338f arm64: dts: ti: k3-j721e: Fix the L2 cache sets
15115464eb drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
46ec86ea0d drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
77af47f269 ACPI: EC: Rework flushing of EC work while suspended to idle
f996dab1a8 arm64: dts: qcom: msm8916: fix MMC controller aliases
54b5ab456e netfilter: bridge: add support for pppoe filtering
04bb89f51c media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
8034d6c40e media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
f77b903410 media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
a3c5386a51 media: imx-pxp: Initialize the spinlock prior to using it
0410f7ac04 media: rcar-csi2: Correct the selection of hsfreqrange
62866d6542 tty: serial: atmel: Call dma_async_issue_pending()
cd867ffa14 tty: serial: atmel: Check return code of dmaengine_submit()
06d6f69687 arm64: dts: ti: k3-j721e: correct cache-sets info
ac718d92b6 crypto: qce - fix uaf on qce_ahash_register_one
be6ee09c9e media: dmxdev: fix UAF when dvb_register_device() fails
da0b42d1c3 tee: fix put order in teedev_close_context()
24161b9c43 Bluetooth: stop proccessing malicious adv data
50a9817423 arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
e48e1d3e0f arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
1221b3adf5 media: aspeed: Update signal status immediately to ensure sane hw state
15df887c62 media: em28xx: fix memory leak in em28xx_init_dev
58f08f024c media: aspeed: fix mode-detect always time out at 2nd run
dc644dd8a0 media: videobuf2: Fix the size printk format
e51b0099c8 wcn36xx: Release DMA channel descriptor allocations
2aa2da3fb5 wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
457b05f391 clk: bcm-2835: Remove rounding up the dividers
aac1ed3059 clk: bcm-2835: Pick the closest clock rate
ba4cc49689 Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
141a9a9cae drm/rockchip: dsi: Fix unbalanced clock on probe error
bcd6bfe12b drm/panel: innolux-p079zca: Delete panel on attach() failure
4c255e98aa drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
5cc7480e63 drm/rockchip: dsi: Reconfigure hardware on resume()
0620aabea8 drm/rockchip: dsi: Hold pm-runtime across bind/unbind
6264d0fef9 shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
9d8fb273d5 mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
7ad300800c mm_zone: add function to check if managed dma zone exists
c4212d52f9 PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
9e5bb22beb dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
e12f983c4a iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
81a026b9c3 lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
3cead5b7a8 can: softing_cs: softingcs_probe(): fix memleak on registration failure
38e28033a5 media: stk1160: fix control-message timeouts
0ac3d5f6f9 media: pvrusb2: fix control-message timeouts
d1c57f558d media: redrat3: fix control-message timeouts
7a9d34be18 media: dib0700: fix undefined behavior in tuner shutdown
f64b379bde media: s2255: fix control-message timeouts
3a49cd738b media: cpia2: fix control-message timeouts
c9ef6e1d50 media: em28xx: fix control-message timeouts
c89df039e8 media: mceusb: fix control-message timeouts
22325141e9 media: flexcop-usb: fix control-message timeouts
7458b0189e media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
023357dd2e rtc: cmos: take rtc_lock while reading from CMOS
9a82bfb442 tools/nolibc: fix incorrect truncation of exit code
2e83886c04 tools/nolibc: i386: fix initial stack alignment
aca2988edd tools/nolibc: x86-64: Fix startup code bug
a4b5d9af4a x86/gpu: Reserve stolen memory for first integrated Intel GPU
f55dbf7298 mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
2921885387 mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
ba2539b5f9 nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
eb116c891b f2fs: fix to do sanity check in is_alive()
bf9e52c0a9 HID: wacom: Avoid using stale array indicies to read contact count
5d1023f33c HID: wacom: Ignore the confidence flag when a touch is removed
60257988d6 HID: wacom: Reset expected and received contact counts at the same time
898e69caad HID: uhid: Fix worker destroying device without any protection
5d5005448e Merge 5.4.173 into android11-5.4-lts
4aa2e7393e Linux 5.4.173
e245aaefef ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
d40f6eeaf5 mtd: fixup CFI on ixp4xx
1451deb164 ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
7b98f61b83 KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
5c69ba9e80 firmware: qemu_fw_cfg: fix kobject leak in probe error path
1cc36ed561 firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
b543e41415 firmware: qemu_fw_cfg: fix sysfs information leak
b25e9ef29d rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
8716657b1b media: uvcvideo: fix division by zero at stream start
70ae85ca12 KVM: s390: Clarify SIGP orders versus STOP/RESTART
9b45f2007e perf: Protect perf_guest_cbs with RCU
bd2aed0464 vfs: fs_context: fix up param length parsing in legacy_parse_param
c2f067d4ad orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
5d6af67307 devtmpfs regression fix: reconfigure on each mount
c117b116e6 kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
ed177b5545 Merge branch 'android11-5.4' into 'android11-5.4-lts'
1b6f3f2708 Merge 5.4.172 into android11-5.4-lts
b7f70762d1 Linux 5.4.172
f415409551 staging: greybus: fix stack size warning with UBSAN
65c2e7176f drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
86ded7a6cf staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
a459686f98 media: Revert "media: uvcvideo: Set unique vdev name based in type"
7e07bedae1 random: fix crash on multiple early calls to add_bootloader_randomness()
517ab153f5 random: fix data race on crng init time
90ceecdaa0 random: fix data race on crng_node_pool
a4fa4377c9 can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
e90a7524b5 can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
9e9241d334 drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
ada3805f14 mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
d08a0a88db veth: Do not record rx queue hint in veth_xmit
a6722b4974 mmc: sdhci-pci: Add PCI ID for Intel ADL
1199f09284 USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
43aac50196 USB: core: Fix bug in resuming hub's handling of wakeup requests
ed5c2683b6 Bluetooth: bfusb: fix division by zero in send path
784e873af3 Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
ad07b60837 workqueue: Fix unbind_workers() VS wq_worker_running() race
e4310132cd UPSTREAM: x86/pci: Fix the function type for check_reserved_t
22411ee1ad Merge 5.4.171 into android11-5.4-lts
0a4ce4977b Linux 5.4.171
0101f11852 mISDN: change function names to avoid conflicts
34821931e1 atlantic: Fix buff_ring OOB in aq_ring_rx_clean
44065cc117 net: udp: fix alignment problem in udp4_seq_show()
0ad45baead ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
8b36aa5af4 scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
6a3ffcc9ff usb: mtu3: fix interval value for intr and isoc
f0e5709824 ipv6: Do cleanup if attribute validation fails in multipath route
c94999cfbb ipv6: Continue processing multipath route even if gateway attribute is invalid
2a6a811a45 phonet: refcount leak in pep_sock_accep
db0c834abb rndis_host: support Hytera digital radios
72eb522ae6 power: reset: ltc2952: Fix use of floating point literals
159eaafee6 power: supply: core: Break capacity loop
102af6edfd xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
10f2c33692 net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
c0db2e1e60 sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
bcbfc77800 batman-adv: mcast: don't send link-local multicast to mcast routers
76936ddb49 lwtunnel: Validate RTA_ENCAP_TYPE attribute length
2ebd777513 ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
a02d2be7eb ipv6: Check attribute length for RTA_GATEWAY in multipath route
34224e936a ipv4: Check attribute length for RTA_FLOW in multipath route
125d91f072 ipv4: Check attribute length for RTA_GATEWAY in multipath route
1f46721836 i40e: Fix incorrect netdev's real number of RX/TX queues
f98acd3b4d i40e: Fix for displaying message regarding NVM version
c340d45148 i40e: fix use-after-free in i40e_sync_filters_subtask()
38fbb1561d mac80211: initialize variable have_higher_than_11mbit
7646a340b2 RDMA/uverbs: Check for null return of kmalloc_array
5eb5d9c659 RDMA/core: Don't infoleak GRH fields
415fc3f595 iavf: Fix limit of total number of queues to active queues of VF
23ebe9cfda ieee802154: atusb: fix uninit value in atusb_set_extended_addr
aa171d748a tracing: Tag trace_percpu_buffer as a percpu pointer
db50ad6eec tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
cbbed1338d selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
6904679c84 Input: touchscreen - Fix backport of a02dcde595f7cbd240ccd64de96034ad91cffc40
6e80d2ee44 f2fs: quota: fix potential deadlock
7ada083540 Merge 5.4.170 into android11-5.4-lts
047dedaa38 Linux 5.4.170
2c3920c58e perf script: Fix CPU filtering of a script's switch events
fe5838c22b net: fix use-after-free in tw_timer_handler
46556c4ecd Input: spaceball - fix parsing of movement data packets
975774ea75 Input: appletouch - initialize work before device registration
436f6d0005 scsi: vmw_pvscsi: Set residual data length conditionally
103b16a8c5 binder: fix async_free_space accounting for empty parcels
98cde4dd5e usb: mtu3: set interval of FS intr and isoc endpoint
585e2b244d usb: mtu3: fix list_head check warning
50434eb609 usb: mtu3: add memory barrier before set GPD's HWO
240fc586e8 usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
20d80640fa xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
b364fcef96 uapi: fix linux/nfc.h userspace compilation errors
245c5e43cd nfc: uapi: use kernel size_t to fix user-space builds
9e4a3f47ef i2c: validate user data in compat ioctl
a7d3a1c6d9 fsl/fman: Fix missing put_device() call in fman_port_probe
2dc95e9364 net/ncsi: check for error return from call to nla_put_u32
ef01d63140 selftests/net: udpgso_bench_tx: fix dst ip argument
20f6896787 net/mlx5e: Fix wrong features assignment in case of error
b85f87d30d ionic: Initialize the 'lif->dbid_inuse' bitmap
1cd4063dbc NFC: st21nfca: Fix memory leak in device probe and remove
44cd64aa1c net: lantiq_xrx200: fix statistics of received bytes
3477f4b67e net: usb: pegasus: Do not drop long Ethernet frames
831de27145 sctp: use call_rcu to free endpoint
3218d6bd61 selftests: Calculate udpgso segment count without header adjustment
0a2e9f6a8f udp: using datalen to cap ipv6 udp max gso segments
db484d35a9 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
cc926b8f4d scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
44937652af selinux: initialize proto variable in selinux_ip_postroute_compat()
b536e357e7 recordmcount.pl: fix typo in s390 mcount regex
8d86b486e0 memblock: fix memblock_phys_alloc() section mismatch error
4606bfdaeb platform/x86: apple-gmux: use resource_size() with res
930d4986a4 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
7978ddae24 Input: i8042 - enable deferred probe quirk for ASUS UM325UA
f93d5dca7d Input: i8042 - add deferred probe support
940e68e57a tee: handle lookup of shm with reference count 0
4b38b12092 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
2bee9bd5c2 Merge 5.4.169 into android11-5.4-lts
4ca2eaf1d4 Linux 5.4.169
48c76fc535 phonet/pep: refuse to enable an unbound pipe
a5c6a13e90 hamradio: improve the incomplete fix to avoid NPD
ef5f7bfa19 hamradio: defer ax25 kfree after unregister_netdev
df8f79bcc2 ax25: NPD bug when detaching AX25 device
0333eaf385 hwmon: (lm90) Do not report 'busy' status bit as alarm
bf260ff4a4 hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
f373298e1b pinctrl: mediatek: fix global-out-of-bounds issue
bf04afb613 mm: mempolicy: fix THP allocations escaping mempolicy restrictions
f5db6bc934 KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
06c13e039d usb: gadget: u_ether: fix race in setting MAC address in setup phase
b0406b5ef4 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
806142c805 tee: optee: Fix incorrect page free bug
5478b90270 ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
1c3d4122be mmc: core: Disable card detect during shutdown
e9db8fc6c7 mmc: sdhci-tegra: Fix switch to HS400ES mode
d9031ce0b0 pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
c7b2e5850b x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
ddc1d49e10 parisc: Correct completer in lws start
8467c8cb94 ipmi: fix initialization when workqueue allocation fails
8efd6a3391 ipmi: ssif: initialize ssif_info->client early
cd24bafefc ipmi: bail out if init_srcu_struct fails
5525d80dc9 Input: atmel_mxt_ts - fix double free in mxt_read_info_block
737a98d91b ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
8df036befb ALSA: drivers: opl3: Fix incorrect use of vp->state
fdaf41977d ALSA: jack: Check the return value of kstrdup()
44c743f63d hwmon: (lm90) Drop critical attribute support for MAX6654
4615c97405 hwmon: (lm90) Introduce flag indicating extended temperature support
c2242478f2 hwmon: (lm90) Add basic support for TI TMP461
d939660eff hwmon: (lm90) Add max6654 support to lm90 driver
055ca98d48 hwmon: (lm90) Fix usage of CONFIG2 register in detect function
a7f95328c6 Input: elantech - fix stack out of bound access in elantech_change_report_id()
e12dcd4aa7 sfc: falcon: Check null pointer of rx_queue->page_ring
c11a41e269 drivers: net: smc911x: Check for error irq
5d556b1437 fjes: Check for error irq
d7024080db bonding: fix ad_actor_system option setting to default
992649b8b1 ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
2460d96c19 net: skip virtio_net_hdr_set_proto if protocol already set
621d5536b4 net: accept UFOv6 packages in virtio_net_hdr_to_skb
0b01c51c4f qlcnic: potential dereference null pointer of rx_queue->page_ring
685fc8d224 netfilter: fix regression in looped (broad|multi)cast's MAC handling
79dcbd8176 IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
78874bca4f spi: change clk_disable_unprepare to clk_unprepare
0c0ac2547c arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
6fa4e29927 HID: holtek: fix mouse probing
2712816c10 serial: 8250_fintek: Fix garbled text for console
51c925a9bc net: usb: lan78xx: add Allied Telesis AT29M2-AF
3cd0728e7b Merge 5.4.168 into android11-5.4-lts
8f843cf572 Linux 5.4.168
0d99b3c6bd xen/netback: don't queue unlimited number of packages
8bfcd03852 xen/netback: fix rx queue stall detection
560e64413b xen/console: harden hvc_xen against event channel storms
3e68d099f0 xen/netfront: harden netfront against event channel storms
4ed9f5c511 xen/blkfront: harden blkfront against event channel storms
192fe57395 Revert "xsk: Do not sleep in poll() when need_wakeup set"
e281b71992 net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info
96a1550a2b mac80211: fix regression in SSN handling of addba tx
66aba15a14 rcu: Mark accesses to rcu_state.n_force_qs
b847ecff85 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
f9f300a922 ovl: fix warning in ovl_create_real()
ba2a9d8f8e fuse: annotate lock in fuse_reverse_inval_entry()
96f182c9f4 media: mxl111sf: change mutex_init() location
095ad3969b xsk: Do not sleep in poll() when need_wakeup set
29e9fdf7b6 ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
f6e9e7be9b Input: touchscreen - avoid bitwise vs logical OR warning
3d45573dfb mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
a19cf6844b mac80211: validate extended element ID is present
e070c0c990 drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
c9ee8144e4 libata: if T_LENGTH is zero, dma direction should be DMA_NONE
6288909493 timekeeping: Really make sure wall_to_monotonic isn't positive
241d36219a USB: serial: option: add Telit FN990 compositions
d2bb4378e2 USB: serial: cp210x: fix CP2105 GPIO registration
bae7f08082 usb: xhci: Extend support for runtime power management for AMD's Yellow carp.
3dc6b5f2a4 PCI/MSI: Mask MSI-X vectors only on success
c520e7cf82 PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
ed31692a97 USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
aae3448b78 USB: gadget: bRequestType is a bitfield, not a enum
ad0ed314d6 sit: do not call ipip6_dev_free() from sit_init_net()
c675256a7f net: systemport: Add global locking for descriptor lifecycle
2bf888fa4a net/smc: Prevent smc_release() from long blocking
56a6ffea18 net: Fix double 0x prefix print in SKB dump
027a13973d net/packet: rx_owner_map depends on pg_vec
699e794c12 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
a97e7dd4b7 ixgbe: set X550 MDIO speed before talking to PHY
8addba6cab igbvf: fix double free in `igbvf_probe`
36844e250a igb: Fix removal of unicast MAC filters of VFs
bca4a53ea7 soc/tegra: fuse: Fix bitwise vs. logical OR warning
166f0adf7e rds: memory leak in __rds_conn_create()
9cb405ee53 flow_offload: return EOPNOTSUPP for the unsupported mpls action type
066a637d1c net: sched: lock action when translating it to flow_action infra
e7660f9535 mac80211: fix lookup when adding AddBA extension element
f363af7c70 mac80211: accept aggregation sessions on 6 GHz
1e65261481 mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
ceb30f48d8 mac80211: agg-tx: refactor sending addba
eeaf9c0609 selftest/net/forwarding: declare NETIFS p9 p10
2252220d9e dmaengine: st_fdma: fix MODULE_ALIAS
18203fe176 selftests: Fix IPv6 address bind tests
b46f0afa74 selftests: Fix raw socket bind tests with VRF
7b5596e531 inet_diag: fix kernel-infoleak for UDP sockets
2c589cf07b inet_diag: use jiffies_delta_to_msecs()
0d80462fbd sch_cake: do not call cake_destroy() from cake_init()
2fba53ccfb s390/kexec_file: fix error handling when applying relocations
b380bf012d selftests: net: Correct ping6 expected rc from 2 to 1
ec5c00be78 clk: Don't parent clks until the parent is fully registered
f83ed203c8 ARM: socfpga: dts: fix qspi node compatible
46b9e29db2 mac80211: track only QoS data frames for admission control
a6f18191c6 arm64: dts: rockchip: fix audio-supply for Rock Pi 4
86f2789e3c arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
4bb0142433 arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge
e0759696de nfsd: fix use-after-free due to delegation race
7243aa7150 iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
0d3277eabd audit: improve robustness of the audit queue handling
501ecd90ef dm btree remove: fix use after free in rebalance_children()
b25e213522 recordmcount.pl: look for jgnop instruction as well as bcrl on s390
c0954f1010 virtio_ring: Fix querying of maximum DMA mapping size for virtio device
802a1a8501 firmware: arm_scpi: Fix string overflow in SCPI genpd driver
33f0dfab31 mac80211: send ADDBA requests using the tid/queue of the aggregation session
873e664a83 mac80211: mark TX-during-stop for TX in in_reconfig
ff3e3fdc73 KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
5ba000444a Merge 5.4.167 into android11-5.4-lts
e8ef940326 Linux 5.4.167
c97579584f arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
6026d4032d arm: extend pfn_valid to take into account freed memory map alignment
492f4d3cde memblock: ensure there is no overflow in memblock_overlaps_region()
bdca964781 memblock: align freed memory map on pageblock boundaries with SPARSEMEM
60111b30be memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER
3e8e272805 hwmon: (dell-smm) Fix warning on /proc/i8k creation error
f6f1d19114 bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
b06b1f4630 selinux: fix race condition when computing ocontext SIDs
2fb8e4267c KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
467359957a tracing: Fix a kmemleak false positive in tracing_map
fb8cd2b336 drm/amd/display: add connector type check for CRC source set
8fc2f28e33 drm/amd/display: Fix for the no Audio bug with Tiled Displays
c0315e9355 net: netlink: af_netlink: Prevent empty skb by adding a check on len.
7ff666e6fd i2c: rk3x: Handle a spurious start completion interrupt flag
409ecd029a parisc/agp: Annotate parisc agp init functions with __init
4233fbd459 net/mlx4_en: Update reported link modes for 1/10G
b6158d968b drm/msm/dsi: set default num_data_lanes
d731ecc6f2 nfc: fix segfault in nfc_genl_dump_devices_done
4a68bf4833 Merge 5.4.166 into android11-5.4-lts
c32c40ff80 Linux 5.4.166
eb1b5eaadd netfilter: selftest: conntrack_vrf.sh: fix file permission
a91f4fe26c Merge 5.4.165 into android11-5.4-lts
7f70428f01 Linux 5.4.165
3a99b4baff bpf: Add selftests to cover packet access corner cases
b8a2c49aa9 misc: fastrpc: fix improper packet size calculation
8f9a25e452 irqchip: nvic: Fix offset for Interrupt Priority Offsets
61981e5fee irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
fc20091b3f irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
a3689e694b irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
8c163a1427 iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
20f0fb418b iio: ad7768-1: Call iio_trigger_notify_done() on error
b68f44829b iio: adc: axp20x_adc: fix charging current reporting on AXP22x
e79d86de1e iio: at91-sama5d2: Fix incorrect sign extension
5f3d932f91 iio: dln2: Check return value of devm_iio_trigger_register()
7447f04508 iio: dln2-adc: Fix lockdep complaint
4c0fa7ed5a iio: itg3200: Call iio_trigger_notify_done() on error
e67d60c5eb iio: kxsd9: Don't return error code in trigger handler
f143cfdccf iio: ltr501: Don't return error code in trigger handler
acf0088ac0 iio: mma8452: Fix trigger reference couting
02553e9712 iio: stk3310: Don't return error code in interrupt handler
1374297ccf iio: trigger: stm32-timer: fix MODULE_ALIAS
1dadba28a8 iio: trigger: Fix reference counting
ec0cddcc24 xhci: avoid race between disable slot command and host runtime suspend
8d45969ca3 usb: core: config: using bit mask instead of individual bits
d1eee0a393 xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
d2f242d7a9 usb: core: config: fix validation of wMaxPacketValue entries
9978777c54 USB: gadget: zero allocate endpoint 0 buffers
fd6de5a0cd USB: gadget: detect too-big endpoint 0 requests
46d3477cde selftests/fib_tests: Rework fib_rp_filter_test()
caff29d112 net/qla3xxx: fix an error code in ql_adapter_up()
4aa28ac937 net, neigh: clear whole pneigh_entry at alloc time
f23f60e81a net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
05bc4d266e net: altera: set a couple error code in probe()
84a890d695 net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
e9ca63a07d tools build: Remove needless libpython-version feature check that breaks test-all fast path
49e59d5144 dt-bindings: net: Reintroduce PHY no lane swap binding
b78a27fa58 mtd: rawnand: fsmc: Fix timing computation
7596d0deec mtd: rawnand: fsmc: Take instruction delay into account
9f88ca269c i40e: Fix pre-set max number of queues for VF
171527da84 i40e: Fix failed opcode appearing if handling messages from VF
ee8bfa62bf ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
43dcb79c1d qede: validate non LSO skb length
727858a98a block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
9ba5635cfa tracefs: Set all files to the same group ownership as the mount option
4105e6a128 aio: fix use-after-free due to missing POLLFREE handling
380185111f aio: keep poll requests on waitqueue until completed
aac8151624 signalfd: use wake_up_pollfree()
1a478a0522 binder: use wake_up_pollfree()
e0c03d15cd wait: add wake_up_pollfree()
6db0db1657 libata: add horkage for ASMedia 1092
050ac9da67 x86/sme: Explicitly map new EFI memmap table as encrypted
9f5b334ee6 can: m_can: Disable and ignore ELO interrupt
abb4eff3dc can: pch_can: pch_can_rx_normal: fix use after free
291a164ac1 drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
f53b73953f clk: qcom: regmap-mux: fix parent clock lookup
e871f89ebf tracefs: Have new files inherit the ownership of their parent
f5734b1714 nfsd: Fix nsfd startup race (again)
412498e9e5 btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
aa4740bc85 btrfs: clear extent buffer uptodate when we fail to write it
434927e938 ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
76f19e4cbb ALSA: pcm: oss: Limit the period size to 16MB
f12c8a7515 ALSA: pcm: oss: Fix negative period/buffer sizes
5b06fa0cd2 ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
caaea6bd3e ALSA: ctl: Fix copy of updated id with element read/write
a7ea5c099a mm: bdi: initialize bdi_min_ratio when bdi is unregistered
b8a7980405 IB/hfi1: Correct guard on eager buffer deallocation
ab1be91cf1 iavf: Fix reporting when setting descriptor count
c21bb711d0 iavf: restore MSI state on reset
c8ae8c812e udp: using datalen to cap max gso segments
ef8804e47c seg6: fix the iif in the IPv6 socket control block
2e0e072e62 nfp: Fix memory leak in nfp_cpp_area_cache_add()
3db6482523 bonding: make tx_rebalance_counter an atomic
143ceb9b67 ice: ignore dropped packets during init
4174bd4221 bpf: Fix the off-by-two error in range markings
15f987473d vrf: don't run conntrack on vrf with !dflt qdisc
8d3563ecbc selftests: netfilter: add a vrf+conntrack testcase
48fcd08fdb nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
1a295fea90 can: sja1000: fix use after free in ems_pcmcia_add_card()
fbcb12bc9d can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter
68daa476f4 can: kvaser_usb: get CAN clock frequency from device
a7944962ee HID: check for valid USB device for many HID drivers
e9114b9dc8 HID: wacom: fix problems when device is not a valid USB device
8e0ceff632 HID: bigbenff: prevent null pointer dereference
31520ec149 HID: add USB_HID dependancy on some USB HID drivers
f8a6538587 HID: add USB_HID dependancy to hid-chicony
ee8477d1db HID: add USB_HID dependancy to hid-prodikeys
6e1e0a0142 HID: add hid_is_usb() function to make it simpler for USB detection
1e8db541c2 HID: google: add eel USB id
cb7b13c982 HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
f99b201379 ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type
eb246f58e1 serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
b2d37d0916 Merge branch 'android11-5.4' into 'android11-5.4-lts'
0bbf0a0642 ANDROID: GKI: fix up abi breakage in fib_rules.h
4872cb8f42 Merge 5.4.164 into android11-5.4-lts
e3c95128de Linux 5.4.164
5df7d6a012 ipmi: msghandler: Make symbol 'remove_work_wq' static
5d1e83fffb net/tls: Fix authentication failure in CCM mode
cffd7583c9 parisc: Mark cr16 CPU clocksource unstable on all SMP machines
23b40edec8 iwlwifi: mvm: retry init flow if failed
8d6e4b422d serial: 8250_pci: rewrite pericom_do_set_divisor()
181cf7622c serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
c5da8aa441 serial: core: fix transmit-buffer reset and memleak
7ed4a98a17 serial: pl011: Add ACPI SBSA UART match id
9e16682c94 tty: serial: msm_serial: Deactivate RX DMA for polling support
b5dd5a467e x86/64/mm: Map all kernel memory into trampoline_pgd
72736a3b90 x86/tsc: Disable clocksource watchdog for TSC on qualified platorms
fe3cd48420 x86/tsc: Add a timer to make sure TSC_adjust is always checked
957a203fe1 usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
7fbde74437 USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
095a39a2cc xhci: Fix commad ring abort, write all 64 bits to CRCR register.
caedb12c77 vgacon: Propagate console boot parameters before calling `vc_resize'
a429446862 parisc: Fix "make install" on newer debian releases
fbe7eacab7 parisc: Fix KBUILD_IMAGE for self-extracting kernel
c6a9060be5 sched/uclamp: Fix rq->uclamp_max not set on first enqueue
8ae8ccd240 KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
ee38eb8cf9 ipv6: fix memory leak in fib6_rule_suppress
9d15962826 drm/msm: Do hw_init() before capturing GPU state
10bad5a197 net/smc: Keep smc_close_final rc during active close
3f2a23fd13 net/rds: correct socket tunable error in rds_tcp_tune()
01c60b3f47 ipv4: convert fib_num_tclassid_users to atomic_t
efb0739817 net: annotate data-races on txq->xmit_lock_owner
bfec04c689 net: marvell: mvpp2: Fix the computation of shared CPUs
d4034bb9b5 net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available
3e70e3a72d rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
ae8a253f3f selftests: net: Correct case name
e461a9816a net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
af120fcffd siphash: use _unaligned version by default
f70c6281ea net: mpls: Fix notifications when deleting a device
bbeb0325a7 net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
49ab336231 natsemi: xtensa: fix section mismatch warnings
063d223362 i2c: cbus-gpio: set atomic transfer callback
f5d7bd03f8 i2c: stm32f7: stop dma transfer in case of NACK
9fce2ead76 i2c: stm32f7: recover the bus on access timeout
bc0215cbd1 i2c: stm32f7: flush TX FIFO upon transfer errors
742a5ae18c sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
77393806c7 sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
03d4462ba3 fget: check that the fd still exists after getting a ref to it
a78b607e1b s390/pci: move pseudo-MMIO to prevent MIO overlap
006edd736d cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
648813c26d ipmi: Move remove_work to dedicated workqueue
3f8f7eef8c rt2x00: do not mark device gone on EPROTO errors during start
c2e2ccaac3 kprobes: Limit max data_size of the kretprobe instances
03ee5e8c63 vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
f82013d1d6 net/smc: Avoid warning of possible recursive locking
df5990db08 perf report: Fix memory leaks around perf_tip()
b380d09e44 perf hist: Fix memory leak of a perf_hpp_fmt
57247f7035 net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
77ff166909 net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
99bb25cb67 ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
0f89c59e75 ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
36c8f68695 scsi: iscsi: Unblock session then wake up error handler
dbbc8aeaf7 thermal: core: Reset previous low and high trip during thermal zone init
ebc8aed3b9 btrfs: check-integrity: fix a warning on write caching disabled disk
5db28ea9f1 s390/setup: avoid using memblock_enforce_memory_limit
5d93fc221c platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
9627494898 net: return correct error code
89d15a2e40 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
d6e981ec94 net/smc: Transfer remaining wait queue entries during fallback
a1671b224b mac80211: do not access the IV when it was stripped
3200cf7b9b drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY
7ef9903650 gfs2: Fix length of holes reported at end-of-file
fe915dbd0f can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
fb158a2654 arm64: dts: mcbin: support 2W SFP modules
39b3b131d1 of: clk: Make <linux/of_clk.h> self-contained
aad716bd14 NFSv42: Fix pagecache invalidation after COPY/CLONE
f0bd3f6558 Revert "net: ipv6: add fib6_nh_release_dsts stub"
e960255796 Revert "net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group"
ac1da9a21e Revert "mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB"
c2531fc2c9 Merge 5.4.163 into android11-5.4-lts
57899c4e26 Linux 5.4.163
6c728efe16 tty: hvc: replace BUG_ON() with negative return value
c3024e1945 xen/netfront: don't trust the backend response data blindly
828b1d3861 xen/netfront: disentangle tx_skb_freelist
5b757077da xen/netfront: don't read data from request on the ring page
5c374d830e xen/netfront: read response from backend only once
3456a07614 xen/blkfront: don't trust the backend response data blindly
6392f51a9d xen/blkfront: don't take local copy of a request from the ring page
ce011335cb xen/blkfront: read response from backend only once
61826a7884 xen: sync include/xen/interface/io/ring.h with Xen's newest version
54f682cd48 fuse: release pipe buf after last use
eff32973ec NFC: add NCI_UNREG flag to eliminate the race
4378845398 shm: extend forced shm destroy to support objects from several IPC nses
b23c0c4c9e s390/mm: validate VMA in PGSTE manipulation functions
3c9a213e0e tracing: Check pid filtering when creating events
dda227cccf vhost/vsock: fix incorrect used length reported to the guest
2eacc0acf6 smb3: do not error on fsync when readonly
51be334da3 f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
3ceecea047 net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
ee4e3f9d3d net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
0ea2e5497b net: hns3: fix VF RSS failed problem after PF enable multi-TCs
3b96164039 net/smc: Don't call clcsock shutdown twice when smc shutdown
5e44178864 net: vlan: fix underflow for the real_dev refcnt
296139e1de MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
9f5838471a igb: fix netpoll exit with traffic
25980820c4 nvmet: use IOCB_NOWAIT only if the filesystem supports it
d54662a91f tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
562fe6a6d2 PM: hibernate: use correct mode for swsusp_close()
2654e6cfc4 net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
080f6b694e nvmet-tcp: fix incomplete data digest send
6c0ab2caa8 net/smc: Ensure the active closing peer first closes clcsock
7854de57be scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
67a6f64a0c net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
cca61bb170 net: ipv6: add fib6_nh_release_dsts stub
ddd0518c1e nfp: checking parameter process for rx-usecs/tx-usecs is invalid
b638eb32c6 ipv6: fix typos in __ip6_finish_output()
8029ced6d7 iavf: Prevent changing static ITR values if adaptive moderation is on
4374e414fc drm/vc4: fix error code in vc4_create_object()
7e324f734a scsi: mpt3sas: Fix kernel panic during drive powercycle test
dc9eb93d5a ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
a078967dd3 NFSv42: Don't fail clone() unless the OP_CLONE operation failed
ce50e97a06 firmware: arm_scmi: pm: Propagate return value to caller
7360abf31c net: ieee802154: handle iftypes as u32
4421a196fd ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
76867d0cb8 ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
a848a22e94 ARM: dts: BCM5301X: Add interrupt properties to GPIO node
03f7379e2c ARM: dts: BCM5301X: Fix I2C controller interrupt
17a763eab7 netfilter: ipvs: Fix reuse connection if RS weight is 0
fd7974c547 proc/vmcore: fix clearing user buffer by properly using clear_user()
66d6eacba7 arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
3a4baf070c pinctrl: armada-37xx: Correct PWM pins definitions
086226048b PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
7c517d7b88 PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
44b2776a93 PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
bbc6201152 PCI: aardvark: Fix link training
3d770a2095 PCI: aardvark: Simplify initialization of rootcap on virtual bridge
a06ace0d31 PCI: aardvark: Implement re-issuing config requests on CRS response
75faadcc3a PCI: aardvark: Fix PCIe Max Payload Size setting
c697885a12 PCI: aardvark: Configure PCIe resources from 'ranges' DT property
e3c51ac70a PCI: pci-bridge-emul: Fix array overruns, improve safety
ea6eef03da PCI: aardvark: Update comment about disabling link training
fe8a8c3a40 PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
14311e77c9 PCI: aardvark: Fix compilation on s390
93491c5d26 PCI: aardvark: Don't touch PCIe registers if no card connected
8b0f7b8b78 PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
e090b2e270 PCI: aardvark: Issue PERST via GPIO
0ad291db2d PCI: aardvark: Improve link training
063a98c005 PCI: aardvark: Train link immediately after enabling training
bbe213fd12 PCI: aardvark: Fix big endian support
5551081d84 PCI: aardvark: Wait for endpoint to be ready before training link
65d962199b PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
57c7d46e8b mdio: aspeed: Fix "Link is Down" issue
e466278662 mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
e09e868c63 tracing: Fix pid filtering when triggers are attached
f5bbebfd7c tracing/uprobe: Fix uprobe_perf_open probes iteration
5c895828f4 KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
4f1adc3f57 xen: detect uninitialized xenbus in xenbus_init
173fe1aedf xen: don't continue xenstore initialization in case of errors
2e1ec01af2 staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
e72e981d16 staging/fbtft: Fix backlight
9b406e39e5 HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
c03ad97293 Revert "parisc: Fix backtrace to always include init funtion names"
4a6f918a92 media: cec: copy sequence field for the reply
8d0b9ea191 ALSA: ctxfi: Fix out-of-range access
aaa83768ba binder: fix test regression due to sender_euid change
d797fde864 usb: hub: Fix locking issues with address0_mutex
4b354aeea4 usb: hub: Fix usb enumeration issue due to address0 race
d00bf013ae usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
7b6f44856d net: nexthop: fix null pointer dereference when IPv6 is not enabled
9ad421aedc usb: dwc2: hcd_queue: Fix use of floating point literal
e44a934f9e usb: dwc2: gadget: Fix ISOC flow for elapsed frames
c2e05c4ed8 USB: serial: option: add Fibocom FM101-GL variants
ee034eae9d USB: serial: option: add Telit LE910S1 0x9200 composition
fe0ed45e42 Merge 5.4.162 into android11-5.4-lts
9334f48f56 Linux 5.4.162
46a8e16fcf ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
293385739d ALSA: hda: hdac_ext_stream: fix potential locking issues
201340ca4e hugetlbfs: flush TLBs correctly after huge_pmd_unshare
e7891b22b2 tlb: mmu_gather: add tlb_flush_*_range APIs
10e34766d8 ice: Delete always true check of PF pointer
101485e566 usb: max-3421: Use driver data instead of maintaining a list of bound devices
4e1b3e718f ASoC: DAPM: Cover regression by kctl change notification fix
56a32c8276 batman-adv: Don't always reallocate the fragmentation skb head
08bceb1e30 batman-adv: Reserve needed_*room for fragments
374c55d416 batman-adv: Consider fragmentation for needed_headroom
9eff9854f8 perf/core: Avoid put_page() when GUP fails
e0122ea133 Revert "net: mvpp2: disable force link UP during port init procedure"
4efa2509d3 drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
c0276de0be drm/i915/dp: Ensure sink rate values are always valid
1c4af56ffb drm/nouveau: use drm_dev_unplug() during device removal
9e98622aa5 drm/udl: fix control-message timeout
52affc201f cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
ca9834a114 parisc/sticon: fix reverse colors
670f6b3867 btrfs: fix memory ordering between normal and ordered work functions
1c38822159 udf: Fix crash after seekdir
f79957d274 s390/kexec: fix memory leak of ipl report buffer
b0e44dfb4e x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
f2e0cd42f1 mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
95de3703a1 ipc: WARN if trying to remove ipc object which is absent
8997bb6d1e hexagon: export raw I/O routines for modules
01a7ecd36d tun: fix bonding active backup with arp monitoring
7c8f778f0a arm64: vdso32: suppress error message for 'make mrproper'
e636f65b3d s390/kexec: fix return code handling
cc093e5a96 perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
cc63a789d8 perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
47a8108178 KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
307d2e6ceb NFC: reorder the logic in nfc_{un,}register_device
da3a87eeb9 drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
e418bb556f NFC: reorganize the functions in nci_request
bbb8376d58 i40e: Fix display error code in dmesg
69e5d27af5 i40e: Fix creation of first queue by omitting it if is not power of two
5564e9129f i40e: Fix ping is lost after configuring ADq on VF
8509178dc0 i40e: Fix changing previously set num_queue_pairs for PFs
c30162da91 i40e: Fix NULL ptr dereference on VSI filter sync
0a0308af22 i40e: Fix correct max_pkt_size on VF RX queue
fb2dbc124a net: virtio_net_hdr_to_skb: count transport header in UFO
d74ff10ed2 net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
8b2c66b0f2 net: sched: act_mirred: drop dst for the direction from egress to ingress
edd783162b scsi: core: sysfs: Fix hang when device state is set via sysfs
446882f216 platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
453b5b614b mips: lantiq: add support for clk_get_parent()
477653f3e4 mips: bcm63xx: add support for clk_get_parent()
426fed211b MIPS: generic/yamon-dt: fix uninitialized variable error
67334abd4f iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
98f3badc41 iavf: validate pointers
92cecf3491 iavf: prevent accidental free of filter structure
63f032a956 iavf: Fix failure to exit out from last all-multicast mode
926e8c83d4 iavf: free q_vectors before queues in iavf_disable_vf
f0222e7eee iavf: check for null in iavf_fix_features
b5638bc64a net: bnx2x: fix variable dereferenced before check
fbba0692ec perf tests: Remove bash construct from record+zstd_comp_decomp.sh
9e0df711f8 perf bench futex: Fix memory leak of perf_cpu_map__new()
642fc22210 perf bpf: Avoid memory leak from perf_env__insert_btf()
6bf5523090 RDMA/netlink: Add __maybe_unused to static inline in C file
ef82c3716a tracing/histogram: Do not copy the fixed-size char array field over the field size
80b7776069 tracing: Save normal string variables
8928e31a77 sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
a93a58bae9 mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
05311b9192 clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
ee1317e1f4 clk/ast2600: Fix soc revision for AHB
d6c32b4c83 clk: ingenic: Fix bugs with divided dividers
982d31ba55 sh: define __BIG_ENDIAN for math-emu
214cd15d36 sh: math-emu: drop unused functions
3d774e776f sh: fix kconfig unmet dependency warning for FRAME_POINTER
7727659e45 f2fs: fix up f2fs_lookup tracepoints
d7c612f6b1 maple: fix wrong return value of maple_bus_init().
9823ba8f17 sh: check return code of request_irq
94292e4577 powerpc/dcr: Use cmplwi instead of 3-argument cmpli
c6d2cefdd0 ALSA: gus: fix null pointer dereference on pointer block
513543f1ed powerpc/5200: dts: fix memory node unit name
3a9eae47a5 iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
a3ecee8a8f scsi: target: Fix alua_tg_pt_gps_count tracking
14934afd4f scsi: target: Fix ordered tag handling
1ab3b4f4f4 MIPS: sni: Fix the build
d491c84df5 tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
80709beddb ALSA: ISA: not for M68K
2f8cda43c4 ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
723c1af01c ARM: dts: ls1021a: move thermal-zones node out of soc/
f98986b7ac usb: host: ohci-tmio: check return value after calling platform_get_resource()
e187c2f3f2 ARM: dts: omap: fix gpmc,mux-add-data type
3b9d8d3e4a firmware_loader: fix pre-allocated buf built-in firmware use
cc248790bf scsi: advansys: Fix kernel pointer leak
bcc1eac0bd ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
c9428e1341 clk: imx: imx6ul: Move csi_sel mux to correct base register
e5f8c43c85 ASoC: SOF: Intel: hda-dai: fix potential locking issue
cb074c00b7 arm64: dts: freescale: fix arm,sp805 compatible string
a14d7038ea arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
30dcfcda89 usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
3ee15f1af1 usb: musb: tusb6010: check return value after calling platform_get_resource()
ba9579f832 RDMA/bnxt_re: Check if the vlan is valid before reporting
bf6a633b07 arm64: dts: hisilicon: fix arm,sp805 compatible string
16bcbfb56d scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
51c94d6aee ARM: dts: NSP: Fix mpcore, mmc node names
1390f32ea9 arm64: zynqmp: Fix serial compatible string
31df0f0f18 arm64: zynqmp: Do not duplicate flash partition label property
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1a6bc17e217ed13d976d558d7eb3b0208d810db6
The syzbot fuzzer found a use-after-free bug:
BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320
Read of size 8 at addr ffff88802b934098 by task udevd/3689
CPU: 2 PID: 3689 Comm: udevd Not tainted 5.17.0-rc4-syzkaller-00229-g4f12b742eb2b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
dev_uevent+0x712/0x780 drivers/base/core.c:2320
uevent_show+0x1b8/0x380 drivers/base/core.c:2391
dev_attr_show+0x4b/0x90 drivers/base/core.c:2094
Although the bug manifested in the driver core, the real cause was a
race with the gadget core. dev_uevent() does:
if (dev->driver)
add_uevent_var(env, "DRIVER=%s", dev->driver->name);
and between the test and the dereference of dev->driver, the gadget
core sets dev->driver to NULL.
The race wouldn't occur if the gadget core registered its devices on
a real bus, using the standard synchronization techniques of the
driver core. However, it's not necessary to make such a large change
in order to fix this bug; all we need to do is make sure that
udc->dev.driver is always NULL.
In fact, there is no reason for udc->dev.driver ever to be set to
anything, let alone to the value it currently gets: the address of the
gadget's driver. After all, a gadget driver only knows how to manage
a gadget, not how to manage a UDC.
This patch simply removes the statements in the gadget core that touch
udc->dev.driver.
Fixes: 2ccea03a8f ("usb: gadget: introduce UDC Class")
CC: <stable@vger.kernel.org>
Reported-and-tested-by: syzbot+348b571beb5eeb70a582@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/YiQgukfFFbBnwJ/9@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 16b1941eac2bd499f065a6739a40ce0011a3d740)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I857485f80975151edada479529fb418b4d85eaaa
If "BufOffset" is very large the "BufOffset + 8" operation can have an
integer overflow.
Bug: 213172319
Cc: stable@kernel.org
Fixes: 38ea1eac7d88 ("usb: gadget: rndis: check size of RNDIS_MSG_SET command")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20220301080424.GA17208@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 65f3324f4b6fed78b8761c3b74615ecf0ffa81fa)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I16c7c6c5a0a3a0102d1c6c9ddfca2a1ad1106880
__sdei_asm_trampoline_next_handler shouldn't have its own name as the
tramp_data_read_var takes the symbol name, and generates the name for
the value in the data page if CONFIG_RANDOMIZE_BASE is clear.
This means when CONFIG_RANDOMIZE_BASE is clear, this code won't compile
as __sdei_asm_trampoline_next_handler doesn't exist.
Use the proper name, and let the macro do its thing.
Bug: 215557547
Reported-by: Florian Fainelli <f.fainelli@gmail.com>
Tested-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit fcbdaa6a3c)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id1c10012202a672e86b0216d8a4082687a8ac451
commit 228a26b912287934789023b4132ba76065d9491c upstream.
Future CPUs may implement a clearbhb instruction that is sufficient
to mitigate SpectreBHB. CPUs that implement this instruction, but
not CSV2.3 must be affected by Spectre-BHB.
Add support to use this instruction as the BHB mitigation on CPUs
that support it. The instruction is in the hint space, so it will
be treated by a NOP as older CPUs.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[ modified for stable: Use a KVM vector template instead of alternatives,
removed bitmap of mitigations ]
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic48741d6d4e7ad14bcf802ab58b082128c5f5a01
commit a5905d6af492ee6a4a2205f0d550b3f931b03d03 upstream.
KVM allows the guest to discover whether the ARCH_WORKAROUND SMCCC are
implemented, and to preserve that state during migration through its
firmware register interface.
Add the necessary boiler plate for SMCCC_ARCH_WORKAROUND_3.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[ kvm code moved to virt/kvm/arm. ]
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifccbbfa6d634e09aecf77d8f803a11f5729a3d45
commit 558c303c9734af5a813739cd284879227f7297d2 upstream.
Speculation attacks against some high-performance processors can
make use of branch history to influence future speculation.
When taking an exception from user-space, a sequence of branches
or a firmware call overwrites or invalidates the branch history.
The sequence of branches is added to the vectors, and should appear
before the first indirect branch. For systems using KPTI the sequence
is added to the kpti trampoline where it has a free register as the exit
from the trampoline is via a 'ret'. For systems not using KPTI, the same
register tricks are used to free up a register in the vectors.
For the firmware call, arch-workaround-3 clobbers 4 registers, so
there is no choice but to save them to the EL1 stack. This only happens
for entry from EL0, so if we take an exception due to the stack access,
it will not become re-entrant.
For KVM, the existing branch-predictor-hardening vectors are used.
When a spectre version of these vectors is in use, the firmware call
is sufficient to mitigate against Spectre-BHB. For the non-spectre
versions, the sequence of branches is added to the indirect vector.
Bug: 215557547
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: <stable@kernel.org> # <v5.17.x 72bb9dcb6c33c arm64: Add Cortex-X2 CPU part definition
Cc: <stable@kernel.org> # <v5.16.x 2d0d656700d67 arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
Cc: <stable@kernel.org> # <v5.10.x 8a6b88e66233f arm64: Add part number for Arm Cortex-A77
[ modified for stable, moved code to cpu_errata.c removed bitmap of
mitigations, use kvm template infrastructure ]
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iec7c20a517027e59c83cce400d8bcb662536d3ad
KVM writes the Spectre-v2 mitigation template at the beginning of each
vector when a CPU requires a specific sequence to run.
Because the template is copied, it can not be modified by the alternatives
at runtime.
Add templates for calling ARCH_WORKAROUND_3 and one for each value of K
in the brancy-loop. Instead of adding dummy functions for 'fn', which would
disable the Spectre-v2 mitigation, add template_start to indicate that a
template (and which one) is in use. Finally add a copy of
install_bp_hardening_cb() that is able to install these.
Bug: 215557547
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9c90d2191cfd1b5b3454404c782b127f63a305fe
commit dee435be76f4117410bbd90573a881fd33488f37 upstream.
Speculation attacks against some high-performance processors can
make use of branch history to influence future speculation as part of
a spectre-v2 attack. This is not mitigated by CSV2, meaning CPUs that
previously reported 'Not affected' are now moderately mitigated by CSV2.
Update the value in /sys/devices/system/cpu/vulnerabilities/spectre_v2
to also show the state of the BHB mitigation.
Bug: 215557547
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[ code move to cpu_errata.c for backport ]
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I73108ce1cd7603776dbaadeec90100c81c5223dd
commit bd09128d16fac3c34b80bd6a29088ac632e8ce09 upstream.
The Spectre-BHB workaround adds a firmware call to the vectors. This
is needed on some CPUs, but not others. To avoid the unaffected CPU in
a big/little pair from making the firmware call, create per cpu vectors.
The per-cpu vectors only apply when returning from EL0.
Systems using KPTI can use the canonical 'full-fat' vectors directly at
EL1, the trampoline exit code will switch to this_cpu_vector on exit to
EL0. Systems not using KPTI should always use this_cpu_vector.
this_cpu_vector will point at a vector in tramp_vecs or
__bp_harden_el1_vectors, depending on whether KPTI is in use.
Bug: 215557547
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If8b6df2e834d4a1dde1976607c082319aebbfe99
commit b28a8eebe81c186fdb1a0078263b30576c8e1f42 upstream.
The trampoline code needs to use the address of symbols in the wider
kernel, e.g. vectors. PC-relative addressing wouldn't work as the
trampoline code doesn't run at the address the linker expected.
tramp_ventry uses a literal pool, unless CONFIG_RANDOMIZE_BASE is
set, in which case it uses the data page as a literal pool because
the data page can be unmapped when running in user-space, which is
required for CPUs vulnerable to meltdown.
Pull this logic out as a macro, instead of adding a third copy
of it.
Bug: 215557547
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I21499219d00a0527097138896fafa9e64f1809e1
commit ba2689234be92024e5635d30fe744f4853ad97db upstream.
Some CPUs affected by Spectre-BHB need a sequence of branches, or a
firmware call to be run before any indirect branch. This needs to go
in the vectors. No CPU needs both.
While this can be patched in, it would run on all CPUs as there is a
single set of vectors. If only one part of a big/little combination is
affected, the unaffected CPUs have to run the mitigation too.
Create extra vectors that include the sequence. Subsequent patches will
allow affected CPUs to select this set of vectors. Later patches will
modify the loop count to match what the CPU requires.
Bug: 215557547
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic04ed6f5ef848b5b964d8b7ba715c09fcbfb99d8
commit aff65393fa1401e034656e349abd655cfe272de0 upstream.
kpti is an optional feature, for systems not using kpti a set of
vectors for the spectre-bhb mitigations is needed.
Add another set of vectors, __bp_harden_el1_vectors, that will be
used if a mitigation is needed and kpti is not in use.
The EL1 ventries are repeated verbatim as there is no additional
work needed for entry from EL1.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0f1b2fbc050fc14122333d2aba97830e6a6fbe24
commit a9c406e6462ff14956d690de7bbe5131a5677dc9 upstream.
Adding a second set of vectors to .entry.tramp.text will make it
larger than a single 4K page.
Allow the trampoline text to occupy up to three pages by adding two
more fixmap slots. Previous changes to tramp_valias allowed it to reach
beyond a single page.
Bug: 215557547
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idcff9a24995b9c78a9eb8aabe4b24d2742226899
commit c47e4d04ba0f1ea17353d85d45f611277507e07a upstream.
Spectre-BHB needs to add sequences to the vectors. Having one global
set of vectors is a problem for big/little systems where the sequence
is costly on cpus that are not vulnerable.
Making the vectors per-cpu in the style of KVM's bh_harden_hyp_vecs
requires the vectors to be generated by macros.
Make the kpti re-mapping of the kernel optional, so the macros can be
used without kpti.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1d7c2250fab010fbeba64709c48bf1c8ce6bed53
commit 13d7a08352a83ef2252aeb464a5e08dfc06b5dfd upstream.
The macros for building the kpti trampoline are all behind
CONFIG_UNMAP_KERNEL_AT_EL0, and in a region that outputs to the
.entry.tramp.text section.
Move the macros out so they can be used to generate other kinds of
trampoline. Only the symbols need to be guarded by
CONFIG_UNMAP_KERNEL_AT_EL0 and appear in the .entry.tramp.text section.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I82c3178d6c3c41fd9eaa459f39ba7d203f8ebdf6
commit ed50da7764535f1e24432ded289974f2bf2b0c5a upstream.
The tramp_ventry macro uses tramp_vectors as the address of the vectors
when calculating which ventry in the 'full fat' vectors to branch to.
While there is one set of tramp_vectors, this will be true.
Adding multiple sets of vectors will break this assumption.
Move the generation of the vectors to a macro, and pass the start
of the vectors as an argument to tramp_ventry.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id0d430e9c5485afa650bbe09ba3ca3589c985c3c
commit 6c5bf79b69f911560fbf82214c0971af6e58e682 upstream.
Systems using kpti enter and exit the kernel through a trampoline mapping
that is always mapped, even when the kernel is not. tramp_valias is a macro
to find the address of a symbol in the trampoline mapping.
Adding extra sets of vectors will expand the size of the entry.tramp.text
section to beyond 4K. tramp_valias will be unable to generate addresses
for symbols beyond 4K as it uses the 12 bit immediate of the add
instruction.
As there are now two registers available when tramp_alias is called,
use the extra register to avoid the 4K limit of the 12 bit immediate.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I02a6a4752267d47088fbb77b5ad5c9e23e85af84
commit c091fb6ae059cda563b2a4d93fdbc548ef34e1d6 upstream.
The trampoline code has a data page that holds the address of the vectors,
which is unmapped when running in user-space. This ensures that with
CONFIG_RANDOMIZE_BASE, the randomised address of the kernel can't be
discovered until after the kernel has been mapped.
If the trampoline text page is extended to include multiple sets of
vectors, it will be larger than a single page, making it tricky to
find the data page without knowing the size of the trampoline text
pages, which will vary with PAGE_SIZE.
Move the data page to appear before the text page. This allows the
data page to be found without knowing the size of the trampoline text
pages. 'tramp_vectors' is used to refer to the beginning of the
.entry.tramp.text section, do that explicitly.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I92f513bfd3520df9e6cc2e6b7da1887110a9dded
commit 03aff3a77a58b5b52a77e00537a42090ad57b80b upstream.
Kpti stashes x30 in far_el1 while it uses x30 for all its work.
Making the vectors a per-cpu data structure will require a second
register.
Allow tramp_exit two registers before it unmaps the kernel, by
leaving x30 on the stack, and stashing x29 in far_el1.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idc83aa50bef2fb5d8a8f24e6ef7a8a59737680da
commit d739da1694a0eaef0358a42b76904b611539b77b upstream.
Subsequent patches will add additional sets of vectors that use
the same tricks as the kpti vectors to reach the full-fat vectors.
The full-fat vectors contain some cleanup for kpti that is patched
in by alternatives when kpti is in use. Once there are additional
vectors, the cleanup will be needed in more cases.
But on big/little systems, the cleanup would be harmful if no
trampoline vector were in use. Instead of forcing CPUs that don't
need a trampoline vector to use one, make the trampoline cleanup
optional.
Entry at the top of the vectors will skip the cleanup. The trampoline
vectors can then skip the first instruction, triggering the cleanup
to run.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I547669957d1f031090ca72727711ec089a603bc4
commit 4330e2c5c04c27bebf89d34e0bc14e6943413067 upstream.
Subsequent patches add even more code to the ventry slots.
Ensure kernels that overflow a ventry slot don't get built.
Bug: 215557547
Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7b0d4c9f0bd60c954d74c8615dff486104016a89
commit 8a6b88e66233f5f1779b0a1342aa9dc030dddcd5 upstream.
Add the MIDR part number info for the Arm Cortex-A77.
Bug: 215557547
Signed-off-by: Rob Herring <robh@kernel.org>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20201028182839.166037-1-robh@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Idf97dfd9bcb9253d49a99453ade706d3f2825009
commit eae5783908042a762c24e1bd11876edb91d314b1 upstream.
This patch fixes the problems below:
1. In non-shutdown_ack_sent states: in sctp_sf_do_5_1B_init() and
sctp_sf_do_5_2_2_dupinit():
chunk length check should be done before any checks that may cause
to send abort, as making packet for abort will access the init_tag
from init_hdr in sctp_ootb_pkt_new().
2. In shutdown_ack_sent state: in sctp_sf_do_9_2_reshutack():
The same checks as does in sctp_sf_do_5_2_2_dupinit() is needed
for sctp_sf_do_9_2_reshutack().
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I15f24cffcb32904562a4d318e6bf4c05ea22096e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6c7cb60bff7aec24b834343ff433125f469886a3 upstream.
When building for Thumb2, the vectors make use of a local label. Sadly,
the Spectre BHB code also uses a local label with the same number which
results in the Thumb2 reference pointing at the wrong place. Fix this
by changing the number used for the Spectre BHB local label.
Bug: 215557547
Fixes: b9baf5c8c5c3 ("ARM: Spectre-BHB workaround")
Tested-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2d1a926b165cc25cb5ac4482a1591f2ee189585d
commit 68453767131a5deec1e8f9ac92a9042f929e585d upstream.
When CONFIG_GENERIC_CPU_VULNERABILITIES is not set, references
to spectre_v2_update_state() cause a build error, so provide an
empty stub for that function when the Kconfig option is not set.
Fixes this build error:
arm-linux-gnueabi-ld: arch/arm/mm/proc-v7-bugs.o: in function `cpu_v7_bugs_init':
proc-v7-bugs.c:(.text+0x52): undefined reference to `spectre_v2_update_state'
arm-linux-gnueabi-ld: proc-v7-bugs.c:(.text+0x82): undefined reference to `spectre_v2_update_state'
Bug: 215557547
Fixes: b9baf5c8c5c3 ("ARM: Spectre-BHB workaround")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Russell King <rmk+kernel@armlinux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: patches@armlinux.org.uk
Acked-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I68a933128ef95a7ce0efc7fcda6fa34ac9b829b7
commit b1a384d2cbccb1eb3f84765020d25e2c1929706e upstream.
The kernel test robot discovered that building without
HARDEN_BRANCH_PREDICTOR issues a warning due to a missing
argument to pr_info().
Add the missing argument.
Bug: 215557547
Reported-by: kernel test robot <lkp@intel.com>
Fixes: 9dd78194a372 ("ARM: report Spectre v2 status through sysfs")
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic68494938f6a01595db5a4b386d5d59552b2c1bd
commit 36168e387fa7d0f1fe0cd5cf76c8cea7aee714fa upstream.
ld.lld does not support the NOCROSSREFS directive at the moment, which
breaks the build after commit b9baf5c8c5c3 ("ARM: Spectre-BHB
workaround"):
ld.lld: error: ./arch/arm/kernel/vmlinux.lds:34: AT expected, but got NOCROSSREFS
Support for this directive will eventually be implemented, at which
point a version check can be added. To avoid breaking the build in the
meantime, just define NOCROSSREFS to nothing when using ld.lld, with a
link to the issue for tracking.
Bug: 215557547
Cc: stable@vger.kernel.org
Fixes: b9baf5c8c5c3 ("ARM: Spectre-BHB workaround")
Link: https://github.com/ClangBuiltLinux/linux/issues/1609
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6c1ddb098c415e848b5422e768c483a04005079a
commit 33970b031dc4653cc9dc80f2886976706c4c8ef1 upstream.
In the recent Spectre BHB patches, there was a typo that is only
exposed in certain configurations: mcr p15,0,XX,c7,r5,4 should have
been mcr p15,0,XX,c7,c5,4
Bug: 215557547
Reported-by: kernel test robot <lkp@intel.com>
Fixes: b9baf5c8c5c3 ("ARM: Spectre-BHB workaround")
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic7ef143df05901125d0d936d5b70000320b9debe
Elliot Berman
Eric Dumazet
Xie Yongji
Miklos Szeredi
Ryun Park
Theodore Ts'o
Tadeusz Struk
Lee Jones
Aran Dalton
Oliver Neukum
Woogeun Lee
liquanzhou
Kai Lueke
Hangyu Hua
Greg Kroah-Hartman
Alan Stern
Dan Carpenter
James Morse
Anshuman Khandual
Joey Gouly
Suzuki K Poulose
Rob Herring
Xin Long
Lee Jones
Russell King (Oracle)
Randy Dunlap
Nathan Chancellor
Emmanuel Gil Peyrot