lineage-22.1
4612 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
0e5af42a0a |
Merge 6.1.78 into android14-6.1-lts
Changes in 6.1.78 ext4: regenerate buddy after block freeing failed if under fc replay dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools dmaengine: ti: k3-udma: Report short packet errors dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA phy: renesas: rcar-gen3-usb2: Fix returning wrong error code dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP cifs: failure to add channel on iface should bump up weight drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup net: stmmac: xgmac: fix handling of DPP safety error for DMA channels wifi: mac80211: fix waiting for beacons logic netdevsim: avoid potential loop in nsim_dev_trap_report_work() net: atlantic: Fix DMA mapping for PTP hwts ring selftests: net: cut more slack for gro fwd tests. selftests: net: avoid just another constant wait tunnels: fix out of bounds access when building IPv6 PMTU error atm: idt77252: fix a memleak in open_card_ubr0 octeontx2-pf: Fix a memleak otx2_sq_init hwmon: (aspeed-pwm-tacho) mutex for tach reading hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (coretemp) Fix bogus core_id to attr name mapping inet: read sk->sk_family once in inet_recv_error() drm/i915/gvt: Fix uninitialized variable in handle_mmio() rxrpc: Fix response to PING RESPONSE ACKs to a dead call tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. ppp_async: limit MRU to 64K selftests: cmsg_ipv6: repeat the exact packet netfilter: nft_compat: narrow down revision to unsigned 8-bits netfilter: nft_compat: reject unused compat flag netfilter: nft_compat: restrict match/target protocol to u16 drm/amd/display: Implement bounds check for stream encoder creation in DCN301 netfilter: nft_ct: reject direction for ct id netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: remove scratch_aligned pointer fs/ntfs3: Fix an NULL dereference bug scsi: core: Move scsi_host_busy() out of host lock if it is for per-command blk-iocost: Fix an UBSAN shift-out-of-bounds warning fs: dlm: don't put dlm_local_addrs on heap mtd: parsers: ofpart: add workaround for #size-cells 0 ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter ALSA: usb-audio: add quirk for RODE NT-USB+ USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e USB: serial: option: add Fibocom FM101-GL variant USB: serial: cp210x: add ID for IMST iM871A-USB usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK hrtimer: Report offline hrtimer enqueue Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Revert "ASoC: amd: Add new dmi entries for acp5x platform" vhost: use kzalloc() instead of kmalloc() followed by memset() RDMA/irdma: Fix support for 64k pages f2fs: add helper to check compression level block: treat poll queue enter similarly to timeouts clocksource: Skip watchdog check for large watchdog intervals net: stmmac: xgmac: use #define for string constants ALSA: usb-audio: Sort quirk table entries net: stmmac: xgmac: fix a typo of register name in DPP safety handling netfilter: nft_set_rbtree: skip end interval element from gc Linux 6.1.78 Change-Id: Iba16875d4cb88deffea077cf69495f9fe447ea23 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
20b90d46a0 |
Merge 6.1.77 into android14-6.1-lts
Changes in 6.1.77
asm-generic: make sparse happy with odd-sized put_unaligned_*()
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
arm64: irq: set the correct node for VMAP stack
drivers/perf: pmuv3: don't expose SW_INCR event in sysfs
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping()
x86/boot: Ignore NMIs during very early boot
powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE
powerpc/lib: Validate size for vector operations
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file
debugobjects: Stop accessing objects after releasing hash bucket lock
regulator: core: Only increment use_count when enable_count changes
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
ACPI: NUMA: Fix the logic of getting the fake_pxm value
PM / devfreq: Synchronize devfreq_monitor_[start/stop]
ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: octeontx2 - Fix cptvf driver cleanup
erofs: fix ztailpacking for subpage compressed blocks
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu()
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
arch: consolidate arch_irq_work_raise prototypes
s390/vfio-ap: fix sysfs status attribute for AP queue devices
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ecryptfs: Reject casefold directory inodes
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
wifi: rt2x00: restart beacon queue when hardware reset
selftests/bpf: satisfy compiler by having explicit return in btf test
selftests/bpf: Fix pyperf180 compilation failure with clang18
wifi: rt2x00: correct wrong BBP register in RxDCOC calibration
selftests/bpf: Fix issues in setup_classid_environment()
soc: xilinx: Fix for call trace due to the usage of smp_processor_id()
soc: xilinx: fix unhandled SGI warning message
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
net: usb: ax88179_178a: avoid two consecutive device resets
scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
ARM: dts: imx7d: Fix coresight funnel ports
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early
bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
bpf: Set uattr->batch.count as zero before batched update or deletion
wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
net: phy: at803x: fix passing the wrong reference for config_intr
ionic: pass opcode to devcmd_wait
ionic: bypass firmware cmds when stuck in reset
block/rnbd-srv: Check for unlikely string overflow
ARM: dts: imx25: Fix the iim compatible string
ARM: dts: imx25/27: Pass timing0
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
scsi: hisi_sas: Set .phy_attached before notifing phyup event HISI_PHYE_PHY_UP_PM
ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values
net: atlantic: eliminate double free in error handling logic
net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path
block: prevent an integer overflow in bvec_try_merge_hw_page
md: Whenassemble the array, consult the superblock of the freshest device
arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property
arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property
ice: fix pre-shifted bit usage
arm64: dts: amlogic: fix format for s4 uart node
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066
Bluetooth: hci_sync: fix BR/EDR wakeup bug
Bluetooth: L2CAP: Fix possible multiple reject send
net/smc: disable SEID on non-s390 archs where virtual ISM may be used
bridge: cfm: fix enum typo in br_cc_ccm_tx_parse
i40e: Fix VF disable behavior to block all traffic
octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry
net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure
f2fs: fix to check return value of f2fs_reserve_new_block()
ALSA: hda: Refer to correct stream index at loops
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/panel-edp: Add override_edid_mode quirk for generic edp
drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms
drm/amd/display: Fix tiled display misalignment
f2fs: fix write pointers on zoned device after roll forward
ASoC: amd: Add new dmi entries for acp5x platform
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
media: rkisp1: Drop IRQF_SHARED
media: rkisp1: Fix IRQ handler return values
media: rkisp1: Store IRQ lines
media: rkisp1: Fix IRQ disable race issue
hwmon: (nct6775) Fix fan speed set failure in automatic mode
f2fs: fix to tag gcing flag on page during block migration
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: amphion: remove mutext lock in condition of wait_event
media: ddbridge: fix an error code problem in ddb_probe
media: i2c: imx335: Fix hblank min/max values
drm/amd/display: For prefetch mode > 0, extend prefetch if possible
drm/msm/dpu: Ratelimit framedone timeout msgs
drm/msm/dpu: fix writeback programming for YUV cases
drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786
drm/amd/display: make flip_timestamp_in_us a 64-bit variable
clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks
drm/amdgpu: Fix ecc irq enable/disable unpaired
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()'
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()'
ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
um: time-travel: fix time corruption
i3c: master: cdns: Update maximum prescaler value for i2c clock
xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt
PCI: Only override AMD USB controller if required
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present
usb: hub: Replace hardcoded quirk value with BIT() macro
usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x hub
selftests/sgx: Fix linker script asserts
tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
fs/kernfs/dir: obey S_ISGID
spmi: mediatek: Fix UAF on device remove
PCI: Fix 64GT/s effective data rate calculation
PCI/AER: Decode Requester ID when no error info found
9p: Fix initialisation of netfs_inode for 9p
misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback
libsubcmd: Fix memory leak in uniq()
drm/amdkfd: Fix lock dependency warning
drm/amdkfd: Fix lock dependency warning with srcu
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: reinitialize mds feature bit even when session in open
ceph: fix deadlock or deadcode of misusing dget()
ceph: fix invalid pointer access if get_quota_realm return ERR_PTR
drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()'
drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()'
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()'
perf: Fix the nr_addr_filters fix
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm: using mul_u32_u32() requires linux/math64.h
scsi: isci: Fix an error code problem in isci_io_request_build()
regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
HID: hidraw: fix a problem of memory leak in hidraw_release()
selftests: net: give more time for GRO aggregation
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
ipv4: raw: add drop reasons
ipmr: fix kernel panic when forwarding mcast packets
net: lan966x: Fix port configuration when using SGMII interface
tcp: add sanity checks to rx zerocopy
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
net: dsa: qca8k: fix illegal usage of GPIO
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
bridge: mcast: fix disabled snooping after long uptime
selftests: net: add missing config for GENEVE
netfilter: conntrack: correct window scaling with retransmitted SYN
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
selftests: net: fix available tunnels detection
net: sysfs: Fix /sys/class/net/<iface> path
selftests: team: Add missing config options
selftests: bonding: Check initial state
arm64: irq: set the correct node for shadow call stack
mm, kmsan: fix infinite recursion due to RCU critical section
Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again"
drm/msm/dsi: Enable runtime PM
LoongArch/smp: Call rcutree_report_cpu_starting() at tlb_init()
gve: Fix use-after-free vulnerability
bonding: remove print in bond_verify_device_path
ASoC: codecs: lpass-wsa-macro: fix compander volume hack
ASoC: codecs: wsa883x: fix PA volume control
drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
Linux 6.1.77
Change-Id: I8d69fc7831db64d8a0fad88a318f03052f8bbf69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
2dbddbe358 |
This is the 6.1.76 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmW64xYACgkQONu9yGCS aT7kVA/+KKlE3UFuGmV1ZmiHagHF+oRZKSk9m97F5zgfAcEHAcTnnuikzvJHuepU 4hPMsH+tTXafOJLh81bv7IH3RhHtvmQZPQyWUw7ysY9ms/7CZxjkuirxLWI3evUG lre7OiApyOPkxERBfA5f9r2D1ufXC742xcAdaXrn+GSZd4nuId5f0IbHmfdNv/MV zTt6+0qRU3TMpsUdqp0rIm/0KUXtopCDFf2fI/lIImAvN2onuiqDy+TC0FJ0ErTQ C3wTEi1j9u6l3AO51OYm57TbKj/KmVOcQdcQyskHGHbB+7nS9z29LXQyorRUKqkv KTs739kgG8GH0ZegTwPVPCx5t1SBzy8fuzI2c2MMVfNCT6rWJVS7brzeb7zDLuRT 9pSr9MnoQNYMhJ3IlPvgPHKwvpP4t2el7Z8noVTRXHDjrkC238gloHwvH78/b2ao bXO3DRKTzB4Vv/Q8YUPFmj5fhPqz5lnK6idr4r72JSlzfjxtYoPAKwYihDGxmeLN mWikAPepLqoGg/P2ztKhV/fL9TVhJB+d2YM5op/b+pUxZtYdiJODefFF1ebBbF34 sRG12htP7GV/MTkxC7Yu0h3vS3HWVHugHMBIXXUnqlOANMUbyAMEQW+xkdS/W5bd QnowcQr+DT1A5b9P1bYXB7efNiHENxo/jvuJTrzZmLioy1MPqeE= =219k -----END PGP SIGNATURE----- Merge 6.1.76 into android-6.1 Changes in 6.1.76 usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API usb: dwc3: gadget: Queue PM runtime idle on disconnect event usb: dwc3: gadget: Handle EP0 request dequeuing properly Revert "nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB" iio: adc: ad7091r: Set alert bit in config register iio: adc: ad7091r: Allow users to configure device events ext4: allow for the last group to be marked as trimmed arm64: properly install vmlinuz.efi OPP: Pass rounded rate to _set_opp() btrfs: sysfs: validate scrub_speed_max value crypto: api - Disallow identical driver names PM: hibernate: Enforce ordering during image compression/decompression hwrng: core - Fix page fault dead lock on mmap-ed hwrng crypto: s390/aes - Fix buffer overread in CTR mode s390/vfio-ap: unpin pages on gisc registration failure PM / devfreq: Fix buffer overflow in trans_stat_show media: imx355: Enable runtime PM before registering async sub-device rpmsg: virtio: Free driver_override when rpmsg_remove() media: ov9734: Enable runtime PM before registering async sub-device s390/vfio-ap: always filter entire AP matrix s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB mips: Fix max_mapnr being uninitialized on early stages bus: mhi: host: Add alignment check for event ring read pointer bus: mhi: host: Drop chan lock before queuing buffers bus: mhi: host: Add spinlock to protect WP access when queueing TREs parisc/firmware: Fix F-extend for PDC addresses parisc/power: Fix power soft-off button emulation on qemu async: Split async_schedule_node_domain() async: Introduce async_schedule_dev_nocall() iio: adc: ad7091r: Enable internal vref if external vref is not supplied dmaengine: fix NULL pointer in channel unregistration function scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() arm64: dts: qcom: sc7180: fix USB wakeup interrupt types arm64: dts: qcom: sdm845: fix USB wakeup interrupt types arm64: dts: qcom: sm8150: fix USB wakeup interrupt types arm64: dts: qcom: sc7280: fix usb_1 wakeup interrupt types arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts arm64: dts: qcom: sm8150: fix USB DP/DM HS PHY interrupts lsm: new security_file_ioctl_compat() hook docs: kernel_abi.py: fix command injection scripts/get_abi: fix source path leak media: videobuf2-dma-sg: fix vmap callback mmc: core: Use mrq.sbc in close-ended ffu mmc: mmc_spi: remove custom DMA mapped buffers media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run arm64: Rename ARM64_WORKAROUND_2966298 rtc: cmos: Use ACPI alarm for non-Intel x86 systems too rtc: Adjust failure return code for cmos_set_alarm() rtc: mc146818-lib: Adjust failure return code for mc146818_get_time() rtc: Add support for configuring the UIP timeout for RTC reads rtc: Extend timeout for waiting for UIP to clear to 1s nouveau/vmm: don't set addr on the fail path to avoid warning ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path mm/rmap: fix misplaced parenthesis of a likely() mm/sparsemem: fix race in accessing memory_section->usage rename(): fix the locking of subdirectories serial: sc16is7xx: improve regmap debugfs by using one regmap per port serial: sc16is7xx: remove wasteful static buffer in sc16is7xx_regmap_name() serial: sc16is7xx: remove global regmap from struct sc16is7xx_port serial: sc16is7xx: remove unused line structure member serial: sc16is7xx: change EFR lock to operate on each channels serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO serial: sc16is7xx: fix invalid sc16is7xx_lines bitfield in case of probe error serial: sc16is7xx: remove obsolete loop in sc16is7xx_port_irq() serial: sc16is7xx: improve do/while loop in sc16is7xx_irq() LoongArch/smp: Call rcutree_report_cpu_starting() earlier mm: page_alloc: unreserve highatomic page blocks before oom ksmbd: set v2 lease version on lease upgrade ksmbd: fix potential circular locking issue in smb2_set_ea() ksmbd: don't increment epoch if current state and request state are same ksmbd: send lease break notification on FILE_RENAME_INFORMATION ksmbd: Add missing set_freezable() for freezable kthread Revert "drm/amd: Enable PCIe PME from D3" drm/amd/display: pbn_div need be updated for hotplug event wifi: mac80211: fix potential sta-link leak net/smc: fix illegal rmb_desc access in SMC-D connection dump tcp: make sure init the accept_queue's spinlocks once bnxt_en: Wait for FLR to complete during probe vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING llc: make llc_ui_sendmsg() more robust against bonding changes llc: Drop support for ETH_P_TR_802_2. udp: fix busy polling net: fix removing a namespace with conflicting altnames tun: fix missing dropped counter in tun_xdp_act tun: add missing rx stats accounting in tun_xdp_act net: micrel: Fix PTP frame parsing for lan8814 net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv netfs, fscache: Prevent Oops in fscache_put_cache() tracing: Ensure visibility when inserting an element into tracing_map afs: Hide silly-rename files from userspace tcp: Add memory barrier to tcp_push() netlink: fix potential sleeping issue in mqueue_flush_file ipv6: init the accept_queue's spinlocks in inet6_create net/mlx5: DR, Use the right GVMI number for drop action net/mlx5: DR, Can't go to uplink vport on RX rule net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO net/mlx5e: Allow software parsing when IPsec crypto is enabled net/mlx5e: fix a double-free in arfs_create_groups net/mlx5e: fix a potential double-free in fs_any_create_groups rcu: Defer RCU kthreads wakeup when CPU is dying netfilter: nft_limit: reject configurations that cause integer overflow btrfs: fix infinite directory reads btrfs: set last dir index to the current last index when opening dir btrfs: refresh dir last index during a rewinddir(3) call btrfs: fix race between reading a directory and adding entries to it netfilter: nf_tables: restrict anonymous set and map names to 16 bytes netfilter: nf_tables: validate NFPROTO_* family net: stmmac: Wait a bit for the reset to take effect net: mvpp2: clear BM pool before initialization selftests: netdevsim: fix the udp_tunnel_nic test fjes: fix memleaks in fjes_hw_setup net: fec: fix the unhandled context fault from smmu nbd: always initialize struct msghdr completely btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted btrfs: ref-verify: free ref cache before clearing mount opt btrfs: tree-checker: fix inline ref size in error messages btrfs: don't warn if discard range is not aligned to sector btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't abort filesystem when attempting to snapshot deleted subvolume rbd: don't move requests to the running list on errors exec: Fix error handling in begin_new_exec() wifi: iwlwifi: fix a memory corruption hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain netfilter: nf_tables: reject QUEUE/DROP verdict parameters platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe ksmbd: fix global oob in ksmbd_nl_policy firmware: arm_scmi: Check mailbox/SMT channel for consistency xfs: read only mounts with fsopen mount API are busted gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 cpufreq: intel_pstate: Refine computation of P-state for given frequency drm: Don't unref the same fb many times by mistake due to deadlock handling drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm/tidss: Fix atomic_flush check drm/amd/display: Disable PSR-SU on Parade 0803 TCON again platform/x86: intel-uncore-freq: Fix types in sysfs callbacks drm/bridge: nxp-ptn3460: simplify some error checking drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A drm/amdgpu/pm: Fix the power source flag error erofs: get rid of the remaining kmap_atomic() erofs: fix lz4 inplace decompression media: ov13b10: Support device probe in non-zero ACPI D state media: ov13b10: Enable runtime PM before registering async sub-device bus: mhi: ep: Do not allocate event ring element on stack PM: core: Remove unnecessary (void *) conversions PM: sleep: Fix possible deadlocks in core system-wide PM code thermal: intel: hfi: Refactor enabling code into helper functions thermal: intel: hfi: Disable an HFI instance when all its CPUs go offline thermal: intel: hfi: Add syscore callbacks for system-wide PM fs/pipe: move check to pipe_has_watch_queue() pipe: wakeup wr_wait after setting max_usage ARM: dts: qcom: sdx55: fix USB wakeup interrupt types ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts ARM: dts: qcom: sdx55: fix USB SS wakeup dlm: use kernel_connect() and kernel_bind() serial: core: Provide port lock wrappers serial: sc16is7xx: Use port lock wrappers serial: sc16is7xx: fix unconditional activation of THRI interrupt btrfs: zoned: factor out prepare_allocation_zoned() btrfs: zoned: optimize hint byte for zoned allocator drm/panel-edp: drm/panel-edp: Fix AUO B116XAK01 name and timing Revert "powerpc/64s: Increase default stack size to 32KB" drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] drm/bridge: sii902x: Use devm_regulator_bulk_get_enable() drm/bridge: sii902x: Fix probing race issue drm/bridge: sii902x: Fix audio codec unregistration drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case drm/exynos: fix accidental on-stack copy of exynos_drm_plane drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume gpio: eic-sprd: Clear interrupt after set the interrupt type block: Move checking GENHD_FL_NO_PART to bdev_add_partition() drm/bridge: anx7625: Ensure bridge is suspended in disable() spi: bcm-qspi: fix SFDP BFPT read by usig mspi read spi: fix finalize message on error return MIPS: lantiq: register smp_ops on non-smp platforms cxl/region:Fix overflow issue in alloc_hpa() mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan tick/sched: Preserve number of idle sleeps across CPU hotplug events x86/entry/ia32: Ensure s32 is sign extended to s64 serial: core: fix kernel-doc for uart_port_unlock_irqrestore() net/mlx5e: Handle hardware IPsec limits events Linux 6.1.76 Change-Id: I4725561e2ca5df042a1fe307af701e7d5e2d06c8 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Baokun Li
|
78327acd4c |
ext4: regenerate buddy after block freeing failed if under fc replay
[ Upstream commit c9b528c35795b711331ed36dc3dbee90d5812d4e ] This mostly reverts commit |
||
|
Baokun Li
|
6d2cbf517d |
ext4: avoid online resizing failures due to oversized flex bg
[ Upstream commit 5d1935ac02ca5aee364a449a35e2977ea84509b0 ]
When we online resize an ext4 filesystem with a oversized flexbg_size,
mkfs.ext4 -F -G 67108864 $dev -b 4096 100M
mount $dev $dir
resize2fs $dev 16G
the following WARN_ON is triggered:
==================================================================
WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550
Modules linked in: sg(E)
CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314
RIP: 0010:__alloc_pages+0x411/0x550
Call Trace:
<TASK>
__kmalloc_large_node+0xa2/0x200
__kmalloc+0x16e/0x290
ext4_resize_fs+0x481/0xd80
__ext4_ioctl+0x1616/0x1d90
ext4_ioctl+0x12/0x20
__x64_sys_ioctl+0xf0/0x150
do_syscall_64+0x3b/0x90
==================================================================
This is because flexbg_size is too large and the size of the new_group_data
array to be allocated exceeds MAX_ORDER. Currently, the minimum value of
MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding
maximum number of groups that can be allocated is:
(PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845
And the value that is down-aligned to the power of 2 is 16384. Therefore,
this value is defined as MAX_RESIZE_BG, and the number of groups added
each time does not exceed this value during resizing, and is added multiple
times to complete the online resizing. The difference is that the metadata
in a flex_bg may be more dispersed.
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20231023013057.2117948-4-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Baokun Li
|
dd10f82ece |
ext4: remove unnecessary check from alloc_flex_gd()
[ Upstream commit b099eb87de105cf07cad731ded6fb40b2675108b ] In commit |
||
|
Baokun Li
|
60292a12a0 |
ext4: unify the type of flexbg_size to unsigned int
[ Upstream commit 658a52344fb139f9531e7543a6e0015b630feb38 ] The maximum value of flexbg_size is 2^31, but the maximum value of int is (2^31 - 1), so overflow may occur when the type of flexbg_size is declared as int. For example, when uninit_mask is initialized in ext4_alloc_group_tables(), if flexbg_size == 2^31, the initialized uninit_mask is incorrect, and this may causes set_flexbg_block_bitmap() to trigger a BUG_ON(). Therefore, the flexbg_size type is declared as unsigned int to avoid overflow and memory waste. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20231023013057.2117948-2-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Ye Bin
|
069ede0475 |
ext4: fix inconsistent between segment fstrim and full fstrim
[ Upstream commit 68da4c44b994aea797eb9821acb3a4a36015293e ] Suppose we issue two FITRIM ioctls for ranges [0,15] and [16,31] with mininum length of trimmed range set to 8 blocks. If we have say a range of blocks 10-22 free, this range will not be trimmed because it straddles the boundary of the two FITRIM ranges and neither part is big enough. This is a bit surprising to some users that call FITRIM on smaller ranges of blocks to limit impact on the system. Also XFS trims all free space extents that overlap with the specified range so we are inconsistent among filesystems. Let's change ext4_try_to_trim_range() to consider for trimming the whole free space extent that straddles the end of specified range, not just the part of it within the range. Signed-off-by: Ye Bin <yebin10@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20231216010919.1995851-1-yebin10@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Suraj Jitindar Singh
|
852b6b2a2f |
ext4: allow for the last group to be marked as trimmed
commit 7c784d624819acbeefb0018bac89e632467cca5a upstream.
The ext4 filesystem tracks the trim status of blocks at the group
level. When an entire group has been trimmed then it is marked as
such and subsequent trim invocations with the same minimum trim size
will not be attempted on that group unless it is marked as able to be
trimmed again such as when a block is freed.
Currently the last group can't be marked as trimmed due to incorrect
logic in ext4_last_grp_cluster(). ext4_last_grp_cluster() is supposed
to return the zero based index of the last cluster in a group. This is
then used by ext4_try_to_trim_range() to determine if the trim
operation spans the entire group and as such if the trim status of the
group should be recorded.
ext4_last_grp_cluster() takes a 0 based group index, thus the valid
values for grp are 0..(ext4_get_groups_count - 1). Any group index
less than (ext4_get_groups_count - 1) is not the last group and must
have EXT4_CLUSTERS_PER_GROUP(sb) clusters. For the last group we need
to calculate the number of clusters based on the number of blocks in
the group. Finally subtract 1 from the number of clusters as zero
based indexing is expected. Rearrange the function slightly to make
it clear what we are calculating and returning.
Reproducer:
// Create file system where the last group has fewer blocks than
// blocks per group
$ mkfs.ext4 -b 4096 -g 8192 /dev/nvme0n1 8191
$ mount /dev/nvme0n1 /mnt
Before Patch:
$ fstrim -v /mnt
/mnt: 25.9 MiB (27156480 bytes) trimmed
// Group not marked as trimmed so second invocation still discards blocks
$ fstrim -v /mnt
/mnt: 25.9 MiB (27156480 bytes) trimmed
After Patch:
fstrim -v /mnt
/mnt: 25.9 MiB (27156480 bytes) trimmed
// Group marked as trimmed so second invocation DOESN'T discard any blocks
fstrim -v /mnt
/mnt: 0 B (0 bytes) trimmed
Fixes: 45e4ab320c9b ("ext4: move setting of trimmed bit into ext4_try_to_trim_range()")
Cc: <stable@vger.kernel.org> # 4.19+
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20231213051635.37731-1-surajjs@amazon.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
e1b12db2de |
Merge 6.1.72 into android14-6.1-lts
Changes in 6.1.72
keys, dns: Fix missing size check of V1 server-list header
block: Don't invalidate pagecache for invalid falloc modes
ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook
ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6
mptcp: prevent tcp diag from closing listener subflows
Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE
cifs: cifs_chan_is_iface_active should be called with chan_lock held
cifs: do not depend on release_iface for maintaining iface_list
KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL
wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ
drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer
netfilter: use skb_ip_totlen and iph_totlen
netfilter: nf_tables: set transport offset from mac header for netdev/egress
nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local
octeontx2-af: Fix marking couple of structure as __packed
drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern
ice: Fix link_down_on_close message
ice: Shut down VSI with "link-down-on-close" enabled
i40e: Fix filter input checks to prevent config with invalid values
igc: Report VLAN EtherType matching back to user
igc: Check VLAN TCI mask
igc: Check VLAN EtherType mask
ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable
ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset
mlxbf_gige: fix receive packet race condition
net: sched: em_text: fix possible memory leak in em_text_destroy()
r8169: Fix PCI error on system resume
can: raw: add support for SO_MARK
net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps
net: annotate data-races around sk->sk_tsflags
net: annotate data-races around sk->sk_bind_phc
net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)
selftests: bonding: do not set port down when adding to bond
ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init
sfc: fix a double-free bug in efx_probe_filters
net: bcmgenet: Fix FCS generation for fragmented skbuffs
netfilter: nft_immediate: drop chain reference counter on error
net: Save and restore msg_namelen in sock_sendmsg
i40e: fix use-after-free in i40e_aqc_add_filters()
ASoC: meson: g12a-toacodec: Validate written enum values
ASoC: meson: g12a-tohdmitx: Validate written enum values
ASoC: meson: g12a-toacodec: Fix event generation
ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
i40e: Restore VF MSI-X state during PCI reset
igc: Fix hicredit calculation
net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
net/smc: fix invalid link access in dumping SMC-R connections
octeontx2-af: Always configure NIX TX link credits based on max frame size
octeontx2-af: Re-enable MAC TX in otx2_stop processing
asix: Add check for usbnet_get_endpoints
net: ravb: Wait for operating mode to be applied
bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
net: Implement missing SO_TIMESTAMPING_NEW cmsg support
selftests: secretmem: floor the memory size to the multiple of page_size
cpu/SMT: Create topology_smt_thread_allowed()
cpu/SMT: Make SMT control more robust against enumeration failures
srcu: Fix callbacks acceleration mishandling
bpf, x64: Fix tailcall infinite loop
bpf, x86: Simplify the parsing logic of structure parameters
bpf, x86: save/restore regs with BPF_DW size
net: Declare MSG_SPLICE_PAGES internal sendmsg() flag
udp: Convert udp_sendpage() to use MSG_SPLICE_PAGES
splice, net: Add a splice_eof op to file-ops and socket-ops
ipv4, ipv6: Use splice_eof() to flush
udp: introduce udp->udp_flags
udp: move udp->no_check6_tx to udp->udp_flags
udp: move udp->no_check6_rx to udp->udp_flags
udp: move udp->gro_enabled to udp->udp_flags
udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags
udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO
udp: annotate data-races around udp->encap_type
wifi: iwlwifi: yoyo: swap cdb and jacket bits values
arm64: dts: qcom: sdm845: align RPMh regulator nodes with bindings
arm64: dts: qcom: sdm845: Fix PSCI power domain names
fbdev: imsttfb: Release framebuffer and dealloc cmap on error path
fbdev: imsttfb: fix double free in probe()
bpf: decouple prune and jump points
bpf: remove unnecessary prune and jump points
bpf: Remove unused insn_cnt argument from visit_[func_call_]insn()
bpf: clean up visit_insn()'s instruction processing
bpf: Support new 32bit offset jmp instruction
bpf: handle ldimm64 properly in check_cfg()
bpf: fix precision backtracking instruction iteration
blk-mq: make sure active queue usage is held for bio_integrity_prep()
net/mlx5: Increase size of irq name buffer
s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
s390/cpumf: support user space events for counting
f2fs: clean up i_compress_flag and i_compress_level usage
f2fs: convert to use bitmap API
f2fs: assign default compression level
f2fs: set the default compress_level on ioctl
selftests: mptcp: fix fastclose with csum failure
selftests: mptcp: set FAILING_LINKS in run_tests
media: camss: sm8250: Virtual channels for CSID
media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3
ext4: convert move_extent_per_page() to use folios
khugepage: replace try_to_release_page() with filemap_release_folio()
memory-failure: convert truncate_error_page() to use folio
mm: merge folio_has_private()/filemap_release_folio() call pairs
mm, netfs, fscache: stop read optimisation when folio removed from pagecache
filemap: add a per-mapping stable writes flag
block: update the stable_writes flag in bdev_add
smb: client: fix missing mode bits for SMB symlinks
net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
dpaa2-eth: recycle the RX buffer only after all processing done
ethtool: don't propagate EOPNOTSUPP from dumps
bpf, sockmap: af_unix stream sockets need to hold ref for pair sock
firmware: arm_scmi: Fix frequency truncation by promoting multiplier type
ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7
genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks
genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks
genirq/affinity: Don't pass irq_affinity_desc array to irq_build_affinity_masks
genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly
genirq/affinity: Move group_cpus_evenly() into lib/
lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly
mm/memory_hotplug: add missing mem_hotplug_lock
mm/memory_hotplug: fix error handling in add_memory_resource()
net: sched: call tcf_ct_params_free to free params in tcf_ct_init
netfilter: flowtable: allow unidirectional rules
netfilter: flowtable: cache info of last offload
net/sched: act_ct: offload UDP NEW connections
net/sched: act_ct: Fix promotion of offloaded unreplied tuple
netfilter: flowtable: GC pushes back packets to classic path
net/sched: act_ct: Take per-cb reference to tcf_ct_flow_table
octeontx2-af: Fix pause frame configuration
octeontx2-af: Support variable number of lmacs
btrfs: fix qgroup_free_reserved_data int overflow
btrfs: mark the len field in struct btrfs_ordered_sum as unsigned
ring-buffer: Fix 32-bit rb_time_read() race with rb_time_cmpxchg()
firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards
x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect
i2c: core: Fix atomic xfer check for non-preempt config
mm: fix unmap_mapping_range high bits shift bug
drm/amdgpu: skip gpu_info fw loading on navi12
drm/amd/display: add nv12 bounding box
mmc: meson-mx-sdhc: Fix initialization frozen issue
mmc: rpmb: fixes pause retune on all RPMB partitions.
mmc: core: Cancel delayed work before releasing host
mmc: sdhci-sprd: Fix eMMC init failure after hw reset
genirq/affinity: Only build SMP-only helper functions on SMP kernels
f2fs: compress: fix to assign compress_level for lz4 correctly
net/sched: act_ct: additional checks for outdated flows
net/sched: act_ct: Always fill offloading tuple iifidx
bpf: Fix a verifier bug due to incorrect branch offset comparison with cpu=v4
bpf: syzkaller found null ptr deref in unix_bpf proto add
media: qcom: camss: Comment CSID dt_id field
smb3: Replace smb2pdu 1-element arrays with flex-arrays
Revert "interconnect: qcom: sm8250: Enable sync_state"
Linux 6.1.72
Change-Id: Id00eb2ae1159d4d5fa0ef914e672c5669cbf5b0a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
d3d46ac25c |
Merge 6.1.69 into android14-6.1-lts
Changes in 6.1.69 perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table r8152: add USB device driver for config selection r8152: add vendor/device ID pair for D-Link DUB-E250 r8152: add vendor/device ID pair for ASUS USB-C2500 powerpc/ftrace: Fix stack teardown in ftrace_no_trace ext4: fix warning in ext4_dio_write_end_io() ksmbd: fix memory leak in smb2_lock() afs: Fix refcount underflow from error handling race HID: lenovo: Restrict detection of patched firmware only to USB cptkbd net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX qca_debug: Prevent crash on TX ring changes qca_debug: Fix ethtool -G iface tx behavior qca_spi: Fix reset behavior bnxt_en: Clear resource reservation during resume bnxt_en: Save ring error counters across reset bnxt_en: Fix wrong return value check in bnxt_close_nic() bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic atm: solos-pci: Fix potential deadlock on &cli_queue_lock atm: solos-pci: Fix potential deadlock on &tx_queue_lock net: vlan: introduce skb_vlan_eth_hdr() net: fec: correct queue selection octeontx2-af: fix a use-after-free in rvu_nix_register_reporters octeontx2-pf: Fix promisc mcam entry action octeontx2-af: Update RSS algorithm index atm: Fix Use-After-Free in do_vcc_ioctl net/rose: Fix Use-After-Free in rose_ioctl iavf: Introduce new state machines for flow director iavf: Handle ntuple on/off based on new state machines for flow director qed: Fix a potential use-after-free in qed_cxt_tables_alloc net: Remove acked SYN flag from packet in the transmit queue correctly net: ena: Destroy correct number of xdp queues upon failure net: ena: Fix xdp drops handling due to multibuf packets net: ena: Fix XDP redirection error stmmac: dwmac-loongson: Make sure MDIO is initialized before use sign-file: Fix incorrect return values check vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() dpaa2-switch: fix size of the dma_unmap dpaa2-switch: do not ask for MDB, VLAN and FDB replay net: stmmac: Handle disabled MDIO busses from devicetree appletalk: Fix Use-After-Free in atalk_ioctl net: atlantic: fix double free in ring reinit logic cred: switch to using atomic_long_t fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants ALSA: hda/realtek: Apply mute LED quirk for HP15-db Revert "PCI: acpiphp: Reassign resources on bridge if necessary" PCI: loongson: Limit MRRS to 256 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE drm/mediatek: Add spinlock for setting vblank event in atomic_begin x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM usb: aqc111: check packet for fixup for true limit stmmac: dwmac-loongson: Add architecture dependency blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" blk-cgroup: bypass blkcg_deactivate_policy after destroying bcache: avoid oversize memory allocation by small stripe_size bcache: remove redundant assignment to variable cur_idx bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid NULL checking to c->root in run_cache_set() nbd: fold nbd config initialization into nbd_alloc_config() nvme-auth: set explanation code for failure2 msgs nvme: catch errors from nvme_configure_metadata() selftests/bpf: fix bpf_loop_bench for new callback verification scheme LoongArch: Add dependency between vmlinuz.efi and vmlinux.efi LoongArch: Implement constant timer shutdown interface platform/x86: intel_telemetry: Fix kernel doc descriptions HID: glorious: fix Glorious Model I HID report HID: add ALWAYS_POLL quirk for Apple kb nbd: pass nbd_sock to nbd_read_reply() instead of index HID: hid-asus: reset the backlight brightness level on resume HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation net: usb: qmi_wwan: claim interface 4 for ZTE MF290 arm64: add dependency between vmlinuz.efi and Image HID: hid-asus: add const to read-only outgoing usb buffer perf: Fix perf_event_validate_size() lockdep splat btrfs: do not allow non subvolume root targets for snapshot soundwire: stream: fix NULL pointer dereference for multi_link ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify team: Fix use-after-free when an option instance allocation fails drm/amdgpu/sdma5.2: add begin/end_use ring callbacks dmaengine: stm32-dma: avoid bitfield overflow assertion mm/mglru: fix underprotected page cache mm/shmem: fix race in shmem_undo_range w/THP btrfs: free qgroup reserve when ORDERED_IOERR is set btrfs: don't clear qgroup reserved bit in release_folio drm/amdgpu: fix tear down order in amdgpu_vm_pt_free drm/amd/display: Disable PSR-SU on Parade 0803 TCON again drm/i915: Fix remapped stride with CCS on ADL+ smb: client: fix OOB in receive_encrypted_standard() smb: client: fix NULL deref in asn1_ber_decoder() smb: client: fix OOB in smb2_query_reparse_point() ring-buffer: Fix memory leak of free page tracing: Update snapshot buffer on resize if it is allocated ring-buffer: Do not update before stamp when switching sub-buffers ring-buffer: Have saved event hold the entire event ring-buffer: Fix writing to the buffer with max_data_size ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs ring-buffer: Do not try to put back write_stamp ring-buffer: Have rb_time_cmpxchg() set the msb counter too net: tls, update curr on splice as well r8152: avoid to change cfg for all devices r8152: remove rtl_vendor_mode function r8152: fix the autosuspend doesn't work Linux 6.1.69 Change-Id: I695d1d50ca8c00ff505505918bdc59ce9d29d479 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
David Howells
|
bceff380f3 |
mm: merge folio_has_private()/filemap_release_folio() call pairs
[ Upstream commit 0201ebf274a306a6ebb95e5dc2d6a0a27c737cac ] Patch series "mm, netfs, fscache: Stop read optimisation when folio removed from pagecache", v7. This fixes an optimisation in fscache whereby we don't read from the cache for a particular file until we know that there's data there that we don't have in the pagecache. The problem is that I'm no longer using PG_fscache (aka PG_private_2) to indicate that the page is cached and so I don't get a notification when a cached page is dropped from the pagecache. The first patch merges some folio_has_private() and filemap_release_folio() pairs and introduces a helper, folio_needs_release(), to indicate if a release is required. The second patch is the actual fix. Following Willy's suggestions[1], it adds an AS_RELEASE_ALWAYS flag to an address_space that will make filemap_release_folio() always call ->release_folio(), even if PG_private/PG_private_2 aren't set. folio_needs_release() is altered to add a check for this. This patch (of 2): Make filemap_release_folio() check folio_has_private(). Then, in most cases, where a call to folio_has_private() is immediately followed by a call to filemap_release_folio(), we can get rid of the test in the pair. There are a couple of sites in mm/vscan.c that this can't so easily be done. In shrink_folio_list(), there are actually three cases (something different is done for incompletely invalidated buffers), but filemap_release_folio() elides two of them. In shrink_active_list(), we don't have have the folio lock yet, so the check allows us to avoid locking the page unnecessarily. A wrapper function to check if a folio needs release is provided for those places that still need to do it in the mm/ directory. This will acquire additional parts to the condition in a future patch. After this, the only remaining caller of folio_has_private() outside of mm/ is a check in fuse. Link: https://lkml.kernel.org/r/20230628104852.3391651-1-dhowells@redhat.com Link: https://lkml.kernel.org/r/20230628104852.3391651-2-dhowells@redhat.com Reported-by: Rohith Surabattula <rohiths.msft@gmail.com> Suggested-by: Matthew Wilcox <willy@infradead.org> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Steve French <sfrench@samba.org> Cc: Shyam Prasad N <nspmangalore@gmail.com> Cc: Rohith Surabattula <rohiths.msft@gmail.com> Cc: Dave Wysochanski <dwysocha@redhat.com> Cc: Dominique Martinet <asmadeus@codewreck.org> Cc: Ilya Dryomov <idryomov@gmail.com> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Xiubo Li <xiubli@redhat.com> Cc: Jingbo Xu <jefflexu@linux.alibaba.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: 1898efcdbed3 ("block: update the stable_writes flag in bdev_add") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Vishal Moola (Oracle)
|
4c78612e5f |
ext4: convert move_extent_per_page() to use folios
[ Upstream commit 6dd8fe86fa84729538d8bed3149faf9c5886bb5b ] Patch series "Removing the try_to_release_page() wrapper", v3. This patchset replaces the remaining calls of try_to_release_page() with the folio equivalent: filemap_release_folio(). This allows us to remove the wrapper. This patch (of 4): Convert move_extent_per_page() to use folios. This change removes 5 calls to compound_head() and is in preparation for the removal of the try_to_release_page() wrapper. Link: https://lkml.kernel.org/r/20221118073055.55694-1-vishal.moola@gmail.com Link: https://lkml.kernel.org/r/20221118073055.55694-2-vishal.moola@gmail.com Signed-off-by: Vishal Moola (Oracle) <vishal.moola@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: 1898efcdbed3 ("block: update the stable_writes flag in bdev_add") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
0b071a3266 |
ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS
commit 2dcf5fde6dffb312a4bfb8ef940cea2d1f402e32 upstream. For files with logical blocks close to EXT_MAX_BLOCKS, the file size predicted in ext4_mb_normalize_request() may exceed EXT_MAX_BLOCKS. This can cause some blocks to be preallocated that will not be used. And after [Fixes], the following issue may be triggered: ========================================================= kernel BUG at fs/ext4/mballoc.c:4653! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 1 PID: 2357 Comm: xfs_io 6.7.0-rc2-00195-g0f5cc96c367f Hardware name: linux,dummy-virt (DT) pc : ext4_mb_use_inode_pa+0x148/0x208 lr : ext4_mb_use_inode_pa+0x98/0x208 Call trace: ext4_mb_use_inode_pa+0x148/0x208 ext4_mb_new_inode_pa+0x240/0x4a8 ext4_mb_use_best_found+0x1d4/0x208 ext4_mb_try_best_found+0xc8/0x110 ext4_mb_regular_allocator+0x11c/0xf48 ext4_mb_new_blocks+0x790/0xaa8 ext4_ext_map_blocks+0x7cc/0xd20 ext4_map_blocks+0x170/0x600 ext4_iomap_begin+0x1c0/0x348 ========================================================= Here is a calculation when adjusting ac_b_ex in ext4_mb_new_inode_pa(): ex.fe_logical = orig_goal_end - EXT4_C2B(sbi, ex.fe_len); if (ac->ac_o_ex.fe_logical >= ex.fe_logical) goto adjust_bex; The problem is that when orig_goal_end is subtracted from ac_b_ex.fe_len it is still greater than EXT_MAX_BLOCKS, which causes ex.fe_logical to overflow to a very small value, which ultimately triggers a BUG_ON in ext4_mb_new_inode_pa() because pa->pa_free < len. The last logical block of an actual write request does not exceed EXT_MAX_BLOCKS, so in ext4_mb_normalize_request() also avoids normalizing the last logical block to exceed EXT_MAX_BLOCKS to avoid the above issue. The test case in [Link] can reproduce the above issue with 64k block size. Link: https://patchwork.kernel.org/project/fstests/list/?series=804003 Cc: <stable@kernel.org> # 6.4 Fixes: 93cdf49f6eca ("ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()") Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20231127063313.3734294-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jan Kara
|
8925ab33b3 |
ext4: fix warning in ext4_dio_write_end_io()
[ Upstream commit 619f75dae2cf117b1d07f27b046b9ffb071c4685 ]
The syzbot has reported that it can hit the warning in
ext4_dio_write_end_io() because i_size < i_disksize. Indeed the
reproducer creates a race between DIO IO completion and truncate
expanding the file and thus ext4_dio_write_end_io() sees an inconsistent
inode state where i_disksize is already updated but i_size is not
updated yet. Since we are careful when setting up DIO write and consider
it extending (and thus performing the IO synchronously with i_rwsem held
exclusively) whenever it goes past either of i_size or i_disksize, we
can use the same test during IO completion without risking entering
ext4_handle_inode_extension() without i_rwsem held. This way we make it
obvious both i_size and i_disksize are large enough when we report DIO
completion without relying on unreliable WARN_ON.
Reported-by: <syzbot+47479b71cdfc78f56d30@syzkaller.appspotmail.com>
Fixes: 91562895f803 ("ext4: properly sync file size update after O_SYNC direct IO")
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20231130095653.22679-1-jack@suse.cz
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
ee16988743 |
Merge 6.1.65 into android14-6.1-lts
Changes in 6.1.65 afs: Fix afs_server_list to be cleaned up with RCU afs: Make error on cell lookup failure consistent with OpenAFS drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence drm/panel: auo,b101uan08.3: Fine tune the panel power sequence drm/panel: simple: Fix Innolux G101ICE-L01 bus flags drm/panel: simple: Fix Innolux G101ICE-L01 timings wireguard: use DEV_STATS_INC() octeontx2-pf: Fix memory leak during interface down ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/i915: do not clean GT table on error path drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full HID: fix HID device resource race between HID core and debugging support ipv4: Correct/silence an endian warning in __ip_do_redirect net: usb: ax88179_178a: fix failed operations during ax88179_reset net/smc: avoid data corruption caused by decline arm/xen: fix xen_vcpu_info allocation alignment octeontx2-pf: Fix ntuple rule creation to direct packet to VF with higher Rx queue than its PF amd-xgbe: handle corner-case during sfp hotplug amd-xgbe: handle the corner-case during tx completion amd-xgbe: propagate the correct speed and duplex status net: axienet: Fix check for partial TX checksum afs: Return ENOENT if no cell DNS record can be found afs: Fix file locking on R/O volumes to operate in local mode mm,kfence: decouple kfence from page granularity mapping judgement arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y i40e: use ERR_PTR error print in i40e messages i40e: Fix adding unsupported cloud filters nvmet: nul-terminate the NQNs passed in the connect command USB: dwc3: qcom: fix resource leaks on probe deferral USB: dwc3: qcom: fix ACPI platform device leak lockdep: Fix block chain corruption cifs: minor cleanup of some headers smb3: allow dumping session and tcon id to improve stats analysis and debugging cifs: print last update time for interface list cifs: distribute channels across interfaces based on speed cifs: account for primary channel in the interface list cifs: fix leak of iface for primary channel MIPS: KVM: Fix a build warning about variable set but not used media: camss: Split power domain management media: camss: Convert to platform remove callback returning void media: qcom: Initialise V4L2 async notifier later media: qcom: camss: Fix V4L2 async notifier error path media: qcom: camss: Fix genpd cleanup ext4: add a new helper to check if es must be kept ext4: factor out __es_alloc_extent() and __es_free_extent() ext4: use pre-allocated es in __es_insert_extent() ext4: use pre-allocated es in __es_remove_extent() ext4: using nofail preallocation in ext4_es_remove_extent() ext4: using nofail preallocation in ext4_es_insert_delayed_block() ext4: using nofail preallocation in ext4_es_insert_extent() ext4: fix slab-use-after-free in ext4_es_insert_extent() ext4: make sure allocate pending entry not fail NFSD: Fix "start of NFS reply" pointer passed to nfsd_cache_update() NFSD: Fix checksum mismatches in the duplicate reply cache arm64: dts: imx8mn-var-som: add 20ms delay to ethernet regulator enable ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA swiotlb-xen: provide the "max_mapping_size" method bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() md: fix bi_status reporting in md_end_clone_io bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race io_uring/fs: consider link->flags when getting path for LINKAT s390/dasd: protect device queue against concurrent access USB: serial: option: add Luat Air72*U series products hv_netvsc: fix race of netvsc and VF register_netdevice hv_netvsc: Fix race of register_netdevice_notifier and VF register hv_netvsc: Mark VF as slave before exposing it to user-mode dm-delay: fix a race between delay_presuspend and delay_bio bcache: check return value from btree_node_alloc_replacement() bcache: prevent potential division by zero error bcache: fixup init dirty data errors bcache: fixup lock c->root error usb: cdnsp: Fix deadlock issue during using NCM gadget USB: serial: option: add Fibocom L7xx modules USB: serial: option: fix FM101R-GL defines USB: serial: option: don't claim interface 4 for ZTE MF290 usb: typec: tcpm: Skip hard reset when in error recovery USB: dwc2: write HCINT with INTMASK applied usb: dwc3: Fix default mode initialization usb: dwc3: set the dma max_seg_size USB: dwc3: qcom: fix software node leak on probe errors USB: dwc3: qcom: fix wakeup after probe deferral io_uring: fix off-by one bvec index Linux 6.1.65 Change-Id: Iea9267bee56905028a77d03c7fad8def8969246e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
f1bc13cb9d |
This is the 6.1.64 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmHpsACgkQONu9yGCS aT5uvw//SzcE0GImnHnfeN7iXtpFE9O0fhTxsjZCi8/HTXmGWPtQgWscd9y81bAd EHBVr456GXqd6KuIF+03g/r/FYinwWqK375meLfaybw1vSBP+fZttrEGqz6nTnYD yqOxw2bqgz8Xjp63UeNHD6mifpBvVtuAvzrfO1E2Ie/U1OU2uKdjRRv0iijKNeWN liOYTXaddIkVfZR0z6dVTl0hb5dPWsxNmF77kfVpKz4ALIHJcO13DlUuKtQz6Sb6 0ElmJpuonHuUxHzb8e9LLsFy3IvbBqomSscwcd0tngtdUTzhMYFIZLjg2+WQ9Ovq raMGqvS/bKsoyoTBNKL83QB2NyXQb3vkfL0NgLsq9IwDl+r96mP9ctANYGwSjhND o/4sa/fbMFzeInA8Rzh7i56RCNstOBKApJPhBzWuY0f/6b1BZpvZaONyX3fFksWO dMeYT16GgO4lhQXnG3O6mtDT8eoZ1fLf7ZdGEZ2NktcOzXYelNc4aXJke7qdlIop CVxM+Ur+juj+DJymo59a6baXjEgIROdHq83N3CZwetGviPHneGqgYc0K7ETtA33H sH/0KGYAT8SzzjMlnXB0lpjp68WViJfzzo9Wxdf2aDZbL3SdI14GPKMUeDqqeSyU 8bB2Hb4ItccRFW9RriiE3BPGnLGu7PDTkn5TgXDG/bDX54Cb5DQ= =YPzI -----END PGP SIGNATURE----- Merge 6.1.64 into android14-6.1-lts Changes in 6.1.64 locking/ww_mutex/test: Fix potential workqueue corruption lib/generic-radix-tree.c: Don't overflow in peek() perf/core: Bail out early if the request AUX area is out of bound srcu: Fix srcu_struct node grpmask overflow on 64-bit systems selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware smp,csd: Throw an error if a CSD lock is stuck for too long cpu/hotplug: Don't offline the last non-isolated CPU workqueue: Provide one lock class key per work_on_cpu() callsite x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: plfxlc: fix clang-specific fortify warning wifi: mac80211_hwsim: fix clang-specific fortify warning wifi: mac80211: don't return unset power in ieee80211_get_tx_power() atl1c: Work around the DMA RX overflow issue bpf: Detect IP == ksym.end as part of BPF program wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_tx_queue_mapping net: annotate data-races around sk->sk_dst_pending_confirm wifi: ath10k: Don't touch the CE interrupt registers after power up vsock: read from socket's error queue bpf: Ensure proper register state printing for cond jumps Bluetooth: btusb: Add date->evt_skb is NULL check Bluetooth: Fix double free in hci_conn_cleanup ACPI: EC: Add quirk for HP 250 G7 Notebook PC tsnep: Fix tsnep_request_irq() format-overflow warning platform/chrome: kunit: initialize lock for fake ec_dev platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e drm/gma500: Fix call trace when psb_gem_mm_init() fails drm/komeda: drop all currently held locks if deadlock happens drm/amdgpu: not to save bo in the case of RAS err_event_athub drm/amdkfd: Fix a race condition of vram buffer unref in svm code drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments drm/amd/display: use full update for clip size increase of large plane source string.h: add array-wrappers for (v)memdup_user() kernel: kexec: copy user-array safely kernel: watch_queue: copy user-array safely drm_lease.c: copy user-array safely drm: vmwgfx_surface.c: copy user-array safely drm/msm/dp: skip validity check for DP CTS EDID checksum drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amdgpu: Fix potential null pointer derefernce drm/panel: fix a possible null pointer dereference drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference drm/radeon: fix a possible null pointer dereference drm/amdgpu/vkms: fix a possible null pointer dereference drm/panel: st7703: Pick different reset sequence drm/amdkfd: Fix shift out-of-bounds issue drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size selftests/efivarfs: create-read: fix a resource leak ASoC: soc-card: Add storage for PCI SSID ASoC: SOF: Pass PCI SSID to machine driver crypto: pcrypt - Fix hungtask for PADATA_RESET ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware RDMA/hfi1: Use FIELD_GET() to extract Link Width scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround ARM: 9320/1: fix stack depot IRQ stack filter ALSA: hda: Fix possible null-ptr-deref when assigning a stream PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields PCI: mvebu: Use FIELD_PREP() with Link Width atm: iphase: Do PCI error checks on own line PCI: Do error check on own line to split long "if" conditions scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() PCI: Use FIELD_GET() to extract Link Width PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk crypto: hisilicon/qm - prevent soft lockup in receive loop HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W exfat: support handle zero-size directory mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager tty: vcc: Add check for kstrdup() in vcc_probe() usb: dwc3: core: configure TX/RX threshold for DWC3_IP soundwire: dmi-quirks: update HP Omen match f2fs: fix error handling of __get_node_page usb: gadget: f_ncm: Always set current gadget in ncm_bind() 9p/trans_fd: Annotate data-racy writes to file::f_flags 9p: v9fs_listxattr: fix %s null argument warning i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler i2c: fix memleak in i2c_new_client_device() i2c: sun6i-p2wi: Prevent potential division by zero virtio-blk: fix implicit overflow on virtio_max_dma_size i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes gfs2: fix an oops in gfs2_permission media: cobalt: Use FIELD_GET() to extract Link Width media: ccs: Fix driver quirk struct documentation media: imon: fix access to invalid resource for the second interface drm/amd/display: Avoid NULL dereference of timing generator kgdb: Flush console before entering kgdb on panic i2c: dev: copy userspace array safely ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings drm/qxl: prevent memory leak ALSA: hda/realtek: Add quirk for ASUS UX7602ZM drm/amdgpu: fix software pci_unplug on some chips pwm: Fix double shift bug mtd: rawnand: tegra: add missing check for platform_get_irq() wifi: iwlwifi: Use FW rate for non-data frames sched/core: Optimize in_task() and in_interrupt() a bit SUNRPC: ECONNRESET might require a rebind mtd: rawnand: intel: check return value of devm_kasprintf() mtd: rawnand: meson: check return value of devm_kasprintf() NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking SUNRPC: Add an IS_ERR() check back to where it was NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO SUNRPC: Fix RPC client cleaned up the freed pipefs dentries gfs2: Silence "suspicious RCU usage in gfs2_permission" warning vhost-vdpa: fix use after free in vhost_vdpa_probe() net: set SOCK_RCU_FREE before inserting socket into hashtable ipvlan: add ipvlan_route_v6_outbound() helper tty: Fix uninit-value access in ppp_sync_receive() net: hns3: fix add VLAN fail issue net: hns3: add barrier in vf mailbox reply process net: hns3: fix incorrect capability bit display for copper port net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() net: hns3: fix VF reset fail issue net: hns3: fix VF wrong speed and duplex issue tipc: Fix kernel-infoleak due to uninitialized TLV value net: mvneta: fix calls to page_pool_get_stats ppp: limit MRU to 64K xen/events: fix delayed eoi list handling ptp: annotate data-race around q->head and q->tail bonding: stop the device in bond_setup_by_slave() net: ethernet: cortina: Fix max RX frame define net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix MTU max setting af_unix: fix use-after-free in unix_stream_read_actor() netfilter: nf_conntrack_bridge: initialize err to 0 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() net: stmmac: fix rx budget limit check net: stmmac: avoid rx queue overrun net/mlx5e: fix double free of encap_header net/mlx5e: fix double free of encap_header in update funcs net/mlx5e: Fix pedit endianness net/mlx5e: Reduce the size of icosq_str net/mlx5e: Check return value of snprintf writing to fw_version buffer net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors macvlan: Don't propagate promisc change to lower dev in passthru tools/power/turbostat: Fix a knl bug tools/power/turbostat: Enable the C-state Pre-wake printing cifs: spnego: add ';' in HOST_KEY_LEN cifs: fix check of rc in function generate_smb3signingkey i915/perf: Fix NULL deref bugs with drm_dbg() calls media: venus: hfi: add checks to perform sanity on queue pointers perf intel-pt: Fix async branch flags powerpc/perf: Fix disabling BHRB and instruction sampling randstruct: Fix gcc-plugin performance mode to stay in group bpf: Fix check_stack_write_fixed_off() to correctly spill imm bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END scsi: mpt3sas: Fix loop logic scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers scsi: qla2xxx: Fix system crash due to bad pointer access crypto: x86/sha - load modules based on CPU features x86/cpu/hygon: Fix the CPU topology evaluation for real KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space KVM: x86: Ignore MSR_AMD64_TW_CFG access KVM: x86: Clear bit12 of ICR after APIC-write VM-exit audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() proc: sysctl: prevent aliased sysctls from getting passed to init tty/sysrq: replace smp_processor_id() with get_cpu() tty: serial: meson: fix hard LOCKUP on crtscts mode hvc/xen: fix console unplug hvc/xen: fix error path in xen_hvc_init() to always register frontend driver hvc/xen: fix event channel handling for secondary consoles PCI/sysfs: Protect driver's D3cold preference from user space mm/damon/sysfs: remove requested targets when online-commit inputs mm/damon/sysfs: update monitoring target regions for online input commit watchdog: move softlockup_panic back to early_param mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation mm/damon/ops-common: avoid divide-by-zero during region hotness calculation mm/damon: implement a function for max nr_accesses safe calculation mm/damon/sysfs: check error from damon_sysfs_update_target() ACPI: resource: Do IRQ override on TongFang GMxXGxx regmap: Ensure range selector registers are updated after cache sync wifi: ath11k: fix temperature event locking wifi: ath11k: fix dfs radar event locking wifi: ath11k: fix htt pktlog locking wifi: ath11k: fix gtk offload status event locking mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware KEYS: trusted: tee: Refactor register SHM usage KEYS: trusted: Rollback init_trusted() consistently PCI: keystone: Don't discard .remove() callback PCI: keystone: Don't discard .probe() callback arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer parisc/pdc: Add width field to struct pdc_model parisc/power: Add power soft-off when running on qemu clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks ksmbd: handle malformed smb1 message ksmbd: fix slab out of bounds write in smb_inherit_dacl() mmc: vub300: fix an error code mmc: sdhci_am654: fix start loop index for TAP value parsing mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() PCI: kirin: Don't discard .remove() callback PCI: exynos: Don't discard .remove() callback wifi: wilc1000: use vmm_table as array in wilc struct svcrdma: Drop connection after an RDMA Read error rcu/tree: Defer setting of jiffies during stall reset arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects btrfs: don't arbitrarily slow down delalloc if we're committing arm64: dts: qcom: ipq8074: Fix hwlock index for SMEM firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit ACPI: FPDT: properly handle invalid FPDT subtables arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size mfd: qcom-spmi-pmic: Fix reference leaks in revid helper mfd: qcom-spmi-pmic: Fix revid implementation ima: annotate iint mutex to avoid lockdep false positive warnings ima: detect changes to the backing overlay file netfilter: nf_tables: remove catchall element in GC sync path netfilter: nf_tables: split async and sync catchall in two functions selftests/resctrl: Remove duplicate feature check from CMT test selftests/resctrl: Move _GNU_SOURCE define into Makefile selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests hid: lenovo: Resend all settings on reset_resume for compact keyboards ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev quota: explicitly forbid quota files from being encrypted kernel/reboot: emergency_restart: Set correct system_state i2c: core: Run atomic i2c xfer when !preemptible tracing: Have the user copy of synthetic event address use correct context driver core: Release all resources during unbind before updating device links mcb: fix error handling for different scenarios when parsing dmaengine: stm32-mdma: correct desc prep when channel running s390/cmma: fix detection of DAT pages mm/cma: use nth_page() in place of direct struct page manipulation mm/memory_hotplug: use pfn math in place of direct struct page manipulation mtd: cfi_cmdset_0001: Byte swap OTP info i3c: master: cdns: Fix reading status register i3c: master: svc: fix race condition in ibi work thread i3c: master: svc: fix wrong data return when IBI happen during start frame i3c: master: svc: fix ibi may not return mandatory data byte i3c: master: svc: fix check wrong status register in irq handler i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address parisc/power: Fix power soft-off when running on qemu xhci: Enable RPM on controllers that support low-power states fs: add ctime accessors infrastructure smb3: fix creating FIFOs when mounting with "sfu" mount option smb3: fix touch -h of symlink smb3: fix caching of ctime on setxattr smb: client: fix use-after-free bug in cifs_debug_data_proc_show() smb: client: fix potential deadlock when releasing mids cifs: reconnect helper should set reconnect for the right channel cifs: force interface update before a fresh session setup cifs: do not reset chan_max if multichannel is not supported at mount xfs: recovery should not clear di_flushiter unconditionally btrfs: zoned: wait for data BG to be finished on direct IO allocation ALSA: info: Fix potential deadlock at disconnection ALSA: hda/realtek: Enable Mute LED on HP 255 G8 ALSA: hda/realtek - Add Dell ALC295 to pin fall back table ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC ALSA: hda/realtek: Enable Mute LED on HP 255 G10 ALSA: hda/realtek: Add quirks for HP Laptops pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable pmdomain: imx: Make imx pgc power domain also set the fwnode cpufreq: stats: Fix buffer overflow detection in trans_stats() clk: visconti: remove unused visconti_pll_provider::regmap clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 bluetooth: Add device 0bda:887b to device tables bluetooth: Add device 13d3:3571 to device tables Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE drm/amd/display: enable dsc_clk even if dsc_pg disabled cxl/region: Validate region mode vs decoder mode cxl/region: Cleanup target list on attach error cxl/region: Move region-position validation to a helper cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails i3c: master: svc: add NACK check after start byte sent i3c: master: svc: fix random hot join failure since timeout error cxl: Unify debug messages when calling devm_cxl_add_port() cxl/mem: Move devm_cxl_add_endpoint() from cxl_core to cxl_mem tools/testing/cxl: Define a fixed volatile configuration to parse cxl/region: Fix x1 root-decoder granularity calculations Revert ncsi: Propagate carrier gain/loss events to the NCSI controller Revert "i2c: pxa: move to generic GPIO recovery" lsm: fix default return value for vm_enough_memory lsm: fix default return value for inode_getsecctx sbsa_gwdt: Calculate timeout with 64-bit math i2c: designware: Disable TX_EMPTY irq while waiting for block length byte s390/ap: fix AP bus crash on early config change callback invocation net: ethtool: Fix documentation of ethtool_sprintf() net: dsa: lan9303: consequently nested-lock physical MDIO net: phylink: initialize carrier state at creation i2c: i801: fix potential race in i801_block_transaction_byte_by_byte f2fs: do not return EFSCORRUPTED, but try to run online repair f2fs: avoid format-overflow warning media: lirc: drop trailing space from scancode transmit media: sharp: fix sharp encoding media: venus: hfi_parser: Add check to keep the number of codecs within range media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi: add checks to handle capabilities from firmware media: ccs: Correctly initialise try compose rectangle drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection drm/mediatek/dp: fix memory leak on ->get_edid callback error path dm-verity: don't use blocking calls from tasklets nfsd: fix file memleak on client_opens_release LoongArch: Mark __percpu functions as always inline riscv: mm: Update the comment of CONFIG_PAGE_OFFSET riscv: correct pt_level name via pgtable_l5/4_enabled riscv: kprobes: allow writing to x0 mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 mm: fix for negative counter: nr_file_hugepages mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors mptcp: deal with large GSO size mptcp: add validity check for sending RM_ADDR mptcp: fix setsockopt(IP_TOS) subflow locking r8169: fix network lost after resume on DASH systems r8169: add handling DASH when DASH is disabled mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER media: qcom: camss: Fix pm_domain_on sequence in probe media: qcom: camss: Fix vfe_get() error jump media: qcom: camss: Fix VFE-17x vfe_disable_output() media: qcom: camss: Fix VFE-480 vfe_disable_output() media: qcom: camss: Fix missing vfe_lite clocks check media: qcom: camss: Fix invalid clock enable bit disjunction media: qcom: camss: Fix csid-gen2 for test pattern generator Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: mark buffer new if it is unwritten to avoid stale data exposure ext4: correct return value of ext4_convert_meta_bg ext4: correct the start block of counting reserved clusters ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: add missed brelse in update_backups ext4: properly sync file size update after O_SYNC direct IO drm/amd/pm: Handle non-terminated overdrive commands. drm/i915: Bump GLK CDCLK frequency when driving multiple pipes drm/i915: Fix potential spectre vulnerability drm/amd/pm: Fix error of MACO flag setting code drm/amdgpu/smu13: drop compute workload workaround drm/amdgpu: don't use pci_is_thunderbolt_attached() drm/amdgpu: don't use ATRM for external devices drm/amdgpu: fix error handling in amdgpu_bo_list_get() drm/amdgpu: lower CS errors to debug severity drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() drm/amd/display: Enable fast plane updates on DCN3.2 and above drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox powerpc/powernv: Fix fortify source warnings in opal-prd.c tracing: Have trace_event_file have ref counters Input: xpad - add VID for Turtle Beach controllers mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER cxl/port: Fix NULL pointer access in devm_cxl_add_port() RISC-V: drop error print from riscv_hartid_to_cpuid() Linux 6.1.64 Change-Id: I9284282aeae5d0f9da957a58147efe0114f8e60a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
0c2e40b9a3 |
Merge branch 'android14-6.1' into branch 'android14-6.1-lts'
This catches the android14-6.1-lts branch up with the latest changes in the android14-6.1 branch, including a number of important symbols being added for tracking. This includes the following commits: * |
||
Eric Biggers
|
6b972d6047 |
BACKPORT: fscrypt: support crypto data unit size less than filesystem block size
Until now, fscrypt has always used the filesystem block size as the granularity of file contents encryption. Two scenarios have come up where a sub-block granularity of contents encryption would be useful: 1. Inline crypto hardware that only supports a crypto data unit size that is less than the filesystem block size. 2. Support for direct I/O at a granularity less than the filesystem block size, for example at the block device's logical block size in order to match the traditional direct I/O alignment requirement. (1) first came up with older eMMC inline crypto hardware that only supports a crypto data unit size of 512 bytes. That specific case ultimately went away because all systems with that hardware continued using out of tree code and never actually upgraded to the upstream inline crypto framework. But, now it's coming back in a new way: some current UFS controllers only support a data unit size of 4096 bytes, and there is a proposal to increase the filesystem block size to 16K. (2) was discussed as a "nice to have" feature, though not essential, when support for direct I/O on encrypted files was being upstreamed. Still, the fact that this feature has come up several times does suggest it would be wise to have available. Therefore, this patch implements it by using one of the reserved bytes in fscrypt_policy_v2 to allow users to select a sub-block data unit size. Supported data unit sizes are powers of 2 between 512 and the filesystem block size, inclusively. Support is implemented for both the FS-layer and inline crypto cases. This patch focuses on the basic support for sub-block data units. Some things are out of scope for this patch but may be addressed later: - Supporting sub-block data units in combination with FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, in most cases. Unfortunately this combination usually causes data unit indices to exceed 32 bits, and thus fscrypt_supported_policy() correctly disallows it. The users who potentially need this combination are using f2fs. To support it, f2fs would need to provide an option to slightly reduce its max file size. - Supporting sub-block data units in combination with FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32. This has the same problem described above, but also it will need special code to make DUN wraparound still happen on a FS block boundary. - Supporting use case (2) mentioned above. The encrypted direct I/O code will need to stop requiring and assuming FS block alignment. This won't be hard, but it belongs in a separate patch. - Supporting this feature on filesystems other than ext4 and f2fs. (Filesystems declare support for it via their fscrypt_operations.) On UBIFS, sub-block data units don't make sense because UBIFS encrypts variable-length blocks as a result of compression. CephFS could support it, but a bit more work would be needed to make the fscrypt_*_block_inplace functions play nicely with sub-block data units. I don't think there's a use case for this on CephFS anyway. Link: https://lore.kernel.org/r/20230925055451.59499-6-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Bug: 299136786 Bug: 302588300 (cherry picked from commit 5b11888471806edf699316d4dcb9b426caebbef2) (Reworked this commit to not change struct fscrypt_operations and not depend on other commits that changed struct fscrypt_operations. Also resolved conflicts with the HW-wrapped key support.) Change-Id: Ic3dc56ef3f42d123f812e9037e2cc6f0b24bacc1 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
Zhang Yi
|
d7eb37615b |
ext4: make sure allocate pending entry not fail
[ Upstream commit 8e387c89e96b9543a339f84043cf9df15fed2632 ] __insert_pending() allocate memory in atomic context, so the allocation could fail, but we are not handling that failure now. It could lead ext4_es_remove_extent() to get wrong reserved clusters, and the global data blocks reservation count will be incorrect. The same to extents_status entry preallocation, preallocate pending entry out of the i_es_lock with __GFP_NOFAIL, make sure __insert_pending() and __revise_pending() always succeeds. Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Cc: stable@kernel.org Link: https://lore.kernel.org/r/20230824092619.1327976-3-yi.zhang@huaweicloud.com Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
8384d8c5cc |
ext4: fix slab-use-after-free in ext4_es_insert_extent()
[ Upstream commit 768d612f79822d30a1e7d132a4d4b05337ce42ec ] Yikebaer reported an issue: ================================================================== BUG: KASAN: slab-use-after-free in ext4_es_insert_extent+0xc68/0xcb0 fs/ext4/extents_status.c:894 Read of size 4 at addr ffff888112ecc1a4 by task syz-executor/8438 CPU: 1 PID: 8438 Comm: syz-executor Not tainted 6.5.0-rc5 #1 Call Trace: [...] kasan_report+0xba/0xf0 mm/kasan/report.c:588 ext4_es_insert_extent+0xc68/0xcb0 fs/ext4/extents_status.c:894 ext4_map_blocks+0x92a/0x16f0 fs/ext4/inode.c:680 ext4_alloc_file_blocks.isra.0+0x2df/0xb70 fs/ext4/extents.c:4462 ext4_zero_range fs/ext4/extents.c:4622 [inline] ext4_fallocate+0x251c/0x3ce0 fs/ext4/extents.c:4721 [...] Allocated by task 8438: [...] kmem_cache_zalloc include/linux/slab.h:693 [inline] __es_alloc_extent fs/ext4/extents_status.c:469 [inline] ext4_es_insert_extent+0x672/0xcb0 fs/ext4/extents_status.c:873 ext4_map_blocks+0x92a/0x16f0 fs/ext4/inode.c:680 ext4_alloc_file_blocks.isra.0+0x2df/0xb70 fs/ext4/extents.c:4462 ext4_zero_range fs/ext4/extents.c:4622 [inline] ext4_fallocate+0x251c/0x3ce0 fs/ext4/extents.c:4721 [...] Freed by task 8438: [...] kmem_cache_free+0xec/0x490 mm/slub.c:3823 ext4_es_try_to_merge_right fs/ext4/extents_status.c:593 [inline] __es_insert_extent+0x9f4/0x1440 fs/ext4/extents_status.c:802 ext4_es_insert_extent+0x2ca/0xcb0 fs/ext4/extents_status.c:882 ext4_map_blocks+0x92a/0x16f0 fs/ext4/inode.c:680 ext4_alloc_file_blocks.isra.0+0x2df/0xb70 fs/ext4/extents.c:4462 ext4_zero_range fs/ext4/extents.c:4622 [inline] ext4_fallocate+0x251c/0x3ce0 fs/ext4/extents.c:4721 [...] ================================================================== The flow of issue triggering is as follows: 1. remove es raw es es removed es1 |-------------------| -> |----|.......|------| 2. insert es es insert es1 merge with es es1 merge with es and free es1 |----|.......|------| -> |------------|------| -> |-------------------| es merges with newes, then merges with es1, frees es1, then determines if es1->es_len is 0 and triggers a UAF. The code flow is as follows: ext4_es_insert_extent es1 = __es_alloc_extent(true); es2 = __es_alloc_extent(true); __es_remove_extent(inode, lblk, end, NULL, es1) __es_insert_extent(inode, &newes, es1) ---> insert es1 to es tree __es_insert_extent(inode, &newes, es2) ext4_es_try_to_merge_right ext4_es_free_extent(inode, es1) ---> es1 is freed if (es1 && !es1->es_len) // Trigger UAF by determining if es1 is used. We determine whether es1 or es2 is used immediately after calling __es_remove_extent() or __es_insert_extent() to avoid triggering a UAF if es1 or es2 is freed. Reported-by: Yikebaer Aizezi <yikebaer61@gmail.com> Closes: https://lore.kernel.org/lkml/CALcu4raD4h9coiyEBL4Bm0zjDwxC2CyPiTwsP3zFuhot6y9Beg@mail.gmail.com Fixes: 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") Cc: stable@kernel.org Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230815070808.3377171-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
9164978bce |
ext4: using nofail preallocation in ext4_es_insert_extent()
[ Upstream commit 2a69c450083db164596c75c0f5b4d9c4c0e18eba ] Similar to in ext4_es_insert_delayed_block(), we use preallocations that do not fail to avoid inconsistencies, but we do not care about es that are not must be kept, and we return 0 even if such es memory allocation fails. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-9-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
614b383d01 |
ext4: using nofail preallocation in ext4_es_insert_delayed_block()
[ Upstream commit 4a2d98447b37bcb68a7f06a1078edcb4f7e6ce7e ] Similar to in ext4_es_remove_extent(), we use a no-fail preallocation to avoid inconsistencies, except that here we may have to preallocate two extent_status. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-8-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
51cef2a5c6 |
ext4: using nofail preallocation in ext4_es_remove_extent()
[ Upstream commit e9fe2b882bd5b26b987c9ba110c2222796f72af5 ] If __es_remove_extent() returns an error it means that when splitting extent, allocating an extent that must be kept failed, where returning an error directly would cause the extent tree to be inconsistent. So we use GFP_NOFAIL to pre-allocate an extent_status and pass it to __es_remove_extent() to avoid this problem. In addition, since the allocated memory is outside the i_es_lock, the extent_status tree may change and the pre-allocated extent_status is no longer needed, so we release the pre-allocated extent_status when es->es_len is not initialized. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-7-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
f1c2369366 |
ext4: use pre-allocated es in __es_remove_extent()
[ Upstream commit bda3efaf774fb687c2b7a555aaec3006b14a8857 ] When splitting extent, if the second extent can not be dropped, we return -ENOMEM and use GFP_NOFAIL to preallocate an extent_status outside of i_es_lock and pass it to __es_remove_extent() to be used as the second extent. This ensures that __es_remove_extent() is executed successfully, thus ensuring consistency in the extent status tree. If the second extent is not undroppable, we simply drop it and return 0. Then retry is no longer necessary, remove it. Now, __es_remove_extent() will always remove what it should, maybe more. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-6-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
ce581f8631 |
ext4: use pre-allocated es in __es_insert_extent()
[ Upstream commit 95f0b320339a977cf69872eac107122bf536775d ] Pass a extent_status pointer prealloc to __es_insert_extent(). If the pointer is non-null, it is used directly when a new extent_status is needed to avoid memory allocation failures. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
594a5f00e5 |
ext4: factor out __es_alloc_extent() and __es_free_extent()
[ Upstream commit 73a2f033656be11298912201ad50615307b4477a ] Factor out __es_alloc_extent() and __es_free_extent(), which only allocate and free extent_status in these two helpers. The ext4_es_alloc_extent() function is split into __es_alloc_extent() and ext4_es_init_extent(). In __es_alloc_extent() we allocate memory using GFP_KERNEL | __GFP_NOFAIL | __GFP_ZERO if the memory allocation cannot fail, otherwise we use GFP_ATOMIC. and the ext4_es_init_extent() is used to initialize extent_status and update related variables after a successful allocation. This is to prepare for the use of pre-allocated extent_status later. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-4-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Baokun Li
|
9381ff6512 |
ext4: add a new helper to check if es must be kept
[ Upstream commit 9649eb18c6288f514cacffdd699d5cd999c2f8f6 ] In the extent status tree, we have extents which we can just drop without issues and extents we must not drop - this depends on the extent's status - currently ext4_es_is_delayed() extents must stay, others may be dropped. A helper function is added to help determine if the current extent can be dropped, although only ext4_es_is_delayed() extents cannot be dropped currently. Suggested-by: Jan Kara <jack@suse.cz> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230424033846.4732-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jan Kara
|
dc4542861e |
ext4: properly sync file size update after O_SYNC direct IO
commit 91562895f8030cb9a0470b1db49de79346a69f91 upstream.
Gao Xiang has reported that on ext4 O_SYNC direct IO does not properly
sync file size update and thus if we crash at unfortunate moment, the
file can have smaller size although O_SYNC IO has reported successful
completion. The problem happens because update of on-disk inode size is
handled in ext4_dio_write_iter() *after* iomap_dio_rw() (and thus
dio_complete() in particular) has returned and generic_file_sync() gets
called by dio_complete(). Fix the problem by handling on-disk inode size
update directly in our ->end_io completion handler.
References: https://lore.kernel.org/all/02d18236-26ef-09b0-90ad-030c4fe3ee20@linux.alibaba.com
Reported-by: Gao Xiang <hsiangkao@linux.alibaba.com>
CC: stable@vger.kernel.org
Fixes:
|
||
Kemeng Shi
|
e1d0f68bc0 |
ext4: add missed brelse in update_backups
commit 9adac8b01f4be28acd5838aade42b8daa4f0b642 upstream. add missed brelse in update_backups Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Reviewed-by: Theodore Ts'o <tytso@mit.edu> Link: https://lore.kernel.org/r/20230826174712.4059355-3-shikemeng@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kemeng Shi
|
1793dc461e |
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
commit 40dd7953f4d606c280074f10d23046b6812708ce upstream.
Wrong check of gdb backup in meta bg as following:
first_group is the first group of meta_bg which contains target group, so
target group is always >= first_group. We check if target group has gdb
backup by comparing first_group with [group + 1] and [group +
EXT4_DESC_PER_BLOCK(sb) - 1]. As group >= first_group, then [group + N] is
> first_group. So no copy of gdb backup in meta bg is done in
setup_new_flex_group_blocks.
No need to do gdb backup copy in meta bg from setup_new_flex_group_blocks
as we always copy updated gdb block to backups at end of
ext4_flex_group_add as following:
ext4_flex_group_add
/* no gdb backup copy for meta bg any more */
setup_new_flex_group_blocks
/* update current group number */
ext4_update_super
sbi->s_groups_count += flex_gd->count;
/*
* if group in meta bg contains backup is added, the primary gdb block
* of the meta bg will be copy to backup in new added group here.
*/
for (; gdb_num <= gdb_num_end; gdb_num++)
update_backups(...)
In summary, we can remove wrong gdb backup copy code in
setup_new_flex_group_blocks.
Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20230826174712.4059355-5-shikemeng@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Zhang Yi
|
80ddcf21e7 |
ext4: correct the start block of counting reserved clusters
commit 40ea98396a3659062267d1fe5f99af4f7e4f05e3 upstream.
When big allocate feature is enabled, we need to count and update
reserved clusters before removing a delayed only extent_status entry.
{init|count|get}_rsvd() have already done this, but the start block
number of this counting isn't correct in the following case.
lblk end
| |
v v
-------------------------
| | orig_es
-------------------------
^ ^
len1 is 0 | len2 |
If the start block of the orig_es entry founded is bigger than lblk, we
passed lblk as start block to count_rsvd(), but the length is correct,
finally, the range to be counted is offset. This patch fix this by
passing the start blocks to 'orig_es->lblk + len1'.
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230824092619.1327976-2-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Kemeng Shi
|
ec4ba3d62f |
ext4: correct return value of ext4_convert_meta_bg
commit 48f1551592c54f7d8e2befc72a99ff4e47f7dca0 upstream. Avoid to ignore error in "err". Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Link: https://lore.kernel.org/r/20230826174712.4059355-4-shikemeng@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ojaswin Mujoo
|
32b9fb9a67 |
ext4: mark buffer new if it is unwritten to avoid stale data exposure
commit 2cd8bdb5efc1e0d5b11a4b7ba6b922fd2736a87f upstream.
** Short Version **
In ext4 with dioread_nolock, we could have a scenario where the bh returned by
get_blocks (ext4_get_block_unwritten()) in __block_write_begin_int() has
UNWRITTEN and MAPPED flag set. Since such a bh does not have NEW flag set we
never zero out the range of bh that is not under write, causing whatever stale
data is present in the folio at that time to be written out to disk. To fix this
mark the buffer as new, in case it is unwritten, in ext4_get_block_unwritten().
** Long Version **
The issue mentioned above was resulting in two different bugs:
1. On block size < page size case in ext4, generic/269 was reliably
failing with dioread_nolock. The state of the write was as follows:
* The write was extending i_size.
* The last block of the file was fallocated and had an unwritten extent
* We were near ENOSPC and hence we were switching to non-delayed alloc
allocation.
In this case, the back trace that triggers the bug is as follows:
ext4_da_write_begin()
/* switch to nodelalloc due to low space */
ext4_write_begin()
ext4_should_dioread_nolock() // true since mount flags still have delalloc
__block_write_begin(..., ext4_get_block_unwritten)
__block_write_begin_int()
for(each buffer head in page) {
/* first iteration, this is bh1 which contains i_size */
if (!buffer_mapped)
get_block() /* returns bh with only UNWRITTEN and MAPPED */
/* second iteration, bh2 */
if (!buffer_mapped)
get_block() /* we fail here, could be ENOSPC */
}
if (err)
/*
* this would zero out all new buffers and mark them uptodate.
* Since bh1 was never marked new, we skip it here which causes
* the bug later.
*/
folio_zero_new_buffers();
/* ext4_wrte_begin() error handling */
ext4_truncate_failed_write()
ext4_truncate()
ext4_block_truncate_page()
__ext4_block_zero_page_range()
if(!buffer_uptodate())
ext4_read_bh_lock()
ext4_read_bh() -> ... ext4_submit_bh_wbc()
BUG_ON(buffer_unwritten(bh)); /* !!! */
2. The second issue is stale data exposure with page size >= blocksize
with dioread_nolock. The conditions needed for it to happen are same as
the previous issue ie dioread_nolock around ENOSPC condition. The issue
is also similar where in __block_write_begin_int() when we call
ext4_get_block_unwritten() on the buffer_head and the underlying extent
is unwritten, we get an unwritten and mapped buffer head. Since it is
not new, we never zero out the partial range which is not under write,
thus writing stale data to disk. This can be easily observed with the
following reproducer:
fallocate -l 4k testfile
xfs_io -c "pwrite 2k 2k" testfile
# hexdump output will have stale data in from byte 0 to 2k in testfile
hexdump -C testfile
NOTE: To trigger this, we need dioread_nolock enabled and write happening via
ext4_write_begin(), which is usually used when we have -o nodealloc. Since
dioread_nolock is disabled with nodelalloc, the only alternate way to call
ext4_write_begin() is to ensure that delayed alloc switches to nodelalloc ie
ext4_da_write_begin() calls ext4_write_begin(). This will usually happen when
ext4 is almost full like the way generic/269 was triggering it in Issue 1 above.
This might make the issue harder to hit. Hence, for reliable replication, I used
the below patch to temporarily allow dioread_nolock with nodelalloc and then
mount the disk with -o nodealloc,dioread_nolock. With this you can hit the stale
data issue 100% of times:
@@ -508,8 +508,8 @@ static inline int ext4_should_dioread_nolock(struct inode *inode)
if (ext4_should_journal_data(inode))
return 0;
/* temporary fix to prevent generic/422 test failures */
- if (!test_opt(inode->i_sb, DELALLOC))
- return 0;
+ // if (!test_opt(inode->i_sb, DELALLOC))
+ // return 0;
return 1;
}
After applying this patch to mark buffer as NEW, both the above issues are
fixed.
Signed-off-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Cc: stable@kernel.org
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: "Ritesh Harjani (IBM)" <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/d0ed09d70a9733fbb5349c5c7b125caac186ecdf.1695033645.git.ojaswin@linux.ibm.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Kemeng Shi
|
f0cc1368fa |
ext4: correct offset of gdb backup in non meta_bg group to update_backups
commit 31f13421c004a420c0e9d288859c9ea9259ea0cc upstream.
Commit 0aeaa2559d6d5 ("ext4: fix corruption when online resizing a 1K
bigalloc fs") found that primary superblock's offset in its group is
not equal to offset of backup superblock in its group when block size
is 1K and bigalloc is enabled. As group descriptor blocks are right
after superblock, we can't pass block number of gdb to update_backups
for the same reason.
The root casue of the issue above is that leading 1K padding block is
count as data block offset for primary block while backup block has no
padding block offset in its group.
Remove padding data block count to fix the issue for gdb backups.
For meta_bg case, update_backups treat blk_off as block number, do no
conversion in this case.
Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Link: https://lore.kernel.org/r/20230826174712.4059355-2-shikemeng@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Max Kellermann
|
af075d06b3 |
ext4: apply umask if ACL support is disabled
commit 484fd6c1de13b336806a967908a927cc0356e312 upstream. The function ext4_init_acl() calls posix_acl_create() which is responsible for applying the umask. But without CONFIG_EXT4_FS_POSIX_ACL, ext4_init_acl() is an empty inline function, and nobody applies the umask. This fixes a bug which causes the umask to be ignored with O_TMPFILE on ext4: https://github.com/MusicPlayerDaemon/MPD/issues/558 https://bugs.gentoo.org/show_bug.cgi?id=686142#c3 https://bugzilla.kernel.org/show_bug.cgi?id=203625 Reviewed-by: "J. Bruce Fields" <bfields@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann@ionos.com> Link: https://lore.kernel.org/r/20230919081824.1096619-1-max.kellermann@ionos.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2b3ea8bdef |
This is the 6.1.63 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVbOmsACgkQONu9yGCS
aT5m1RAAx7hgbFDnLHCGh4YVBbNy8JngItsUBaJcI/67Mk5toNi0x8pqcS8mq7ED
GTwRnRcKaIR2bTyco5Ed2OZn4jMCyHC4oiyBZnHWg6AMuQjSCYzIgm7DzlTCVYZ7
2r8uRbt/uXADTILJ2kwR2mtVpGcwrXa+lsHrMqvt+MvNwRoSVHBHVVYCrAc+JXwR
GXCopzV/RFGS6w4SBsX0K+8pV7GO+bhpxJ1lPz1T/xeLYfT4C3EwSTWDbUXPbez7
IpJ+5yKJXXT9Xn9m/pekwZ/aOirLqtEbDxneEctsjvw140lCoQiEZn6ZRscgNEns
3H+J3Asgc2zXqPzfZFH02TebPj31B8HZ43Upu0okr0hr4A4/4JL9pjXEhm1bON/Z
x3jlTF4dyay4vOGGIEYOAuJSUbn6AqpZ318uBWCd3BSPocihEDMJz2aoazVHcb6k
83MVxfFfEL6s9utcoSXB8VjHa4FQmpMYsozegloUSJJCsizgdzmih0buJYhBB9sI
HbEohW+YAh3cACSn6arXUJIMH5F5xsfD89od2Pj+6UrapdlPz5gCaggA1RZplCho
bjGc1k61Rp2qSdfMEcx+h4ypgoOdhgqZI0YhYDCgBSRcWOXnGrDjFvnnumatcT+H
6vqyX6zlNt6U1NpE56Jtf7gt1Ds6PeoadD0L6B8vjXrkdeXOlUU=
=AZ9s
-----END PGP SIGNATURE-----
Merge 6.1.63 into android14-6.1-lts
Changes in 6.1.63
hwmon: (nct6775) Fix incorrect variable reuse in fan_div calculation
sched/fair: Fix cfs_rq_is_decayed() on !SMP
iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user()
sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0
objtool: Propagate early errors
sched: Fix stop_one_cpu_nowait() vs hotplug
vfs: fix readahead(2) on block devices
writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs
x86/srso: Fix SBPB enablement for (possible) future fixed HW
futex: Don't include process MM in futex key on no-MMU
x86/numa: Introduce numa_fill_memblks()
ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
x86/boot: Fix incorrect startup_gdt_descr.size
drivers/clocksource/timer-ti-dm: Don't call clk_get_rate() in stop function
pstore/platform: Add check for kstrdup
string: Adjust strtomem() logic to allow for smaller sources
genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
wifi: cfg80211: add flush functions for wiphy work
wifi: mac80211: move radar detect work to wiphy work
wifi: mac80211: move scan work to wiphy work
wifi: mac80211: move offchannel works to wiphy work
wifi: mac80211: move sched-scan stop work to wiphy work
wifi: mac80211: fix # of MSDU in A-MSDU calculation
wifi: iwlwifi: honor the enable_ini value
i40e: fix potential memory leaks in i40e_remove()
iavf: Fix promiscuous mode configuration flow messages
selftests/bpf: Correct map_fd to data_fd in tailcalls
udp: add missing WRITE_ONCE() around up->encap_rcv
tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
gve: Use size_add() in call to struct_size()
mlxsw: Use size_mul() in call to struct_size()
tls: Only use data field in crypto completion function
tls: Use size_add() in call to struct_size()
tipc: Use size_add() in calls to struct_size()
net: spider_net: Use size_add() in call to struct_size()
net: ethernet: mtk_wed: fix EXT_INT_STATUS_RX_FBUF definitions for MT7986 SoC
wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
wifi: ath11k: fix boot failure with one MSI vector
wifi: mt76: mt7603: rework/fix rx pse hang check
wifi: mt76: mt7603: improve watchdog reset reliablity
wifi: mt76: mt7603: improve stuck beacon handling
wifi: mt76: mt7915: fix beamforming availability check
wifi: ath: dfs_pattern_detector: Fix a memory initialization issue
tcp_metrics: add missing barriers on delete
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
tcp_metrics: do not create an entry from tcp_init_metrics()
wifi: rtlwifi: fix EDCA limit set by BT coexistence
ACPI: property: Allow _DSD buffer data only for byte accessors
ACPI: video: Add acpi_backlight=vendor quirk for Toshiba Portégé R100
wifi: ath11k: fix Tx power value during active CAC
can: dev: can_restart(): don't crash kernel if carrier is OK
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds
PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
wifi: wfx: fix case where rates are out of order
netfilter: nf_tables: Drop pointless memset when dumping rules
thermal: core: prevent potential string overflow
r8169: use tp_to_dev instead of open code
r8169: fix rare issue with broken rx after link-down on RTL8125
selftests: netfilter: test for sctp collision processing in nf_conntrack
net: skb_find_text: Ignore patterns extending past 'to'
chtls: fix tp->rcv_tstamp initialization
tcp: fix cookie_init_timestamp() overflows
wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues
wifi: iwlwifi: pcie: synchronize IRQs before NAPI
wifi: iwlwifi: empty overflow queue during flush
Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err
bpf: Fix unnecessary -EBUSY from htab_lock_bucket
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
ipv6: avoid atomic fragment on GSO packets
net: add DEV_STATS_READ() helper
ipvlan: properly track tx_errors
regmap: debugfs: Fix a erroneous check after snprintf()
spi: tegra: Fix missing IRQ check in tegra_slink_probe()
clk: qcom: gcc-msm8996: Remove RPM bus clocks
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks
clk: qcom: mmcc-msm8998: Fix the SMMU GDSC
clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
regulator: mt6358: Fail probe on unknown chip ID
clk: imx: Select MXC_CLK for CLK_IMX8QXP
clk: imx: imx8mq: correct error handling path
clk: imx: imx8qxp: Fix elcdif_pll clock
clk: renesas: rcar-gen3: Extend SDnH divider table
clk: renesas: rzg2l: Wait for status bit of SD mux before continuing
clk: renesas: rzg2l: Lock around writes to mux register
clk: renesas: rzg2l: Trust value returned by hardware
clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields
clk: renesas: rzg2l: Fix computation formula
clk: linux/clk-provider.h: fix kernel-doc warnings and typos
spi: nxp-fspi: use the correct ioremap function
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: ti: change ti_clk_register[_omap_hw]() API
clk: ti: fix double free in of_ti_divider_clk_setup()
clk: npcm7xx: Fix incorrect kfree
clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
platform/x86: wmi: Fix probe failure when failing to register WMI devices
platform/x86: wmi: Fix opening of char device
hwmon: (axi-fan-control) Fix possible NULL pointer dereference
hwmon: (coretemp) Fix potentially truncated sysfs attribute name
Revert "hwmon: (sch56xx-common) Add DMI override table"
Revert "hwmon: (sch56xx-common) Add automatic module loading on supported devices"
hwmon: (sch5627) Use bit macros when accessing the control register
hwmon: (sch5627) Disallow write access if virtual registers are locked
hte: tegra: Fix missing error code in tegra_hte_test_probe()
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
drm/rockchip: vop: Fix call to crtc reset helper
drm/rockchip: vop2: Don't crash for invalid duplicate_state
drm/rockchip: vop2: Add missing call to crtc reset helper
drm/radeon: possible buffer overflow
drm: bridge: it66121: Fix invalid connector dereference
drm/bridge: lt8912b: Add hot plug detection
drm/bridge: lt8912b: Fix bridge_detach
drm/bridge: lt8912b: Fix crash on bridge detach
drm/bridge: lt8912b: Manually disable HPD only if it was enabled
drm/bridge: lt8912b: Add missing drm_bridge_attach call
drm/bridge: tc358768: Fix use of uninitialized variable
drm/bridge: tc358768: Fix bit updates
drm/bridge: tc358768: remove unused variable
drm/bridge: tc358768: Use struct videomode
drm/bridge: tc358768: Print logical values, not raw register values
drm/bridge: tc358768: Use dev for dbg prints, not priv->dev
drm/bridge: tc358768: Rename dsibclk to hsbyteclk
drm/bridge: tc358768: Clean up clock period code
drm/bridge: tc358768: Fix tc358768_ns_to_cnt()
drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
drm/amd/display: Check all enabled planes in dm_check_crtc_cursor
drm/amd/display: Refactor dm_get_plane_scale helper
drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change
io_uring/kbuf: Fix check of BID wrapping in provided buffers
io_uring/kbuf: Allow the full buffer id space for provided buffers
drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
drm/mediatek: Fix iommu fault during crtc enabling
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
gpu: host1x: Correct allocated size for contexts
drm/bridge: lt9611uxc: fix the race in the error path
arm64/arm: xen: enlighten: Fix KPTI checks
drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
xenbus: fix error exit in xenbus_init()
xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
drm/msm/dsi: use msm_gem_kernel_put to free TX buffer
drm/msm/dsi: free TX buffer in unbind
clocksource/drivers/arm_arch_timer: limit XGene-1 workaround
drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling
drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process
perf/arm-cmn: Revamp model detection
perf/arm-cmn: Fix DTC domain detection
drivers/perf: hisi_pcie: Check the type first in pmu::event_init()
perf: hisi: Fix use-after-free when register pmu fails
ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name
arm64: dts: qcom: sdm845: cheza doesn't support LMh node
arm64: dts: qcom: sc7280: link usb3_phy_wrapper_gcc_usb30_pipe_clk
arm64: dts: qcom: msm8916: Fix iommu local address range
arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory
arm64: dts: qcom: sc7280: Add missing LMH interrupts
arm64: dts: qcom: sm8150: add ref clock to PCIe PHYs
arm64: dts: qcom: sm8350: fix pinctrl for UART18
arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins
arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
soc: qcom: llcc: Handle a second device without data corruption
kunit: Fix missed memory release in kunit_free_suite_set()
firmware: ti_sci: Mark driver as non removable
arm64: dts: ti: k3-am62a7-sk: Drop i2c-1 to 100Khz
firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device
firmware: arm_ffa: Allow the FF-A drivers to use 32bit mode of messaging
ARM: dts: am3517-evm: Fix LED3/4 pinmux
clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped
arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry
arm64: dts: imx8mm: Add sound-dai-cells to micfil node
arm64: dts: imx8mn: Add sound-dai-cells to micfil node
arm64: tegra: Use correct interrupts for Tegra234 TKE
selftests/pidfd: Fix ksft print formats
selftests/resctrl: Ensure the benchmark commands fits to its array
module/decompress: use vmalloc() for gzip decompression workspace
ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler
ASoC: cs35l41: Undo runtime PM changes at driver exit time
ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get()
ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
KEYS: Include linux/errno.h in linux/verification.h
crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
hwrng: bcm2835 - Fix hwrng throughput regression
hwrng: geode - fix accessing registers
RDMA/core: Use size_{add,sub,mul}() in calls to struct_size()
crypto: qat - ignore subsequent state up commands
crypto: qat - relocate bufferlist logic
crypto: qat - rename bufferlist functions
crypto: qat - change bufferlist logic interface
crypto: qat - generalize crypto request buffers
crypto: qat - extend buffer list interface
crypto: qat - fix unregistration of crypto algorithms
scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code
libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value
nd_btt: Make BTT lanes preemptible
crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
crypto: qat - increase size of buffers
PCI: vmd: Correct PCI Header Type Register's multi-function check
hid: cp2112: Fix duplicate workqueue initialization
crypto: hisilicon/qm - delete redundant null assignment operations
crypto: hisilicon/qm - modify the process of regs dfx
crypto: hisilicon/qm - split a debugfs.c from qm
crypto: hisilicon/qm - fix PF queue parameter issue
ARM: 9321/1: memset: cast the constant byte to unsigned char
ext4: move 'ix' sanity check to corrent position
ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described
IB/mlx5: Fix rdma counter binding for RAW QP
RDMA/hns: Fix printing level of asynchronous events
RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()
RDMA/hns: Fix signed-unsigned mixed comparisons
RDMA/hns: Add check for SL
RDMA/hns: The UD mode can only be configured with DCQCN
ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran.
ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
scsi: ufs: core: Leave space for '\0' in utf8 desc string
RDMA/hfi1: Workaround truncation compilation error
HID: cp2112: Make irq_chip immutable
hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip
sh: bios: Revive earlyprintk support
Revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures"
HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only
HID: logitech-hidpp: Revert "Don't restart communication if not necessary"
HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event()
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
padata: Fix refcnt handling in padata_free_shell()
crypto: qat - fix deadlock in backlog processing
ASoC: ams-delta.c: use component after check
IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF
mfd: core: Un-constify mfd_cell.of_reg
mfd: core: Ensure disabled devices are skipped without aborting
mfd: dln2: Fix double put in dln2_probe
dt-bindings: mfd: mt6397: Add binding for MT6357
dt-bindings: mfd: mt6397: Split out compatible for MediaTek MT6366 PMIC
mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs
leds: turris-omnia: Drop unnecessary mutex locking
leds: turris-omnia: Do not use SMBUS calls
leds: pwm: Don't disable the PWM when the LED should be off
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
kunit: add macro to allow conditionally exposing static symbols to tests
apparmor: test: make static symbols visible during kunit testing
apparmor: fix invalid reference on profile->disconnected
perf stat: Fix aggr mode initialization
iio: frequency: adf4350: Use device managed functions and fix power down issue.
perf kwork: Fix incorrect and missing free atom in work_push_atom()
perf kwork: Add the supported subcommands to the document
perf kwork: Set ordered_events to true in 'struct perf_tool'
filemap: add filemap_get_folios_tag()
f2fs: convert f2fs_write_cache_pages() to use filemap_get_folios_tag()
f2fs: compress: fix deadloop in f2fs_write_cache_pages()
f2fs: compress: fix to avoid use-after-free on dic
f2fs: compress: fix to avoid redundant compress extension
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
livepatch: Fix missing newline character in klp_resolve_symbols()
pinctrl: renesas: rzg2l: Make reverse order of enable() for disable()
perf record: Fix BTF type checks in the off-cpu profiling
dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
usb: chipidea: Fix DMA overwrite for Tegra
usb: chipidea: Simplify Tegra DMA alignment code
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
tools: iio: iio_generic_buffer ensure alignment
USB: usbip: fix stub_dev hub disconnect
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
interconnect: qcom: sc7180: Retire DEFINE_QBCM
interconnect: qcom: sc7180: Set ACV enable_mask
interconnect: qcom: sc7280: Set ACV enable_mask
interconnect: qcom: sc8180x: Set ACV enable_mask
interconnect: qcom: sc8280xp: Set ACV enable_mask
interconnect: qcom: sdm845: Retire DEFINE_QBCM
interconnect: qcom: sdm845: Set ACV enable_mask
interconnect: qcom: sm6350: Retire DEFINE_QBCM
interconnect: qcom: sm6350: Set ACV enable_mask
interconnect: move ignore_list out of of_count_icc_providers()
interconnect: qcom: sm8150: Drop IP0 interconnects
interconnect: qcom: sm8150: Retire DEFINE_QBCM
interconnect: qcom: sm8150: Set ACV enable_mask
interconnect: qcom: sm8350: Retire DEFINE_QBCM
interconnect: qcom: sm8350: Set ACV enable_mask
powerpc: Only define __parse_fpscr() when required
modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
modpost: fix ishtp MODULE_DEVICE_TABLE built on big-endian host
powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
powerpc/xive: Fix endian conversion size
powerpc/vas: Limit open window failure messages in log bufffer
powerpc/imc-pmu: Use the correct spinlock initializer.
powerpc/pseries: fix potential memory leak in init_cpu_associativity()
xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
usb: host: xhci-plat: fix possible kernel oops while resuming
perf machine: Avoid out of bounds LBR memory read
perf hist: Add missing puts to hist__account_cycles
9p/net: fix possible memory leak in p9_check_errors()
i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
cxl/mem: Fix shutdown order
crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL
x86/sev: Change snp_guest_issue_request()'s fw_err argument
virt: sevguest: Fix passing a stack buffer as a scatterlist target
rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
pcmcia: cs: fix possible hung task and memory leak pccardd()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
media: hantro: Check whether reset op is defined before use
media: verisilicon: Do not enable G2 postproc downscale if source is narrower than destination
media: ov5640: Drop dead code using frame_interval
media: ov5640: fix vblank unchange issue when work at dvp mode
media: i2c: max9286: Fix some redundant of_node_put() calls
media: ov5640: Fix a memory leak when ov5640_probe fails
media: bttv: fix use after free error due to btv->timeout timer
media: amphion: handle firmware debug message
media: mtk-jpegenc: Fix bug in JPEG encode quality selection
media: s3c-camif: Avoid inappropriate kfree()
media: vidtv: psi: Add check for kstrdup
media: vidtv: mux: Add check and kfree for kstrdup
media: cedrus: Fix clock/reset sequence
media: cadence: csi2rx: Unregister v4l2 async notifier
media: dvb-usb-v2: af9035: fix missing unlock
media: cec: meson: always include meson sub-directory in Makefile
regmap: prevent noinc writes from clobbering cache
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
watchdog: ixp4xx: Make sure restart always works
llc: verify mac len before reading mac header
hsr: Prevent use after free in prp_create_tagged_frame()
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
bpf: Check map->usercnt after timer->timer is assigned
inet: shrink struct flowi_common
octeontx2-pf: Fix error codes
octeontx2-pf: Fix holes in error code
net: page_pool: add missing free_percpu when page_pool_init fail
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
net: r8169: Disable multicast filter for RTL8168H and RTL8107E
Fix termination state for idr_for_each_entry_ul()
net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
selftests: pmtu.sh: fix result checking
octeontx2-pf: Rename tot_tx_queues to non_qos_queues
octeontx2-pf: qos send queues management
octeontx2-pf: Free pending and dropped SQEs
net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc
net/smc: put sk reference if close work was canceled
nvme: fix error-handling for io_uring nvme-passthrough
tg3: power down device only on SYSTEM_POWER_OFF
nbd: fix uaf in nbd_open
blk-core: use pr_warn_ratelimited() in bio_check_ro()
virtio/vsock: replace virtio_vsock_pkt with sk_buff
vsock/virtio: remove socket from connected/bound list on shutdown
r8169: respect userspace disabling IFF_MULTICAST
i2c: iproc: handle invalid slave state
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
RISC-V: Don't fail in riscv_of_parent_hartid() for disabled HARTs
drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
ASoC: mediatek: mt8186_mt6366_rt1019_rt5682s: trivial: fix error messages
ASoC: hdmi-codec: register hpd callback on component probe
ASoC: dapm: fix clock get name
spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
fbdev: imsttfb: Fix error path of imsttfb_probe()
fbdev: imsttfb: fix a resource leak in probe
fbdev: fsl-diu-fb: mark wr_reg_wa() static
tracing/kprobes: Fix the order of argument descriptions
io_uring/net: ensure socket is marked connected on connect retry
x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
btrfs: use u64 for buffer sizes in the tree search ioctls
wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush()
virtio/vsock: don't use skbuff state to account credit
virtio/vsock: remove redundant 'skb_pull()' call
virtio/vsock: don't drop skbuff on copy failure
vsock/loopback: use only sk_buff_head.lock to protect the packet queue
virtio/vsock: fix leaks due to missing skb owner
virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
virtio/vsock: fix header length on skb merging
Linux 6.1.63
Change-Id: I87b7a539b11c90cfaf16edb07d613f74d54458a4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Gou Hao
|
4f13eab0e8 |
ext4: move 'ix' sanity check to corrent position
[ Upstream commit af90a8f4a09ec4a3de20142e37f37205d4687f28 ]
Check 'ix' before it is used.
Fixes:
|
||
|
Greg Kroah-Hartman
|
2cd386b08b |
Merge 6.1.61 into android14-6.1-lts
Changes in 6.1.61
KVM: x86/pmu: Truncate counter value to allowed width on write
mmc: core: Align to common busy polling behaviour for mmc ioctls
mmc: block: ioctl: do write error check for spi
mmc: core: Fix error propagation for some ioctl commands
ASoC: codecs: wcd938x: Convert to platform remove callback returning void
ASoC: codecs: wcd938x: Simplify with dev_err_probe
ASoC: codecs: wcd938x: fix regulator leaks on probe errors
ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
pinctrl: qcom: lpass-lpi: fix concurrent register updates
mcb: Return actual parsed size when reading chameleon table
mcb-lpc: Reallocate memory region to avoid memory overlapping
virtio_balloon: Fix endless deflation and inflation on arm64
virtio-mmio: fix memory leak of vm_dev
virtio-crypto: handle config changed by work queue
virtio_pci: fix the common cfg map size
vsock/virtio: initialize the_virtio_vsock before using VQs
vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399
arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards
mm: fix vm_brk_flags() to not bail out while holding lock
hugetlbfs: clear resv_map pointer if mmap fails
mm/page_alloc: correct start page when guard page debug is enabled
mm/migrate: fix do_pages_move for compat pointers
hugetlbfs: extend hugetlb_vma_lock to private VMAs
maple_tree: add GFP_KERNEL to allocations in mas_expected_entries()
nfsd: lock_rename() needs both directories to live on the same fs
drm/i915/pmu: Check if pmu is closed before stopping event
drm/amd: Disable ASPM for VI w/ all Intel systems
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
ARM: OMAP: timer32K: fix all kernel-doc warnings
firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
clk: ti: Fix missing omap4 mcbsp functional clock and aliases
clk: ti: Fix missing omap5 mcbsp functional clock and aliases
r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
iavf: initialize waitqueues before starting watchdog_task
i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value
treewide: Spelling fix in comment
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
neighbour: fix various data-races
igc: Fix ambiguity in the ethtool advertising
net: ethernet: adi: adin1110: Fix uninitialized variable
net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show()
net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
r8152: Increase USB control msg timeout to 5000ms as per spec
r8152: Run the unload routine if we have errors during probe
r8152: Cancel hw_phy_work if we have an error in probe
r8152: Release firmware if we have an error in probe
tcp: fix wrong RTO timeout when received SACK reneging
gtp: uapi: fix GTPA_MAX
gtp: fix fragmentation needed check with gso
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO
iavf: in iavf_down, disable queues when removing the driver
scsi: sd: Introduce manage_shutdown device flag
blk-throttle: check for overflow in calculate_bytes_allowed
kasan: print the original fault addr when access invalid shadow
io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
iio: afe: rescale: Accept only offset channels
iio: exynos-adc: request second interupt only when touchscreen mode is used
iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds
iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
i2c: aspeed: Fix i2c bus hang in slave read
tracing/kprobes: Fix the description of variable length arguments
misc: fastrpc: Reset metadata buffer to avoid incorrect free
misc: fastrpc: Free DMA handles for RPC calls with no arguments
misc: fastrpc: Clean buffers on remote invocation failures
misc: fastrpc: Unmap only if buffer is unmapped from DSP
nvmem: imx: correct nregs for i.MX6ULL
nvmem: imx: correct nregs for i.MX6SLL
nvmem: imx: correct nregs for i.MX6UL
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
x86/cpu: Add model number for Intel Arrow Lake mobile processor
perf/core: Fix potential NULL deref
sparc32: fix a braino in fault handling in csum_and_copy_..._user()
clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name
platform/x86: Add s2idle quirk for more Lenovo laptops
ext4: add two helper functions extent_logical_end() and pa_logical_end()
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
ext4: avoid overlapping preallocations due to overflow
objtool/x86: add missing embedded_insn check
Linux 6.1.61
Note, this merge point also reverts commit
|
||
|
Baokun Li
|
2afa9f7eb1 |
ext4: avoid overlapping preallocations due to overflow
commit bedc5d34632c21b5adb8ca7143d4c1f794507e4c upstream. Let's say we want to allocate 2 blocks starting from 4294966386, after predicting the file size, start is aligned to 4294965248, len is changed to 2048, then end = start + size = 0x100000000. Since end is of type ext4_lblk_t, i.e. uint, end is truncated to 0. This causes (pa->pa_lstart >= end) to always hold when checking if the current extent to be allocated crosses already preallocated blocks, so the resulting ac_g_ex may cross already preallocated blocks. Hence we convert the end type to loff_t and use pa_logical_end() to avoid overflow. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com> Link: https://lore.kernel.org/r/20230724121059.11834-4-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Baokun Li <libaokun1@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Baokun Li
|
fcefddf3a1 |
ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
commit bc056e7163ac7db945366de219745cf94f32a3e6 upstream. When we calculate the end position of ext4_free_extent, this position may be exactly where ext4_lblk_t (i.e. uint) overflows. For example, if ac_g_ex.fe_logical is 4294965248 and ac_orig_goal_len is 2048, then the computed end is 0x100000000, which is 0. If ac->ac_o_ex.fe_logical is not the first case of adjusting the best extent, that is, new_bex_end > 0, the following BUG_ON will be triggered: ========================================================= kernel BUG at fs/ext4/mballoc.c:5116! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 673 Comm: xfs_io Tainted: G E 6.5.0-rc1+ #279 RIP: 0010:ext4_mb_new_inode_pa+0xc5/0x430 Call Trace: <TASK> ext4_mb_use_best_found+0x203/0x2f0 ext4_mb_try_best_found+0x163/0x240 ext4_mb_regular_allocator+0x158/0x1550 ext4_mb_new_blocks+0x86a/0xe10 ext4_ext_map_blocks+0xb0c/0x13a0 ext4_map_blocks+0x2cd/0x8f0 ext4_iomap_begin+0x27b/0x400 iomap_iter+0x222/0x3d0 __iomap_dio_rw+0x243/0xcb0 iomap_dio_rw+0x16/0x80 ========================================================= A simple reproducer demonstrating the problem: mkfs.ext4 -F /dev/sda -b 4096 100M mount /dev/sda /tmp/test fallocate -l1M /tmp/test/tmp fallocate -l10M /tmp/test/file fallocate -i -o 1M -l16777203M /tmp/test/file fsstress -d /tmp/test -l 0 -n 100000 -p 8 & sleep 10 && killall -9 fsstress rm -f /tmp/test/tmp xfs_io -c "open -ad /tmp/test/file" -c "pwrite -S 0xff 0 8192" We simply refactor the logic for adjusting the best extent by adding a temporary ext4_free_extent ex and use extent_logical_end() to avoid overflow, which also simplifies the code. Cc: stable@kernel.org # 6.4 Fixes: 93cdf49f6eca ("ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()") Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com> Link: https://lore.kernel.org/r/20230724121059.11834-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Baokun Li <libaokun1@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Baokun Li
|
495c4c58d6 |
ext4: add two helper functions extent_logical_end() and pa_logical_end()
commit 43bbddc067883d94de7a43d5756a295439fbe37d upstream. When we use lstart + len to calculate the end of free extent or prealloc space, it may exceed the maximum value of 4294967295(0xffffffff) supported by ext4_lblk_t and cause overflow, which may lead to various problems. Therefore, we add two helper functions, extent_logical_end() and pa_logical_end(), to limit the type of end to loff_t, and also convert lstart to loff_t for calculation to avoid overflow. Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com> Link: https://lore.kernel.org/r/20230724121059.11834-2-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Baokun Li <libaokun1@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2950de8b2d |
Merge 6.1.56 into android14-6.1-lts
Changes in 6.1.56 NFS: Fix error handling for O_DIRECT write scheduling NFS: Fix O_DIRECT locking issues NFS: More O_DIRECT accounting fixes for error paths NFS: Use the correct commit info in nfs_join_page_group() NFS: More fixes for nfs_direct_write_reschedule_io() NFS/pNFS: Report EINVAL errors from connect() to the server SUNRPC: Mark the cred for revalidation if the server rejects it NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server NFSv4.1: fix pnfs MDS=DS session trunking media: v4l: Use correct dependency for camera sensor drivers media: via: Use correct dependency for camera sensor drivers netfs: Only call folio_start_fscache() one time for each folio dm: fix a race condition in retrieve_deps btrfs: improve error message after failure to add delayed dir index item btrfs: remove BUG() after failure to insert delayed dir index item ext4: replace the traditional ternary conditional operator with with max()/min() ext4: move setting of trimmed bit into ext4_try_to_trim_range() ext4: do not let fstrim block system suspend netfilter: nf_tables: don't skip expired elements during walk netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nft_set_hash: mark set element as dead when deleting from packet path netfilter: nf_tables: remove busy mark and gc batch API netfilter: nf_tables: don't fail inserts if duplicate has expired netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: GC transaction race with abort path netfilter: nf_tables: use correct lock to protect gc_list netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nf_tables: fix memleak when more than 255 elements expired ASoC: meson: spdifin: start hw on dai probe netfilter: nf_tables: disallow element removal on anonymous sets bpf: Avoid deadlock when using queue and stack maps from NMI ASoC: rt5640: Revert "Fix sleep in atomic context" ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode ALSA: hda/realtek: Splitting the UX3402 into two separate models netfilter: conntrack: fix extension size table selftests: tls: swap the TX and RX sockets in some tests net/core: Fix ETH_P_1588 flow dissector ASoC: hdaudio.c: Add missing check for devm_kstrdup ASoC: imx-audmix: Fix return error with devm_clk_get() octeon_ep: fix tx dma unmap len values in SG iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful iavf: add iavf_schedule_aq_request() helper iavf: schedule a request immediately after add/delete vlan i40e: Fix VF VLAN offloading when port VLAN is configured netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry() ionic: fix 16bit math issue when PAGE_SIZE >= 64KB igc: Fix infinite initialization loop with early XDP redirect ipv4: fix null-deref in ipv4_link_failure scsi: iscsi_tcp: restrict to TCP sockets powerpc/perf/hv-24x7: Update domain value check dccp: fix dccp_v4_err()/dccp_v6_err() again x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() net: hsr: Properly parse HSRv1 supervisor frames. platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command() platform/x86: intel_scu_ipc: Fail IPC send if still busy x86/srso: Fix srso_show_state() side effect x86/srso: Fix SBPB enablement for spec_rstack_overflow=off net: hns3: add cmdq check for vf periodic service task net: hns3: fix GRE checksum offload issue net: hns3: only enable unicast promisc when mac table full net: hns3: fix fail to delete tc flower rules during reset issue net: hns3: add 5ms delay before clear firmware reset irq source net: bridge: use DEV_STATS_INC() team: fix null-ptr-deref when team device type is changed net: rds: Fix possible NULL-pointer dereference netfilter: nf_tables: disable toggling dormant table state more than once netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP i915/pmu: Move execlist stats initialization to execlist specific setup locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested() net: ena: Flush XDP packets on error. bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI octeontx2-pf: Do xdp_do_flush() after redirects. igc: Expose tx-usecs coalesce setting to user proc: nommu: /proc/<pid>/maps: release mmap read lock proc: nommu: fix empty /proc/<pid>/maps cifs: Fix UAF in cifs_demultiplex_thread() gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() i2c: mux: gpio: Add missing fwnode_handle_put() i2c: xiic: Correct return value check for xiic_reinit() ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names ARM: dts: qcom: msm8974pro-castor: correct touchscreen syna,nosleep-mode f2fs: optimize iteration over sparse directories f2fs: get out of a repeat loop when getting a locked data page s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved wifi: ath11k: fix tx status reporting in encap offload mode wifi: ath11k: Cleanup mac80211 references on failure during tx_complete scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 drm/amdkfd: Insert missing TLB flush on GFX10 and later btrfs: reset destination buffer when read_extent_buffer() gets invalid range vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled spi: spi-gxp: BUG: Correct spi write return value drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() bus: ti-sysc: Fix missing AM35xx SoC matching firmware: arm_scmi: Harden perf domain info access firmware: arm_scmi: Fixup perf power-cost/microwatt support power: supply: mt6370: Fix missing error code in mt6370_chg_toggle_cfo() clk: sprd: Fix thm_parents incorrect configuration clk: tegra: fix error return case for recalc_rate ARM: dts: omap: correct indentation ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4 ARM: dts: Unify pwm-omap-dmtimer node names ARM: dts: Unify pinctrl-single pin group nodes for omap4 ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up power: supply: ucs1002: fix error code in ucs1002_get_property() firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() xtensa: add default definition for XCHAL_HAVE_DIV32 xtensa: iss/network: make functions static xtensa: boot: don't add include-dirs xtensa: umulsidi3: fix conditional expression xtensa: boot/lib: fix function prototypes power: supply: rk817: Fix node refcount leak selftests/powerpc: Use CLEAN macro to fix make warning selftests/powerpc: Pass make context to children selftests/powerpc: Fix emit_tests to work with run_kselftest.sh soc: imx8m: Enable OCOTP clock for imx8mm before reading registers arm64: dts: imx: Add imx8mm-prt8mm.dtb to build firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip i2c: npcm7xx: Fix callback completion ordering x86/reboot: VMCLEAR active VMCSes before emergency reboot ceph: drop messages from MDS when unmounting dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock bpf: Annotate bpf_long_memcpy with data_race spi: sun6i: reduce DMA RX transfer width to single byte spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() parisc: sba: Fix compile warning wrt list of SBA devices parisc: iosapic.c: Fix sparse warnings parisc: drivers: Fix sparse warning parisc: irq: Make irq_stack_union static to avoid sparse warning scsi: qedf: Add synchronization between I/O completions and abort scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command selftests/ftrace: Correctly enable event in instance-event.tc ring-buffer: Avoid softlockup in ring_buffer_resize() btrfs: assert delayed node locked when removing delayed item selftests: fix dependency checker script ring-buffer: Do not attempt to read past "commit" net/smc: bugfix for smcr v2 server connect success statistic ata: sata_mv: Fix incorrect string length computation in mv_dump_mem() platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode thermal/of: add missing of_node_put() drm/amd/display: Don't check registers, if using AUX BL control drm/amdgpu/soc21: don't remap HDP registers for SR-IOV drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV drm/amdgpu: Handle null atom context in VBIOS info ioctl riscv: errata: fix T-Head dcache.cva encoding scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() spi: nxp-fspi: reset the FLSHxCR1 registers spi: stm32: add a delay before SPI disable ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag spi: intel-pci: Add support for Granite Rapids SPI serial flash bpf: Clarify error expectations from bpf_clone_redirect ALSA: hda: intel-sdw-acpi: Use u8 type for link index ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width. ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low firmware: cirrus: cs_dsp: Only log list of algorithms in debug build memblock tests: fix warning: "__ALIGN_KERNEL" redefined memblock tests: fix warning ‘struct seq_file’ declared inside parameter list ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link media: vb2: frame_vector.c: replace WARN_ONCE with a comment NFSv4.1: fix zero value filehandle in post open getattr ASoC: SOF: Intel: MTL: Reduce the DSP init timeout powerpc/watchpoints: Disable preemption in thread_change_pc() powerpc/watchpoint: Disable pagefaults when getting user instruction powerpc/watchpoints: Annotate atomic context in more places ncsi: Propagate carrier gain/loss events to the NCSI controller net: hsr: Add __packed to struct hsr_sup_tlv. tsnep: Fix NAPI scheduling tsnep: Fix NAPI polling with budget 0 LoongArch: Set all reserved memblocks on Node#0 at initialization fbdev/sh7760fb: Depend on FB=y perf build: Define YYNOMEM as YYNOABORT for bison < 3.81 nvme-pci: factor the iod mempool creation into a helper nvme-pci: factor out a nvme_pci_alloc_dev helper nvme-pci: do not set the NUMA node of device if it has none wifi: ath11k: Don't drop tx_status when peer cannot be found scsi: qla2xxx: Fix NULL pointer dereference in target mode nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev smack: Record transmuting in smk_transmuted smack: Retrieve transmuting information in smack_inode_getsecurity() iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race x86/srso: Add SRSO mitigation for Hygon processors KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway KVM: SVM: Fix TSC_AUX virtualization setup KVM: x86/mmu: Open code leaf invalidation from mmu_notifier KVM: x86/mmu: Do not filter address spaces in for_each_tdp_mmu_root_yield_safe() mptcp: fix bogus receive window shrinkage with multiple subflows misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to probe Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" serial: 8250_port: Check IRQ data before use nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() netfilter: nf_tables: disallow rule removal from chain binding ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q LoongArch: Define relocation types for ABI v2.10 LoongArch: numa: Fix high_memory calculation ata: libata-scsi: link ata port and scsi device ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES io_uring/fs: remove sqe->rw_flags checking from LINKAT i2c: i801: unregister tco_pdev in i801_probe() error path ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG kernel/sched: Modify initial boot task idle setup sched/rt: Fix live lock between select_fallback_rq() and RT push netfilter: nf_tables: fix kdoc warnings after gc rework Revert "SUNRPC dont update timeout value on connection reset" timers: Tag (hr)timer softirq as hotplug safe drm/tests: Fix incorrect argument in drm_test_mm_insert_range arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement ring-buffer: Update "shortest_full" in polling btrfs: properly report 0 avail for very full file systems media: uvcvideo: Fix OOB read bpf: Add override check to kprobe multi link attach bpf: Fix BTF_ID symbol generation collision bpf: Fix BTF_ID symbol generation collision in tools/ net: thunderbolt: Fix TCPv6 GSO checksum calculation fs/smb/client: Reset password pointer to NULL ata: libata-core: Fix ata_port_request_pm() locking ata: libata-core: Fix port and device removal ata: libata-core: Do not register PM operations for SAS ports ata: libata-sata: increase PMP SRST timeout to 10s drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top power: supply: rk817: Add missing module alias power: supply: ab8500: Set typing and props fs: binfmt_elf_efpic: fix personality for ELF-FDPIC drm/amdkfd: Use gpu_offset for user queue's wptr drm/meson: fix memory leak on ->hpd_notify callback memcg: drop kmem.limit_in_bytes mm, memcg: reconsider kmem.limit_in_bytes deprecation ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL Linux 6.1.56 Change-Id: Id110614d91d6d60fb6c7622c5af82f219a84a30f Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
1c5ec1e54d |
Merge 6.1.55 into android14-6.1-lts
Changes in 6.1.55 autofs: fix memory leak of waitqueues in autofs_catatonic_mode btrfs: output extra debug info if we failed to find an inline backref locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer kernel/fork: beware of __put_task_struct() calling context rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() scftorture: Forgive memory-allocation failure if KASAN ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 perf/imx_ddr: speed up overflow frequency of cycle hw_breakpoint: fix single-stepping when using bpf_overflow_handler ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects selftests/nolibc: fix up kernel parameters support devlink: remove reload failed checks in params get/set callbacks crypto: lrw,xts - Replace strlcpy with strscpy ice: Don't tx before switchdev is fully configured wifi: ath9k: fix fortify warnings wifi: ath9k: fix printk specifier wifi: mwifiex: fix fortify warning mt76: mt7921: don't assume adequate headroom for SDIO headers wifi: wil6210: fix fortify warnings can: sun4i_can: Add acceptance register quirk can: sun4i_can: Add support for the Allwinner D1 net: Use sockaddr_storage for getsockopt(SO_PEERNAME). net/ipv4: return the real errno instead of -EINVAL crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() Bluetooth: Fix hci_suspend_sync crash netlink: convert nlk->flags to atomic flags tpm_tis: Resend command to recover from data transfer errors mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 alx: fix OOB-read compiler warning wifi: mac80211: check S1G action frame size netfilter: ebtables: fix fortify warnings in size_entry_mwt() wifi: cfg80211: reject auth/assoc to AP with our address wifi: cfg80211: ocb: don't leave if not joined wifi: mac80211: check for station first in client probe wifi: mac80211_hwsim: drop short frames libbpf: Free btf_vmlinux when closing bpf_object drm/bridge: tc358762: Instruct DSI host to generate HSE packets drm/edid: Add quirk for OSVR HDK 2.0 arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size arm64: dts: qcom: sm6350: correct ramoops pmsg-size arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000' drm/amd/display: Fix underflow issue on 175hz timing ASoC: SOF: topology: simplify code to prevent static analysis warnings ASoC: Intel: sof_sdw: Update BT offload config for soundwire config ALSA: hda: intel-dsp-cfg: add LunarLake support drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN314 drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer() bus: ti-sysc: Configure uart quirks for k3 SoC md: raid1: fix potential OOB in raid1_remove_disk() ext2: fix datatype of block number in ext2_xattr_set2() fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount PCI: dwc: Provide deinit callback for i.MX ARM: 9317/1: kexec: Make smp stop calls asynchronous powerpc/pseries: fix possible memory leak in ibmebus_bus_init() PCI: vmd: Disable bridge window for domain reset PCI: fu740: Set the number of MSI vectors media: mdp3: Fix resource leaks in of_find_device_by_node media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() media: af9005: Fix null-ptr-deref in af9005_i2c_xfer media: anysee: fix null-ptr-deref in anysee_master_xfer media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected media: tuners: qt1010: replace BUG_ON with a regular error media: pci: cx23885: replace BUG with error return usb: cdns3: Put the cdns set active part outside the spin lock usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc tools: iio: iio_generic_buffer: Fix some integer type and calculation scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() serial: cpm_uart: Avoid suspicious locking misc: open-dice: make OPEN_DICE depend on HAS_IOMEM usb: ehci: add workaround for chipidea PORTSC.PEC bug usb: chipidea: add workaround for chipidea PEC bug media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning kobject: Add sanity check for kset->kobj.ktype in kset_register() interconnect: Fix locking for runpm vs reclaim printk: Keep non-panic-CPUs out of console lock printk: Consolidate console deferred printing dma-buf: Add unlocked variant of attachment-mapping functions misc: fastrpc: Prepare to dynamic dma-buf locking specification misc: fastrpc: Fix incorrect DMA mapping unmap request MIPS: Use "grep -E" instead of "egrep" btrfs: add a helper to read the superblock metadata_uuid btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super block: factor out a bvec_set_page helper nvmet: use bvec_set_page to initialize bvecs nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() drm: gm12u320: Fix the timeout usage for usb_bulk_msg() scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() selftests: tracing: Fix to unmount tracefs for recovering environment x86/ibt: Suppress spurious ENDBR riscv: kexec: Align the kexeced kernel entry scsi: target: core: Fix target_cmd_counter leak scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() panic: Reenable preemption in WARN slowpath x86/boot/compressed: Reserve more memory for page tables x86/purgatory: Remove LTO flags samples/hw_breakpoint: fix building without module unloading md/raid1: fix error: ISO C90 forbids mixed declarations Revert "SUNRPC: Fail faster on bad verifier" attr: block mode changes of symlinks ovl: fix failed copyup of fileattr on a symlink ovl: fix incorrect fdput() on aio completion io_uring/net: fix iter retargeting for selected buf nvme: avoid bogus CRTO values md: Put the right device in md_seq_next Revert "drm/amd: Disable S/G for APUs when 64GB or more host memory" dm: don't attempt to queue IO under RCU protection btrfs: fix lockdep splat and potential deadlock after failure running delayed items btrfs: fix a compilation error if DEBUG is defined in btree_dirty_folio btrfs: release path before inode lookup during the ino lookup ioctl btrfs: check for BTRFS_FS_ERROR in pending ordered assert tracing: Have tracing_max_latency inc the trace array ref count tracing: Have event inject files inc the trace array ref count tracing: Increase trace array ref count on enable and filter files tracing: Have current_trace inc the trace array ref count tracing: Have option files inc the trace array ref count selinux: fix handling of empty opts in selinux_fs_context_submount() nfsd: fix change_info in NFSv4 RENAME replies tracefs: Add missing lockdown check to tracefs_create_dir() i2c: aspeed: Reset the i2c controller when timeout occurs ata: libata: disallow dev-initiated LPM transitions to unsupported states ata: libahci: clear pending interrupt status scsi: megaraid_sas: Fix deadlock on firmware crashdump scsi: pm8001: Setup IRQs on resume ext4: fix rec_len verify error drm/amd/display: fix the white screen issue when >= 64GB DRAM Revert "memcg: drop kmem.limit_in_bytes" drm/amdgpu: fix amdgpu_cs_p1_user_fence net/sched: Retire rsvp classifier interconnect: Teach lockdep about icc_bw_lock order Linux 6.1.55 Change-Id: I95193a57879a13b04b5ac8647a24e6d8304fcb0e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
4f94769349 |
This is the 6.1.54 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUJd8EACgkQONu9yGCS
aT7crQ//ZsUDeoTMsQBU6lB2g32LODO3jVPXdGdRjLvpLVMMnKXXwl3uTC20CQ23
mtlN1mku6OtyPHgorKK9nJoNVTG78v0wXL8iCe5GHEKri45FwmcKlCxtIqboGCcg
bpRkLqfZ/cNVFeV/81n7kMFI/GHST2qym/lJfUkK0BIewXOrJozHMyCriLhG5uc/
XPmXN3LlGmT7Gb2KwJeAgJ9IWrVu5ZEWH6CnpjnLPXMA3FGJiBiYPeGaWRsrdjth
MvACPXKPu5tKAmEs6eyAhB1YbXbswKviDuY+YHeTMoOVYCfJY29VQTI16F6HBGeM
XVCo1AovZV+B9OrgnzYA8x5iZIKCdk/PzUhBi+uUb3nLJhGpD8ha7wOuBjehINeo
22YY+7fmB7lZVSAe14hDH7GjKNdYpxntPVpWCMa1yoCUtqKB1O44/10mj0OjZ5j4
EXKXIe6ho+0Uatubd+3hWRXimz4jzlp7UY1QM9ge5MGp0wOmdLu5Q91T70CrCEJO
RxXZSkHDKGxokXubl4oF0bYYpB1kRVgsNEc4H5i2k+OheyDBmVv3vRPMzT/2yim/
BEqwX6x2sE7kvbsyCO5VxIIVsnAystJEKzdVlRxmrcqkV0FCdqHjwZ9cr0mpqOse
ogdnQgXQpaGUyhdYcpo4U9f+WGi5AHXs3IMbKQN4SDZGDgJHrss=
=XhWe
-----END PGP SIGNATURE-----
Merge 6.1.54 into android14-6.1-lts
Changes in 6.1.54
net/ipv6: SKB symmetric hash should incorporate transport ports
mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
Multi-gen LRU: fix per-zone reclaim
io_uring: always lock in io_apoll_task_func
io_uring: revert "io_uring fix multishot accept ordering"
io_uring/net: don't overflow multishot accept
io_uring: break out of iowq iopoll on teardown
io_uring/sqpoll: fix io-wq affinity when IORING_SETUP_SQPOLL is used
io_uring: Don't set affinity on a dying sqpoll thread
drm/virtio: Conditionally allocate virtio_gpu_fence
scsi: qla2xxx: Adjust IOCB resource on qpair create
scsi: qla2xxx: Limit TMF to 8 per function
scsi: qla2xxx: Fix deletion race condition
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Fix command flush during TMF
scsi: qla2xxx: Fix erroneous link up failure
scsi: qla2xxx: Turn off noisy message log
scsi: qla2xxx: Fix session hang in gnl
scsi: qla2xxx: Fix TMF leak through
scsi: qla2xxx: Remove unsupported ql2xenabledif option
scsi: qla2xxx: Flush mailbox commands on chip reset
scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
scsi: qla2xxx: Error code did not return to upper layer
scsi: qla2xxx: Fix firmware resource tracking
null_blk: fix poll request timeout handling
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
clk: qcom: camcc-sc7180: fix async resume during probe
drm/ast: Fix DRAM init on AST2200
ASoC: tegra: Fix SFC conversion for few rates
clk: qcom: turingcc-qcs404: fix missing resume during probe
arm64: dts: renesas: rzg2l: Fix txdv-skew-psec typos
send channel sequence number in SMB3 requests after reconnects
memcg: drop kmem.limit_in_bytes
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
lib/test_meminit: allocate pages up to order MAX_ORDER
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
cifs: update desired access while requesting for directory lease
pinctrl: cherryview: fix address_space_handler() argument
dt-bindings: clock: xlnx,versal-clk: drop select:false
clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
clk: imx: pll14xx: align pdiv with reference manual
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
soc: qcom: qmi_encdec: Restrict string length in decode
clk: qcom: dispcc-sm8450: fix runtime PM imbalance on probe errors
clk: qcom: lpasscc-sc7280: fix missing resume during probe
clk: qcom: q6sstop-qcs404: fix missing resume during probe
clk: qcom: mss-sc7180: fix missing resume during probe
NFS: Fix a potential data corruption
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
bus: mhi: host: Skip MHI reset if device is in RDDM
net: add SKB_HEAD_ALIGN() helper
net: remove osize variable in __alloc_skb()
net: factorize code in kmalloc_reserve()
net: deal with integer overflows in kmalloc_reserve()
kbuild: rpm-pkg: define _arch conditionally
kbuild: do not run depmod for 'make modules_sign'
tpm_crb: Fix an error handling path in crb_acpi_add()
gfs2: Switch to wait_event in gfs2_logd
gfs2: low-memory forced flush fixes
mailbox: qcom-ipcc: fix incorrect num_chans counting
kconfig: fix possible buffer overflow
Input: iqs7222 - configure power mode before triggering ATI
perf trace: Use zfree() to reduce chances of use after free
perf trace: Really free the evsel->priv area
pwm: atmel-tcb: Convert to platform remove callback returning void
pwm: atmel-tcb: Harmonize resource allocation order
pwm: atmel-tcb: Fix resource freeing in error path and remove
backlight: gpio_backlight: Drop output GPIO direction check for initial power state
Input: tca6416-keypad - always expect proper IRQ number in i2c client
Input: tca6416-keypad - fix interrupt enable disbalance
perf annotate bpf: Don't enclose non-debug code with an assert()
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
perf vendor events: Update the JSON/events descriptions for power10 platform
perf vendor events: Drop some of the JSON/events for power10 platform
perf vendor events: Drop STORES_PER_INST metric event for power10 platform
perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
perf test stat_bpf_counters_cgrp: Fix shellcheck issue about logical operators
perf test stat_bpf_counters_cgrp: Enhance perf stat cgroup BPF counter test
drm/i915: mark requests for GuC virtual engines to avoid use-after-free
blk-throttle: use calculate_io/bytes_allowed() for throtl_trim_slice()
blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice()
cifs: use fs_context for automounts
smb: propagate error code of extract_sharename()
net/sched: fq_pie: avoid stalls in fq_pie_timer()
sctp: annotate data-races around sk->sk_wmem_queued
ipv4: annotate data-races around fi->fib_dead
net: read sk->sk_family once in sk_mc_loop()
net: fib: avoid warn splat in flow dissector
xsk: Fix xsk_diag use-after-free error during socket cleanup
drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page"
drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn()
drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
net: use sk_forward_alloc_get() in sk_get_meminfo()
net: annotate data-races around sk->sk_forward_alloc
mptcp: annotate data-races around msk->rmem_fwd_alloc
ipv4: ignore dst hint for multipath routes
ipv6: ignore dst hint for multipath routes
igb: disable virtualization features on 82580
gve: fix frag_list chaining
veth: Fixing transmit return status for dropped packets
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
net: phy: micrel: Correct bit assignments for phy_device flags
bpf, sockmap: Fix skb refcnt race after locking changes
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler
igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
s390/zcrypt: don't leak memory if dev_set_name() fails
idr: fix param name in idr_alloc_cyclic() doc
ip_tunnels: use DEV_STATS_INC()
net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload
net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
net: dsa: sja1105: complete tc-cbs offload support on SJA1110
bpf: Remove prog->active check for bpf_lsm and bpf_iter
bpf: Invoke __bpf_prog_exit_sleepable_recur() on recursion in kern_sys_bpf().
bpf: Assign bpf_tramp_run_ctx::saved_run_ctx before recursion check.
netfilter: nftables: exthdr: fix 4-byte stack OOB write
netfilter: nfnetlink_osf: avoid OOB read
net: hns3: fix tx timeout issue
net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read()
net: hns3: fix debugfs concurrency issue between kfree buffer and read
net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue
net: hns3: fix the port information display when sfp is absent
net: hns3: remove GSO partial feature bit
sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
Multi-gen LRU: avoid race in inc_min_seq()
net/mlx5: Free IRQ rmap and notifier on kernel shutdown
ARC: atomics: Add compiler barrier to atomic operations...
clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL
dmaengine: sh: rz-dmac: Fix destination and source data size setting
jbd2: fix checkpoint cleanup performance regression
jbd2: check 'jh->b_transaction' before removing it from checkpoint
jbd2: correct the end of the journal recovery scan range
ext4: add correct group descriptors and reserved GDT blocks to system zone
ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
f2fs: flush inode if atomic file is aborted
f2fs: avoid false alarm of circular locking
lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix()
hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation
ata: ahci: Add Elkhart Lake AHCI controller
ata: pata_falcon: fix IO base selection for Q40
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
fuse: nlookup missing decrement in fuse_direntplus_link
btrfs: zoned: do not zone finish data relocation block group
btrfs: fix start transaction qgroup rsv double free
btrfs: free qgroup rsv on io failure
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
btrfs: set page extent mapped after read_folio in relocate_one_page
btrfs: zoned: re-enable metadata over-commit for zoned mode
btrfs: use the correct superblock to compare fsid in btrfs_validate_super
drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: spi-nor: Correct flags for Winbond w25q128
mtd: rawnand: brcmnand: Fix potential false time out warning
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma
drm/amd/display: prevent potential division by zero errors
KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
KVM: nSVM: Check instead of asserting on nested TSC scaling support
KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS `modules_install' regression
perf hists browser: Fix hierarchy mode header
perf test shell stat_bpf_counters: Fix test on Intel
perf tools: Handle old data in PERF_RECORD_ATTR
perf hists browser: Fix the number of entries for 'e' key
drm/amd/display: always switch off ODM before committing more streams
drm/amd/display: Remove wait while locked
drm/amdgpu: register a dirty framebuffer callback for fbcon
kunit: Fix wild-memory-access bug in kunit_free_suite_set()
net: ipv4: fix one memleak in __inet_del_ifa()
kselftest/runner.sh: Propagate SIGTERM to runner child
selftests: Keep symlinks, when possible
net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
net: stmmac: fix handling of zero coalescing tx-usecs
net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
hsr: Fix uninit-value access in fill_frame_info()
net: ethernet: adi: adin1110: use eth_broadcast_addr() to assign broadcast address
net:ethernet:adi:adin1110: Fix forwarding offload
net: dsa: sja1105: hide all multicast addresses from "bridge fdb show"
net: dsa: sja1105: propagate exact error code from sja1105_dynamic_config_poll_valid()
net: dsa: sja1105: fix multicast forwarding working only for last added mdb entry
net: dsa: sja1105: serialize sja1105_port_mcast_flood() with other FDB accesses
net: dsa: sja1105: block FDB accesses that are concurrent with a switch reset
r8152: check budget for r8152_poll()
kcm: Fix memory leak in error path of kcm_sendmsg()
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
platform/mellanox: NVSW_SN2201 should depend on ACPI
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
net: macb: Enable PTP unicast
net: macb: fix sleep inside spinlock
ipv6: fix ip6_sock_set_addr_preferences() typo
ipv6: Remove in6addr_any alternatives.
tcp: Factorise sk_family-independent comparison in inet_bind2_bucket_match(_addr_any).
tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
MIPS: Only fiddle with CHECKFLAGS if `need-compiler'
drm/amd/display: Fix a bug when searching for insert_above_mpcc
Linux 6.1.54
Change-Id: I42dc80e7b812eb2bdd28575280b7b88169eb6d58
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jan Kara
|
6bb88a0344 |
ext4: do not let fstrim block system suspend
[ Upstream commit 5229a658f6453362fbb9da6bf96872ef25a7097e ] Len Brown has reported that system suspend sometimes fail due to inability to freeze a task working in ext4_trim_fs() for one minute. Trimming a large filesystem on a disk that slowly processes discard requests can indeed take a long time. Since discard is just an advisory call, it is perfectly fine to interrupt it at any time and the return number of discarded blocks until that moment. Do that when we detect the task is being frozen. Cc: stable@kernel.org Reported-by: Len Brown <lenb@kernel.org> Suggested-by: Dave Chinner <david@fromorbit.com> References: https://bugzilla.kernel.org/show_bug.cgi?id=216322 Signed-off-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230913150504.9054-2-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jan Kara
|
b4d5db1c77 |
ext4: move setting of trimmed bit into ext4_try_to_trim_range()
[ Upstream commit 45e4ab320c9b5fa67b1fc3b6a9b381cfcc0c8488 ] Currently we set the group's trimmed bit in ext4_trim_all_free() based on return value of ext4_try_to_trim_range(). However when we will want to abort trimming because of suspend attempt, we want to return success from ext4_try_to_trim_range() but not set the trimmed bit. Instead implementing awkward propagation of this information, just move setting of trimmed bit into ext4_try_to_trim_range() when the whole group is trimmed. Cc: stable@kernel.org Signed-off-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230913150504.9054-1-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Kemeng Shi
|
1e3c25df7d |
ext4: replace the traditional ternary conditional operator with with max()/min()
[ Upstream commit de8bf0e5ee7482585450357c6d4eddec8efc5cb7 ] Replace the traditional ternary conditional operator with with max()/min() Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com> Link: https://lore.kernel.org/r/20230801143204.2284343-7-shikemeng@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Stable-dep-of: 45e4ab320c9b ("ext4: move setting of trimmed bit into ext4_try_to_trim_range()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Shida Zhang
|
97d4186c35 |
ext4: fix rec_len verify error
commit 7fda67e8c3ab6069f75888f67958a6d30454a9f6 upstream.
With the configuration PAGE_SIZE 64k and filesystem blocksize 64k,
a problem occurred when more than 13 million files were directly created
under a directory:
EXT4-fs error (device xx): ext4_dx_csum_set:492: inode #xxxx: comm xxxxx: dir seems corrupt? Run e2fsck -D.
EXT4-fs error (device xx): ext4_dx_csum_verify:463: inode #xxxx: comm xxxxx: dir seems corrupt? Run e2fsck -D.
EXT4-fs error (device xx): dx_probe:856: inode #xxxx: block 8188: comm xxxxx: Directory index failed checksum
When enough files are created, the fake_dirent->reclen will be 0xffff.
it doesn't equal to the blocksize 65536, i.e. 0x10000.
But it is not the same condition when blocksize equals to 4k.
when enough files are created, the fake_dirent->reclen will be 0x1000.
it equals to the blocksize 4k, i.e. 0x1000.
The problem seems to be related to the limitation of the 16-bit field
when the blocksize is set to 64k.
To address this, helpers like ext4_rec_len_{from,to}_disk has already
been introduced to complete the conversion between the encoded and the
plain form of rec_len.
So fix this one by using the helper, and all the other in this file too.
Cc: stable@kernel.org
Fixes:
|
||
Luís Henriques
|
1fb3f1bbfd |
ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
commit 7ca4b085f430f3774c3838b3da569ceccd6a0177 upstream.
If the filename casefolding fails, we'll be leaking memory from the
fscrypt_name struct, namely from the 'crypto_buf.name' member.
Make sure we free it in the error path on both ext4_fname_setup_filename()
and ext4_fname_prepare_lookup() functions.
Cc: stable@kernel.org
Fixes:
|