f4b76e8165
734 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
39c4c9c65c |
This is the 5.4.226 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmORuw8ACgkQONu9yGCS
aT4qeRAAjtp+p7ECcaXqZ4vHIka9IGcwRhjWbeB/xFCOgKKbOOLmZP9Cql1pJdEp
grdcp/tjNAwi1ec80+G/3AaAWqGRFHYi/Tboe+ZSHIp4Oot78fSclMp6lCMh/bzC
eR6niNNNlrEUC/lj0h5lWRJvQd6MK4orSCOCybeJ+HRmrLcm1pGSuJmssHoBn7Xk
JHg3RR5OW4BU4UHQHmcJfeH+J5zfNH0ygu1L3MRqzoINWUJ7PtSrIdR5xCm/4ibr
oyOH0nenC3hkOM4atui/92dX3HsNxazuA51Ch0AANFRiKYjJBIXMitapi1BvpqfB
Ny1I95j37Tuys4OQhJhNlbvHgxdNmouEHH06SwY8+yaU6LPkrFtdD0AxIDofakBZ
Npy9AkYmvj14ARAeyqzswxSQGWuuvlDjJR3dId/kIuP8wcRcNWsrFefHs0YZxhjn
o0LKmpkw5QgjW7Gh8TKEdl4saAXZwLXV00gHN9DD6UOr4eYNHtBHUJg6zMN5aR19
Dco+UTJj1NlmlEBDP6pFp9LTAcTsjVh6FVpX+uMRs18+kXS3SxzPgB9qEwjerU5m
HA0pzc+BgZqHpu3LhkbC4JfGNJ9fHnVZe6fT6/kTt3SiaEtLx8JKvH6VsCHVgEv6
whY3hlS4bWII8Jey0ZS8BtyKJiku3zfGDXAQ3rpwGbX1ddDn+d8=
=qI32
-----END PGP SIGNATURE-----
Merge 5.4.226 into android11-5.4-lts
Changes in 5.4.226
wifi: mac80211: fix memory free error when registering wiphy fail
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
audit: fix undefined behavior in bit shift for AUDIT_BIT
wifi: mac80211: Fix ack frame idr leak when mesh has no route
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
block, bfq: fix null pointer dereference in bfq_bio_bfqg()
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
RISC-V: vdso: Do not add missing symbols to version section in linker script
MIPS: pic32: treat port as signed integer
af_key: Fix send_acquire race with pfkey_register
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
regulator: core: fix kobject release warning and memory leak in regulator_register()
regulator: core: fix UAF in destroy_regulator()
bus: sunxi-rsb: Support atomic transfers
tee: optee: fix possible memory leak in optee_register_device()
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
net: liquidio: simplify if expression
nfc/nci: fix race with opening and closing
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
ARM: mxs: fix memory leak in mxs_machine_init()
net/mlx4: Check retval of mlx4_bitmap_init
net/qla3xxx: fix potential memleak in ql3xxx_send()
net: pch_gbe: fix pci device refcount leak while module exiting
nfp: add port from netdev validation for EEPROM access
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
net/mlx5: Fix FW tracer timestamp calculation
tipc: set con sock in tipc_conn_alloc
tipc: add an extra conn_get in tipc_conn_alloc
tipc: check skb_linearize() return value in tipc_disc_rcv()
xfrm: Fix ignored return value in xfrm6_init()
NFC: nci: fix memory leak in nci_rx_data_packet()
regulator: twl6030: re-add TWL6032_SUBCLASS
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
s390/dasd: fix no record found for raw_track_access
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
net: thunderx: Fix the ACPI memory leak
s390/crashdump: fix TOD programmable field size
lib/vdso: use "grep -E" instead of "egrep"
usb: dwc3: exynos: Fix remove() function
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
iio: light: apds9960: fix wrong register for gesture gain
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
nios2: add FORCE for vmlinuz.gz
iio: ms5611: Simplify IO callback parameters
iio: pressure: ms5611: fixed value compensation bug
ceph: do not update snapshot context when there is no new snapshot
ceph: avoid putting the realm twice when decoding snaps fails
firmware: google: Release devices before unregistering the bus
firmware: coreboot: Register bus in module init
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
gcov: clang: fix the buffer overflow issue
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
xen/platform-pci: add missing free_irq() in error path
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
platform/x86: hp-wmi: Ignore Smart Experience App event
tcp: configurable source port perturb table size
net: usb: qmi_wwan: add Telit 0x103a composition
dm integrity: flush the journal on suspend
binder: avoid potential data leakage when copying txn
binder: read pre-translated fds from sender buffer
binder: defer copies of pre-patched txn data
binder: fix pointer cast warning
binder: Address corner cases in deferred copy and fixup
binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
btrfs: free btrfs_path before copying root refs to userspace
btrfs: free btrfs_path before copying fspath to userspace
btrfs: free btrfs_path before copying subvol info to userspace
btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
drm/amdgpu: always register an MMU notifier for userptr
drm/i915: fix TLB invalidation for Gen12 video and compute engines
fuse: lock inode unconditionally in fuse_fallocate()
btrfs: free btrfs_path before copying inodes to userspace
spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker
drm/amdgpu: update drm_display_info correctly when the edid is read
drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
iio: health: afe4403: Fix oob read in afe4403_read_raw
iio: health:
|
||
David Howells
|
1c1d4830a9 |
afs: Fix fileserver probe RTT handling
[ Upstream commit ca57f02295f188d6c65ec02202402979880fa6d8 ]
The fileserver probing code attempts to work out the best fileserver to
use for a volume by retrieving the RTT calculated by AF_RXRPC for the
probe call sent to each server and comparing them. Sometimes, however,
no RTT estimate is available and rxrpc_kernel_get_srtt() returns false,
leading good fileservers to be given an RTT of UINT_MAX and thus causing
the rotation algorithm to ignore them.
Fix afs_select_fileserver() to ignore rxrpc_kernel_get_srtt()'s return
value and just take the estimated RTT it provides - which will be capped
at 1 second.
Fixes: 1d4adfaf6574 ("rxrpc: Make rxrpc_kernel_get_srtt() indicate validity")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: https://lore.kernel.org/r/166965503999.3392585.13954054113218099395.stgit@warthog.procyon.org.uk/
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
79e1dca55a |
This is the 5.4.215 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmM0DhEACgkQONu9yGCS
aT4CBA/9FmkhfUpJXWhlEAHaZX/aiskQS1vgauXP/TBy/8InVr/kY8sD6n5RUsi0
Qkt3M4a+VDsKBPiyRV+KgfiHA4Sms09IRcRpFmwslR8OzPkmZBApqHoeQCCu+/kt
OTFsbiHa+tfFhOOyAXL7Q0an+yOHxPe+/RxokBYDknp1CAWbVgDTLWGY2EfX6Xa6
EjsjTKwb3WkDfbAgdvnblYcQkfUJB3kF3tk8yZnyPWQ/soZMrzVroocAK6JgzzXi
hO+VHG7yfC0gTF4w4R+DY5qPzCO6I7cq5K2fL7PFzwDX7D8uotaDS8QNHPyxsjZW
gLltTdhEa2HZyjTnuUeiXBmQ5vA6pLULcHP96neUWB+vULDIqXzi/TKyq6Ybetak
3yQgldQB81apEzKTRMaQKPqoNlP11qfq1jsGIFXKY5ZPxNL2IOuePA8+LGFXO2/H
KrALeTmPe+f3vLyf/tDdDTM3fHWmN3bKwyxCXCdR5hvqCBWsExA+Q64NEZ24PYZ6
O5SFhEvTMpuAWpeMiiAsftuxC/OnyTzPdCzMUfiWrk1UDYcYxYSxdOpGd18St+ir
1OzhI+TO/R2heMhAHBsxrHBzO4ZdFhK+nCivPRSzyPSITyD7rMJdxE3cNJDWc9Ye
DnIBm6IGJGo3rCCnPXFEsWulvElwDU0+QWxeX3uxIYkEKxbeMPo=
=gmE/
-----END PGP SIGNATURE-----
Merge 5.4.215 into android11-5.4-lts
Changes in 5.4.215
of: fdt: fix off-by-one error in unflatten_dt_nodes()
NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
drm/meson: Correct OSD1 global alpha value
drm/meson: Fix OSD1 RGB to YCbCr coefficient
parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
task_stack, x86/cea: Force-inline stack helpers
tracing: hold caller_addr to hardirq_{enable,disable}_ip
cifs: revalidate mapping when doing direct writes
cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
MAINTAINERS: add Chandan as xfs maintainer for 5.4.y
iomap: iomap that extends beyond EOF should be marked dirty
ASoC: nau8824: Fix semaphore unbalance at error paths
regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe()
rxrpc: Fix local destruction being repeated
rxrpc: Fix calc of resend age
ALSA: hda/sigmatel: Keep power up while beep is enabled
ALSA: hda/tegra: Align BDL entry to 4KB boundary
net: usb: qmi_wwan: add Quectel RM520N
afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
mksysmap: Fix the mismatch of 'L0' symbols in System.map
video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
ALSA: hda/sigmatel: Fix unused variable warning for beep power change
usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
usb: dwc3: Issue core soft reset before enabling run/stop
usb: dwc3: gadget: Prevent repeat pullup()
usb: dwc3: gadget: Refactor pullup()
usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
usb: xhci-mtk: get the microframe boundary for ESIT
usb: xhci-mtk: add only one extra CS for FS/LS INTR
usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
usb: xhci-mtk: add a function to (un)load bandwidth info
usb: xhci-mtk: add some schedule error number
usb: xhci-mtk: allow multiple Start-Split in a microframe
usb: xhci-mtk: relax TT periodic bandwidth allocation
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
serial: atmel: remove redundant assignment in rs485_config
tty: serial: atmel: Preserve previous USART mode if RS485 disabled
usb: add quirks for Lenovo OneLink+ Dock
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
usb: cdns3: fix issue with rearming ISO OUT endpoint
Revert "usb: add quirks for Lenovo OneLink+ Dock"
Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
USB: core: Fix RST error in hub.c
USB: serial: option: add Quectel BG95 0x0203 composition
USB: serial: option: add Quectel RM520N
ALSA: hda/tegra: set depop delay for tegra
ALSA: hda: add Intel 5 Series / 3400 PCI DID
ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
ALSA: hda/realtek: Re-arrange quirk table entries
ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
efi: libstub: check Shim mode using MokSBStateRT
mm/slub: fix to return errno if kmalloc() fails
arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
netfilter: nf_conntrack_irc: Tighten matching on DCC message
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
iavf: Fix cached head and tail value for iavf_get_tx_pending
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
net: team: Unsync device addresses on ndo_stop
MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
MIPS: Loongson32: Fix PHY-mode being left unspecified
iavf: Fix bad page state
iavf: Fix set max MTU size with port VLAN and jumbo frames
i40e: Fix VF set max MTU size
i40e: Fix set max_tx_rate when it is lower than 1 Mbps
of: mdio: Add of_node_put() when breaking out of for_each_xx
net/sched: taprio: avoid disabling offload when it was never enabled
net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs
netfilter: ebtables: fix memory leak when blob is malformed
can: gs_usb: gs_can_open(): fix race dev->can.state condition
perf jit: Include program header in ELF files
perf kcore_copy: Do not check /proc/modules is unchanged
net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
net: sched: fix possible refcount leak in tc_new_tfilter()
serial: Create uart_xmit_advance()
serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
usb: xhci-mtk: fix issue of out-of-bounds array access
cifs: always initialize struct msghdr smb_msg completely
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
drm/amdgpu: use dirty framebuffer helper
drm/amd/display: Limit user regamma to a valid value
drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
workqueue: don't skip lockdep work dependency in cancel_work_sync()
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata
xfs: slightly tweak an assert in xfs_fs_map_blocks
xfs: add missing assert in xfs_fsmap_owner_from_rmap
xfs: range check ri_cnt when recovering log items
xfs: attach dquots and reserve quota blocks during unwritten conversion
xfs: Fix deadlock between AGI and AGF when target_ip exists in xfs_rename()
xfs: convert EIO to EFSCORRUPTED when log contents are invalid
xfs: constify the buffer pointer arguments to error functions
xfs: always log corruption errors
xfs: fix some memory leaks in log recovery
xfs: stabilize insert range start boundary to avoid COW writeback race
xfs: use bitops interface for buf log item AIL flag check
xfs: refactor agfl length computation function
xfs: split the sunit parameter update into two parts
xfs: don't commit sunit/swidth updates to disk if that would cause repair failures
xfs: fix an ABBA deadlock in xfs_rename
xfs: fix use-after-free when aborting corrupt attr inactivation
ext4: make directory inode spreading reflect flexbg size
Linux 5.4.215
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic4723318e38b6d2502091cfb41fe602e59c1a538
|
||
|
David Howells
|
c53c3cbca5 |
afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
[ Upstream commit 0066f1b0e27556381402db3ff31f85d2a2265858 ] When trying to get a file lock on an AFS file, the server may return UAEAGAIN to indicate that the lock is already held. This is currently translated by the default path to -EREMOTEIO. Translate it instead to -EAGAIN so that we know we can retry it. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Jeffrey E Altman <jaltman@auristor.com> cc: Marc Dionne <marc.dionne@auristor.com> cc: linux-afs@lists.infradead.org Link: https://lore.kernel.org/r/166075761334.3533338.2591992675160918098.stgit@warthog.procyon.org.uk/ Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
b4a6b74ba6 |
This is the 5.4.213 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMi+MwACgkQONu9yGCS aT4IkBAAhpd/6xWYZtqNbOoVv4vOMF4o2mF5aAfypmR5xWJzX6XQC8KlEiAefwr3 odMhGqahKgFhRAIqSAtJ3ug/cZXuCNybEl6d/CJH25k+XP26B45/KVIpyOUC+6b1 KpN8KpoB/5tQlLzyMMwF/NZiK8/X4hwUQQAIvIhmac+9PsetrjZ9+7AmRV8UwOgR YBJADUB4NOHn6/pYOiGyZe7BZANR/Og+TEAhw/QlNu0p+WS+6VZa7O8DlwrsfR6p GxA1Hh0Sq/hAago0A2iLHlydSMIeyrjPXfhBba1Kn+uohtZ5CAf8hgT9r0lKzDZf gnfFY0f6+OonAkCySg+3AkOnnMI7EElY4W7WacVo5o0ojQYZ4UANZGZ8xDNQNMso 1tfUx4hkOAwBKhycMVoPC3tLNwIwHu//8bDLNcgXW5qILl3STrBOhBQOVzK5AXzx 34dCeifq0hL1ciCjYWGVC1N8PdDUmSMjljDuoN/weDeGvbXjesoUFghLQjH6pk69 Qyn4H5lpt3hxzVy8Bjr+QYe4qFlfBTnMn54VCEjIrd0+XgKxeEiVoapXTWczgJND eCGrlI1744ObZrKcwVRg73Af6YWoKWfePzx0wk0i5Y98yCU0HpjbxmhUgSyBTxgY VlGP/AptUdMNQ81fpB2rGXBlF/h5EkIUrHaQNsYJecc60ZlrCaU= =GZfQ -----END PGP SIGNATURE----- Merge 5.4.213 into android11-5.4-lts Changes in 5.4.213 efi: capsule-loader: Fix use-after-free in efi_capsule_write wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() net: mvpp2: debugfs: fix memory leak when using debugfs_lookup() fs: only do a memory barrier for the first set_buffer_uptodate() Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" net: dp83822: disable false carrier interrupt drm/msm/dsi: fix the inconsistent indenting drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask iio: adc: mcp3911: make use of the sign bit ieee802154/adf7242: defer destroy_workqueue call wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() Revert "xhci: turn off port power in shutdown" net: sched: tbf: don't call qdisc_put() while holding tree lock ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler kcm: fix strp_init() order and cleanup sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb tcp: annotate data-race around challenge_timestamp Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" net/smc: Remove redundant refcount increase serial: fsl_lpuart: RS485 RTS polariy is inverse staging: rtl8712: fix use after free bugs powerpc: align syscall table for ppc32 vt: Clear selection before changing the font tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag iio: adc: mcp3911: use correct formula for AD conversion misc: fastrpc: fix memory corruption on probe misc: fastrpc: fix memory corruption on open USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id binder: fix UAF of ref->proc caused by race condition usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Fix runtime PM sequence in clk_core_unprepare() Input: rk805-pwrkey - fix module autoloading clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate hwmon: (gpio-fan) Fix array out of bounds access gpio: pca953x: Add mutex_lock for regcache sync in PM thunderbolt: Use the actual buffer in tb_async_error() xhci: Add grace period after xHC start to prevent premature runtime suspend. USB: serial: cp210x: add Decagon UCA device id USB: serial: option: add support for OPPO R11 diag port USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles usb: dwc2: fix wrong order of phy_power_on and phy_init USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb-storage: Add ignore-residue quirk for NXP PN7462AU s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages s390: fix nospec table alignments USB: core: Prevent nested device-reset calls usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS driver core: Don't probe devices after bus_type.match() probe deferral wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected ip: fix triggering of 'icmp redirect' net: mac802154: Fix a condition in the receive path ALSA: seq: oss: Fix data-race for max_midi_devs access ALSA: seq: Fix data-race at module auto-loading drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk btrfs: harden identification of a stale device usb: dwc3: fix PHY disable sequence usb: dwc3: disable USB core PHY management USB: serial: ch341: fix lost character on LCR updates USB: serial: ch341: fix disabled rx timer on older devices scsi: megaraid_sas: Fix double kfree() drm/gem: Fix GEM handle release errors drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. drm/radeon: add a force flush to delay work when radeon parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() kprobes: Prohibit probes in gate area debugfs: add debugfs_lookup_and_remove() nvmet: fix a use-after-free scsi: mpt3sas: Fix use-after-free warning scsi: lpfc: Add missing destroy_workqueue() in error path cgroup: Optimize single thread migration cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock smb3: missing inode locks in punch hole ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node regulator: core: Clean up on enable failure RDMA/cma: Fix arguments order in net device validation soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs RDMA/hns: Fix supported page size netfilter: br_netfilter: Drop dst references before setting. netfilter: nf_conntrack_irc: Fix forged IP logic rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() afs: Use the operation issue time instead of the reply time for callbacks sch_sfb: Don't assume the skb is still around after enqueueing to child tipc: fix shift wrapping bug in map_get() i40e: Fix kernel crash during module removal RDMA/siw: Pass a pointer to virt_to_page() ipv6: sr: fix out-of-bounds read when setting HMAC data. RDMA/mlx5: Set local port to one when accessing counters nvme-tcp: fix UAF when detecting digest errors tcp: fix early ETIMEDOUT after spurious non-SACK RTO sch_sfb: Also store skb len before calling child enqueue x86/nospec: Fix i386 RSB stuffing MIPS: loongson32: ls1c: Fix hang during startup Linux 5.4.213 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic3f5e3a6ecfe0a7377117e09cf2690b4027238a5 |
||
|
David Howells
|
a2f0ff5bee |
afs: Use the operation issue time instead of the reply time for callbacks
[ Upstream commit 7903192c4b4a82d792cb0dc5e2779a2efe60d45b ] rxrpc and kafs between them try to use the receive timestamp on the first data packet (ie. the one with sequence number 1) as a base from which to calculate the time at which callback promise and lock expiration occurs. However, we don't know how long it took for the server to send us the reply from it having completed the basic part of the operation - it might then, for instance, have to send a bunch of a callback breaks, depending on the particular operation. Fix this by using the time at which the operation is issued on the client as a base instead. That should never be longer than the server's idea of the expiry time. Fixes: |
||
|
Greg Kroah-Hartman
|
8e932637c7 |
This is the 5.4.202 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmK7+C0ACgkQONu9yGCS aT7ABRAApBLbHpMdFCb6y74Fou+BzFOCdmP8zhFCShBQM8aWdyjTzCyyF+C9mUQv Yxr2dSCRTwlalfL5uuUh1iSIfD6ggM+d7SzZpWz13WeJOECdRmSQYK2yjvdievzb Ce3YyqE2XLhZENY6e3tJmk5e0g5Sq3VAgmyghOshaP8Jn63ASuADW+GDjIVn+wSW udnq9tSV6Seq6BxTBtz+eX64vwcnRgz1Z0TC/BXlMCnboHJe9W62XejKxm/n/zMF d6EoHroY9IV9/OYyfClVJhGx6nnkJc9EnLPejcnF847HGd//Mhx9GOLbf5MUro3b ZSPmdPF7XryjX0iBvz1AUIPjHFYhVfXpALz6GtMKvvkX5r42ShwWrmidLjnCOeE3 TCkwrFYdkGKB3ldsu+OcBh8lEbn8HDmjRY117YEBWRTosn07ANtDFbXHKD+mWQDw JjfdxSRuhTEHpgrwDhvLhm2guq7C5zF78O7JWtv7XelI9MyufIkB9RcVqjaMTfpA 3iqOBICRXrKeSNfCdBACUYm3++XmRFZWgX9mSVWwfXTLWbDzONhY1y1oJdWNFZex lQhrEardpxHxVMHEppXioWZhbEC7ugYy6MB67M/aTDcPkxerXh4XGMTPxbMcCEwW 0sIA0Kfko3j+qWyYtVG5/T3WJQhOKqEjt9B9GtmGKy/3dpRAe48= =i4p5 -----END PGP SIGNATURE----- Merge 5.4.202 into android11-5.4-lts Changes in 5.4.202 vt: drop old FONT ioctls random: schedule mix_interrupt_randomness() less often ALSA: hda/via: Fix missing beep setup ALSA: hda/conexant: Fix missing beep setup ALSA: hda/realtek - ALC897 headset MIC no sound ALSA: hda/realtek: Add quirk for Clevo PD70PNT net: openvswitch: fix parsing of nw_proto for IPv6 fragments mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing mtd: rawnand: gpmi: Fix setting busy timeout setting ata: libata: add qc->flags in ata_qc_complete_template tracepoint dm era: commit metadata in postsuspend after worker stops dm mirror log: clear log bits up to BITS_PER_LONG boundary random: quiet urandom warning ratelimit suppression message USB: serial: option: add Telit LE910Cx 0x1250 composition USB: serial: option: add Quectel EM05-G modem USB: serial: option: add Quectel RM500K module support bpf: Fix request_sock leak in sk lookup helpers phy: aquantia: Fix AN when higher speeds than 1G are not advertised bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf erspan: do not assume transport header is always set net/tls: fix tls_sk_proto_close executed repeatedly udmabuf: add back sanity check x86/xen: Remove undefined behavior in setup_features() MIPS: Remove repetitive increase irq_err_count afs: Fix dynamic root getattr ice: ethtool: advertise 1000M speeds properly regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips igb: Make DMA faster when CPU is active on the PCIe link virtio_net: fix xdp_rxq_info bug after suspend/resume Revert "net/tls: fix tls_sk_proto_close executed repeatedly" gpio: winbond: Fix error code in winbond_gpio_get() s390/cpumf: Handle events cycles and instructions identical iio: adc: vf610: fix conversion mode sysfs node name xhci: turn off port power in shutdown usb: chipidea: udc: check request status before setting device address iio:chemical:ccs811: rearrange iio trigger get and register iio:accel:bma180: rearrange iio trigger get and register iio:accel:mxc4005: rearrange iio trigger get and register iio: accel: mma8452: ignore the return value of reset operation iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() iio: trigger: sysfs: fix use-after-free on remove iio: adc: stm32: fix maximum clock rate for stm32mp15x iio: adc: axp288: Override TS pin bias current for some models xtensa: xtfpga: Fix refcount leak bug in setup xtensa: Fix refcount leak bug in time.c parisc: Enable ARCH_HAS_STRICT_MODULE_RWX powerpc: Enable execve syscall exit tracepoint powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address powerpc/powernv: wire up rng during setup_arch ARM: dts: imx6qdl: correct PU regulator ramp delay ARM: exynos: Fix refcount leak in exynos_map_pmu soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe ARM: Fix refcount leak in axxia_boot_secondary ARM: cns3xxx: Fix refcount leak in cns3xxx_init modpost: fix section mismatch check for exported init/exit sections random: update comment from copy_to_user() -> copy_to_iter() kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) powerpc/pseries: wire up rng during setup_arch() Linux 5.4.202 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ide925d318c8d1f6c3ba72df07c40105a9e5913d5 |
||
|
David Howells
|
e3a232e576 |
afs: Fix dynamic root getattr
[ Upstream commit cb78d1b5efffe4cf97e16766329dd7358aed3deb ]
The recent patch to make afs_getattr consult the server didn't account
for the pseudo-inodes employed by the dynamic root-type afs superblock
not having a volume or a server to access, and thus an oops occurs if
such a directory is stat'd.
Fix this by checking to see if the vnode->volume pointer actually points
anywhere before following it in afs_getattr().
This can be tested by stat'ing a directory in /afs. It may be
sufficient just to do "ls /afs" and the oops looks something like:
BUG: kernel NULL pointer dereference, address: 0000000000000020
...
RIP: 0010:afs_getattr+0x8b/0x14b
...
Call Trace:
<TASK>
vfs_statx+0x79/0xf5
vfs_fstatat+0x49/0x62
Fixes: 2aeb8c86d499 ("afs: Fix afs_getattr() to refetch file status if callback break occurred")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: https://lore.kernel.org/r/165408450783.1031787.7941404776393751186.stgit@warthog.procyon.org.uk/
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
a778a36923 |
This is the 5.4.198 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKos2QACgkQONu9yGCS
aT4QYQ//WQD/rHjO021lbo/z4eZbWUxjDiQNisJQY4MTCnIJgPYROJ6YLBLL2+of
VwDdZ0yQNpf3hBA3qgTZ8RgaBinVf+WNAk37Ap/3VFXTExxgyGCx7p/PG+Jx9Jk4
qd9YPHZCu8g9rQjJoex95fd8Fedu47tzBSd88MoAKiLz90JsNbYUZb+gqdRrLAYc
6krd7zm7T8Grk31xUWOl/tlUSxveuUuz6QQr5mwPmSyspz4gQXsBlrKSrNSWmk0o
qtqgqUCypvpKTF7RYiEoS3F8wy4XvWpGsET+W79SJ84inVx3EMsZKXB9GsWVZZgI
fm3eFjn10NcgA+lvc7TJpwKg0f5g8uHW/06FcfYwgBhbI+otCFDLQkkHtViN0wY2
gks3PLPsYJdAZTlwIvjNY0XY7wRqjS7Ta1pf+d1po1EndEFAyH76KJaIGCzdVKb4
OeSEy4Xw8HxmuCO+mrUtRVRqV3Y7x88GuJC359iDKYdDpc+Z21FcvaVcgrR5cy2V
A7ICKIfNyArgNmWnXQ6UBXqS1rDcoyfJe+0CYyRRdgDO/ON48Mx8FIW9YJrSrMeS
XEx6cw6VKZ7hE1G71us/ITOOeUlHO93V7Ju+oOcx9Fgew8TZ0mdNMliOFUFaNWPb
iAG+zZD0jwP5iyx0KFfOJyyuoovEtjBh9ZgVIF5BP3Ry1xRHuHY=
=oE7B
-----END PGP SIGNATURE-----
Merge 5.4.198 into android11-5.4-lts
Changes in 5.4.198
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
USB: serial: option: add Quectel BG95 modem
USB: new quirk for Dell Gen 2 devices
usb: core: hcd: Add support for deferring roothub registration
perf/x86/intel: Fix event constraints for ICL
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
btrfs: add "0x" prefix for unsupported optional features
btrfs: repair super block num_devices automatically
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
b43legacy: Fix assigning negative value to unsigned variable
b43: Fix assigning negative value to unsigned variable
ipw2x00: Fix potential NULL dereference in libipw_xmit()
ipv6: fix locking issues with loops over idev->addr_list
fbcon: Consistently protect deferred_takeover with console_lock()
ACPICA: Avoid cache flush inside virtual machines
drm/komeda: return early if drm_universal_plane_init() fails.
ALSA: jack: Access input_dev under mutex
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
tools/power turbostat: fix ICX DRAM power numbers
drm/amd/pm: fix double free in si_parse_power_table()
ath9k: fix QCA9561 PA bias level
media: venus: hfi: avoid null dereference in deinit
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: cx25821: Fix the warning when removing the module
md/bitmap: don't set sb values if can't pass sanity check
mmc: jz4740: Apply DMA engine limits to maximum segment size
scsi: megaraid: Fix error check return value of register_chrdev()
drm/plane: Move range check for format_count earlier
drm/amd/pm: fix the compile warning
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
drm: msm: fix error check return value of irq_of_parse_and_map()
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
net/mlx5: fs, delete the FTE when there are no rules attached to it
ASoC: dapm: Don't fold register value changes into notifications
mlxsw: spectrum_dcb: Do not warn about priority changes
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
ipmi:ssif: Check for NULL msg when handling events and messages
ipmi: Fix pr_fmt to avoid compilation issues
rtlwifi: Use pr_warn instead of WARN_ONCE
media: coda: limit frame interval enumeration to supported encoder frame sizes
media: cec-adap.c: fix is_configuring state
openrisc: start CPU timer early in boot
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
ASoC: rt5645: Fix errorenous cleanup order
nbd: Fix hung on disconnect request if socket is closed before
net: phy: micrel: Allow probing without .driver_data
media: exynos4-is: Fix compile warning
ASoC: max98357a: remove dependency on GPIOLIB
hwmon: Make chip parameter for with_info API mandatory
rxrpc: Return an error to sendmsg if call failed
eth: tg3: silence the GCC 12 array-bounds warning
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
IB/rdmavt: add missing locks in rvt_ruc_loopback
ARM: dts: ox820: align interrupt controller node name with dtschema
PM / devfreq: rk3399_dmc: Disable edev on remove()
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
powerpc/fadump: Fix fadump to work with a different endian capture kernel
fat: add ratelimit to fat*_ent_bread()
ARM: versatile: Add missing of_node_put in dcscb_init
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: hisi: Add missing of_node_put after of_find_compatible_node
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
powerpc/xics: fix refcount leak in icp_opal_init()
powerpc/powernv: fix missing of_node_put in uv_init()
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
RDMA/hfi1: Prevent panic when SDMA is disabled
drm: fix EDID struct for old ARM OABI format
ath9k: fix ar9003_get_eepmisc
drm/edid: fix invalid EDID extension block filtering
drm/bridge: adv7511: clean up CEC adapter when probe fails
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
x86/delay: Fix the wrong asm constraint in delay_loop()
drm/mediatek: Fix mtk_cec_mask()
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/vc4: txp: Force alpha to be 0xff if it's disabled
bpf: Fix excessive memory allocation in stack_map_alloc()
nl80211: show SSID for P2P_GO interfaces
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
drm: mali-dp: potential dereference of null pointer
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
NFC: NULL out the dev->rfkill to prevent UAF
efi: Add missing prototype for efi_capsule_setup_info
drbd: fix duplicate array initializer
HID: hid-led: fix maximum brightness for Dream Cheeky
HID: elan: Fix potential double free in elan_input_configured
drm/bridge: Fix error handling in analogix_dp_probe
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
spi: img-spfi: Fix pm_runtime_get_sync() error checking
cpufreq: Fix possible race in cpufreq online error path
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
inotify: show inotify mask flags in proc fdinfo
fsnotify: fix wrong lockdep annotations
of: overlay: do not break notify on NOTIFY_{OK|STOP}
scsi: ufs: core: Exclude UECxx from SFR dump list
x86/pm: Fix false positive kmemleak report in msr_build_context()
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
ASoC: rk3328: fix disabling mclk on pclk probe failure
perf tools: Add missing headers needed by util/data.h
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
virtio_blk: fix the discard_granularity and discard_alignment queue limits
x86: Fix return value of __setup handlers
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
media: uvcvideo: Fix missing check to determine if element is found in list
iomap: iomap_write_failed fix
Revert "cpufreq: Fix possible race in cpufreq online error path"
perf/amd/ibs: Use interrupt regs ip for stack unwinding
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
scripts/faddr2line: Fix overlapping text section failures
media: aspeed: Fix an error handling path in aspeed_video_probe()
media: st-delta: Fix PM disable depth imbalance in delta_probe
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: vsp1: Fix offset calculation for plane cropping
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
m68k: math-emu: Fix dependencies of math emulation support
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
media: ov7670: remove ov7670_power_off from ov7670_remove
ext4: reject the 'commit' option on ext2 filesystems
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
rxrpc: Fix listen() setting the bar too high for the prealloc rings
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix overlapping ACK accounting
rxrpc: Don't let ack.previousPacket regress
rxrpc: Fix decision on when to generate an IDLE ACK
net/smc: postpone sk_refcnt increment in connect()
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
ARM: dts: suniv: F1C100: fix watchdog compatible
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
PCI: cadence: Fix find_first_zero_bit() limit
PCI: rockchip: Fix find_first_zero_bit() limit
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
can: xilinx_can: mark bit timing constants as const
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
misc: ocxl: fix possible double free in ocxl_file_register_afu
crypto: marvell/cesa - ECB does not IV
arm: mediatek: select arch timer for mt7629
powerpc/fadump: fix PT_LOAD segment for boot memory area
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
nvdimm: Allow overwrite in the presence of disabled dimms
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
drivers/base/node.c: fix compaction sysfs file leak
dax: fix cache flush on PMD-mapped pages
powerpc/8xx: export 'cpm_setbrg' for modules
powerpc/idle: Fix return value of __setup() handler
powerpc/4xx/cpm: Fix return value of __setup() handler
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
PCI: imx6: Fix PERST# start-up sequence
tty: fix deadlock caused by calling printk() under tty_port->lock
crypto: cryptd - Protect per-CPU resource by disabling BH.
Input: sparcspkr - fix refcount leak in bbc_beep_probe
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
powerpc/perf: Fix the threshold compare group constraint for power9
macintosh: via-pmu and via-cuda need RTC_LIB
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
mailbox: forward the hrtimer if not queued and under a lock
RDMA/hfi1: Prevent use of lock before it is initialized
Input: stmfts - do not leave device disabled in stmfts_input_open
f2fs: fix dereference of stale list iterator after loop body
iommu/mediatek: Add list_del in mtk_iommu_remove
i2c: at91: use dma safe buffers
i2c: at91: Initialize dma_buf in at91_twi_xfer()
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
NFS: Do not report flush errors in nfs_write_end()
NFS: Don't report errors from nfs_pageio_complete() more than once
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
dmaengine: stm32-mdma: remove GISR1 register
iommu/amd: Increase timeout waiting for GA log enablement
perf c2c: Use stdio interface if slang is not supported
perf jevents: Fix event syntax error caused by ExtSel
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
f2fs: fix to clear dirty inode in f2fs_evict_inode()
f2fs: fix deadloop in foreground GC
f2fs: don't need inode lock for system hidden quota
f2fs: fix fallocate to use file_modified to update permissions consistently
wifi: mac80211: fix use-after-free in chanctx code
iwlwifi: mvm: fix assert 1F04 upon reconfig
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
bfq: Split shared queues on move between cgroups
bfq: Update cgroup information before merging bio
bfq: Track whether bfq_group is still online
netfilter: nf_tables: disallow non-stateful expression in sets earlier
ext4: fix use-after-free in ext4_rename_dir_prepare
ext4: fix warning in ext4_handle_inode_extension
ext4: fix bug_on in ext4_writepages
ext4: verify dir block before splitting it
ext4: avoid cycles in directory h-tree
ACPI: property: Release subnode properties with data nodes
tracing: Fix potential double free in create_var_ref()
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
PCI: qcom: Fix runtime PM imbalance on probe errors
PCI: qcom: Fix unbalanced PHY init on probe errors
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
dlm: fix plock invalid read
dlm: fix missing lkb refcount handling
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
scsi: dc395x: Fix a missing check on list iterator
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
md: fix an incorrect NULL check in does_sb_need_changing
md: fix an incorrect NULL check in md_reload_sb
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
media: coda: Fix reported H264 profile
media: coda: Add more H264 levels for CODA960
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
RDMA/hfi1: Fix potential integer multiplication overflow errors
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
irqchip: irq-xtensa-mx: fix initial IRQ affinity
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
um: chan_user: Fix winch_tramp() return value
um: Fix out-of-bounds read in LDT setup
iommu/msm: Fix an incorrect NULL check on list iterator
nodemask.h: fix compilation error with GCC12
hugetlb: fix huge_pmd_unshare address update
rtl818x: Prevent using not initialized queues
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
carl9170: tx: fix an incorrect use of list iterator
serial: pch: don't overwrite xmit->buf[0] by x_char
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
gma500: fix an incorrect NULL check on list iterator
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
phy: qcom-qmp: fix struct clk leak on probe errors
ARM: pxa: maybe fix gpio lookup tables
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
dt-bindings: gpio: altera: correct interrupt-cells
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
phy: qcom-qmp: fix reset-controller leak on probe errors
Kconfig: add config option for asm goto w/ outputs
RDMA/rxe: Generate a completion for unsupported/invalid opcode
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
bfq: Avoid merging queues with different parents
bfq: Drop pointless unlock-lock pair
bfq: Remove pointless bfq_init_rq() calls
bfq: Get rid of __bio_blkcg() usage
bfq: Make sure bfqg for which we are queueing requests is online
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
staging: greybus: codecs: fix type confusion of list iterator variable
iio: adc: ad7124: Remove shift from scan_type
tty: goldfish: Use tty_port_destroy() to destroy port
tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
usb: usbip: fix a refcount leak in stub_probe()
usb: usbip: add missing device lock on tweak configuration cmd
USB: storage: karma: fix rio_karma_init return
usb: musb: Fix missing of_node_put() in omap2430_probe
staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
pwm: lp3943: Fix duty calculation in case period was clamped
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
firmware: stratix10-svc: fix a missing check on list iterator
iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
iio: adc: sc27xx: fix read big scale voltage not right
iio: adc: sc27xx: Fine tune the scale calibration values
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
serial: sifive: Report actual baud base rather than fixed 115200
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
soc: rockchip: Fix refcount leak in rockchip_grf_init
clocksource/drivers/riscv: Events are stopped during CPU suspend
rtc: mt6397: check return value after calling platform_get_resource()
serial: meson: acquire port->lock in startup()
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
serial: digicolor-usart: Don't allow CS5-6
serial: rda-uart: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: sh-sci: Don't allow CS5-6
serial: sifive: Sanitize CSIZE and c_iflag
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: stm32-usart: Correct CSIZE, bits, and parity
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
bus: ti-sysc: Fix warnings for unbind for serial
driver: base: fix UAF when driver_attach failed
driver core: fix deadlock in __device_attach
watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
modpost: fix removing numeric suffixes
jffs2: fix memory leak in jffs2_do_fill_super
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
nfp: only report pause frame configuration for physical device
net/mlx5: Don't use already freed action pointer
net/mlx5e: Update netdev features after changing XDP state
net: sched: add barrier to fix packet stuck problem for lockless qdisc
tcp: tcp_rtx_synack() can be called from process context
afs: Fix infinite loop found by xfstest generic/676
tipc: check attribute length for bearer name
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
tracing: Fix sleeping function called from invalid context on RT kernel
tracing: Avoid adding tracer option before update_tracer_options
f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
i2c: cadence: Increase timeout per message if necessary
m68knommu: set ZERO_PAGE() to the allocated zeroed page
m68knommu: fix undefined reference to `_init_sp'
dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
NFSv4: Don't hold the layoutget locks across multiple RPC calls
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
xprtrdma: treat all calls not a bcall when bc_serv is NULL
netfilter: nat: really support inet nat without l3 address
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
netfilter: nf_tables: memleak flow rule from commit path
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
bpf, arm64: Clear prog->jited_len along prog->jited
net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net: mdio: unexport __init-annotated mdio_bus_init()
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net: ipv6: unexport __init-annotated seg6_hmac_init()
net/mlx5: Rearm the FW tracer after each tracer event
net/mlx5: fs, fail conflicting actions
ip_gre: test csum_start instead of transport header
net: altera: Fix refcount leak in altera_tse_mdio_create
drm: imx: fix compiler warning with gcc-12
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
iio: st_sensors: Add a local lock for protecting odr
lkdtm/usercopy: Expand size of "out of frame" object
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
tty: Fix a possible resource leak in icom_probe
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
USB: hcd-pci: Fully suspend across freeze/thaw cycle
usb: dwc2: gadget: don't reset gadget's driver->bus
misc: rtsx: set NULL intfdata when probe fails
extcon: Modify extcon device to be created after driver data is set
clocksource/drivers/sp804: Avoid error on multiple instances
staging: rtl8712: fix uninit-value in usb_read8() and friends
staging: rtl8712: fix uninit-value in r871xu_drv_init()
serial: msm_serial: disable interrupts in __msm_console_write()
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
watchdog: wdat_wdt: Stop watchdog when rebooting the system
md: protect md_unregister_thread from reentrancy
scsi: myrb: Fix up null pointer access on myrb_cleanup()
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
ceph: allow ceph.dir.rctime xattr to be updatable
drm/radeon: fix a possible null pointer dereference
modpost: fix undefined behavior of is_arm_mapping_symbol()
x86/cpu: Elide KCSAN for cpu_has() and friends
nbd: call genl_unregister_family() first in nbd_cleanup()
nbd: fix race between nbd_alloc_config() and module removal
nbd: fix io hung while disconnecting device
s390/gmap: voluntarily schedule during key setting
cifs: version operations for smb20 unneeded when legacy support disabled
nodemask: Fix return values to be unsigned
vringh: Fix loop descriptors check in the indirect cases
scripts/gdb: change kernel config dumping method
ALSA: hda/conexant - Fix loopback issue with CX20632
cifs: return errors during session setup during reconnects
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
mmc: block: Fix CQE recovery reset success
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
ixgbe: fix bcast packets Rx on VF after promisc removal
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
md/raid0: Ignore RAID0 layout if the second zone has only one device
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
Linux 5.4.198
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I05615e33dbd0029f93c9724c9abc9cb9035122d2
|
||
|
David Howells
|
c2eba68d18 |
afs: Fix infinite loop found by xfstest generic/676
[ Upstream commit 17eabd42560f4636648ad65ba5b20228071e2363 ]
In AFS, a directory is handled as a file that the client downloads and
parses locally for the purposes of performing lookup and getdents
operations. The in-kernel afs filesystem has a number of functions that
do this.
A directory file is arranged as a series of 2K blocks divided into
32-byte slots, where a directory entry occupies one or more slots, plus
each block starts with one or more metadata blocks.
When parsing a block, if the last slots are occupied by a dirent that
occupies more than a single slot and the file position points at a slot
that's not the initial one, the logic in afs_dir_iterate_block() that
skips over it won't advance the file pointer to the end of it. This
will cause an infinite loop in getdents() as it will keep retrying that
block and failing to advance beyond the final entry.
Fix this by advancing the file pointer if the next entry will be beyond
it when we skip a block.
This was found by the generic/676 xfstest but can also be triggered with
something like:
~/xfstests-dev/src/t_readdir_3 /xfstest.test/z 4000 1
Fixes:
|
||
|
Greg Kroah-Hartman
|
0cf7a2be06 |
This is the 5.4.196 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKN12MACgkQONu9yGCS
aT4Uvg/8DPgL4dM+jKZ4R16cbJU1rpvY0pJEcYsepqLFXdHDSLBA04eakCXO8k+x
Ksy0kXvZuVGRRl25OuTGoTPvsmdx/D0R+XNSEvh9KPWVHdcB5FoDM4TskBz8vENR
NDfNyWImmnE2xRCxi7GjTXI7RAyaiEDGbHtpoO+E7EN3EWv1JyhkhBhL0mBpQLGk
gfzjdn7W2s5RbvH4XQFxdF5AgvnQZdMp5L92DC14/77Uo7fZXcU1VUGvASacpYu8
A2z3jZBRI+YDMeLSGXdha5LDT2KoAUu5WE9Ms3OjEOn4jfoOmPDxEwsbpupFlk/i
PRclY1oitWkOgLTTg+ZO/h72tj+kPaczVryVcdM4NKvC+10xyXHk2snW0JUxO1cI
Kls9d3f0ADBeb5bUrHc6zBk0sj4Bx8sGWigZCUEU1QCirTj/83F3g+RwM0dSuS6g
HFw5DTZ8WvPfn9SH2RQi6D4lOZydifxOOcD72iZiyt4rOpsNkO1BY74L8oNHPcuv
ukYQinLttpCiuHJFU4SYjsqH5FRkpqaun0ovD9SF8icEIJM0igI0ZJ+AMZf9ZnQJ
Ws7aijqwzoFw1GcKxNYFwDxRa5Q85pVwXkl6YS46lZGP70hqrVBgxBG/pBDBY+M7
lPtszi1Pp/9LpUIZdJLjEDIULWM3qVPLEY6EEtC70syue+XKevU=
=ZjkQ
-----END PGP SIGNATURE-----
Merge 5.4.196 into android11-5.4-lts
Changes in 5.4.196
floppy: use a statically allocated error counter
x86/xen: Make the boot CPU idle task reliable
x86/xen: Make the secondary CPU idle tasks reliable
rtc: fix use-after-free on device removal
um: Cleanup syscall_handler_t definition/cast, fix warning
Input: add bounds checking to input_set_capability()
Input: stmfts - fix reference leak in stmfts_input_open
crypto: stm32 - fix reference leak in stm32_crc_remove
crypto: x86/chacha20 - Avoid spurious jumps to other functions
ALSA: hda/realtek: Enable headset mic on Lenovo P360
nvme-multipath: fix hang when disk goes live over reconnect
rtc: mc146818-lib: Fix the AltCentury for AMD platforms
MIPS: lantiq: check the return value of kzalloc()
drbd: remove usage of list iterator variable after loop
platform/chrome: cros_ec_debugfs: detach log reader wq from devm
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
nilfs2: fix lockdep warnings in page operations for btree nodes
nilfs2: fix lockdep warnings during disk space reclamation
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
SUNRPC: Clean up scheduling of autoclose
SUNRPC: Prevent immediate close+reconnect
SUNRPC: Don't call connect() more than once on a TCP socket
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
ALSA: wavefront: Proper check of get_user() error
perf: Fix sys_perf_event_open() race against self
Fix double fget() in vhost_net_set_backend()
PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
KVM: x86/mmu: Update number of zapped pages even if page list is stable
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
net: macb: Increment rx bd head after allocating skb and buffer
net/sched: act_pedit: sanitize shift argument before usage
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
ice: fix possible under reporting of ethtool Tx and Rx statistics
clk: at91: generated: consider range when calculating best rate
net/qla3xxx: Fix a test in ql_reset_work()
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/mlx5e: Properly block LRO when XDP is enabled
net: af_key: add check for pfkey_broadcast in function pfkey_process
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
igb: skip phy status check where unavailable
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
gpio: gpio-vf610: do not touch other bits when set the target bit
gpio: mvebu/pwm: Refuse requests with inverted polarity
perf bench numa: Address compiler error on s390
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
mac80211: fix rx reordering with non explicit / psmp ack policy
selftests: add ping test with ping_group_range tuned
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
net: atlantic: verify hw_head_ lies within TX buffer ring
Input: ili210x - fix reset timing
block: return ELEVATOR_DISCARD_MERGE if possible
net: stmmac: disable Split Header (SPH) for Intel platforms
firmware_loader: use kernel credentials when reading firmware
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
x86/xen: fix booting 32-bit pv guest
x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
afs: Fix afs_getattr() to refetch file status if callback break occurred
Linux 5.4.196
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8464b114a6d5d655386f3c794bbb8bbc3a94e0ec
|
||
|
David Howells
|
dba1941f5b |
afs: Fix afs_getattr() to refetch file status if callback break occurred
[ Upstream commit 2aeb8c86d49967552394d5e723f87454cb53f501 ]
If a callback break occurs (change notification), afs_getattr() needs to
issue an FS.FetchStatus RPC operation to update the status of the file
being examined by the stat-family of system calls.
Fix afs_getattr() to do this if AFS_VNODE_CB_PROMISED has been cleared
on a vnode by a callback break. Skip this if AT_STATX_DONT_SYNC is set.
This can be tested by appending to a file on one AFS client and then
using "stat -L" to examine its length on a machine running kafs. This
can also be watched through tracing on the kafs machine. The callback
break is seen:
kworker/1:1-46 [001] ..... 978.910812: afs_cb_call: c=0000005f YFSCB.CallBack
kworker/1:1-46 [001] ...1. 978.910829: afs_cb_break: 100058:23b4c:242d2c2 b=2 s=1 break-cb
kworker/1:1-46 [001] ..... 978.911062: afs_call_done: c=0000005f ret=0 ab=0 [0000000082994ead]
And then the stat command generated no traffic if unpatched, but with
this change a call to fetch the status can be observed:
stat-4471 [000] ..... 986.744122: afs_make_fs_call: c=000000ab 100058:023b4c:242d2c2 YFS.FetchStatus
stat-4471 [000] ..... 986.745578: afs_call_done: c=000000ab ret=0 ab=0 [0000000087fc8c84]
Fixes:
|
||
|
Greg Kroah-Hartman
|
ec298edf02 |
This is the 5.4.150 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFVcNQACgkQONu9yGCS aT538BAAx7oC+ow1nwmCSj3J9B9B+3IykXJs22VqZOSWZcI9+OaUzqa+67vn136w c2MGkMIkmQEhgsnLCWgOlfV2PFNIX/yVPXGT2Df2Io4fTpfkXXKZTA+PWCi8F7FI AiVT6A2QqiZsuQnoe1Rgyx1UHqDhZ4ptwK+uNMpccvtiSp6yhb9coOvfdDsWPdjE 9YUPN2rLpBfq9UGxii66NBxQAJpYAPRSgbQXmTj3UNF7KNOmLZbGWbJC5DybZiQB VK4Bgz5OcIfH6gnTy+bIYn3sIrb4I2WML51gtLZcT6QoiCGYFNML6LChpk9oJ7sl iXXYGRheek0hnsKaObPyIulqBcZXjsKmYeuohlHnFB0p7j3NAJ4LTg2lCAEeQjDR 6JgMOhuTEfyes+ciK75m0GWzPUs+/FnGP+CGXVCeEwT7bW8rNPZSIfsb6GTgJDXn OE3N/FsaL9qa7XbFEIprPmVa5A2SOIUc4PCnuhckLIIhZrTASktCt1vt1Rl8D50F dGXZQ0Vor279NeqnkMySycSaTV6HPD7n+dOMXRXpdWmTYN/7kAxSLD4thFZcyG7s Ms2dzTt7C/gHcdpfE2qHVBCBYMowOuisuZwWrb451Y2ks1shk88zRHMt8ydNrWvq GNGOpSFlcS+7umPzQ9CfA5k+3NFTYMVkVv2Vp/9J1nQYsi3OByc= =r8NE -----END PGP SIGNATURE----- Merge 5.4.150 into android11-5.4-lts Changes in 5.4.150 ocfs2: drop acl cache for directories too usb: gadget: r8a66597: fix a loop in set_feature() usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() cifs: fix incorrect check for null pointer in header_assemble xen/x86: fix PV trap handling on secondary processors usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter USB: cdc-acm: fix minor-number release binder: make sure fd closes complete staging: greybus: uart: fix tty use after free Re-enable UAS for LaCie Rugged USB3-FW with fk quirk usb: core: hcd: Add support for deferring roothub registration USB: serial: mos7840: remove duplicated 0xac24 device ID USB: serial: option: add Telit LN920 compositions USB: serial: option: remove duplicate USB device ID USB: serial: option: add device id for Foxconn T99W265 mcb: fix error handling in mcb_alloc_bus() erofs: fix up erofs_lookup tracepoint btrfs: prevent __btrfs_dump_space_info() to underflow its free space xhci: Set HCD flag to defer primary roothub registration serial: mvebu-uart: fix driver's tx_empty callback net: hso: fix muxed tty registration afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR() enetc: Fix illegal access when reading affinity_hint bnxt_en: Fix TX timeout when TX ring size is set to the smallest net/smc: add missing error check in smc_clc_prfx_set() gpio: uniphier: Fix void functions to remove return value qed: rdma - don't wait for resources under hw error recovery flow net/mlx4_en: Don't allow aRFS for encapsulated packets scsi: iscsi: Adjust iface sysfs attr detection tty: synclink_gt, drop unneeded forward declarations tty: synclink_gt: rename a conflicting function name fpga: machxo2-spi: Return an error on failure fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() thermal/core: Potential buffer overflow in thermal_build_list_of_policies() cifs: fix a sign extension bug scsi: qla2xxx: Restore initiator in dual mode scsi: lpfc: Use correct scnprintf() limit irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build irqchip/gic-v3-its: Fix potential VPE leak on error md: fix a lock order reversal in md_alloc blktrace: Fix uaf in blk_trace access after removing by sysfs net: macb: fix use after free on rmmod net: stmmac: allow CSR clock of 300MHz m68k: Double cast io functions to unsigned long ipv6: delay fib6_sernum increase in fib6_add bpf: Add oversize check before call kvcalloc() xen/balloon: use a kernel thread instead a workqueue nvme-multipath: fix ANA state updates when a namespace is not present sparc32: page align size in arch_dma_alloc blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd compiler.h: Introduce absolute_pointer macro net: i825xx: Use absolute_pointer for memcpy from fixed memory location sparc: avoid stringop-overread errors qnx4: avoid stringop-overread errors parisc: Use absolute_pointer() to define PAGE0 arm64: Mark __stack_chk_guard as __ro_after_init alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile net: 6pack: Fix tx timeout and slot time spi: Fix tegra20 build with CONFIG_PM=n EDAC/synopsys: Fix wrong value type assignment for edac_mode thermal/drivers/int340x: Do not set a wrong tcc offset on resume arm64: dts: marvell: armada-37xx: Extend PCIe MEM space xen/balloon: fix balloon kthread freezing qnx4: work around gcc false positive warning bug Linux 5.4.150 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I779eab319e88381a228b9956ce1d2d45d76f2d2c |
||
|
David Howells
|
a8e8b14819 |
afs: Fix incorrect triggering of sillyrename on 3rd-party invalidation
[ Upstream commit 63d49d843ef5fffeea069e0ffdfbd2bf40ba01c6 ]
The AFS filesystem is currently triggering the silly-rename cleanup from
afs_d_revalidate() when it sees that a dentry has been changed by a third
party[1]. It should not be doing this as the cleanup includes deleting the
silly-rename target file on iput.
Fix this by removing the places in the d_revalidate handling that validate
anything other than the directory and the dirent. It probably should not
be looking to validate the target inode of the dentry also.
This includes removing the point in afs_d_revalidate() where the inode that
a dentry used to point to was marked as being deleted (AFS_VNODE_DELETED).
We don't know it got deleted. It could have been renamed or it could have
hard links remaining.
This was reproduced by cloning a git repo onto an afs volume on one
machine, switching to another machine and doing "git status", then
switching back to the first and doing "git status". The second status
would show weird output due to ".git/index" getting deleted by the above
mentioned mechanism.
A simpler way to do it is to do:
machine 1: touch a
machine 2: touch b; mv -f b a
machine 1: stat a
on an afs volume. The bug shows up as the stat failing with ENOENT and the
file server log showing that machine 1 deleted "a".
Fixes:
|
||
|
Greg Kroah-Hartman
|
ccc19b14a1 |
This is the 5.4.136 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEBQAcACgkQONu9yGCS aT4FRBAAgFrHSPHhtwcZ2uqAehzajAp7AbKxf1WejxPg/0YH2bE6nbhuLyDWqH5F mhyDpXVltW7xaFYZAEg9CPr6czwHAul4Bql4DH57KbO+/Q5BrS0VguepP0TPcVI5 H8KztBrJCL5TsrOsvB+EXHtqDkEuhX957Qwa6PkBJs12x2Vq3EmazGGKSZSCGKuy v5gM8wztC3NzzOhVDZ2MPbh8RTrbGUEaRFi6B/XNlcEWMAxyqDJlJInbzimIFL6T eOYZ7z+IdrV0I0Eq0tqUmnhONQZxscs/hX1yv7evZtfG7LbT3v4nJu7c6O4FnLwV 61B5aK4aytX7rTLVU+FRxP7MTmvNit71AY8SMSOx+bNLGBtrFstMv+f950j8npq1 683wCAlDD2hw3zOc6rzbXhdowKtIaFirqDEDiYOy/K5r0liaEtQboOmlBO2WDFYy q5HsoCIpNWH2Os4LlA3PYVChEzO5yQJksUgRgUhcNMA0y+8hE1/C91HxNy8HPyHf tIeRHIpdvHETzSbNIYe9b9iQK0f3S2YLI+sdMtrlEXYFpvlD/w2DsVlzr/IRKP1x N1LVskeB7PVzJEImZPTGVrbPu/a/FHtFpx3dgiST72t18rHgCFdxW7pCI05jegLr C72SSES2v3QIIRoPAO6NF/E8ltmT6lnor1AcNeGz5I4rvPB01u8= =pPb8 -----END PGP SIGNATURE----- Merge 5.4.136 into android11-5.4-lts Changes in 5.4.136 igc: Fix use-after-free error during reset igb: Fix use-after-free error during reset igc: change default return of igc_read_phy_reg() ixgbe: Fix an error handling path in 'ixgbe_probe()' igc: Prefer to use the pci_release_mem_regions method igc: Fix an error handling path in 'igc_probe()' igb: Fix an error handling path in 'igb_probe()' fm10k: Fix an error handling path in 'fm10k_probe()' e1000e: Fix an error handling path in 'e1000_probe()' iavf: Fix an error handling path in 'iavf_probe()' igb: Check if num of q_vectors is smaller than max before array access igb: Fix position of assignment to *ring gve: Fix an error handling path in 'gve_probe()' ipv6: fix 'disable_policy' for fwd packets selftests: icmp_redirect: remove from checking for IPv6 route get selftests: icmp_redirect: IPv6 PMTU info should be cleared after redirect pwm: sprd: Ensure configuring period and duty_cycle isn't wrongly skipped cxgb4: fix IRQ free race during driver unload nvme-pci: do not call nvme_dev_remove_admin from nvme_remove perf map: Fix dso->nsinfo refcounting perf probe: Fix dso->nsinfo refcounting perf env: Fix sibling_dies memory leak perf test session_topology: Delete session->evlist perf test event_update: Fix memory leak of evlist perf dso: Fix memory leak in dso__new_map() perf script: Fix memory 'threads' and 'cpus' leaks on exit perf lzma: Close lzma stream on exit perf probe-file: Delete namelist in del_events() on the error path perf data: Close all files in close_dir() spi: imx: add a check for speed_hz before calculating the clock spi: stm32: Use dma_request_chan() instead dma_request_slave_channel() spi: stm32: fixes pm_runtime calls in probe/remove regulator: hi6421: Use correct variable type for regmap api val argument regulator: hi6421: Fix getting wrong drvdata spi: mediatek: fix fifo rx mode ASoC: rt5631: Fix regcache sync errors on resume liquidio: Fix unintentional sign extension issue on left shift of u16 s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats bpftool: Check malloc return value in mount_bpffs_for_pin net: fix uninit-value in caif_seqpkt_sendmsg efi/tpm: Differentiate missing and invalid final event log table. net: decnet: Fix sleeping inside in af_decnet KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak net: sched: fix memory leak in tcindex_partial_destroy_work netrom: Decrease sock refcount when sock timers expire scsi: iscsi: Fix iface sysfs attr detection scsi: target: Fix protect handling in WRITE SAME(32) spi: cadence: Correct initialisation of runtime PM again bnxt_en: Improve bnxt_ulp_stop()/bnxt_ulp_start() call sequence. bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() bnxt_en: Check abort error state in bnxt_half_open_nic() net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition net/tcp_fastopen: fix data races around tfo_active_disable_stamp net: hns3: fix rx VLAN offload state inconsistent issue net/sched: act_skbmod: Skip non-Ethernet packets ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" afs: Fix tracepoint string placement with built-in AFS r8169: Avoid duplicate sysfs entry creation error nvme: set the PRACT bit when using Write Zeroes with T10 PI sctp: update active_key for asoc when old key is being replaced net: sched: cls_api: Fix the the wrong parameter drm/panel: raspberrypi-touchscreen: Prevent double-free proc: Avoid mixing integer types in mem_rw() Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one" s390/ftrace: fix ftrace_update_ftrace_func implementation s390/boot: fix use of expolines in the DMA code ALSA: usb-audio: Add missing proc text entry for BESPOKEN type ALSA: usb-audio: Add registration quirk for JBL Quantum headsets ALSA: sb: Fix potential ABBA deadlock in CSP driver ALSA: hdmi: Expose all pins on MSI MS-7C94 board xhci: Fix lost USB 2 remote wake KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state usb: hub: Disable USB 3 device initiated lpm if exit latency is too high usb: hub: Fix link power management max exit latency (MEL) calculations USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS usb: max-3421: Prevent corruption of freed memory usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() USB: serial: option: add support for u-blox LARA-R6 family USB: serial: cp210x: fix comments for GE CS1000 USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. firmware/efi: Tell memblock about EFI iomem reservations tracing/histogram: Rename "cpu" to "common_cpu" tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. btrfs: check for missing device in btrfs_trim_fs media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() ixgbe: Fix packet corruption due to missing DMA sync selftest: use mmap instead of posix_memalign to allocate memory userfaultfd: do not untag user pointers hugetlbfs: fix mount mode command line processing rbd: don't hold lock_rwsem while running_list is being drained rbd: always kick acquire on "acquired" and "released" notifications nds32: fix up stack guard gap drm: Return -ENOTTY for non-drm ioctls net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear iio: accel: bma180: Use explicit member assignment iio: accel: bma180: Fix BMA25x bandwidth register values btrfs: compression: don't try to compress if we don't have enough pages PCI: Mark AMD Navi14 GPU ATS as broken perf inject: Close inject.output on exit xhci: add xhci_get_virt_ep() helper Linux 5.4.136 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8b7e344b3dd2ee557364f9be285ed9925038a497 |
||
|
David Howells
|
f726817d6b |
afs: Fix tracepoint string placement with built-in AFS
[ Upstream commit 6c881ca0b3040f3e724eae513117ba4ddef86057 ]
To quote Alexey[1]:
I was adding custom tracepoint to the kernel, grabbed full F34 kernel
.config, disabled modules and booted whole shebang as VM kernel.
Then did
perf record -a -e ...
It crashed:
general protection fault, probably for non-canonical address 0x435f5346592e4243: 0000 [#1] SMP PTI
CPU: 1 PID: 842 Comm: cat Not tainted 5.12.6+ #26
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014
RIP: 0010:t_show+0x22/0xd0
Then reproducer was narrowed to
# cat /sys/kernel/tracing/printk_formats
Original F34 kernel with modules didn't crash.
So I started to disable options and after disabling AFS everything
started working again.
The root cause is that AFS was placing char arrays content into a
section full of _pointers_ to strings with predictable consequences.
Non canonical address 435f5346592e4243 is "CB.YFS_" which came from
CM_NAME macro.
Steps to reproduce:
CONFIG_AFS=y
CONFIG_TRACING=y
# cat /sys/kernel/tracing/printk_formats
Fix this by the following means:
(1) Add enum->string translation tables in the event header with the AFS
and YFS cache/callback manager operations listed by RPC operation ID.
(2) Modify the afs_cb_call tracepoint to print the string from the
translation table rather than using the string at the afs_call name
pointer.
(3) Switch translation table depending on the service we're being accessed
as (AFS or YFS) in the tracepoint print clause. Will this cause
problems to userspace utilities?
Note that the symbolic representation of the YFS service ID isn't
available to this header, so I've put it in as a number. I'm not sure
if this is the best way to do this.
(4) Remove the name wrangling (CM_NAME) macro and put the names directly
into the afs_call_type structs in cmservice.c.
Fixes:
|
||
|
Greg Kroah-Hartman
|
8a4c1c0b49 |
This is the 5.4.128 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmDTLA4ACgkQONu9yGCS aT45xg/+IvxFaIOtutEBkFCJvEurRWSozjBKAfX9xtJQGSSKVyDvh7GZWfEXMxZc oNf8DWQKvaiZj2mRdgYp6Ilo27Ps6aN3vCo09z+U3mfGQLMbNpPYEvSq6Twl26NB 8lL8b++0Jo7P+eOALHohBS125/E0etqhoc2HXDFp6pfksj6J7klxlyQ2NX9Ih8xm l7Cto5flCHM9g20/CNsqxXPWiuBKnzSvp9YH9HMDgjOV6YSktLGTHAJ8omjPm0V/ pQVFOo4Kyx34exdA/IzrM/yV4iDThVtwL6+bNErWtl6LwiIcNK3esARYTNjbBBhK W156adxp6kl6LqMADr/y77WqvcH6H2PhpRnMj+6t21FpK7cTbXfqvxBfpOvE1Buh in95LJN1Iins1PTozBVHcUIpdESO5AN8/2aHq0LRLmVbaLlo6aj+sjdHNPvf7HwW 8LDHtpGNao/spMuZmvvH+6i3iwuciINCRY9TVBDgkT5LhWhRHBl6+uSLEX/d+s3Z 663Q6HPu+cfubR7UC8+QsMMtf7KD2yvQuadAz6n/Z41vvSYIUHPGsYtZUmsef3jP n4CTAmGavtyR5jaQNkuw8nnIn7cthONw94foFheBH0doxmkXPKcwqmWO9DH77n58 unMT31ArVg9ObrO/YmLjEaV9X7VlfRf6yw7tey1RJXgrSD3nwgk= =9+GF -----END PGP SIGNATURE----- Merge 5.4.128 into android11-5.4-lts Changes in 5.4.128 dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM dmaengine: stedma40: add missing iounmap() on error in d40_probe() afs: Fix an IS_ERR() vs NULL check mm/memory-failure: make sure wait for page writeback in memory_failure kvm: LAPIC: Restore guard to prevent illegal APIC register access batman-adv: Avoid WARN_ON timing related checks net: ipv4: fix memory leak in netlbl_cipsov4_add_std vrf: fix maximum MTU net: rds: fix memory leak in rds_recvmsg net: lantiq: disable interrupt before sheduling NAPI udp: fix race between close() and udp_abort() rtnetlink: Fix regression in bridge VLAN configuration net/sched: act_ct: handle DNAT tuple collision net/mlx5e: Remove dependency in IPsec initialization flows net/mlx5e: Fix page reclaim for dead peer hairpin net/mlx5: Consider RoCE cap before init RDMA resources net/mlx5e: allow TSO on VXLAN over VLAN topologies net/mlx5e: Block offload of outer header csum for UDP tunnels netfilter: synproxy: Fix out of bounds when parsing TCP options sch_cake: Fix out of bounds when parsing TCP options and header alx: Fix an error handling path in 'alx_probe()' net: stmmac: dwmac1000: Fix extended MAC address registers definition net: make get_net_ns return error if NET_NS is disabled qlcnic: Fix an error handling path in 'qlcnic_probe()' netxen_nic: Fix an error handling path in 'netxen_nic_probe()' net: qrtr: fix OOB Read in qrtr_endpoint_post ptp: improve max_adj check against unreasonable values net: cdc_ncm: switch to eth%d interface naming lantiq: net: fix duplicated skb in rx descriptor ring net: usb: fix possible use-after-free in smsc75xx_bind net: fec_ptp: fix issue caused by refactor the fec_devtype net: ipv4: fix memory leak in ip_mc_add1_src net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock be2net: Fix an error handling path in 'be_probe()' net: hamradio: fix memory leak in mkiss_close net: cdc_eem: fix tx fixup skb leak cxgb4: fix wrong shift. bnxt_en: Rediscover PHY capabilities after firmware reset bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path icmp: don't send out ICMP messages with a source address of 0.0.0.0 net: ethernet: fix potential use-after-free in ec_bhf_remove regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting ASoC: rt5659: Fix the lost powers for the HDA header spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled radeon: use memcpy_to/fromio for UVD fw upload hwmon: (scpi-hwmon) shows the negative temperature properly can: bcm: fix infoleak in struct bcm_msg_head can: bcm/raw/isotp: use per module netdevice notifier can: j1939: fix Use-after-Free, hold skb ref while in use can: mcba_usb: fix memory leak in mcba_usb usb: core: hub: Disable autosuspend for Cypress CY7C65632 tracing: Do not stop recording cmdlines when tracing is off tracing: Do not stop recording comms if the trace file is being read tracing: Do no increment trace_clock_global() by one PCI: Mark TI C667X to avoid bus reset PCI: Mark some NVIDIA GPUs to avoid bus reset PCI: aardvark: Don't rely on jiffies while holding spinlock PCI: aardvark: Fix kernel panic during PIO transfer PCI: Add ACS quirk for Broadcom BCM57414 NIC PCI: Work around Huawei Intelligent NIC VF FLR erratum KVM: x86: Immediately reset the MMU context when the SMM flag is cleared ARCv2: save ABI registers across signal handling x86/process: Check PF_KTHREAD and not current->mm for kernel threads x86/pkru: Write hardware init value to PKRU when xstate is init x86/fpu: Reset state for all signal restore failures dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc cfg80211: make certificate generation more robust cfg80211: avoid double free of PMSR request drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell. drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue. net: ll_temac: Make sure to free skb when it is completely used net: ll_temac: Fix TX BD buffer overwrite net: bridge: fix vlan tunnel dst null pointer dereference net: bridge: fix vlan tunnel dst refcnt when egressing mm/slub: clarify verification reporting mm/slub: fix redzoning for small allocations mm/slub.c: include swab.h net: stmmac: disable clocks in stmmac_remove_config_dt() net: fec_ptp: add clock rate zero check tools headers UAPI: Sync linux/in.h copy with the kernel sources KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read ARM: OMAP: replace setup_irq() by request_irq() clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 usb: dwc3: debugfs: Add and remove endpoint dirs dynamically usb: dwc3: core: fix kernel panic when do reboot Linux 5.4.128 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I52eaf045956776a2779e2969908233674314e00d |
||
Dan Carpenter
|
0498165c6f |
afs: Fix an IS_ERR() vs NULL check
[ Upstream commit a33d62662d275cee22888fa7760fe09d5b9cd1f9 ]
The proc_symlink() function returns NULL on error, it doesn't return
error pointers.
Fixes:
|
||
|
Greg Kroah-Hartman
|
4ed2c4aeee |
This is the 5.4.108 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBbFBwACgkQONu9yGCS aT7OPRAAjM8308gp5zU5h7gV20AlMLEfav5BhSJB1NGac8RKJT/kr7CoYt2JWZgO jW4f1uxcjVJypuijkvMPu6+fdDDCen91691F9YqA5B+BdxSC+Vc4MCdhRKWffTtU /vJPrspOWMW7sXGTIXuUyD7zXoUECdmRFb0N62ZOgCiv99aEhxAUsHWF1RIiWfhM p06/WnEkgSpo2hmE369QAnsp8qox6NeTci/7tHbW5/JmjLGCVUf99l2UC7mLZU5a sRQ9Mpb7v78umqmqDct75pKnl3nOfmejIvvPdsQFvs+mgNfPElG/C8WW7JhquA2+ mpnZeVeHyI3MM5/wCSARsYu5m8KnbzOoZ/Ku8B+cblEekZ/yaJx5cSCEMTGi5Ekh noK1IRO0R7UqnV4I36eOY5YNWu6kgHm4/7Zj0Ous5sC6RDjbgNpTgFONvxPzDoo2 5OAX5hf604XXS5dhpQR5RYiU/KH7Ms+nWYViKRCeIuQp8qvyq1pb5X+tPXisetQC 1mylvqiDqeUqdgdwtx8ShN8PH2uyu+dVzWgD+b/DVHM+Rmll+en0LvckmEagH5SV mpBW8j5yPJmdFeIufkibxx6Sr9mT/kbH8QQa/W1ojkya/+Ky1wbCdqVR+BFh/sc0 60Zyoyns3r5o3IM7UrQ9Glb1aYZYJtx/3W2tPKtaczSzj4beVGw= =OoCo -----END PGP SIGNATURE----- Merge 5.4.108 into android11-5.4-lts Changes in 5.4.108 ASoC: ak4458: Add MODULE_DEVICE_TABLE ASoC: ak5558: Add MODULE_DEVICE_TABLE ALSA: dice: fix null pointer dereference when node is disconnected ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro ALSA: hda: generic: Fix the micmute led init state ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air Revert "PM: runtime: Update device status before letting suppliers suspend" s390/vtime: fix increased steal time accounting ARM: 9030/1: entry: omit FP emulation for UND exceptions taken in kernel mode ARM: 9044/1: vfp: use undef hook for VFP support detection btrfs: fix race when cloning extent buffer during rewind of an old root btrfs: fix slab cache flags for free space tree bitmap ASoC: fsl_ssi: Fix TDM slot setup for I2S mode ASoC: SOF: Intel: unregister DMIC device on probe error ASoC: SOF: intel: fix wrong poll bits in dsp power down ASoC: simple-card-utils: Do not handle device clock afs: Stop listxattr() from listing "afs.*" attributes nvme: fix Write Zeroes limitations nvme-tcp: fix possible hang when failing to set io queues nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU nvmet: don't check iosqes,iocqes for discovery controllers nfsd: Don't keep looking up unhashed files in the nfsd file cache NFSD: Repair misuse of sv_lock in 5.10.16-rt30. svcrdma: disable timeouts on rdma backchannel vfio: IOMMU_API should be selected sunrpc: fix refcount leak for rpc auth modules net/qrtr: fix __netdev_alloc_skb call kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL again riscv: Correct SPARSEMEM configuration scsi: lpfc: Fix some error codes in debugfs scsi: myrs: Fix a double free in myrs_cleanup() counter: stm32-timer-cnt: Report count function when SLAVE_MODE_DISABLED nvme-rdma: fix possible hang when failing to set io queues usb-storage: Add quirk to defeat Kindle's automatic unload usbip: Fix incorrect double assignment to udc->ud.tcp_rx USB: replace hardcode maximum usb string length by definition usb: gadget: configfs: Fix KASAN use-after-free usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- iio:adc:stm32-adc: Add HAS_IOMEM dependency iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel iio: adis16400: Fix an error code in adis16400_initial_setup() iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask iio: hid-sensor-humidity: Fix alignment issue of timestamp channel iio: hid-sensor-prox: Fix scale not correct issue iio: hid-sensor-temperature: Fix issues of timestamp channel counter: stm32-timer-cnt: fix ceiling write max value PCI: rpadlpar: Fix potential drc_name corruption in store functions perf/x86/intel: Fix a crash caused by zero PEBS status x86/ioapic: Ignore IRQ2 again kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() x86: Move TS_COMPAT back to asm/thread_info.h x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() ext4: find old entry again if failed to rename whiteout ext4: do not try to set xattr into ea_inode if value is empty ext4: fix potential error in ext4_do_update_inode efi: use 32-bit alignment for efi_guid_t literals firmware/efi: Fix a use after bug in efi_mem_reserve_persistent genirq: Disable interrupts for force threaded handlers x86/apic/of: Fix CPU devicetree-node lookups cifs: Fix preauth hash corruption Linux 5.4.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9208519e886cf620d37826a0c4b6f88fcd4a090b |
||
|
David Howells
|
6712b7fcef |
afs: Stop listxattr() from listing "afs.*" attributes
commit a7889c6320b9200e3fe415238f546db677310fa9 upstream.
afs_listxattr() lists all the available special afs xattrs (i.e. those in
the "afs.*" space), no matter what type of server we're dealing with. But
OpenAFS servers, for example, cannot deal with some of the extra-capable
attributes that AuriStor (YFS) servers provide. Unfortunately, the
presence of the afs.yfs.* attributes causes errors[1] for anything that
tries to read them if the server is of the wrong type.
Fix the problem by removing afs_listxattr() so that none of the special
xattrs are listed (AFS doesn't support xattrs). It does mean, however,
that getfattr won't list them, though they can still be accessed with
getxattr() and setxattr().
This can be tested with something like:
getfattr -d -m ".*" /afs/example.com/path/to/file
With this change, none of the afs.* attributes should be visible.
Changes:
ver #2:
- Hide all of the afs.* xattrs, not just the ACL ones.
Fixes:
|
||
|
Greg Kroah-Hartman
|
1187a992b3 |
This is the 5.4.97 stable release
-----BEGIN PGP SIGNATURE----- iQIyBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmAjmR0ACgkQONu9yGCS aT6y/A/3f4yvZr4VWRdsX9eWC5snc9jx+QSd/t+LzdRTJa8gCHQcEp9TTGiZHr7/ DSM5c32BXesBDs2Ctb5jUYRfp1SgPH5pen7/HUREG0qCG+u2lY6I3/Nc0thCQNcH xCOHlBMx1bJ9Dy4Z39YpwqGbGRldFM+/UoAke1/mGvqxVBeQyx4bwKg94qdKRugb XRwKRcihNgL2NfWdGQ+yy+G4msjrUoswdpns5CWOjWXxkObfeg3clnQipw6mSloR q+NCcwgPXUC1jbzH0nXQwzfHpD+mcFU8/ueUgN/1Q6OGkZ5uDv2vdSK4PtzTyUSN SNlcCl5D1hQdml9+Vh+/ScVCwzpKHmCzyWY/e17Fe1mMXGYIrOkexNcgrfld6Hfz 1yQ/9UfBZ2gAUTsecOvZS+l/ejh5NkOJX5CtMlQDA4wtn6JjMWLVddksXxAcbIIP PWdLlfH+vfGfxrGJ/g3L0ALlppx0ezDCMvz6X2mVn1w7ifXcW+mnucypmDoQQ57j Ckc+YRluLxrBdLJsS98iLOkoTFxRJXZArJSI/lDW3LqPaFhFX5SMg/ilArefas78 62y8gIPdIlMt2sjJ12xnY4G4cod5Ec29YpMorIbl2CZve5OC5e5MiUxubU0C7noz zEGP9+bqp0WVd5Ir2yAvSyvmkNPOSOoBsrKuw0Gw1M1p3gxKLg== =BMmj -----END PGP SIGNATURE----- Merge 5.4.97 into android11-5.4-lts Changes in 5.4.97 USB: serial: cp210x: add pid/vid for WSDA-200-USB USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 USB: serial: option: Adding support for Cinterion MV31 arm64: dts: qcom: c630: keep both touchpad devices enabled Input: i8042 - unbreak Pegatron C15B arm64: dts: amlogic: meson-g12: Set FL-adj property value arm64: dts: rockchip: fix vopl iommu irq on px30 bpf, cgroup: Fix optlen WARN_ON_ONCE toctou bpf, cgroup: Fix problematic bounds check um: virtio: free vu_dev only with the contained struct device rxrpc: Fix deadlock around release of dst cached on udp tunnel arm64: dts: ls1046a: fix dcfg address range igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr igc: check return value of ret_val in igc_config_fc_after_link_up i40e: Revert "i40e: don't report link up for a VF who hasn't enabled queues" net/mlx5: Fix leak upon failure of rule creation net: lapb: Copy the skb before sending a packet net: mvpp2: TCAM entry enable should be written after SRAM data r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs memblock: do not start bottom-up allocations with kernel_end USB: gadget: legacy: fix an error code in eth_bind() USB: usblp: don't call usb_set_interface if there's a single alt usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() usb: dwc2: Fix endpoint direction check in ep_from_windex usb: dwc3: fix clock issue during resume in OTG mode usb: xhci-mtk: fix unreleased bandwidth data usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints usb: xhci-mtk: break loop when find the endpoint to drop usb: host: xhci-plat: add priv quirk for skip PHY initialization ovl: fix dentry leak in ovl_get_redirect mac80211: fix station rate table updates on assoc fgraph: Initialize tracing_graph_pause at task creation kretprobe: Avoid re-registration of the same kretprobe earlier libnvdimm/dimm: Avoid race between probe and available_slots_show() genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set xhci: fix bounce buffer usage for non-sg list case cifs: report error instead of invalid when revalidating a dentry fails smb3: Fix out-of-bounds bug in SMB2_negotiate() smb3: fix crediting for compounding when only one request in flight mmc: core: Limit retries when analyse of SDIO tuples fails drm/amd/display: Revert "Fix EDID parsing after resume from suspend" nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs KVM: SVM: Treat SVM as unsupported when running as an SEV guest KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode ARM: footbridge: fix dc21285 PCI configuration accessors mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page mm: hugetlb: fix a race between freeing and dissolving the page mm: hugetlb: fix a race between isolating and freeing page mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active mm, compaction: move high_pfn to the for loop scope mm: thp: fix MADV_REMOVE deadlock on shmem THP x86/build: Disable CET instrumentation in the kernel x86/apic: Add extra serialization for non-serializing MSRs iwlwifi: mvm: don't send RFH_QUEUE_CONFIG_CMD with no queues Input: xpad - sync supported devices with fork on GitHub iommu/vt-d: Do not use flush-queue when caching-mode is on md: Set prev_flush_start and flush_bio in an atomic way igc: Report speed and duplex as unknown when device is runtime suspended neighbour: Prevent a dead entry from updating gc_list net: ip_tunnel: fix mtu calculation net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add net: sched: replaced invalid qdisc tree flush helper in qdisc_replace usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720 Linux 5.4.97 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic972908fac1b16b4b01a63e2c23b2dd2f528143b |
||
|
David Howells
|
68e798fa3c |
rxrpc: Fix deadlock around release of dst cached on udp tunnel
[ Upstream commit 5399d52233c47905bbf97dcbaa2d7a9cc31670ba ]
AF_RXRPC sockets use UDP ports in encap mode. This causes socket and dst
from an incoming packet to get stolen and attached to the UDP socket from
whence it is leaked when that socket is closed.
When a network namespace is removed, the wait for dst records to be cleaned
up happens before the cleanup of the rxrpc and UDP socket, meaning that the
wait never finishes.
Fix this by moving the rxrpc (and, by dependence, the afs) private
per-network namespace registrations to the device group rather than subsys
group. This allows cached rxrpc local endpoints to be cleared and their
UDP sockets closed before we try waiting for the dst records.
The symptom is that lines looking like the following:
unregister_netdevice: waiting for lo to become free
get emitted at regular intervals after running something like the
referenced syzbot test.
Thanks to Vadim for tracking this down and work out the fix.
Reported-by: syzbot+df400f2f24a1677cd7e0@syzkaller.appspotmail.com
Reported-by: Vadim Fedorenko <vfedorenko@novek.ru>
Fixes:
|
||
|
Greg Kroah-Hartman
|
d45416b62b |
This is the 5.4.86 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/sW9MACgkQONu9yGCS
aT5SwBAAo6dgHqwmPfuf98/8oVeVqTxcmE7GpzpVRH2+yI7Zwk2ez29tAflcM7lT
LKtR2WFGAxoCL4DUKXeO7Ubwpue5NoBIsJ8/dAYBesojps3WDaFGL55PvJLWwFJ7
5gPtPzynITaqIC1JCFcrJ7OTp7REiCUZRc1CJXJINWAYL1VbEbH8pH904xfFcivy
XnNyL9UiWp1lSB8oF3CRJOaK5M5gY1+wdCFaLVqQn306XDEM8PvZK4G3at/jXWgH
jQjArdtC8M8NwjyTwtqW9JAMV+6CD0/HXk0QboTZg6yiaRrtUsfzMqJ1cvhKcQgO
kLE3rwdnr3/MxuzSnGWbswflG2WCutoah58g0uN8H0nCiui5mKN6x5K+emgDZIoO
ndDnh+/5OE247EK+3CGn/0N8i/fOymrLAnLL4wCXVdlQLMCalnL37ibdfGbAptXi
N3GOGZ2iEglvTsEr5w0r86+AzNskm5EqA7mFGFiAyf9viR2xwYk3RrWf2ZyMRos2
2S7mKcZmw7voDu2TIDIhqydToBKxmYI/mUn3mFFme1h3lwzM3zYG1aovVLfd5NkY
Gx5E/CA/ut/3n0u/dXJ8SxEitBWkqImp5UdYcElQNxQoXnVU4yKmjf6dDL9Wqh+1
ujCiaCUJd3PY0uXXIb6RWWGs2VaL4xiEnk+ZBm0VI9WEUWksSx0=
=jnmv
-----END PGP SIGNATURE-----
Merge 5.4.86 into android11-5.4-lts
Changes in 5.4.86
ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY
ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator
ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node
pinctrl: merrifield: Set default bias in case no particular value given
pinctrl: baytrail: Avoid clearing debounce value when turning it off
ARM: dts: sun8i: v3s: fix GIC node memory range
ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY
ARM: dts: imx6qdl-wandboard-revd1: Remove PAD_GPIO_6 from enetgrp
ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin
PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter
gpio: zynq: fix reference leak in zynq_gpio functions
gpio: mvebu: fix potential user-after-free on probe
scsi: bnx2i: Requires MMU
xsk: Fix xsk_poll()'s return type
xsk: Replace datagram_poll by sock_poll_wait
can: softing: softing_netdev_open(): fix error handling
clk: renesas: r9a06g032: Drop __packed for portability
block: Simplify REQ_OP_ZONE_RESET_ALL handling
block: factor out requeue handling from dispatch code
blk-mq: In blk_mq_dispatch_rq_list() "no budget" is a reason to kick
pinctrl: aspeed: Fix GPIO requests on pass-through banks
netfilter: x_tables: Switch synchronization to RCU
netfilter: nft_compat: make sure xtables destructors have run
netfilter: nft_dynset: fix timeouts later than 23 days
afs: Fix memory leak when mounting with multiple source parameters
Revert "gpio: eic-sprd: Use devm_platform_ioremap_resource()"
gpio: eic-sprd: break loop when getting NULL device resource
netfilter: nft_ct: Remove confirmation check for NFT_CT_ID
selftests/bpf/test_offload.py: Reset ethtool features after failed setting
RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
i40e: Refactor rx_bi accesses
i40e: optimise prefetch page refcount
i40e: avoid premature Rx buffer reuse
ixgbe: avoid premature Rx buffer reuse
selftests: fix poll error in udpgro.sh
net: mvpp2: add mvpp2_phylink_to_port() helper
drm/tegra: replace idr_init() by idr_init_base()
kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
drm/tegra: sor: Disable clocks on error in tegra_sor_init()
habanalabs: put devices before driver removal
arm64: syscall: exit userspace before unmasking exceptions
vxlan: Add needed_headroom for lower device
vxlan: Copy needed_tailroom from lowerdev
scsi: mpt3sas: Increase IOCInit request timeout to 30s
dm table: Remove BUG_ON(in_interrupt())
iwlwifi: pcie: add one missing entry for AX210
drm/amd/display: Init clock value by current vbios CLKs
perf/x86/intel: Check PEBS status correctly
kbuild: avoid split lines in .mod files
soc/tegra: fuse: Fix index bug in get_process_id
usb: mtu3: fix memory corruption in mtu3_debugfs_regset()
USB: serial: option: add interface-number sanity check to flag handling
USB: gadget: f_acm: add support for SuperSpeed Plus
USB: gadget: f_midi: setup SuperSpeed Plus descriptors
usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
coresight: tmc-etf: Fix NULL ptr dereference in tmc_enable_etf_sink_perf()
coresight: tmc-etr: Check if page is valid before dma_map_page()
coresight: tmc-etr: Fix barrier packet insertion for perf buffer
coresight: etb10: Fix possible NULL ptr dereference in etb_enable_perf()
scsi: megaraid_sas: Check user-provided offsets
HID: i2c-hid: add Vero K147 to descriptor override
serial_core: Check for port state when tty is in error state
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
quota: Sanity-check quota file headers on load
media: msi2500: assign SPI bus number dynamically
crypto: af_alg - avoid undefined behavior accessing salg_name
md: fix a warning caused by a race between concurrent md_ioctl()s
drm/gma500: fix double free of gma_connector
drm/aspeed: Fix Kconfig warning & subsequent build errors
drm/mcde: Fix handling of platform_get_irq() error
drm/tve200: Fix handling of platform_get_irq() error
arm64: dts: renesas: hihope-rzg2-ex: Drop rxc-skew-ps from ethernet-phy node
arm64: dts: renesas: cat875: Remove rxc-skew-ps from ethernet-phy node
soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains()
soc: mediatek: Check if power domains can be powered on at boot time
soc: qcom: geni: More properly switch to DMA mode
Revert "i2c: i2c-qcom-geni: Fix DMA transfer race"
RDMA/bnxt_re: Set queue pair state when being queried
rtc: pcf2127: fix pcf2127_nvmem_read/write() returns
selinux: fix error initialization in inode_doinit_with_dentry()
ARM: dts: aspeed: s2600wf: Fix VGA memory region location
RDMA/rxe: Compute PSN windows correctly
x86/mm/ident_map: Check for errors from ident_pud_init()
ARM: p2v: fix handling of LPAE translation in BE mode
x86/apic: Fix x2apic enablement without interrupt remapping
sched/deadline: Fix sched_dl_global_validate()
sched: Reenable interrupts in do_sched_yield()
drm/amdgpu: fix incorrect enum type
crypto: talitos - Endianess in current_desc_hdr()
crypto: talitos - Fix return type of current_desc_hdr()
crypto: inside-secure - Fix sizeof() mismatch
ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode
ARM: dts: aspeed: tiogapass: Remove vuart
drm/amdgpu: fix build_coefficients() argument
powerpc/64: Set up a kernel stack for secondaries before cpu_restore()
spi: img-spfi: fix reference leak in img_spfi_resume
f2fs: call f2fs_get_meta_page_retry for nat page
drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
spi: spi-mem: fix reference leak in spi_mem_access_start
ASoC: pcm: DRAIN support reactivation
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
spi: stm32: fix reference leak in stm32_spi_resume
brcmfmac: Fix memory leak for unpaired brcmf_{alloc/free}
arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7
arm64: dts: exynos: Correct psci compatible used on Exynos7
Bluetooth: Fix null pointer dereference in hci_event_packet()
Bluetooth: hci_h5: fix memory leak in h5_close
spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe
spi: tegra20-slink: fix reference leak in slink ops of tegra20
spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
spi: tegra114: fix reference leak in tegra spi ops
spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume
mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
selftest/bpf: Add missed ip6ip6 test back
ASoC: wm8998: Fix PM disable depth imbalance on error
spi: sprd: fix reference leak in sprd_spi_remove
ASoC: arizona: Fix a wrong free in wm8997_probe
RDMa/mthca: Work around -Wenum-conversion warning
MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
staging: greybus: codecs: Fix reference counter leak in error handling
staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c
media: tm6000: Fix sizeof() mismatches
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm()
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm()
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm()
media: v4l2-fwnode: Return -EINVAL for invalid bus-type
ASoC: meson: fix COMPILE_TEST error
scsi: core: Fix VPD LUN ID designator priorities
media: solo6x10: fix missing snd_card_free in error handling case
video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
Input: ads7846 - fix race that causes missing releases
Input: ads7846 - fix integer overflow on Rt calculation
Input: ads7846 - fix unaligned access on 7845
usb/max3421: fix return error code in max3421_probe()
spi: mxs: fix reference leak in mxs_spi_probe
selftests/bpf: Fix broken riscv build
powerpc: Avoid broken GCC __attribute__((optimize))
powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId
crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
spi: fix resource leak for drivers without .remove callback
soc: ti: knav_qmss: fix reference leak in knav_queue_probe
soc: ti: Fix reference imbalance in knav_dma_probe
drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
Input: omap4-keypad - fix runtime PM error handling
clk: meson: Kconfig: fix dependency for G12A
RDMA/cxgb4: Validate the number of CQEs
memstick: fix a double-free bug in memstick_check
ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
mmc: pxamci: Fix error return code in pxamci_probe
orinoco: Move context allocation after processing the skb
qtnfmac: fix error return code in qtnf_pcie_probe()
rsi: fix error return code in rsi_reset_card()
cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
arm64: tegra: Fix DT binding for IO High Voltage entry
media: siano: fix memory leak of debugfs members in smsdvb_hotplug
platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration
platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration
samples: bpf: Fix lwt_len_hist reusing previous BPF map
media: imx214: Fix stop streaming
mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
media: max2175: fix max2175_set_csm_mode() error code
slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI
HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
ARM: dts: Remove non-existent i2c1 from 98dx3236
arm64: dts: armada-3720-turris-mox: update ethernet-phy handle name
arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching
power: supply: bq24190_charger: fix reference leak
genirq/irqdomain: Don't try to free an interrupt that has no mapping
arm64: dts: ls1028a: fix ENETC PTP clock input
arm64: dts: qcom: c630: Polish i2c-hid devices
PCI: Bounds-check command-line resource alignment requests
PCI: Fix overflow in command-line resource alignment requests
PCI: iproc: Fix out-of-bound array accesses
arm64: dts: meson: fix spi-max-frequency on Khadas VIM2
arm64: dts: meson-sm1: fix typo in opp table
soc: amlogic: canvas: add missing put_device() call in meson_canvas_get()
ARM: dts: at91: at91sam9rl: fix ADC triggers
platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init
ath10k: Fix the parsing error in service available event
ath10k: Fix an error handling path
ath10k: Release some resources in an error handling path
SUNRPC: rpc_wake_up() should wake up tasks in the correct order
NFSv4.2: condition READDIR's mask for security label based on LSM state
SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
NFSv4: Fix the alignment of page data in the getdeviceinfo reply
net: sunrpc: Fix 'snprintf' return value check in 'do_xprt_debugfs'
lockd: don't use interval-based rebinding over TCP
NFS: switch nfsiod to be an UNBOUND workqueue.
selftests/seccomp: Update kernel config
vfio-pci: Use io_remap_pfn_range() for PCI IO memory
hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable
media: saa7146: fix array overflow in vidioc_s_audio()
powerpc/perf: Fix crash with is_sier_available when pmu is not set
powerpc/64: Fix an EMIT_BUG_ENTRY in head_64.S
clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path
clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent()
iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt context
ARM: dts: at91: sama5d2: map securam as device
bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address()
pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
arm64: dts: rockchip: Fix UART pull-ups on rk3328
memstick: r592: Fix error return in r592_probe()
MIPS: Don't round up kernel sections size for memblock_add()
net/mlx5: Properly convey driver version to firmware
ASoC: jz4740-i2s: add missed checks for clk_get()
dm ioctl: fix error return code in target_message
phy: renesas: rcar-gen3-usb2: disable runtime pm in case of failure
clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
cpufreq: ap806: Add missing MODULE_DEVICE_TABLE
cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE
cpufreq: qcom: Add missing MODULE_DEVICE_TABLE
cpufreq: st: Add missing MODULE_DEVICE_TABLE
cpufreq: sun50i: Add missing MODULE_DEVICE_TABLE
cpufreq: loongson1: Add missing MODULE_ALIAS
cpufreq: scpi: Add missing MODULE_ALIAS
Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware()
Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware()
arm64: dts: meson: fix PHY deassert timing requirements
ARM: dts: meson: fix PHY deassert timing requirements
arm64: dts: meson: g12a: x96-max: fix PHY deassert timing requirements
scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
scsi: pm80xx: Fix error return in pm8001_pci_probe()
seq_buf: Avoid type mismatch for seq_buf_init
scsi: fnic: Fix error return code in fnic_probe()
platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems
powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
powerpc/pseries/hibernation: remove redundant cacheinfo update
drm/mediatek: avoid dereferencing a null hdmi_phy on an error message
ASoC: amd: change clk_get() to devm_clk_get() and add missed checks
powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S
usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
usb: oxu210hp-hcd: Fix memory leak in oxu_create
speakup: fix uninitialized flush_lock
nfsd: Fix message level for normal termination
nfs_common: need lock during iterate through the list
x86/kprobes: Restore BTF if the single-stepping is cancelled
platform/chrome: cros_ec_spi: Don't overwrite spi::mode
bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
s390/cio: fix use-after-free in ccw_device_destroy_console
iwlwifi: mvm: hook up missing RX handlers
erofs: avoid using generic_block_bmap
can: m_can: m_can_config_endisable(): remove double clearing of clock stop request bit
RDMA/core: Do not indicate device ready when device enablement fails
remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable
remoteproc: qcom: fix reference leak in adsp_start
remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio()
clk: tegra: Fix duplicated SE clock entry
mtd: rawnand: gpmi: fix reference count leak in gpmi ops
mtd: rawnand: meson: Fix a resource leak in init
mtd: rawnand: gpmi: Fix the random DMA timeout issue
extcon: max77693: Fix modalias string
crypto: atmel-i2c - select CONFIG_BITREVERSE
mac80211: don't set set TDLS STA bandwidth wider than possible
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
watchdog: armada_37xx: Add missing dependency on HAS_IOMEM
watchdog: sirfsoc: Add missing dependency on HAS_IOMEM
watchdog: sprd: remove watchdog disable from resume fail path
watchdog: sprd: check busy bit before new loading rather than after that
watchdog: Fix potential dereferencing of null pointer
ubifs: Fix error return code in ubifs_init_authentication()
um: Monitor error events in IRQ controller
um: tty: Fix handling of close in tty lines
um: chan_xterm: Fix fd leak
sunrpc: fix xs_read_xdr_buf for partial pages receive
RDMA/cma: Don't overwrite sgid_attr after device is released
nfc: s3fwrn5: Release the nfc firmware
powerpc/ps3: use dma_mapping_error()
sparc: fix handling of page table constructor failure
mm: don't wake kswapd prematurely when watermark boosting is disabled
checkpatch: fix unescaped left brace
lan743x: fix rx_napi_poll/interrupt ping-pong
net: bcmgenet: Fix a resource leak in an error handling path in the probe functin
net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function
net: korina: fix return value
libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
watchdog: qcom: Avoid context switch in restart handler
watchdog: coh901327: add COMMON_CLK dependency
clk: ti: Fix memleak in ti_fapll_synth_setup
pwm: zx: Add missing cleanup in error path
pwm: lp3943: Dynamically allocate PWM chip base
perf record: Fix memory leak when using '--user-regs=?' to list registers
qlcnic: Fix error code in probe
virtio_ring: Cut and paste bugs in vring_create_virtqueue_packed()
virtio_net: Fix error code in probe()
virtio_ring: Fix two use after free bugs
clk: at91: sam9x60: remove atmel,osc-bypass support
clk: s2mps11: Fix a resource leak in error handling paths in the probe function
clk: sunxi-ng: Make sure divider tables have sentinel
kconfig: fix return value of do_error_if()
perf probe: Fix memory leak when synthesizing SDT probes
ARM: sunxi: Add machine match for the Allwinner V3 SoC
cfg80211: initialize rekey_data
fix namespaced fscaps when !CONFIG_SECURITY
lwt: Disable BH too in run_lwt_bpf()
drm/amd/display: Prevent bandwidth overflow
drm/amdkfd: Fix leak in dmabuf import
Input: cros_ec_keyb - send 'scancodes' in addition to key events
initramfs: fix clang build failure
Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU
media: gspca: Fix memory leak in probe
media: sunxi-cir: ensure IR is handled when it is continuous
media: netup_unidvb: Don't leak SPI master in probe error path
media: ipu3-cio2: Remove traces of returned buffers
media: ipu3-cio2: Return actual subdev format
media: ipu3-cio2: Serialise access to pad format
media: ipu3-cio2: Validate mbus format in setting subdev format
media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE
Input: cyapa_gen6 - fix out-of-bounds stack access
ALSA: hda/ca0132 - Change Input Source enum strings.
PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks"
ACPI: PNP: compare the string length in the matching_id()
ALSA: hda: Fix regressions on clear and reconfig sysfs
ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg.
ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop
ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button
ALSA: pcm: oss: Fix a few more UBSAN fixes
ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G
ALSA: hda/realtek: Add quirk for MSI-GP73
ALSA: hda/realtek: Apply jack fixup for Quanta NL3
ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices
ALSA: usb-audio: Disable sample read check if firmware doesn't give back
ALSA: core: memalloc: add page alignment for iram
s390/smp: perform initial CPU reset also for SMT siblings
s390/kexec_file: fix diag308 subcode when loading crash kernel
s390/dasd: fix hanging device offline processing
s390/dasd: prevent inconsistent LCU device data
s390/dasd: fix list corruption of pavgroup group list
s390/dasd: fix list corruption of lcu list
binder: add flag to clear buffer on txn complete
ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams
staging: comedi: mf6x4: Fix AI end-of-conversion detection
perf/x86/intel: Add event constraint for CYCLE_ACTIVITY.STALLS_MEM_ANY
perf/x86/intel: Fix rtm_abort_event encoding on Ice Lake
powerpc/perf: Exclude kernel samples while counting events in user space.
crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
EDAC/i10nm: Use readl() to access MMIO registers
EDAC/amd64: Fix PCI component registration
cpuset: fix race between hotplug work and later CPU offline
USB: serial: mos7720: fix parallel-port state restore
USB: serial: digi_acceleport: fix write-wakeup deadlocks
USB: serial: keyspan_pda: fix dropped unthrottle interrupts
USB: serial: keyspan_pda: fix write deadlock
USB: serial: keyspan_pda: fix stalled writes
USB: serial: keyspan_pda: fix write-wakeup use-after-free
USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
USB: serial: keyspan_pda: fix write unthrottling
btrfs: do not shorten unpin len for caching block groups
btrfs: trim: fix underflow in trim length to prevent access beyond device boundary
ext4: fix a memory leak of ext4_free_data
ext4: fix deadlock with fs freezing and EA inodes
KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES
ARM: dts: at91: sama5d2: fix CAN message ram offset and size
xprtrdma: Fix XDRBUF_SPARSE_PAGES support
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter
powerpc/feature: Add CPU_FTR_NOEXECUTE to G2_LE
powerpc/xmon: Change printk() to pr_cont()
powerpc/8xx: Fix early debug when SMC1 is relocated
powerpc/mm: Fix verification of MMU_FTR_TYPE_44x
powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU
powerpc/powernv/memtrace: Don't leak kernel memory to user space
powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently
ima: Don't modify file descriptor mode on the fly
um: Remove use of asprinf in umid.c
ceph: fix race in concurrent __ceph_remove_cap invocations
SMB3: avoid confusing warning message on mount to Azure
ubifs: wbuf: Don't leak kernel memory to flash
jffs2: Fix GC exit abnormally
jffs2: Fix ignoring mounting options problem during remounting
jfs: Fix array index bounds check in dbAdjTree
platform/x86: mlx-platform: remove an unused variable
drm/amd/display: Fix memory leaks in S3 resume
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
drm/i915: Fix mismatch between misplaced vma check and vma insert
spi: pxa2xx: Fix use-after-free on unbind
spi: spi-sh: Fix use-after-free on unbind
spi: atmel-quadspi: Fix use-after-free on unbind
spi: davinci: Fix use-after-free on unbind
spi: fsl: fix use of spisel_boot signal on MPC8309
spi: gpio: Don't leak SPI master in probe error path
spi: mxic: Don't leak SPI master in probe error path
spi: pic32: Don't leak DMA channels in probe error path
spi: rb4xx: Don't leak SPI master in probe error path
spi: sc18is602: Don't leak SPI master in probe error path
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
spi: synquacer: Disable clock in probe error path
spi: mt7621: Disable clock in probe error path
spi: mt7621: Don't leak SPI master in probe error path
spi: atmel-quadspi: Disable clock in probe error path
spi: atmel-quadspi: Fix AHB memory accesses
soc: qcom: smp2p: Safely acquire spinlock without IRQs
mtd: spinand: Fix OOB read
mtd: parser: cmdline: Fix parsing of part-names with colons
mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read
mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments
scsi: qla2xxx: Fix crash during driver load on big endian machines
scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
iio: buffer: Fix demux update
iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume
iio:light:rpr0521: Fix timestamp alignment and prevent data leak.
iio:light:st_uvis25: Fix timestamp alignment and prevent data leak.
iio:magnetometer:mag3110: Fix alignment and data leak issues.
iio:pressure:mpl3115: Force alignment of buffer
iio:imu:bmi160: Fix too large a buffer.
iio:adc:ti-ads124s08: Fix buffer being too long.
iio:adc:ti-ads124s08: Fix alignment and data leak issues.
md/cluster: block reshape with remote resync job
md/cluster: fix deadlock when node is doing resync job
pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler
clk: ingenic: Fix divider calculation with div tables
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
clk: tegra: Do not return 0 on failure
device-dax/core: Fix memory leak when rmmod dax.ko
dma-buf/dma-resv: Respect num_fences when initializing the shared fence list.
xen-blkback: set ring->xenblkd to NULL after kthread_stop()
xen/xenbus: Allow watches discard events before queueing
xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
xen/xenbus/xen_bus_type: Support will_handle watch callback
xen/xenbus: Count pending messages for each watch
xenbus/xenbus_backend: Disallow pending watch messages
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12
PCI: Fix pci_slot_release() NULL pointer dereference
regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x
rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time
Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"
x86/CPU/AMD: Save AMD NodeId as cpu_die_id
Linux 5.4.86
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If271639b9a7c833718f8cfdfbacce5affe7f4189
|
||
|
David Howells
|
64795af3bd |
afs: Fix memory leak when mounting with multiple source parameters
[ Upstream commit 4cb682964706deffb4861f0a91329ab3a705039f ]
There's a memory leak in afs_parse_source() whereby multiple source=
parameters overwrite fc->source in the fs_context struct without freeing
the previously recorded source.
Fix this by only permitting a single source parameter and rejecting with
an error all subsequent ones.
This was caught by syzbot with the kernel memory leak detector, showing
something like the following trace:
unreferenced object 0xffff888114375440 (size 32):
comm "repro", pid 5168, jiffies 4294923723 (age 569.948s)
backtrace:
slab_post_alloc_hook+0x42/0x79
__kmalloc_track_caller+0x125/0x16a
kmemdup_nul+0x24/0x3c
vfs_parse_fs_string+0x5a/0xa1
generic_parse_monolithic+0x9d/0xc5
do_new_mount+0x10d/0x15a
do_mount+0x5f/0x8e
__do_sys_mount+0xff/0x127
do_syscall_64+0x2d/0x3a
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes:
|
||
|
Greg Kroah-Hartman
|
118da4b0e4 |
This is the 5.4.78 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+1Zg0ACgkQONu9yGCS
aT75KBAAqvo33a5xoTM+FQQRsRSKaRNOhCQooXEB1bJcas3y+yQ6ehmwCJ8/K1tC
JilD+NQt6uuwH2f2cLrH0e4EQcvno390qF/wOCF377bUnKklsxydyaLSLhGYTqR9
5u/vZVf/QoWZc6BvDwPWNo/NwuRPgJ+sVjuFvtt08l0pGQou26WGujl6ElJKBiLV
SbbRDlx/f8cJa/oqN8TL/V/VDqJfVLcv6hFRvf44newSUJK05LgCVoM76WEcSQLj
GYrtCNwffJtnCUzUr/SctNymsgmjj65df6tKmS0vntWH5kTBnCKK/Mnly38gQbeB
nvci1siOUjnnrkBhydKixO4Q6OZmrbuM0g3vXmW5/Az7HjRcX84BRu+yE7aArE3/
GMAIO/D1Wj9Dhxs59cu12IWxRaljkT+5FsZYV55TgcRMmWHq/YzBYFSW15fZ9xEw
ehel9m5ou+HqVtz+bR+ar3v6M2bhedJ0fFvXnbN2OhMwHsEUTuYqfTb7k/21dUwE
P5k8qGGcYKE1q1gb/Dp3p/hDBjr5h4Mg7z7S8diGsVv3klgrtttgqkOo79JfTESz
BS5vsF9yS0k23xemCl3jZ41X9uReXnE3lvEeuDBDdYvHPwnjyzPeUN5jgN6abQm7
CTxp0oPIFW+O8MV+vgF1joK6ykbK8rJRjIUcfzHeI6oKt+HQBJY=
=gimO
-----END PGP SIGNATURE-----
Merge 5.4.78 into android11-5.4-lts
Changes in 5.4.78
drm/i915/gem: Flush coherency domains on first set-domain-ioctl
time: Prevent undefined behaviour in timespec64_to_ns()
nbd: don't update block size after device is started
KVM: arm64: Force PTE mapping on fault resulting in a device mapping
PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0
usb: dwc3: gadget: Continue to process pending requests
usb: dwc3: gadget: Reclaim extra TRBs after request completion
btrfs: tracepoints: output proper root owner for trace_find_free_extent()
btrfs: sysfs: init devices outside of the chunk_mutex
btrfs: reschedule when cloning lots of extents
ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function
genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
hv_balloon: disable warning when floor reached
net: xfrm: fix a race condition during allocing spi
ASoC: codecs: wcd9335: Set digital gain range correctly
xfs: set xefi_discard when creating a deferred agfl free log intent item
netfilter: use actual socket sk rather than skb sk when routing harder
netfilter: nf_tables: missing validation from the abort path
netfilter: ipset: Update byte and packet counters regardless of whether they match
powerpc/eeh_cache: Fix a possible debugfs deadlock
perf trace: Fix segfault when trying to trace events by cgroup
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
iommu/vt-d: Fix a bug for PDP check in prq_event_thread
afs: Fix warning due to unadvanced marshalling pointer
can: rx-offload: don't call kfree_skb() from IRQ context
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: j1939: swap addr and pgn in the send example
can: j1939: j1939_sk_bind(): return failure if netdev is down
can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path
can: xilinx_can: handle failure cases of pm_runtime_get_sync
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A
can: flexcan: flexcan_remove(): disable wakeup completely
xfs: flush new eof page on truncate to avoid post-eof corruption
xfs: fix scrub flagging rtinherit even if there is no rt device
tpm: efi: Don't create binary_bios_measurements file for an empty log
random32: make prandom_u32() output unpredictable
KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED
KVM: x86: don't expose MSR_IA32_UMWAIT_CONTROL unconditionally
ath9k_htc: Use appropriate rs_datalen type
ASoC: qcom: sdm845: set driver name correctly
ASoC: cs42l51: manage mclk shutdown delay
usb: dwc3: pci: add support for the Intel Alder Lake-S
opp: Reduce the size of critical section in _opp_table_kref_release()
usb: gadget: goku_udc: fix potential crashes in probe
selftests/ftrace: check for do_sys_openat2 in user-memory test
selftests: pidfd: fix compilation errors due to wait.h
ALSA: hda: Separate runtime and system suspend
ALSA: hda: Reinstate runtime_allow() for all hda controllers
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: check for live vs. read-only file system in gfs2_fitrim
scsi: hpsa: Fix memory leak in hpsa_init_one()
drm/amdgpu: perform srbm soft reset always on SDMA resume
drm/amd/pm: perform SMC reset on suspend/hibernation
drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running
mac80211: fix use of skb payload instead of header
cfg80211: initialize wdev data earlier
cfg80211: regulatory: Fix inconsistent format argument
tracing: Fix the checking of stackidx in __ftrace_trace_stack
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
scsi: mpt3sas: Fix timeouts observed while reenabling IRQ
nvme: introduce nvme_sync_io_queues
nvme-rdma: avoid race between time out and tear down
nvme-tcp: avoid race between time out and tear down
nvme-rdma: avoid repeated request completion
nvme-tcp: avoid repeated request completion
iommu/amd: Increase interrupt remapping table limit to 512 entries
s390/smp: move rcu_cpu_starting() earlier
vfio: platform: fix reference leak in vfio_platform_open
vfio/pci: Bypass IGD init in case of -ENODEV
i2c: mediatek: move dma reset before i2c reset
amd/amdgpu: Disable VCN DPG mode for Picasso
selftests: proc: fix warning: _GNU_SOURCE redefined
riscv: Set text_offset correctly for M-Mode
i2c: sh_mobile: implement atomic transfers
tpm_tis: Disable interrupts on ThinkPad T490s
spi: bcm2835: remove use of uninitialized gpio flags variable
tick/common: Touch watchdog in tick_unfreeze() on all CPUs
mfd: sprd: Add wakeup capability for PMIC IRQ
pinctrl: intel: Set default bias in case no particular value given
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
bpf: Don't rely on GCC __attribute__((optimize)) to disable GCSE
pinctrl: aspeed: Fix GPI only function problem.
net/mlx5: Fix deletion of duplicate rules
SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow()
bpf: Zero-fill re-used per-cpu map element
nbd: fix a block_device refcount leak in nbd_release
igc: Fix returning wrong statistics
xfs: fix flags argument to rmap lookup when converting shared file rmaps
xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents
xfs: fix rmap key and record comparison functions
xfs: fix brainos in the refcount scrubber's rmap fragment processor
lan743x: fix "BUG: invalid wait context" when setting rx mode
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
vrf: Fix fast path output packet handling with async Netfilter rules
perf: Fix get_recursion_context()
erofs: derive atime instead of leaving it empty
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
btrfs: ref-verify: fix memory leak in btrfs_ref_tree_mod
btrfs: fix min reserved size calculation in merge_reloc_root
btrfs: dev-replace: fail mount if we don't have replace item with target device
KVM: arm64: Don't hide ID registers from userspace
thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services()
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
uio: Fix use-after-free in uio_unregister_device()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
xhci: hisilicon: fix refercence leak in xhci_histb_probe
virtio: virtio_console: fix DMA memory allocation for rproc serial
mei: protect mei_cl_mtu from null dereference
futex: Don't enable IRQs unconditionally in put_pi_state()
jbd2: fix up sparse warnings in checkpoint code
mm/slub: fix panic in slab_alloc_node()
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
ocfs2: initialize ip_next_orphan
btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch
selinux: Fix error return code in sel_ib_pkey_sid_slow()
gpio: pcie-idio-24: Fix irq mask when masking
gpio: pcie-idio-24: Fix IRQ Enable Register value
gpio: pcie-idio-24: Enable PEX8311 interrupts
mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs
mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net: udp: fix UDP header access on Fast/frag0 UDP GRO
net: Update window_clamp if SOCK_RCVBUF is set
net/x25: Fix null-ptr-deref in x25_connect
tipc: fix memory leak in tipc_topsrv_start()
r8169: fix potential skb double free in an error path
drm/i915: Correctly set SFC capability for video engines
powerpc/603: Always fault when _PAGE_ACCESSED is not set
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
perf scripting python: Avoid declaring function pointers with a visibility attribute
perf/core: Fix race in the perf_mmap_close() function
net: sch_generic: fix the missing new qdisc assignment bug
Convert trailing spaces and periods in path components
Linux 5.4.78
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iac77690a370f99dc3518ab5bd4660fc31d0832c0
|
||
|
David Howells
|
e201588fad |
afs: Fix warning due to unadvanced marshalling pointer
[ Upstream commit c80afa1d9c3603d5eddeb8d63368823b1982f3f0 ]
When using the afs.yfs.acl xattr to change an AuriStor ACL, a warning
can be generated when the request is marshalled because the buffer
pointer isn't increased after adding the last element, thereby
triggering the check at the end if the ACL wasn't empty. This just
causes something like the following warning, but doesn't stop the call
from happening successfully:
kAFS: YFS.StoreOpaqueACL2: Request buffer underflow (36<108)
Fix this simply by increasing the count prior to the check.
Fixes:
|
||
|
Greg Kroah-Hartman
|
a3775e2a89 |
This is the 5.4.64 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9ZDSIACgkQONu9yGCS aT5GkA/+I3VF/vpyQXLEY3lCOxUPWsbsU+NTx5x6g4ujFLPzzXISvxaQT3FdyTez 73nRDbEUwGX8b1Ruylg6PoRjNAilwvYB8gS/4TVxJQ/VtIyG7uFqjDK7vuGJT5xW +Pf+PSoJjJLfQfu6TzSZwMit5K8wfTk4egESeZ7KUH3IsLvlNs4Xegkpm1pkl8nZ jb3FT5vTPd425Qld6odkfVTj0QJ8JniL8U54YTBXjw6uEMRGsjMGsy91gXNQbgjf fhhhRrpFhnDE9rJFtLEVaXUbQ2j3+mjS5lSH/2erpXO+U19yeNLElwpltnHPFrJF vDjkvlWdoQKs1+JXNzVQZF9H+omQbTcU8gcRB+s8EbSV2+bcpIdNeas00GaumJW1 l6660A74mKPN4Vii5YioD9GcsJHgKRkbgJkoxu7QnegiHGoHTfToNVgwz2bQgT34 JXbZXyhfLOTR5zpczJ3gyBHX+Va3dyHJypyRMgvgyvDW+TZS9By8iAaqXs14eGjG 8nm5dlaiZyAeburIUyi8vFZZT/5BA42b1xyUZcduKmqlMjRu9fxCHlBCwj5rjcy5 Psin0EYZcwOtA4mKzIH+w1ZB0qsPLYtLYQZaJzPUsUfzoNvYtU7pbQZEVLtUPMf4 5MbOPLjT+aki4TGQOR+et29kusapeLEfrc3SgfLwYODmDXmR3cE= =N3oJ -----END PGP SIGNATURE----- Merge 5.4.64 into android11-5.4-lts Changes in 5.4.64 HID: quirks: Always poll three more Lenovo PixArt mice drm/msm/dpu: Fix scale params in plane validation tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup drm/msm: add shutdown support for display platform_driver hwmon: (applesmc) check status earlier. nvmet: Disable keep-alive timer when kato is cleared to 0h drm/msm: enable vblank during atomic commits habanalabs: validate FW file size habanalabs: check correct vmalloc return code drm/msm/a6xx: fix gmu start on newer firmware ceph: don't allow setlease on cephfs drm/omap: fix incorrect lock state cpuidle: Fixup IRQ state nbd: restore default timeout when setting it to zero s390: don't trace preemption in percpu macros drm/amd/display: Reject overlay plane configurations in multi-display scenarios drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps drm/amd/display: Retry AUX write when fail occurs drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init xen/xenbus: Fix granting of vmalloc'd memory fsldma: fix very broken 32-bit ppc ioread64 functionality dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling batman-adv: Avoid uninitialized chaddr when handling DHCP batman-adv: Fix own OGM check in aggregated OGMs batman-adv: bla: use netif_rx_ni when not in interrupt context dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() rxrpc: Keep the ACK serial in a var in rxrpc_input_ack() rxrpc: Make rxrpc_kernel_get_srtt() indicate validity MIPS: mm: BMIPS5000 has inclusive physical caches MIPS: BMIPS: Also call bmips_cpu_setup() for secondary cores mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 netfilter: nf_tables: add NFTA_SET_USERDATA if not null netfilter: nf_tables: incorrect enum nft_list_attributes definition netfilter: nf_tables: fix destination register zeroing net: hns: Fix memleak in hns_nic_dev_probe net: systemport: Fix memleak in bcm_sysport_probe ravb: Fixed to be able to unload modules net: arc_emac: Fix memleak in arc_mdio_probe dmaengine: pl330: Fix burst length if burst size is smaller than bus width gtp: add GTPA_LINK info to msg sent to userspace net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port bnxt_en: Don't query FW when netif_running() is false. bnxt_en: Check for zero dir entries in NVRAM. bnxt_en: Fix PCI AER error recovery flow bnxt_en: Fix possible crash in bnxt_fw_reset_task(). bnxt_en: fix HWRM error when querying VF temperature xfs: fix boundary test in xfs_attr_shortform_verify bnxt: don't enable NAPI until rings are ready media: vicodec: add missing v4l2_ctrl_request_hdl_put() media: cedrus: Add missing v4l2_ctrl_request_hdl_put() selftests/bpf: Fix massive output from test_maps net: dsa: mt7530: fix advertising unsupported 1000baseT_Half netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()' nvme: fix controller instance leak cxgb4: fix thermal zone device registration perf tools: Correct SNOOPX field offset net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() fix regression in "epoll: Keep a reference on files added to the check list" net: gemini: Fix another missing clk_disable_unprepare() in probe MIPS: add missing MSACSR and upper MSA initialization xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files perf jevents: Fix suspicious code in fixregex() tg3: Fix soft lockup when tg3_reset_task() fails. x86, fakenuma: Fix invalid starting node ID iommu/vt-d: Serialize IOMMU GCMD register modifications thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 thermal: qcom-spmi-temp-alarm: Don't suppress negative temp iommu/amd: Restore IRTE.RemapEn bit after programming IRTE net/packet: fix overflow in tpacket_rcv include/linux/log2.h: add missing () around n in roundup_pow_of_two() vfio/type1: Support faulting PFNMAP vmas vfio-pci: Fault mmaps to enable vma tracking vfio-pci: Invalidate mmaps and block MMIO access on disabled memory iommu/vt-d: Handle 36bit addressing for x86-32 tracing/kprobes, x86/ptrace: Fix regs argument order for i386 ext2: don't update mtime on COW faults xfs: don't update mtime on COW faults ARC: perf: don't bail setup if pct irq missing in device-tree btrfs: drop path before adding new uuid tree entry btrfs: allocate scrub workqueues outside of locks btrfs: set the correct lockdep class for new nodes btrfs: set the lockdep class for log tree extent buffers btrfs: tree-checker: fix the error message for transid error net: core: use listified Rx for GRO_NORMAL in napi_gro_receive() btrfs: fix potential deadlock in the search ioctl Revert "net: dsa: microchip: set the correct number of ports" Revert "ALSA: hda: Add support for Loongson 7A1000 controller" ALSA: ca0106: fix error code handling ALSA: usb-audio: Add implicit feedback quirk for UR22C ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check ALSA: hda/hdmi: always check pin power status in i915 pin fixup ALSA: firewire-digi00x: exclude Avid Adrenaline from detection ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO ALSA; firewire-tascam: exclude Tascam FE-8 from detection ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen arm64: dts: mt7622: add reset node for mmc device mmc: mediatek: add optional module reset property mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings mmc: cqhci: Add cqhci_deactivate() mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers media: rc: do not access device via sysfs after rc_unregister_device() media: rc: uevent sysfs file races with rc_unregister_device() affs: fix basic permission bits to actually work block: allow for_each_bvec to support zero len bvec block: ensure bdi->io_pages is always initialized libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks blk-iocost: ioc_pd_free() shouldn't assume irq disabled dmaengine: dw-edma: Fix scatter-gather address calculation drm/amd/pm: avoid false alarm due to confusing softwareshutdowntemp setting dm writecache: handle DAX to partitions on persistent memory correctly dm mpath: fix racey management of PG initialization dm integrity: fix error reporting in bitmap mode after creation dm crypt: Initialize crypto wait structures dm cache metadata: Avoid returning cmd->bm wild pointer on error dm thin metadata: Avoid returning cmd->bm wild pointer on error dm thin metadata: Fix use-after-free in dm_bm_set_read_only mm: slub: fix conversion of freelist_corrupted() mm: madvise: fix vma user-after-free vfio/pci: Fix SR-IOV VF handling with MMIO blocking perf record: Correct the help info of option "--no-bpf-event" sdhci: tegra: Add missing TMCLK for data timeout checkpatch: fix the usage of capture group ( ... ) mm/hugetlb: fix a race between hugetlb sysctl handlers mm/khugepaged.c: fix khugepaged's request size in collapse_file cfg80211: regulatory: reject invalid hints net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() Linux 5.4.64 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I34f83b15e9f9a59529f8d67a434577becf25d1a6 |
||
|
David Howells
|
5f7798f053 |
rxrpc: Make rxrpc_kernel_get_srtt() indicate validity
[ Upstream commit 1d4adfaf65746203861c72d9d78de349eb97d528 ]
Fix rxrpc_kernel_get_srtt() to indicate the validity of the returned
smoothed RTT. If we haven't had any valid samples yet, the SRTT isn't
useful.
Fixes: c410bf01933e ("rxrpc: Fix the excessive initial retransmission timeout")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
d6430e6763 |
This is the 5.4.61 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9GIDoACgkQONu9yGCS
aT7WKw//W69xawVqio91JxxYoYEC6fpFANMoaGAJwfIOz88Kr3D5n6g4Ldbmzlwa
NlaJT1oTm7L9iWYdyBWUEKSau74o9yhiy1V7IGNuj2sS+N7mH3BJ6rAjiQxiCH7K
UuFtpg7MgSlX2L3x93IsauV+PxU0E0Em3hrLw7XS8tYCCURwlyoyhpNb/fcIbu4Z
m4iBC9p2b5WcsS0c7J4m9aT94TpXajBfMMQdrHiYqFxdeyXRK/0Auk/C4HFLH+7b
Xt+ZLF/fQguiXH1ZDDLAudVxfqRf6zz2zNNRzN8npsneIJGLqQ1Ty3FUW6z7EYq5
jHz3w+amXt/ijeoxqS+QJU3Vgz7LZUvclB3RTOGXouPUlQFAUzD5tA1kobiQUFVC
D7vl1NjLbAkjMkr4jWs8A1//CwLey2CvPumI507iamLpXh/TsrA3qkpRrB+FUGQn
2YdflclIr5UMIYio3e9Gwf3eQTYjujQU19cyKa0SzhvmaFS0CRUrpRH5h5dJHLBV
rTxvhkXEkAMFfTyDI7zsRmIBAd4RgsIqyikU8GGprWrRQemA/aXH0jillZUMtFxE
jWdlSpF7aUGTGKTki/CWdx7t58BOH+uzcjIBdLpQKJOm+GTwJ3n2Cfqzei8KVGML
pDcSlqV4C2DO9OxhB/PeRI2V6H0AzAPBiZCow2vsl+LXlM9qHMQ=
=gnUK
-----END PGP SIGNATURE-----
Merge 5.4.61 into android11-5.4
Changes in 5.4.61
Documentation/llvm: add documentation on building w/ Clang/LLVM
Documentation/llvm: fix the name of llvm-size
net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
x86/boot: kbuild: allow readelf executable to be specified
kbuild: remove PYTHON2 variable
kbuild: remove AS variable
kbuild: replace AS=clang with LLVM_IAS=1
kbuild: support LLVM=1 to switch the default tools to Clang/LLVM
drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
gfs2: Improve mmap write vs. punch_hole consistency
gfs2: Never call gfs2_block_zero_range with an open transaction
perf probe: Fix memory leakage when the probe point is not found
khugepaged: khugepaged_test_exit() check mmget_still_valid()
khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
bcache: avoid nr_stripes overflow in bcache_device_init()
btrfs: export helpers for subvolume name/id resolution
btrfs: don't show full path of bind mounts in subvol=
btrfs: return EROFS for BTRFS_FS_STATE_ERROR cases
btrfs: add wrapper for transaction abort predicate
ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book
ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion
can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
spi: Prevent adding devices below an unregistering controller
romfs: fix uninitialized memory leak in romfs_dev_read()
kernel/relay.c: fix memleak on destroy relay channel
uprobes: __replace_page() avoid BUG in munlock_vma_page()
mm: include CMA pages in lowmem_reserve at boot
mm, page_alloc: fix core hung in free_pcppages_bulk()
RDMA/hfi1: Correct an interlock issue for TID RDMA WRITE request
ext4: fix checking of directory entry validity for inline directories
jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock()
scsi: zfcp: Fix use-after-free in request timeout handlers
drm/amdgpu/display: use GFP_ATOMIC in dcn20_validate_bandwidth_internal
drm/amd/display: Fix EDID parsing after resume from suspend
drm/amd/display: fix pow() crashing when given base 0
kthread: Do not preempt current task if it is going to call schedule()
opp: Enable resources again if they were disabled earlier
scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM
media: budget-core: Improve exception handling in budget_register()
rtc: goldfish: Enable interrupt in set_alarm() when necessary
media: vpss: clean up resources in init
Input: psmouse - add a newline when printing 'proto' by sysfs
MIPS: Fix unable to reserve memory for Crash kernel
m68knommu: fix overwriting of bits in ColdFire V3 cache control
svcrdma: Fix another Receive buffer leak
xfs: fix inode quota reservation checks
drm/ttm: fix offset in VMAs with a pg_offs in ttm_bo_vm_access
jffs2: fix UAF problem
ceph: fix use-after-free for fsc->mdsc
swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0
scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
media: camss: fix memory leaks on error handling paths in probe
tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference
xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
alpha: fix annotation of io{read,write}{16,32}be()
fs/signalfd.c: fix inconsistent return codes for signalfd4
ext4: fix potential negative array index in do_split()
ext4: don't allow overlapping system zones
netfilter: nf_tables: nft_exthdr: the presence return value should be little-endian
spi: stm32: fixes suspend/resume management
ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM
ASoC: q6routing: add dummy register read/write function
bpf: sock_ops sk access may stomp registers when dst_reg = src_reg
can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()
can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack
can: j1939: transport: add j1939_session_skb_find_by_offset() function
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
i40e: Fix crash during removing i40e driver
net: fec: correct the error path for regulator disable in probe
bonding: show saner speed for broadcast mode
can: j1939: fix support for multipacket broadcast message
can: j1939: cancel rxtimer on multipacket broadcast session complete
can: j1939: abort multipacket broadcast session when timeout occurs
can: j1939: add rxtimer for multipacket broadcast session
bonding: fix a potential double-unregister
s390/runtime_instrumentation: fix storage key handling
s390/ptrace: fix storage key handling
ASoC: msm8916-wcd-analog: fix register Interrupt offset
ASoC: intel: Fix memleak in sst_media_open
vfio/type1: Add proper error unwind for vfio_iommu_replay()
kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe"
kconfig: qconf: do not limit the pop-up menu to the first row
kconfig: qconf: fix signal connection to invalid slots
efi: avoid error message when booting under Xen
Fix build error when CONFIG_ACPI is not set/enabled:
RDMA/bnxt_re: Do not add user qps to flushlist
afs: Fix NULL deref in afs_dynroot_depopulate()
ARM64: vdso32: Install vdso32 from vdso_install
bonding: fix active-backup failover for current ARP slave
net: ena: Prevent reset after device destruction
net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe()
hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
net: dsa: b53: check for timeout
powerpc/pseries: Do not initiate shutdown when system is running on UPS
efi: add missed destroy_workqueue when efisubsys_init fails
epoll: Keep a reference on files added to the check list
do_epoll_ctl(): clean the failure exits up a bit
mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
xen: don't reschedule in preemption off sections
KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
KVM: arm64: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set
Linux 5.4.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I316392535e50265bbcce6a56d3e10586d1ed29cc
|
||
|
David Howells
|
278eb88ab2 |
afs: Fix NULL deref in afs_dynroot_depopulate()
[ Upstream commit 5e0b17b026eb7c6de9baa9b0d45a51b05f05abe1 ]
If an error occurs during the construction of an afs superblock, it's
possible that an error occurs after a superblock is created, but before
we've created the root dentry. If the superblock has a dynamic root
(ie. what's normally mounted on /afs), the afs_kill_super() will call
afs_dynroot_depopulate() to unpin any created dentries - but this will
oops if the root hasn't been created yet.
Fix this by skipping that bit of code if there is no root dentry.
This leads to an oops looking like:
general protection fault, ...
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
...
RIP: 0010:afs_dynroot_depopulate+0x25f/0x529 fs/afs/dynroot.c:385
...
Call Trace:
afs_kill_super+0x13b/0x180 fs/afs/super.c:535
deactivate_locked_super+0x94/0x160 fs/super.c:335
afs_get_tree+0x1124/0x1460 fs/afs/super.c:598
vfs_get_tree+0x89/0x2f0 fs/super.c:1547
do_new_mount fs/namespace.c:2875 [inline]
path_mount+0x1387/0x2070 fs/namespace.c:3192
do_mount fs/namespace.c:3205 [inline]
__do_sys_mount fs/namespace.c:3413 [inline]
__se_sys_mount fs/namespace.c:3390 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3390
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
which is oopsing on this line:
inode_lock(root->d_inode);
presumably because sb->s_root was NULL.
Fixes:
|
||
|
Greg Kroah-Hartman
|
a200ad52ff |
Linux 5.4.50
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAl77nuMACgkQ3qZv95d3
LNw0EA//UhQOd/8ZlP33Iis58gUfuGU9sWmej6A8Tio2gdkG4g2c/dQjbxrMQT8b
Vr1DJCthisT7pBJpQbhejwsfl5qRsrjBYFyUomCjeM8/0fF0+8JX0tSXX0/JM5Bg
vOE4tV/kga+c5cbOD/FbLGH0vX4j20BnGXjHb9hyWY/gVp2gEcRzO3Ou0shZCXKJ
9NnhNB2gIm7BCRgz+cClPmZQjG59WazJu9I/Fk58ojdOp+E5gFibyBoeOylGR/W/
tjRm3Sz6D3uF0RSpGfAilqt2duwfjHTh0LxWlBX9C4OBWdJjYh1uUZ24tTvjxnCm
lbgL4BbkOsVMp02jWhDDCe+pEPfT7EpLD6USivj8XFDLh8FK0eoaRQZRQ/hGK/Yj
ZmVJRzNavf3xbz72Hz6aHdHmaxp180P8X8KtRDLT4ik+Kkf8gJVps3T5wTR9C60R
htFVTDxEF+jE/EUCRh3sD4MrV114lpoJ5LlTPzJ87WCMHMjTZ8As/Ty/PLPg7KO6
ngI3y72cnvW/UfLPmdtaLx40gzEAYnw9+E30ebyKU6b8kY5idhuzd0AZnidsmeZa
CzmZFZSCqqMO9vLo24VKxfKk3ufRiHxDU/nHqdGgOG18RlCmhWD0GXamsmeku3PB
1et/jXilpW9aIp/BJozeOdlGr82otk/4Ss+z/RtvvIkTbppgXlY=
=6X7m
-----END PGP SIGNATURE-----
Merge 5.4.50 into android-5.4-stable
Changes in 5.4.50
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
enetc: Fix tx rings bitmap iteration range, irq handling
geneve: allow changing DF behavior after creation
ibmveth: Fix max MTU limit
mld: fix memory leak in ipv6_mc_destroy_dev()
mvpp2: ethtool rxtx stats fix
net: bridge: enfore alignment for ethernet address
net: core: reduce recursion limit value
net: Do not clear the sock TX queue in sk_set_socket()
net: fix memleak in register_netdevice()
net: Fix the arp error in some cases
net: increment xmit_recursion level in dev_direct_xmit()
net: usb: ax88179_178a: fix packet alignment padding
openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len
rocker: fix incorrect error handling in dma_rings_init
rxrpc: Fix notification call on completion of discarded calls
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
tcp: don't ignore ECN CWR on pure ACK
tcp: grow window for OOO packets only for SACK flows
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
net: phy: Check harder for errors in get_phy_id()
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
sch_cake: don't try to reallocate or unshare skb unconditionally
sch_cake: don't call diffserv parsing code when it is not needed
sch_cake: fix a few style nits
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
Revert "i2c: tegra: Fix suspending in active runtime PM state"
btrfs: fix a block group ref counter leak after failure to remove block group
net: sched: export __netdev_watchdog_up()
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
ALSA: usb-audio: Fix potential use-after-free of streams
binder: fix null deref of proc->context
USB: ohci-sm501: Add missed iounmap() in remove
usb: dwc2: Postponed gadget registration to the udc class driver
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
USB: ehci: reopen solution for Synopsys HC bug
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
xhci: Poll for U0 after disabling USB2 LPM
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs
ALSA: usb-audio: Add implicit feedback quirk for SSL2+.
ALSA: usb-audio: add quirk for Denon DCD-1500RE
ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG)
ALSA: usb-audio: Fix OOB access of mixer element list
usb: cdns3: trace: using correct dir value
usb: cdns3: ep0: fix the test mode set incorrectly
usb: cdns3: ep0: add spinlock for cdns3_check_new_setup
scsi: qla2xxx: Keep initiator ports after RSCN
scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
cifs: Fix cached_fid refcnt leak in open_shroot
cifs/smb3: Fix data inconsistent when punch hole
cifs/smb3: Fix data inconsistent when zero file range
xhci: Fix incorrect EP_STATE_MASK
xhci: Fix enumeration issue when setting max packet size for FS devices.
xhci: Return if xHCI doesn't support LPM
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
loop: replace kill_bdev with invalidate_bdev
IB/mad: Fix use after free when destroying MAD agent
IB/hfi1: Fix module use count flaw due to leftover module put calls
bus: ti-sysc: Flush posted write on enable and disable
bus: ti-sysc: Ignore clockactivity unless specified as a quirk
ARM: OMAP2+: Fix legacy mode dss_reset
xfrm: Fix double ESP trailer insertion in IPsec crypto offload.
ASoC: q6asm: handle EOS correctly
efi/tpm: Verify event log header before parsing
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
ASoc: q6afe: add support to get port direction
ASoC: qcom: common: set correct directions for dailinks
regualtor: pfuze100: correct sw1a/sw2 on pfuze3000
RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl()
ASoC: fsl_ssi: Fix bclk calculation for mono channel
samples/bpf: xdp_redirect_cpu: Set MAX_CPUS according to NR_CPUS
bpf, xdp, samples: Fix null pointer dereference in *_user code
ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect
ARM: dts: Fix duovero smsc interrupt for suspend
x86/resctrl: Fix a NULL vs IS_ERR() static checker warning in rdt_cdp_peer_get()
regmap: Fix memory leak from regmap_register_patch
devmap: Use bpf_map_area_alloc() for allocating hash buckets
bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE
ARM: dts: NSP: Correct FA2 mailbox node
rxrpc: Fix handling of rwind from an ACK packet
RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq
RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
ASoC: rockchip: Fix a reference count leak.
s390/qeth: fix error handling for isolation mode cmds
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
selftests/net: report etf errors correctly
iommu/vt-d: Enable PCI ACS for platform opt in hint
iommu/vt-d: Update scalable mode paging structure coherency
net: qed: fix left elements count calculation
net: qed: fix async event callbacks unregistering
net: qede: stop adding events on an already destroyed workqueue
net: qed: fix NVMe login fails over VFs
net: qed: fix excessive QM ILT lines consumption
net: qede: fix PTP initialization on recovery
net: qede: fix use-after-free on recovery and AER handling
cxgb4: move handling L2T ARP failures to caller
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset()
usb: gadget: udc: Potential Oops in error handling code
usb: renesas_usbhs: getting residue from callback_result
nvme: don't protect ns mutation with ns->head->lock
netfilter: ipset: fix unaligned atomic access
net: bcmgenet: use hardware padding of runt frames
clk: sifive: allocate sufficient memory for struct __prci_data
i2c: fsi: Fix the port number field in status register
i2c: core: check returned size of emulated smbus block read
afs: Fix storage of cell names
sched/deadline: Initialize ->dl_boosted
sched/core: Fix PI boosting between RT and DEADLINE tasks
sata_rcar: handle pm_runtime_get_sync failure cases
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp()
riscv/atomic: Fix sign extension for RV64I
hwrng: ks-sa - Fix runtime PM imbalance on error
ibmvnic: Harden device login requests
net: alx: fix race condition in alx_remove
test_objagg: Fix potential memory leak in error handling
pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage
pinctrl: tegra: Use noirq suspend/resume callbacks
s390/ptrace: pass invalid syscall numbers to tracing
s390/ptrace: fix setting syscall number
s390/vdso: Use $(LD) instead of $(CC) to link vDSO
s390/vdso: fix vDSO clock_getres()
arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n
kbuild: improve cc-option to clean up all temporary files
recordmcount: support >64k sections
kprobes: Suppress the suspicious RCU warning on kprobes
blktrace: break out of blktrace setup on concurrent calls
block: update hctx map when use multiple maps
RISC-V: Don't allow write+exec only page mapping request in mmap
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
ALSA: hda/realtek - Add quirk for MSI GE63 laptop
ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems
ACPI: sysfs: Fix pm_profile_attr type
ACPI: configfs: Disallow loading ACPI tables when locked down
erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL
x86/cpu: Use pinning mask for CR4 bits needing to be 0
x86/asm/64: Align start of __clear_user() loop to 16-bytes
btrfs: fix bytes_may_use underflow when running balance and scrub in parallel
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: check if a log root exists before locking the log_mutex on unlink
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
mm/slab: use memzero_explicit() in kzfree()
ocfs2: avoid inode removal while nfsd is accessing it
ocfs2: load global_inode_alloc
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: fix panic on nfs server over ocfs2
mm/memcontrol.c: add missed css_put()
arm64: perf: Report the PC value in REGS_ABI_32 mode
arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range
arm64: dts: imx8mn-ddr4-evk: correct ldo1/ldo2 voltage range
tracing: Fix event trigger to accept redundant spaces
ring-buffer: Zero out time extend if it is nested and not absolute
drm/amd: fix potential memleak in err branch
drm: rcar-du: Fix build error
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
drm/amdgpu: add fw release for sdma v5_0
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
pNFS/flexfiles: Fix list corruption if the mirror count changes
NFSv4 fix CLOSE not waiting for direct IO compeletion
xprtrdma: Fix handling of RDMA_ERROR replies
dm writecache: correct uncommitted_block when discarding uncommitted entry
dm writecache: add cond_resched to loop in persistent_memory_claim()
xfs: add agf freeblocks verify in xfs_agf_verify
Revert "tty: hvc: Fix data abort due to race in hvc_open"
Linux 5.4.50
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3bfeaba86876d3c2f91979d3e98d894a2b70fe1a
|
||
|
David Howells
|
bfd4981fe3 |
afs: Fix storage of cell names
[ Upstream commit 719fdd32921fb7e3208db8832d32ae1c2d68900f ]
The cell name stored in the afs_cell struct is a 64-char + NUL buffer -
when it needs to be able to handle up to AFS_MAXCELLNAME (256 chars) + NUL.
Fix this by changing the array to a pointer and allocating the string.
Found using Coverity.
Fixes:
|
||
|
Greg Kroah-Hartman
|
90dbaed65a |
This is the 5.4.49 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7zdl0ACgkQONu9yGCS
aT4fAg/7Bg+JHOdJpdSb4FLMjpWHnjOMJ4ICMEfEPS9vJR41HpAaC8LdI3PBZdOZ
ujEdX3ia1p3N/bnnHwVPFaycWQ6Z9TItoj6gzCLqjzVzdKJKXEx8uQFY0KWt+w4R
0orn1acd+bqMLhnRrJqMEhmRG3Y6IrkWXYr/qDC6OuZDgigtHC46mX0IdQiUomFd
As9x1cr6+j27zOf8iwyNNXWo5AL2VFR7zDhlfR+sllN6Tn90AhumFoES8GL+ylfu
OybF5LH4l9gOiFwvI7gTeihJoJOyh/cKP0glnDzRIZVIFv96At3cDt5GiRxkqbYw
u1bo5X5xPxJogN9SLUi4O6pnrmQmuK27zJcI43TDfdRguSzXWzZclyNQ9d3zqmvJ
QCmCsQkZst4K4SGg4UE2Wb6Gi51lsmV4OKll7eh61I87e8J7t7r8I5HRDdNCLzuf
3biqYn8f6307ME59fniVlQSynMt8B9lxyTS6hkYN/iCf753jHKdJRy97JcXugiCo
DUoMCNchLDg5LH9TWq6k96rCklaVGPkp8HO/davMAc5Xn+YgPqE/ZpO7hH0nCLBE
Fc0bvddiebXI5NrxIXu20vajQWi5YuVw5JWUBvcK6aONluwRomCvTIPRT1SZZiaK
5Cm5lyDGK3yYC0Dz++QzATVtNEOAkUOWgLpgOenrUVPtCtgDOrk=
=cQWB
-----END PGP SIGNATURE-----
Merge 5.4.49 into android-5.4-stable
Changes in 5.4.49
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
clk: sunxi: Fix incorrect usage of round_down()
ASoC: tegra: tegra_wm8903: Support nvidia, headset property
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
ASoC: SOF: imx8: Fix randbuild error
iio: pressure: bmp280: Tolerate IRQ before registering
remoteproc: Fix IDR initialisation in rproc_alloc()
clk: qcom: msm8916: Fix the address location of pll->config_reg
ASoC: fsl_esai: Disable exception interrupt before scheduling tasklet
backlight: lp855x: Ensure regulators are disabled on probe failure
ARM: dts: renesas: Fix IOMMU device node names
ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
ARM: integrator: Add some Kconfig selections
ARM: dts: stm32: Add missing ethernet PHY reset on AV96
scsi: core: free sgtables in case command setup fails
scsi: qedi: Check for buffer overflow in qedi_set_path()
arm64: dts: meson: fixup SCP sram nodes
ALSA: hda/realtek - Introduce polarity for micmute LED GPIO
ALSA: isa/wavefront: prevent out of bounds write in ioctl
PCI: Allow pci_resize_resource() for devices on root bus
scsi: qla2xxx: Fix issue with adapter's stopping state
Input: edt-ft5x06 - fix get_default register write access
powerpc/kasan: Fix stack overflow by increasing THREAD_SHIFT
rtc: mc13xxx: fix a double-unlock issue
iio: bmp280: fix compensation of humidity
f2fs: report delalloc reserve as non-free in statfs for project quota
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use
clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical
usblp: poison URBs upon disconnect
serial: 8250: Fix max baud limit in generic 8250 port
misc: fastrpc: Fix an incomplete memory release in fastrpc_rpmsg_probe()
misc: fastrpc: fix potential fastrpc_invoke_ctx leak
dm mpath: switch paths in dm_blk_ioctl() code path
arm64: dts: armada-3720-turris-mox: forbid SDR104 on SDIO for FCC purposes
arm64: dts: armada-3720-turris-mox: fix SFP binding
arm64: dts: juno: Fix GIC child nodes
pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2
clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling
ASoC: SOF: Do nothing when DSP PM callbacks are not set
arm64: dts: fvp: Fix GIC child nodes
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
ps3disk: use the default segment boundary
arm64: dts: fvp/juno: Fix node address fields
vfio/pci: fix memory leaks in alloc_perm_bits()
coresight: tmc: Fix TMC mode read in tmc_read_prepare_etb()
RDMA/mlx5: Add init2init as a modify command
scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
PCI: pci-bridge-emul: Fix PCIe bit conflicts
m68k/PCI: Fix a memory leak in an error handling path
gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration
usb: gadget: core: sync interrupt before unbind the udc
powerpc/ptdump: Add _PAGE_COHERENT flag
mfd: wm8994: Fix driver operation if loaded as modules
scsi: cxgb3i: Fix some leaks in init_act_open()
clk: zynqmp: fix memory leak in zynqmp_register_clocks
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
scsi: vhost: Notify TCM about the maximum sg entries supported per command
clk: clk-flexgen: fix clock-critical handling
IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
PCI: vmd: Filter resource type bits from shadow register
RDMA/core: Fix several reference count leaks.
cifs: set up next DFS target before generic_ip_connect()
ASoC: qcom: q6asm-dai: kCFI fix
powerpc/crashkernel: Take "mem=" option into account
pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
sparc32: mm: Don't try to free page-table pages if ctor() fails
yam: fix possible memory leak in yam_init_driver
NTB: ntb_pingpong: Choose doorbells based on port number
NTB: Fix the default port and peer numbers for legacy drivers
mksysmap: Fix the mismatch of '.L' symbols in System.map
apparmor: fix introspection of of task mode for unconfined tasks
net: dsa: lantiq_gswip: fix and improve the unsupported interface error
apparmor: check/put label on apparmor_sk_clone_security()
f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
ASoC: meson: add missing free_irq() in error path
bpf, sockhash: Fix memory leak when unlinking sockets in sock_hash_free
scsi: sr: Fix sr_probe() missing deallocate of device minor
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
apparmor: fix nnp subset test for unconfined
x86/purgatory: Disable various profiling and sanitizing options
staging: greybus: fix a missing-check bug in gb_lights_light_config()
arm64: dts: mt8173: fix unit name warnings
scsi: qedi: Do not flush offload work if ARP not resolved
arm64: dts: qcom: msm8916: remove unit name for thermal trip points
ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity
RDMA/mlx5: Fix udata response upon SRQ creation
gpio: dwapb: Append MODULE_ALIAS for platform driver
scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing
pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries
virtiofs: schedule blocking async replies in separate worker
arm64: dts: qcom: fix pm8150 gpio interrupts
firmware: qcom_scm: fix bogous abuse of dma-direct internals
staging: gasket: Fix mapping refcnt leak when put attribute fails
staging: gasket: Fix mapping refcnt leak when register/store fails
ALSA: usb-audio: Improve frames size computation
ALSA: usb-audio: Fix racy list management in output queue
s390/qdio: put thinint indicator after early error
tty: hvc: Fix data abort due to race in hvc_open
slimbus: ngd: get drvdata from correct device
clk: meson: meson8b: Fix the first parent of vid_pll_in_sel
clk: meson: meson8b: Fix the polarity of the RESET_N lines
clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits
gpio: pca953x: fix handling of automatic address incrementing
thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
clk: meson: meson8b: Don't rely on u-boot to init all GP_PLL registers
ASoC: max98373: reorder max98373_reset() in resume
soundwire: slave: don't init debugfs on device registration error
HID: intel-ish-hid: avoid bogus uninitialized-variable warning
usb: dwc3: gadget: Properly handle ClearFeature(halt)
usb: dwc3: gadget: Properly handle failed kick_transfer
staging: wilc1000: Increase the size of wid_list array
staging: sm750fb: add missing case while setting FB_VISUAL
PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
serial: amba-pl011: Make sure we initialize the port.lock spinlock
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
PCI: rcar: Fix incorrect programming of OB windows
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
scsi: qla2xxx: Fix warning after FC target reset
ALSA: firewire-lib: fix invalid assignment to union data for directional parameter
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
power: supply: smb347-charger: IRQSTAT_D is volatile
ASoC: SOF: core: fix error return code in sof_probe_continue()
arm64: dts: msm8996: Fix CSI IRQ types
scsi: target: loopback: Fix READ with data and sensebytes
scsi: mpt3sas: Fix double free warnings
SoC: rsnd: add interrupt support for SSI BUSIF buffer
ASoC: ux500: mop500: Fix some refcounted resources issues
ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()'
pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map
dlm: remove BUG() before panic()
USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe()
clk: ti: composite: fix memory leak
PCI: Fix pci_register_host_bridge() device_register() error handling
powerpc/64: Don't initialise init_task->thread.regs
tty: n_gsm: Fix SOF skipping
tty: n_gsm: Fix waking up upper tty layer when room available
ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback
HID: Add quirks for Trust Panora Graphic Tablet
PCI/PM: Assume ports without DLL Link Active train links in 100 ms
habanalabs: increase timeout during reset
ipmi: use vzalloc instead of kmalloc for user creation
powerpc/64s/exception: Fix machine check no-loss idle wakeup
powerpc/pseries/ras: Fix FWNMI_VALID off by one
drivers: phy: sr-usb: do not use internal fsm for USB2 phy init
powerpc/ps3: Fix kexec shutdown hang
vfio-pci: Mask cap zero
usb/ohci-platform: Fix a warning when hibernating
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
tty: n_gsm: Fix bogus i++ in gsm_data_kick
fpga: dfl: afu: Corrected error handling levels
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
RDMA/hns: Bugfix for querying qkey
RDMA/hns: Fix cmdq parameter of querying pf timer resource
scsi: target: tcmu: Userspace must not complete queued commands
firmware: imx: scu: Fix possible memory leak in imx_scu_probe()
fuse: fix copy_file_range cache issues
fuse: copy_file_range should truncate cache
arm64: tegra: Fix ethernet phy-mode for Jetson Xavier
arm64: tegra: Fix flag for 64-bit resources in 'ranges' property
powerpc/64s/pgtable: fix an undefined behaviour
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
PCI: dwc: Fix inner MSI IRQ domain registration
PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link
IB/cma: Fix ports memory leak in cma_configfs
watchdog: da9062: No need to ping manually before setting timeout
usb: dwc2: gadget: move gadget resume after the core is in L0 state
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: Fix issue with config_ep_by_speed function
scripts: headers_install: Exit with error on config leak
RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove
x86/apic: Make TSC deadline timer detection message visible
mfd: stmfx: Reset chip on resume as supply was disabled
mfd: stmfx: Fix stmfx_irq_init error path
mfd: stmfx: Disable IRQ in suspend to avoid spurious interrupt
powerpc/32s: Don't warn when mapping RO data ROX.
ASoC: fix incomplete error-handling in img_i2s_in_probe.
scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd()
clk: bcm2835: Fix return type of bcm2835_register_gate
scsi: ufs-qcom: Fix scheduling while atomic issue
KVM: PPC: Book3S HV: Ignore kmemleak false positives
KVM: PPC: Book3S: Fix some RCU-list locks
clk: sprd: return correct type of value for _sprd_pll_recalc_rate
clk: ast2600: Fix AHB clock divider for A1
misc: xilinx-sdfec: improve get_user_pages_fast() error handling
/dev/mem: Revoke mappings when a driver claims the region
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
of: Fix a refcounting bug in __of_attach_node_sysfs()
input: i8042 - Remove special PowerPC handling
powerpc/4xx: Don't unmap NULL mbase
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
vfio/mdev: Fix reference count leak in add_mdev_supported_type
rtc: rv3028: Add missed check for devm_regmap_init_i2c()
mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe()
rxrpc: Adjust /proc/net/rxrpc/calls to display call->debug_id not user_ID
openrisc: Fix issue with argument clobbering for clone/fork
drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection
ceph: don't return -ESTALE if there's still an open file
nfsd4: make drc_slab global, not per-net
gfs2: Allow lock_nolock mount to specify jid=X
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
nfsd: safer handling of corrupted c_type
drm/amd/display: Revalidate bandwidth before commiting DC updates
crypto: omap-sham - add proper load balancing support for multicore
geneve: change from tx_error to tx_dropped on missing metadata
lib/zlib: remove outdated and incorrect pre-increment optimization
include/linux/bitops.h: avoid clang shift-count-overflow warnings
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
blktrace: use errno instead of bi_status
blktrace: fix endianness in get_pdu_int()
blktrace: fix endianness for blk_log_remap()
gfs2: fix use-after-free on transaction ail lists
net: marvell: Fix OF_MDIO config check
ntb_perf: pass correct struct device to dma_alloc_coherent
ntb_tool: pass correct struct device to dma_alloc_coherent
NTB: ntb_tool: reading the link file should not end in a NULL byte
NTB: Revert the change to use the NTB device dev for DMA allocations
NTB: perf: Don't require one more memory window than number of peers
NTB: perf: Fix support for hardware that doesn't have port numbers
NTB: perf: Fix race condition when run with ntb_test
NTB: ntb_test: Fix bug when counting remote files
i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n
drivers/perf: hisi: Fix wrong value for all counters enable
selftests/net: in timestamping, strncpy needs to preserve null byte
f2fs: don't return vmalloc() memory from f2fs_kmalloc()
afs: Fix memory leak in afs_put_sysnames()
ASoC: core: only convert non DPCM link to DPCM link
ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags
ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet
ASoC: rt5645: Add platform-data for Asus T101HA
bpf/sockmap: Fix kernel panic at __tcp_bpf_recvmsg
bpf, sockhash: Synchronize delete from bucket list on map free
tracing/probe: Fix bpf_task_fd_query() for kprobes and uprobes
drm/sun4i: hdmi ddc clk: Fix size of m divider
libbpf: Handle GCC noreturn-turned-volatile quirk
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
x86/idt: Keep spurious entries unset in system_vectors
net/filter: Permit reading NET in load_bytes_relative when MAC not set
nvme-pci: use simple suspend when a HMB is enabled
nfs: set invalid blocks after NFSv4 writes
xdp: Fix xsk_generic_xmit errno
iavf: fix speed reporting over virtchnl
bpf: Fix memlock accounting for sock_hash
usb/xhci-plat: Set PM runtime as active on resume
usb: host: ehci-platform: add a quirk to avoid stuck
usb/ehci-platform: Set PM runtime as active on resume
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
perf stat: Fix NULL pointer dereference
ext4: stop overwrite the errcode in ext4_setup_super
bcache: fix potential deadlock problem in btree_gc_coalesce
powerpc: Fix kernel crash in show_instructions() w/DEBUG_VIRTUAL
afs: Fix non-setting of mtime when writing into mmap
afs: afs_write_end() should change i_size under the right lock
afs: Fix EOF corruption
afs: Always include dir in bulk status fetch from afs_do_lookup()
afs: Set error flag rather than return error from file status decode
afs: Fix the mapping of the UAEOVERFLOW abort code
bnxt_en: Return from timer if interface is not in open state.
scsi: ufs-bsg: Fix runtime PM imbalance on error
block: Fix use-after-free in blkdev_get()
mvpp2: remove module bugfix
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
libata: Use per port sync for detach
drm: encoder_slave: fix refcouting error for modules
ext4: fix partial cluster initialization when splitting extent
ext4: avoid utf8_strncasecmp() with unstable name
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm/qxl: Use correct notify port address when creating cursor ring
drm/amdgpu: Replace invalid device ID with a valid device ID
selinux: fix double free
jbd2: clean __jbd2_journal_abort_hard() and __journal_abort_soft()
ext4: avoid race conditions when remounting with options that change dax
drm/dp_mst: Increase ACT retry timeout to 3s
drm/amd/display: Use swap() where appropriate
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
block: nr_sects_write(): Disable preemption on seqcount write
net/mlx5: DR, Fix freeing in dr_create_rc_qp()
f2fs: split f2fs_d_compare() from f2fs_match_name()
f2fs: avoid utf8_strncasecmp() with unstable name
s390: fix syscall_get_error for compat processes
drm/i915: Fix AUX power domain toggling across TypeC mode resets
drm/msm: Check for powered down HW in the devfreq callbacks
drm/i915/gem: Avoid iterating an empty list
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
drm/connector: notify userspace on hotplug after register complete
drm/amd/display: Use kvfree() to free coeff in build_regamma()
drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
Revert "drm/amd/display: disable dcn20 abm feature for bring up"
crypto: algif_skcipher - Cap recv SG list at ctx->used
crypto: algboss - don't wait during notifier callback
tracing/probe: Fix memleak in fetch_op_data operations
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
e1000e: Do not wake up the system via WOL if device wakeup is disabled
net: octeon: mgmt: Repair filling of RX ring
pwm: jz4740: Enhance precision in calculation of duty cycle
sched/rt, net: Use CONFIG_PREEMPTION.patch
net: core: device_rename: Use rwsem instead of a seqcount
Linux 5.4.49
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I93723d3c14b5de06aafb4e59a9e35a1d74389757
|
||
|
David Howells
|
13e6e75e68 |
afs: Fix the mapping of the UAEOVERFLOW abort code
[ Upstream commit 4ec89596d06bd481ba827f3b409b938d63914157 ]
Abort code UAEOVERFLOW is returned when we try and set a time that's out of
range, but it's currently mapped to EREMOTEIO by the default case.
Fix UAEOVERFLOW to map instead to EOVERFLOW.
Found with the generic/258 xfstest. Note that the test is wrong as it
assumes that the filesystem will support a pre-UNIX-epoch date.
Fixes:
|
||
|
David Howells
|
b7420726bc |
afs: Set error flag rather than return error from file status decode
[ Upstream commit 38355eec6a7d2b8f2f313f9174736dc877744e59 ] Set a flag in the call struct to indicate an unmarshalling error rather than return and handle an error from the decoding of file statuses. This flag is checked on a successful return from the delivery function. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
David Howells
|
66f38da131 |
afs: Always include dir in bulk status fetch from afs_do_lookup()
[ Upstream commit 13fcc6356a94558a0a4857dc00cd26b3834a1b3e ] When a lookup is done in an AFS directory, the filesystem will speculate and fetch up to 49 other statuses for files in the same directory and fetch those as well, turning them into inodes or updating inodes that already exist. However, occasionally, a callback break might go missing due to NAT timing out, but the afs filesystem doesn't then realise that the directory is not up to date. Alleviate this by using one of the status slots to check the directory in which the lookup is being done. Reported-by: Dave Botsch <botsch@cnf.cornell.edu> Suggested-by: Jeffrey Altman <jaltman@auristor.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
David Howells
|
4fd68a35f6 |
afs: Fix EOF corruption
[ Upstream commit 3f4aa981816368fe6b1d13c2bfbe76df9687e787 ]
When doing a partial writeback, afs_write_back_from_locked_page() may
generate an FS.StoreData RPC request that writes out part of a file when a
file has been constructed from pieces by doing seek, write, seek, write,
... as is done by ld.
The FS.StoreData RPC is given the current i_size as the file length, but
the server basically ignores it unless the data length is 0 (in which case
it's just a truncate operation). The revised file length returned in the
result of the RPC may then not reflect what we suggested - and this leads
to i_size getting moved backwards - which causes issues later.
Fix the client to take account of this by ignoring the returned file size
unless the data version number jumped unexpectedly - in which case we're
going to have to clear the pagecache and reload anyway.
This can be observed when doing a kernel build on an AFS mount. The
following pair of commands produce the issue:
ld -m elf_x86_64 -z max-page-size=0x200000 --emit-relocs \
-T arch/x86/realmode/rm/realmode.lds \
arch/x86/realmode/rm/header.o \
arch/x86/realmode/rm/trampoline_64.o \
arch/x86/realmode/rm/stack.o \
arch/x86/realmode/rm/reboot.o \
-o arch/x86/realmode/rm/realmode.elf
arch/x86/tools/relocs --realmode \
arch/x86/realmode/rm/realmode.elf \
>arch/x86/realmode/rm/realmode.relocs
This results in the latter giving:
Cannot read ELF section headers 0/18: Success
as the realmode.elf file got corrupted.
The sequence of events can also be driven with:
xfs_io -t -f \
-c "pwrite -S 0x58 0 0x58" \
-c "pwrite -S 0x59 10000 1000" \
-c "close" \
/afs/example.com/scratch/a
Fixes:
|
||
|
David Howells
|
c8c19fcdab |
afs: afs_write_end() should change i_size under the right lock
[ Upstream commit 1f32ef79897052ef7d3d154610d8d6af95abde83 ]
Fix afs_write_end() to change i_size under vnode->cb_lock rather than
->wb_lock so that it doesn't race with afs_vnode_commit_status() and
afs_getattr().
The ->wb_lock is only meant to guard access to ->wb_keys which isn't
accessed by that piece of code.
Fixes:
|
||
|
David Howells
|
6a9fd8046f |
afs: Fix non-setting of mtime when writing into mmap
[ Upstream commit bb413489288e4e457353bac513fddb6330d245ca ]
The mtime on an inode needs to be updated when a write is made into an
mmap'ed section. There are three ways in which this could be done: update
it when page_mkwrite is called, update it when a page is changed from dirty
to writeback or leave it to the server and fix the mtime up from the reply
to the StoreData RPC.
Found with the generic/215 xfstest.
Fixes:
|
||
Zhihao Cheng
|
445a847a55 |
afs: Fix memory leak in afs_put_sysnames()
[ Upstream commit 2ca068be09bf8e285036603823696140026dcbe7 ]
Fix afs_put_sysnames() to actually free the specified afs_sysnames
object after its reference count has been decreased to zero and
its contents have been released.
Fixes:
|
||
|
Greg Kroah-Hartman
|
f7b4f375c7 |
This is the 5.4.43 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7Oi20ACgkQONu9yGCS aT4ipBAA1Kqh2mLEcDBISubrU4CuOl/iHmkCXyF1FeF9+vJKz25whbfYO/FNYweP 2HYxGyuqLTQ0OnsfrXeEoImlxdAcWp3TjAFPgJdonLBvnVDmvlPe6Pzk1NRPhvce zU/Y1leE+LoQ7xDfICPJ9BwuwwYTRzRqMQHmIuVlsHLSiN+rextPj6vkzD+7h4ux i9VKoDvzmWuLrHmc9RYNoGxuZ5tGogBaCxI8tnzHGcm21bNVvsKZiANQ2J+6G2bJ sJwqq5tH2gZ6cJxmJ1tVyMbXLIJanNKLeBC5sDQN4rss9pU4gtyEARqVG+9RlglQ FeSlBuoaISJYYejo6aSH7nw81bTQrXexd0sH94qYqnqPlZo+OXN8vxHTaIapYEfd fjqyEblZXqpnMNVQcZOxbrYaefuIrZ9Q8pWUFTwVj34P8RNJLBIvg5gy2dlRvHbC PGLJewOXySZaXVpD5gFU349L32d4QPw9MmMU5php+LOl4idN8RlVY0pOaUuO0idH ewO+6vijLgHq/5HBO6BBToRlNUvLauoUeAaQwoHfPiuuYnGGFCZ9GEjPRsHnCBok IAKQ2Uj+IqlMy7gKVtG1ryekil7TVktrZQ1JBokRLWQPZiED84r7P1lQqPaH/4f4 GFFRhx3tekJs4LMMUEaUR019Q9ZcQMWkikT1/HpVOYUjQd55pc4= =jmiq -----END PGP SIGNATURE----- Merge 5.4.43 into android-5.4-stable Changes in 5.4.43 i2c: dev: Fix the race between the release of i2c_dev and cdev KVM: SVM: Fix potential memory leak in svm_cpu_init() ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() evm: Check also if *tfm is an error pointer in init_desc() ima: Fix return value of ima_write_policy() ubifs: fix wrong use of crypto_shash_descsize() ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive mtd: spinand: Propagate ECC information to the MTD structure fix multiplication overflow in copy_fdtable() ubifs: remove broken lazytime support i2c: fix missing pm_runtime_put_sync in i2c_device_probe iommu/amd: Fix over-read of ACPI UID from IVRS table evm: Fix a small race in init_desc() i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' ubi: Fix seq_file usage in detailed_erase_block_info debugfs file afs: Don't unlock fetched data pages until the op completes successfully mtd: Fix mtd not registered due to nvmem name collision kbuild: avoid concurrency issue in parallel building dtbs and dtbs_check net: drop_monitor: use IS_REACHABLE() to guard net_dm_hw_report() gcc-common.h: Update for GCC 10 HID: multitouch: add eGalaxTouch P80H84 support HID: alps: Add AUI1657 device ID HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV scsi: qla2xxx: Delete all sessions before unregister local nvme port configfs: fix config_item refcnt leak in configfs_rmdir() vhost/vsock: fix packet delivery order to monitoring devices aquantia: Fix the media type of AQC100 ethernet controller in the driver component: Silence bind error on -EPROBE_DEFER net/ena: Fix build warning in ena_xdp_set() scsi: ibmvscsi: Fix WARN_ON during event pool release HID: i2c-hid: reset Synaptics SYNA2393 on resume x86/mm/cpa: Flush direct map alias during cpa ibmvnic: Skip fatal error reset after passive init ftrace/selftest: make unresolved cases cause failure if --fail-unresolved set x86/apic: Move TSC deadline timer debug printk gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock ceph: fix double unlock in handle_cap_export() stmmac: fix pointer check after utilization in stmmac_interrupt USB: core: Fix misleading driver bug report platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA iommu/amd: Call domain_flush_complete() in update_domain() drm/amd/display: Prevent dpcd reads with passive dongles KVM: selftests: Fix build for evmcs.h ARM: futex: Address build warning scripts/gdb: repair rb_first() and rb_last() ALSA: hda - constify and cleanup static NodeID tables ALSA: hda: patch_realtek: fix empty macro usage in if block ALSA: hda: Manage concurrent reg access more properly ALSA: hda/realtek - Add supported new mute Led for HP ALSA: hda/realtek - Add HP new mute led supported for ALC236 ALSA: hda/realtek: Add quirk for Samsung Notebook ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option ALSA: pcm: fix incorrect hw_base increase ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme ALSA: hda/realtek - Add more fixup entries for Clevo machines scsi: qla2xxx: Do not log message when reading port speed via sysfs scsi: target: Put lun_ref at end of tmr processing arm64: Fix PTRACE_SYSEMU semantics drm/etnaviv: fix perfmon domain interation apparmor: Fix use-after-free in aa_audit_rule_init apparmor: fix potential label refcnt leak in aa_change_profile apparmor: Fix aa_label refcnt leak in policy_update dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' drm/etnaviv: Fix a leak in submit_pin_objects() dmaengine: dmatest: Restore default for channel dmaengine: owl: Use correct lock in owl_dma_get_pchan() vsprintf: don't obfuscate NULL and error pointers drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance. drm/i915: Propagate error from completed fences powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE powerpc/64s: Disable STRICT_KERNEL_RWX bpf: Avoid setting bpf insns pages read-only when prog is jited kbuild: Remove debug info from kallsyms linking Revert "gfs2: Don't demote a glock until its revokes are written" media: fdp1: Fix R-Car M3-N naming in debug message staging: iio: ad2s1210: Fix SPI reading staging: kpc2000: fix error return code in kp2000_pcie_probe() staging: greybus: Fix uninitialized scalar variable iio: sca3000: Remove an erroneous 'get_device()' iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' iio: adc: ti-ads8344: Fix channel selection misc: rtsx: Add short delay after exit from ASPM tty: serial: add missing spin_lock_init for SiFive serial console mei: release me_cl object reference ipack: tpci200: fix error return code in tpci200_register() s390/pci: Fix s390_mmio_read/write with MIO s390/kaslr: add support for R_390_JMP_SLOT relocation type device-dax: don't leak kernel memory to user space after unloading kmem rapidio: fix an error in get_user_pages_fast() error handling kasan: disable branch tracing for core runtime rxrpc: Fix the excessive initial retransmission timeout rxrpc: Fix a memory leak in rxkad_verify_response() s390/kexec_file: fix initrd location for kdump kernel flow_dissector: Drop BPF flow dissector prog ref on netns cleanup x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-adc: fix device used to request dma iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-dfsdm: fix device used to request dma rxrpc: Trace discarded ACKs rxrpc: Fix ack discard tpm: check event log version before reading final events sched/fair: Reorder enqueue/dequeue_task_fair path sched/fair: Fix reordering of enqueue/dequeue_task_fair() sched/fair: Fix enqueue_task_fair() warning some more Linux 5.4.43 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1582df67569f34c4455c482ed0eaf10fc1a34e03 |
||
|
David Howells
|
23ae6e3e8a |
rxrpc: Fix the excessive initial retransmission timeout
commit c410bf01933e5e09d142c66c3df9ad470a7eec13 upstream.
rxrpc currently uses a fixed 4s retransmission timeout until the RTT is
sufficiently sampled. This can cause problems with some fileservers with
calls to the cache manager in the afs filesystem being dropped from the
fileserver because a packet goes missing and the retransmission timeout is
greater than the call expiry timeout.
Fix this by:
(1) Copying the RTT/RTO calculation code from Linux's TCP implementation
and altering it to fit rxrpc.
(2) Altering the various users of the RTT to make use of the new SRTT
value.
(3) Replacing the use of rxrpc_resend_timeout to use the calculated RTO
value instead (which is needed in jiffies), along with a backoff.
Notes:
(1) rxrpc provides RTT samples by matching the serial numbers on outgoing
DATA packets that have the RXRPC_REQUEST_ACK set and PING ACK packets
against the reference serial number in incoming REQUESTED ACK and
PING-RESPONSE ACK packets.
(2) Each packet that is transmitted on an rxrpc connection gets a new
per-connection serial number, even for retransmissions, so an ACK can
be cross-referenced to a specific trigger packet. This allows RTT
information to be drawn from retransmitted DATA packets also.
(3) rxrpc maintains the RTT/RTO state on the rxrpc_peer record rather than
on an rxrpc_call because many RPC calls won't live long enough to
generate more than one sample.
(4) The calculated SRTT value is in units of 8ths of a microsecond rather
than nanoseconds.
The (S)RTT and RTO values are displayed in /proc/net/rxrpc/peers.
Fixes:
|
||
|
David Howells
|
496c7c61bd |
afs: Don't unlock fetched data pages until the op completes successfully
[ Upstream commit 9d1be4f4dc5ff1c66c86acfd2c35765d9e3776b3 ]
Don't call req->page_done() on each page as we finish filling it with
the data coming from the network. Whilst this might speed up the
application a bit, it's a problem if there's a network failure and the
operation has to be reissued.
If this happens, an oops occurs because afs_readpages_page_done() clears
the pointer to each page it unlocks and when a retry happens, the
pointers to the pages it wants to fill are now NULL (and the pages have
been unlocked anyway).
Instead, wait till the operation completes successfully and only then
release all the pages after clearing any terminal gap (the server can
give us less data than we requested as we're allowed to ask for more
than is available).
KASAN produces a bug like the following, and even without KASAN, it can
oops and panic.
BUG: KASAN: wild-memory-access in _copy_to_iter+0x323/0x5f4
Write of size 1404 at addr 0005088000000000 by task md5sum/5235
CPU: 0 PID: 5235 Comm: md5sum Not tainted 5.7.0-rc3-fscache+ #250
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
Call Trace:
memcpy+0x39/0x58
_copy_to_iter+0x323/0x5f4
__skb_datagram_iter+0x89/0x2a6
skb_copy_datagram_iter+0x129/0x135
rxrpc_recvmsg_data.isra.0+0x615/0xd42
rxrpc_kernel_recv_data+0x1e9/0x3ae
afs_extract_data+0x139/0x33a
yfs_deliver_fs_fetch_data64+0x47a/0x91b
afs_deliver_to_call+0x304/0x709
afs_wait_for_call_to_complete+0x1cc/0x4ad
yfs_fs_fetch_data+0x279/0x288
afs_fetch_data+0x1e1/0x38d
afs_readpages+0x593/0x72e
read_pages+0xf5/0x21e
__do_page_cache_readahead+0x128/0x23f
ondemand_readahead+0x36e/0x37f
generic_file_buffered_read+0x234/0x680
new_sync_read+0x109/0x17e
vfs_read+0xe6/0x138
ksys_read+0xd8/0x14d
do_syscall_64+0x6e/0x8a
entry_SYSCALL_64_after_hwframe+0x49/0xb3
Fixes:
|
||
|
Greg Kroah-Hartman
|
ae0dae9ffc |
This is the 5.4.37 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6tF/4ACgkQONu9yGCS aT7GdA//U9Nzp0upthsH5IMqIOwaJQBEwXF83fTResLKPSNjq6wAYO6kQwdTBMZ1 PUo/ZEmOnDigdHM3PCGw+Z779UCb9/2laH+KPnPTnst9LcM0sLJMsgoCIuqsyl8J mPDLCbx4f7/ffkw/cSb+JrqCn/2mFib3uCwktTSqxVWm9S7EcE3CRxSTEE1XP/z6 FzDPCjeNijNa3U96NnHFcKXEo/vcaEKHIB9bgdR7kUuRKGBhXSjv7LWUV/940F2w eyGgW5A+o94dsCORx2aOgBwOoujAto/DxDihv4jm/S5HTg68hqWQxqWerlsy0PFP k7j854aaHamIJjt5SE2MTm9YxnvWh4rpbXjuYDLYLM1jLaACZ+5mIj+w18yrpmOs 7vjlHBBBTt4xNbODML4KLrj+fCdXk4uEBy7sWi/qYPUmrV3CLK1DqcqRQ9toS+yh o22JwyVYuD2os0YMYikqSVRlCe4UwJcW0ZZfOFg2cpB9anG7i+DrzW9Lc6CuPsHo ZC9rdVNEHLh9Ti9zcXrs8AFjxoIbP/m0n+ZH7bQPo1/rWE4+fzj14wtKslGtkT0B 00/Vo9mtmmBC0MVBignbWsq5aE3bFLWTOveJppjgAVXYJ7mQhtnvw4eFSJahtBa0 s+SB9M6kGNvWpL11cokqIaVfklDjaMo0Jeakd78KdobeNOgBvug= =TNyS -----END PGP SIGNATURE----- Merge 5.4.37 into android-5.4-stable Changes in 5.4.37 remoteproc: Fix wrong rvring index computation ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() printk: queue wake_up_klogd irq_work only if per-CPU areas are ready ASoC: stm32: sai: fix sai probe usb: dwc3: gadget: Do link recovery for SS and SSP kbuild: fix DT binding schema rule again to avoid needless rebuilds usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete usb: gadget: udc: atmel: Fix vbus disconnect handling afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH iio:ad7797: Use correct attribute_group propagate_one(): mnt_set_mountpoint() needs mount_lock counter: 104-quad-8: Add lock guards - generic interface s390/ftrace: fix potential crashes when switching tracers ASoC: q6dsp6: q6afe-dai: add missing channels to MI2S DAIs ASoC: tas571x: disable regulators on failed probe ASoC: meson: axg-card: fix codec-to-codec link setup ASoC: wm8960: Fix wrong clock after suspend & resume drivers: soc: xilinx: fix firmware driver Kconfig dependency nfsd: memory corruption in nfsd4_lock() bpf: Forbid XADD on spilled pointers for unprivileged users i2c: altera: use proper variable to hold errno rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket net/cxgb4: Check the return from t4_query_params properly xfs: acquire superblock freeze protection on eofblocks scans svcrdma: Fix trace point use-after-free race svcrdma: Fix leak of svc_rdma_recv_ctxt objects net/mlx5e: Don't trigger IRQ multiple times on XSK wakeup to avoid WQ overruns net/mlx5e: Get the latest values from counters in switchdev mode PCI: Avoid ASMedia XHCI USB PME# from D0 defect PCI: Add ACS quirk for Zhaoxin multi-function devices PCI: Make ACS quirk implementations more uniform PCI: Unify ACS quirk desired vs provided checking PCI: Add Zhaoxin Vendor ID PCI: Add ACS quirk for Zhaoxin Root/Downstream Ports PCI: Move Apex Edge TPU class quirk to fix BAR assignment ARM: dts: bcm283x: Disable dsi0 node cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled s390/pci: do not set affinity for floating irqs net/mlx5: Fix failing fw tracer allocation on s390 sched/core: Fix reset-on-fork from RT with uclamp perf/core: fix parent pid/tid in task exit events netfilter: nat: fix error handling upon registering inet hook PM: sleep: core: Switch back to async_schedule_dev() blk-iocost: Fix error on iocost_ioc_vrate_adj um: ensure `make ARCH=um mrproper` removes arch/$(SUBARCH)/include/generated/ bpf, x86_32: Fix incorrect encoding in BPF_LDX zero-extension bpf, x86_32: Fix clobbering of dst for BPF_JSET bpf, x86_32: Fix logic error in BPF_LDX zero-extension mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path xfs: clear PF_MEMALLOC before exiting xfsaild thread bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B libbpf: Initialize *nl_pid so gcc 10 is happy net: fec: set GPR bit on suspend by DT configuration. x86: hyperv: report value of misc_features signal: check sig before setting info in kill_pid_usb_asyncio afs: Fix length of dump of bad YFSFetchStatus record xfs: fix partially uninitialized structure in xfs_reflink_remap_extent ALSA: hda: Release resources at error in delayed probe ALSA: hda: Keep the controller initialization even if no codecs found ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported scsi: target: fix PR IN / READ FULL STATUS for FC scsi: target: tcmu: reset_ring should reset TCMU_DEV_BIT_BROKEN objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings objtool: Support Clang non-section symbols in ORC dump xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status ALSA: hda: call runtime_allow() for all hda controllers net: stmmac: socfpga: Allow all RGMII modes mac80211: fix channel switch trigger from unknown mesh peer arm64: Delete the space separator in __emit_inst ext4: use matching invalidatepage in ext4_writepage ext4: increase wait time needed before reuse of deleted inode numbers ext4: convert BUG_ON's to WARN_ON's in mballoc.c blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget hwmon: (jc42) Fix name to have no illegal characters taprio: do not use BIT() in TCA_TAPRIO_ATTR_FLAG_* definitions qed: Fix race condition between scheduling and destroying the slowpath workqueue Crypto: chelsio - Fixes a hang issue during driver registration net: use indirect call wrappers for skb_copy_datagram_iter() qed: Fix use after free in qed_chain_free ext4: check for non-zero journal inum in ext4_calculate_overhead ASoC: soc-core: disable route checks for legacy devices ASoC: stm32: spdifrx: fix regmap status check Linux 5.4.37 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ice2ab2e77117b798ed22e9442f72a44f39be28dc |
||
|
David Howells
|
ec6e5792d6 |
afs: Fix length of dump of bad YFSFetchStatus record
[ Upstream commit 3efe55b09a92a59ed8214db801683cf13c9742c4 ] Fix the length of the dump of a bad YFSFetchStatus record. The function was copied from the AFS version, but the YFS variant contains bigger fields and extra information, so expand the dump to match. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
David Howells
|
f581eff939 |
afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH
commit 69cf3978f3ada4e54beae4ad44868b5627864884 upstream.
AFS keeps track of the epoch value from the rxrpc protocol to note (a) when
a fileserver appears to have restarted and (b) when different endpoints of
a fileserver do not appear to be associated with the same fileserver
(ie. all probes back from a fileserver from all of its interfaces should
carry the same epoch).
However, the AFS_SERVER_FL_HAVE_EPOCH flag that indicates that we've
received the server's epoch is never set, though it is used.
Fix this to set the flag when we first receive an epoch value from a probe
sent to the filesystem client from the fileserver.
Fixes:
|
||
|
David Howells
|
c2bdc86ec8 |
afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate
commit c4bfda16d1b40d1c5941c61b5aa336bdd2d9904a upstream.
When an operation is meant to be done uninterruptibly (such as
FS.StoreData), we should not be allowing volume and server record checking
to be interrupted.
Fixes:
|
||
|
Greg Kroah-Hartman
|
5e713c48ff |
This is the 5.4.35 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6hU54ACgkQONu9yGCS
aT5/3BAAlSOFEbVYeiAjDQYfA5DvieeVN3qKk0HnErIPRm35UHqCYSMyEDiJ2c8E
01V2aFpvAZDyj/pE/prBrUH5FnKyil9tPQrg/da2f54yMiXQvQ6iFdmH/N5Zp5eu
oY6qFUo4jePTbmI/TBzz08XZ9B4VxccNRhSdF0dO4SInt3eC+vJho3dCXH8H3B7o
cDf4uIXQqyGn6t9yQQlSVRYTCK1JMwkSVxCU7uMWS5TfJSN3EyZvMMfXyTCTmgIy
13Vv3+nSHxGqgyAA3fsClCGGAeQyFGQXP28OqyzesPuYyi5z3nDKtgZcAVtvyw9I
eDsfnOUrw76StiJwRfnKkbg8TBKDWn4N9VyLyBvjRvRovSzTJ31jKVBLhByKDJQt
cnsi/Ttkm2CYmChozdJrm1Pfm6HH5etEXh6rq4sqeGLkpi+k1UiQgYlavJPOI3nz
n6dMQEyeg1dmAIBXqgvSvGVfyZuRi37ApPHMHEY4klALbRaSj2Vu/pblyeRezIXL
G5D7olchwI0X18khdoBYOT1+tmid1pDZ00WB6Iq5IKIjR5x8KBf5uMcvprAc3LsP
mhGP9+MYXhWQ/GjHjA6TZq76qhYlEZBIHBarIaNjrl3IShLTQXzxAwS8rGtI5wZP
fTlCc+FBg5w1LDiVcEYJHXR583jSgsFTd3qbtpeaaQyKcC/fkEk=
=3/4K
-----END PGP SIGNATURE-----
Merge 5.4.35 into android-5.4-stable
Changes in 5.4.35
ext4: use non-movable memory for superblock readahead
watchdog: sp805: fix restart handler
xsk: Fix out of boundary write in __xsk_rcv_memcpy
arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
arm, bpf: Fix offset overflow for BPF_MEM BPF_DW
objtool: Fix switch table detection in .text.unlikely
scsi: sg: add sg_remove_request in sg_common_write
ALSA: hda: Honor PM disablement in PM freeze and thaw_noirq ops
ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN.
kbuild, btf: Fix dependencies for DEBUG_INFO_BTF
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
irqchip/mbigen: Free msi_desc on device teardown
ALSA: hda: Don't release card at firmware loading error
xsk: Add missing check on user supplied headroom size
of: unittest: kmemleak on changeset destroy
of: unittest: kmemleak in of_unittest_platform_populate()
of: unittest: kmemleak in of_unittest_overlay_high_level()
of: overlay: kmemleak in dup_and_fixup_symbol_prop()
x86/Hyper-V: Unload vmbus channel in hv panic callback
x86/Hyper-V: Trigger crash enlightenment only once during system crash.
x86/Hyper-V: Report crash register data or kmsg before running crash kernel
x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set
x86/Hyper-V: Report crash data in die() when panic_on_oops is set
afs: Fix missing XDR advance in xdr_decode_{AFS,YFS}FSFetchStatus()
afs: Fix decoding of inline abort codes from version 1 status records
afs: Fix rename operation status delivery
afs: Fix afs_d_validate() to set the right directory version
afs: Fix race between post-modification dir edit and readdir/d_revalidate
block, bfq: turn put_queue into release_process_ref in __bfq_bic_change_cgroup
block, bfq: make reparent_leaf_entity actually work only on leaf entities
block, bfq: invoke flush_idle_tree after reparent_active_queues in pd_offline
rbd: avoid a deadlock on header_rwsem when flushing notifies
rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump
drm/ttm: flush the fence on the bo after we individualize the reservation object
clk: Don't cache errors from clk_ops::get_phase()
clk: at91: usb: continue if clk_hw_round_rate() return zero
net/mlx5e: Enforce setting of a single FEC mode
f2fs: fix the panic in do_checkpoint()
ARM: dts: rockchip: fix vqmmc-supply property name for rk3188-bqedison2qc
arm64: dts: allwinner: a64: Fix display clock register range
power: supply: bq27xxx_battery: Silence deferred-probe error
clk: tegra: Fix Tegra PMC clock out parents
arm64: tegra: Add PCIe endpoint controllers nodes for Tegra194
arm64: tegra: Fix Tegra194 PCIe compatible string
arm64: dts: clearfog-gt-8k: set gigabit PHY reset deassert delay
soc: imx: gpc: fix power up sequencing
dma-coherent: fix integer overflow in the reserved-memory dma allocation
rtc: 88pm860x: fix possible race condition
NFS: alloc_nfs_open_context() must use the file cred when available
NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
NFSv4.2: error out when relink swapfile
ARM: dts: rockchip: fix lvds-encoder ports subnode for rk3188-bqedison2qc
KVM: PPC: Book3S HV: Fix H_CEDE return code for nested guests
f2fs: fix to show norecovery mount option
phy: uniphier-usb3ss: Add Pro5 support
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
f2fs: Fix mount failure due to SPO after a successful online resize FS
f2fs: Add a new CP flag to help fsck fix resize SPO issues
s390/cpuinfo: fix wrong output when CPU0 is offline
hibernate: Allow uswsusp to write to swap
btrfs: add RCU locks around block group initialization
powerpc/prom_init: Pass the "os-term" message to hypervisor
powerpc/maple: Fix declaration made after definition
s390/cpum_sf: Fix wrong page count in error message
ext4: do not commit super on read-only bdev
um: ubd: Prevent buffer overrun on command completion
cifs: Allocate encryption header through kmalloc
mm/hugetlb: fix build failure with HUGETLB_PAGE but not HUGEBTLBFS
drm/nouveau/svm: check for SVM initialized before migrating
drm/nouveau/svm: fix vma range check for migration
include/linux/swapops.h: correct guards for non_swap_entry()
percpu_counter: fix a data race at vm_committed_as
compiler.h: fix error in BUILD_BUG_ON() reporting
KVM: s390: vsie: Fix possible race when shadowing region 3 tables
drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges
leds: core: Fix warning message when init_data
x86: ACPI: fix CPU hotplug deadlock
csky: Fixup cpu speculative execution to IO area
drm/amdkfd: kfree the wrong pointer
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
csky: Fixup get wrong psr value from phyical reg
f2fs: fix NULL pointer dereference in f2fs_write_begin()
ACPICA: Fixes for acpiExec namespace init file
um: falloc.h needs to be directly included for older libc
drm/vc4: Fix HDMI mode validation
iommu/virtio: Fix freeing of incomplete domains
iommu/vt-d: Fix mm reference leak
SUNRPC: fix krb5p mount to provide large enough buffer in rq_rcvsize
ext2: fix empty body warnings when -Wextra is used
iommu/vt-d: Silence RCU-list debugging warning in dmar_find_atsr()
iommu/vt-d: Fix page request descriptor size
ext2: fix debug reference to ext2_xattr_cache
sunrpc: Fix gss_unwrap_resp_integ() again
csky: Fixup init_fpu compile warning with __init
power: supply: axp288_fuel_gauge: Broaden vendor check for Intel Compute Sticks.
libnvdimm: Out of bounds read in __nd_ioctl()
iommu/amd: Fix the configuration of GCR3 table root pointer
f2fs: fix to wait all node page writeback
drm/nouveau/gr/gp107,gp108: implement workaround for HW hanging during init
net: dsa: bcm_sf2: Fix overflow checks
dma-debug: fix displaying of dma allocation type
fbdev: potential information leak in do_fb_ioctl()
ARM: dts: sunxi: Fix DE2 clocks register range
iio: si1133: read 24-bit signed integer for measurement
fbmem: Adjust indentation in fb_prepare_logo and fb_blank
tty: evh_bytechan: Fix out of bounds accesses
locktorture: Print ratio of acquisitions, not failures
mtd: rawnand: free the nand_device object
mtd: spinand: Explicitly use MTD_OPS_RAW to write the bad block marker to OOB
docs: Fix path to MTD command line partition parser
mtd: lpddr: Fix a double free in probe()
mtd: phram: fix a double free issue in error path
KEYS: Don't write out to userspace while holding key semaphore
bpf: fix buggy r0 retval refinement for tracing helpers
bpf: Test_verifier, bpf_get_stack return value add <0
bpf: Test_progs, add test to catch retval refine error handling
bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test
Linux 5.4.35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I702aba533097c8533c12561c7f1a51f3a96f6f09
|
||
|
David Howells
|
00d3928737 |
afs: Fix race between post-modification dir edit and readdir/d_revalidate
commit 2105c2820d366b76f38e6ad61c75771881ecc532 upstream.
AFS directories are retained locally as a structured file, with lookup
being effected by a local search of the file contents. When a modification
(such as mkdir) happens, the dir file content is modified locally rather
than redownloading the directory.
The directory contents are accessed in a number of ways, with a number of
different locks schemes:
(1) Download of contents - dvnode->validate_lock/write in afs_read_dir().
(2) Lookup and readdir - dvnode->validate_lock/read in afs_dir_iterate(),
downgrading from (1) if necessary.
(3) d_revalidate of child dentry - dvnode->validate_lock/read in
afs_do_lookup_one() downgrading from (1) if necessary.
(4) Edit of dir after modification - page locks on individual dir pages.
Unfortunately, because (4) uses different locking scheme to (1) - (3),
nothing protects against the page being scanned whilst the edit is
underway. Even download is not safe as it doesn't lock the pages - relying
instead on the validate_lock to serialise as a whole (the theory being that
directory contents are treated as a block and always downloaded as a
block).
Fix this by write-locking dvnode->validate_lock around the edits. Care
must be taken in the rename case as there may be two different dirs - but
they need not be locked at the same time. In any case, once the lock is
taken, the directory version must be rechecked, and the edit skipped if a
later version has been downloaded by revalidation (there can't have been
any local changes because the VFS holds the inode lock, but there can have
been remote changes).
Fixes:
|
||
|
David Howells
|
42e343cf32 |
afs: Fix afs_d_validate() to set the right directory version
commit 40fc81027f892284ce31f8b6de1e497f5b47e71f upstream.
If a dentry's version is somewhere between invalid_before and the current
directory version, we should be setting it forward to the current version,
not backwards to the invalid_before version. Note that we're only doing
this at all because dentry::d_fsdata isn't large enough on a 32-bit system.
Fix this by using a separate variable for invalid_before so that we don't
accidentally clobber the current dir version.
Fixes:
|