eb03a71570
60120 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Srinivasarao Pathipati
|
eb03a71570 |
Merge android11-5.4.180+ (e7792e2) into msm-5.4
* refs/heads/tmp-e7792e2: BACKPORT: scsi: ufs: Resume ufs host before accessing ufs device BACKPORT: can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path ANDROID: ABI: Added symbols for allwinner BACKPORT: can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path BACKPORT: esp: Fix possible buffer overflow in ESP transformation ANDROID: ABI: Update allowed list for QCOM ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree BACKPORT: staging: ion: Prevent incorrect reference counting behavour FROMGIT: net: fix wrong network header length ANDROID: fix KCFLAGS override by __ANDROID_COMMON_KERNEL__ ANDROID: Add flag to indicate compiling against ACK BACKPORT: net/packet: fix slab-out-of-bounds access in packet_recvmsg() BACKPORT: block: Add a helper to validate the block size BACKPORT: virtio-blk: Use blk_validate_block_size() to validate block size BACKPORT: fuse: fix pipe buffer lifetime for direct_io ANDROID: ABI: Update allowed list for galaxy Conflicts: build.config.common drivers/scsi/ufs/ufs-sysfs.c Change-Id: I7dc73e85ca1412a1d00422fd4a62724f65581aec Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com> |
||
Steffen Klassert
|
09c810c77d |
BACKPORT: esp: Fix possible buffer overflow in ESP transformation
commit ebe48d368e97d007bfeb76fcb065d6cfc4c96645 upstream. The maximum message size that can be send is bigger than the maximum site that skb_page_frag_refill can allocate. So it is possible to write beyond the allocated buffer. Fix this by doing a fallback to COW in that case. v2: Avoid get get_order() costs as suggested by Linus Torvalds. Bug: 227452856 Fixes: |
||
Lina Wang
|
9adbfa635e |
FROMGIT: net: fix wrong network header length
When clatd starts with ebpf offloaing, and NETIF_F_GRO_FRAGLIST is enable, several skbs are gathered in skb_shinfo(skb)->frag_list. The first skb's ipv6 header will be changed to ipv4 after bpf_skb_proto_6_to_4, network_header\transport_header\mac_header have been updated as ipv4 acts, but other skbs in frag_list didnot update anything, just ipv6 packets. udp_queue_rcv_skb will call skb_segment_list to traverse other skbs in frag_list and make sure right udp payload is delivered to user space. Unfortunately, other skbs in frag_list who are still ipv6 packets are updated like the first skb and will have wrong transport header length. e.g.before bpf_skb_proto_6_to_4,the first skb and other skbs in frag_list has the same network_header(24)& transport_header(64), after bpf_skb_proto_6_to_4, ipv6 protocol has been changed to ipv4, the first skb's network_header is 44,transport_header is 64, other skbs in frag_list didnot change.After skb_segment_list, the other skbs in frag_list has different network_header(24) and transport_header(44), so there will be 20 bytes different from original,that is difference between ipv6 header and ipv4 header. Just change transport_header to be the same with original. Actually, there are two solutions to fix it, one is traversing all skbs and changing every skb header in bpf_skb_proto_6_to_4, the other is modifying frag_list skb's header in skb_segment_list. Considering efficiency, adopt the second one--- when the first skb and other skbs in frag_list has different network_header length, restore them to make sure right udp payload is delivered to user space. Signed-off-by: Lina Wang <lina.wang@mediatek.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit cf3ab8d4a797960b4be20565abb3bcd227b18a68 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git master) Bug: 218157620 Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I36f2f329ec1a56bb0742141a7fa482cafa183ad3 |
||
Eric Dumazet
|
850a2f987c |
BACKPORT: net/packet: fix slab-out-of-bounds access in packet_recvmsg()
[ Upstream commit c700525fcc06b05adfea78039de02628af79e07a ]
syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH
and mmap operations, tpacket_rcv() is queueing skbs with
garbage in skb->cb[], triggering a too big copy [1]
Presumably, users of af_packet using mmap() already gets correct
metadata from the mapped buffer, we can simply make sure
to clear 12 bytes that might be copied to user space later.
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline]
BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489
Write of size 165 at addr ffffc9000385fb78 by task syz-executor233/3631
CPU: 0 PID: 3631 Comm: syz-executor233 Not tainted 5.17.0-rc7-syzkaller-02396-g0b3660695e80 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
memcpy+0x39/0x60 mm/kasan/shadow.c:66
memcpy include/linux/fortify-string.h:225 [inline]
packet_recvmsg+0x56c/0x1150 net/packet/af_packet.c:3489
sock_recvmsg_nosec net/socket.c:948 [inline]
sock_recvmsg net/socket.c:966 [inline]
sock_recvmsg net/socket.c:962 [inline]
____sys_recvmsg+0x2c4/0x600 net/socket.c:2632
___sys_recvmsg+0x127/0x200 net/socket.c:2674
__sys_recvmsg+0xe2/0x1a0 net/socket.c:2704
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fdfd5954c29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcf8e71e48 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdfd5954c29
RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000005
RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf8e71e60
R13: 00000000000f4240 R14: 000000000000c1ff R15: 00007ffcf8e71e54
</TASK>
addr ffffc9000385fb78 is located in stack of task syz-executor233/3631 at offset 32 in frame:
____sys_recvmsg+0x0/0x600 include/linux/uio.h:246
this frame has 1 object:
[32, 160) 'addr'
Memory state around the buggy address:
ffffc9000385fa80: 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
ffffc9000385fb00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
>ffffc9000385fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f3
^
ffffc9000385fc00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1
ffffc9000385fc80: f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00
==================================================================
Bug: 224546354
Fixes:
|
||
Kai Lueke
|
29d9835e44 |
UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see https://github.com/cilium/cilium/pull/18789 and https://github.com/cilium/cilium/pull/19019). Bug: 220227367 Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit |
||
Srinivasarao Pathipati
|
f01f08906a |
Merge android11-5.4.180+ (598165f) into msm-5.4
* refs/heads/tmp-598165f:
Revert "arm: extend pfn_valid to take into account freed memory map alignment"
UPSTREAM: usb: gadget: clear related members when goto fail
UPSTREAM: usb: gadget: don't release an existing dev->buf
UPSTREAM: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
UPSTREAM: usb: gadget: rndis: prevent integer overflow in rndis_set_response()
UPSTREAM: fixup for "arm64 entry: Add macro for reading symbol address from the trampoline"
UPSTREAM: arm64: Use the clearbhb instruction in mitigations
UPSTREAM: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
UPSTREAM: arm64: Mitigate spectre style branch history side channels
UPSTREAM: KVM: arm64: Add templates for BHB mitigation sequences
UPSTREAM: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
UPSTREAM: arm64: Add percpu vectors for EL1
UPSTREAM: arm64: entry: Add macro for reading symbol addresses from the trampoline
UPSTREAM: arm64: entry: Add vectors that have the bhb mitigation sequences
UPSTREAM: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
UPSTREAM: arm64: entry: Allow the trampoline text to occupy multiple pages
UPSTREAM: arm64: entry: Make the kpti trampoline's kpti sequence optional
UPSTREAM: arm64: entry: Move trampoline macros out of ifdef'd section
UPSTREAM: arm64: entry: Don't assume tramp_vectors is the start of the vectors
UPSTREAM: arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
UPSTREAM: arm64: entry: Move the trampoline data page before the text page
UPSTREAM: arm64: entry: Free up another register on kpti's tramp_exit path
UPSTREAM: arm64: entry: Make the trampoline cleanup optional
UPSTREAM: arm64: entry.S: Add ventry overflow sanity checks
UPSTREAM: arm64: Add Cortex-X2 CPU part definition
UPSTREAM: arm64: add ID_AA64ISAR2_EL1 sys register
UPSTREAM: arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
UPSTREAM: arm64: Add part number for Arm Cortex-A77
UPSTREAM: sctp: fix the processing for INIT chunk
ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree
UPSTREAM: ARM: fix Thumb2 regression with Spectre BHB
UPSTREAM: ARM: Spectre-BHB: provide empty stub for non-config
UPSTREAM: ARM: fix build warning in proc-v7-bugs.c
UPSTREAM: ARM: Do not use NOCROSSREFS directive with ld.lld
UPSTREAM: ARM: fix co-processor register typo
UPSTREAM: ARM: fix build error when BPF_SYSCALL is disabled
UPSTREAM: ARM: include unprivileged BPF status in Spectre V2 reporting
UPSTREAM: ARM: Spectre-BHB workaround
UPSTREAM: ARM: use LOADADDR() to get load address of sections
UPSTREAM: ARM: early traps initialisation
UPSTREAM: ARM: report Spectre v2 status through sysfs
UPSTREAM: arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
UPSTREAM: arm/arm64: Provide a wrapper for SMCCC 1.1 calls
UPSTREAM: x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
UPSTREAM: x86/speculation: Warn about Spectre v2 LFENCE mitigation
UPSTREAM: x86/speculation: Update link to AMD speculation whitepaper
UPSTREAM: x86/speculation: Use generic retpoline by default on AMD
UPSTREAM: x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
UPSTREAM: Documentation/hw-vuln: Update spectre doc
UPSTREAM: x86/speculation: Add eIBRS + Retpoline options
UPSTREAM: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
UPSTREAM: x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
UPSTREAM: x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
UPSTREAM: bpf: Add kconfig knob for disabling unpriv bpf by default
UPSTREAM: mmc: block: fix read single on recovery logic
Linux 5.4.180
ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
perf: Fix list corruption in perf_cgroup_switch()
scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
hwmon: (dell-smm) Speed up setting of fan speed
seccomp: Invalidate seccomp mode to catch death failures
USB: serial: cp210x: add CPI Bulk Coin Recycler id
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: option: add ZTE MF286D modem
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
usb: gadget: f_uac2: Define specific wTerminalType
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: gadget: validate interface OS descriptor requests
usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
usb: dwc3: gadget: Prevent core from processing stale TRBs
usb: ulpi: Call of_node_put correctly
usb: ulpi: Move of_node_put to ulpi_dev_release
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
n_tty: wake up poll(POLLRDNORM) on receiving data
vt_ioctl: add array_index_nospec to VT_ACTIVATE
vt_ioctl: fix array_index_nospec in vt_setactivate
net: amd-xgbe: disable interrupts during pci removal
tipc: rate limit warning for received illegal binding update
net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
veth: fix races around rq->rx_notify_masked
net: fix a memleak when uncloning an skb dst and its metadata
net: do not keep the dst cache when uncloning an skb dst and its metadata
nfp: flower: fix ida_idx not being released
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
bonding: pair enable_port with slave_arr_updates
ixgbevf: Require large buffers for build_skb on 82599VF
misc: fastrpc: avoid double fput() on failed usercopy
usb: f_fs: Fix use-after-free for epfile
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: meson: Fix the UART compatible strings
perf probe: Fix ppc64 'perf probe add events failed' case
net: bridge: fix stale eth hdr pointer in br_dev_xmit
PM: s2idle: ACPI: Fix wakeup interrupts handling
ACPI/IORT: Check node revision for PMCG resources
nvme-tcp: fix bogus request completion when failing to send AER
ARM: socfpga: fix missing RESET_CONTROLLER
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
riscv: fix build with binutils 2.38
bpf: Add kconfig knob for disabling unpriv bpf by default
KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
PM: hibernate: Remove register_nosave_region_late()
scsi: myrs: Fix crash in error case
scsi: qedf: Fix refcount issue when LOGO is received during TMF
scsi: target: iscsi: Make sure the np under each tpg is unique
net: sched: Clarify error message when qdisc kind is unknown
drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
NFSv4 expose nfs_parse_server_name function
NFSv4 remove zero number of fs_locations entries error check
NFSv4.1: Fix uninitialised variable in devicenotify
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4 only print the label when its queried
nvme: Fix parsing of ANA log page
NFSD: Fix offset type in I/O trace points
NFSD: Clamp WRITE offsets
NFS: Fix initialisation of nfs_client cl_flags field
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
mmc: sdhci-of-esdhc: Check for error num after setting mask
ima: Do not print policy rule with inactive LSM labels
ima: Allow template selection with ima_template[_fmt]= after ima_hash=
ima: Remove ima_policy file before directory
integrity: check the return value of audit_log_start()
Linux 5.4.179
tipc: improve size validations for received domain records
moxart: fix potential use-after-free on remove path
Linux 5.4.178
cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
ext4: fix error handling in ext4_restore_inline_data()
EDAC/xgene: Fix deferred probing
EDAC/altera: Fix deferred probing
rtc: cmos: Evaluate century appropriate
selftests: futex: Use variable MAKE instead of make
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
pinctrl: bcm2835: Fix a few error paths
ASoC: max9759: fix underflow in speaker_gain_control_put()
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
drm/i915/overlay: Prevent divide by zero bugs in scaling
net: stmmac: ensure PTP time register reads are consistent
net: stmmac: dump gmac4 DMA registers correctly
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: ieee802154: Return meaningful error codes from the netlink helpers
net: ieee802154: ca8210: Stop leaking skb's
net: ieee802154: mcr20a: Fix lifs/sifs periods
net: ieee802154: hwsim: Ensure proper channel selection at probe time
spi: meson-spicc: add IRQ check in meson_spicc_probe
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: bcm-qspi: check for valid cs before applying chip select
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
RDMA/mlx4: Don't continue event handler after memory allocation failure
RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
IB/rdmavt: Validate remote_addr during loopback atomic tests
memcg: charge fs_context and legacy_fs_context
Revert "ASoC: mediatek: Check for error clk pointer"
block: bio-integrity: Advance seed correctly for larger interval sizes
mm/kmemleak: avoid scanning potential huge holes
drm/nouveau: fix off by one in BIOS boundary checking
btrfs: fix deadlock between quota disable and qgroup rescan worker
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
ALSA: hda/realtek: Add quirk for ASUS GU603
ALSA: usb-audio: Simplify quirk entries with a macro
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
audit: improve audit queue handling when "audit=1" on cmdline
Revert "net: fix information leakage in /proc/net/ptype"
Linux 5.4.177
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
net: sched: fix use-after-free in tc_new_tfilter()
net: amd-xgbe: Fix skb data length underflow
net: amd-xgbe: ensure to reset the tx_timer_active flag
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
cgroup-v1: Require capabilities to set release_agent
psi: Fix uaf issue when psi trigger is destroyed while being polled
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
Linux 5.4.176
mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
block: Fix wrong offset in bio_truncate()
fsnotify: invalidate dcache before IN_DELETE event
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
ipv4: remove sparse error in ip_neigh_gw4()
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
net: hns3: handle empty unknown interrupt for VF
yam: fix a memory leak in yam_siocdevprivate()
drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
ibmvnic: don't spin in tasklet
ibmvnic: init ->running_cap_crqs early
hwmon: (lm90) Mark alert as broken for MAX6654
rxrpc: Adjust retransmission backoff
phylib: fix potential use-after-free
net: phy: broadcom: hook up soft_reset for BCM54616S
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
NFS: Ensure the server has an up to date ctime before renaming
NFS: Ensure the server has an up to date ctime before hardlinking
ipv6: annotate accesses to fn->fn_sernum
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
NFSv4: Handle case where the lookup of a directory fails
hwmon: (lm90) Reduce maximum conversion rate for G781
ipv4: avoid using shared IP generator for connected sockets
ping: fix the sk_bound_dev_if match in ping_lookup
hwmon: (lm90) Mark alert as broken for MAX6680
hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
i40e: fix unsigned stat widths
i40e: Fix queues reservation for XDP
i40e: Fix issue when maximum queues is exceeded
i40e: Increase delay to 1 s after global EMP reset
powerpc/32: Fix boot failure with GCC latent entropy plugin
net: sfp: ignore disabled SFP node
ucsi_ccg: Check DEV_INT bit only when starting CCG4
usb: typec: tcpm: Do not disconnect while receiving VBUS off
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb: common: ulpi: Fix crash in ulpi_match()
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
serial: 8250: of: Fix mapped region size when using reg-offset property
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
arm64: errata: Fix exec handling in erratum
|
||
Dheeraj Kumar
|
9f2ad37e93 |
msm-5.4: CPE crash during SIP call
- Reset skb->len and skb->tail before skb_split. - Use skb_nfct() helper instead of skb->_nfct. Change-Id: I62f2ade5ebb4ecd197325e520223df4d6f6eff78 Signed-off-by: Dheeraj Kumar <quic_dhekum@quicinc.com> |
||
|
Kai Lueke
|
67a04462df |
UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
https://github.com/cilium/cilium/pull/18789 and
https://github.com/cilium/cilium/pull/19019).
Bug: 220227367
Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
Greg Kroah-Hartman
|
d8789c9d2e |
Merge tag 'android11-5.4.180_r00' into android11-5.4
This is the merge of the upstream LTS release of 5.4.180 into the android11-5.4 branch. It contains the following commits: |
||
Xin Long
|
7d1d2de33e |
UPSTREAM: sctp: fix the processing for INIT chunk
commit eae5783908042a762c24e1bd11876edb91d314b1 upstream.
This patch fixes the problems below:
1. In non-shutdown_ack_sent states: in sctp_sf_do_5_1B_init() and
sctp_sf_do_5_2_2_dupinit():
chunk length check should be done before any checks that may cause
to send abort, as making packet for abort will access the init_tag
from init_hdr in sctp_ootb_pkt_new().
2. In shutdown_ack_sent state: in sctp_sf_do_9_2_reshutack():
The same checks as does in sctp_sf_do_5_2_2_dupinit() is needed
for sctp_sf_do_9_2_reshutack().
Fixes:
|
||
Jiri Bohac
|
09c6629531 |
Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
This reverts commit b515d2637276a3810d6595e10ab02c13bfd0b63a.
Commit b515d2637276a3810d6595e10ab02c13bfd0b63a ("xfrm: xfrm_state_mtu
should return at least 1280 for ipv6") in v5.14 breaks the TCP MSS
calculation in ipsec transport mode, resulting complete stalls of TCP
connections. This happens when the (P)MTU is 1280 or slighly larger.
The desired formula for the MSS is:
MSS = (MTU - ESP_overhead) - IP header - TCP header
However, the above commit clamps the (MTU - ESP_overhead) to a
minimum of 1280, turning the formula into
MSS = max(MTU - ESP overhead, 1280) - IP header - TCP header
With the (P)MTU near 1280, the calculated MSS is too large and the
resulting TCP packets never make it to the destination because they
are over the actual PMTU.
The above commit also causes suboptimal double fragmentation in
xfrm tunnel mode, as described in
https://lore.kernel.org/netdev/20210429202529.codhwpc7w6kbudug@dwarf.suse.cz/
The original problem the above commit was trying to fix is now fixed
by commit 6596a0229541270fb8d38d989f91b78838e5e9da ("xfrm: fix MTU
regression").
Change-Id: Iefabad76eb1870f74b819f45e9d3a51cbc94549c
Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Git-commit: a6d95c5a628a09be129f25d5663a7e9db8261f51
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git
Signed-off-by: Sharath Chandra Vurukala<quic_sharathv@quicinc.com>
|
||
|
Srinivasarao Pathipati
|
c256d34783 |
Merge android11-5.4.161+ (5d7a491) into msm-5.4
* refs/heads/tmp-5d7a491: UPSTREAM: lib/iov_iter: initialize "flags" in new pipe_buffer Revert "ANDROID: incremental-fs: remove index and incomplete dir on umount" Revert "ANDROID: incremental-fs: fix mount_fs issue" FROMGIT: f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file UPSTREAM: usb: gadget: rndis: check size of RNDIS_MSG_SET command UPSTREAM: USB: gadget: validate interface OS descriptor requests Revert "tracefs: Have tracefs directories not set OTH permission bits by default" UPSTREAM: tipc: improve size validations for received domain records ANDROID: GKI: Enable CONFIG_SERIAL_8250_RUNTIME_UARTS=0 ANDROID: GKI: db845c: Update symbols list and ABI ANDROID: Increase x86 cmdline size to 4k UPSTREAM: cgroup-v1: Require capabilities to set release_agent ANDROID: incremental-fs: remove index and incomplete dir on umount UPSTREAM: binder: fix async_free_space accounting for empty parcels UPSTREAM: tee: handle lookup of shm with reference count 0 UPSTREAM: bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc Change-Id: Icb1c0295b7d7da25c37c21a2580ea4d246069039 Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com> |
||
|
Greg Kroah-Hartman
|
20d2140d23 |
This is the 5.4.180 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmIM5agACgkQONu9yGCS aT7ADxAA0Q8+XC98nFxw1ylq+D3lF9CI9ozao0cWge9H2b8QWKYiitZsx1+BEvWg uuc7y9XebsU8fBgAv1l1ri/t4/PoXFmCi5i6ucTcnxTnaio68mASEejl+InRJB9W QS1dnfFzGkzCX880F+8d1lS9ckBPwTt1WEJiTlS6A4H7jS9ZJQEppHLVApEvkp21 Mo1wJnlhsKq+UzMzZuXTM9PWshhhgx8QD4lrXiuEMrAmpIOFuBJZDDJFGDf9xT3V Ft/7NqhCJ6kOzf6KZNlzOortXM52HSaYwhH2QQV5nIBOl0ROn9uPXXTR14T/lDnA u5AIcLvCHZCb9LVtYS34JxIXhJYVMfS/wXCF+pj+Ur76oxTjHz86ZIpvSOnCuQ92 Jx7v0qO53jDeStTwb7yAoSh4ILihSCLbU+dvoTnl5RF4GvU6bbVtjMHopVm+Awe1 ErFOM9eDqDkWT9/+JR7T4M1y+NlpU+B9tbzYDr0ElaOV/HKD+Ggaka8yB5IUl3HK zdzObE6+u/tjmPzEt3wxDQ2P9t8Q2bXQk10Vxf58vq/X2e7Yr2nqj6XLLoV9y+PU FvIchl9SIN5E/1A7+qkJx5W3u2BNDFicZBssMFozb96a91tV6NbWfDujpAhmvWsf 70i+DCciYs8EyYI4WC8mO0ehQL+6TDUNzFsvzJakngM2cMDpFCY= =8/vy -----END PGP SIGNATURE----- Merge 5.4.180 into android11-5.4-lts Changes in 5.4.180 integrity: check the return value of audit_log_start() ima: Remove ima_policy file before directory ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Do not print policy rule with inactive LSM labels mmc: sdhci-of-esdhc: Check for error num after setting mask net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs NFS: Fix initialisation of nfs_client cl_flags field NFSD: Clamp WRITE offsets NFSD: Fix offset type in I/O trace points nvme: Fix parsing of ANA log page NFSv4 only print the label when its queried nfs: nfs4clinet: check the return value of kstrdup() NFSv4.1: Fix uninitialised variable in devicenotify NFSv4 remove zero number of fs_locations entries error check NFSv4 expose nfs_parse_server_name function drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer net: sched: Clarify error message when qdisc kind is unknown scsi: target: iscsi: Make sure the np under each tpg is unique scsi: qedf: Fix refcount issue when LOGO is received during TMF scsi: myrs: Fix crash in error case PM: hibernate: Remove register_nosave_region_late() usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER bpf: Add kconfig knob for disabling unpriv bpf by default riscv: fix build with binutils 2.38 ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group ARM: socfpga: fix missing RESET_CONTROLLER nvme-tcp: fix bogus request completion when failing to send AER ACPI/IORT: Check node revision for PMCG resources PM: s2idle: ACPI: Fix wakeup interrupts handling net: bridge: fix stale eth hdr pointer in br_dev_xmit perf probe: Fix ppc64 'perf probe add events failed' case ARM: dts: meson: Fix the UART compatible strings staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: imx6qdl-udoo: Properly describe the SD card detect usb: f_fs: Fix use-after-free for epfile misc: fastrpc: avoid double fput() on failed usercopy ixgbevf: Require large buffers for build_skb on 82599VF bonding: pair enable_port with slave_arr_updates ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path nfp: flower: fix ida_idx not being released net: do not keep the dst cache when uncloning an skb dst and its metadata net: fix a memleak when uncloning an skb dst and its metadata veth: fix races around rq->rx_notify_masked net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE tipc: rate limit warning for received illegal binding update net: amd-xgbe: disable interrupts during pci removal vt_ioctl: fix array_index_nospec in vt_setactivate vt_ioctl: add array_index_nospec to VT_ACTIVATE n_tty: wake up poll(POLLRDNORM) on receiving data eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup usb: ulpi: Move of_node_put to ulpi_dev_release usb: ulpi: Call of_node_put correctly usb: dwc3: gadget: Prevent core from processing stale TRBs usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition USB: gadget: validate interface OS descriptor requests usb: gadget: rndis: check size of RNDIS_MSG_SET command usb: gadget: f_uac2: Define specific wTerminalType USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 USB: serial: option: add ZTE MF286D modem USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: cp210x: add NCR Retail IO box id USB: serial: cp210x: add CPI Bulk Coin Recycler id seccomp: Invalidate seccomp mode to catch death failures hwmon: (dell-smm) Speed up setting of fan speed scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled perf: Fix list corruption in perf_cgroup_switch() ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE Linux 5.4.180 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I00a40753600ee33d1cd1a52c5f689b41d3a58dbb |
||
Jon Maloy
|
b3e998a5dc |
tipc: rate limit warning for received illegal binding update
[ Upstream commit c7223d687758462826a20e9735305d55bb874c70 ]
It would be easy to craft a message containing an illegal binding table
update operation. This is handled correctly by the code, but the
corresponding warning printout is not rate limited as is should be.
We fix this now.
Fixes:
|
||
|
Eric Dumazet
|
16dcfde98a |
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
[ Upstream commit 5611a00697c8ecc5aad04392bea629e9d6a20463 ]
ip[6]mr_free_table() can only be called under RTNL lock.
RTNL: assertion failed at net/core/dev.c (10367)
WARNING: CPU: 1 PID: 5890 at net/core/dev.c:10367 unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367
Modules linked in:
CPU: 1 PID: 5890 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller-11627-g422ee58dc0ef #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unregister_netdevice_many+0x1246/0x1850 net/core/dev.c:10367
Code: 0f 85 9b ee ff ff e8 69 07 4b fa ba 7f 28 00 00 48 c7 c6 00 90 ae 8a 48 c7 c7 40 90 ae 8a c6 05 6d b1 51 06 01 e8 8c 90 d8 01 <0f> 0b e9 70 ee ff ff e8 3e 07 4b fa 4c 89 e7 e8 86 2a 59 fa e9 ee
RSP: 0018:ffffc900046ff6e0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888050f51d00 RSI: ffffffff815fa008 RDI: fffff520008dfece
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815f3d6e R11: 0000000000000000 R12: 00000000fffffff4
R13: dffffc0000000000 R14: ffffc900046ff750 R15: ffff88807b7dc000
FS: 00007f4ab736e700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee0b4f8990 CR3: 000000001e7d2000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
mroute_clean_tables+0x244/0xb40 net/ipv6/ip6mr.c:1509
ip6mr_free_table net/ipv6/ip6mr.c:389 [inline]
ip6mr_rules_init net/ipv6/ip6mr.c:246 [inline]
ip6mr_net_init net/ipv6/ip6mr.c:1306 [inline]
ip6mr_net_init+0x3f0/0x4e0 net/ipv6/ip6mr.c:1298
ops_init+0xaf/0x470 net/core/net_namespace.c:140
setup_net+0x54f/0xbb0 net/core/net_namespace.c:331
copy_net_ns+0x318/0x760 net/core/net_namespace.c:475
create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
copy_namespaces+0x391/0x450 kernel/nsproxy.c:178
copy_process+0x2e0c/0x7300 kernel/fork.c:2167
kernel_clone+0xe7/0xab0 kernel/fork.c:2555
__do_sys_clone+0xc8/0x110 kernel/fork.c:2672
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f4ab89f9059
Code: Unable to access opcode bytes at RIP 0x7f4ab89f902f.
RSP: 002b:00007f4ab736e118 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f4ab8b0bf60 RCX: 00007f4ab89f9059
RDX: 0000000020000280 RSI: 0000000020000270 RDI: 0000000040200000
RBP: 00007f4ab8a5308d R08: 0000000020000300 R09: 0000000020000300
R10: 00000000200002c0 R11: 0000000000000206 R12: 0000000000000000
R13: 00007ffc3977cc1f R14: 00007f4ab736e300 R15: 0000000000022000
</TASK>
Fixes:
|
||
Nikolay Aleksandrov
|
b4a59eafcb |
net: bridge: fix stale eth hdr pointer in br_dev_xmit
commit 823d81b0fa2cd83a640734e74caee338b5d3c093 upstream.
In br_dev_xmit() we perform vlan filtering in br_allowed_ingress() but
if the packet has the vlan header inside (e.g. bridge with disabled
tx-vlan-offload) then the vlan filtering code will use skb_vlan_untag()
to extract the vid before filtering which in turn calls pskb_may_pull()
and we may end up with a stale eth pointer. Moreover the cached eth header
pointer will generally be wrong after that operation. Remove the eth header
caching and just use eth_hdr() directly, the compiler does the right thing
and calculates it only once so we don't lose anything.
Fixes:
|
||
Victor Nogueira
|
9babdef288 |
net: sched: Clarify error message when qdisc kind is unknown
[ Upstream commit 973bf8fdd12f0e70ea351c018e68edd377a836d1 ] When adding a tc rule with a qdisc kind that is not supported or not compiled into the kernel, the kernel emits the following error: "Error: Specified qdisc not found.". Found via tdc testing when ETS qdisc was not compiled in and it was not obvious right away what the message meant without looking at the kernel code. Change the error message to be more explicit and say the qdisc kind is unknown. Signed-off-by: Victor Nogueira <victor@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
82b6e1787f |
Merge branch 'android11-5.4' into 'android11-5.4-lts'
Sync up with android11-5.4 for the following commits: |
||
|
Jon Maloy
|
717add4ec8 |
UPSTREAM: tipc: improve size validations for received domain records
commit 9aa422ad326634b76309e8ff342c246800621216 upstream. The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. This patch verifies that the number of members in a received domain record does not exceed the limit defined by MAX_MON_DOMAIN, something that may otherwise lead to a stack overflow. tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where we are reading a 32 bit message data length field into a uint16. To avert any risk of bit overflow, we add an extra sanity check for this in that function. We cannot see that happen with the current code, but future designers being unaware of this risk, may introduce it by allowing delivery of very large (> 64k) sk buffers from the bearer layer. This potential problem was identified by Eric Dumazet. This fixes CVE-2022-0435 Reported-by: Samuel Page <samuel.page@appgate.com> Reported-by: Eric Dumazet <edumazet@google.com> Fixes: |
||
|
Greg Kroah-Hartman
|
58b361784b |
This is the 5.4.179 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmIGGXAACgkQONu9yGCS aT5rZg//XL05+Q2r/t8Hu6ZhQt8Y1D3NIoCZCJSI+Y3qPDej3G8/vdLIfNsjQ+q9 52To0b7F16r3qY4eLv9kY1j9O1ZEIG99F2VnkMkM6sjCZCFEoGkUT9kIC/9FURqC qM6Cx5ZlhZ0CtyikWY3wmU2j/dmgv32URMB82MP8juq/Fm+Q0OW8XWrAbnottN5V 3+cDFuvCBS57LNeprgC/t5DEc2r7JG6SrjuTlLzHscRp0ub6RGUfwPzgfZiJpGRz /f6HjcVPGOPsZC3FVoYq4t2qnaR5I9wPwmM5CrdLc244Bhh5qGporJR0ifSNK6Im wJ7uMnaxi1qhSmqte7cH72GJ3+EjJzU6ruEfHfz63XjbZ8YK2qMZSgclns9jwhBQ ICeLDY13wzYDoOUzmw2jjkPmO0Ilp9Lcx/j/PpxDXqlx0LJSxYLyzLJGm9F0GxkB 8ay/HFE4QPJ3sgRJYXjdGTmmzGp0E28JnWim6HMW1ja5Y+lC8qRuGlInLaU9h84R nRmuEHON5L9jshgpoPO26KrmBD7bg+nq9WYpuXDKCUFdkS81z7u9BlFpkzfW5QTw 9p7FPwX+yWxtv3ZUQ05144vVf9/oheh9zL3Wmm3AE0cp2hEv8F2zrTYNZxiu7y+Y qqkCVCAqoU43Sdxy+Tu6fgQuTInCsCtT5rQkmBIyZ77FQg2Zgi0= =nIXz -----END PGP SIGNATURE----- Merge 5.4.179 into android11-5.4-lts Changes in 5.4.179 moxart: fix potential use-after-free on remove path tipc: improve size validations for received domain records Linux 5.4.179 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I60ec5a742e23ee96257003c3a736267a3c473b64 |
||
|
Jon Maloy
|
d692e3406e |
tipc: improve size validations for received domain records
commit 9aa422ad326634b76309e8ff342c246800621216 upstream.
The function tipc_mon_rcv() allows a node to receive and process
domain_record structs from peer nodes to track their views of the
network topology.
This patch verifies that the number of members in a received domain
record does not exceed the limit defined by MAX_MON_DOMAIN, something
that may otherwise lead to a stack overflow.
tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where
we are reading a 32 bit message data length field into a uint16. To
avert any risk of bit overflow, we add an extra sanity check for this in
that function. We cannot see that happen with the current code, but
future designers being unaware of this risk, may introduce it by
allowing delivery of very large (> 64k) sk buffers from the bearer
layer. This potential problem was identified by Eric Dumazet.
This fixes CVE-2022-0435
Reported-by: Samuel Page <samuel.page@appgate.com>
Reported-by: Eric Dumazet <edumazet@google.com>
Fixes:
|
||
|
Greg Kroah-Hartman
|
88fc697aae |
This is the 5.4.178 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmICp6wACgkQONu9yGCS aT4t5w//WhN5zO9NYJpqQjMlAWJjYGSs71TnZr2K0LtPXDqMl9+y4g5b50aocebE DOQVBdBSd0SFLIq85y0LAta6mI1nwLAXZHtuy8cLkDTRppUCcCoCl+IW9b1KCND5 FpvEjxN0vVK1ZJoDA7H2+TSJ630HnTc/tZFZzpitSuigjFaHztjeCeikzPQ3aPVF AwcMmHsPmjGr4LkVDKIs/udMM133gtaWk7QtecA8jf29eMdFOaYsfvZRmlhWXkei XcRHeR2H7YrXOW1blDyTfNGdWkjv9xOnwPMViPTh5KmahJPRUSYYZckDH1QGMeIb C1oz63RiGOGajmwQUT1mxA6UcJLs4QOkLmIL1x9BBWiZPtFEbVOcfHvITD5qiU0I 6LhSuPG4bBuG7UFf7o6KyvB7s3d+sq04l/xt/3zukr86dSuERiksWwVFEFYW9I2I H25hwOpSOb4GWBTjmxozatDXKx2YPgufa94lxx281HtasFFOqg3Dr0Y3dnO5JD81 u+yMUQjAJqRDV4sODDsB2VIJcPAY8IaIgw0y2FDQfm204FYQ1/lDWXk+JZ1VWmRA 4hfC2p0lytjygiCg3UpWsgilYeJJ0cbCTE64oRlo70NdXcKA1GouEmVF6K/lQ/tI sLuU7ytUD+h1t0xHOEyoTVlgSJyBEQ35roqwFoZ3ghYoabar+gA= =nih1 -----END PGP SIGNATURE----- Merge 5.4.178 into android11-5.4-lts Changes in 5.4.178 audit: improve audit queue handling when "audit=1" on cmdline ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() ALSA: usb-audio: Simplify quirk entries with a macro ALSA: hda/realtek: Add quirk for ASUS GU603 ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows btrfs: fix deadlock between quota disable and qgroup rescan worker drm/nouveau: fix off by one in BIOS boundary checking mm/kmemleak: avoid scanning potential huge holes block: bio-integrity: Advance seed correctly for larger interval sizes Revert "ASoC: mediatek: Check for error clk pointer" memcg: charge fs_context and legacy_fs_context IB/rdmavt: Validate remote_addr during loopback atomic tests RDMA/siw: Fix broken RDMA Read Fence/Resume logic. RDMA/mlx4: Don't continue event handler after memory allocation failure iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() spi: bcm-qspi: check for valid cs before applying chip select spi: mediatek: Avoid NULL pointer crash in interrupt spi: meson-spicc: add IRQ check in meson_spicc_probe net: ieee802154: hwsim: Ensure proper channel selection at probe time net: ieee802154: mcr20a: Fix lifs/sifs periods net: ieee802154: ca8210: Stop leaking skb's net: ieee802154: Return meaningful error codes from the netlink helpers net: macsec: Verify that send_sci is on when setting Tx sci explicitly net: stmmac: dump gmac4 DMA registers correctly net: stmmac: ensure PTP time register reads are consistent drm/i915/overlay: Prevent divide by zero bugs in scaling ASoC: fsl: Add missing error handling in pcm030_fabric_probe ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name ASoC: max9759: fix underflow in speaker_gain_control_put() pinctrl: bcm2835: Fix a few error paths scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. selftests: futex: Use variable MAKE instead of make rtc: cmos: Evaluate century appropriate EDAC/altera: Fix deferred probing EDAC/xgene: Fix deferred probing ext4: fix error handling in ext4_restore_inline_data() cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning Linux 5.4.178 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic5bc9b2941b9932cfd3c98c8af8593196bb15245 |
||
|
Greg Kroah-Hartman
|
92070960c5 |
This is the 5.4.177 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmH+YWMACgkQONu9yGCS aT5l4A/9H/kD2Z+YQMVRF9YHaL3ZSvd8FE6q1qiX8zldr/z9ZB5LM/4qTvsDAsyQ RweeFu0GEnPP9R5NrMCikI/rU4mslOFfSt7CiffqZaZK+hLlmj/OKcm9TFhuFXWh zX7pdVukw2mCnI6nQ0jD5nfdZMi3l9GAkMxShsU0QOKA29DmdWeoVmxHSAaaVWoD FhBmXlO+l3Y42NP3fqmpaSpVhr/f31c3zaP9O62rXc2BRQCBIunmywezt23QsYEL fvELgefQTX05ne/Ek+wQQkGBkQNYBK1zaq7nCYASypHsVOi6oa/6pgVVCJWw/LA4 AHj8iGUnZ7NHi0+4i44HrQn2P1UH/gb65lxHNh4SbhNY3gDb+jjvCLMO6zdUdaz+ 0iRY1Th2aqGi/OzHHatt6TyOxhJ1jHbgGttPY2dzy5/nH3fw6pnmIaY5HZdVpqm5 gqE4dOUNBdnXHpnDFQBgd9xyqr6aHKjnTQcLuBji3G/EcnCmetHeGUXri/CdtyPj vcbj+VXCQmCx3TinsUrNmevN8JA0tPDHha5u62IPrpjSb5EE0+sxbTSnZ8QazMI6 MSllNHWTaDFPFjWYNFNDyYLINMPY9l2FZtgZttjbCnbyxZ8ytP9OnC2V7ZAt2y0G aBBn97AT2h7CM/tRm3bvK5o2aAcOs25fo9mcvJeley3mlIjgFcI= =3OwF -----END PGP SIGNATURE----- Merge 5.4.177 into android11-5.4-lts Changes in 5.4.177 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault psi: Fix uaf issue when psi trigger is destroyed while being polled cgroup-v1: Require capabilities to set release_agent ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback net: amd-xgbe: ensure to reset the tx_timer_active flag net: amd-xgbe: Fix skb data length underflow net: sched: fix use-after-free in tc_new_tfilter() rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() af_packet: fix data-race in packet_setsockopt / packet_setsockopt Linux 5.4.177 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I41791ffa382aae8c424ca4950ca2b367302ef59a |
||
Miquel Raynal
|
dc8c2f0d01 |
net: ieee802154: Return meaningful error codes from the netlink helpers
commit 79c37ca73a6e9a33f7b2b7783ba6af07a448c8a9 upstream.
Returning -1 does not indicate anything useful.
Use a standard and meaningful error code instead.
Fixes:
|
||
|
Srinivasarao Pathipati
|
16e939c6e4 |
Merge android11-5.4.161+ (b9d179c) into msm-5.4
* refs/heads/tmp-b9d179c:
UPSTREAM: driver core: Fix possible memory leak in device_link_add()
UPSTREAM: blk-mq: fix kernel panic during iterating over flush request
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: binder: fix the missing BR_FROZEN_REPLY in binder_return_strings
ANDROID: incremental-fs: fix mount_fs issue
UPSTREAM: vfs: fs_context: fix up param length parsing in legacy_parse_param
ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE
Linux 5.4.161
erofs: fix unsafe pagevec reuse of hooked pclusters
erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
PCI: Add MSI masking quirk for Nvidia ION AHCI
PCI/MSI: Deal with devices lying about their MSI mask capability
PCI/MSI: Destroy sysfs before freeing entries
parisc/entry: fix trace test in syscall exit path
fortify: Explicitly disable Clang support
scsi: ufs: Fix tm request when non-fatal error happens
ext4: fix lazy initialization next schedule time computation in more granular unit
MIPS: Fix assembly error from MIPSr2 code used within MIPS_ISA_ARCH_LEVEL
scsi: ufs: Fix interrupt error message for shared interrupts
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
Revert "net: sched: update default qdisc visibility after Tx queue cnt changes"
Revert "serial: core: Fix initializing and restoring termios speed"
Linux 5.4.160
selftests/bpf: Fix also no-alu32 strobemeta selftest
ath10k: fix invalid dma_addr_t token assignment
SUNRPC: Partial revert of commit 6f9f17287e78
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload
s390/cio: make ccw_device_dma_* more robust
s390/tape: fix timer initialization in tape_std_assign()
s390/cio: check the subchannel validity for dev_busid
video: backlight: Drop maximum brightness override for brightness zero
mm, oom: do not trigger out_of_memory from the #PF
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
powerpc/lib: Add helper to check if offset is within conditional branch range
ovl: fix deadlock in splice write
9p/net: fix missing error check in p9_check_errors
net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE
f2fs: should use GFP_NOFS for directory inodes
irqchip/sifive-plic: Fixup EOI failed when masked
parisc: Fix set_fixmap() on PA1.x CPUs
parisc: Fix backtrace to always include init funtion names
ARM: 9156/1: drop cc-option fallbacks for architecture selection
ARM: 9155/1: fix early early_iounmap()
selftests/net: udpgso_bench_rx: fix port argument
cxgb4: fix eeprom len when diagnostics not implemented
net/smc: fix sk_refcnt underflow on linkdown and fallback
vsock: prevent unnecessary refcnt inc for nonblocking connect
net: hns3: allow configure ETS bandwidth of all TCs
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
llc: fix out-of-bound array index in llc_sk_dev_hash()
perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
zram: off by one in read_block_state()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: vlan: fix a UAF in vlan_dev_real_dev()
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
NFSv4: Fix a regression in nfs_set_open_stateid_locked()
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: Fix gnl list corruption
ar7: fix kernel builds for compiler test
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read
auxdisplay: ht16k33: Fix frame buffer device blanking
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: core: don't remove debugfs directory if device is in use
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
NFS: Fix deadlocks in nfs_scan_commit_list()
opp: Fix return in _opp_add_static_v2()
PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge
PCI: aardvark: Don't spam about PIO Response Status
drm/plane-helper: fix uninitialized variable reference
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
apparmor: fix error check
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
mips: cm: Convert to bitfield API to fix out-of-bounds access
powerpc/44x/fsp2: add missing of_node_put
HID: u2fzero: properly handle timeouts in usb_submit_urb
HID: u2fzero: clarify error check and length calculations
serial: xilinx_uartps: Fix race condition causing stuck TX
phy: qcom-qusb2: Fix a memory leak on probe
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
ASoC: cs42l42: Correct some register default values
ARM: dts: stm32: fix SAI sub nodes register range
staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
clk: at91: check pmc node status before registering syscore ops
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
ALSA: hda: Reduce udelay() at SKL+ position reporting
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: dts: at91: tse850: the emac<->phy interface is rmii
arm64: dts: meson-g12a: Fix the pwm regulator supply properties
RDMA/bnxt_re: Fix query SRQ failure
ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths
RDMA/rxe: Fix wrong port_cap_flags
ibmvnic: Process crqs after enabling interrupts
ibmvnic: don't stop queue in xmit
udp6: allow SO_MARK ctrl msg to affect routing
selftests/bpf: Fix fclose/pclose mismatch in test_progs
crypto: pcrypt - Delay write to padata->info
net: phylink: avoid mvneta warning when setting pause parameters
net: amd-xgbe: Toggle PLL settings during rate change
drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits
wcn36xx: add proper DMA memory barriers in rx path
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
KVM: s390: Fix handle_sske page fault handling
samples/kretprobes: Fix return value if register_kretprobe() failed
tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
libbpf: Fix BTF data layout checks and allow empty BTF
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
drm/msm: Fix potential NULL dereference in DPU SSPP
clocksource/drivers/timer-ti-dm: Select TIMER_OF
PM: hibernate: fix sparse warnings
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
rsi: stop thread firstly in rsi_91x_init() error handling
mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
block: ataflop: fix breakage introduced at blk-mq refactoring
mmc: mxs-mmc: disable regulator on error and in the remove function
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
hwmon: Fix possible memleak in __hwmon_device_register()
net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
hwrng: mtk - Force runtime pm ops for sleep ops
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
netfilter: nft_dynset: relax superfluous check on set updates
EDAC/amd64: Handle three rank interleaving mode
ath9k: Fix potential interrupt storm on queue reset
media: em28xx: Don't use ops->suspend if it is NULL
cpuidle: Fix kobject memory leaks in error paths
crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency
kprobes: Do not use local variable when creating debugfs file
media: cx23885: Fix snd_card_free call on null card pointer
media: tm6000: Avoid card name truncation
media: si470x: Avoid card name truncation
media: radio-wl1273: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: TDA1997x: handle short reads of hdmi info frame.
media: dvb-usb: fix ununit-value in az6027_rc_query
media: cxd2880-spi: Fix a null pointer dereference on error handling path
media: em28xx: add missing em28xx_close_extension
drm/amdgpu: fix warning for overflow check
ath10k: Fix missing frame timestamp for beacon/probe-resp
net: dsa: rtl8366rb: Fix off-by-one bug
rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
crypto: caam - disable pkc for non-E SoCs
Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
wilc1000: fix possible memory leak in cfg_scan_result()
cgroup: Make rebind_subsystems() disable v2 controllers all at once
net: net_namespace: Fix undefined member in key_remove_domain()
virtio-gpu: fix possible memory allocation failure
drm/v3d: fix wait for TMU write combiner flush
rcu: Fix existing exp request check in sync_sched_exp_online_cleanup()
Bluetooth: fix init and cleanup of sco_conn.timeout_work
selftests/bpf: Fix strobemeta selftest regression
netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
parisc: fix warning in flush_tlb_all
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
btrfs: do not take the uuid_mutex in btrfs_rm_device
net: annotate data-race in neigh_output()
vrf: run conntrack only in context of lower/physdev for locally generated packets
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
selftests: kvm: fix mismatched fclose() after popen()
PM: hibernate: Get block device exclusively in swsusp_check()
nvme: drop scan_lock and always kick requeue list when removing namespaces
nvmet-tcp: fix use-after-free when a port is removed
nvmet: fix use-after-free when a port is removed
block: remove inaccurate requeue check
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
workqueue: make sysfs of unbound kworker cpumask more clever
lib/xz: Validate the value before assigning it to an enum variable
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
memstick: r592: Fix a UAF bug when removing the driver
leaking_addresses: Always print a trailing newline
ACPI: battery: Accept charges over the design capacity as full
iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
tracefs: Have tracefs directories not set OTH permission bits by default
net-sysfs: try not to restart the syscall if it will fail eventually
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info
media: ipu3-imgu: imgu_fmt: Handle properly try
ACPICA: Avoid evaluating methods too early during system resume
ipmi: Disable some operations during a panic
media: rcar-csi2: Add checking to rcsi2_start_receiver()
brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: imx: set a media_device bus_info string
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Set unique vdev name based in type
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set capability in s_param
media: stm32: Potential NULL pointer dereference in dcmi_irq_thread()
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
ath10k: high latency fixes for beacon buffer
mwifiex: Properly initialize private structure on interface type changes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
net: sched: update default qdisc visibility after Tx queue cnt changes
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
drm/panel-orientation-quirks: add Valve Steam Deck
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6
drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2)
dma-buf: WARN on dmabuf release with pending attachments
USB: chipidea: fix interrupt deadlock
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
pinctrl: core: fix possible memory leak in pinctrl_enable()
quota: correct error number in free_dqentry()
quota: check block number when reading the block in quota file
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Fix reporting Data Link Layer Link Active
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: pci-bridge-emul: Fix emulation of W1C bits
xen/balloon: add late_initcall_sync() for initial ballooning done
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
serial: core: Fix initializing and restoring termios speed
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
can: j1939: j1939_can_recv(): ignore messages with invalid source address
can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport
KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal: Remove the bogus sigkill_pending in ptrace_stop
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
rsi: Fix module dev_oper_mode parameter description
rsi: fix rate mask set leading to P2P failure
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix occasional initialisation failure with BT coex
wcn36xx: handle connection loss indication
libata: fix checking of DMA state
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
PCI: Mark Atheros QCA6174 to avoid bus reset
ath10k: fix division by zero in send path
ath10k: fix control-message timeout
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
ia64: kprobes: Fix to pass correct trampoline address to the handler
btrfs: call btrfs_check_rw_degradable only if there is a missing device
btrfs: fix lost error handling when replaying directory deletes
btrfs: clear MISSING device status bit in btrfs_close_one_device
net/smc: Correct spelling mistake to TCPF_SYN_RECV
nfp: bpf: relax prog rejection for mtu check through max_pkt_offset
vmxnet3: do not stop tx queues after netif_device_detach()
r8169: Add device 10ec:8162 to driver r8169
nvmet-tcp: fix header digest verification
drm: panel-orientation-quirks: Add quirk for GPD Win3
watchdog: Fix OMAP watchdog early handling
net: multicast: calculate csum of looped-back and forwarded packets
spi: spl022: fix Microwire full duplex mode
nvmet-tcp: fix a memory leak when releasing a queue
xen/netfront: stop tx queues during live migration
bpf: Prevent increasing bpf_jit_limit above max
bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT
drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
mmc: winbond: don't build on M68K
reset: socfpga: add empty driver allowing consumers to probe
ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
cavium: Fix return values of the probe function
scsi: qla2xxx: Fix unmap of already freed sgl
scsi: qla2xxx: Return -ENOMEM if kzalloc() fails
cavium: Return negative value when pci_alloc_irq_vectors() fails
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
fuse: fix page stealing
ALSA: timer: Unconditionally unlink slave instances, too
ALSA: timer: Fix use-after-free problem
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: usb-audio: Add registration quirk for JBL Quantum 400
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
ALSA: hda/realtek: Add quirk for ASUS UX550VE
ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
ALSA: hda/realtek: Add quirk for Clevo PC70HS
media: v4l2-ioctl: Fix check_ext_ctrls
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: ite-cir: IR receiver stop working after receive overflow
crypto: s5p-sss - Add error handling in s5p_aes_probe()
firmware/psci: fix application of sizeof to pointer
tpm: Check for integer overflow in tpm2_map_response_body()
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
scsi: qla2xxx: Fix use after free in eh_abort path
scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
ocfs2: fix data corruption on truncate
libata: fix read log timeout value
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
Input: iforce - fix control-message timeout
binder: use cred instead of task for getsecid
binder: use cred instead of task for selinux checks
binder: use euid from cred instead of using task
usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
Linux 5.4.159
rsi: fix control-message timeout
media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
printk/console: Allow to disable console output by using console="" or console=null
binder: don't detect sender/target during buffer cleanup
usb-storage: Add compatibility quirk flags for iODD 2531/2541
usb: musb: Balance list entry in musb_gadget_queue
usb: gadget: Mark USB_FSL_QE broken on 64-bit
usb: ehci: handshake CMD_RUN instead of STS_HALT
Revert "x86/kvm: fix vcpu-id indexed array sizes"
Linux 5.4.158
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
Revert "drm/ttm: fix memleak in ttm_transfered_destroy"
sfc: Fix reading non-legacy supported link modes
Revert "usb: core: hcd: Add support for deferring roothub registration"
Revert "xhci: Set HCD flag to defer primary roothub registration"
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
net: ethernet: microchip: lan743x: Fix skb allocation failure
vrf: Revert "Reset skb conntrack connection..."
scsi: core: Put LLD module refcnt after SCSI device is released
Linux 5.4.157
perf script: Check session->header.env.arch before using it
KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
KVM: s390: clear kicked_mask before sleeping again
cfg80211: correct bridge/4addr mode check
net: use netif_is_bridge_port() to check for IFF_BRIDGE_PORT
sctp: add vtag check in sctp_sf_ootb
sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
sctp: add vtag check in sctp_sf_violation
sctp: fix the processing for COOKIE_ECHO chunk
sctp: fix the processing for INIT_ACK chunk
sctp: use init_tag from inithdr for ABORT chunk
phy: phy_start_aneg: Add an unlocked version
phy: phy_ethtool_ksettings_get: Lock the phy for consistency
net/tls: Fix flipped sign in async_wait.err assignment
net: nxp: lpc_eth.c: avoid hang when bringing interface down
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string
net: Prevent infinite while loop in skb_tx_hash()
net: batman-adv: fix error handling
regmap: Fix possible double-free in regcache_rbtree_exit()
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
RDMA/mlx5: Set user priority for DCT
nvme-tcp: fix data digest pointer calculation
nvmet-tcp: fix data digest pointer calculation
IB/hfi1: Fix abba locking issue with sc_disable()
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict function
drm/ttm: fix memleak in ttm_transfered_destroy
net: lan78xx: fix division by zero in send path
cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
mmc: dw_mmc: exynos: fix the finding clock sample value
mmc: cqhci: clear HALT state after CQE enable
mmc: vub300: fix control-message timeouts
net/tls: Fix flipped sign in tls_err_abort() calls
Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
nfc: port100: fix using -ERRNO as command type mask
ata: sata_mv: Fix the error handling of mv_chip_id()
Revert "pinctrl: bcm: ns: support updated DT binding as syscon subnode"
usbnet: fix error return code in usbnet_probe()
usbnet: sanity check for maxpacket
ipv4: use siphash instead of Jenkins in fnhe_hashfun()
ipv6: use siphash in rt6_exception_hash()
powerpc/bpf: Fix BPF_MOD when imm == 1
ARM: 9141/1: only warn about XIP address when not compile testing
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
ARM: 9134/1: remove duplicate memcpy() definition
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
Linux 5.4.156
pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume()
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
tracing: Have all levels of checks prevent recursion
net: mdiobus: Fix memory leak in __mdiobus_register
scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
Input: snvs_pwrkey - add clk handling
ALSA: hda: avoid write to STATESTS if controller is in reset
platform/x86: intel_scu_ipc: Update timeout value in comment
isdn: mISDN: Fix sleeping function called from invalid context
ARM: dts: spear3xx: Fix gmac node
net: stmmac: add support for dwmac 3.40a
btrfs: deal with errors when checking if a dir entry exists during log replay
gcc-plugins/structleak: add makefile var for disabling structleak
selftests: netfilter: remove stray bash debug line
netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
isdn: cpai: check ctr->cnr to avoid array index out of bound
nfc: nci: fix the UAF of rf_conn_info object
mm, slub: fix potential memoryleak in kmem_cache_open()
mm, slub: fix mismatch between reconstructed freelist depth and cnt
powerpc/idle: Don't corrupt back chain when going idle
KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
powerpc64/idle: Fix SP offsets when saving GPRs
audit: fix possible null-pointer dereference in audit_filter_rules
ASoC: DAPM: Fix missing kctl change notifications
ALSA: hda/realtek: Add quirk for Clevo PC50HS
ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
vfs: check fd has read access in kernel_read_file_from_fd()
elfcore: correct reference to CONFIG_UML
ocfs2: mount fails with buffer overflow in strlen
ocfs2: fix data corruption after conversion from inline format
ceph: fix handling of "meta" errors
can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than 9 bytes
can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive TP.DT with error length
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
can: j1939: j1939_tp_rxtimer(): fix errant alert in j1939_tp_rxtimer
can: peak_pci: peak_pci_remove(): fix UAF
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: rcar_can: fix suspend/resume
net: enetc: fix ethtool counter name for PM0_TERR
net: stmmac: Fix E2E delay mechanism
net: hns3: disable sriov before unload hclge layer
net: hns3: add limit ets dwrr bandwidth cannot be 0
net: hns3: reset DWRR of unused tc to zero
NIOS2: irqflags: rename a redefined register name
net: dsa: lantiq_gswip: fix register definition
lan78xx: select CRC32
netfilter: ipvs: make global sysctl readonly in non-init netns
ASoC: wm8960: Fix clock configuration on slave mode
dma-debug: fix sg checks in debug_dma_map_sg()
NFSD: Keep existing listeners on portlist error
xtensa: xtfpga: Try software restart before simulating CPU reset
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
tee: optee: Fix missing devices unregister during optee_remove
net: switchdev: do not propagate bridge updates across bridges
parisc: math-emu: Fix fall-through warnings
Linux 5.4.155
ionic: don't remove netdev->dev_addr when syncing uc list
r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
qed: Fix missing error code in qed_slowpath_start()
mqprio: Correct stats in mqprio_dump_class_stats().
acpi/arm64: fix next_platform_timer() section mismatch error
drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
drm/msm: Fix null pointer dereference on pointer edp
drm/panel: olimex-lcd-olinuxino: select CRC32
platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
mlxsw: thermal: Fix out-of-bounds memory accesses
ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators()
pata_legacy: fix a couple uninitialized variable bugs
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
nfc: fix error handling of nfc_proto_register()
ethernet: s2io: fix setting mac address during resume
net: encx24j600: check error in devm_regmap_init_encx24j600
net: stmmac: fix get_hw_feature() on old hardware
net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
net: korina: select CRC32
net: arc: select CRC32
gpio: pca953x: Improve bias setting
sctp: account stream padding length for reconf chunk
iio: dac: ti-dac5571: fix an error code in probe()
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: light: opt3001: Fixed timeout error when 0 lux
iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
iio: adc: aspeed: set driver data when adc probe.
powerpc/xive: Discard disabled interrupts in get_irqchip_state()
x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
EDAC/armada-xp: Fix output of uncorrectable error counter
virtio: write back F_VERSION_1 before validate
USB: serial: option: add prod. id for Quectel EG91
USB: serial: option: add Telit LE910Cx composition 0x1204
USB: serial: option: add Quectel EC200S-CN module support
USB: serial: qcserial: add EM9191 QDL support
Input: xpad - add support for another USB ID of Nacon GC-100
usb: musb: dsps: Fix the probe error path
efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock()
efi/cper: use stack buffer for error record decoding
cb710: avoid NULL pointer subtraction
xhci: Enable trust tx length quirk for Fresco FL11 USB controller
xhci: Fix command ring pointer corruption while aborting a command
xhci: guard accesses to ep_state in xhci_endpoint_reset()
mei: me: add Ice Lake-N device id.
x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
watchdog: orion: use 0 for unset heartbeat
btrfs: check for error when looking up inode during dir entry replay
btrfs: deal with errors when adding inode reference during log replay
btrfs: deal with errors when replaying dir entry during log replay
btrfs: unlock newly allocated extent buffer after error
csky: Fixup regs.sr broken in ptrace
csky: don't let sigreturn play with priveleged bits of status register
s390: fix strrchr() implementation
nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - ALC236 headset MIC recording issue
ALSA: hda/realtek: Add quirk for Clevo X170KM-G
ALSA: hda/realtek: Complete partial device name to avoid ambiguity
ALSA: seq: Fix a potential UAF by wrong private_free call order
ALSA: usb-audio: Add quirk for VF0770
ovl: simplify file splice
Linux 5.4.154
sched: Always inline is_percpu_thread()
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
scsi: ses: Fix unsigned comparison with less than zero
drm/amdgpu: fix gart.bo pin_count leak
net: sun: SUNVNET_COMMON should depend on INET
mac80211: check return value of rhashtable_init
net: prevent user from passing illegal stab size
m68k: Handle arrivals of multiple signals correctly
mac80211: Drop frames from invalid MAC address in ad-hoc mode
netfilter: nf_nat_masquerade: defer conntrack walk to work queue
netfilter: nf_nat_masquerade: make async masq_inet6_event handling generic
HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
netfilter: ip6_tables: zero-initialize fragment offset
HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
ext4: correct the error path of ext4_write_inline_data_end()
net: phy: bcm7xxx: Fixed indirect MMD operations
UPSTREAM: ovl: simplify file splice
Linux 5.4.153
x86/Kconfig: Correct reference to MWINCHIP3D
x86/hpet: Use another crystalball to evaluate HPET usability
x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
RISC-V: Include clone3() on rv32
bpf, s390: Fix potential memory leak about jit_data
i2c: acpi: fix resource leak in reconfiguration device addition
net: prefer socket bound to interface when not in VRF
i40e: Fix freeing of uninitialized misc IRQ vector
i40e: fix endless loop under rtnl
gve: fix gve_get_stats()
rtnetlink: fix if_nlmsg_stats_size() under estimation
gve: Correct available tx qpl check
drm/nouveau/debugfs: fix file release memory leak
video: fbdev: gbefb: Only instantiate device when built for IP32
bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893
netlink: annotate data races around nlk->bound
net: sfp: Fix typo in state machine debug string
net/sched: sch_taprio: properly cancel timer from taprio_destroy()
net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence
arm64: dts: ls1028a: add missing CAN nodes
arm64: dts: freescale: Fix SP805 clock-names
ptp_pch: Load module automatically if ID matches
powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
net_sched: fix NULL deref in fifo_set_limit()
phy: mdio: fix memory leak
bpf: Fix integer overflow in prealloc_elems_and_freelist()
bpf, arm: Fix register clobbering in div/mod implementation
xtensa: call irqchip_init only when CONFIG_USE_OF is selected
xtensa: use CONFIG_USE_OF instead of CONFIG_OF
xtensa: move XCHAL_KIO_* definitions to kmem_layout.h
arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding
ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo
ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo
soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference
soc: qcom: socinfo: Fixed argument passed to platform_set_data()
bpf, mips: Validate conditional branch offsets
MIPS: BPF: Restore MIPS32 cBPF JIT
ARM: dts: qcom: apq8064: use compatible which contains chipid
ARM: dts: omap3430-sdp: Fix NAND device node
xen/balloon: fix cancelled balloon action
nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
nfsd: fix error handling of register_pernet_subsys() in init_nfsd()
ovl: fix missing negative dentry check in ovl_rename()
mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
xen/privcmd: fix error handling in mmap-resource processing
usb: typec: tcpm: handle SRC_STARTUP state if cc changes
USB: cdc-acm: fix break reporting
USB: cdc-acm: fix racy tty buffer accesses
Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
ANDROID: Different fix for KABI breakage in 5.4.151 in struct sock
Linux 5.4.152
libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
silence nfscache allocation warnings with kvzalloc
perf/x86: Reset destroy callback on event init failure
kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[]
KVM: do not shrink halt_poll_ns below grow_start
tools/vm/page-types: remove dependency on opt_file for idle page tracking
scsi: ses: Retry failed Send/Receive Diagnostic commands
selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn
selftests: be sure to make khdr before other targets
usb: dwc2: check return value after calling platform_get_resource()
usb: testusb: Fix for showing the connection speed
scsi: sd: Free scsi_disk device via put_device()
ext2: fix sleeping in atomic bugs on error
sparc64: fix pci_iounmap() when CONFIG_PCI is not set
xen-netback: correct success/error reporting for the SKB-with-fraglist case
net: mdio: introduce a shutdown method to mdio device drivers
ANDROID: Fix up KABI breakage in 5.4.151 in struct sock
Linux 5.4.151
HID: usbhid: free raw_report buffers in usbhid_stop
netfilter: ipset: Fix oversized kvmalloc() calls
HID: betop: fix slab-out-of-bounds Write in betop_probe
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
usb: hso: remove the bailout parameter
usb: hso: fix error handling code of hso_create_net_device
hso: fix bailout in error case of probe
libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind
PCI: Fix pci_host_bridge struct device release/free handling
net: stmmac: don't attach interface until resume finishes
net: udp: annotate data race around udp_sk(sk)->corkflag
HID: u2fzero: ignore incomplete packets without data
ext4: fix potential infinite loop in ext4_dx_readdir()
ext4: fix reserved space counter leakage
ext4: fix loff_t overflow in ext4_max_bitmap_size()
ipack: ipoctal: fix module reference leak
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix stack information leak
debugfs: debugfs_create_file_size(): use IS_ERR to check for error
elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
perf/x86/intel: Update event constraints for ICX
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
net: sched: flower: protect fl_walk() with rcu
net: hns3: do not allow call hns3_nic_net_open repeatedly
scsi: csiostor: Add module softdep on cxgb4
Revert "block, bfq: honor already-setup queue merges"
selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
e100: fix buffer overrun in e100_get_regs
e100: fix length calculation in e100_get_regs_len
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
hwmon: (tmp421) fix rounding for negative values
hwmon: (tmp421) report /PVLD condition as fault
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
mac80211-hwsim: fix late beacon hrtimer handling
mac80211: mesh: fix potentially unaligned access
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
drm/amd/display: Pass PCI deviceid into DC
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
mac80211: fix use-after-free in CCMP/GCMP RX
scsi: ufs: Fix illegal offset in UPIU event trace
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field
fs-verity: fix signed integer overflow with i_size near S64_MAX
usb: cdns3: fix race condition before setting doorbell
cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
cpufreq: schedutil: Use kobject release() method to free sugov_tunables
tty: Fix out-of-bound vmalloc access in imageblit
Revert "crypto: public_key: fix overflow during implicit conversion"
Linux 5.4.150
qnx4: work around gcc false positive warning bug
xen/balloon: fix balloon kthread freezing
arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
thermal/drivers/int340x: Do not set a wrong tcc offset on resume
EDAC/synopsys: Fix wrong value type assignment for edac_mode
spi: Fix tegra20 build with CONFIG_PM=n
net: 6pack: Fix tx timeout and slot time
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
arm64: Mark __stack_chk_guard as __ro_after_init
parisc: Use absolute_pointer() to define PAGE0
qnx4: avoid stringop-overread errors
sparc: avoid stringop-overread errors
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
compiler.h: Introduce absolute_pointer macro
blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
sparc32: page align size in arch_dma_alloc
nvme-multipath: fix ANA state updates when a namespace is not present
xen/balloon: use a kernel thread instead a workqueue
bpf: Add oversize check before call kvcalloc()
ipv6: delay fib6_sernum increase in fib6_add
m68k: Double cast io functions to unsigned long
net: stmmac: allow CSR clock of 300MHz
net: macb: fix use after free on rmmod
blktrace: Fix uaf in blk_trace access after removing by sysfs
md: fix a lock order reversal in md_alloc
irqchip/gic-v3-its: Fix potential VPE leak on error
irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
scsi: lpfc: Use correct scnprintf() limit
scsi: qla2xxx: Restore initiator in dual mode
cifs: fix a sign extension bug
thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
fpga: machxo2-spi: Return an error on failure
tty: synclink_gt: rename a conflicting function name
tty: synclink_gt, drop unneeded forward declarations
scsi: iscsi: Adjust iface sysfs attr detection
net/mlx4_en: Don't allow aRFS for encapsulated packets
qed: rdma - don't wait for resources under hw error recovery flow
gpio: uniphier: Fix void functions to remove return value
net/smc: add missing error check in smc_clc_prfx_set()
bnxt_en: Fix TX timeout when TX ring size is set to the smallest
enetc: Fix illegal access when reading affinity_hint
platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
net: hso: fix muxed tty registration
serial: mvebu-uart: fix driver's tx_empty callback
xhci: Set HCD flag to defer primary roothub registration
btrfs: prevent __btrfs_dump_space_info() to underflow its free space
erofs: fix up erofs_lookup tracepoint
mcb: fix error handling in mcb_alloc_bus()
USB: serial: option: add device id for Foxconn T99W265
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: mos7840: remove duplicated 0xac24 device ID
usb: core: hcd: Add support for deferring roothub registration
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
staging: greybus: uart: fix tty use after free
binder: make sure fd closes complete
USB: cdc-acm: fix minor-number release
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
xen/x86: fix PV trap handling on secondary processors
cifs: fix incorrect check for null pointer in header_assemble
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
usb: gadget: r8a66597: fix a loop in set_feature()
ocfs2: drop acl cache for directories too
Linux 5.4.149
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
rtc: rx8010: select REGMAP_I2C
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
pwm: stm32-lp: Don't modify HW state in .remove() callback
pwm: rockchip: Don't modify HW state in .remove() callback
pwm: img: Don't modify HW state in .remove() callback
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
btrfs: fix lockdep warning while mounting sprout fs
ceph: lockdep annotations for try_nonblocking_invalidate
ceph: request Fw caps before updating the mtime in ceph_write_iter
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
dmaengine: ioat: depends on !UML
dmaengine: sprd: Add missing MODULE_DEVICE_TABLE
parisc: Move pci_dev_is_behind_card_dino to where it is used
drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
thermal/core: Fix thermal_cooling_device_register() prototype
Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
net: stmmac: reset Tx desc base address before restarting Tx
phy: avoid unnecessary link-up delay in polling mode
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
profiling: fix shift-out-of-bounds bugs
nilfs2: use refcount_dec_and_lock() to fix potential UAF
prctl: allow to setup brk for et_dyn executables
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
um: virtio_uml: fix memory leak on init failures
staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb()
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
ARM: 9079/1: ftrace: Add MODULE_PLTS support
ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
ARM: 9077/1: PLT: Move struct plt_entries definition to header
apparmor: remove duplicate macro list_entry_is_head()
ARM: Qualify enabling of swiotlb_init()
s390/pci_mmio: fully validate the VMA before calling follow_pte()
console: consume APC, DM, DCS
KVM: remember position in kvm->vcpus array
PCI/ACPI: Add Ampere Altra SOC MCFG quirk
PCI: aardvark: Fix reporting CRS value
PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
PCI: aardvark: Indicate error in 'val' when config read fails
PCI: pci-bridge-emul: Fix big-endian support
Linux 5.4.148
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
s390/bpf: Fix optimizing out zero-extensions
net: renesas: sh_eth: Fix freeing wrong tx descriptor
ip_gre: validate csum_start only on pull
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
fq_codel: reject silly quantum parameters
netfilter: socket: icmp6: fix use-after-scope
net: dsa: b53: Fix calculating number of switch ports
perf unwind: Do not overwrite FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64}
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
KVM: arm64: Handle PSCI resets before userspace touches vCPU state
mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
PCI: Fix pci_dev_str_match_path() alloc while atomic bug
mfd: axp20x: Update AXP288 volatile ranges
NTB: perf: Fix an error code in perf_setup_inbuf()
NTB: Fix an error code in ntb_msit_probe()
ethtool: Fix an error code in cxgb2.c
PCI: ibmphp: Fix double unmap of io_mem
block, bfq: honor already-setup queue merges
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6
PCI: Add ACS quirks for Cavium multi-function devices
tracing/probes: Reject events which have the same name of existing one
mfd: Don't use irq_create_mapping() to resolve a mapping
fuse: fix use after free in fuse_read_interrupt()
PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
mfd: db8500-prcmu: Adjust map to reality
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
net: hns3: fix the timing issue of VF clearing interrupt sources
net: hns3: disable mac in flr process
net: hns3: change affinity_mask to numa node range
net: hns3: pad the short tunnel frame before sending to hardware
KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers
ibmvnic: check failover_pending in login response
dt-bindings: arm: Fix Toradex compatible typo
qed: Handle management FW error
tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup
net/af_unix: fix a data-race in unix_dgram_poll
vhost_net: fix OoB on sendmsg() failure.
events: Reuse value read using READ_ONCE instead of re-reading it
net/mlx5: Fix potential sleeping in atomic context
net/mlx5: FWTrace, cancel work on alloc pd error flow
perf machine: Initialize srcline string member in add_location struct
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
tipc: fix an use-after-free issue in tipc_recvmsg
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
s390/sclp: fix Secure-IPL facility detection
drm/etnaviv: add missing MMU context put when reaping MMU mapping
drm/etnaviv: reference MMU context when setting up hardware state
drm/etnaviv: fix MMU context leak on GPU reset
drm/etnaviv: exec and MMU state is lost when resetting the GPU
drm/etnaviv: keep MMU context across runtime suspend/resume
drm/etnaviv: stop abusing mmu_context as FE running marker
drm/etnaviv: put submit prev MMU context when it exists
drm/etnaviv: return context from etnaviv_iommu_context_get
drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10
PCI: Add AMD GPU multi-function power dependencies
PM: base: power: don't try to use non-existing RTC for storing data
arm64/sve: Use correct size when reinitialising SVE state
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
btrfs: fix upper limit for max_inline for page size 64K
drm/panfrost: Clamp lock region to Bifrost minimum
drm/panfrost: Use u64 for size in lock_region
drm/panfrost: Simplify lock_region calculation
drm/amdgpu: Fix BUG_ON assert
drm/msi/mdp4: populate priv->kms in mdp4_kms_init
net: dsa: lantiq_gswip: fix maximum frame length
lib/test_stackinit: Fix static initializer test
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
mm,vmscan: fix divide by zero in get_scan_count
mm/hugetlb: initialize hugetlb_usage in mm_init
s390/pv: fix the forcing of the swiotlb
cpufreq: powernv: Fix init_chip_info initialization in numa=off
scsi: qla2xxx: Sync queue idx with queue_pair_map idx
scsi: qla2xxx: Changes to support kdump kernel
scsi: BusLogic: Fix missing pr_cont() use
ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
fix array-index-out-of-bounds in taprio_change
net: fix NULL pointer reference in cipso_v4_doi_free
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
net/mlx5: DR, Enable QP retransmission
iwlwifi: mvm: fix access to BSS elements
iwlwifi: mvm: avoid static queue number aliasing
iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
drm/amdkfd: Account for SH/SE count when setting up cu masks.
ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
ASoC: rockchip: i2s: Fix regmap_ops hang
usbip:vhci_hcd USB port can get stuck in the disabled state
usbip: give back URBs for unsent unlink requests during cleanup
usb: musb: musb_dsps: request_irq() after initializing musb
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: core: Return correct emmc response in case of ioctl error
selftests/bpf: Enlarge select() timeout for test_maps
mmc: rtsx_pci: Fix long reads when clock is prescaled
mmc: sdhci-of-arasan: Check return value of non-void funtions
of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
ASoC: Intel: Skylake: Fix passing loadable flag for module
ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
btrfs: tree-log: check btrfs_lookup_data_extent return value
m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
drm/exynos: Always initialize mapping in exynos_drm_register_dma()
lockd: lockd server-side shouldn't set fl_ops
usb: chipidea: host: fix port index underflow and UBSAN complains
gfs2: Don't call dlm after protocol is unmounted
staging: rts5208: Fix get_ms_information() heap buffer size
rpc: fix gss_svc_init cleanup on failure
tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD
serial: sh-sci: fix break handling for sysrq
opp: Don't print an error if required-opps is missing
Bluetooth: Fix handling of LE Enhanced Connection Complete
nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
arm64: dts: ls1046a: fix eeprom entries
arm64: tegra: Fix compatible string for Tegra132 CPUs
ARM: tegra: tamonten: Fix UART pad setting
mac80211: Fix monitor MTU limit so that A-MSDUs get through
drm/display: fix possible null-pointer dereference in dcn10_set_clock()
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
net/mlx5: Fix variable type to match 64bit
Bluetooth: avoid circular locks in sco_sock_connect
Bluetooth: schedule SCO timeouts with delayed_work
selftests/bpf: Fix xdp_tx.c prog section name
drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
arm64: dts: qcom: sdm660: use reg value for memory node
ARM: dts: imx53-ppd: Fix ACHC entry
media: tegra-cec: Handle errors of clk_prepare_enable()
media: TDA1997x: fix tda1997x_query_dv_timings() return value
media: v4l2-dv-timings.c: fix wrong condition in two for-loops
media: imx258: Limit the max analogue gain to 480
media: imx258: Rectify mismatch of VTS value
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
arm64: tegra: Fix Tegra194 PCIe EP compatible string
bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler()
workqueue: Fix possible memory leaks in wq_numa_init()
Bluetooth: skip invalid hci_sync_conn_complete_evt
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
samples: bpf: Fix tracex7 error raised on the missing argument
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390: make PCI mio support a machine flag
s390/jump_label: print real address in a case of a jump label bug
flow_dissector: Fix out-of-bounds warnings
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
drm/amd/display: Fix timer_per_pixel unit error
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
usb: gadget: composite: Allow bMaxPower=0 if self-powered
USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
usb: gadget: u_ether: fix a potential null pointer dereference
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
igc: Check if num of q_vectors is smaller than max before array access
drm: avoid blocking in drm_clients_info's rcu section
Smack: Fix wrong semantics in smk_access_entry()
netlink: Deal with ESRCH error in nlmsg_notify()
video: fbdev: kyro: fix a DoS bug by restricting user input
ARM: dts: qcom: apq8064: correct clock names
iavf: fix locking of critical sections
iavf: do not override the adapter state in the watchdog task
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
tipc: keep the skb in rcv queue until the whole data is read
PCI: Use pci_update_current_state() in pci_enable_device_flags()
crypto: mxs-dcp - Use sg_mapping_iter to copy data
media: dib8000: rewrite the init prbs logic
ASoC: atmel: ATMEL drivers don't need HAS_DMA
drm/amdgpu: Fix amdgpu_ras_eeprom_init()
userfaultfd: prevent concurrent API initialization
kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
MIPS: Malta: fix alignment of the devicetree buffer
f2fs: fix to unmap pages from userspace process in punch_hole()
f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
f2fs: fix to account missing .skipped_gc_rwsem
KVM: PPC: Fix clearing never mapped TCEs in realmode
clk: at91: clk-generated: Limit the requested rate to our range
clk: at91: clk-generated: pass the id of changeable parent at registration
clk: at91: sam9x60: Don't use audio PLL
fscache: Fix cookie key hashing
platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call
KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live
HID: i2c-hid: Fix Elan touchpad regression
scsi: target: avoid per-loop XCOPY buffer allocations
powerpc/config: Renable MTD_PHYSMAP_OF
scsi: qedf: Fix error codes in qedf_alloc_global_queues()
scsi: qedi: Fix error codes in qedi_alloc_global_queues()
scsi: smartpqi: Fix an error code in pqi_get_raid_map()
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
scsi: fdomain: Fix error return code in fdomain_probe()
SUNRPC: Fix potential memory corruption
dma-debug: fix debugfs initialization order
openrisc: don't printk() unconditionally
f2fs: reduce the scope of setting fsck tag when de->name_len is zero
f2fs: show f2fs instance in printk_ratelimited
RDMA/efa: Remove double QP type assignment
powerpc/stacktrace: Include linux/delay.h
vfio: Use config not menuconfig for VFIO_NOIOMMU
pinctrl: samsung: Fix pinctrl bank pin count
docs: Fix infiniband uverbs minor number
RDMA/iwcm: Release resources if iw_cm module initialization fails
IB/hfi1: Adjust pkey entry in index 0
scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
f2fs: quota: fix potential deadlock
HID: input: do not report stylus battery state as "full"
PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
PCI: aardvark: Fix checking for PIO status
PCI: xilinx-nwl: Enable the clock through CCF
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
PCI/portdrv: Enable Bandwidth Notification only if port supports it
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
dmaengine: imx-sdma: remove duplicated sdma_load_context
Revert "dmaengine: imx-sdma: refine to load context only once"
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
power: supply: max17042: handle fails of reading status register
block: bfq: fix bfq_set_next_ioprio_data()
crypto: public_key: fix overflow during implicit conversion
arm64: head: avoid over-mapping in map_memory
soc: aspeed: p2a-ctrl: Fix boundary check for mmap
soc: aspeed: lpc-ctrl: Fix boundary check for mmap
soc: qcom: aoss: Fix the out of bound usage of cooling_devs
pinctrl: ingenic: Fix incorrect pull up/down info
pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
tools/thermal/tmon: Add cross compiling support
9p/xen: Fix end of loop tests for list_for_each_entry
include/linux/list.h: add a macro to test if entry is pointing to the head
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
PCI/MSI: Skip masking MSI-X on Xen PV
blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
btrfs: reset replace target device to allocation state on close
btrfs: wake up async_delalloc_pages waiters after submit
rtc: tps65910: Correct driver module alias
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/arm/tegra.yaml
Documentation/devicetree/bindings/mtd/gpmc-nand.txt
Documentation/devicetree/bindings/regulator/samsung,s5m8767.txt
kernel/sched/cpufreq_schedutil.c
Change-Id: Id17c4366cdc6854cd23fba0f41d335b09fc6100e
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
|
||
|
Greg Kroah-Hartman
|
454e00abb3 |
Revert "net: fix information leakage in /proc/net/ptype"
This reverts commit |
||
|
Eric Dumazet
|
4fc41403f0 |
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
commit e42e70ad6ae2ae511a6143d2e8da929366e58bd9 upstream.
When packet_setsockopt( PACKET_FANOUT_DATA ) reads po->fanout,
no lock is held, meaning that another thread can change po->fanout.
Given that po->fanout can only be set once during the socket lifetime
(it is only cleared from fanout_release()), we can use
READ_ONCE()/WRITE_ONCE() to document the race.
BUG: KCSAN: data-race in packet_setsockopt / packet_setsockopt
write to 0xffff88813ae8e300 of 8 bytes by task 14653 on cpu 0:
fanout_add net/packet/af_packet.c:1791 [inline]
packet_setsockopt+0x22fe/0x24a0 net/packet/af_packet.c:3931
__sys_setsockopt+0x209/0x2a0 net/socket.c:2180
__do_sys_setsockopt net/socket.c:2191 [inline]
__se_sys_setsockopt net/socket.c:2188 [inline]
__x64_sys_setsockopt+0x62/0x70 net/socket.c:2188
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff88813ae8e300 of 8 bytes by task 14654 on cpu 1:
packet_setsockopt+0x691/0x24a0 net/packet/af_packet.c:3935
__sys_setsockopt+0x209/0x2a0 net/socket.c:2180
__do_sys_setsockopt net/socket.c:2191 [inline]
__se_sys_setsockopt net/socket.c:2188 [inline]
__x64_sys_setsockopt+0x62/0x70 net/socket.c:2188
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x0000000000000000 -> 0xffff888106f8c000
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 14654 Comm: syz-executor.3 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes:
|
||
|
Eric Dumazet
|
bd43771ee9 |
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
commit c6f6f2444bdbe0079e41914a35081530d0409963 upstream.
While looking at one unrelated syzbot bug, I found the replay logic
in __rtnl_newlink() to potentially trigger use-after-free.
It is better to clear master_dev and m_ops inside the loop,
in case we have to replay it.
Fixes:
|
||
|
Eric Dumazet
|
b1d17e920d |
net: sched: fix use-after-free in tc_new_tfilter()
commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 upstream.
Whenever tc_new_tfilter() jumps back to replay: label,
we need to make sure @q and @chain local variables are cleared again,
or risk use-after-free as in [1]
For consistency, apply the same fix in tc_ctl_chain()
BUG: KASAN: use-after-free in mini_qdisc_pair_swap+0x1b9/0x1f0 net/sched/sch_generic.c:1581
Write of size 8 at addr ffff8880985c4b08 by task syz-executor.4/1945
CPU: 0 PID: 1945 Comm: syz-executor.4 Not tainted 5.17.0-rc1-syzkaller-00495-gff58831fa02d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
mini_qdisc_pair_swap+0x1b9/0x1f0 net/sched/sch_generic.c:1581
tcf_chain_head_change_item net/sched/cls_api.c:372 [inline]
tcf_chain0_head_change.isra.0+0xb9/0x120 net/sched/cls_api.c:386
tcf_chain_tp_insert net/sched/cls_api.c:1657 [inline]
tcf_chain_tp_insert_unique net/sched/cls_api.c:1707 [inline]
tc_new_tfilter+0x1e67/0x2350 net/sched/cls_api.c:2086
rtnetlink_rcv_msg+0x80d/0xb80 net/core/rtnetlink.c:5583
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x539/0x7e0 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x331/0x810 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmmsg+0x195/0x470 net/socket.c:2553
__do_sys_sendmmsg net/socket.c:2582 [inline]
__se_sys_sendmmsg net/socket.c:2579 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f2647172059
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2645aa5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f2647285100 RCX: 00007f2647172059
RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000006
RBP: 00007f26471cc08d R08: 0000000000000000 R09: 0000000000000000
R10: 9e00000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffb3f7f02f R14: 00007f2645aa5300 R15: 0000000000022000
</TASK>
Allocated by task 1944:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:436 [inline]
____kasan_kmalloc mm/kasan/common.c:515 [inline]
____kasan_kmalloc mm/kasan/common.c:474 [inline]
__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524
kmalloc_node include/linux/slab.h:604 [inline]
kzalloc_node include/linux/slab.h:726 [inline]
qdisc_alloc+0xac/0xa10 net/sched/sch_generic.c:941
qdisc_create.constprop.0+0xce/0x10f0 net/sched/sch_api.c:1211
tc_modify_qdisc+0x4c5/0x1980 net/sched/sch_api.c:1660
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5592
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x539/0x7e0 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x331/0x810 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmmsg+0x195/0x470 net/socket.c:2553
__do_sys_sendmmsg net/socket.c:2582 [inline]
__se_sys_sendmmsg net/socket.c:2579 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Freed by task 3609:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track+0x21/0x30 mm/kasan/common.c:45
kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
____kasan_slab_free mm/kasan/common.c:366 [inline]
____kasan_slab_free+0x130/0x160 mm/kasan/common.c:328
kasan_slab_free include/linux/kasan.h:236 [inline]
slab_free_hook mm/slub.c:1728 [inline]
slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1754
slab_free mm/slub.c:3509 [inline]
kfree+0xcb/0x280 mm/slub.c:4562
rcu_do_batch kernel/rcu/tree.c:2527 [inline]
rcu_core+0x7b8/0x1540 kernel/rcu/tree.c:2778
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
Last potentially related work creation:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
__kasan_record_aux_stack+0xbe/0xd0 mm/kasan/generic.c:348
__call_rcu kernel/rcu/tree.c:3026 [inline]
call_rcu+0xb1/0x740 kernel/rcu/tree.c:3106
qdisc_put_unlocked+0x6f/0x90 net/sched/sch_generic.c:1109
tcf_block_release+0x86/0x90 net/sched/cls_api.c:1238
tc_new_tfilter+0xc0d/0x2350 net/sched/cls_api.c:2148
rtnetlink_rcv_msg+0x80d/0xb80 net/core/rtnetlink.c:5583
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x539/0x7e0 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:725
____sys_sendmsg+0x331/0x810 net/socket.c:2413
___sys_sendmsg+0xf3/0x170 net/socket.c:2467
__sys_sendmmsg+0x195/0x470 net/socket.c:2553
__do_sys_sendmmsg net/socket.c:2582 [inline]
__se_sys_sendmmsg net/socket.c:2579 [inline]
__x64_sys_sendmmsg+0x99/0x100 net/socket.c:2579
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff8880985c4800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 776 bytes inside of
1024-byte region [ffff8880985c4800, ffff8880985c4c00)
The buggy address belongs to the page:
page:ffffea0002617000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x985c0
head:ffffea0002617000 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c41dc0
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1941, ts 1038999441284, free_ts 1033444432829
prep_new_page mm/page_alloc.c:2434 [inline]
get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165
__alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389
alloc_pages+0x1aa/0x310 mm/mempolicy.c:2271
alloc_slab_page mm/slub.c:1799 [inline]
allocate_slab mm/slub.c:1944 [inline]
new_slab+0x28a/0x3b0 mm/slub.c:2004
___slab_alloc+0x87c/0xe90 mm/slub.c:3018
__slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3105
slab_alloc_node mm/slub.c:3196 [inline]
slab_alloc mm/slub.c:3238 [inline]
__kmalloc+0x2fb/0x340 mm/slub.c:4420
kmalloc include/linux/slab.h:586 [inline]
kzalloc include/linux/slab.h:715 [inline]
__register_sysctl_table+0x112/0x1090 fs/proc/proc_sysctl.c:1335
neigh_sysctl_register+0x2c8/0x5e0 net/core/neighbour.c:3787
devinet_sysctl_register+0xb1/0x230 net/ipv4/devinet.c:2618
inetdev_init+0x286/0x580 net/ipv4/devinet.c:278
inetdev_event+0xa8a/0x15d0 net/ipv4/devinet.c:1532
notifier_call_chain+0xb5/0x200 kernel/notifier.c:84
call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1919
call_netdevice_notifiers_extack net/core/dev.c:1931 [inline]
call_netdevice_notifiers net/core/dev.c:1945 [inline]
register_netdevice+0x1073/0x1500 net/core/dev.c:9698
veth_newlink+0x59c/0xa90 drivers/net/veth.c:1722
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1352 [inline]
free_pcp_prepare+0x374/0x870 mm/page_alloc.c:1404
free_unref_page_prepare mm/page_alloc.c:3325 [inline]
free_unref_page+0x19/0x690 mm/page_alloc.c:3404
release_pages+0x748/0x1220 mm/swap.c:956
tlb_batch_pages_flush mm/mmu_gather.c:50 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:243 [inline]
tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:250
zap_pte_range mm/memory.c:1441 [inline]
zap_pmd_range mm/memory.c:1490 [inline]
zap_pud_range mm/memory.c:1519 [inline]
zap_p4d_range mm/memory.c:1540 [inline]
unmap_page_range+0x1d1d/0x2a30 mm/memory.c:1561
unmap_single_vma+0x198/0x310 mm/memory.c:1606
unmap_vmas+0x16b/0x2f0 mm/memory.c:1638
exit_mmap+0x201/0x670 mm/mmap.c:3178
__mmput+0x122/0x4b0 kernel/fork.c:1114
mmput+0x56/0x60 kernel/fork.c:1135
exit_mm kernel/exit.c:507 [inline]
do_exit+0xa3c/0x2a30 kernel/exit.c:793
do_group_exit+0xd2/0x2f0 kernel/exit.c:935
__do_sys_exit_group kernel/exit.c:946 [inline]
__se_sys_exit_group kernel/exit.c:944 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:944
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Memory state around the buggy address:
ffff8880985c4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880985c4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880985c4b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8880985c4b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880985c4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Fixes:
|
||
|
Greg Kroah-Hartman
|
46c68a5628 |
This is the 5.4.176 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmH5XswACgkQONu9yGCS
aT6/lBAArJTa4FEh0MyylhIOKaEl55Sklq1lwFGvKySWH5DftdzNE4YqMkcV0tvU
D+E/rrMMW6T5F8SpQFMwMWGF4k3kUxxwG4xuwr2Nc5Xshqcpyb/M5drWkJlJ1iod
rSO4FUxcs+1KBmj8MAkBSgKFEkva2sVQK+lIESTvEOo15K6seHl/Wiyouo/MDMiu
tLO1C8C0lH5sFzQ3sGIaQdMZ0LmDmV2G0UNaJwwPvDbqADYfhCnXrLI/Gi4TXScz
StbVXh1PD5ieGWr7ExFkIMQ3WA75m9rjKDU+StR6AqCZu6ejo1nA7IEFP9D/vz0B
il5Td3RtJLgvRUZIrlVQ8aMSxrJqM5t/l6Kfxk6qMRbVvSSr13UQims9L7Epowcu
7ti2Y69MtJNIFYoTqqzxm4kveRO+J9UNLk0YVOp3dh0kCjSUlTn9VLwCsDE7PMc/
KQ7GCsCMeEJJSGgDKqc5+xbIrtXZv6GCaN8vIKS3fecye6oslXroLkRgkQEsNH1Y
fmDQ46mzDHgnmUhl4Ew/UkR6SFmbmvaX9eZDug5Q7iC8/FMm6H+5GLUtpJEnedlE
n2EPYwupUToPJzQr1mujzGN0T6NZTwmuxz9YwVBUn6iRvBn3bTbla48Ghu6tG7FJ
nJ/FnpPtMKl1Q37Xs8FgjdpzxDxoeQu7q0fkg/Rtug3O3+c263M=
=OGQL
-----END PGP SIGNATURE-----
Merge 5.4.176 into android11-5.4-lts
Changes in 5.4.176
Bluetooth: refactor malicious adv data check
s390/hypfs: include z/VM guests with access control group set
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
PM: wakeup: simplify the output logic of pm_show_wakelocks()
tracing/histogram: Fix a potential memory leak for kstrdup()
tracing: Don't inc err_log entry count if entry allocation fails
fsnotify: fix fsnotify hooks in pseudo filesystems
drm/etnaviv: relax submit size limits
arm64: errata: Fix exec handling in erratum
|
||
|
Eric Dumazet
|
c30ecdba9e |
ipv4: tcp: send zero IPID in SYNACK messages
[ Upstream commit 970a5a3ea86da637471d3cd04d513a0755aba4bf ] In commit |
||
|
Eric Dumazet
|
51dde4ae5a |
ipv4: raw: lock the socket in raw_bind()
[ Upstream commit 153a0d187e767c68733b8e9f46218eb1f41ab902 ]
For some reason, raw_bind() forgot to lock the socket.
BUG: KCSAN: data-race in __ip4_datagram_connect / raw_bind
write to 0xffff8881170d4308 of 4 bytes by task 5466 on cpu 0:
raw_bind+0x1b0/0x250 net/ipv4/raw.c:739
inet_bind+0x56/0xa0 net/ipv4/af_inet.c:443
__sys_bind+0x14b/0x1b0 net/socket.c:1697
__do_sys_bind net/socket.c:1708 [inline]
__se_sys_bind net/socket.c:1706 [inline]
__x64_sys_bind+0x3d/0x50 net/socket.c:1706
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff8881170d4308 of 4 bytes by task 5468 on cpu 1:
__ip4_datagram_connect+0xb7/0x7b0 net/ipv4/datagram.c:39
ip4_datagram_connect+0x2a/0x40 net/ipv4/datagram.c:89
inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576
__sys_connect_file net/socket.c:1900 [inline]
__sys_connect+0x197/0x1b0 net/socket.c:1917
__do_sys_connect net/socket.c:1927 [inline]
__se_sys_connect net/socket.c:1924 [inline]
__x64_sys_connect+0x3d/0x50 net/socket.c:1924
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00000000 -> 0x0003007f
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 5468 Comm: syz-executor.5 Not tainted 5.17.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes:
|
||
David Howells
|
18684bb996 |
rxrpc: Adjust retransmission backoff
[ Upstream commit 2c13c05c5ff4b9fc907b07f7311821910ebaaf8a ]
Improve retransmission backoff by only backing off when we retransmit data
packets rather than when we set the lost ack timer.
To this end:
(1) In rxrpc_resend(), use rxrpc_get_rto_backoff() when setting the
retransmission timer and only tell it that we are retransmitting if we
actually have things to retransmit.
Note that it's possible for the retransmission algorithm to race with
the processing of a received ACK, so we may see no packets needing
retransmission.
(2) In rxrpc_send_data_packet(), don't bump the backoff when setting the
ack_lost_at timer, as it may then get bumped twice.
With this, when looking at one particular packet, the retransmission
intervals were seen to be 1.5ms, 2ms, 3ms, 5ms, 9ms, 17ms, 33ms, 71ms,
136ms, 264ms, 544ms, 1.088s, 2.1s, 4.2s and 8.3s.
Fixes: c410bf01933e ("rxrpc: Fix the excessive initial retransmission timeout")
Suggested-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: https://lore.kernel.org/r/164138117069.2023386.17446904856843997127.stgit@warthog.procyon.org.uk/
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Florian Westphal
|
0d26470b25 |
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
[ Upstream commit 830af2eba40327abec64325a5b08b1e85c37a2e0 ]
The packet isn't invalid, REPEAT means we're trying again after cleaning
out a stale connection, e.g. via tcp tracker.
This caused increases of invalid stat counter in a test case involving
frequent connection reuse, even though no packet is actually invalid.
Fixes:
|
||
|
Eric Dumazet
|
cdfaf8e985 |
ipv6: annotate accesses to fn->fn_sernum
commit aafc2e3285c2d7a79b7ee15221c19fbeca7b1509 upstream.
struct fib6_node's fn_sernum field can be
read while other threads change it.
Add READ_ONCE()/WRITE_ONCE() annotations.
Do not change existing smp barriers in fib6_get_cookie_safe()
and __fib6_update_sernum_upto_root()
syzbot reported:
BUG: KCSAN: data-race in fib6_clean_node / inet6_csk_route_socket
write to 0xffff88813df62e2c of 4 bytes by task 1920 on cpu 1:
fib6_clean_node+0xc2/0x260 net/ipv6/ip6_fib.c:2178
fib6_walk_continue+0x38e/0x430 net/ipv6/ip6_fib.c:2112
fib6_walk net/ipv6/ip6_fib.c:2160 [inline]
fib6_clean_tree net/ipv6/ip6_fib.c:2240 [inline]
__fib6_clean_all+0x1a9/0x2e0 net/ipv6/ip6_fib.c:2256
fib6_flush_trees+0x6c/0x80 net/ipv6/ip6_fib.c:2281
rt_genid_bump_ipv6 include/net/net_namespace.h:488 [inline]
addrconf_dad_completed+0x57f/0x870 net/ipv6/addrconf.c:4230
addrconf_dad_work+0x908/0x1170
process_one_work+0x3f6/0x960 kernel/workqueue.c:2307
worker_thread+0x616/0xa70 kernel/workqueue.c:2454
kthread+0x1bf/0x1e0 kernel/kthread.c:359
ret_from_fork+0x1f/0x30
read to 0xffff88813df62e2c of 4 bytes by task 15701 on cpu 0:
fib6_get_cookie_safe include/net/ip6_fib.h:285 [inline]
rt6_get_cookie include/net/ip6_fib.h:306 [inline]
ip6_dst_store include/net/ip6_route.h:234 [inline]
inet6_csk_route_socket+0x352/0x3c0 net/ipv6/inet6_connection_sock.c:109
inet6_csk_xmit+0x91/0x1e0 net/ipv6/inet6_connection_sock.c:121
__tcp_transmit_skb+0x1323/0x1840 net/ipv4/tcp_output.c:1402
tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
tcp_write_xmit+0x1450/0x4460 net/ipv4/tcp_output.c:2680
__tcp_push_pending_frames+0x68/0x1c0 net/ipv4/tcp_output.c:2864
tcp_push+0x2d9/0x2f0 net/ipv4/tcp.c:725
mptcp_push_release net/mptcp/protocol.c:1491 [inline]
__mptcp_push_pending+0x46c/0x490 net/mptcp/protocol.c:1578
mptcp_sendmsg+0x9ec/0xa50 net/mptcp/protocol.c:1764
inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:643
sock_sendmsg_nosec net/socket.c:705 [inline]
sock_sendmsg net/socket.c:725 [inline]
kernel_sendmsg+0x97/0xd0 net/socket.c:745
sock_no_sendpage+0x84/0xb0 net/core/sock.c:3086
inet_sendpage+0x9d/0xc0 net/ipv4/af_inet.c:834
kernel_sendpage+0x187/0x200 net/socket.c:3492
sock_sendpage+0x5a/0x70 net/socket.c:1007
pipe_to_sendpage+0x128/0x160 fs/splice.c:364
splice_from_pipe_feed fs/splice.c:418 [inline]
__splice_from_pipe+0x207/0x500 fs/splice.c:562
splice_from_pipe fs/splice.c:597 [inline]
generic_splice_sendpage+0x94/0xd0 fs/splice.c:746
do_splice_from fs/splice.c:767 [inline]
direct_splice_actor+0x80/0xa0 fs/splice.c:936
splice_direct_to_actor+0x345/0x650 fs/splice.c:891
do_splice_direct+0x106/0x190 fs/splice.c:979
do_sendfile+0x675/0xc40 fs/read_write.c:1245
__do_sys_sendfile64 fs/read_write.c:1310 [inline]
__se_sys_sendfile64 fs/read_write.c:1296 [inline]
__x64_sys_sendfile64+0x102/0x140 fs/read_write.c:1296
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x0000026f -> 0x00000271
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 15701 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
The Fixes tag I chose is probably arbitrary, I do not think
we need to backport this patch to older kernels.
Fixes:
|
||
Jianguo Wu
|
9f0a6acac4 |
net-procfs: show net devices bound packet types
commit 1d10f8a1f40b965d449e8f2d5ed7b96a7c138b77 upstream.
After commit:7866a621043f ("dev: add per net_device packet type chains"),
we can not get packet types that are bound to a specified net device by
/proc/net/ptype, this patch fix the regression.
Run "tcpdump -i ens192 udp -nns0" Before and after apply this patch:
Before:
[root@localhost ~]# cat /proc/net/ptype
Type Device Function
0800 ip_rcv
0806 arp_rcv
86dd ipv6_rcv
After:
[root@localhost ~]# cat /proc/net/ptype
Type Device Function
ALL ens192 tpacket_rcv
0800 ip_rcv
0806 arp_rcv
86dd ipv6_rcv
v1 -> v2:
- fix the regression rather than adding new /proc API as
suggested by Stephen Hemminger.
Fixes:
|
||
|
Xin Long
|
ca5355771c |
ping: fix the sk_bound_dev_if match in ping_lookup
commit 2afc3b5a31f9edf3ef0f374f5d70610c79c93a42 upstream.
When 'ping' changes to use PING socket instead of RAW socket by:
# sysctl -w net.ipv4.ping_group_range="0 100"
the selftests 'router_broadcast.sh' will fail, as such command
# ip vrf exec vrf-h1 ping -I veth0 198.51.100.255 -b
can't receive the response skb by the PING socket. It's caused by mismatch
of sk_bound_dev_if and dif in ping_rcv() when looking up the PING socket,
as dif is vrf-h1 if dif's master was set to vrf-h1.
This patch is to fix this regression by also checking the sk_bound_dev_if
against sdif so that the packets can stil be received even if the socket
is not bound to the vrf device but to the real iif.
Fixes:
|
||
Congyu Liu
|
e372ecd455 |
net: fix information leakage in /proc/net/ptype
commit 47934e06b65637c88a762d9c98329ae6e3238888 upstream.
In one net namespace, after creating a packet socket without binding
it to a device, users in other net namespaces can observe the new
`packet_type` added by this packet socket by reading `/proc/net/ptype`
file. This is minor information leakage as packet socket is
namespace aware.
Add a net pointer in `packet_type` to keep the net namespace of
of corresponding packet socket. In `ptype_seq_show`, this net pointer
must be checked when it is not NULL.
Fixes:
|
||
Ido Schimmel
|
20b7af4131 |
ipv6_tunnel: Rate limit warning messages
commit 6cee105e7f2ced596373951d9ea08dacc3883c68 upstream.
The warning messages can be invoked from the data path for every packet
transmitted through an ip6gre netdev, leading to high CPU utilization.
Fix that by rate limiting the messages.
Fixes:
|
||
Pablo Neira Ayuso
|
2bf7dee6f4 |
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
commit 4e1860a3863707e8177329c006d10f9e37e097a8 upstream.
IP fragments do not come with the transport header, hence skip bogus
layer 4 checksum updates.
Fixes:
|
||
Amir Goldstein
|
5463cfd833 |
fsnotify: fix fsnotify hooks in pseudo filesystems
commit 29044dae2e746949ad4b9cbdbfb248994d1dcdb4 upstream. Commit |
||
Brian Gix
|
835d370685 |
Bluetooth: refactor malicious adv data check
commit 899663be5e75dc0174dc8bda0b5e6826edf0b29a upstream. Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop processing so that it doesn't get checked after ptr has been advanced. Signed-off-by: Brian Gix <brian.gix@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Cc: syphyr <syphyr@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
a075d1beb1 |
ANDROID: Fix CRC issue up with xfrm headers in 5.4.174
Two changes to net/xfrm/xfrm_policy.c in the 5.4.174 release ended up changing the CRC for a xfrm function, despite no actual change happening. Fix this up by putting __GENKSYMS__ bounds on the include files to preserve the CRC. Bug: 161946584 Fixes: |
||
|
Greg Kroah-Hartman
|
b3174205cf |
This is the 5.4.174 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmHyVbEACgkQONu9yGCS aT6r6BAA13mGwb3g/n6W1539J2McTd3Wq7HhkvGnOQmJAHJKLzp51QYAXgLbRLCM gUOCPXh6o2gt3+lFrhFy0TE9F1VQY7Igyb2RziF9mdAcvEqcBXL11n6kZHGxx0TO rOpv/SoWMd/QrKC7Ytf5zgH+81dGYWr1L1Ge9g7KWmCev15zAvJQ4mQv6a8CQhCD pUZRBvFx8AGS6q/s9ZPZfvVBcHJDNF89/mkkWNzFgIOcXJh/01JdqNK635stUXu4 +hQYUpG2gj9X2i+e0bc2i95pql7M5OAdX3TBlMeiEjKkyXJuyWTCXSO332QLTeaP xF8Z6JQ0n4W4GI9AgQCWwOaDahtlh6rmpVj+iekeYOMMB6Y5zAoFOIu1DTBEwDK6 F+s5KGfV8t5zkWY6iFOUwHTsjeNc4qqX8B6Br3Yjo7HHBxiggNDD5k4IYe0wAvJL NzOTjdvVbG+qRmhGMQMOpLhDJaHVEJCaXCmv1G97AceaL/RcenUZkn3pQZbn5O7u iMFV620WB0tYyfsiWaQrC7HgVZRyoUYBcxuxdm/g8NqYAPM61HOBKQbyaG9jClyf dq+lnvipJzUmeTsrzkd0NON24HS53hYBZPQjxp7xuoFooBUQjd5iYJvPzeLUm2+g /PlDC4B48pZa3zm8z2amyxf7leaxZUqc2d/J8wSGM/lvaJ3BV7M= =eMMF -----END PGP SIGNATURE----- Merge 5.4.174 into android11-5.4-lts Changes in 5.4.174 HID: uhid: Fix worker destroying device without any protection HID: wacom: Reset expected and received contact counts at the same time HID: wacom: Ignore the confidence flag when a touch is removed HID: wacom: Avoid using stale array indicies to read contact count f2fs: fix to do sanity check in is_alive() nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 x86/gpu: Reserve stolen memory for first integrated Intel GPU tools/nolibc: x86-64: Fix startup code bug tools/nolibc: i386: fix initial stack alignment tools/nolibc: fix incorrect truncation of exit code rtc: cmos: take rtc_lock while reading from CMOS media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE media: flexcop-usb: fix control-message timeouts media: mceusb: fix control-message timeouts media: em28xx: fix control-message timeouts media: cpia2: fix control-message timeouts media: s2255: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: redrat3: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: stk1160: fix control-message timeouts can: softing_cs: softingcs_probe(): fix memleak on registration failure lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller mm_zone: add function to check if managed dma zone exists mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode drm/rockchip: dsi: Hold pm-runtime across bind/unbind drm/rockchip: dsi: Reconfigure hardware on resume() drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure drm/panel: innolux-p079zca: Delete panel on attach() failure drm/rockchip: dsi: Fix unbalanced clock on probe error Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails clk: bcm-2835: Pick the closest clock rate clk: bcm-2835: Remove rounding up the dividers wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND wcn36xx: Release DMA channel descriptor allocations media: videobuf2: Fix the size printk format media: aspeed: fix mode-detect always time out at 2nd run media: em28xx: fix memory leak in em28xx_init_dev media: aspeed: Update signal status immediately to ensure sane hw state arm64: dts: meson-gxbb-wetek: fix HDMI in early boot arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Bluetooth: stop proccessing malicious adv data tee: fix put order in teedev_close_context() media: dmxdev: fix UAF when dvb_register_device() fails crypto: qce - fix uaf on qce_ahash_register_one arm64: dts: ti: k3-j721e: correct cache-sets info tty: serial: atmel: Check return code of dmaengine_submit() tty: serial: atmel: Call dma_async_issue_pending() media: rcar-csi2: Correct the selection of hsfreqrange media: imx-pxp: Initialize the spinlock prior to using it media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' netfilter: bridge: add support for pppoe filtering arm64: dts: qcom: msm8916: fix MMC controller aliases ACPI: EC: Rework flushing of EC work while suspended to idle drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() arm64: dts: ti: k3-j721e: Fix the L2 cache sets tty: serial: uartlite: allow 64 bit address serial: amba-pl011: do not request memory region twice floppy: Fix hang in watchdog when disk is ejected staging: rtl8192e: return error code from rtllib_softmac_init() staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() Bluetooth: btmtksdio: fix resume failure media: dib8000: Fix a memleak in dib8000_init() media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: si2157: Fix "warm" tuner state detection sched/rt: Try to restart rt period timer when rt runtime exceeded rcu/exp: Mark current CPU as exp-QS in IPI loop second pass mwifiex: Fix possible ABBA deadlock xfrm: fix a small bug in xfrm_sa_len() crypto: stm32/cryp - fix xts and race condition in crypto_engine requests crypto: stm32/cryp - fix double pm exit crypto: stm32/cryp - fix lrw chaining mode ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors media: dw2102: Fix use after free media: msi001: fix possible null-ptr-deref in msi001_probe() media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes drm/msm/dpu: fix safe status debugfs file drm/bridge: ti-sn65dsi86: Set max register for regmap media: hantro: Fix probe func error path xfrm: interface with if_id 0 should return error xfrm: state and policy should fail if XFRMA_IF_ID 0 ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding usb: ftdi-elan: fix memory leak on device disconnect ARM: dts: armada-38x: Add generic compatible to UART nodes mmc: meson-mx-sdio: add IRQ check selinux: fix potential memleak in selinux_add_opt() bpftool: Enable line buffering for stdout x86/mce/inject: Avoid out-of-bounds write when setting flags ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt(). ppp: ensure minimum packet size in ppp_write() rocker: fix a sleeping in atomic bug staging: greybus: audio: Check null pointer fsl/fman: Check for null pointer after calling devm_ioremap Bluetooth: hci_bcm: Check for error irq HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad debugfs: lockdown: Allow reading debugfs files that are not world readable net/mlx5e: Don't block routes with nexthop objects in SW Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels" net/mlx5: Set command entry semaphore up once got index free spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe tpm: add request_locality before write TPM_INT_ENABLE can: softing: softing_startstop(): fix set but not used variable warning can: xilinx_can: xcan_probe(): check for error irq pcmcia: fix setting of kthread task states net: mcs7830: handle usb read errors properly ext4: avoid trim error on fs with small groups ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: hda: Add missing rwsem around snd_ctl_remove() calls RDMA/hns: Validate the pkey index clk: imx8mn: Fix imx8mn_clko1_sels powerpc/prom_init: Fix improper check of prom_getprop() ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA ALSA: oss: fix compile error when OSS_DEBUG is enabled char/mwave: Adjust io port register size binder: fix handling of error during copy iommu/io-pgtable-arm: Fix table descriptor paddr formatting scsi: ufs: Fix race conditions related to driver data PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() powerpc/powermac: Add additional missing lockdep_register_key() RDMA/core: Let ib_find_gid() continue search even after empty entry RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry ASoC: rt5663: Handle device_property_read_u32_array error codes clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell dmaengine: pxa/mmp: stop referencing config->slave_id iommu/iova: Fix race between FQ timeout and teardown phy: uniphier-usb3ss: fix unintended writing zeros to PHY register ASoC: mediatek: Check for error clk pointer ASoC: samsung: idma: Check of ioremap return value misc: lattice-ecp3-config: Fix task hung when firmware load failed mips: lantiq: add support for clk_set_parent() mips: bcm63xx: add support for clk_set_parent() RDMA/cxgb4: Set queue pair state when being queried of: base: Fix phandle argument length mismatch error message Bluetooth: Fix debugfs entry leak in hci_register_dev() fs: dlm: filter user dlm messages for kernel locks drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR ARM: shmobile: rcar-gen2: Add missing of_node_put() batman-adv: allow netlink usage in unprivileged containers usb: gadget: f_fs: Use stream_open() for endpoint files drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L HID: apple: Do not reset quirks when the Fn key is not found media: b2c2: Add missing check in flexcop_pci_isr: EDAC/synopsys: Use the quirk for version instead of ddr version mlxsw: pci: Add shutdown method in PCI driver drm/bridge: megachips: Ensure both bridges are probed before registration gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use HSI: core: Fix return freed object in hsi_new_client mwifiex: Fix skb_over_panic in mwifiex_usb_recv() rsi: Fix use-after-free in rsi_rx_done_handler() rsi: Fix out-of-bounds read in rsi_read_pkt() usb: uhci: add aspeed ast2600 uhci support floppy: Add max size check for user space request x86/mm: Flush global TLB when switching to trampoline page-table media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: m920x: don't use stack on USB reads iwlwifi: mvm: synchronize with FW after multicast commands ath10k: Fix tx hanging net-sysfs: update the queue counts in the unregistration path net: phy: prefer 1000baseT over 1000baseKX gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock x86/mce: Mark mce_panic() noinstr x86/mce: Mark mce_end() noinstr x86/mce: Mark mce_read_aux() noinstr net: bonding: debug: avoid printing debug logs when bond is not notifying peers bpf: Do not WARN in bpf_warn_invalid_xdp_action() HID: quirks: Allow inverting the absolute X/Y values media: igorplugusb: receiver overflow should be reported media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO audit: ensure userspace is penalized the same as the kernel when under pressure arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus arm64: tegra: Adjust length of CCPLEX cluster MMIO region cpufreq: Fix initialization of min and max frequency QoS requests usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream iwlwifi: fix leaks/bad data after failed firmware load iwlwifi: remove module loading failure message iwlwifi: mvm: Fix calculation of frame length um: registers: Rename function names to avoid conflicts and build problems jffs2: GC deadlock reading a page that is used in jffs2_write_begin() ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Fix wrong interpretation of PCC address ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 drm/amdgpu: fixup bad vram size on gmc v8 ACPI: battery: Add the ThinkPad "Not Charging" quirk btrfs: remove BUG_ON() in find_parent_nodes() btrfs: remove BUG_ON(!eie) in find_parent_nodes net: mdio: Demote probed message to debug print mac80211: allow non-standard VHT MCS-10/11 dm btree: add a defensive bounds check to insert_at() dm space map common: add bounds check to sm_ll_lookup_bitmap() net: phy: marvell: configure RGMII delays for 88E1118 net: gemini: allow any RGMII interface mode regulator: qcom_smd: Align probe function with rpmh-regulator serial: pl010: Drop CR register reset on set_termios serial: core: Keep mctrl register state and cached copy in sync random: do not throw away excess input to crng_fast_load parisc: Avoid calling faulthandler_disabled() twice powerpc/6xx: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/btext: add missing of_node_put powerpc/watchdog: Fix missed watchdog reset due to memory ordering race i2c: i801: Don't silently correct invalid transfer size powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: mpc: Correct I2C reset procedure clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB powerpc/powermac: Add missing lockdep_register_key() KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST w1: Misuse of get_user()/put_user() reported by sparse scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup ALSA: seq: Set upper limit of processed events powerpc: handle kdump appropriately with crash_kexec_post_notifiers option MIPS: OCTEON: add put_device() after of_find_device_by_node() i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: Octeon: Fix build errors using clang scsi: sr: Don't use GFP_DMA ASoC: mediatek: mt8173: fix device_node leak power: bq25890: Enable continuous conversion for ADC at charging rpmsg: core: Clean up resources on announce_create failure. crypto: omap-aes - Fix broken pm_runtime_and_get() usage crypto: stm32/crc32 - Fix kernel BUG triggered in probe() crypto: caam - replace this_cpu_ptr with raw_cpu_ptr ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers fuse: Pass correct lend value to filemap_write_and_wait_range() serial: Fix incorrect rs485 polarity on uart open cputime, cpuacct: Include guest time in user time in cpuacct.stat tracing/kprobes: 'nmissed' not showed correctly for kretprobe iwlwifi: mvm: Increase the scan timeout guard to 30 seconds s390/mm: fix 2KB pgtable release race drm/etnaviv: limit submit sizes drm/nouveau/kms/nv04: use vzalloc for nv04_display drm/bridge: analogix_dp: Make PSR-exit block less PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space PCI: pci-bridge-emul: Correctly set PCIe capabilities PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device xfrm: fix policy lookup for ipv6 gre packets btrfs: fix deadlock between quota enable and other quota operations btrfs: check the root node for uptodate before returning it btrfs: respect the max size in the header when activating swap file ext4: make sure to reset inode lockdep class when quota enabling fails ext4: make sure quota gets properly shutdown on error ext4: set csum seed in tmp inode while migrating to extents ext4: Fix BUG_ON in ext4_bread when write quota data ext4: don't use the orphan list when migrating an inode drm/radeon: fix error handling in radeon_driver_open_kms of: base: Improve argument length mismatch error firmware: Update Kconfig help text for Google firmware media: rcar-csi2: Optimize the selection PHTW register Documentation: dmaengine: Correctly describe dmatest with channel unset Documentation: ACPI: Fix data node reference documentation Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization Documentation: fix firewire.rst ABI file path error scsi: core: Show SCMD_LAST in text form RDMA/hns: Modify the mapping attribute of doorbell to device RDMA/rxe: Fix a typo in opcode name dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK Revert "net/mlx5: Add retry mechanism to the command entry index allocation" powerpc/cell: Fix clang -Wimplicit-fallthrough warning powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses bpftool: Remove inclusion of utilities.mak from Makefiles ipv4: avoid quadratic behavior in netns dismantle net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries f2fs: fix to reserve space for IO align feature af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress clk: si5341: Fix clock HW provider cleanup net: axienet: limit minimum TX ring size net: axienet: fix number of TX ring slots for available check net: axienet: increase default TX ring size to 128 rtc: pxa: fix null pointer dereference inet: frags: annotate races around fqdir->dead and fqdir->high_thresh netns: add schedule point in ops_exit_list() xfrm: Don't accidentally set RTO_ONLINK in decode_session4() gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst() libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() perf script: Fix hex dump character output dmaengine: at_xdmac: Don't start transactions at tx_submit level dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Fix concurrency over xfers_list dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Fix at_xdmac_lld struct definition arm64: dts: qcom: msm8996: drop not documented adreno properties net_sched: restore "mpu xxx" handling bcmgenet: add WOL IRQ check net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property dt-bindings: display: meson-vpu: Add missing amlogic,canvas property scripts/dtc: dtx_diff: remove broken example from help text lib82596: Fix IRQ check in sni_82596_probe lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test mtd: nand: bbt: Fix corner case in bad block table handling Revert "ia64: kprobes: Use generic kretprobe trampoline handler" Linux 5.4.174 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia656821e4377afa7ca279a6ed92195989be831b3 |
||
qctecmdr
|
1c39a31881 | Merge "bridge: Port Hy-Fi bridging hooks" | ||
Kevin Bracey
|
3bd7629eb8 |
net_sched: restore "mpu xxx" handling
commit fb80445c438c78b40b547d12b8d56596ce4ccfeb upstream. commit |
||
Guillaume Nault
|
91e58091a6 |
gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
commit f7716b318568b22fbf0e3be99279a979e217cf71 upstream.
Mask the ECN bits before initialising ->flowi4_tos. The tunnel key may
have the last ECN bit set, which will interfere with the route lookup
process as ip_route_output_key_hash() interpretes this bit specially
(to restrict the route scope).
Found by code inspection, compile tested only.
Fixes:
|
||
|
Guillaume Nault
|
1e06cb37fe |
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
commit 23e7b1bfed61e301853b5e35472820d919498278 upstream. Similar to commit |
||
|
Eric Dumazet
|
d6bfcc8d95 |
netns: add schedule point in ops_exit_list()
commit 2836615aa22de55b8fca5e32fe1b27a67cda625e upstream.
When under stress, cleanup_net() can have to dismantle
netns in big numbers. ops_exit_list() currently calls
many helpers [1] that have no schedule point, and we can
end up with soft lockups, particularly on hosts
with many cpus.
Even for moderate amount of netns processed by cleanup_net()
this patch avoids latency spikes.
[1] Some of these helpers like fib_sync_up() and fib_sync_down_dev()
are very slow because net/ipv4/fib_semantics.c uses host-wide hash tables,
and ifindex is used as the only input of two hash functions.
ifindexes tend to be the same for all netns (lo.ifindex==1 per instance)
This will be fixed in a separate patch.
Fixes:
|
||
|
Eric Dumazet
|
577d3c5291 |
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
commit 91341fa0003befd097e190ec2a4bf63ad957c49a upstream.
Both fields can be read/written without synchronization,
add proper accessors and documentation.
Fixes:
|