lineage-22.1
20293 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Muchun Song
|
84a212a72c |
mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
commit 3ce2c24cb68f228590a053d6058a5901cd31af61 upstream.
The local variable @page in __split_vmemmap_huge_pmd() to obtain a pmd
page without holding page_table_lock may possiblely get the page table
page instead of a huge pmd page.
The effect may be in set_pte_at() since we may pass an invalid page
struct, if set_pte_at() wants to access the page struct (e.g.
CONFIG_PAGE_TABLE_CHECK is enabled), it may crash the kernel.
So fix it. And inline __split_vmemmap_huge_pmd() since it only has one
user.
Link: https://lkml.kernel.org/r/20230707033859.16148-1-songmuchun@bytedance.com
Fixes:
|
||
Michal Hocko
|
21ef9e1120 |
memcg: drop kmem.limit_in_bytes
commit 86327e8eb94c52eca4f93cfece2e29d1bf52acbf upstream. kmem.limit_in_bytes (v1 way to limit kernel memory usage) has been deprecated since |
||
Kalesh Singh
|
f367915961 |
Multi-gen LRU: fix per-zone reclaim
commit 669281ee7ef731fb5204df9d948669bf32a5e68d upstream.
MGLRU has a LRU list for each zone for each type (anon/file) in each
generation:
long nr_pages[MAX_NR_GENS][ANON_AND_FILE][MAX_NR_ZONES];
The min_seq (oldest generation) can progress independently for each
type but the max_seq (youngest generation) is shared for both anon and
file. This is to maintain a common frame of reference.
In order for eviction to advance the min_seq of a type, all the per-zone
lists in the oldest generation of that type must be empty.
The eviction logic only considers pages from eligible zones for
eviction or promotion.
scan_folios() {
...
for (zone = sc->reclaim_idx; zone >= 0; zone--) {
...
sort_folio(); // Promote
...
isolate_folio(); // Evict
}
...
}
Consider the system has the movable zone configured and default 4
generations. The current state of the system is as shown below
(only illustrating one type for simplicity):
Type: ANON
Zone DMA32 Normal Movable Device
Gen 0 0 0 4GB 0
Gen 1 0 1GB 1MB 0
Gen 2 1MB 4GB 1MB 0
Gen 3 1MB 1MB 1MB 0
Now consider there is a GFP_KERNEL allocation request (eligible zone
index <= Normal), evict_folios() will return without doing any work
since there are no pages to scan in the eligible zones of the oldest
generation. Reclaim won't make progress until triggered from a ZONE_MOVABLE
allocation request; which may not happen soon if there is a lot of free
memory in the movable zone. This can lead to OOM kills, although there
is 1GB pages in the Normal zone of Gen 1 that we have not yet tried to
reclaim.
This issue is not seen in the conventional active/inactive LRU since
there are no per-zone lists.
If there are no (not enough) folios to scan in the eligible zones, move
folios from ineligible zone (zone_index > reclaim_index) to the next
generation. This allows for the progression of min_seq and reclaiming
from the next generation (Gen 1).
Qualcomm, Mediatek and raspberrypi [1] discovered this issue independently.
[1] https://github.com/raspberrypi/linux/issues/5395
Link: https://lkml.kernel.org/r/20230802025606.346758-1-kaleshsingh@google.com
Fixes:
|
||
Yu Zhao
|
a73d04c460 |
mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
commit 6df1b2212950aae2b2188c6645ea18e2a9e3fdd5 upstream. lru_gen_folio will be chained into per-node lists by the coming lrugen->list. Link: https://lkml.kernel.org/r/20221222041905.2431096-3-yuzhao@google.com Signed-off-by: Yu Zhao <yuzhao@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Michael Larabel <Michael@MichaelLarabel.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Mike Rapoport <rppt@kernel.org> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
dbb69752f7 |
This is the 6.1.53 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUBaBUACgkQONu9yGCS
aT6OkBAArqBSUyCYQJrhoUlFYBnBqF7BLSkj0GwINGSUOlt5ilJ3kZwH9ftjvpWp
ZtO0Rp/1yH2H5PpcsaLljPl055Sf30e0oCkz6vX16vy17NGnzI4rJi55+nRZbFRH
tBMhMjblgIJoTiTPEQPSGghENok+QzJ9Imffo4/Wru3w5ytkBnGcPPXreHJw+8V5
Pjhzg5tcjhz23rk2wzVtR4VfEqWaHQaapv49rKB1Yls578WYn4QXl4jgUyB7rCo7
9vBB7xy77H1hr9m8ifB/9v1ToV/vw6L1xGPWWWbhsSikFAMBoq34SCsq+6RdeURo
43CCcFsx1s5acM7NQWvxkoV5Hgl8Hc3WgFsx5eVBlNd+vS6ezkgdYuGmN76t+dF/
hZ7XGEoEFuoz9NKQC/5rKjdBd2p/IQYx6vf8EpK0IxFPD4h+DY9pn0FvwuAmxAcA
M41xLYGbXX5l/QJR016B1AYiB3DqVxRRRyQT0yNip+PDAh2N06MOJ84KgMSR9lg7
jyeFKZM2vQ619RopMIspuHTWxNiMw7x94aUhBnY1oD+fDzaRn+VNL8po6QYHLK8U
QTDhrWplTbTuGIF72h+1IyX1aUj6ozoCewl9Y9ry1u9jBb7LZoupVd0s1dwqORIk
2OSo74pDu5F2BT+4hEcCpDRcYvWlfKbZWBunRrMqvHN8BON0Mks=
=aFyS
-----END PGP SIGNATURE-----
Merge 6.1.53 into android14-6.1-lts
Changes in 6.1.53
Revert "bridge: Add extack warning when enabling STP in netns."
Partially revert "drm/amd/display: Fix possible underflow for displays with large vblank"
scsi: ufs: Try harder to change the power mode
Revert "Revert drm/amd/display: Enable Freesync Video Mode by default"
ARM: dts: imx: Set default tuning step for imx7d usdhc
ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform
powerpc/boot: Disable power10 features after BOOTAFLAGS assignment
media: uapi: HEVC: Add num_delta_pocs_of_ref_rps_idx field
Revert "MIPS: unhide PATA_PLATFORM"
phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code
media: amphion: use dev_err_probe
media: pulse8-cec: handle possible ping error
media: pci: cx23885: fix error handling for cx23885 ATSC boards
9p: virtio: fix unlikely null pointer deref in handle_rerror
9p: virtio: make sure 'offs' is initialized in zc_request
ksmbd: fix out of bounds in smb3_decrypt_req()
ksmbd: validate session id and tree id in compound request
ksmbd: no response from compound read
ksmbd: fix out of bounds in init_smb2_rsp_hdr()
ASoC: da7219: Flush pending AAD IRQ when suspending
ASoC: da7219: Check for failure reading AAD IRQ events
ASoC: nau8821: Add DMI quirk mechanism for active-high jack-detect
ethernet: atheros: fix return value check in atl1c_tso_csum()
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
s390/dasd: fix hanging device after request requeue
fs/nls: make load_nls() take a const parameter
ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
ASoc: codecs: ES8316: Fix DMIC config
ASoC: rt711: fix for JD event handling in ClockStop Mode0
ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
ASoC: atmel: Fix the 8K sample parameter in I2SC master
ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
platform/x86: intel: hid: Always call BTNL ACPI method
platform/x86/intel/hid: Add HP Dragonfly G2 to VGBS DMI quirks
platform/x86: think-lmi: Use kfree_sensitive instead of kfree
platform/x86: asus-wmi: Fix setting RGB mode on some TUF laptops
platform/x86: huawei-wmi: Silence ambient light sensor
drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock
drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family
drm/amd/display: Exit idle optimizations before attempt to access PHY
ovl: Always reevaluate the file signature for IMA
ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer()
ALSA: usb-audio: Update for native DSD support quirks
staging: fbtft: ili9341: use macro FBTFT_REGISTER_SPI_DRIVER
security: keys: perform capable check only on privileged operations
kprobes: Prohibit probing on CFI preamble symbol
clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM
vmbus_testing: fix wrong python syntax for integer value comparison
Revert "wifi: ath6k: silence false positive -Wno-dangling-pointer warning on GCC 12"
net: dsa: microchip: KSZ9477 register regmap alignment to 32 bit boundaries
net: annotate data-races around sk->sk_{rcv|snd}timeo
net: usb: qmi_wwan: add Quectel EM05GV2
wifi: brcmfmac: Fix field-spanning write in brcmf_scan_params_v2_to_v1()
powerpc/powermac: Use early_* IO variants in via_calibrate_decr()
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
platform/x86/amd/pmf: Fix unsigned comparison with less than zero
scsi: lpfc: Remove reftag check in DIF paths
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
net: hns3: restore user pause configure when disable autoneg
drm/amdgpu: Match against exact bootloader status
wifi: cfg80211: remove links only on AP
wifi: mac80211: Use active_links instead of valid_links in Tx
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
cifs: fix sockaddr comparison in iface_cmp
cifs: fix max_credits implementation
sctp: handle invalid error codes without calling BUG()
scsi: aacraid: Reply queue mapping to CPUs based on IRQ affinity
scsi: storvsc: Always set no_report_opcodes
scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path
LoongArch: Let pmd_present() return true when splitting pmd
LoongArch: Fix the write_fcsr() macro
ALSA: seq: oss: Fix racy open/close of MIDI devices
net: sfp: handle 100G/25G active optical cables in sfp_parse_support
tracing: Introduce pipe_cpumask to avoid race on trace_pipes
platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications
of: property: Simplify of_link_to_phandle()
cpufreq: intel_pstate: set stale CPU frequency to minimum
crypto: rsa-pkcs1pad - Use helper to set reqsize
tpm: Enable hwrng only for Pluton on AMD CPUs
KVM: x86/mmu: Use kstrtobool() instead of strtobool()
KVM: x86/mmu: Add "never" option to allow sticky disabling of nx_huge_pages
net: Avoid address overwrite in kernel_connect
drm/amd/display: ensure async flips are only accepted for fast updates
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
Revert "PCI: tegra194: Enable support for 256 Byte payload"
Revert "net: macsec: preserve ingress frame ordering"
tools lib subcmd: Add install target
tools lib subcmd: Make install_headers clearer
tools lib subcmd: Add dependency test to install_headers
tools/resolve_btfids: Use pkg-config to locate libelf
tools/resolve_btfids: Install subcmd headers
tools/resolve_btfids: Alter how HOSTCC is forced
tools/resolve_btfids: Compile resolve_btfids as host program
tools/resolve_btfids: Tidy HOST_OVERRIDES
tools/resolve_btfids: Pass HOSTCFLAGS as EXTRA_CFLAGS to prepare targets
tools/resolve_btfids: Fix setting HOSTCFLAGS
reiserfs: Check the return value from __getblk()
eventfd: prevent underflow for eventfd semaphores
fs: Fix error checking for d_hash_and_lookup()
iomap: Remove large folio handling in iomap_invalidate_folio()
tmpfs: verify {g,u}id mount options correctly
selftests/harness: Actually report SKIP for signal tests
vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing
ARM: ptrace: Restore syscall restart tracing
ARM: ptrace: Restore syscall skipping for tracers
refscale: Fix uninitalized use of wait_queue_head_t
OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
selftests/resctrl: Add resctrl.h into build deps
selftests/resctrl: Don't leak buffer in fill_cache()
selftests/resctrl: Unmount resctrl FS if child fails to run benchmark
selftests/resctrl: Close perf value read fd on errors
arm64/ptrace: Clean up error handling path in sve_set_common()
sched/psi: Select KERNFS as needed
x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved
arm64/sme: Don't use streaming mode to probe the maximum SME VL
arm64/fpsimd: Only provide the length to cpufeature for xCR registers
sched/rt: Fix sysctl_sched_rr_timeslice intial value
perf/imx_ddr: don't enable counter0 if none of 4 counters are used
selftests/futex: Order calls to futex_lock_pi
s390/pkey: fix/harmonize internal keyblob headers
s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_GENSECK2 IOCTL
s390/pkey: fix PKEY_TYPE_EP11_AES handling for sysfs attributes
s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs
irqchip/loongson-eiointc: Fix return value checking of eiointc_index
ACPI: x86: s2idle: Post-increment variables when getting constraints
ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table
thermal/of: Fix potential uninitialized value access
cpufreq: amd-pstate-ut: Remove module parameter access
cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver
x86/efistub: Fix PCI ROM preservation in mixed mode
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
selftests/bpf: Fix bpf_nf failure upon test rerun
bpftool: use a local copy of perf_event to fix accessing :: Bpf_cookie
bpftool: Define a local bpf_perf_link to fix accessing its fields
bpftool: Use a local copy of BPF_LINK_TYPE_PERF_EVENT in pid_iter.bpf.c
bpftool: Use a local bpf_perf_event_value to fix accessing its fields
libbpf: Fix realloc API handling in zero-sized edge cases
bpf: Clear the probe_addr for uprobe
bpf: Fix an error in verifying a field in a union
crypto: qat - change value of default idle filter
tcp: tcp_enter_quickack_mode() should be static
hwrng: nomadik - keep clock enabled while hwrng is registered
hwrng: pic32 - use devm_clk_get_enabled
regmap: rbtree: Use alloc_flags for memory allocations
wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set()
wifi: mt76: mt7921: fix non-PSC channel scan fail
udp: re-score reuseport groups when connected sockets are present
bpf: reject unhashed sockets in bpf_sk_assign
wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mt76: mt7915: fix power-limits while chan_switch
wifi: mwifiex: Fix OOB and integer underflow when rx packets
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
selftests/bpf: fix static assert compilation issue for test_cls_*.c
kbuild: rust_is_available: remove -v option
kbuild: rust_is_available: fix version check when CC has multiple arguments
kbuild: rust_is_available: add check for `bindgen` invocation
kbuild: rust_is_available: fix confusion when a version appears in the path
crypto: stm32 - Properly handle pm_runtime_get failing
crypto: api - Use work queue in crypto_destroy_instance
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
Bluetooth: Fix potential use-after-free when clear keys
Bluetooth: hci_sync: Don't double print name in add/remove adv_monitor
Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()
net: tcp: fix unexcepted socket die when snd_wnd is 0
selftests/bpf: Fix repeat option when kfunc_call verification fails
selftests/bpf: Clean up fmod_ret in bench_rename test script
net-memcg: Fix scope of sockmem pressure indicators
ice: ice_aq_check_events: fix off-by-one check when filling buffer
crypto: caam - fix unchecked return value error
hwrng: iproc-rng200 - Implement suspend and resume calls
lwt: Fix return values of BPF xmit ops
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
net: annotate data-races around sk->sk_lingertime
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
ARM: dts: Add .dts files missing from the build
samples/bpf: fix bio latency check with tracepoint
samples/bpf: fix broken map lookup probe
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute
mac80211: make ieee80211_tx_info padding explicit
wifi: mwifiex: avoid possible NULL skb pointer dereference
Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave()
arm64: mm: use ptep_clear() instead of pte_clear() in clear_flush()
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
ice: avoid executing commands on other ports when driving sync
net: arcnet: Do not call kfree_skb() under local_irq_disable()
mlxsw: i2c: Fix chunk size setting in output mailbox buffer
mlxsw: i2c: Limit single transaction buffer size
mlxsw: core_hwmon: Adjust module label names based on MTCAP sensor counter
hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
octeontx2-pf: Refactor schedular queue alloc/free calls
octeontx2-pf: Fix PFC TX scheduler free
cteonxt2-pf: Fix backpressure config for multiple PFC priorities to work simultaneously
sfc: Check firmware supports Ethernet PTP filter
net/sched: sch_hfsc: Ensure inner classes have fsc curve
netrom: Deny concurrent connect().
drm/bridge: tc358764: Fix debug print parameter order
ASoC: cs43130: Fix numerator/denominator mixup
quota: factor out dquot_write_dquot()
quota: rename dquot_active() to inode_quota_active()
quota: add new helper dquot_active()
quota: fix dqput() to follow the guarantees dquot_srcu should provide
drm/amd/display: Do not set drr on pipe commit
drm/hyperv: Fix a compilation issue because of not including screen_info.h
ASoC: stac9766: fix build errors with REGMAP_AC97
soc: qcom: ocmem: Add OCMEM hardware version print
soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros
arm64: dts: qcom: sm6350: Fix ZAP region
arm64: dts: qcom: sm8250: correct dynamic power coefficients
arm64: dts: qcom: msm8916-l8150: correct light sensor VDDIO supply
arm64: dts: qcom: sm8250-edo: Add gpio line names for TLMM
arm64: dts: qcom: sm8250-edo: Add GPIO line names for PMIC GPIOs
arm64: dts: qcom: sm8250-edo: Rectify gpio-keys
arm64: dts: qcom: sc8280xp-crd: Correct vreg_misc_3p3 GPIO
arm64: dts: qcom: sc8280xp: Add missing SCM interconnect
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
arm64: dts: qcom: sdm845-tama: Set serial indices and stdout-path
arm64: dts: qcom: sm8350: Fix CPU idle state residency times
arm64: dts: qcom: sm8350: Add missing LMH interrupts to cpufreq
arm64: dts: qcom: sm8350: Use proper CPU compatibles
arm64: dts: qcom: pm8350: fix thermal zone name
arm64: dts: qcom: pm8350b: fix thermal zone name
arm64: dts: qcom: pmr735b: fix thermal zone name
arm64: dts: qcom: pmk8350: fix ADC-TM compatible string
arm64: dts: qcom: sm8250: Mark PCIe hosts as DMA coherent
ARM: dts: stm32: Rename mdio0 to mdio
ARM: dts: stm32: YAML validation fails for Argon Boards
ARM: dts: stm32: adopt generic iio bindings for adc channels on emstamp-argon
ARM: dts: stm32: Add missing detach mailbox for emtrion emSBC-Argon
ARM: dts: stm32: YAML validation fails for Odyssey Boards
ARM: dts: stm32: Add missing detach mailbox for Odyssey SoM
ARM: dts: stm32: Update to generic ADC channel binding on DHSOM systems
ARM: dts: stm32: Add missing detach mailbox for DHCOM SoM
firmware: ti_sci: Use system_state to determine polling
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
arm64: tegra: Fix HSUART for Jetson AGX Orin
arm64: dts: qcom: sm8250-sony-xperia: correct GPIO keys wakeup again
arm64: dts: qcom: pm6150l: Add missing short interrupt
arm64: dts: qcom: pm660l: Add missing short interrupt
arm64: dts: qcom: pmi8994: Add missing OVP interrupt
arm64: tegra: Fix HSUART for Smaug
drm/etnaviv: fix dumping of active MMU context
block: cleanup queue_wc_store
block: don't allow enabling a cache on devices that don't support it
x86/mm: Fix PAT bit missing from page protection modify mask
drm/bridge: anx7625: Use common macros for DP power sequencing commands
drm/bridge: anx7625: Use common macros for HDCP capabilities
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC
arm64: dts: qcom: sdm845: Fix the min frequency of "ice_core_clk"
arm64: dts: qcom: msm8996-gemini: fix touchscreen VIO supply
drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
md: Factor out is_md_suspended helper
md: Change active_io to percpu
md: restore 'noio_flag' for the last mddev_resume()
md/raid10: factor out dereference_rdev_and_rrdev()
md/raid10: use dereference_rdev_and_rrdev() to get devices
md/md-bitmap: remove unnecessary local variable in backlog_store()
md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
drm/msm: Update dev core dump to not print backwards
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
arm64: dts: qcom: sm8150: Fix the I2C7 interrupt
ARM: dts: BCM53573: Fix Tenda AC9 switch CPU port
drm/armada: Fix off-by-one error in armada_overlay_get_property()
drm/repaper: Reduce temporary buffer size in repaper_fb_dirty()
drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
soc: qcom: smem: Fix incompatible types in comparison
drm/msm/mdp5: Don't leak some plane state
firmware: meson_sm: fix to avoid potential NULL pointer dereference
drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done
smackfs: Prevent underflow in smk_set_cipso()
drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create()
drm/msm/a2xx: Call adreno_gpu_init() earlier
audit: fix possible soft lockup in __audit_inode_child()
block/mq-deadline: use correct way to throttling write requests
io_uring: fix drain stalls by invalid SQE
drm/mediatek: dp: Add missing error checks in mtk_dp_parse_capabilities
bus: ti-sysc: Fix build warning for 64-bit build
drm/mediatek: Remove freeing not dynamic allocated memory
ARM: dts: qcom: ipq4019: correct SDHCI XO clock
drm/mediatek: Fix potential memory leak if vmap() fail
arm64: dts: qcom: apq8016-sbc: Fix ov5640 regulator supply names
arm64: dts: qcom: msm8998: Drop bus clock reference from MMSS SMMU
arm64: dts: qcom: msm8998: Add missing power domain to MMSS SMMU
arm64: dts: qcom: msm8996: Fix dsi1 interrupts
arm64: dts: qcom: sc8280xp-x13s: Unreserve NC pins
bus: ti-sysc: Fix cast to enum warning
md/raid5-cache: fix a deadlock in r5l_exit_log()
md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()
firmware: cs_dsp: Fix new control name check
md: add error_handlers for raid0 and linear
md/raid0: Factor out helper for mapping and submitting a bio
md/raid0: Fix performance regression for large sequential writes
md: raid0: account for split bio in iostat accounting
ASoC: SOF: amd: clear dsp to host interrupt status
of: overlay: Call of_changeset_init() early
of: unittest: Fix overlay type in apply/revert check
ALSA: ac97: Fix possible error value of *rac97
ipmi:ssif: Add check for kstrdup
ipmi:ssif: Fix a memory leak when scanning for an adapter
clk: qcom: gpucc-sm6350: Introduce index-based clk lookup
clk: qcom: gpucc-sm6350: Fix clock source names
clk: qcom: gcc-sc8280xp: Add EMAC GDSCs
clk: qcom: gcc-sc8280xp: Add missing GDSC flags
dt-bindings: clock: qcom,gcc-sc8280xp: Add missing GDSCs
clk: qcom: gcc-sc8280xp: Add missing GDSCs
clk: rockchip: rk3568: Fix PLL rate setting for 78.75MHz
PCI: apple: Initialize pcie->nvecs before use
PCI: qcom-ep: Switch MHI bus master clock off during L1SS
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
PCI/DOE: Fix destroy_work_on_stack() race
clk: sunxi-ng: Modify mismatched function name
clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
EDAC/igen6: Fix the issue of no error events
ext4: correct grp validation in ext4_mb_good_group
ext4: avoid potential data overflow in next_linear_group
clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src
kvm/vfio: Prepare for accepting vfio device fd
kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add()
clk: qcom: reset: Use the correct type of sleep/delay based on length
clk: qcom: gcc-sm6350: Fix gcc_sdcc2_apps_clk_src
PCI: microchip: Correct the DED and SEC interrupt bit offsets
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
pinctrl: mcp23s08: check return value of devm_kasprintf()
PCI: Allow drivers to request exclusive config regions
PCI: Add locking to RMW PCI Express Capability Register accessors
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI/ASPM: Use RMW accessors for changing LNKCTL
clk: qcom: gcc-sm8450: Use floor ops for SDCC RCGs
clk: imx: pllv4: Fix SPLL2 MULT range
clk: imx: imx8ulp: update SPLL2 type
clk: imx8mp: fix sai4 clock
clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE
vfio/type1: fix cap_migration information leak
nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()
nvdimm: Fix dereference after free in register_nvdimm_pmu()
powerpc/fadump: reset dump area size if fadump memory reserve fails
powerpc/perf: Convert fsl_emb notifier to state machine callbacks
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/radeon: Use RMW accessors for changing LNKCTL
net/mlx5: Use RMW accessors for changing LNKCTL
wifi: ath11k: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
NFSv4.2: Rework scratch handling for READ_PLUS
NFSv4.2: Fix READ_PLUS smatch warnings
NFSv4.2: Fix up READ_PLUS alignment
NFSv4.2: Fix READ_PLUS size calculations
powerpc: Don't include lppaca.h in paca.h
powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
nfs/blocklayout: Use the passed in gfp flags
powerpc/pseries: Fix hcall tracepoints with JUMP_LABEL=n
powerpc/mpc5xxx: Add missing fwnode_handle_put()
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
ext4: fix unttached inode after power cut with orphan file feature enabled
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ
pNFS: Fix assignment of xprtdata.cred
cgroup/cpuset: Inherit parent's load balance state in v2
RDMA/qedr: Remove a duplicate assignment in irdma_query_ah()
media: ov5640: fix low resolution image abnormal issue
media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables
media: i2c: tvp5150: check return value of devm_kasprintf()
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind
iommu: rockchip: Fix directory table address encoding
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
RDMA/siw: Fabricate a GID on tun and loopback devices
scsi: hisi_sas: Fix warnings detected by sparse
scsi: hisi_sas: Fix normally completed I/O analysed as failed
dt-bindings: extcon: maxim,max77843: restrict connector properties
media: amphion: reinit vpu if reqbufs output 0
media: amphion: add helper function to get id name
media: mtk-jpeg: Fix use after free bug due to uncanceled work
media: rkvdec: increase max supported height for H.264
media: amphion: fix CHECKED_RETURN issues reported by coverity
media: amphion: fix REVERSE_INULL issues reported by coverity
media: amphion: fix UNINIT issues reported by coverity
media: amphion: fix UNUSED_VALUE issue reported by coverity
media: amphion: ensure the bitops don't cross boundaries
media: mediatek: vcodec: Return NULL if no vdec_fb is found
media: mediatek: vcodec: fix potential double free
media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init()
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: RDMA/srp: Fix residual handling
scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param()
scsi: iscsi: Add length check for nlattr payload
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
iio: accel: adxl313: Fix adxl313_i2c_id[] table
serial: sprd: Assign sprd_port after initialized to avoid wrong access
serial: sprd: Fix DMA buffer leak issue
x86/APM: drop the duplicate APM_MINOR_DEV macro
RDMA/rxe: Split rxe_run_task() into two subroutines
RDMA/rxe: Fix incomplete state save in rxe_requester
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
RDMA/irdma: Replace one-element array with flexible-array member
coresight: tmc: Explicit type conversions to prevent integer overflow
interconnect: qcom: qcm2290: Enable sync state
dma-buf/sync_file: Fix docs syntax
driver core: test_async: fix an error code
driver core: Call dma_cleanup() on the test_remove path
kernfs: add stub helper for kernfs_generic_poll()
extcon: cht_wc: add POWER_SUPPLY dependency
iommu/mediatek: Remove unused "mapping" member from mtk_iommu_data
iommu/mediatek: Fix two IOMMU share pagetable issue
iommu/sprd: Add missing force_aperture
RDMA/hns: Fix port active speed
RDMA/hns: Fix incorrect post-send with direct wqe of wr-list
RDMA/hns: Fix inaccurate error label name in init instance
RDMA/hns: Fix CQ and QP cache affinity
IB/uverbs: Fix an potential error pointer dereference
fsi: aspeed: Reset master errors after CFAM reset
iommu/qcom: Disable and reset context bank before programming
iommu/vt-d: Fix to flush cache of PASID directory table
platform/x86: dell-sysman: Fix reference leak
media: cec: core: add adap_nb_transmit_canceled() callback
media: cec: core: add adap_unconfigured() callback
media: go7007: Remove redundant if statement
media: venus: hfi_venus: Only consider sys_idle_indicator on V1
docs: ABI: fix spelling/grammar in SBEFIFO timeout interface
USB: gadget: core: Add missing kerneldoc for vbus_work
USB: gadget: f_mass_storage: Fix unused variable warning
drivers: base: Free devm resources when unregistering a device
HID: input: Support devices sending Eraser without Invert
media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
media: ov5640: Fix initial RESETB state and annotate timings
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
media: ov2680: Remove auto-gain and auto-exposure controls
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s
media: ov2680: Don't take the lock for try_fmt calls
media: ov2680: Add ov2680_fill_format() helper function
media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
media: i2c: rdacm21: Fix uninitialized value
f2fs: fix to avoid mmap vs set_compress_option case
f2fs: judge whether discard_unit is section only when have CONFIG_BLK_DEV_ZONED
f2fs: Only lfs mode is allowed with zoned block device feature
Revert "f2fs: fix to do sanity check on extent cache correctly"
cgroup:namespace: Remove unused cgroup_namespaces_init()
coresight: trbe: Fix TRBE potential sleep in atomic context
RDMA/irdma: Prevent zero-length STAG registration
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
interconnect: qcom: sm8450: Enable sync_state
interconnect: qcom: bcm-voter: Improve enable_mask handling
interconnect: qcom: bcm-voter: Use enable_maks for keepalive voting
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
RDMA/siw: Balance the reference of cep->kref in the error path
RDMA/siw: Correct wrong debug message
RDMA/efa: Fix wrong resources deallocation order
HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
HID: uclogic: Correct devm device reference for hidinput input_dev name
HID: multitouch: Correct devm device reference for hidinput input_dev name
platform/x86/amd/pmf: Fix a missing cleanup path
tick/rcu: Fix false positive "softirq work is pending" messages
x86/speculation: Mark all Skylake CPUs as vulnerable to GDS
tracing: Remove extra space at the end of hwlat_detector/mode
tracing: Fix race issue between cpu buffer write and swap
mtd: rawnand: brcmnand: Fix mtd oobsize
dmaengine: idxd: Modify the dependence of attribute pasid_enabled
phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate
phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write
rpmsg: glink: Add check for kstrdup
leds: pwm: Fix error code in led_pwm_create_fwnode()
leds: multicolor: Use rounded division when calculating color components
leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false
leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead
mtd: spi-nor: Check bus width while setting QE bit
mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume()
um: Fix hostaudio build errors
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
Drivers: hv: vmbus: Don't dereference ACPI root object handle
cpufreq: Fix the race condition while updating the transition_task of policy
virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: nft_exthdr: Fix non-linear header modification
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
skbuff: skb_segment, Call zero copy functions before using skbuff frags
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
rcu: dump vmalloc memory info safely
printk: ringbuffer: Fix truncating buffer size min_t cast
scsi: core: Fix the scsi_set_resid() documentation
mm/vmalloc: add a safer version of find_vm_area() for debug
cpu/hotplug: Prevent self deadlock on CPU hot-unplug
media: i2c: ccs: Check rules is non-NULL
media: i2c: Add a camera sensor top level menu
PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address
ipmi_si: fix a memleak in try_smi_init()
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
XArray: Do not return sibling entries from xa_load()
io_uring: break iopolling on signal
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
drm/amd/display: register edp_backlight_control() for DCN301
xtensa: PMU: fix base address for the newer hardware
LoongArch: mm: Add p?d_leaf() definitions
i3c: master: svc: fix probe failure when no i3c device exist
arm64: csum: Fix OoB access in IP checksum code for negative lengths
ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs.
media: dvb: symbol fixup for dvb_attach()
media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts
Revert "scsi: qla2xxx: Fix buffer overrun"
scsi: mpt3sas: Perform additional retries if doorbell read returns 0
PCI: Free released resource after coalescing
PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation
PCI/PM: Only read PCI_PM_CTRL register when available
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
block: don't add or resize partition on the disk with GENHD_FL_NO_PART
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
drm/amd/display: Add smu write msg id fail retry process
bpf: Fix issue in verifying allow_ptr_leaks
dlm: fix plock lookup when using multiple lockspaces
dccp: Fix out of bounds access in DCCP error handler
x86/sev: Make enc_dec_hypercall() accept a size instead of npages
r8169: fix ASPM-related issues on a number of systems with NIC version from RTL8168h
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
fsverity: skip PKCS#7 parser when keyring is empty
x86/MCE: Always save CS register on AMD Zen IF Poison errors
platform/chrome: chromeos_acpi: print hex string for ACPI_TYPE_BUFFER
mmc: renesas_sdhi: register irqs before registering controller
pstore/ram: Check start of empty przs during init
arm64: sdei: abort running SDEI handlers during crash
s390/dcssblk: fix kernel crash with list_add corruption
s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
s390/dasd: fix string length handling
crypto: stm32 - fix loop iterating through scatterlist for DMA
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
of: property: fw_devlink: Add a devlink for panel followers
usb: typec: tcpm: set initial svdm version based on pd revision
usb: typec: bus: verify partner exists in typec_altmode_attention
USB: core: Unite old scheme and new scheme descriptor reads
USB: core: Change usb_get_device_descriptor() API
USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
USB: core: Fix oversight in SuperSpeed initialization
x86/sgx: Break up long non-preemptible delays in sgx_vepc_release()
perf/x86/uncore: Correct the number of CHAs on EMR
serial: sc16is7xx: remove obsolete out_thread label
serial: sc16is7xx: fix regression with GPIO configuration
tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY
Revert "drm/amd/display: Do not set drr on pipe commit"
md: Free resources in __md_stop
NFSv4.2: Fix a potential double free with READ_PLUS
NFSv4.2: Rework scratch handling for READ_PLUS (again)
md: fix regression for null-ptr-deference in __md_stop()
clk: Mark a fwnode as initialized when using CLK_OF_DECLARE() macro
treewide: Fix probing of devices in DT overlays
clk: Avoid invalid function names in CLK_OF_DECLARE()
udf: initialize newblock to 0
Linux 6.1.53
Change-Id: I6f5858bce0f20963ae42515eac36ac14cb686f24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
0910193fd6 |
Merge 6.1.50 into android14-6.1-lts
Changes in 6.1.50
NFSv4.2: fix error handling in nfs42_proc_getxattr
NFSv4: fix out path in __nfs4_get_acl_uncached
xprtrdma: Remap Receive buffers after a reconnect
drm/ast: Use drm_aperture_remove_conflicting_pci_framebuffers
fbdev/radeon: use pci aperture helpers
drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers
drm/aperture: Remove primary argument
video/aperture: Only kick vgacon when the pdev is decoding vga
video/aperture: Move vga handling to pci function
PCI: acpiphp: Reassign resources on bridge if necessary
MIPS: cpu-features: Enable octeon_cache by cpu_type
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
jbd2: remove t_checkpoint_io_list
jbd2: remove journal_clean_one_cp_list()
jbd2: fix a race when checking checkpoint buffer busy
can: raw: fix receiver memory leak
can: raw: fix lockdep issue in raw_release()
s390/zcrypt: remove unnecessary (void *) conversions
s390/zcrypt: fix reply buffer calculations for CCA replies
drm/i915: Add the gen12_needs_ccs_aux_inv helper
drm/i915/gt: Ensure memory quiesced before invalidation
drm/i915/gt: Poll aux invalidation register bit on invalidation
drm/i915/gt: Support aux invalidation on all engines
tracing: Fix cpu buffers unavailable due to 'record_disabled' missed
tracing: Fix memleak due to race between current_tracer and trace
octeontx2-af: SDP: fix receive link config
devlink: move code to a dedicated directory
devlink: add missing unregister linecard notification
net: dsa: felix: fix oversize frame dropping for always closed tc-taprio gates
sock: annotate data-races around prot->memory_pressure
dccp: annotate data-races in dccp_poll()
ipvlan: Fix a reference count leak warning in ipvlan_ns_exit()
mlxsw: pci: Set time stamp fields also when its type is MIRROR_UTC
mlxsw: reg: Fix SSPR register layout
mlxsw: Fix the size of 'VIRT_ROUTER_MSB'
selftests: mlxsw: Fix test failure on Spectrum-4
net: dsa: mt7530: fix handling of 802.1X PAE frames
net: bgmac: Fix return value check for fixed_phy_register()
net: bcmgenet: Fix return value check for fixed_phy_register()
net: validate veth and vxcan peer ifindexes
ipv4: fix data-races around inet->inet_id
ice: fix receive buffer size miscalculation
Revert "ice: Fix ice VF reset during iavf initialization"
ice: Fix NULL pointer deref during VF reset
selftests: bonding: do not set port down before adding to bond
can: isotp: fix support for transmission of SF without flow control
igb: Avoid starting unnecessary workqueues
igc: Fix the typo in the PTM Control macro
net/sched: fix a qdisc modification with ambiguous command request
i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters()
netfilter: nf_tables: flush pending destroy work before netlink notifier
netfilter: nf_tables: fix out of memory error handling
rtnetlink: Reject negative ifindexes in RTM_NEWLINK
bonding: fix macvlan over alb bond support
KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated
KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs
io_uring: get rid of double locking
io_uring: extract a io_msg_install_complete helper
io_uring/msg_ring: move double lock/unlock helpers higher up
io_uring/msg_ring: fix missing lock on overflow for IOPOLL
ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
ASoC: cs35l41: Correct amp_gain_tlv values
ibmveth: Use dcbf rather than dcbfl
wifi: mac80211: limit reorder_buf_filtered to avoid UBSAN warning
platform/x86: ideapad-laptop: Add support for new hotkeys found on ThinkBook 14s Yoga ITL
NFSv4: Fix dropped lock for racing OPEN and delegation return
clk: Fix slab-out-of-bounds error in devm_clk_release()
mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer
shmem: fix smaps BUG sleeping while atomic
ALSA: ymfpci: Fix the missing snd_card_free() call at probe error
mm/gup: handle cont-PTE hugetlb pages correctly in gup_must_unshare() via GUP-fast
mm: add a call to flush_cache_vmap() in vmap_pfn()
mm: memory-failure: fix unexpected return value in soft_offline_page()
NFS: Fix a use after free in nfs_direct_join_group()
nfsd: Fix race to FREE_STATEID and cl_revoked
selinux: set next pointer before attaching to list
batman-adv: Trigger events for auto adjusted MTU
batman-adv: Don't increase MTU when set by user
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Hold rtnl lock during MTU update via netlink
lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
riscv: Handle zicsr/zifencei issue between gcc and binutils
riscv: Fix build errors using binutils2.37 toolchains
radix tree: remove unused variable
of: unittest: Fix EXPECT for parse_phandle_with_args_map() test
of: dynamic: Refactor action prints to not use "%pOF" inside devtree_lock
pinctrl: amd: Mask wake bits on probe again
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
drm/vmwgfx: Fix shader stage validation
drm/i915/dgfx: Enable d3cold at s2idle
drm/display/dp: Fix the DP DSC Receiver cap size
x86/fpu: Invalidate FPU state correctly on exec()
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
hwmon: (aquacomputer_d5next) Add selective 200ms delay after sending ctrl report
selftests/net: mv bpf/nat6to4.c to net folder
nfs: use vfs setgid helper
nfsd: use vfs setgid helper
cgroup/cpuset: Rename functions dealing with DEADLINE accounting
sched/cpuset: Bring back cpuset_mutex
sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets
cgroup/cpuset: Iterate only if DEADLINE tasks are present
sched/deadline: Create DL BW alloc, free & check overflow interface
cgroup/cpuset: Free DL BW in case can_attach() fails
thunderbolt: Fix Thunderbolt 3 display flickering issue on 2nd hot plug onwards
ublk: remove check IO_URING_F_SQE128 in ublk_ch_uring_cmd
can: raw: add missing refcount for memory leak fix
madvise:madvise_free_pte_range(): don't use mapcount() against large folio for sharing check
scsi: snic: Fix double free in snic_tgt_create()
scsi: core: raid_class: Remove raid_component_add()
clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
pinctrl: renesas: rzg2l: Fix NULL pointer dereference in rzg2l_dt_subnode_to_map()
pinctrl: renesas: rzv2m: Fix NULL pointer dereference in rzv2m_dt_subnode_to_map()
pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function}
dma-buf/sw_sync: Avoid recursive lock during fence signal
gpio: sim: dispose of irq mappings before destroying the irq_sim domain
gpio: sim: pass the GPIO device's software node to irq domain
ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ
maple_tree: disable mas_wr_append() when other readers are possible
ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
Linux 6.1.50
Change-Id: I9b8e3da5baa106b08b2b90974c19128141817580
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
xiaosong.ma
|
bbc9d3bc0b |
ANDROID: vendor_hooks: mm: Add tune_swappiness vendor hook in get_swappiness()
Add hook in get_swappiness() for customized swappiness when lru_gen is enabled. Bug: 299548382 Test: buid pass Change-Id: If15cb4f71fda6c0b24359f8dc439a090a5434dc9 Signed-off-by: xiaosong.ma <xiaosong.ma@unisoc.com> |
||
jianzhou
|
dd83e88d4d |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (bd65f1b) into qcom-6.1
* refs/heads/tmp-bd65f1b: ANDROID: uid_sys_stats: Use llist for deferred work UPSTREAM: usb: typec: ucsi: Fix command cancellation ANDROID: GKI: update symbol list file for xiaomi UPSTREAM: erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF UPSTREAM: erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF UPSTREAM: erofs: Fix detection of atomic context UPSTREAM: erofs: fix compact 4B support for 16k block size UPSTREAM: erofs: kill hooked chains to avoid loops on deduplicated compressed images UPSTREAM: erofs: fix potential overflow calculating xattr_isize UPSTREAM: erofs: stop parsing non-compact HEAD index if clusterofs is invalid UPSTREAM: erofs: initialize packed inode after root inode is assigned ANDROID: GKI: Update ABI for zsmalloc fixes BACKPORT: zsmalloc: fix races between modifications of fullness and isolated UPSTREAM: zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks ANDROID: consolidate.fragment: Enable slub debug in consolidate-fragment BACKPORT: FROMGIT: mm: handle faults that merely update the accessed bit under the VMA lock FROMLIST: mm: Allow fault_dirty_shared_page() to be called under the VMA lock FROMGIT: mm: handle swap and NUMA PTE faults under the VMA lock FROMGIT: mm: run the fault-around code under the VMA lock FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check down from do_fault() FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check down in handle_pte_fault() BACKPORT: FROMGIT: mm: handle some PMD faults under the VMA lock BACKPORT: FROMGIT: mm: handle PUD faults under the VMA lock FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check from handle_mm_fault() BACKPORT: FROMGIT: mm: allow per-VMA locks on file-backed VMAs FROMGIT: mm: remove CONFIG_PER_VMA_LOCK ifdefs FROMGIT: mm: fix a lockdep issue in vma_assert_write_locked FROMGIT: mm: handle userfaults under VMA lock FROMGIT: mm: handle swap page faults under per-VMA lock FROMGIT: mm: change folio_lock_or_retry to use vm_fault directly BACKPORT: FROMGIT: mm: drop per-VMA lock when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED BACKPORT: FROMGIT: mm: move vma locking out of vma_prepare and dup_anon_vma BACKPORT: FROMGIT: mm: always lock new vma before inserting into vma tree FROMGIT: mm: lock vma explicitly before doing vm_flags_reset and vm_flags_reset_once FROMGIT: mm: replace mmap with vma write lock assertions when operating on a vma FROMGIT: mm: for !CONFIG_PER_VMA_LOCK equate write lock assertion for vma and mmap FROMGIT: mm: don't drop VMA locks in mm_drop_all_locks() BACKPORT: riscv: mm: try VMA lock-based page fault handling first BACKPORT: FROMGIT: mm: enable page walking API to lock vmas during the walk BACKPORT: mm: lock VMA in dup_anon_vma() before setting ->anon_vma UPSTREAM: mm: fix memory ordering for mm_lock_seq and vm_lock_seq FROMGIT: usb: host: ehci-sched: try to turn on io watchdog as long as periodic_count > 0 FROMGIT: BACKPORT: usb: ehci: add workaround for chipidea PORTSC.PEC bug UPSTREAM: tty: n_gsm: fix UAF in gsm_cleanup_mux UPSTREAM: mm/mmap: Fix extra maple tree write FROMGIT: Multi-gen LRU: skip CMA pages when they are not eligible UPSTREAM: mm: skip CMA pages when they are not available UPSTREAM: dma-buf: fix an error pointer vs NULL bug UPSTREAM: dma-buf: keep the signaling time of merged fences v3 UPSTREAM: netfilter: nf_tables: skip bound chain on rule flush UPSTREAM: net/sched: sch_qfq: account for stab overhead in qfq_enqueue UPSTREAM: net/sched: sch_qfq: refactor parsing of netlink parameters UPSTREAM: netfilter: nft_set_pipapo: fix improper element removal ANDROID: Add checkpatch target. UPSTREAM: USB: Gadget: core: Help prevent panic during UVC unconfigure ANDROID: GKI: Update symbols to symbol list ANDROID: vendor_hook: fix the error record position of mutex ANDROID: ABI: add allowed list for galaxy ANDROID: gfp: add __GFP_CMA in gfpflag_names ANDROID: ABI: Update to fix slab-out-of-bounds in xhci_vendor_get_ops ANDROID: usb: host: fix slab-out-of-bounds in xhci_vendor_get_ops ANDROID: GKI: update pixel symbol list for xhci FROMGIT: fs: drop_caches: draining pages before dropping caches ANDROID: GKI: update symbol list file for xiaomi ANDROID: uid_sys_stats: Use a single work for deferred updates ANDROID: ABI: Update symbol for Exynos SoC ANDROID: GKI: Add symbols to symbol list for vivo ANDROID: vendor_hooks: Add tune scan type hook in get_scan_count() FROMGIT: BACKPORT: Multi-gen LRU: Fix can_swap in lru_gen_look_around() FROMGIT: Multi-gen LRU: Avoid race in inc_min_seq() FROMGIT: Multi-gen LRU: Fix per-zone reclaim ANDROID: ABI: update symbol list for galaxy ANDROID: oplus: Update the ABI xml and symbol list ANDROID: vendor_hooks: Add hooks for lookaround ANDROID: ABI: Update STG ABI to format version 2 ANDROID: ABI: Update symbol list for imx FROMGIT: erofs: fix wrong primary bvec selection on deduplicated extents UPSTREAM: media: Add ABGR64_12 video format BACKPORT: media: Add BGR48_12 video format UPSTREAM: media: Add YUV48_12 video format UPSTREAM: media: Add Y212 v4l2 format info UPSTREAM: media: Add Y210, Y212 and Y216 formats UPSTREAM: media: Add Y012 video format UPSTREAM: media: Add P012 and P012M video format ANDROID: GKI: Create symbol files in include/config ANDROID: fuse-bpf: Use stored bpf for create_open ANDROID: fuse-bpf: Add bpf to negative fuse_dentry ANDROID: fuse-bpf: Check inode not null ANDROID: fuse-bpf: Fix flock test compile error ANDROID: fuse-bpf: Add partial ioctl support ANDROID: ABI: Update oplus symbol list UPSTREAM: mm/mempolicy: Take VMA lock before replacing policy BACKPORT: mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock BACKPORT: FROMGIT: irqchip/gic-v3: Workaround for GIC-700 erratum 2941627 ANDROID: GKI: update xiaomi symbol list UPSTREAM: mm: lock newly mapped VMA with corrected ordering UPSTREAM: fork: lock VMAs of the parent process when forking UPSTREAM: mm: lock newly mapped VMA which can be modified after it becomes visible UPSTREAM: mm: lock a vma before stack expansion ANDROID: GKI: bring back find_extend_vma() BACKPORT: mm: always expand the stack with the mmap write lock held BACKPORT: execve: expand new process stack manually ahead of time ANDROID: abi_gki_aarch64_qcom: ufshcd_mcq_poll_cqe_lock UPSTREAM: mm: make find_extend_vma() fail if write lock not held UPSTREAM: powerpc/mm: convert coprocessor fault to lock_mm_and_find_vma() UPSTREAM: mm/fault: convert remaining simple cases to lock_mm_and_find_vma() UPSTREAM: arm/mm: Convert to using lock_mm_and_find_vma() UPSTREAM: riscv/mm: Convert to using lock_mm_and_find_vma() UPSTREAM: mips/mm: Convert to using lock_mm_and_find_vma() UPSTREAM: powerpc/mm: Convert to using lock_mm_and_find_vma() BACKPORT: arch/arm64/mm/fault: Fix undeclared variable error in do_page_fault() BACKPORT: arm64/mm: Convert to using lock_mm_and_find_vma() UPSTREAM: mm: make the page fault mmap locking killable ANDROID: Inherit "user-aware property" across rtmutex. BACKPORT: blk-crypto: use dynamic lock class for blk_crypto_profile::lock ANDROID: ABI: update symbol list for Xclipse GPU ANDROID: drm/ttm: export ttm_tt_unpopulate() ANDROID: GKI: Add ABI symbol list(devlink) for MTK ANDROID: devlink: Select CONFIG_NET_DEVLINK in Kconfig.gki ANDROID: KVM: arm64: Fix memory ordering for pKVM module callbacks BACKPORT: mm: introduce new 'lock_mm_and_find_vma()' page fault helper BACKPORT: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() UPSTREAM: x86/smp: Cure kexec() vs. mwait_play_dead() breakage UPSTREAM: x86/smp: Use dedicated cache-line for mwait_play_dead() UPSTREAM: x86/smp: Remove pointless wmb()s from native_stop_other_cpus() UPSTREAM: x86/smp: Dont access non-existing CPUID leaf UPSTREAM: x86/smp: Make stop_other_cpus() more robust UPSTREAM: x86/microcode/AMD: Load late on both threads too BACKPORT: mm, hwpoison: when copy-on-write hits poison, take page offline UPSTREAM: mm, hwpoison: try to recover from copy-on write faults BACKPORT: mm/mmap: Fix error return in do_vmi_align_munmap() BACKPORT: mm/mmap: Fix error path in do_vmi_align_munmap() UPSTREAM: HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651. UPSTREAM: HID: hidraw: fix data race on device refcount UPSTREAM: can: isotp: isotp_sendmsg(): fix return error fix on TX path UPSTREAM: fbdev: fix potential OOB read in fast_imageblit() ANDROID: GKI: add function symbols for unisoc ANDROID: cgroup: Cleanup android_rvh_cgroup_force_kthread_migration UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free UPSTREAM: netfilter: nf_tables: fix chain binding transaction logic ANDROID: abi_gki_aarch64_qcom: update abi UPSTREAM: fs/ntfs3: Check fields while reading ANDROID: GKI: Update abi_gki_aarch64_qcom ANDROID: ABI: Update pixel symbol list ANDROID: GKI: Move GKI module headers to generated includes ANDROID: set kmi_symbol_list_add_only for Kleaf builds. ANDROID: GKI: Add Android ABI padding to wwan_port_ops ANDROID: GKI: Add Android ABI padding to wwan_ops ANDROID: update symbol list for unisoc regmap vendor hook ANDROID: GKI: Update mtk ABI symbol list UPSTREAM: media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() ANDROID: abi_gki_aarch64_qcom: Update QCOM symbol list ANDROID: ABI: Update pixel symbol list ANDROID: GKI: add ABI symbol for xiaomi ANDROID: vendor_hooks: add vendor hook to support SAGT FROMLIST: fuse: revalidate: don't invalidate if interrupted ANDROID: GKI: Update pixel symbol list for thermal ANDROID: thermal: Add vendor thermal genl check ANDROID: GKI: Update the pixel symbol list ANDROID: GKI: Update protected exports FROMGIT: mm: add missing VM_FAULT_RESULT_TRACE name for VM_FAULT_COMPLETED FROMGIT: swap: remove remnants of polling from read_swap_cache_async UPSTREAM: io_uring/poll: serialize poll linked timer start with poll removal Change-Id: Ib4aaa987f777d4cdb0897af78aecb19aaee8d68b Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@10801570 UKQ2.230913.001 Signed-off-by: jianzhou <quic_jianzhou@quicinc.com> |
||
|
Greg Kroah-Hartman
|
50874c58d8 |
Merge 6.1.47 into android14-6.1-lts
Changes in 6.1.47 mmc: sdhci-f-sdh30: Replace with sdhci_pltfm cpuidle: psci: Extend information in log about OSI/PC mode cpuidle: psci: Move enabling OSI mode after power domains creation zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks zsmalloc: fix races between modifications of fullness and isolated selftests: forwarding: tc_actions: cleanup temporary files when test is aborted selftests: forwarding: tc_actions: Use ncat instead of nc net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore net/smc: Fix setsockopt and sysctl to specify same buffer size again net: phy: at803x: Use devm_regulator_get_enable_optional() net: phy: at803x: fix the wol setting functions drm/amdgpu: fix calltrace warning in amddrm_buddy_fini drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 drm/amdgpu: fix memory leak in mes self test ASoC: Intel: sof_sdw: add quirk for MTL RVP ASoC: Intel: sof_sdw: add quirk for LNL RVP PCI: tegra194: Fix possible array out of bounds access ASoC: SOF: amd: Add pci revision id check drm/stm: ltdc: fix late dereference check drm: rcar-du: remove R-Car H3 ES1.* workarounds ASoC: amd: vangogh: Add check for acp config flags in vangogh platform ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings ASoC: Intel: sof_sdw_rt_sdca_jack_common: test SOF_JACK_JDSRC in _exit ASoC: Intel: sof_sdw: Add support for Rex soundwire iopoll: Call cpu_relax() in busy loops ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion dma-remap: use kvmalloc_array/kvfree for larger dma memory remap accel/habanalabs: add pci health check during heartbeat HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard iommu/amd: Introduce Disable IRTE Caching Support drm/amdgpu: install stub fence into potential unused fence pointers drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz RDMA/mlx5: Return the firmware result upon destroying QP/RQ drm/amd/display: Skip DPP DTO update if root clock is gated drm/amd/display: Enable dcn314 DPP RCO ASoC: SOF: core: Free the firmware trace before calling snd_sof_shutdown() HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio smb: client: fix warning in cifs_smb3_do_mount() cifs: fix session state check in reconnect to avoid use-after-free issue serial: stm32: Ignore return value of uart_remove_one_port() in .remove() led: qcom-lpg: Fix resource leaks in for_each_available_child_of_node() loops media: v4l2-mem2mem: add lock to protect parameter num_rdy media: camss: set VFE bpl_alignment to 16 for sdm845 and sm8250 usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push usb: gadget: uvc: queue empty isoc requests if no video buffer is available media: platform: mediatek: vpu: fix NULL ptr dereference thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() usb: chipidea: imx: don't request QoS for imx8ulp usb: chipidea: imx: add missing USB PHY DPDM wakeup setting gfs2: Fix possible data races in gfs2_show_options() pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() thunderbolt: Add Intel Barlow Ridge PCI ID thunderbolt: Limit Intel Barlow Ridge USB3 bandwidth firewire: net: fix use after free in fwnet_finish_incoming_packet() watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) Bluetooth: L2CAP: Fix use-after-free Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally ceph: try to dump the msgs when decoding fails drm/amdgpu: Fix potential fence use-after-free v2 fs/ntfs3: Enhance sanity check while generating attr_list fs: ntfs3: Fix possible null-pointer dereferences in mi_read() fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() ALSA: hda/realtek: Add quirk for ASUS ROG GX650P ALSA: hda/realtek: Add quirk for ASUS ROG GA402X ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V powerpc/kasan: Disable KCOV in KASAN code Bluetooth: MGMT: Use correct address for memcpy() ring-buffer: Do not swap cpu_buffer during resize process igc: read before write to SRRCTL register drm/amd/display: save restore hdcp state when display is unplugged from mst hub drm/amd/display: phase3 mst hdcp for multiple displays drm/amd/display: fix access hdcp_workqueue assert KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node fbdev/hyperv-fb: Do not set struct fb_info.apertures video/aperture: Only remove sysfb on the default vga pci device btrfs: move out now unused BG from the reclaim list btrfs: convert btrfs_block_group::needs_free_space to runtime flag btrfs: convert btrfs_block_group::seq_zone to runtime flag btrfs: fix use-after-free of new block group that became unused virtio-mmio: don't break lifecycle of vm_dev vduse: Use proper spinlock for IRQ injection vdpa/mlx5: Fix mr->initialized semantics vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary cifs: fix potential oops in cifs_oplock_break i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue i2c: hisi: Only handle the interrupt of the driver's transfer i2c: tegra: Fix i2c-tegra DMA config option processing fbdev: mmp: fix value check in mmphw_probe() powerpc/rtas_flash: allow user copy to flash block cache objects vdpa: Add features attr to vdpa_nl_policy for nlattr length check vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check vdpa: Enable strict validation for netlinks ops tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms btrfs: fix incorrect splitting in btrfs_drop_extent_map_range btrfs: fix BUG_ON condition in btrfs_cancel_balance i2c: designware: Correct length byte validation logic i2c: designware: Handle invalid SMBus block data response length value net: xfrm: Fix xfrm_address_filter OOB read net: af_key: fix sadb_x_filter validation net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure xfrm: fix slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 ip_vti: fix potential slab-use-after-free in decode_session6 xfrm: add NULL check in xfrm_update_ae_params xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH virtio_net: notify MAC address change on device initialization virtio-net: set queues after driver_ok net: pcs: Add missing put_device call in miic_create net: phy: fix IRQ-based wake-on-lan over hibernate / power off selftests: mirror_gre_changes: Tighten up the TTL test match drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs net: macb: In ZynqMP resume always configure PS GTR for non-wakeup source octeon_ep: cancel tx_timeout_task later in remove sequence netfilter: nf_tables: fix false-positive lockdep splat netfilter: nf_tables: deactivate catchall elements in next generation ipvs: fix racy memcpy in proc_do_sync_threshold netfilter: nft_dynset: disallow object maps net: phy: broadcom: stub c45 read/write for 54810 team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net: openvswitch: reject negative ifindex iavf: fix FDIR rule fields masks validation i40e: fix misleading debug logs net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset sfc: don't unregister flow_indr if it was never registered sock: Fix misuse of sk_under_memory_pressure() net: do not allow gso_size to be set to GSO_BY_FRAGS qede: fix firmware halt over suspend and resume ice: Block switchdev mode when ADQ is active and vice versa bus: ti-sysc: Flush posted write on enable before reset arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 arm64: dts: rockchip: Disable HS400 for eMMC on ROCK 4C+ ARM: dts: imx: align LED node names with dtschema ARM: dts: imx6: phytec: fix RTC interrupt level arm64: dts: imx8mm: Drop CSI1 PHY reference clock configuration ARM: dts: imx: Set default tuning step for imx6sx usdhc arm64: dts: imx93: Fix anatop node size ASoC: rt5665: add missed regulator_bulk_disable ASoC: meson: axg-tdm-formatter: fix channel slot allocation ALSA: hda/realtek: Add quirks for HP G11 Laptops soc: aspeed: uart-routing: Use __sysfs_match_string soc: aspeed: socinfo: Add kfree for kstrdup ALSA: hda/realtek - Remodified 3k pull low procedure riscv: uaccess: Return the number of bytes effectively not copied serial: 8250: Fix oops for port->pm on uart_change_pm() ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. cifs: Release folio lock on fscache read hit. virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards blk-crypto: dynamically allocate fallback profile mmc: wbsd: fix double mmc_free_host() in wbsd_init() mmc: block: Fix in_flight[issue_type] value error drm/qxl: fix UAF on handle creation drm/i915/sdvo: fix panel_type initialization drm/amd: flush any delayed gfxoff on suspend entry drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG drm/amd/display: disable RCO for DCN314 zsmalloc: allow only one active pool compaction context sched/fair: unlink misfit task from cpu overutilized sched/fair: Remove capacity inversion detection drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register hugetlb: do not clear hugetlb dtor until allocating vmemmap netfilter: set default timeout to 3 secs for sctp shutdown send and recv state arm64/ptrace: Ensure that SME is set up for target when writing SSVE state drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 drm/amdgpu: keep irq count in amdgpu_irq_disable_all af_unix: Fix null-ptr-deref in unix_stream_sendpage(). drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove Linux 6.1.47 Change-Id: I7c55c71f43f88a1d44d39c835e3f6e58d4c86279 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
706ba4ef8d |
Merge 6.1.45 into android14-6.1-lts
Changes in 6.1.45 io_uring: gate iowait schedule on having pending requests perf: Fix function pointer case net/mlx5: Free irqs only on shutdown callback net: ipa: only reset hashed tables when supported iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 iommu/arm-smmu-v3: Document MMU-700 erratum 2812531 iommu/arm-smmu-v3: Add explicit feature for nesting iommu/arm-smmu-v3: Document nesting-related errata arm64: dts: imx8mm-venice-gw7903: disable disp_blk_ctrl arm64: dts: imx8mm-venice-gw7904: disable disp_blk_ctrl arm64: dts: phycore-imx8mm: Label typo-fix of VPU arm64: dts: phycore-imx8mm: Correction in gpio-line-names arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux arm64: dts: freescale: Fix VPU G2 clock firmware: smccc: Fix use of uninitialised results structure lib/bitmap: workaround const_eval test build failure firmware: arm_scmi: Fix chan_free cleanup on SMC word-at-a-time: use the same return type for has_zero regardless of endianness KVM: s390: fix sthyi error handling erofs: fix wrong primary bvec selection on deduplicated extents wifi: cfg80211: Fix return value in scan logic net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx net/mlx5: fix potential memory leak in mlx5e_init_rep_rx net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set net/mlx5e: Move representor neigh cleanup to profile cleanup_tx bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length net: dsa: fix value check in bcm_sf2_sw_probe() perf test uprobe_from_different_cu: Skip if there is no gcc net: sched: cls_u32: Fix match key mis-addressing mISDN: hfcpci: Fix potential deadlock on &hc->lock qed: Fix scheduling in a tasklet while getting stats net: annotate data-races around sk->sk_reserved_mem net: annotate data-race around sk->sk_txrehash net: annotate data-races around sk->sk_max_pacing_rate net: add missing READ_ONCE(sk->sk_rcvlowat) annotation net: add missing READ_ONCE(sk->sk_sndbuf) annotation net: add missing READ_ONCE(sk->sk_rcvbuf) annotation net: annotate data-races around sk->sk_mark net: add missing data-race annotations around sk->sk_peek_off net: add missing data-race annotation for sk_ll_usec net: annotate data-races around sk->sk_priority net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. ice: Fix RDMA VSI removal during queue rebuild bpf, cpumap: Handle skb as well when clean up ptr_ring net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire net: ll_temac: fix error checking of irq_of_parse_and_map() net: korina: handle clk prepare error in korina_probe() net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode bnxt_en: Fix page pool logic for page size >= 64K bnxt_en: Fix max_mtu setting for multi-buf XDP net: dcb: choose correct policy to parse DCB_ATTR_BCN s390/qeth: Don't call dev_close/dev_open (DOWN/UP) ip6mr: Fix skb_under_panic in ip6mr_cache_report() vxlan: Fix nexthop hash size net/mlx5: fs_core: Make find_closest_ft more generic net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio prestera: fix fallback to previous version on same major version tcp_metrics: fix addr_same() helper tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen rust: allocator: Prevent mis-aligned allocation scsi: zfcp: Defer fc_rport blocking until after ADISC response scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices libceph: fix potential hang in ceph_osdc_notify() USB: zaurus: Add ID for A-300/B-500/C-700 ceph: defer stopping mdsc delayed_work firmware: arm_scmi: Drop OF node reference in the transport channel setup exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree exfat: release s_lock before calling dir_emit() mtd: spinand: toshiba: Fix ecc_get_status mtd: rawnand: meson: fix OOB available bytes for ECC bpf: Disable preemption in bpf_perf_event_output arm64: dts: stratix10: fix incorrect I2C property for SCL signal net: tun_chr_open(): set sk_uid from current_fsuid() net: tap_open(): set sk_uid from current_fsuid() wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction rbd: prevent busy loop when requesting exclusive lock bpf: Disable preemption in bpf_event_output powerpc/ftrace: Create a dummy stackframe to fix stack unwind arm64/fpsimd: Sync and zero pad FPSIMD state for streaming SVE arm64/fpsimd: Clear SME state in the target task when setting the VL arm64/fpsimd: Sync FPSIMD state with SVE for SME only systems open: make RESOLVE_CACHED correctly test for O_TMPFILE drm/ttm: check null pointer before accessing when swapping drm/i915: Fix premature release of request's reusable memory drm/i915/gt: Cleanup aux invalidation registers clk: imx93: Propagate correct error in imx93_clocks_probe() bpf, cpumap: Make sure kthread is running before map update returns file: reinstate f_pos locking optimization for regular files mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list() fs/sysv: Null check to prevent null-ptr-deref bug Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb debugobjects: Recheck debug_objects_enabled before reporting net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb fs: Protect reconfiguration of sb read-write from racing writes ext2: Drop fragment support btrfs: remove BUG_ON()'s in add_new_free_space() f2fs: fix to do sanity check on direct node in truncate_dnode() io_uring: annotate offset timeout races mtd: rawnand: omap_elm: Fix incorrect type in assignment mtd: rawnand: rockchip: fix oobfree offset and description mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() powerpc/mm/altmap: Fix altmap boundary check drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning drm/amd/display: Ensure that planes are in the same order drm/amd/display: skip CLEAR_PAYLOAD_ID_TABLE if device mst_en is 0 selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ f2fs: fix to set flush_merge opt and show noflush_merge f2fs: don't reset unchangable mount option in f2fs_remount() exfat: check if filename entries exceeds max filename length arm64/ptrace: Don't enable SVE when setting streaming SVE drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 drm/amdgpu: Remove unnecessary domain argument drm/amdgpu: Use apt name for FW reserved region Revert "drm/i915: Disable DC states for all commits" x86/CPU/AMD: Do not leak quotient data after a division by 0 Linux 6.1.45 Change-Id: Ic63af3f07f26c867c9fc361b2f7055dbc04143d2 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Joel Fernandes (Google)
|
4245ca8f40 |
mm/vmalloc: add a safer version of find_vm_area() for debug
commit 0818e739b5c061b0251c30152380600fb9b84c0c upstream.
It is unsafe to dump vmalloc area information when trying to do so from
some contexts. Add a safer trylock version of the same function to do a
best-effort VMA finding and use it from vmalloc_dump_obj().
[applied test robot feedback on unused function fix.]
[applied Uladzislau feedback on locking.]
Link: https://lkml.kernel.org/r/20230904180806.1002832-1-joel@joelfernandes.org
Fixes:
|
||
Zqiang
|
3f7a4e88e4 |
rcu: dump vmalloc memory info safely
commit c83ad36a18c02c0f51280b50272327807916987f upstream.
Currently, for double invoke call_rcu(), will dump rcu_head objects memory
info, if the objects is not allocated from the slab allocator, the
vmalloc_dump_obj() will be invoke and the vmap_area_lock spinlock need to
be held, since the call_rcu() can be invoked in interrupt context,
therefore, there is a possibility of spinlock deadlock scenarios.
And in Preempt-RT kernel, the rcutorture test also trigger the following
lockdep warning:
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0
preempt_count: 1, expected: 0
RCU nest depth: 1, expected: 1
3 locks held by swapper/0/1:
#0: ffffffffb534ee80 (fullstop_mutex){+.+.}-{4:4}, at: torture_init_begin+0x24/0xa0
#1: ffffffffb5307940 (rcu_read_lock){....}-{1:3}, at: rcu_torture_init+0x1ec7/0x2370
#2: ffffffffb536af40 (vmap_area_lock){+.+.}-{3:3}, at: find_vmap_area+0x1f/0x70
irq event stamp: 565512
hardirqs last enabled at (565511): [<ffffffffb379b138>] __call_rcu_common+0x218/0x940
hardirqs last disabled at (565512): [<ffffffffb5804262>] rcu_torture_init+0x20b2/0x2370
softirqs last enabled at (399112): [<ffffffffb36b2586>] __local_bh_enable_ip+0x126/0x170
softirqs last disabled at (399106): [<ffffffffb43fef59>] inet_register_protosw+0x9/0x1d0
Preemption disabled at:
[<ffffffffb58040c3>] rcu_torture_init+0x1f13/0x2370
CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.5.0-rc4-rt2-yocto-preempt-rt+ #15
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x68/0xb0
dump_stack+0x14/0x20
__might_resched+0x1aa/0x280
? __pfx_rcu_torture_err_cb+0x10/0x10
rt_spin_lock+0x53/0x130
? find_vmap_area+0x1f/0x70
find_vmap_area+0x1f/0x70
vmalloc_dump_obj+0x20/0x60
mem_dump_obj+0x22/0x90
__call_rcu_common+0x5bf/0x940
? debug_smp_processor_id+0x1b/0x30
call_rcu_hurry+0x14/0x20
rcu_torture_init+0x1f82/0x2370
? __pfx_rcu_torture_leak_cb+0x10/0x10
? __pfx_rcu_torture_leak_cb+0x10/0x10
? __pfx_rcu_torture_init+0x10/0x10
do_one_initcall+0x6c/0x300
? debug_smp_processor_id+0x1b/0x30
kernel_init_freeable+0x2b9/0x540
? __pfx_kernel_init+0x10/0x10
kernel_init+0x1f/0x150
ret_from_fork+0x40/0x50
? __pfx_kernel_init+0x10/0x10
ret_from_fork_asm+0x1b/0x30
</TASK>
The previous patch fixes this by using the deadlock-safe best-effort
version of find_vm_area. However, in case of failure print the fact that
the pointer was a vmalloc pointer so that we print at least something.
Link: https://lkml.kernel.org/r/20230904180806.1002832-2-joel@joelfernandes.org
Fixes:
|
||
Abel Wu
|
0f50641222 |
net-memcg: Fix scope of sockmem pressure indicators
[ Upstream commit ac8a52962164a50e693fa021d3564d7745b83a7f ]
Now there are two indicators of socket memory pressure sit inside
struct mem_cgroup, socket_pressure and tcpmem_pressure, indicating
memory reclaim pressure in memcg->memory and ->tcpmem respectively.
When in legacy mode (cgroupv1), the socket memory is charged into
->tcpmem which is independent of ->memory, so socket_pressure has
nothing to do with socket's pressure at all. Things could be worse
by taking socket_pressure into consideration in legacy mode, as a
pressure in ->memory can lead to premature reclamation/throttling
in socket.
While for the default mode (cgroupv2), the socket memory is charged
into ->memory, and ->tcpmem/->tcpmem_pressure are simply not used.
So {socket,tcpmem}_pressure are only used in default/legacy mode
respectively for indicating socket memory pressure. This patch fixes
the pieces of code that make mixed use of both.
Fixes:
|
||
Christian Brauner
|
c13e6edbad |
tmpfs: verify {g,u}id mount options correctly
[ Upstream commit 0200679fc7953177941e41c2a4241d0b6c2c5de8 ]
A while ago we received the following report:
"The other outstanding issue I noticed comes from the fact that
fsconfig syscalls may occur in a different userns than that which
called fsopen. That means that resolving the uid/gid via
current_user_ns() can save a kuid that isn't mapped in the associated
namespace when the filesystem is finally mounted. This means that it
is possible for an unprivileged user to create files owned by any
group in a tmpfs mount (since we can set the SUID bit on the tmpfs
directory), or a tmpfs that is owned by any user, including the root
group/user."
The contract for {g,u}id mount options and {g,u}id values in general set
from userspace has always been that they are translated according to the
caller's idmapping. In so far, tmpfs has been doing the correct thing.
But since tmpfs is mountable in unprivileged contexts it is also
necessary to verify that the resulting {k,g}uid is representable in the
namespace of the superblock to avoid such bugs as above.
The new mount api's cross-namespace delegation abilities are already
widely used. After having talked to a bunch of userspace this is the
most faithful solution with minimal regression risks. I know of one
users - systemd - that makes use of the new mount api in this way and
they don't set unresolable {g,u}ids. So the regression risk is minimal.
Link: https://lore.kernel.org/lkml/CALxfFW4BXhEwxR0Q5LSkg-8Vb4r2MONKCcUCVioehXQKr35eHg@mail.gmail.com
Fixes:
|
||
zhengtangquan
|
6e5f182128 |
ANDROID: signal: Add vendor hook for memory reap
Add vendor hook to determine if the memory of a process that received the SIGKILL can be reaped. Partial cherry-pick of aosp/1724512 & aosp/2093626. Bug: 232062955 Change-Id: I75072bd264df33caff67d083821ee6f33ca83af9 Signed-off-by: Tangquan Zheng <zhengtangquan@oppo.com> |
||
|
Kalesh Singh
|
0500235e3f |
ANDROID: vendor_hook: Add vendor hook to decide scan abort policy
Allow vendor hook to enable checking of the high water marks to decide if reclaim should continue scanning. Bug: 224956008 Change-Id: I63fe1fd386e7599451c2df0a04c8440b4fc142fc Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
Sergey Senozhatsky
|
e2fa9ebcae |
UPSTREAM: zsmalloc: allow only one active pool compaction context
zsmalloc pool can be compacted concurrently by many contexts,
e.g.
cc1 handle_mm_fault()
do_anonymous_page()
__alloc_pages_slowpath()
try_to_free_pages()
do_try_to_free_pages(
lru_gen_shrink_node()
shrink_slab()
do_shrink_slab()
zs_shrinker_scan()
zs_compact()
Pool compaction is currently (basically) single-threaded as
it is performed under pool->lock. Having multiple compaction
threads results in unnecessary contention, as each thread
competes for pool->lock. This, in turn, affects all zsmalloc
operations such as zs_malloc(), zs_map_object(), zs_free(), etc.
Introduce the pool->compaction_in_progress atomic variable,
which ensures that only one compaction context can run at a
time. This reduces overall pool->lock contention in (corner)
cases when many contexts attempt to shrink zspool simultaneously.
Link: https://lkml.kernel.org/r/20230418074639.1903197-1-senozhatsky@chromium.org
Fixes: c0547d0b6a4b ("zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks")
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reviewed-by: Yosry Ahmed <yosryahmed@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit
|
||
|
jianzhou
|
3424390dea |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (6c948d5) into
qcom-6.1 * refs/heads/tmp-6c948d5: ANDROID: GKI: Update ABI for zsmalloc fixes BACKPORT: zsmalloc: fix races between modifications of fullness and isolated UPSTREAM: zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks FROMGIT: usb: host: ehci-sched: try to turn on io watchdog as long as periodic_count > 0 FROMGIT: BACKPORT: usb: ehci: add workaround for chipidea PORTSC.PEC bug UPSTREAM: dma-buf: fix an error pointer vs NULL bug UPSTREAM: dma-buf: keep the signaling time of merged fences v3 FROMGIT: Multi-gen LRU: Fix per-zone reclaim UPSTREAM: USB: Gadget: core: Help prevent panic during UVC unconfigure Change-Id: I6a32e00d90e1cb950fec95db001a7cb01b61ee36 Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@10773472 UKQ2.230907.001 Signed-off-by: jianzhou <quic_jianzhou@quicinc.com> |
||
|
Greg Kroah-Hartman
|
f1311733c2 |
Merge 6.1.40 into android14-6.1-lts
Changes in 6.1.40 HID: amd_sfh: Rename the float32 variable HID: amd_sfh: Fix for shift-out-of-bounds net: lan743x: Don't sleep in atomic context workqueue: clean up WORK_* constant types, clarify masking ksmbd: add missing compound request handing in some commands ksmbd: fix out of bounds read in smb2_sess_setup drm/panel: simple: Add connector_type for innolux_at043tn24 drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime swiotlb: always set the number of areas before allocating the pool swiotlb: reduce the swiotlb buffer size on allocation failure swiotlb: reduce the number of areas to match actual memory pool size drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags ice: Fix max_rate check while configuring TX rate limits igc: Remove delay during TX ring configuration net/mlx5e: fix double free in mlx5e_destroy_flow_table net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create net/mlx5e: fix memory leak in mlx5e_ptp_open net/mlx5e: Check for NOT_READY flag state after locking igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings igc: Handle PPS start time programming for past time values blk-crypto: use dynamic lock class for blk_crypto_profile::lock scsi: qla2xxx: Fix error code in qla2x00_start_sp() scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER bpf: Fix max stack depth check for async callbacks net: mvneta: fix txq_map in case of txq_number==1 net/sched: cls_fw: Fix improper refcount update leads to use-after-free gve: Set default duplex configuration to full octeontx2-af: Promisc enable/disable through mbox octeontx2-af: Move validation of ptp pointer before its usage ionic: remove WARN_ON to prevent panic_on_warn net: bgmac: postpone turning IRQs off to avoid SoC hangs net: prevent skb corruption on frag list segmentation icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). udp6: fix udp6_ehashfn() typo ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: ntb_transport: fix possible memory leak while device_register() fails NTB: ntb_tool: Add check for devm_kcalloc ipv6/addrconf: fix a potential refcount underflow for idev net: dsa: qca8k: Add check for skb_copy platform/x86: wmi: Break possible infinite loop when parsing GUID kernel/trace: Fix cleanup logic of enable_trace_eprobe igc: Fix launchtime before start of cycle igc: Fix inserting of empty frame for launchtime nvme: fix the NVME_ID_NS_NVM_STS_MASK definition riscv, bpf: Fix inconsistent JIT image generation drm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner drm/i915: Fix one wrong caching mode enum usage octeontx2-pf: Add additional check for MCAM rules erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF erofs: fix fsdax unavailability for chunk-based regular files wifi: airo: avoid uninitialized warning in airo_get_rate() bpf: cpumap: Fix memory leak in cpu_map_update_elem net/sched: flower: Ensure both minimum and maximum ports are specified riscv: mm: fix truncation warning on RV32 netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() net/sched: make psched_mtu() RTNL-less safe wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() net/sched: sch_qfq: refactor parsing of netlink parameters net/sched: sch_qfq: account for stab overhead in qfq_enqueue nvme-pci: fix DMA direction of unmapping integrity data fs/ntfs3: Check fields while reading ovl: let helper ovl_i_path_real() return the realinode ovl: fix null pointer dereference in ovl_get_acl_rcu() cifs: fix session state check in smb2_find_smb_ses drm/client: Send hotplug event after registering a client drm/amdgpu/sdma4: set align mask to 255 drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario drm/amdgpu: add the fan abnormal detection feature drm/amdgpu: Fix minmax warning drm/amd/pm: add abnormal fan detection for smu 13.0.0 f2fs: fix the wrong condition to determine atomic context f2fs: fix deadlock in i_xattr_sem and inode page lock pinctrl: amd: Add Z-state wake control bits pinctrl: amd: Adjust debugfs output pinctrl: amd: Add fields for interrupt status and wake status pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Detect and mask spurious interrupts pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Use amd_pinconf_set() for all config options pinctrl: amd: Drop pull up select configuration pinctrl: amd: Unify debounce handling into amd_pinconf_set() tpm: Do not remap from ACPI resources again for Pluton TPM tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes tpm: return false from tpm_amd_is_rng_defective on non-x86 platforms mtd: rawnand: meson: fix unaligned DMA buffers handling net: bcmgenet: Ensure MDIO unregistration has clocks enabled net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver kasan: add kasan_tag_mismatch prototype tracing/user_events: Fix incorrect return value for writing operation when events are disabled powerpc: Fail build if using recordmcount with binutils v2.37 misc: fastrpc: Create fastrpc scalar with correct buffer count powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 powerpc/64s: Fix native_hpte_remove() to be irq-safe MIPS: Loongson: Fix cpu_probe_loongson() again MIPS: KVM: Fix NULL pointer dereference ext4: Fix reusing stale buffer heads from last failed mounting ext4: fix wrong unit use in ext4_mb_clear_bb ext4: get block from bh in ext4_free_blocks for fast commit replay ext4: fix wrong unit use in ext4_mb_new_blocks ext4: fix to check return value of freeze_bdev() in ext4_shutdown() ext4: turn quotas off if mount failed after enabling quotas ext4: only update i_reserved_data_blocks on successful block allocation fs: dlm: revert check required context while close soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup ext2/dax: Fix ext2_setsize when len is page aligned jfs: jfs_dmap: Validate db_l2nbperpage while mounting hwrng: imx-rngc - fix the timeout for init and self check dm integrity: reduce vmalloc space footprint on 32-bit architectures scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O s390/zcrypt: do not retry administrative requests PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold PCI: Release resource invalidated by coalescing PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: epf-test: Fix DMA transfer completion initialization PCI: epf-test: Fix DMA transfer completion detection PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Set address alignment for endpoint mode misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test mfd: pm8008: Fix module autoloading md/raid0: add discard support for the 'original' layout dm init: add dm-mod.waitfor to wait for asynchronously probed block devices fs: dlm: return positive pid value for F_GETLK fs: dlm: fix cleanup pending ops when interrupted fs: dlm: interrupt posix locks only when process is killed fs: dlm: make F_SETLK use unkillable wait_event fs: dlm: fix mismatch of plock results from userspace scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() drm/atomic: Allow vblank-enabled + self-refresh "disable" drm/rockchip: vop: Leave vblank enabled in self-refresh drm/amd/display: fix seamless odm transitions drm/amd/display: edp do not add non-edid timings drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 drm/amd/display: disable seamless boot if force_odm_combine is enabled drm/amdgpu: fix clearing mappings for BOs that are always valid in VM drm/amd: Disable PSR-SU on Parade 0803 TCON drm/amd/display: add a NULL pointer check drm/amd/display: Correct `DMUB_FW_VERSION` macro drm/amd/display: Add monitor specific edid quirk drm/amdgpu: avoid restore process run into dead loop. drm/ttm: Don't leak a resource on swapout move error serial: atmel: don't enable IRQs prematurely tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: imx: fix rs485 rx after tx firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() libceph: harden msgr2.1 frame segment length checks ceph: add a dedicated private data for netfs rreq ceph: fix blindly expanding the readahead windows ceph: don't let check_caps skip sending responses for revoke msgs xhci: Fix resume issue of some ZHAOXIN hosts xhci: Fix TRB prefetch issue of ZHAOXIN hosts xhci: Show ZHAOXIN xHCI root hub speed correctly meson saradc: fix clock divider mask length opp: Fix use-after-free in lazy_opp_tables after probe deferral soundwire: qcom: fix storing port config out-of-bounds Revert "8250: add support for ASIX devices with a FIFO bug" bus: ixp4xx: fix IXP4XX_EXP_T1_MASK s390/decompressor: fix misaligned symbol build error dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter tracing/histograms: Add histograms to hist_vars if they have referenced variables tracing: Fix memory leak of iter->temp when reading trace_pipe nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices samples: ftrace: Save required argument registers in sample trampolines perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() regmap-irq: Fix out-of-bounds access when allocating config buffers net: ena: fix shift-out-of-bounds in exponential backoff ring-buffer: Fix deadloop issue on reading trace_pipe ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() drm/amd/pm: share the code around SMU13 pcie parameters update drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 cifs: if deferred close is disabled then close files immediately xtensa: ISS: fix call to split_if_spec perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR PM: QoS: Restore support for default value on frequency QoS pwm: meson: modify and simplify calculation in meson_pwm_get_state pwm: meson: fix handling of period/duty if greater than UINT_MAX fprobe: Release rethook after the ftrace_ops is unregistered fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() tracing: Fix null pointer dereference in tracing_err_log_open() selftests: mptcp: connect: fail if nft supposed to work selftests: mptcp: sockopt: return error if wrong mark selftests: mptcp: userspace_pm: use correct server port selftests: mptcp: userspace_pm: report errors with 'remove' tests selftests: mptcp: depend on SYN_COOKIES selftests: mptcp: pm_nl_ctl: fix 32-bit support tracing/probes: Fix not to count error code to total length tracing/probes: Fix to update dynamic data counter if fetcharg uses it tracing/user_events: Fix struct arg size match check scsi: qla2xxx: Multi-que support for TMF scsi: qla2xxx: Fix task management cmd failure scsi: qla2xxx: Fix task management cmd fail due to unavailable resource scsi: qla2xxx: Fix hang in task management scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix mem access after free scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Avoid fcport pointer dereference scsi: qla2xxx: Fix buffer overrun scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Correct the index of array scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue scsi: qla2xxx: Fix end of loop test MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" swiotlb: mark swiotlb_memblock_alloc() as __init net/sched: sch_qfq: reintroduce lmax bound check for MTU drm/atomic: Fix potential use-after-free in nonblocking commits net/ncsi: make one oem_gma function for all mfr id net/ncsi: change from ndo_set_mac_address to dev_set_mac_address Linux 6.1.40 Change-Id: I5cc6aab178c66d2a23fe2a8d21e71cc4a8b15acf Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b435525822 |
This is the 6.1.39 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmS38qMACgkQONu9yGCS
aT56yQ//ZuDuw8Ev3HISVgZhE9FpuXC1RSYXiMCAvwA9rH3KnJ4wKVPEhEWLy9P4
jdJaatSLbLOvA7ME7JnwZxz2qahjBxo1tpx6u2S3zrzz4UlAPNLwCxTxxp4X07VI
3fBNvsmucqFSayCrA8t9xgkaJizuCvHZm7eSoyVIigPwbB5igc2b+bNSRcx1Zo+j
SHl4Y4nGK8a47XU9RSlDLVKow0/6rrQLHQ9DLpxACArRHw3h451vD0DMcgOuU/Uv
6qq9u3COcdVw3oc5VENu9XklPmvQkxo3RaCUHyRadVstuc0H/BBUDvEhPn5PcVOV
EdBWlTjmhsQo0aUziK4kotLNeX1VRgKa+rrIUBJn68OHv1SRRPZU/eJ8hkL81dCi
FDPzXDOszixO7pPv1jj7O9kNcwKPuiHPmdaNPCY6jviOHhZnAEub44DpQamxWvU/
kb5MZRRY72wt9iWeI3kscCCSbf6eyjlmDMoYIeLuYn10n7gIDU80eUOBl9bqEsz/
X+OUxaY+XuKbCoucpNmSHHLmynJ5D0CXhl/5qnlgMoSo4UJ5BUIMj2e3ZqsKLfrR
e/09MCRX79y9J+TxUunnQZfq5vBlH1tRsvUyhIfYfW4AaC9BrkOL2XZviQldKY6x
FUmsxh62O3iGRtLOWDKQA5MwoJuD54qVcHr1iidWkO2G8T3ctCc=
=kyUh
-----END PGP SIGNATURE-----
Merge 6.1.39 into android14-6.1-lts
Changes in 6.1.39
drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2
fs: pipe: reveal missing function protoypes
block: Fix the type of the second bdev_op_is_zoned_write() argument
erofs: clean up cached I/O strategies
erofs: avoid tagged pointers to mark sync decompression
erofs: remove tagged pointer helpers
erofs: move zdata.h into zdata.c
erofs: kill hooked chains to avoid loops on deduplicated compressed images
x86/resctrl: Only show tasks' pid in current pid namespace
blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
x86/sev: Fix calculation of end address based on number of pages
virt: sevguest: Add CONFIG_CRYPTO dependency
blk-mq: fix potential io hang by wrong 'wake_batch'
lockd: drop inappropriate svc_get() from locked_get()
nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap
nvme-auth: rename authentication work elements
nvme-auth: remove symbol export from nvme_auth_reset
nvme-auth: no need to reset chap contexts on re-authentication
nvme-core: fix memory leak in dhchap_secret_store
nvme-core: fix memory leak in dhchap_ctrl_secret
nvme-auth: don't ignore key generation failures when initializing ctrl keys
nvme-core: add missing fault-injection cleanup
nvme-core: fix dev_pm_qos memleak
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
md/raid10: fix io loss while replacement replace rdev
md/raid1-10: factor out a helper to add bio to plug
md/raid1-10: factor out a helper to submit normal write
md/raid1-10: submit write io directly if bitmap is not enabled
block: fix blktrace debugfs entries leakage
irqchip/stm32-exti: Fix warning on initialized field overwritten
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
svcrdma: Prevent page release when nothing was received
erofs: simplify iloc()
erofs: fix compact 4B support for 16k block size
posix-timers: Prevent RT livelock in itimer_delete()
tick/rcu: Fix bogus ratelimit condition
tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode().
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
PM: domains: fix integer overflow issues in genpd_parse_state()
perf/arm-cmn: Fix DTC reset
x86/mm: Allow guest.enc_status_change_prepare() to fail
x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad()
drivers/perf: hisi: Don't migrate perf to the CPU going to teardown
powercap: RAPL: Fix CONFIG_IOSF_MBI dependency
PM: domains: Move the verification of in-params from genpd_add_device()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
cpufreq: intel_pstate: Fix energy_performance_preference for passive
thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe()
rcu: Make rcu_cpu_starting() rely on interrupts being disabled
rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs
rcutorture: Correct name of use_softirq module parameter
rcuscale: Move shutdown from wait_event() to wait_event_idle()
rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup()
rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale
kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined
perf/ibs: Fix interface via core pmu events
x86/mm: Fix __swp_entry_to_pte() for Xen PV guests
locking/atomic: arm: fix sync ops
evm: Complete description of evm_inode_setattr()
evm: Fix build warnings
ima: Fix build warnings
pstore/ram: Add check for kstrdup
igc: Enable and fix RX hash usage by netstack
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
libbpf: btf_dump_type_data_check_overflow needs to consider BTF_MEMBER_BITFIELD_SIZE
samples/bpf: Fix buffer overflow in tcp_basertt
spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
wifi: wilc1000: fix for absent RSN capabilities WFA testcase
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
sctp: add bpf_bypass_getsockopt proto callback
libbpf: fix offsetof() and container_of() to work with CO-RE
bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
spi: dw: Round of n_bytes to power of 2
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
bpftool: JIT limited misreported as negative value on aarch64
bpf: Remove bpf trampoline selector
bpf: Fix memleak due to fentry attach failure
selftests/bpf: Do not use sign-file as testcase
regulator: core: Fix more error checking for debugfs_create_dir()
regulator: core: Streamline debugfs operations
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60
wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart
wifi: mac80211: recalc min chandef for new STA links
selftests/bpf: Fix check_mtu using wrong variable type
wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
ice: handle extts in the miscellaneous interrupt thread
selftests: cgroup: fix unexpected failure on test_memcg_low
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
mmc: mediatek: Avoid ugly error message when SDIO wakeup IRQ isn't used
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
wifi: mac80211: Fix permissions for valid_links debugfs entry
rtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO
wifi: ath11k: Add missing check for ioremap
wifi: iwlwifi: pull from TXQs with softirqs disabled
wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler()
wifi: mac80211: Remove "Missing iftype sband data/EHT cap" spam
wifi: cfg80211: rewrite merging of inherited elements
wifi: cfg80211: drop incorrect nontransmitted BSS update code
wifi: cfg80211: fix regulatory disconnect with OCB/NAN
wifi: cfg80211/mac80211: Fix ML element common size calculation
wifi: ieee80211: Fix the common size calculation for reconfiguration ML
mmc: Add MMC_QUIRK_BROKEN_SD_CACHE for Kingston Canvas Go Plus from 11/2019
wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
wifi: ath9k: convert msecs to jiffies where needed
bpf: Factor out socket lookup functions for the TC hookpoint.
bpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint
bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings
can: length: fix bitstuffing count
can: kvaser_pciefd: Add function to set skb hwtstamps
can: kvaser_pciefd: Set hardware timestamp on transmitted packets
net: stmmac: fix double serdes powerdown
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
bonding: do not assume skb mac_header is set
selftests: rtnetlink: remove netdevsim device after ipsec offload test
gtp: Fix use-after-free in __gtp_encap_destroy().
net: axienet: Move reset before 64-bit DMA detection
ocfs2: Fix use of slab data with sendpage
sfc: fix crash when reading stats while NIC is resetting
net: nfc: Fix use-after-free caused by nfc_llcp_find_local
lib/ts_bm: reset initial match offset for every block of text
netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
ipvlan: Fix return value of ipvlan_queue_xmit()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
drm/amd/display: Add logging for display MALL refresh setting
radeon: avoid double free in ci_dpm_init()
drm/amd/display: Explicitly specify update type per plane info change
drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show()
Input: drv260x - sleep between polling GO bit
drm/bridge: ti-sn65dsi83: Fix enable error path
drm/bridge: tc358768: always enable HS video mode
drm/bridge: tc358768: fix PLL parameters computation
drm/bridge: tc358768: fix PLL target frequency
drm/bridge: tc358768: fix TCLK_ZEROCNT computation
drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation
drm/bridge: tc358768: fix TCLK_TRAILCNT computation
drm/bridge: tc358768: fix THS_ZEROCNT computation
drm/bridge: tc358768: fix TXTAGOCNT computation
drm/bridge: tc358768: fix THS_TRAILCNT computation
drm/vram-helper: fix function names in vram helper doc
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
ARM: dts: meson8b: correct uart_B and uart_C clock references
mm: call arch_swap_restore() from do_swap_page()
clk: vc5: Use `clamp()` to restrict PLL range
bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page
clk: vc5: Fix .driver_data content in i2c_device_id
clk: vc7: Fix .driver_data content in i2c_device_id
clk: rs9: Fix .driver_data content in i2c_device_id
Input: adxl34x - do not hardcode interrupt trigger type
drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks`
drm/panel: sharp-ls043t1le01: adjust mode settings
driver: soc: xilinx: use _safe loop iterator to avoid a use after free
ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices
drm/vkms: isolate pixel conversion functionality
drm: Add fixed-point helper to get rounded integer values
drm/vkms: Fix RGB565 pixel conversion
ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards
bus: ti-sysc: Fix dispc quirk masking bool variables
arm64: dts: microchip: sparx5: do not use PSCI on reference boards
drm/bridge: tc358767: Switch to devm MIPI-DSI helpers
clk: imx: scu: use _safe list iterator to avoid a use after free
hwmon: (f71882fg) prevent possible division by zero
RDMA/bnxt_re: Disable/kill tasklet only if it is enabled
RDMA/bnxt_re: Fix to remove unnecessary return labels
RDMA/bnxt_re: Use unique names while registering interrupts
RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid
RDMA/bnxt_re: Fix to remove an unnecessary log
drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate
drm/msm/disp/dpu: get timing engine status from intf status register
drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
iommu/virtio: Detach domain on endpoint release
iommu/virtio: Return size mapped for a detached domain
clk: renesas: rzg2l: Fix CPG_SIPLL5_CLK1 register write
ARM: dts: gta04: Move model property out of pinctrl node
drm/bridge: anx7625: Convert to i2c's .probe_new()
drm/bridge: anx7625: Prevent endless probe loop
ARM: dts: qcom: msm8974: do not use underscore in node name (again)
arm64: dts: qcom: msm8916: correct camss unit address
arm64: dts: qcom: msm8916: correct MMC unit address
arm64: dts: qcom: msm8994: correct SPMI unit address
arm64: dts: qcom: msm8996: correct camss unit address
arm64: dts: qcom: sdm630: correct camss unit address
arm64: dts: qcom: sdm845: correct camss unit address
arm64: dts: qcom: sm8350: Add GPI DMA compatible fallback
arm64: dts: qcom: sm8350: correct DMA controller unit address
arm64: dts: qcom: sdm845-polaris: add missing touchscreen child node reg
arm64: dts: qcom: apq8016-sbc: Fix regulator constraints
arm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion
drm/bridge: Introduce pre_enable_prev_first to alter bridge init order
drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ARM: omap2: fix missing tick_broadcast() prototype
arm64: dts: qcom: pm7250b: add missing spmi-vadc include
arm64: dts: qcom: apq8096: fix fixed regulator name property
arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui
ARM: dts: stm32: Shorten the AV96 HDMI sound card name
memory: brcmstb_dpfe: fix testing array offset after use
ARM: dts: qcom: apq8074-dragonboard: Set DMA as remotely controlled
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ASoC: es8316: Do not set rate constraints for unsupported MCLKs
ARM: dts: meson8: correct uart_B and uart_C clock references
soc/fsl/qe: fix usb.c build errors
RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes
IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate
RDMA/hns: Fix hns_roce_table_get return value
ARM: dts: iwg20d-q7-common: Fix backlight pwm specifier
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: ti: k3-j7200: Fix physical address of pin
Input: pm8941-powerkey - fix debounce on gen2+ PMICs
ARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2
ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx
hwmon: (gsc-hwmon) fix fan pwm temperature scaling
hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272
ARM: dts: BCM5301X: fix duplex-full => full-duplex
clk: Export clk_hw_forward_rate_request()
drm/amd/display: Fix a test CalculatePrefetchSchedule()
drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg()
drm/amdkfd: Fix potential deallocation of previously deallocated memory.
soc: mediatek: SVS: Fix MT8192 GPU node name
drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode
drm/radeon: fix possible division-by-zero errors
HID: uclogic: Modular KUnit tests should not depend on KUNIT=y
RDMA/rxe: Add ibdev_dbg macros for rxe
RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_mw.c
RDMA/rxe: Fix access checks in rxe_check_bind_mw
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
drm/msm/a5xx: really check for A510 in a5xx_gpu_init
RDMA/bnxt_re: wraparound mbox producer index
RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context
clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe
clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe
clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()
arm64: dts: qcom: sdm845: Flush RSC sleep & wake votes
arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k
clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks()
clk: clocking-wizard: Fix Oops in clk_wzrd_register_divider()
clk: tegra: tegra124-emc: Fix potential memory leak
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/msm/dpu: do not enable color-management if DSPPs are not available
drm/msm/dpu: Fix slice_last_group_size calculation
drm/msm/dsi: Use DSC slice(s) packet size to compute word count
drm/msm/dsi: Flip greater-than check for slice_count and slice_per_intf
drm/msm/dsi: Remove incorrect references to slice_count
drm/msm/dp: Free resources after unregistering them
arm64: dts: mediatek: Add cpufreq nodes for MT8192
arm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz
drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function.
drm/amdgpu: Fix usage of UMC fill record in RAS
drm/msm/dpu: correct MERGE_3D length
clk: vc5: check memory returned by kasprintf()
clk: cdce925: check return value of kasprintf()
clk: si5341: return error if one synth clock registration fails
clk: si5341: check return value of {devm_}kasprintf()
clk: si5341: free unused memory on probe failure
clk: keystone: sci-clk: check return value of kasprintf()
clk: ti: clkctrl: check return value of kasprintf()
drivers: meson: secure-pwrc: always enable DMA domain
ovl: update of dentry revalidate flags after copy up
ASoC: imx-audmix: check return value of devm_kasprintf()
clk: Fix memory leak in devm_clk_notifier_register()
ARM: dts: lan966x: kontron-d10: fix board reset
ARM: dts: lan966x: kontron-d10: fix SPI CS
ASoC: amd: acp: clear pdm dma interrupt mask
PCI: cadence: Fix Gen2 Link Retraining process
PCI: vmd: Reset VMD config register between soft reboots
scsi: qedf: Fix NULL dereference in error handling
pinctrl: bcm2835: Handle gpiochip_add_pin_range() errors
platform/x86: lenovo-yogabook: Fix work race on remove()
platform/x86: lenovo-yogabook: Reprobe devices on remove()
platform/x86: lenovo-yogabook: Set default keyboard backligh brightness on probe()
PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: pciehp: Cancel bringup sequence if card is not present
PCI: ftpci100: Release the clock resources
pinctrl: sunplus: Add check for kmalloc
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state
perf bench: Add missing setlocale() call to allow usage of %'d style formatting
pinctrl: cherryview: Return correct value if pin in push-pull mode
platform/x86: think-lmi: mutex protection around multiple WMI calls
platform/x86: think-lmi: Correct System password interface
platform/x86: think-lmi: Correct NVME password handling
pinctrl:sunplus: Add check for kmalloc
pinctrl: npcm7xx: Add missing check for ioremap
kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
powerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare()
powerpc/signal32: Force inlining of __unsafe_save_user_regs() and save_tm_user_regs_unsafe()
perf script: Fix allocation of evsel->priv related to per-event dump files
platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles
perf dwarf-aux: Fix off-by-one in die_get_varname()
platform/x86/dell/dell-rbtn: Fix resources leaking on error path
perf tool x86: Consolidate is_amd check into single function
perf tool x86: Fix perf_env memory leak
powerpc/64s: Fix VAS mm use after free
pinctrl: microchip-sgpio: check return value of devm_kasprintf()
pinctrl: at91-pio4: check return value of devm_kasprintf()
powerpc/powernv/sriov: perform null check on iov before dereferencing iov
powerpc: simplify ppc_save_regs
powerpc: update ppc_save_regs to save current r1 in pt_regs
PCI: qcom: Remove PCIE20_ prefix from register definitions
PCI: qcom: Sort and group registers and bitfield definitions
PCI: qcom: Use lower case for hex
PCI: qcom: Use DWC helpers for modifying the read-only DBI registers
PCI: qcom: Disable write access to read only registers for IP v2.9.0
riscv: uprobes: Restore thread.bad_cause
powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary
PCI: endpoint: Fix Kconfig indent style
PCI: endpoint: Fix a Kconfig prompt of vNTB driver
PCI: endpoint: functions/pci-epf-test: Fix dma_chan direction
PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain()
vfio/mdev: Move the compat_class initialization to module init
hwrng: virtio - Fix race on data_avail and actual data
modpost: remove broken calculation of exception_table_entry size
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
crypto: marvell/cesa - Fix type mismatch warning
crypto: jitter - correct health test during initialization
modpost: fix off by one in is_executable_section()
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
crypto: kpp - Add helper to set reqsize
crypto: qat - Use helper to set reqsize
crypto: qat - unmap buffer before free for DH
crypto: qat - unmap buffers before free for RSA
NFSv4.2: fix wrong shrinker_id
NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION
SMB3: Do not send lease break acknowledgment if all file handles have been closed
dax: Fix dax_mapping_release() use after free
dax: Introduce alloc_dev_dax_id()
dax/kmem: Pass valid argument to memory_group_register_static
hwrng: st - keep clock enabled while hwrng is registered
kbuild: Disable GCOV for *.mod.o
efi/libstub: Disable PCI DMA before grabbing the EFI memory map
cifs: prevent use-after-free by freeing the cfile later
cifs: do all necessary checks for credits within or before locking
smb: client: fix broken file attrs with nodfs mounts
ksmbd: avoid field overflow warning
arm64: sme: Use STR P to clear FFR context field in streaming SVE mode
x86/efi: Make efi_set_virtual_address_map IBT safe
md/raid1-10: fix casting from randomized structure in raid1_submit_write()
USB: serial: option: add LARA-R6 01B PIDs
usb: dwc3: gadget: Propagate core init errors to UDC during pullup
phy: tegra: xusb: Clear the driver reference in usb-phy dev
iio: adc: ad7192: Fix null ad7192_state pointer access
iio: adc: ad7192: Fix internal/external clock selection
iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF
iio: accel: fxls8962af: fixup buffer scan element type
Revert "drm/amd/display: edp do not add non-edid timings"
mm/mmap: Fix VM_LOCKED check in do_vmi_align_munmap()
ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook
ALSA: hda/realtek: Add quirk for Clevo NPx0SNx
ALSA: jack: Fix mutex call in snd_jack_report()
ALSA: pcm: Fix potential data race at PCM memory allocation helpers
block: fix signed int overflow in Amiga partition support
block: add overflow checks for Amiga partition support
block: change all __u32 annotations to __be32 in affs_hardblocks.h
block: increment diskseq on all media change events
btrfs: fix race when deleting free space root from the dirty cow roots list
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
w1: w1_therm: fix locking behavior in convert_t
w1: fix loop in w1_fini()
dt-bindings: power: reset: qcom-pon: Only allow reboot-mode pre-pmk8350
f2fs: do not allow to defragment files have FI_COMPRESS_RELEASED
sh: j2: Use ioremap() to translate device tree address into kernel memory
usb: dwc2: platform: Improve error reporting for problems during .remove()
usb: dwc2: Fix some error handling paths
serial: 8250: omap: Fix freeing of resources on failed register
clk: qcom: mmcc-msm8974: remove oxili_ocmemgx_clk
clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs
clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
clk: qcom: gcc-qcm2290: Mark RCGs shared where applicable
media: usb: Check az6007_read() return value
media: amphion: drop repeated codec data for vc1l format
media: amphion: drop repeated codec data for vc1g format
media: amphion: initiate a drain of the capture queue in dynamic resolution change
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
media: i2c: Correct format propagation for st-mipid02
media: hi846: fix usage of pm_runtime_get_if_in_use()
media: mediatek: vcodec: using decoder status instead of core work count
clk: qcom: reset: support resetting multiple bits
clk: qcom: ipq6018: fix networking resets
clk: qcom: dispcc-qcm2290: Fix BI_TCXO_AO handling
clk: qcom: dispcc-qcm2290: Fix GPLL0_OUT_DIV handling
clk: qcom: mmcc-msm8974: use clk_rcg2_shared_ops for mdp_clk_src clock
staging: vchiq_arm: mark vchiq_platform_init() static
usb: dwc3: qcom: Fix potential memory leak
usb: gadget: u_serial: Add null pointer check in gserial_suspend
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
usb: hide unused usbfs_notify_suspend/resume functions
usb: misc: eud: Fix eud sysfs path (use 'qcom_eud')
serial: core: lock port for stop_rx() in uart_suspend_port()
serial: 8250: lock port for stop_rx() in omap8250_irq()
serial: core: lock port for start_rx() in uart_resume_port()
serial: 8250: lock port for UART_IER access in omap8250_irq()
kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR
lkdtm: replace ll_rw_block with submit_bh
i3c: master: svc: fix cpu schedule in spin lock
coresight: Fix loss of connection info when a module is unloaded
mfd: rt5033: Drop rt5033-battery sub-device
media: venus: helpers: Fix ALIGN() of non power of two
media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var()
sh: Avoid using IRQ0 on SH3 and SH4
gfs2: Fix duplicate should_fault_in_pages() call
f2fs: fix potential deadlock due to unpaired node_write lock use
f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove()
usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
usb: common: usb-conn-gpio: Set last role to unknown before initial detection
usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe()
mfd: wcd934x: Fix an error handling path in wcd934x_slim_probe()
mfd: intel-lpss: Add missing check for platform_get_resource
Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection"
serial: 8250_omap: Use force_suspend and resume for system suspend
device property: Fix documentation for fwnode_get_next_parent()
device property: Clarify description of returned value in some functions
drivers: fwnode: fix fwnode_irq_get[_byname]()
nvmem: sunplus-ocotp: release otp->clk before return
nvmem: rmem: Use NVMEM_DEVID_AUTO
bus: fsl-mc: don't assume child devices are all fsl-mc devices
mfd: stmfx: Fix error path in stmfx_chip_init
mfd: stmfx: Nullify stmfx->vdd in case of error
KVM: s390: vsie: fix the length of APCB bitmap
KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler
cpufreq: mediatek: correct voltages for MT7622 and MT7623
misc: fastrpc: check return value of devm_kasprintf()
clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags
hwtracing: hisi_ptt: Fix potential sleep in atomic context
mfd: stmpe: Only disable the regulators if they are enabled
phy: tegra: xusb: check return value of devm_kzalloc()
lib/bitmap: drop optimization of bitmap_{from,to}_arr64
pwm: imx-tpm: force 'real_period' to be zero in suspend
pwm: sysfs: Do not apply state to already disabled PWMs
pwm: ab8500: Fix error code in probe()
pwm: mtk_disp: Fix the disable flow of disp_pwm
md/raid10: fix the condition to call bio_end_io_acct()
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times
drm/i915/guc/slpc: Apply min softlimit correctly
f2fs: check return value of freeze_super()
media: cec: i2c: ch7322: also select REGMAP
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
net/sched: act_ipt: add sanity checks on table name and hook locations
net: add a couple of helpers for iph tot_len
net/sched: act_ipt: add sanity checks on skb before calling target
spi: spi-geni-qcom: enable SPI_CONTROLLER_MUST_TX for GPI DMA mode
net: mscc: ocelot: don't report that RX timestamping is enabled by default
net: mscc: ocelot: don't keep PTP configuration of all ports in single structure
net: dsa: felix: don't drop PTP frames with tag_8021q when RX timestamping is disabled
net: dsa: sja1105: always enable the INCL_SRCPT option
net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
Bluetooth: fix invalid-bdaddr quirk for non-persistent setup
Bluetooth: ISO: use hci_sync for setting CIG parameters
Bluetooth: MGMT: add CIS feature bits to controller information
Bluetooth: MGMT: Use BIT macro when defining bitfields
Bluetooth: MGMT: Fix marking SCAN_RSP as not connectable
ibmvnic: Do not reset dql stats on NON_FATAL err
net: dsa: vsc73xx: fix MTU configuration
mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
drm/amdgpu: fix number of fence calculations
drm/amd: Don't try to enable secure display TA multiple times
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
f2fs: fix error path handling in truncate_dnode()
octeontx2-af: Fix mapping for NIX block from CGX connection
octeontx2-af: Add validation before accessing cgx and lmac
ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
net: dsa: tag_sja1105: fix source port decoding in vlan_filtering=0 bridge mode
net: fix net_dev_start_xmit trace event vs skb_transport_offset()
tcp: annotate data races in __tcp_oow_rate_limited()
bpf, btf: Warn but return no error for NULL btf from __register_btf_kfunc_id_set()
xsk: Honor SO_BINDTODEVICE on bind
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
fanotify: disallow mount/sb marks on kernel internal pseudo fs
riscv: move memblock_allow_resize() after linear mapping is ready
pptp: Fix fib lookup calls.
net: dsa: tag_sja1105: fix MAC DA patching from meta frames
net: dsa: sja1105: always enable the send_meta options
octeontx-af: fix hardware timestamp configuration
afs: Fix accidental truncation when storing data
s390/qeth: Fix vipa deletion
sh: dma: Fix DMA channel offset calculation
apparmor: fix missing error check for rhashtable_insert_fast
i2c: xiic: Don't try to handle more interrupt events after error
dm: fix undue/missing spaces
dm: avoid split of quoted strings where possible
dm ioctl: have constant on the right side of the test
dm ioctl: Avoid double-fetch of version
extcon: usbc-tusb320: Convert to i2c's .probe_new()
extcon: usbc-tusb320: Unregister typec port on driver removal
btrfs: do not BUG_ON() on tree mod log failure at balance_level()
i2c: qup: Add missing unwind goto in qup_i2c_probe()
irqchip/loongson-pch-pic: Fix potential incorrect hwirq assignment
NFSD: add encoding of op_recall flag for write delegation
irqchip/loongson-pch-pic: Fix initialization of HT vector register
io_uring: wait interruptibly for request completions on exit
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS
mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used.
wifi: cfg80211: fix regulatory disconnect for non-MLO
wifi: ath10k: Serialize wake_tx_queue ops
wifi: mt76: mt7921e: fix init command fail with enabled device
bcache: fixup btree_cache_wait list damage
bcache: Remove unnecessary NULL point check in node allocations
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
watch_queue: prevent dangling pipe pointer
um: Use HOST_DIR for mrproper
integrity: Fix possible multiple allocation in integrity_inode_get()
autofs: use flexible array in ioctl structure
mm/damon/ops-common: atomically test and clear young on ptes and pmds
shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
fs: avoid empty option when generating legacy mount string
ext4: Remove ext4 locking of moved directory
Revert "f2fs: fix potential corruption when moving a directory"
fs: Establish locking order for unrelated directories
fs: Lock moved directories
i2c: nvidia-gpu: Add ACPI property to align with device-tree
i2c: nvidia-gpu: Remove ccgx,firmware-build property
usb: typec: ucsi: Mark dGPUs as DEVICE scope
ipvs: increase ip_vs_conn_tab_bits range for 64BIT
btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile
btrfs: delete unused BGs while reclaiming BGs
btrfs: bail out reclaim process if filesystem is read-only
btrfs: add block-group tree to lockdep classes
btrfs: reinsert BGs failed to reclaim
btrfs: fix race when deleting quota root from the dirty cow roots list
btrfs: fix extent buffer leak after tree mod log failure at split_node()
btrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block()
ASoC: mediatek: mt8173: Fix irq error path
ASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path
regulator: tps65219: Fix matching interrupts for their regulators
ARM: dts: qcom: ipq4019: fix broken NAND controller properties override
ARM: orion5x: fix d2net gpio initialization
leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename
blktrace: use inline function for blk_trace_remove() while blktrace is disabled
fs: no need to check source
xfs: explicitly specify cpu when forcing inodegc delayed work to run immediately
xfs: check that per-cpu inodegc workers actually run on that cpu
xfs: disable reaping in fscounters scrub
xfs: fix xfs_inodegc_stop racing with mod_delayed_work
mm/mmap: Fix extra maple tree write
drm/i915: Fix TypeC mode initialization during system resume
drm/i915/tc: Fix TC port link ref init for DP MST during HW readout
drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks
mtd: parsers: refer to ARCH_BCMBCA instead of ARCH_BCM4908
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: do not ignore genmask when looking up chain by id
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
wireguard: queueing: use saner cpu selection wrapping
wireguard: netlink: send staged packets when setting initial private key
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
block/partition: fix signedness issue for Amiga partitions
sh: mach-r2d: Handle virq offset in cascaded IRL demux
sh: mach-highlander: Handle virq offset in cascaded IRL demux
sh: mach-dreamcast: Handle virq offset in cascaded IRQ demux
sh: hd64461: Handle virq offset for offchip IRQ base and HD64461 IRQ
io_uring: Use io_schedule* in cqring wait
Linux 6.1.39
Change-Id: I5867c943c99c157fa599ecd08da961c632e58302
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Andrew Yang
|
8722a68dd2 |
BACKPORT: zsmalloc: fix races between modifications of fullness and isolated
We encountered many kernel exceptions of VM_BUG_ON(zspage->isolated ==
0) in dec_zspage_isolation() and BUG_ON(!pages[1]) in zs_unmap_object()
lately. This issue only occurs when migration and reclamation occur at
the same time.
With our memory stress test, we can reproduce this issue several times
a day. We have no idea why no one else encountered this issue. BTW,
we switched to the new kernel version with this defect a few months
ago.
Since fullness and isolated share the same unsigned int, modifications of
them should be protected by the same lock.
[andrew.yang@mediatek.com: move comment]
Link: https://lkml.kernel.org/r/20230727062910.6337-1-andrew.yang@mediatek.com
Link: https://lkml.kernel.org/r/20230721063705.11455-1-andrew.yang@mediatek.com
Fixes:
|
||
Nhat Pham
|
39bfcdd035 |
UPSTREAM: zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks
Currently, zsmalloc has a hierarchy of locks, which includes a pool-level migrate_lock, and a lock for each size class. We have to obtain both locks in the hotpath in most cases anyway, except for zs_malloc. This exception will no longer exist when we introduce a LRU into the zs_pool for the new writeback functionality - we will need to obtain a pool-level lock to synchronize LRU handling even in zs_malloc. In preparation for zsmalloc writeback, consolidate these locks into a single pool-level lock, which drastically reduces the complexity of synchronization in zsmalloc. We have also benchmarked the lock consolidation to see the performance effect of this change on zram. First, we ran a synthetic FS workload on a server machine with 36 cores (same machine for all runs), using fs_mark -d ../zram1mnt -s 100000 -n 2500 -t 32 -k before and after for btrfs and ext4 on zram (FS usage is 80%). Here is the result (unit is file/second): With lock consolidation (btrfs): Average: 13520.2, Median: 13531.0, Stddev: 137.5961482019028 Without lock consolidation (btrfs): Average: 13487.2, Median: 13575.0, Stddev: 309.08283679298665 With lock consolidation (ext4): Average: 16824.4, Median: 16839.0, Stddev: 89.97388510006668 Without lock consolidation (ext4) Average: 16958.0, Median: 16986.0, Stddev: 194.7370021336469 As you can see, we observe a 0.3% regression for btrfs, and a 0.9% regression for ext4. This is a small, barely measurable difference in my opinion. For a more realistic scenario, we also tries building the kernel on zram. Here is the time it takes (in seconds): With lock consolidation (btrfs): real Average: 319.6, Median: 320.0, Stddev: 0.8944271909999159 user Average: 6894.2, Median: 6895.0, Stddev: 25.528415540334656 sys Average: 521.4, Median: 522.0, Stddev: 1.51657508881031 Without lock consolidation (btrfs): real Average: 319.8, Median: 320.0, Stddev: 0.8366600265340756 user Average: 6896.6, Median: 6899.0, Stddev: 16.04057355583023 sys Average: 520.6, Median: 521.0, Stddev: 1.140175425099138 With lock consolidation (ext4): real Average: 320.0, Median: 319.0, Stddev: 1.4142135623730951 user Average: 6896.8, Median: 6878.0, Stddev: 28.621670111997307 sys Average: 521.2, Median: 521.0, Stddev: 1.7888543819998317 Without lock consolidation (ext4) real Average: 319.6, Median: 319.0, Stddev: 0.8944271909999159 user Average: 6886.2, Median: 6887.0, Stddev: 16.93221781102523 sys Average: 520.4, Median: 520.0, Stddev: 1.140175425099138 The difference is entirely within the noise of a typical run on zram. This hardly justifies the complexity of maintaining both the pool lock and the class lock. In fact, for writeback, we would need to introduce yet another lock to prevent data races on the pool's LRU, further complicating the lock handling logic. IMHO, it is just better to collapse all of these into a single pool-level lock. Link: https://lkml.kernel.org/r/20221128191616.1261026-4-nphamcs@gmail.com Change-Id: Ib0eb09d7a69190fc4ffea8f819423c7f66d83379 Signed-off-by: Nhat Pham <nphamcs@gmail.com> Suggested-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Minchan Kim <minchan@kernel.org> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Nitin Gupta <ngupta@vflare.org> Cc: Seth Jennings <sjenning@redhat.com> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c0547d0b6a4b637db05406b90ba82e1b2e71de56) Bug: 297093100 Bug: 298150234 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
Tangquan Zheng
|
8e6550add2 |
ANDROID: vendor_hooks: Add tune swappiness hook in get_scan_count()
Add hook in get_scan_count() for customized swappiness. Partial cherry-pick of aosp/2119426. Bug: 297985476 Change-Id: I9d4074cf1a4097ff2a96be04646a01624cbd8dc3 Signed-off-by: Tangquan Zheng <zhengtangquan@oppo.com> |
||
Yin Fengwei
|
bd20e20c4d |
madvise:madvise_free_pte_range(): don't use mapcount() against large folio for sharing check
commit 0e0e9bd5f7b9d40fd03b70092367247d52da1db0 upstream. Commit |
||
Miaohe Lin
|
bdc544a87d |
mm: memory-failure: fix unexpected return value in soft_offline_page()
commit e2c1ab070fdc81010ec44634838d24fce9ff9e53 upstream.
When page_handle_poison() fails to handle the hugepage or free page in
retry path, soft_offline_page() will return 0 while -EBUSY is expected in
this case.
Consequently the user will think soft_offline_page succeeds while it in
fact failed. So the user will not try again later in this case.
Link: https://lkml.kernel.org/r/20230627112808.1275241-1-linmiaohe@huawei.com
Fixes:
|
||
Alexandre Ghiti
|
07fad410aa |
mm: add a call to flush_cache_vmap() in vmap_pfn()
commit a50420c79731fc5cf27ad43719c1091e842a2606 upstream. flush_cache_vmap() must be called after new vmalloc mappings are installed in the page table in order to allow architectures to make sure the new mapping is visible. It could lead to a panic since on some architectures (like powerpc), the page table walker could see the wrong pte value and trigger a spurious page fault that can not be resolved (see commit |
||
Hugh Dickins
|
d13f3a63d2 |
shmem: fix smaps BUG sleeping while atomic
commit e5548f85b4527c4c803b7eae7887c10bf8f90c97 upstream.
smaps_pte_hole_lookup() is calling shmem_partial_swap_usage() with page
table lock held: but shmem_partial_swap_usage() does cond_resched_rcu() if
need_resched(): "BUG: sleeping function called from invalid context".
Since shmem_partial_swap_usage() is designed to count across a range, but
smaps_pte_hole_lookup() only calls it for a single page slot, just break
out of the loop on the last or only page, before checking need_resched().
Link: https://lkml.kernel.org/r/6fe3b3ec-abdf-332f-5c23-6a3b3a3b11a9@google.com
Fixes:
|
||
|
jianzhou
|
e1fcc974b1 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (af4467f) into
qcom-6.1 * refs/heads/tmp-af4467f: ANDROID: ABI: Update STG ABI to format version 2 ANDROID: GKI: Update pixel symbol list for thermal ANDROID: thermal: Add vendor thermal genl check ANDROID: ABI: Update symbol for Exynos SoC ANDROID: GKI: Update mtk ABI symbol list ANDROID: ABI: Update symbol list for imx FROMGIT: Multi-gen LRU: Fix per-zone reclaim ANDROID: GKI: Update abi_gki_aarch64_qcom ANDROID: ABI: Update STG ABI to format version 2 BACKPORT: FROMGIT: irqchip/gic-v3: Workaround for GIC-700 erratum 2941627 ANDROID: ABI: update symbol list for Xclipse GPU ANDROID: drm/ttm: export ttm_tt_unpopulate() ANDROID: fuse-bpf: Add partial flock support ANDROID: Incremental fs: Allocate data buffer based on input request size UPSTREAM: gfs2: Don't deref jdesc in evict ANDROID: KVM: arm64: Fix MMU context save/restore over TLB invalidation ANDROID: Update symbol list for VIVO ANDROID: add initial symbol list file for ExynosAuto SoCs ANDROID: sched: Export sched_domains_mutex for lockdep ANDROID: Update symbol for Exynos SoC ANDROID: ABI: Update symbol for Exynos SoC ANDROID: Update symbol list for mtk UPSTREAM: dma-remap: use kvmalloc_array/kvfree for larger dma memory remap ANDROID: vendor_hooks: Supplement the missing hook call point. ANDROID: GKI: Add WWAN as GKI protected module ANDROID: GKI: regmap: Add regmap vendor hook for of_syscon_register UPSTREAM: kasan: suppress recursive reports for HW_TAGS UPSTREAM: kasan, arm64: add arch_suppress_tag_checks_start/stop UPSTREAM: arm64: mte: rename TCO routines BACKPORT: kasan, arm64: rename tagging-related routines UPSTREAM: kasan: drop empty tagging-related defines ANDROID: usb: xhci-plat: Fix double-free in xhci_plat_remove ANDROID: ABI: update symbol list for galaxy ANDROID: GKI: update the ABI symbol list ANDROID: ABI: Update symbol for Exynos SoC ANDROID: GKI: ABI: update whitelist for the kmsg_dump and native_hang symbols used by unisoc for kernel6.1 ANDROID: ABI: Update symbols to unisoc whitelist for ims_bridge module ANDROID: abi_gki_aarch64_qcom: Add drm_plane_from_index and drm_gem_prime_export ANDROID: abi_gki_aarch64_qcom: Update symbol list UPSTREAM: fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds UPSTREAM: fsverity: explicitly check for buffer overflow in build_merkle_tree() ANDROID: update unisoc symbol list ANDROID: update symbol for unisoc whitelist UPSTREAM: f2fs: fix deadlock in i_xattr_sem and inode page lock ANDROID: GKI: update xiaomi symbol list Revert "FROMLIST: f2fs: remove i_xattr_sem to avoid deadlock and fix the original issue" ANDROID: ABI: Update pixel symbol list ANDROID: Set arch attribute for allmodconfig builds UPSTREAM: usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition ANDROID: ABI: Add to QCOM symbols list UPSTREAM: arm64: mm: pass original fault address to handle_mm_fault() in PER_VMA_LOCK block UPSTREAM: media: rkvdec: fix use after free bug in rkvdec_remove ANDROID: GKI: Update symbol list for MediatTek UPSTREAM: scsi: ufs: core: Remove dedicated hwq for dev command BACKPORT: scsi: ufs: mcq: Fix the incorrect OCS value for the device command FROMLIST: scsi: ufs: ufs-mediatek: Add MCQ support for MTK platform FROMLIST: scsi: ufs: core: Export symbols for MTK driver module UPSTREAM: blk-mq: check on cpu id when there is only one ctx mapping UPSTREAM: relayfs: fix out-of-bounds access in relay_file_read UPSTREAM: net/sched: flower: fix possible OOB write in fl_set_geneve_opt() UPSTREAM: x86/mm: Avoid using set_pgd() outside of real PGD pages UPSTREAM: iommu/amd: Add missing domain type checks UPSTREAM: tty: serial: qcom_geni: avoid duplicate struct member init UPSTREAM: scsi: ufs: core: bsg: Fix cast to restricted __be16 warning UPSTREAM: netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE ANDROID: fix build error when use cpu_cgroup_online vh ANDROID: ABI: add android_debug_symbol to whitelist ANDROID: defconfig: Enable debug_symbol driver ANDROID: android: Create debug_symbols driver ANDROID: ABI: update symbol list for exynos ANDROID: KVM: arm64: Remove 'struct kvm_vcpu' from the KMI UPSTREAM: KVM: arm64: Restore GICv2-on-GICv3 functionality UPSTREAM: KVM: arm64: vgic: Wrap vgic_its_create() with config_lock UPSTREAM: KVM: arm64: vgic: Fix a circular locking issue UPSTREAM: KVM: arm64: vgic: Don't acquire its_lock before config_lock BACKPORT: KVM: arm64: Avoid lock inversion when setting the VM register width UPSTREAM: KVM: arm64: Avoid vcpu->mutex v. kvm->lock inversion in CPU_ON BACKPORT: KVM: arm64: Use config_lock to protect data ordered against KVM_RUN UPSTREAM: KVM: arm64: Use config_lock to protect vgic state BACKPORT: KVM: arm64: Add helper vgic_write_guest_lock() ANDROID: sound: usb: Fix wrong behavior of vendor hooking ANDROID: GKI: USB: XHCI: add Android ABI padding to struct xhci_vendor_ops Revert "ANDROID: android: Create debug_symbols driver" ANDROID: android: Create debug_symbols driver UPSTREAM: ipvlan:Fix out-of-bounds caused by unclear skb->cb ANDROID: update symbol list for unisoc vendor hook ANDROID: thermal: Add hook to enable/disable thermal power throttle ANDROID: ABI: Update symbol for Exynos SoC BACKPORT: FROMGIT: usb: gadget: udc: Handle gadget_connect failure during bind operation FROMGIT: usb: dwc3: gadget: Bail out in pullup if soft reset timeout happens ANDROID: GKI: Update symbol list for xiaomi ANDROID: vendor_hooks: vendor hook for MM ANDROID: add a symbol to unisoc symbol list ANDROID: GKI: update symbol list file for xiaomi UPSTREAM: net/sched: cls_u32: Fix reference counter leak leading to overflow ANDROID: db845c: Fix build when using --kgdb FROMGIT: usb: host: xhci-plat: Set XHCI_STATE_REMOVING before resuming XHCI HC FROMGIT: usb: host: xhci: Do not re-initialize the XHCI HC if being removed FROMLIST: kheaders: dereferences the source tree FROMLIST: f2fs: remove i_xattr_sem to avoid deadlock and fix the original issue ANDROID: db845c: Local define for db845c targets ANDROID: GKI: Update symbols to symbol list ANDROID: Export memcg functions to allow module to add new files ANDROID: rockpi4: Fix build when using --kgdb ANDROID: GKI: update symbol list file for xiaomi ANDROID: kleaf: android/gki_system_dlkm_modules is generated. ANDROID: ABI: Update pixel symbol list ANDROID: fuse-bpf: Move FUSE_RELEASE to correct place ANDROID: fuse-bpf: Ensure bpf field can never be nulled ANDROID: GKI: Increase CMA areas to 32 ANDROID: Delete MODULES_LIST from build configs. ANDROID: ABI: Update symbols to unisoc whitelist ANDROID: HID: Only utilise UHID provided exports if UHID is enabled Conflicts: BUILD.bazel Change-Id: Ibeee32bbc28dd5ad943cfb512ae73094cce2027c Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@10659679 UKQ2.230815.001 Signed-off-by: jianzhou <quic_jianzhou@quicinc.com> |
||
Pratyush Brahma
|
f08623648a |
ANDROID: mm: Export page_owner_inited and __set_page_owner
Export page_owner_inited and __set_page_owner symbol for loadable vendor modules. Bug: 296348400 Change-Id: I220ec1b94326ca3c6cc809d54646c51194645197 Signed-off-by: Pratyush Brahma <quic_pbrahma@quicinc.com> |
||
|
Andrew Yang
|
725fdf9ba3 |
BACKPORT: zsmalloc: fix races between modifications of fullness and isolated
We encountered many kernel exceptions of VM_BUG_ON(zspage->isolated ==
0) in dec_zspage_isolation() and BUG_ON(!pages[1]) in zs_unmap_object()
lately. This issue only occurs when migration and reclamation occur at
the same time.
With our memory stress test, we can reproduce this issue several times
a day. We have no idea why no one else encountered this issue. BTW,
we switched to the new kernel version with this defect a few months
ago.
Since fullness and isolated share the same unsigned int, modifications of
them should be protected by the same lock.
[andrew.yang@mediatek.com: move comment]
Link: https://lkml.kernel.org/r/20230727062910.6337-1-andrew.yang@mediatek.com
Link: https://lkml.kernel.org/r/20230721063705.11455-1-andrew.yang@mediatek.com
Fixes:
|
||
|
Nhat Pham
|
b7b64b06a9 |
UPSTREAM: zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks
Currently, zsmalloc has a hierarchy of locks, which includes a pool-level migrate_lock, and a lock for each size class. We have to obtain both locks in the hotpath in most cases anyway, except for zs_malloc. This exception will no longer exist when we introduce a LRU into the zs_pool for the new writeback functionality - we will need to obtain a pool-level lock to synchronize LRU handling even in zs_malloc. In preparation for zsmalloc writeback, consolidate these locks into a single pool-level lock, which drastically reduces the complexity of synchronization in zsmalloc. We have also benchmarked the lock consolidation to see the performance effect of this change on zram. First, we ran a synthetic FS workload on a server machine with 36 cores (same machine for all runs), using fs_mark -d ../zram1mnt -s 100000 -n 2500 -t 32 -k before and after for btrfs and ext4 on zram (FS usage is 80%). Here is the result (unit is file/second): With lock consolidation (btrfs): Average: 13520.2, Median: 13531.0, Stddev: 137.5961482019028 Without lock consolidation (btrfs): Average: 13487.2, Median: 13575.0, Stddev: 309.08283679298665 With lock consolidation (ext4): Average: 16824.4, Median: 16839.0, Stddev: 89.97388510006668 Without lock consolidation (ext4) Average: 16958.0, Median: 16986.0, Stddev: 194.7370021336469 As you can see, we observe a 0.3% regression for btrfs, and a 0.9% regression for ext4. This is a small, barely measurable difference in my opinion. For a more realistic scenario, we also tries building the kernel on zram. Here is the time it takes (in seconds): With lock consolidation (btrfs): real Average: 319.6, Median: 320.0, Stddev: 0.8944271909999159 user Average: 6894.2, Median: 6895.0, Stddev: 25.528415540334656 sys Average: 521.4, Median: 522.0, Stddev: 1.51657508881031 Without lock consolidation (btrfs): real Average: 319.8, Median: 320.0, Stddev: 0.8366600265340756 user Average: 6896.6, Median: 6899.0, Stddev: 16.04057355583023 sys Average: 520.6, Median: 521.0, Stddev: 1.140175425099138 With lock consolidation (ext4): real Average: 320.0, Median: 319.0, Stddev: 1.4142135623730951 user Average: 6896.8, Median: 6878.0, Stddev: 28.621670111997307 sys Average: 521.2, Median: 521.0, Stddev: 1.7888543819998317 Without lock consolidation (ext4) real Average: 319.6, Median: 319.0, Stddev: 0.8944271909999159 user Average: 6886.2, Median: 6887.0, Stddev: 16.93221781102523 sys Average: 520.4, Median: 520.0, Stddev: 1.140175425099138 The difference is entirely within the noise of a typical run on zram. This hardly justifies the complexity of maintaining both the pool lock and the class lock. In fact, for writeback, we would need to introduce yet another lock to prevent data races on the pool's LRU, further complicating the lock handling logic. IMHO, it is just better to collapse all of these into a single pool-level lock. Link: https://lkml.kernel.org/r/20221128191616.1261026-4-nphamcs@gmail.com Change-Id: Ib0eb09d7a69190fc4ffea8f819423c7f66d83379 Signed-off-by: Nhat Pham <nphamcs@gmail.com> Suggested-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Minchan Kim <minchan@kernel.org> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Nitin Gupta <ngupta@vflare.org> Cc: Seth Jennings <sjenning@redhat.com> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c0547d0b6a4b637db05406b90ba82e1b2e71de56) Bug: 297093100 Bug: 297936826 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
Andrew Yang
|
cb440cecb2 |
BACKPORT: zsmalloc: fix races between modifications of fullness and isolated
We encountered many kernel exceptions of VM_BUG_ON(zspage->isolated ==
0) in dec_zspage_isolation() and BUG_ON(!pages[1]) in zs_unmap_object()
lately. This issue only occurs when migration and reclamation occur at
the same time.
With our memory stress test, we can reproduce this issue several times
a day. We have no idea why no one else encountered this issue. BTW,
we switched to the new kernel version with this defect a few months
ago.
Since fullness and isolated share the same unsigned int, modifications of
them should be protected by the same lock.
[andrew.yang@mediatek.com: move comment]
Link: https://lkml.kernel.org/r/20230727062910.6337-1-andrew.yang@mediatek.com
Link: https://lkml.kernel.org/r/20230721063705.11455-1-andrew.yang@mediatek.com
Fixes:
|
||
|
Nhat Pham
|
5ef132d564 |
UPSTREAM: zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks
Currently, zsmalloc has a hierarchy of locks, which includes a pool-level migrate_lock, and a lock for each size class. We have to obtain both locks in the hotpath in most cases anyway, except for zs_malloc. This exception will no longer exist when we introduce a LRU into the zs_pool for the new writeback functionality - we will need to obtain a pool-level lock to synchronize LRU handling even in zs_malloc. In preparation for zsmalloc writeback, consolidate these locks into a single pool-level lock, which drastically reduces the complexity of synchronization in zsmalloc. We have also benchmarked the lock consolidation to see the performance effect of this change on zram. First, we ran a synthetic FS workload on a server machine with 36 cores (same machine for all runs), using fs_mark -d ../zram1mnt -s 100000 -n 2500 -t 32 -k before and after for btrfs and ext4 on zram (FS usage is 80%). Here is the result (unit is file/second): With lock consolidation (btrfs): Average: 13520.2, Median: 13531.0, Stddev: 137.5961482019028 Without lock consolidation (btrfs): Average: 13487.2, Median: 13575.0, Stddev: 309.08283679298665 With lock consolidation (ext4): Average: 16824.4, Median: 16839.0, Stddev: 89.97388510006668 Without lock consolidation (ext4) Average: 16958.0, Median: 16986.0, Stddev: 194.7370021336469 As you can see, we observe a 0.3% regression for btrfs, and a 0.9% regression for ext4. This is a small, barely measurable difference in my opinion. For a more realistic scenario, we also tries building the kernel on zram. Here is the time it takes (in seconds): With lock consolidation (btrfs): real Average: 319.6, Median: 320.0, Stddev: 0.8944271909999159 user Average: 6894.2, Median: 6895.0, Stddev: 25.528415540334656 sys Average: 521.4, Median: 522.0, Stddev: 1.51657508881031 Without lock consolidation (btrfs): real Average: 319.8, Median: 320.0, Stddev: 0.8366600265340756 user Average: 6896.6, Median: 6899.0, Stddev: 16.04057355583023 sys Average: 520.6, Median: 521.0, Stddev: 1.140175425099138 With lock consolidation (ext4): real Average: 320.0, Median: 319.0, Stddev: 1.4142135623730951 user Average: 6896.8, Median: 6878.0, Stddev: 28.621670111997307 sys Average: 521.2, Median: 521.0, Stddev: 1.7888543819998317 Without lock consolidation (ext4) real Average: 319.6, Median: 319.0, Stddev: 0.8944271909999159 user Average: 6886.2, Median: 6887.0, Stddev: 16.93221781102523 sys Average: 520.4, Median: 520.0, Stddev: 1.140175425099138 The difference is entirely within the noise of a typical run on zram. This hardly justifies the complexity of maintaining both the pool lock and the class lock. In fact, for writeback, we would need to introduce yet another lock to prevent data races on the pool's LRU, further complicating the lock handling logic. IMHO, it is just better to collapse all of these into a single pool-level lock. Link: https://lkml.kernel.org/r/20221128191616.1261026-4-nphamcs@gmail.com Change-Id: Ib0eb09d7a69190fc4ffea8f819423c7f66d83379 Signed-off-by: Nhat Pham <nphamcs@gmail.com> Suggested-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Minchan Kim <minchan@kernel.org> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Nitin Gupta <ngupta@vflare.org> Cc: Seth Jennings <sjenning@redhat.com> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c0547d0b6a4b637db05406b90ba82e1b2e71de56) Bug: 297093100 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
Greg Kroah-Hartman
|
8b02e8901d |
Merge branch 'android14-6.1' into 'android14-6.1-lts'
Catches the android14-6.1-lts branch up with the android14-6.1 branch which has had a lot of changes that are needed here to resolve future LTS merges and to ensure that the ABI is kept stable. It contains the following commits: * |
||
Mike Kravetz
|
1b4ce2952b |
hugetlb: do not clear hugetlb dtor until allocating vmemmap
commit 32c877191e022b55fe3a374f3d7e9fb5741c514d upstream.
Patch series "Fix hugetlb free path race with memory errors".
In the discussion of Jiaqi Yan's series "Improve hugetlbfs read on
HWPOISON hugepages" the race window was discovered.
https://lore.kernel.org/linux-mm/20230616233447.GB7371@monkey/
Freeing a hugetlb page back to low level memory allocators is performed
in two steps.
1) Under hugetlb lock, remove page from hugetlb lists and clear destructor
2) Outside lock, allocate vmemmap if necessary and call low level free
Between these two steps, the hugetlb page will appear as a normal
compound page. However, vmemmap for tail pages could be missing.
If a memory error occurs at this time, we could try to update page
flags non-existant page structs.
A much more detailed description is in the first patch.
The first patch addresses the race window. However, it adds a
hugetlb_lock lock/unlock cycle to every vmemmap optimized hugetlb page
free operation. This could lead to slowdowns if one is freeing a large
number of hugetlb pages.
The second path optimizes the update_and_free_pages_bulk routine to only
take the lock once in bulk operations.
The second patch is technically not a bug fix, but includes a Fixes tag
and Cc stable to avoid a performance regression. It can be combined with
the first, but was done separately make reviewing easier.
This patch (of 2):
Freeing a hugetlb page and releasing base pages back to the underlying
allocator such as buddy or cma is performed in two steps:
- remove_hugetlb_folio() is called to remove the folio from hugetlb
lists, get a ref on the page and remove hugetlb destructor. This
all must be done under the hugetlb lock. After this call, the page
can be treated as a normal compound page or a collection of base
size pages.
- update_and_free_hugetlb_folio() is called to allocate vmemmap if
needed and the free routine of the underlying allocator is called
on the resulting page. We can not hold the hugetlb lock here.
One issue with this scheme is that a memory error could occur between
these two steps. In this case, the memory error handling code treats
the old hugetlb page as a normal compound page or collection of base
pages. It will then try to SetPageHWPoison(page) on the page with an
error. If the page with error is a tail page without vmemmap, a write
error will occur when trying to set the flag.
Address this issue by modifying remove_hugetlb_folio() and
update_and_free_hugetlb_folio() such that the hugetlb destructor is not
cleared until after allocating vmemmap. Since clearing the destructor
requires holding the hugetlb lock, the clearing is done in
remove_hugetlb_folio() if the vmemmap is present. This saves a
lock/unlock cycle. Otherwise, destructor is cleared in
update_and_free_hugetlb_folio() after allocating vmemmap.
Note that this will leave hugetlb pages in a state where they are marked
free (by hugetlb specific page flag) and have a ref count. This is not
a normal state. The only code that would notice is the memory error
code, and it is set up to retry in such a case.
A subsequent patch will create a routine to do bulk processing of
vmemmap allocation. This will eliminate a lock/unlock cycle for each
hugetlb page in the case where we are freeing a large number of pages.
Link: https://lkml.kernel.org/r/20230711220942.43706-1-mike.kravetz@oracle.com
Link: https://lkml.kernel.org/r/20230711220942.43706-2-mike.kravetz@oracle.com
Fixes:
|
||
|
Sergey Senozhatsky
|
5274bf1f74 |
zsmalloc: allow only one active pool compaction context
commit d2658f2052c7db6ec0a79977205f8cf1cb9effc2 upstream.
zsmalloc pool can be compacted concurrently by many contexts,
e.g.
cc1 handle_mm_fault()
do_anonymous_page()
__alloc_pages_slowpath()
try_to_free_pages()
do_try_to_free_pages(
lru_gen_shrink_node()
shrink_slab()
do_shrink_slab()
zs_shrinker_scan()
zs_compact()
Pool compaction is currently (basically) single-threaded as
it is performed under pool->lock. Having multiple compaction
threads results in unnecessary contention, as each thread
competes for pool->lock. This, in turn, affects all zsmalloc
operations such as zs_malloc(), zs_map_object(), zs_free(), etc.
Introduce the pool->compaction_in_progress atomic variable,
which ensures that only one compaction context can run at a
time. This reduces overall pool->lock contention in (corner)
cases when many contexts attempt to shrink zspool simultaneously.
Link: https://lkml.kernel.org/r/20230418074639.1903197-1-senozhatsky@chromium.org
Fixes: c0547d0b6a4b ("zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks")
Signed-off-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reviewed-by: Yosry Ahmed <yosryahmed@google.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Andrew Yang
|
f872672edd |
zsmalloc: fix races between modifications of fullness and isolated
[ Upstream commit 4b5d1e47b69426c0f7491d97d73ad0152d02d437 ]
We encountered many kernel exceptions of VM_BUG_ON(zspage->isolated ==
0) in dec_zspage_isolation() and BUG_ON(!pages[1]) in zs_unmap_object()
lately. This issue only occurs when migration and reclamation occur at
the same time.
With our memory stress test, we can reproduce this issue several times
a day. We have no idea why no one else encountered this issue. BTW,
we switched to the new kernel version with this defect a few months
ago.
Since fullness and isolated share the same unsigned int, modifications of
them should be protected by the same lock.
[andrew.yang@mediatek.com: move comment]
Link: https://lkml.kernel.org/r/20230727062910.6337-1-andrew.yang@mediatek.com
Link: https://lkml.kernel.org/r/20230721063705.11455-1-andrew.yang@mediatek.com
Fixes:
|
||
|
Nhat Pham
|
802b34e992 |
zsmalloc: consolidate zs_pool's migrate_lock and size_class's locks
[ Upstream commit c0547d0b6a4b637db05406b90ba82e1b2e71de56 ] Currently, zsmalloc has a hierarchy of locks, which includes a pool-level migrate_lock, and a lock for each size class. We have to obtain both locks in the hotpath in most cases anyway, except for zs_malloc. This exception will no longer exist when we introduce a LRU into the zs_pool for the new writeback functionality - we will need to obtain a pool-level lock to synchronize LRU handling even in zs_malloc. In preparation for zsmalloc writeback, consolidate these locks into a single pool-level lock, which drastically reduces the complexity of synchronization in zsmalloc. We have also benchmarked the lock consolidation to see the performance effect of this change on zram. First, we ran a synthetic FS workload on a server machine with 36 cores (same machine for all runs), using fs_mark -d ../zram1mnt -s 100000 -n 2500 -t 32 -k before and after for btrfs and ext4 on zram (FS usage is 80%). Here is the result (unit is file/second): With lock consolidation (btrfs): Average: 13520.2, Median: 13531.0, Stddev: 137.5961482019028 Without lock consolidation (btrfs): Average: 13487.2, Median: 13575.0, Stddev: 309.08283679298665 With lock consolidation (ext4): Average: 16824.4, Median: 16839.0, Stddev: 89.97388510006668 Without lock consolidation (ext4) Average: 16958.0, Median: 16986.0, Stddev: 194.7370021336469 As you can see, we observe a 0.3% regression for btrfs, and a 0.9% regression for ext4. This is a small, barely measurable difference in my opinion. For a more realistic scenario, we also tries building the kernel on zram. Here is the time it takes (in seconds): With lock consolidation (btrfs): real Average: 319.6, Median: 320.0, Stddev: 0.8944271909999159 user Average: 6894.2, Median: 6895.0, Stddev: 25.528415540334656 sys Average: 521.4, Median: 522.0, Stddev: 1.51657508881031 Without lock consolidation (btrfs): real Average: 319.8, Median: 320.0, Stddev: 0.8366600265340756 user Average: 6896.6, Median: 6899.0, Stddev: 16.04057355583023 sys Average: 520.6, Median: 521.0, Stddev: 1.140175425099138 With lock consolidation (ext4): real Average: 320.0, Median: 319.0, Stddev: 1.4142135623730951 user Average: 6896.8, Median: 6878.0, Stddev: 28.621670111997307 sys Average: 521.2, Median: 521.0, Stddev: 1.7888543819998317 Without lock consolidation (ext4) real Average: 319.6, Median: 319.0, Stddev: 0.8944271909999159 user Average: 6886.2, Median: 6887.0, Stddev: 16.93221781102523 sys Average: 520.4, Median: 520.0, Stddev: 1.140175425099138 The difference is entirely within the noise of a typical run on zram. This hardly justifies the complexity of maintaining both the pool lock and the class lock. In fact, for writeback, we would need to introduce yet another lock to prevent data races on the pool's LRU, further complicating the lock handling logic. IMHO, it is just better to collapse all of these into a single pool-level lock. Link: https://lkml.kernel.org/r/20221128191616.1261026-4-nphamcs@gmail.com Signed-off-by: Nhat Pham <nphamcs@gmail.com> Suggested-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Minchan Kim <minchan@kernel.org> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Nitin Gupta <ngupta@vflare.org> Cc: Seth Jennings <sjenning@redhat.com> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: 4b5d1e47b694 ("zsmalloc: fix races between modifications of fullness and isolated") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Matthew Wilcox (Oracle)
|
3ebafb7b46 |
BACKPORT: FROMGIT: mm: handle faults that merely update the accessed bit under the VMA lock
Move FAULT_FLAG_VMA_LOCK check out of handle_pte_fault(). This should have a significant performance improvement for mmaped files. Write faults (on read-only shared pages) still take the mmap lock as we do not want to audit all the implementations of ->pfn_mkwrite() and ->page_mkwrite(). However write-faults on private mappings are handled under the VMA lock. Link: https://lkml.kernel.org/r/20230724185410.1124082-11-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 88e2667632d43928d3ed50d0163ecd73aaa2d455 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: replaced folio_put() with put_page() in wp_page_shared()] Bug: 293665307 Change-Id: I27ac40bb0f7347083f641e0cfc8ab33e182c4c5b Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
9e066d4b35 |
FROMLIST: mm: Allow fault_dirty_shared_page() to be called under the VMA lock
By making maybe_unlock_mmap_for_io() handle the VMA lock correctly, we make fault_dirty_shared_page() safe to be called without the mmap lock held. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reported-by: David Hildenbrand <david@redhat.com> Tested-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20230812002033.1002367-1-willy@infradead.org/ Bug: 293665307 Change-Id: Ifed050cc4d194c538765ab403de09199b94c7b1b Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
83ab986324 |
FROMGIT: mm: handle swap and NUMA PTE faults under the VMA lock
Move the FAULT_FLAG_VMA_LOCK check down in handle_pte_fault(). This is probably not a huge win in its own right, but is a nicely separable bit from the next patch. Link: https://lkml.kernel.org/r/20230724185410.1124082-10-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 51c4fdc72be2287960ab5c1f5beae84f3039fd01 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I6cf9cb1d40c23287ce179a8c435427c3d88d2528 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
ffcebdef16 |
FROMGIT: mm: run the fault-around code under the VMA lock
The map_pages fs method should be safe to run under the VMA lock instead of the mmap lock. This should have a measurable reduction in contention on the mmap lock. Link: https://lkml.kernel.org/r/20230724185410.1124082-9-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 7456c15600264d635293c91df1e0c0b5a1e73578 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: Iaa1b0c2deeade361b34118f41b5deb591268a269 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
072c35fb69 |
FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check down from do_fault()
Perform the check at the start of do_read_fault(), do_cow_fault() and do_shared_fault() instead. Should be no performance change from the last commit. Link: https://lkml.kernel.org/r/20230724185410.1124082-8-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 4e105ec567c874c166a8e5a9b2dd849c8ec2055e https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I37be370a0378afd094d880bb8e538e4e7874499e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
fa9a8adff0 |
FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check down in handle_pte_fault()
Call do_pte_missing() under the VMA lock ... then immediately retry in do_fault(). Link: https://lkml.kernel.org/r/20230724185410.1124082-7-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 4c753b25481499cd1cb6a8ddba18bc5585f34296 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I8c8f2feaade7c40daf37b63e43111d22ec147e5f Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
dd621869c1 |
BACKPORT: FROMGIT: mm: handle some PMD faults under the VMA lock
Push the VMA_LOCK check down from __handle_mm_fault() to handle_pte_fault(). Once again, we refuse to call ->huge_fault() with the VMA lock held, but we will wait for a PMD migration entry with the VMA lock held, handle NUMA migration and set the accessed bit. We were already doing this for anonymous VMAs, so it should be safe. Link: https://lkml.kernel.org/r/20230724185410.1124082-6-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b7b8f56db92f56ce812e305f84aef0404287b534 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: resolved merge conflicts in create_huge_pmd() and wp_huge_pmd()] Bug: 293665307 Change-Id: I3ec9042b2e39a5caf6b6f3a478bf9ba337012aa4 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
8594d6a30f |
BACKPORT: FROMGIT: mm: handle PUD faults under the VMA lock
Postpone checking the VMA_LOCK flag until we've attempted to handle faults on PUDs. There's a mild upside to this patch in that we'll allocate the page tables while under the VMA lock rather than the mmap lock, reducing the hold time on the mmap lock, since the retry will find the page tables already populated. The real purpose here is to make a commit that shows we don't call ->huge_fault under the VMA lock. We do now handle setting the accessed bit on a PUD fault under the VMA lock, but that doesn't seem likely to be a measurable difference. Link: https://lkml.kernel.org/r/20230724185410.1124082-5-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 3c04dd18ba57c6753a7ddc6e6c902550a7ac54d9 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: resolved merge conflicts in wp_huge_pud()] Bug: 293665307 Change-Id: Ife20ed7de6444c0e424e12f9fdcdc8f8ecaed2aa Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
66cbbe6b31 |
FROMGIT: mm: move FAULT_FLAG_VMA_LOCK check from handle_mm_fault()
Handle a little more of the page fault path outside the mmap sem. The hugetlb path doesn't need to check whether the VMA is anonymous; the VM_HUGETLB flag is only set on hugetlbfs VMAs. There should be no performance change from the previous commit; this is simply a step to ease bisection of any problems. Link: https://lkml.kernel.org/r/20230724185410.1124082-4-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 51db5e8974cafee10b2252efa78f89af7d60cd11 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I300c7105fa3530e8eb05862cb3f66b7adac99420 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Matthew Wilcox (Oracle)
|
e26044769f |
BACKPORT: FROMGIT: mm: allow per-VMA locks on file-backed VMAs
Remove the TCP layering violation by allowing per-VMA locks on all VMAs. The fault path will immediately fail in handle_mm_fault(). There may be a small performance reduction from this patch as a little unnecessary work will be done on each page fault. See later patches for the improvement. Link: https://lkml.kernel.org/r/20230724185410.1124082-3-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: Arjun Roy <arjunroy@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 698dcd77360a3ce15dfc6fe55f9b5572ad4c4291 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: skip tcp-related changes] Bug: 293665307 Change-Id: I73d9d1e4f96419d4723a920fc5960e806749c368 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Suren Baghdasaryan
|
250f19771f |
FROMGIT: mm: handle userfaults under VMA lock
Enable handle_userfault to operate under VMA lock by releasing VMA lock instead of mmap_lock and retrying. Note that FAULT_FLAG_RETRY_NOWAIT should never be used when handling faults under per-VMA lock protection because that would break the assumption that lock is dropped on retry. Link: https://lkml.kernel.org/r/20230630211957.1341547-7-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c3c986f59c814edecc096a049d67e5791083388b https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I9df667dae39024e5473252d7347ec7929f7f999e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
e704d0e4f9 |
FROMGIT: mm: handle swap page faults under per-VMA lock
When page fault is handled under per-VMA lock protection, all swap page faults are retried with mmap_lock because folio_lock_or_retry has to drop and reacquire mmap_lock if folio could not be immediately locked. Follow the same pattern as mmap_lock to drop per-VMA lock when waiting for folio and retrying once folio is available. With this obstacle removed, enable do_swap_page to operate under per-VMA lock protection. Drivers implementing ops->migrate_to_ram might still rely on mmap_lock, therefore we have to fall back to mmap_lock in that particular case. Note that the only time do_swap_page calls synchronous swap_readpage is when SWP_SYNCHRONOUS_IO is set, which is only set for QUEUE_FLAG_SYNCHRONOUS devices: brd, zram and nvdimms (both btt and pmem). Therefore we don't sleep in this path, and there's no need to drop the mmap or per-VMA lock. Link: https://lkml.kernel.org/r/20230630211957.1341547-6-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Tested-by: Alistair Popple <apopple@nvidia.com> Reviewed-by: Alistair Popple <apopple@nvidia.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit cc989adb5544594d8c12893eda3c6df8682de11b https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I5d80f435b2dbdc3f3d02be056e893f6fedbc7a98 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
f8a65b694b |
FROMGIT: mm: change folio_lock_or_retry to use vm_fault directly
Change folio_lock_or_retry to accept vm_fault struct and return the vm_fault_t directly. Link: https://lkml.kernel.org/r/20230630211957.1341547-5-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Suggested-by: Matthew Wilcox <willy@infradead.org> Acked-by: Peter Xu <peterx@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit af27bb856a0a29a0673aabe163e4774df67a8bcd https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 161210518 Change-Id: I9d203e801f0d5517fba8430f9ab82d4063b517f3 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
693d905ec0 |
BACKPORT: FROMGIT: mm: drop per-VMA lock when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED
handle_mm_fault returning VM_FAULT_RETRY or VM_FAULT_COMPLETED means mmap_lock has been released. However with per-VMA locks behavior is different and the caller should still release it. To make the rules consistent for the caller, drop the per-VMA lock when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED. Currently the only path returning VM_FAULT_RETRY under per-VMA locks is do_swap_page and no path returns VM_FAULT_COMPLETED for now. Link: https://lkml.kernel.org/r/20230630211957.1341547-4-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: Alistair Popple <apopple@nvidia.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Christoph Hellwig <hch@lst.de> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hillf Danton <hdanton@sina.com> Cc: "Huang, Ying" <ying.huang@intel.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Josef Bacik <josef@toxicpanda.com> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Minchan Kim <minchan@google.com> Cc: Pavel Tatashin <pasha.tatashin@soleen.com> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 5197d920745dd42eae023986dbf053107ac238db https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: add the code from missing sanitize_fault_flags directly into handle_mm_fault, add the fix for riscv] Bug: 161210518 Change-Id: Iefd4e49bda940c457a70ecf40d074ad532959759 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
939d4b1ccc |
BACKPORT: FROMGIT: mm: move vma locking out of vma_prepare and dup_anon_vma
vma_prepare() is currently the central place where vmas are being locked before vma_complete() applies changes to them. While this is convenient, it also obscures vma locking and makes it harder to follow the locking rules. Move vma locking out of vma_prepare() and take vma locks explicitly at the locations where vmas are being modified. Move vma locking and replace it with an assertion inside dup_anon_vma() to further clarify the locking pattern inside vma_merge(). Link: https://lkml.kernel.org/r/20230804152724.3090321-7-surenb@google.com Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Suggested-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b1985ca5e7e6464d205a98a78cca229224346c21 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: skip changes in vma_prepare() which does not exist, skip changes in vma_merge() since required locks are already in __vma_adjust(), skip change in dup_anon_vma() since required locks are already in place, skip unnecessary lock in do_brk_flags()] Bug: 293665307 Change-Id: I99261aa1db3bec73795e63c333768bc68da8045c Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
0f0b09c02c |
BACKPORT: FROMGIT: mm: always lock new vma before inserting into vma tree
While it's not strictly necessary to lock a newly created vma before adding it into the vma tree (as long as no further changes are performed to it), it seems like a good policy to lock it and prevent accidental changes after it becomes visible to the page faults. Lock the vma before adding it into the vma tree. Link: https://lkml.kernel.org/r/20230804152724.3090321-6-surenb@google.com Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c3249c06c48dda30f93e62b57773d5ed409d4f77 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: resolved conflicts due to changes in vma_merge() and __vma_adjust()] Bug: 293665307 Change-Id: I4ee0d2abcc8a3f45545f470f1bf7f0be728d6f44 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
a8a479ed96 |
FROMGIT: mm: lock vma explicitly before doing vm_flags_reset and vm_flags_reset_once
Implicit vma locking inside vm_flags_reset() and vm_flags_reset_once() is not obvious and makes it hard to understand where vma locking is happening. Also in some cases (like in dup_userfaultfd()) vma should be locked earlier than vma_flags modification. To make locking more visible, change these functions to assert that the vma write lock is taken and explicitly lock the vma beforehand. Fix userfaultfd functions which should lock the vma earlier. Link: https://lkml.kernel.org/r/20230804152724.3090321-5-surenb@google.com Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: Jann Horn <jannh@google.com> Cc: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit f26ee2701ab3ecd771084b44f262bd010accab72 https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I62f0f25c883588c3ba7a322b3a4929df01413591 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
ad18923856 |
FROMGIT: mm: replace mmap with vma write lock assertions when operating on a vma
Vma write lock assertion always includes mmap write lock assertion and additional vma lock checks when per-VMA locks are enabled. Replace weaker mmap_assert_write_locked() assertions with stronger vma_assert_write_locked() ones when we are operating on a vma which is expected to be locked. Link: https://lkml.kernel.org/r/20230804152724.3090321-4-surenb@google.com Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 928a31b91cf64aa99a8999dcd66bec0ad02f64ef https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) Bug: 293665307 Change-Id: I861db0510612f571f2ca44e0a9d7e01274d4eb36 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Jann Horn
|
abb0f2767e |
FROMGIT: mm: don't drop VMA locks in mm_drop_all_locks()
Despite its name, mm_drop_all_locks() does not drop _all_ locks; the mmap
lock is held write-locked by the caller, and the caller is responsible for
dropping the mmap lock at a later point (which will also release the VMA
locks).
Calling vma_end_write_all() here is dangerous because the caller might
have write-locked a VMA with the expectation that it will stay
write-locked until the mmap_lock is released, as usual.
This _almost_ becomes a problem in the following scenario:
An anonymous VMA A and an SGX VMA B are mapped adjacent to each other.
Userspace calls munmap() on a range starting at the start address of A and
ending in the middle of B.
Hypothetical call graph with additional notes in brackets:
do_vmi_align_munmap
[begin first for_each_vma_range loop]
vma_start_write [on VMA A]
vma_mark_detached [on VMA A]
__split_vma [on VMA B]
sgx_vma_open [== new->vm_ops->open]
sgx_encl_mm_add
__mmu_notifier_register [luckily THIS CAN'T ACTUALLY HAPPEN]
mm_take_all_locks
mm_drop_all_locks
vma_end_write_all [drops VMA lock taken on VMA A before]
vma_start_write [on VMA B]
vma_mark_detached [on VMA B]
[end first for_each_vma_range loop]
vma_iter_clear_gfp [removes VMAs from maple tree]
mmap_write_downgrade
unmap_region
mmap_read_unlock
In this hypothetical scenario, while do_vmi_align_munmap() thinks it still
holds a VMA write lock on VMA A, the VMA write lock has actually been
invalidated inside __split_vma().
The call from sgx_encl_mm_add() to __mmu_notifier_register() can't
actually happen here, as far as I understand, because we are duplicating
an existing SGX VMA, but sgx_encl_mm_add() only calls
__mmu_notifier_register() for the first SGX VMA created in a given
process. So this could only happen in fork(), not on munmap(). But in my
view it is just pure luck that this can't happen.
Also, we wouldn't actually have any bad consequences from this in
do_vmi_align_munmap(), because by the time the bug drops the lock on VMA
A, we've already marked VMA A as detached, which makes it completely
ineligible for any VMA-locked page faults. But again, that's just pure
luck.
So remove the vma_end_write_all(), so that VMA write locks are only ever
released on mmap_write_unlock() or mmap_write_downgrade().
Also add comments to document the locking rules established by this patch.
Link: https://lkml.kernel.org/r/20230720193436.454247-1-jannh@google.com
Fixes: eeff9a5d47f8 ("mm/mmap: prevent pagefault handler from racing with mmu_notifier registration")
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 28ed252b44fb2f1efaef1287eea267d54e79f7d5
https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable)
Bug: 293665307
Change-Id: Ic0b28229d175e3125de1ef274282fbf43b556db7
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Suren Baghdasaryan
|
3c187b4a12 |
BACKPORT: FROMGIT: mm: enable page walking API to lock vmas during the walk
walk_page_range() and friends often operate under write-locked mmap_lock. With introduction of vma locks, the vmas have to be locked as well during such walks to prevent concurrent page faults in these areas. Add an additional member to mm_walk_ops to indicate locking requirements for the walk. The change ensures that page walks which prevent concurrent page faults by write-locking mmap_lock, operate correctly after introduction of per-vma locks. With per-vma locks page faults can be handled under vma lock without taking mmap_lock at all, so write locking mmap_lock would not stop them. The change ensures vmas are properly locked during such walks. A sample issue this solves is do_mbind() performing queue_pages_range() to queue pages for migration. Without this change a concurrent page can be faulted into the area and be left out of migration. Link: https://lkml.kernel.org/r/20230804152724.3090321-2-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Suggested-by: Jann Horn <jannh@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Hugh Dickins <hughd@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam Howlett <liam.howlett@oracle.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Cc: Michel Lespinasse <michel@lespinasse.org> Cc: Peter Xu <peterx@redhat.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 2ebc368f59eedcef0de7c832fe1d62935cd3a7ff https: //git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable) [surenb: changed locking in break_ksm since it's done differently, skipped the change in the missing __ksm_del_vma(), skipped the change in the missing walk_page_range_vma(), removed unused local variables] Bug: 293665307 Change-Id: Iede9eaa950ea59a268a2e74a8d3022162f0bbd80 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Jann Horn
|
b6093c47fe |
BACKPORT: mm: lock VMA in dup_anon_vma() before setting ->anon_vma
When VMAs are merged, dup_anon_vma() is called with `dst` pointing to the VMA that is being expanded to cover the area previously occupied by another VMA. This currently happens while `dst` is not write-locked. This means that, in the `src->anon_vma && !dst->anon_vma` case, as soon as the assignment `dst->anon_vma = src->anon_vma` has happened, concurrent page faults can happen on `dst` under the per-VMA lock. This is already icky in itself, since such page faults can now install pages into `dst` that are attached to an `anon_vma` that is not yet tied back to the `anon_vma` with an `anon_vma_chain`. But if `anon_vma_clone()` fails due to an out-of-memory error, things get much worse: `anon_vma_clone()` then reverts `dst->anon_vma` back to NULL, and `dst` remains completely unconnected to the `anon_vma`, even though we can have pages in the area covered by `dst` that point to the `anon_vma`. This means the `anon_vma` of such pages can be freed while the pages are still mapped into userspace, which leads to UAF when a helper like folio_lock_anon_vma_read() tries to look up the anon_vma of such a page. This theoretically is a security bug, but I believe it is really hard to actually trigger as an unprivileged user because it requires that you can make an order-0 GFP_KERNEL allocation fail, and the page allocator tries pretty hard to prevent that. I think doing the vma_start_write() call inside dup_anon_vma() is the most straightforward fix for now. For a kernel-assisted reproducer, see the notes section of the patch mail. Link: https://lkml.kernel.org/r/20230721034643.616851-1-jannh@google.com Fixes: 5e31275cc997 ("mm: add per-VMA lock and helper functions to control it") Signed-off-by: Jann Horn <jannh@google.com> Reviewed-by: Suren Baghdasaryan <surenb@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit d8ab9f7b644a2c9b64de405c1953c905ff219dc9) [surenb: since dup_anon_vma() is missing, add vma_start_write() directly before anon_vma is assigned] Bug: 293665307 Change-Id: I1b44e6278e464157e666cc5dbdb0fcc29bcf665e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Kalesh Singh
|
64466a748a |
FROMGIT: Multi-gen LRU: Fix per-zone reclaim
MGLRU has a LRU list for each zone for each type (anon/file) in each
generation:
long nr_pages[MAX_NR_GENS][ANON_AND_FILE][MAX_NR_ZONES];
The min_seq (oldest generation) can progress independently for each
type but the max_seq (youngest generation) is shared for both anon and
file. This is to maintain a common frame of reference.
In order for eviction to advance the min_seq of a type, all the per-zone
lists in the oldest generation of that type must be empty.
The eviction logic only considers pages from eligible zones for
eviction or promotion.
scan_folios() {
...
for (zone = sc->reclaim_idx; zone >= 0; zone--) {
...
sort_folio(); // Promote
...
isolate_folio(); // Evict
}
...
}
Consider the system has the movable zone configured and default 4
generations. The current state of the system is as shown below
(only illustrating one type for simplicity):
Type: ANON
Zone DMA32 Normal Movable Device
Gen 0 0 0 4GB 0
Gen 1 0 1GB 1MB 0
Gen 2 1MB 4GB 1MB 0
Gen 3 1MB 1MB 1MB 0
Now consider there is a GFP_KERNEL allocation request (eligible zone
index <= Normal), evict_folios() will return without doing any work
since there are no pages to scan in the eligible zones of the oldest
generation. Reclaim won't make progress until triggered from a ZONE_MOVABLE
allocation request; which may not happen soon if there is a lot of free
memory in the movable zone. This can lead to OOM kills, although there
is 1GB pages in the Normal zone of Gen 1 that we have not yet tried to
reclaim.
This issue is not seen in the conventional active/inactive LRU since
there are no per-zone lists.
If there are no (not enough) folios to scan in the eligible zones, move
folios from ineligible zone (zone_index > reclaim_index) to the next
generation. This allows for the progression of min_seq and reclaiming
from the next generation (Gen 1).
Qualcomm, Mediatek and raspberrypi [1] discovered this issue independently.
[1] https://github.com/raspberrypi/linux/issues/5395
Link: https://lkml.kernel.org/r/20230802025606.346758-1-kaleshsingh@google.com
Fixes:
|
||
Liam R. Howlett
|
683966ac69 |
UPSTREAM: mm/mmap: Fix extra maple tree write
based on commit 0503ea8f5ba73eb3ab13a81c1eefbaf51405385a upstream.
This was inadvertently fixed during the removal of __vma_adjust().
When __vma_adjust() is adjusting next with a negative value (pushing
vma->vm_end lower), there would be two writes to the maple tree. The
first write is unnecessary and uses all allocated nodes in the maple
state. The second write is necessary but will need to allocate nodes
since the first write has used the allocated nodes. This may be a
problem as it may not be safe to allocate at this time, such as a low
memory situation. Fix the issue by avoiding the first write and only
write the adjusted "next" VMA.
Reported-by: John Hsu <John.Hsu@mediatek.com>
Link: https://lore.kernel.org/lkml/9cb8c599b1d7f9c1c300d1a334d5eb70ec4d7357.camel@mediatek.com/
Cc: stable@vger.kernel.org
Cc: linux-mm@kvack.org
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
Charan Teja Kalla
|
f86c79eb86 |
FROMGIT: Multi-gen LRU: skip CMA pages when they are not eligible
This patch is based on the commit 5da226dbfce3("mm: skip CMA pages when
they are not available") which skips cma pages reclaim when they are not
eligible for the current allocation context. In mglru, such pages are
added to the tail of the immediate generation to maintain better LRU
order, which is unlike the case of conventional LRU where such pages are
directly added to the head of the LRU list(akin to adding to head of the
youngest generation in mglru).
No observable issue without this patch on MGLRU, but logically it make
sense to skip the CMA page reclaim when those pages can't be satisfied for
the current allocation context.
Link: https://lkml.kernel.org/r/1691568344-13475-1-git-send-email-quic_charante@quicinc.com
Change-Id: I586415b3e3a92da23f3e79b9d63802a2ced03432
Signed-off-by: Charan Teja Kalla <quic_charante@quicinc.com>
Reviewed-by: Kalesh Singh <kaleshsingh@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Yu Zhao <yuzhao@google.com>
Cc: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 75d52d9304ef5b268eb798b0c679815290a0fc83 https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable)
Bug: 288383787
Bug: 291719697
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
|
||
Zhaoyang Huang
|
7ae1e02abb |
UPSTREAM: mm: skip CMA pages when they are not available
This patch fixes unproductive reclaiming of CMA pages by skipping them when they are not available for current context. It arises from the below OOM issue, which was caused by a large proportion of MIGRATE_CMA pages among free pages. [ 36.172486] [03-19 10:05:52.172] ActivityManager: page allocation failure: order:0, mode:0xc00(GFP_NOIO), nodemask=(null),cpuset=foreground,mems_allowed=0 [ 36.189447] [03-19 10:05:52.189] DMA32: 0*4kB 447*8kB (C) 217*16kB (C) 124*32kB (C) 136*64kB (C) 70*128kB (C) 22*256kB (C) 3*512kB (C) 0*1024kB 0*2048kB 0*4096kB = 35848kB [ 36.193125] [03-19 10:05:52.193] Normal: 231*4kB (UMEH) 49*8kB (MEH) 14*16kB (H) 13*32kB (H) 8*64kB (H) 2*128kB (H) 0*256kB 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 3236kB ... [ 36.234447] [03-19 10:05:52.234] SLUB: Unable to allocate memory on node -1, gfp=0xa20(GFP_ATOMIC) [ 36.234455] [03-19 10:05:52.234] cache: ext4_io_end, object size: 64, buffer size: 64, default order: 0, min order: 0 [ 36.234459] [03-19 10:05:52.234] node 0: slabs: 53,objs: 3392, free: 0 This change further decreases the chance for wrong OOMs in the presence of a lot of CMA memory. [david@redhat.com: changelog addition] Link: https://lkml.kernel.org/r/1685501461-19290-1-git-send-email-zhaoyang.huang@unisoc.com Change-Id: I84f1145c38b5ff7b825f2122b33bc55997931bd7 Signed-off-by: Zhaoyang Huang <zhaoyang.huang@unisoc.com> Acked-by: David Hildenbrand <david@redhat.com> Cc: ke.wang <ke.wang@unisoc.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Minchan Kim <minchan@kernel.org> Cc: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 5da226dbfce3a2f44978c2c7cf88166e69a6788b) Bug: 288383787 Bug: 291719697 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
Deyao Ren
|
dc509aa20a |
Merge remote-tracking branch into HEAD
* keystone/mirror-android14-6.1-2023-07: (111 commits) ANDROID: ABI: Update STG ABI to format version 2 ANDROID: GKI: Update pixel symbol list for thermal ANDROID: thermal: Add vendor thermal genl check ANDROID: ABI: Update symbol for Exynos SoC ANDROID: GKI: Update mtk ABI symbol list ANDROID: ABI: Update symbol list for imx ANDROID: GKI: Update abi_gki_aarch64_qcom BACKPORT: FROMGIT: irqchip/gic-v3: Workaround for GIC-700 erratum 2941627 ANDROID: ABI: update symbol list for Xclipse GPU ANDROID: drm/ttm: export ttm_tt_unpopulate() ANDROID: fuse-bpf: Add partial flock support ANDROID: Incremental fs: Allocate data buffer based on input request size UPSTREAM: gfs2: Don't deref jdesc in evict ANDROID: KVM: arm64: Fix MMU context save/restore over TLB invalidation ANDROID: Update symbol list for VIVO ANDROID: add initial symbol list file for ExynosAuto SoCs ANDROID: sched: Export sched_domains_mutex for lockdep ANDROID: Update symbol for Exynos SoC ANDROID: ABI: Update symbol for Exynos SoC ANDROID: Update symbol list for mtk ... Change-Id: I0186f02e9e3b07ea279334a06e33131b2a78c2f4 |
||
Roman Gushchin
|
33d9490b27 |
mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
commit 3b8abb3239530c423c0b97e42af7f7e856e1ee96 upstream.
KCSAN found an issue in obj_stock_flush_required():
stock->cached_objcg can be reset between the check and dereference:
==================================================================
BUG: KCSAN: data-race in drain_all_stock / drain_obj_stock
write to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0:
drain_obj_stock+0x408/0x4e0 mm/memcontrol.c:3306
refill_obj_stock+0x9c/0x1e0 mm/memcontrol.c:3340
obj_cgroup_uncharge+0xe/0x10 mm/memcontrol.c:3408
memcg_slab_free_hook mm/slab.h:587 [inline]
__cache_free mm/slab.c:3373 [inline]
__do_kmem_cache_free mm/slab.c:3577 [inline]
kmem_cache_free+0x105/0x280 mm/slab.c:3602
__d_free fs/dcache.c:298 [inline]
dentry_free fs/dcache.c:375 [inline]
__dentry_kill+0x422/0x4a0 fs/dcache.c:621
dentry_kill+0x8d/0x1e0
dput+0x118/0x1f0 fs/dcache.c:913
__fput+0x3bf/0x570 fs/file_table.c:329
____fput+0x15/0x20 fs/file_table.c:349
task_work_run+0x123/0x160 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xcf/0xe0 kernel/entry/common.c:171
exit_to_user_mode_prepare+0x6a/0xa0 kernel/entry/common.c:203
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296
do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
read to 0xffff888237c2a2f8 of 8 bytes by task 19632 on cpu 1:
obj_stock_flush_required mm/memcontrol.c:3319 [inline]
drain_all_stock+0x174/0x2a0 mm/memcontrol.c:2361
try_charge_memcg+0x6d0/0xd10 mm/memcontrol.c:2703
try_charge mm/memcontrol.c:2837 [inline]
mem_cgroup_charge_skmem+0x51/0x140 mm/memcontrol.c:7290
sock_reserve_memory+0xb1/0x390 net/core/sock.c:1025
sk_setsockopt+0x800/0x1e70 net/core/sock.c:1525
udp_lib_setsockopt+0x99/0x6c0 net/ipv4/udp.c:2692
udp_setsockopt+0x73/0xa0 net/ipv4/udp.c:2817
sock_common_setsockopt+0x61/0x70 net/core/sock.c:3668
__sys_setsockopt+0x1c3/0x230 net/socket.c:2271
__do_sys_setsockopt net/socket.c:2282 [inline]
__se_sys_setsockopt net/socket.c:2279 [inline]
__x64_sys_setsockopt+0x66/0x80 net/socket.c:2279
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0xffff8881382d52c0 -> 0xffff888138893740
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 19632 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Fix it by using READ_ONCE()/WRITE_ONCE() for all accesses to
stock->cached_objcg.
Link: https://lkml.kernel.org/r/20230502160839.361544-1-roman.gushchin@linux.dev
Fixes:
|
||
|
jianzhou
|
572508aff3 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (b9d4167) into qcom-6.1
* refs/heads/tmp-b9d4167: ANDROID: Snap to android14-6.1-2023-06 ANDROID: fuse-bpf: Move FUSE_RELEASE to correct place BACKPORT: FROMLIST: ovl: get_acl: Fix null pointer dereference at realinode in rcu-walk mode BACKPORT: FROMLIST: ovl: ovl_permission: Fix null pointer dereference at realinode in rcu-walk mode BACKPORT: FROMLIST: ovl: Let helper ovl_i_path_real() return the realinode Conflicts: android/abi_gki_aarch64.stg Change-Id: I1c41d9c5d104ea48b379f9d3e0637447637607ff Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@10638318 UKQ2.230809.001 Signed-off-by: jianzhou <quic_jianzhou@quicinc.com> |
||
|
Kalesh Singh
|
00ff53e1e0 |
FROMGIT: Multi-gen LRU: Fix per-zone reclaim
MGLRU has a LRU list for each zone for each type (anon/file) in each
generation:
long nr_pages[MAX_NR_GENS][ANON_AND_FILE][MAX_NR_ZONES];
The min_seq (oldest generation) can progress independently for each
type but the max_seq (youngest generation) is shared for both anon and
file. This is to maintain a common frame of reference.
In order for eviction to advance the min_seq of a type, all the per-zone
lists in the oldest generation of that type must be empty.
The eviction logic only considers pages from eligible zones for
eviction or promotion.
scan_folios() {
...
for (zone = sc->reclaim_idx; zone >= 0; zone--) {
...
sort_folio(); // Promote
...
isolate_folio(); // Evict
}
...
}
Consider the system has the movable zone configured and default 4
generations. The current state of the system is as shown below
(only illustrating one type for simplicity):
Type: ANON
Zone DMA32 Normal Movable Device
Gen 0 0 0 4GB 0
Gen 1 0 1GB 1MB 0
Gen 2 1MB 4GB 1MB 0
Gen 3 1MB 1MB 1MB 0
Now consider there is a GFP_KERNEL allocation request (eligible zone
index <= Normal), evict_folios() will return without doing any work
since there are no pages to scan in the eligible zones of the oldest
generation. Reclaim won't make progress until triggered from a ZONE_MOVABLE
allocation request; which may not happen soon if there is a lot of free
memory in the movable zone. This can lead to OOM kills, although there
is 1GB pages in the Normal zone of Gen 1 that we have not yet tried to
reclaim.
This issue is not seen in the conventional active/inactive LRU since
there are no per-zone lists.
If there are no (not enough) folios to scan in the eligible zones, move
folios from ineligible zone (zone_index > reclaim_index) to the next
generation. This allows for the progression of min_seq and reclaiming
from the next generation (Gen 1).
Qualcomm, Mediatek and raspberrypi [1] discovered this issue independently.
[1] https://github.com/raspberrypi/linux/issues/5395
Link: https://lkml.kernel.org/r/20230802025606.346758-1-kaleshsingh@google.com
Fixes:
|
||
Elliot Berman
|
b7e8439a23 |
ANDROID: Snap to android14-6.1-2023-06
Snap tree to commit
|
||
Jiewen Wang
|
dbb09068c1 |
ANDROID: vendor_hooks: Add tune scan type hook in get_scan_count()
Add hook in get_scan_count() for oem to wield customized reclamation strategy Bug: 294180281 Change-Id: Ic54d35128e458661fc2b641809f5371b1d9a488e Signed-off-by: Jiewen Wang <jiewen.wang@vivo.com> |
||
|
Kalesh Singh
|
5e1d25ac2a |
FROMGIT: BACKPORT: Multi-gen LRU: Fix can_swap in lru_gen_look_around()
walk->can_swap might be invalid since it's not guaranteed to be
initialized for the particular lruvec. Instead deduce it from the folio
type (anon/file).
Link: https://lkml.kernel.org/r/20230802025606.346758-3-kaleshsingh@google.com
Fixes:
|
||
|
Kalesh Singh
|
addf1a9a65 |
FROMGIT: Multi-gen LRU: Avoid race in inc_min_seq()
inc_max_seq() will try to inc_min_seq() if nr_gens == MAX_NR_GENS. This
is because the generations are reused (the last oldest now empty
generation will become the next youngest generation).
inc_min_seq() is retried until successful, dropping the lru_lock
and yielding the CPU on each failure, and retaking the lock before
trying again:
while (!inc_min_seq(lruvec, type, can_swap)) {
spin_unlock_irq(&lruvec->lru_lock);
cond_resched();
spin_lock_irq(&lruvec->lru_lock);
}
However, the initial condition that required incrementing the min_seq
(nr_gens == MAX_NR_GENS) is not retested. This can change by another
call to inc_max_seq() from run_aging() with force_scan=true from the
debugfs interface.
Since the eviction stalls when the nr_gens == MIN_NR_GENS, avoid
unnecessarily incrementing the min_seq by rechecking the number of
generations before each attempt.
This issue was uncovered in previous discussion on the list by Yu Zhao
and Aneesh Kumar [1].
[1] https://lore.kernel.org/linux-mm/CAOUHufbO7CaVm=xjEb1avDhHVvnC8pJmGyKcFf2iY_dpf+zR3w@mail.gmail.com/
Link: https://lkml.kernel.org/r/20230802025606.346758-2-kaleshsingh@google.com
Fixes:
|
||
|
Kalesh Singh
|
a7adb98897 |
FROMGIT: Multi-gen LRU: Fix per-zone reclaim
MGLRU has a LRU list for each zone for each type (anon/file) in each
generation:
long nr_pages[MAX_NR_GENS][ANON_AND_FILE][MAX_NR_ZONES];
The min_seq (oldest generation) can progress independently for each
type but the max_seq (youngest generation) is shared for both anon and
file. This is to maintain a common frame of reference.
In order for eviction to advance the min_seq of a type, all the per-zone
lists in the oldest generation of that type must be empty.
The eviction logic only considers pages from eligible zones for
eviction or promotion.
scan_folios() {
...
for (zone = sc->reclaim_idx; zone >= 0; zone--) {
...
sort_folio(); // Promote
...
isolate_folio(); // Evict
}
...
}
Consider the system has the movable zone configured and default 4
generations. The current state of the system is as shown below
(only illustrating one type for simplicity):
Type: ANON
Zone DMA32 Normal Movable Device
Gen 0 0 0 4GB 0
Gen 1 0 1GB 1MB 0
Gen 2 1MB 4GB 1MB 0
Gen 3 1MB 1MB 1MB 0
Now consider there is a GFP_KERNEL allocation request (eligible zone
index <= Normal), evict_folios() will return without doing any work
since there are no pages to scan in the eligible zones of the oldest
generation. Reclaim won't make progress until triggered from a ZONE_MOVABLE
allocation request; which may not happen soon if there is a lot of free
memory in the movable zone. This can lead to OOM kills, although there
is 1GB pages in the Normal zone of Gen 1 that we have not yet tried to
reclaim.
This issue is not seen in the conventional active/inactive LRU since
there are no per-zone lists.
If there are no (not enough) folios to scan in the eligible zones, move
folios from ineligible zone (zone_index > reclaim_index) to the next
generation. This allows for the progression of min_seq and reclaiming
from the next generation (Gen 1).
Qualcomm, Mediatek and raspberrypi [1] discovered this issue independently.
[1] https://github.com/raspberrypi/linux/issues/5395
Link: https://lkml.kernel.org/r/20230802025606.346758-1-kaleshsingh@google.com
Fixes:
|
||
Peifeng Li
|
c3d26e2b5a |
ANDROID: vendor_hooks: Add hooks for lookaround
Add hooks for support lookaround in memory reclamation. - android_vh_test_clear_look_around_ref - android_vh_check_folio_look_around_ref - android_vh_look_around_migrate_folio - android_vh_look_around Bug: 292051411 Signed-off-by: Peifeng Li <lipeifeng@oppo.com> Change-Id: I9a606ae71d2f1303df3b02403b30bc8fdc9d06dd (cherry picked from commit f50f24e781738c8e5aa9f285d8726202f33107d6) [huzhanyuan: changed page to folio where appropriate] |
||
|
Jann Horn
|
f5c707dc65 |
UPSTREAM: mm/mempolicy: Take VMA lock before replacing policy
mbind() calls down into vma_replace_policy() without taking the per-VMA
locks, replaces the VMA's vma->vm_policy pointer, and frees the old
policy. That's bad; a concurrent page fault might still be using the
old policy (in vma_alloc_folio()), resulting in use-after-free.
Normally this will manifest as a use-after-free read first, but it can
result in memory corruption, including because vma_alloc_folio() can
call mpol_cond_put() on the freed policy, which conditionally changes
the policy's refcount member.
This bug is specific to CONFIG_NUMA, but it does also affect non-NUMA
systems as long as the kernel was built with CONFIG_NUMA.
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Suren Baghdasaryan <surenb@google.com>
Fixes: 5e31275cc997 ("mm: add per-VMA lock and helper functions to control it")
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 293665307
(cherry picked from commit 6c21e066f9256ea1df6f88768f6ae1080b7cf509)
Change-Id: I2e3a4ee8bad97457ee3e127694f0609e7a240a2f
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Jann Horn
|
890b1aabb1 |
BACKPORT: mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock
lock_vma_under_rcu() tries to guarantee that __anon_vma_prepare() can't
be called in the VMA-locked page fault path by ensuring that
vma->anon_vma is set.
However, this check happens before the VMA is locked, which means a
concurrent move_vma() can concurrently call unlink_anon_vmas(), which
disassociates the VMA's anon_vma.
This means we can get UAF in the following scenario:
THREAD 1 THREAD 2
======== ========
<page fault>
lock_vma_under_rcu()
rcu_read_lock()
mas_walk()
check vma->anon_vma
mremap() syscall
move_vma()
vma_start_write()
unlink_anon_vmas()
<syscall end>
handle_mm_fault()
__handle_mm_fault()
handle_pte_fault()
do_pte_missing()
do_anonymous_page()
anon_vma_prepare()
__anon_vma_prepare()
find_mergeable_anon_vma()
mas_walk() [looks up VMA X]
munmap() syscall (deletes VMA X)
reusable_anon_vma() [called on freed VMA X]
This is a security bug if you can hit it, although an attacker would
have to win two races at once where the first race window is only a few
instructions wide.
This patch is based on some previous discussion with Linus Torvalds on
the security list.
Cc: stable@vger.kernel.org
Fixes: 5e31275cc997 ("mm: add per-VMA lock and helper functions to control it")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 293665307
(cherry picked from commit 657b5146955eba331e01b9a6ae89ce2e716ba306)
[surenb: removed vma_is_tcp() call not present in 6.1]
Change-Id: I4bd91e1db337ff35eb7c1d436f4372944556dd7d
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Hugh Dickins
|
371f8d901a |
UPSTREAM: mm: lock newly mapped VMA with corrected ordering
Lockdep is certainly right to complain about
(&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_write+0x2d/0x3f
but task is already holding lock:
(&mapping->i_mmap_rwsem){+.+.}-{3:3}, at: mmap_region+0x4dc/0x6db
Invert those to the usual ordering.
Fixes: 33313a747e81 ("mm: lock newly mapped VMA which can be modified after it becomes visible")
Cc: stable@vger.kernel.org
Signed-off-by: Hugh Dickins <hughd@google.com>
Tested-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 1c7873e3364570ec89343ff4877e0f27a7b21a61)
Change-Id: I85f9cfb6ee8f3d9fefda5518c5637a7dff64bac3
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Suren Baghdasaryan
|
e3601b25ae |
UPSTREAM: mm: lock newly mapped VMA which can be modified after it becomes visible
mmap_region adds a newly created VMA into VMA tree and might modify it afterwards before dropping the mmap_lock. This poses a problem for page faults handled under per-VMA locks because they don't take the mmap_lock and can stumble on this VMA while it's still being modified. Currently this does not pose a problem since post-addition modifications are done only for file-backed VMAs, which are not handled under per-VMA lock. However, once support for handling file-backed page faults with per-VMA locks is added, this will become a race. Fix this by write-locking the VMA before inserting it into the VMA tree. Other places where a new VMA is added into VMA tree do not modify it after the insertion, so do not need the same locking. Cc: stable@vger.kernel.org Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 33313a747e81af9f31d0d45de78c9397fa3655eb) Change-Id: I3bb6a7bc8dd579e11f9c18cbc8e4a6e7279bbfb2 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Suren Baghdasaryan
|
05f7c7fe72 |
UPSTREAM: mm: lock a vma before stack expansion
With recent changes necessitating mmap_lock to be held for write while expanding a stack, per-VMA locks should follow the same rules and be write-locked to prevent page faults into the VMA being expanded. Add the necessary locking. Cc: stable@vger.kernel.org Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit c137381f71aec755fbf47cd4e9bd4dce752c054c) Change-Id: I3e6a8c89c1fb7c0669e1232176bb04ea6b09bc0a Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c0ba567af1 |
ANDROID: GKI: bring back find_extend_vma()
In commit 8d7071af8907 ("mm: always expand the stack with the mmap write
lock held"), find_extend_vma() was no longer being used in the tree, so
it was removed. Unfortunately some GKI external module is using this,
so bring it back to allow things to continue to work.
Bug: 161946584
Fixes: 8d7071af8907 ("mm: always expand the stack with the mmap write lock held")
Change-Id: I6f1fb1fd8193625fe3dac0bbc5b0aff653b3d879
Cc: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Linus Torvalds
|
188ce9572f |
BACKPORT: mm: always expand the stack with the mmap write lock held
commit 8d7071af890768438c14db6172cc8f9f4d04e184 upstream This finishes the job of always holding the mmap write lock when extending the user stack vma, and removes the 'write_locked' argument from the vm helper functions again. For some cases, we just avoid expanding the stack at all: drivers and page pinning really shouldn't be extending any stacks. Let's see if any strange users really wanted that. It's worth noting that architectures that weren't converted to the new lock_mm_and_find_vma() helper function are left using the legacy "expand_stack()" function, but it has been changed to drop the mmap_lock and take it for writing while expanding the vma. This makes it fairly straightforward to convert the remaining architectures. As a result of dropping and re-taking the lock, the calling conventions for this function have also changed, since the old vma may no longer be valid. So it will now return the new vma if successful, and NULL - and the lock dropped - if the area could not be extended. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [6.1: Patch drivers/iommu/io-pgfault.c instead] Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [surenb: change in io-pgfault.c was done in iommu-sva.c] Change-Id: Icdcdded08d7ad4eda8fae1120a3c8b3d957516c1 (cherry picked from commit 8d7071af890768438c14db6172cc8f9f4d04e184) Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Liam R. Howlett
|
1afccd4255 |
UPSTREAM: mm: make find_extend_vma() fail if write lock not held
commit f440fa1ac955e2898893f9301568435eb5cdfc4b upstream. Make calls to extend_vma() and find_extend_vma() fail if the write lock is required. To avoid making this a flag-day event, this still allows the old read-locking case for the trivial situations, and passes in a flag to say "is it write-locked". That way write-lockers can say "yes, I'm being careful", and legacy users will continue to work in all the common cases until they have been fully converted to the new world order. Co-Developed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Change-Id: If12d2d68429b6d71393f02d5ed7e6939c3cd5405 (cherry picked from commit f440fa1ac955e2898893f9301568435eb5cdfc4b) Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Ben Hutchings
|
add0a1ea04 |
UPSTREAM: arm/mm: Convert to using lock_mm_and_find_vma()
commit 8b35ca3e45e35a26a21427f35d4093606e93ad0a upstream. arm has an additional check for address < FIRST_USER_ADDRESS before expanding the stack. Since FIRST_USER_ADDRESS is defined everywhere (generally as 0), move that check to the generic expand_downwards(). Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Change-Id: Ie1090f587090ef16de4bce224bbc52334bfe78fa (cherry picked from commit 8b35ca3e45e35a26a21427f35d4093606e93ad0a) Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Linus Torvalds
|
cf70cb4f1f |
UPSTREAM: mm: make the page fault mmap locking killable
commit eda0047296a16d65a7f2bc60a408f70d178b2014 upstream. This is done as a separate patch from introducing the new lock_mm_and_find_vma() helper, because while it's an obvious change, it's not what x86 used to do in this area. We already abort the page fault on fatal signals anyway, so why should we wait for the mmap lock only to then abort later? With the new helper function that returns without the lock held on failure anyway, this is particularly easy and straightforward. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Change-Id: I9730b4543265a20253cbfc02de135cc77927f821 (cherry picked from commit eda0047296a16d65a7f2bc60a408f70d178b2014) Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Linus Torvalds
|
3803ae4a28 |
BACKPORT: mm: introduce new 'lock_mm_and_find_vma()' page fault helper
commit c2508ec5a58db67093f4fb8bf89a9a7c53a109e9 upstream.
.. and make x86 use it.
This basically extracts the existing x86 "find and expand faulting vma"
code, but extends it to also take the mmap lock for writing in case we
actually do need to expand the vma.
We've historically short-circuited that case, and have some rather ugly
special logic to serialize the stack segment expansion (since we only
hold the mmap lock for reading) that doesn't match the normal VM
locking.
That slight violation of locking worked well, right up until it didn't:
the maple tree code really does want proper locking even for simple
extension of an existing vma.
So extract the code for "look up the vma of the fault" from x86, fix it
up to do the necessary write locking, and make it available as a helper
function for other architectures that can use the common helper.
Note: I say "common helper", but it really only handles the normal
stack-grows-down case. Which is all architectures except for PA-RISC
and IA64. So some rare architectures can't use the helper, but if they
care they'll just need to open-code this logic.
It's also worth pointing out that this code really would like to have an
optimistic "mmap_upgrade_trylock()" to make it quicker to go from a
read-lock (for the common case) to taking the write lock (for having to
extend the vma) in the normal single-threaded situation where there is
no other locking activity.
But that _is_ all the very uncommon special case, so while it would be
nice to have such an operation, it probably doesn't matter in reality.
I did put in the skeleton code for such a possible future expansion,
even if it only acts as pseudo-documentation for what we're doing.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[surenb: this one is taken from 6.4.y stable branch]
Change-Id: I6e16e6751245ac24adcbe78114bc57c726463acb
(cherry-picked from commit
|
||
Tony Luck
|
53048f151c |
BACKPORT: mm, hwpoison: when copy-on-write hits poison, take page offline
commit d302c2398ba269e788a4f37ae57c07a7fcabaa42 upstream.
Cannot call memory_failure() directly from the fault handler because
mmap_lock (and others) are held.
It is important, but not urgent, to mark the source page as h/w poisoned
and unmap it from other tasks.
Use memory_failure_queue() to request a call to memory_failure() for the
page with the error.
Also provide a stub version for CONFIG_MEMORY_FAILURE=n
Link: https://lkml.kernel.org/r/20221021200120.175753-3-tony.luck@intel.com
Signed-off-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Shuai Xue <xueshuai@linux.alibaba.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[ Due to missing commits
e591ef7d96d6e ("mm,hwpoison,hugetlb,memory_hotplug: hotremove memory section with hwpoisoned hugepage")
5033091de814a ("mm/hwpoison: introduce per-memory_block hwpoison counter")
The impact of e591ef7d96d6e is its introduction of an additional flag in
__get_huge_page_for_hwpoison() that serves as an indication a hwpoisoned
hugetlb page should have its migratable bit cleared.
The impact of 5033091de814a is contexual.
Resolve by ignoring both missing commits. - jane]
Signed-off-by: Jane Chu <jane.chu@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ica2c1970fe3cdfa9dc7d3f288e1e6a90378a9764
(cherry-picked from commit
|
||
|
Tony Luck
|
a2dff37b0c |
UPSTREAM: mm, hwpoison: try to recover from copy-on write faults
commit a873dfe1032a132bf89f9e19a6ac44f5a0b78754 upstream.
Patch series "Copy-on-write poison recovery", v3.
Part 1 deals with the process that triggered the copy on write fault with
a store to a shared read-only page. That process is send a SIGBUS with
the usual machine check decoration to specify the virtual address of the
lost page, together with the scope.
Part 2 sets up to asynchronously take the page with the uncorrected error
offline to prevent additional machine check faults. H/t to Miaohe Lin
<linmiaohe@huawei.com> and Shuai Xue <xueshuai@linux.alibaba.com> for
pointing me to the existing function to queue a call to memory_failure().
On x86 there is some duplicate reporting (because the error is also
signalled by the memory controller as well as by the core that triggered
the machine check). Console logs look like this:
This patch (of 2):
If the kernel is copying a page as the result of a copy-on-write
fault and runs into an uncorrectable error, Linux will crash because
it does not have recovery code for this case where poison is consumed
by the kernel.
It is easy to set up a test case. Just inject an error into a private
page, fork(2), and have the child process write to the page.
I wrapped that neatly into a test at:
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/ras-tools.git
just enable ACPI error injection and run:
# ./einj_mem-uc -f copy-on-write
Add a new copy_user_highpage_mc() function that uses copy_mc_to_kernel()
on architectures where that is available (currently x86 and powerpc).
When an error is detected during the page copy, return VM_FAULT_HWPOISON
to caller of wp_page_copy(). This propagates up the call stack. Both x86
and powerpc have code in their fault handler to deal with this code by
sending a SIGBUS to the application.
Note that this patch avoids a system crash and signals the process that
triggered the copy-on-write action. It does not take any action for the
memory error that is still in the shared page. To handle that a call to
memory_failure() is needed. But this cannot be done from wp_page_copy()
because it holds mmap_lock(). Perhaps the architecture fault handlers
can deal with this loose end in a subsequent patch?
On Intel/x86 this loose end will often be handled automatically because
the memory controller provides an additional notification of the h/w
poison in memory, the handler for this will call memory_failure(). This
isn't a 100% solution. If there are multiple errors, not all may be
logged in this way.
[tony.luck@intel.com: add call to kmsan_unpoison_memory(), per Miaohe Lin]
Link: https://lkml.kernel.org/r/20221031201029.102123-2-tony.luck@intel.com
Link: https://lkml.kernel.org/r/20221021200120.175753-1-tony.luck@intel.com
Link: https://lkml.kernel.org/r/20221021200120.175753-2-tony.luck@intel.com
Signed-off-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Reviewed-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Alexander Potapenko <glider@google.com>
Tested-by: Shuai Xue <xueshuai@linux.alibaba.com>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Igned-off-by: Jane Chu <jane.chu@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I7c35cd47de59611fcc0550b0a7fd4e3911bbb110
(cherry-picked from commit
|
||
David Woodhouse
|
466448f55f |
BACKPORT: mm/mmap: Fix error return in do_vmi_align_munmap()
commit 6c26bd4384da24841bac4f067741bbca18b0fb74 upstream,
If mas_store_gfp() in the gather loop failed, the 'error' variable that
ultimately gets returned was not being set. In many cases, its original
value of -ENOMEM was still in place, and that was fine. But if VMAs had
been split at the start or end of the range, then 'error' could be zero.
Change to the 'error = foo(); if (error) goto â¦' idiom to fix the bug.
Also clean up a later case which avoided the same bug by *explicitly*
setting error = -ENOMEM right before calling the function that might
return -ENOMEM.
In a final cosmetic change, move the 'Point of no return' comment to
*after* the goto. That's been in the wrong place since the preallocation
was removed, and this new error path was added.
Fixes: 606c812eb1d5 ("mm/mmap: Fix error path in do_vmi_align_munmap()")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
|
||
|
Liam R. Howlett
|
41b30362e9 |
BACKPORT: mm/mmap: Fix error path in do_vmi_align_munmap()
commit 606c812eb1d5b5fb0dd9e330ca94b52d7c227830 upstream
The error unrolling was leaving the VMAs detached in many cases and
leaving the locked_vm statistic altered, and skipping the unrolling
entirely in the case of the vma tree write failing.
Fix the error path by re-attaching the detached VMAs and adding the
necessary goto for the failed vma tree write, and fix the locked_vm
statistic by only updating after the vma tree write succeeds.
Fixes:
|
||
|
Greg Kroah-Hartman
|
1ef7816a50 |
Merge branch 'android14-6.1' into 'android14-6.1-lts'
Catches the android14-6.1-lts branch up with the android14-6.1 branch which has had a lot of changes that are needed here to resolve future LTS merges and to ensure that the ABI is kept stable. It contains the following commits: * |
||
Arnd Bergmann
|
a4336343ea |
kasan: add kasan_tag_mismatch prototype
commit fb646a4cd3f0ff27d19911bef7b6622263723df6 upstream. The kasan sw-tags implementation contains one function that is only called from assembler and has no prototype in a header. This causes a W=1 warning: mm/kasan/sw_tags.c:171:6: warning: no previous prototype for 'kasan_tag_mismatch' [-Wmissing-prototypes] 171 | void kasan_tag_mismatch(unsigned long addr, unsigned long access_info, Add a prototype in the local header to get a clean build. Link: https://lkml.kernel.org/r/20230509145735.9263-1-arnd@kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Konovalov <andreyknvl@gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Marco Elver <elver@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Suren Baghdasaryan
|
77ae3e7bb8 |
FROMGIT: swap: remove remnants of polling from read_swap_cache_async
Patch series "Per-VMA lock support for swap and userfaults", v7. When per-VMA locks were introduced in [1] several types of page faults would still fall back to mmap_lock to keep the patchset simple. Among them are swap and userfault pages. The main reason for skipping those cases was the fact that mmap_lock could be dropped while handling these faults and that required additional logic to be implemented. Implement the mechanism to allow per-VMA locks to be dropped for these cases. First, change handle_mm_fault to drop per-VMA locks when returning VM_FAULT_RETRY or VM_FAULT_COMPLETED to be consistent with the way mmap_lock is handled. Then change folio_lock_or_retry to accept vm_fault and return vm_fault_t which simplifies later patches. Finally allow swap and uffd page faults to be handled under per-VMA locks by dropping per-VMA and retrying, the same way it's done under mmap_lock. Naturally, once VMA lock is dropped that VMA should be assumed unstable and can't be used. This patch (of 6): Commit [1] introduced IO polling support duding swapin to reduce swap read latency for block devices that can be polled. However later commit [2] removed polling support. Therefore it seems safe to remove do_poll parameter in read_swap_cache_async and always call swap_readpage with synchronous=false waiting for IO completion in folio_lock_or_retry. [1] commit |
||
|
Greg Kroah-Hartman
|
524f946fbc |
Merge branch 'android14-6.1' into 'android14-6.1-lts'
Catches the android14-6.1-lts branch up with the android14-6.1 branch which has had a lot of changes that are needed here to resolve future LTS merges and to ensure that the ABI is kept stable. It contains the following commits: abb897fe2f8e Merge branch 'android14-6.1' into 'android14-6.1-lts' |
||
|
Liam R. Howlett
|
a02c6dc0ef |
mm/mmap: Fix extra maple tree write
based on commit 0503ea8f5ba73eb3ab13a81c1eefbaf51405385a upstream. This was inadvertently fixed during the removal of __vma_adjust(). When __vma_adjust() is adjusting next with a negative value (pushing vma->vm_end lower), there would be two writes to the maple tree. The first write is unnecessary and uses all allocated nodes in the maple state. The second write is necessary but will need to allocate nodes since the first write has used the allocated nodes. This may be a problem as it may not be safe to allocate at this time, such as a low memory situation. Fix the issue by avoiding the first write and only write the adjusted "next" VMA. Reported-by: John Hsu <John.Hsu@mediatek.com> Link: https://lore.kernel.org/lkml/9cb8c599b1d7f9c1c300d1a334d5eb70ec4d7357.camel@mediatek.com/ Cc: stable@vger.kernel.org Cc: linux-mm@kvack.org Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Roberto Sassu
|
1f34bf8b44 |
shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs
commit 36ce9d76b0a93bae799e27e4f5ac35478c676592 upstream.
As the ramfs-based tmpfs uses ramfs_init_fs_context() for the
init_fs_context method, which allocates fc->s_fs_info, use ramfs_kill_sb()
to free it and avoid a memory leak.
Link: https://lkml.kernel.org/r/20230607161523.2876433-1-roberto.sassu@huaweicloud.com
Fixes:
|
||
Ryan Roberts
|
23fbff67b0 |
mm/damon/ops-common: atomically test and clear young on ptes and pmds
commit c11d34fa139e4b0fb4249a30f37b178353533fa1 upstream.
It is racy to non-atomically read a pte, then clear the young bit, then
write it back as this could discard dirty information. Further, it is bad
practice to directly set a pte entry within a table. Instead clearing
young must go through the arch-provided helper,
ptep_test_and_clear_young() to ensure it is modified atomically and to
give the arch code visibility and allow it to check (and potentially
modify) the operation.
Link: https://lkml.kernel.org/r/20230602092949.545577-3-ryan.roberts@arm.com
Fixes:
|
||
|
Suren Baghdasaryan
|
e0d7a96b27 |
mm/mmap: Fix VM_LOCKED check in do_vmi_align_munmap()
6.1 backport of the patch [1] uses 'next' vma instead of 'split' vma.
Fix the mistake.
[1] commit 606c812eb1d5 ("mm/mmap: Fix error path in do_vmi_align_munmap()")
Fixes:
|
||
Peter Collingbourne
|
50fb32197f |
mm: call arch_swap_restore() from do_swap_page()
commit 6dca4ac6fc91fd41ea4d6c4511838d37f4e0eab2 upstream. Commit |
||
Andrey Konovalov
|
7c2b6c7b56 |
UPSTREAM: kasan: suppress recursive reports for HW_TAGS
KASAN suppresses reports for bad accesses done by the KASAN reporting
code. The reporting code might access poisoned memory for reporting
purposes.
Software KASAN modes do this by suppressing reports during reporting via
current->kasan_depth, the same way they suppress reports during accesses
to poisoned slab metadata.
Hardware Tag-Based KASAN does not use current->kasan_depth, and instead
resets pointer tags for accesses to poisoned memory done by the reporting
code.
Despite that, a recursive report can still happen:
1. On hardware with faulty MTE support. This was observed by Weizhao
Ouyang on a faulty hardware that caused memory tags to randomly change
from time to time.
2. Theoretically, due to a previous MTE-undetected memory corruption.
A recursive report can happen via:
1. Accessing a pointer with a non-reset tag in the reporting code, e.g.
slab->slab_cache, which is what Weizhao Ouyang observed.
2. Theoretically, via external non-annotated routines, e.g. stackdepot.
To resolve this issue, resetting tags for all of the pointers in the
reporting code and all the used external routines would be impractical.
Instead, disable tag checking done by the CPU for the duration of KASAN
reporting for Hardware Tag-Based KASAN.
Without this fix, Hardware Tag-Based KASAN reporting code might deadlock.
[andreyknvl@google.com: disable preemption instead of migration, fix comment typo]
Link: https://lkml.kernel.org/r/d14417c8bc5eea7589e99381203432f15c0f9138.1680114854.git.andreyknvl@google.com
Link: https://lkml.kernel.org/r/59f433e00f7fa985e8bf9f7caf78574db16b67ab.1678491668.git.andreyknvl@google.com
Fixes:
|
||
|
Andrey Konovalov
|
c0226bf0c7 |
UPSTREAM: kasan, arm64: add arch_suppress_tag_checks_start/stop
Add two new tagging-related routines arch_suppress_tag_checks_start/stop that suppress MTE tag checking via the TCO register. These rouines are used in the next patch. [andreyknvl@google.com: drop __ from mte_disable/enable_tco names] Link: https://lkml.kernel.org/r/7ad5e5a9db79e3aba08d8f43aca24350b04080f6.1680114854.git.andreyknvl@google.com Link: https://lkml.kernel.org/r/75a362551c3c54b70ae59a3492cabb51c105fa6b.1678491668.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgenii Stepanov <eugenis@google.com> Cc: Marco Elver <elver@google.com> Cc: Peter Collingbourne <pcc@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Weizhao Ouyang <ouyangweizhao@zeku.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Bug: 254721825 (cherry picked from commit 0d3c9468bef98f703c369ced4ec61b0d4a5210ee) Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: I6aa222a78aa299280f334a4a216bc7719af5a2ef |
||
|
Andrey Konovalov
|
553be6e70d |
BACKPORT: kasan, arm64: rename tagging-related routines
(Backport: no real conflicts, neighboring lines changed.) Rename arch_enable_tagging_sync/async/asymm to arch_enable_tag_checks_sync/async/asymm, as the new name better reflects their function. Also rename kasan_enable_tagging to kasan_enable_hw_tags for the same reason. Link: https://lkml.kernel.org/r/069ef5b77715c1ac8d69b186725576c32b149491.1678491668.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgenii Stepanov <eugenis@google.com> Cc: Marco Elver <elver@google.com> Cc: Peter Collingbourne <pcc@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Weizhao Ouyang <ouyangweizhao@zeku.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Bug: 254721825 (cherry picked from commit 0eafff1c5a56893ca9708fb8ff1327a738b242e9) Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: Idbb7c99b798843dd8909528cc29d2fe883108b9f |
||
|
Andrey Konovalov
|
b39a3be50a |
UPSTREAM: kasan: drop empty tagging-related defines
mm/kasan/kasan.h provides a number of empty defines for a few arch-specific tagging-related routines, in case the architecture code didn't define them. The original idea was to simplify integration in case another architecture starts supporting memory tagging. However, right now, if any of those routines are not provided by an architecture, Hardware Tag-Based KASAN won't work. Drop the empty defines, as it would be better to get compiler errors rather than runtime crashes when adding support for a new architecture. Also drop empty hw_enable_tagging_sync/async/asymm defines for !CONFIG_KASAN_HW_TAGS case, as those are only used in mm/kasan/hw_tags.c. Link: https://lkml.kernel.org/r/bc919c144f8684a7fd9ba70c356ac2a75e775e29.1678491668.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> [arm64] Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgenii Stepanov <eugenis@google.com> Cc: Marco Elver <elver@google.com> Cc: Peter Collingbourne <pcc@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Weizhao Ouyang <ouyangweizhao@zeku.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Bug: 254721825 (cherry picked from commit e34f1e2ee0982a0ebed9e71f18d1b9529df43cd5) Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: I22911baac04cc56db2a08250e8eb47a0d4ee6128 |
||
|
jianzhou
|
603ba47616 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (8823053) into qcom-6.1
* refs/heads/tmp-8823053:
Revert "Merge remote-tracking branch into HEAD"
UPSTREAM: memstick: r592: Fix UAF bug in r592_remove due to race condition
UPSTREAM: xfs: verify buffer contents when we skip log replay
UPSTREAM: bluetooth: Perform careful capability checks in hci_sock_ioctl()
FROMLIST: maple_tree: Adjust node allocation on mas_rebalance()
FROMLIST: maple_tree: Reduce resets during store setup
FROMLIST: BACKPORT: maple_tree: Refine mas_preallocate() node calculations
Revert "FROMLIST: BACKPORT: maple_tree: Refine mas_preallocate() node calculations"
ANDROID: GKI: Include kheaders in gki_system_dlkm_modules
ANDROID: 6/16/2023 KMI update
ANDROID: sched: Add parameter to android_rvh_schedule.
ANDROID: GKI: provide more padding for struct usb_phy
ANDROID: GKI enable CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
FROMGIT: arm64: set __exception_irq_entry with __irq_entry as a default
ANDROID: GKI: update symbol list file for xiaomi
ANDROID: Remove all but top-level OWNERS
ANDROID: Enable GKI Dr. No Enforcement
ANDROID: 6/16/2023 KMI update
ANDROID: virt: gunyah: Sync with latest platform ops
FROMGIT: usb: gadget: udc: core: Prevent soft_connect_store() race
FROMGIT: usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
UPSTREAM: Bluetooth: fix debugfs registration
UPSTREAM: Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
UPSTREAM: net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
UPSTREAM: neighbour: fix unaligned access to pneigh_entry
UPSTREAM: tcp: deny tcp_disconnect() when threads are waiting
ANDROID: sound: usb: Add vendor's hooking interface
ANDROID: GKI: USB: XHCI: add Android ABI padding to struct xhci_driver_overrides
ANDROID: usb: host: add address_device to xhci overrides
UPSTREAM: bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready()
UPSTREAM: bpf, sockmap: Incorrectly handling copied_seq
UPSTREAM: bpf, sockmap: Wake up polling after data copy
UPSTREAM: bpf, sockmap: TCP data stall on recv before accept
UPSTREAM: bpf, sockmap: Handle fin correctly
UPSTREAM: bpf, sockmap: Improved check for empty queue
UPSTREAM: bpf, sockmap: Reschedule is now done through backlog
UPSTREAM: bpf, sockmap: Convert schedule_work into delayed_work
UPSTREAM: bpf, sockmap: Pass skb ownership through read_skb
Revert "ANDROID: virt: gunyah: Delta between v13 and v14"
ANDROID: virt: gunyah: Sync with latest Gunyah patches
ANDROID: virt: gunyah: Sync with latest documentation and sample
FROMLIST: usb: xhci-plat: add xhci_plat_priv_overwrite
ANDROID: usb: host: export symbols for xhci hooks usage
ANDROID: usb: host: add xhci hooks for USB offload
ANDROID: 6/16/2023 KMI update
UPSTREAM: binder: fix UAF of alloc->vma in race with munmap()
UPSTREAM: binder: add lockless binder_alloc_(set|get)_vma()
UPSTREAM: Revert "android: binder: stop saving a pointer to the VMA"
UPSTREAM: Revert "binder_alloc: add missing mmap_lock calls when using the VMA"
UPSTREAM: tipc: check the bearer min mtu properly when setting it by netlink
UPSTREAM: tipc: do not update mtu if msg_max is too small in mtu negotiation
UPSTREAM: tipc: add tipc_bearer_min_mtu to calculate min mtu
UPSTREAM: Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"
UPSTREAM: ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
UPSTREAM: platform: Provide a remove callback that returns no value
UPSTREAM: firmware: arm_sdei: Fix sleep from invalid context BUG
UPSTREAM: uapi/linux/const.h: prefer ISO-friendly __typeof__
UPSTREAM: posix-cpu-timers: Implement the missing timer_wait_running callback
ANDROID: GKI: reserve extra arm64 cpucaps for ABI preservation
ANDROID: arm64: errata: Add WORKAROUND_NXP_ERR050104 cpucaps
ANDROID: KVM: arm64: Allow setting {P,U}XN in stage-2 PTEs
ANDROID: KVM: arm64: Restrict host-to-hyp MMIO donations
ANDROID: KVM: arm64: Allow state changes of MMIO pages
ANDROID: KVM: arm64: Allow MMIO perm changes from modules
ANDROID: KVM: arm64: Don't allocate from handle_host_mem_abort
ANDROID: KVM: arm64: Donate IOMMU regions to pKVM
ANDROID: KVM: arm64: Map MMIO donation as device at EL2
ANDROID: KVM: arm64: Don't recycle pages from host mem abort
ANDROID: KVM: arm64: Pin host stage-2 tables
ANDROID: KVM: arm64: Move kvm_pte_follow() to header
ANDROID: KVM: arm64: Pre-populate host stage2
ANDROID: KVM: arm64: Fix the host ownership later
ANDROID: KVM: arm64: Don't recycle non-default PTEs
ANDROID: KVM: arm64: Introduce kvm_pgtable_stage2_reclaim_leaves
ANDROID: GKI: enable CONFIG_BLK_CGROUP_IOCOST
BACKPORT: FROMGIT: usb: core: add sysfs entry for usb device state
ANDROID: GKI: Update symbols to symbol list
ANDROID: HID; Over-ride default maximum buffer size when using UHID
UPSTREAM: maple_tree: make maple state reusable after mas_empty_area()
Revert "Revert "mm/mmap: regression fix for unmapped_area{_topdown}""
FROMLIST: scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_RTC quirk
FROMLIST: scsi: ufs: ufs-mediatek: Set UFSHCD_QUIRK_MCQ_BROKEN_INTR quirk
FROMLIST: scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_RTC
FROMLIST: scsi: ufs: core: Add host quirk UFSHCD_QUIRK_MCQ_BROKEN_INTR
ANDROID: GKI: Add symbols and update symbol list for Unisoc
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
ANDROID: dma-buf: support users to change dma_buf.name
ANDROID: set CONFIG_IKHEADERS=m for gki_defconfig.
ANDROID: mm: Avoid merging cma with others
ANDROID: cpufreq: times: record fast switch frequency transitions
ANDROID: fix kernelci build failure in vmscan.c
ANDROID: ABI: Update symbol list for Exynos SoC
ANDROID: gki_defconfig: enable NVME
ANDROID: ABI: Update symbols to unisoc whitelist for the scheduler
UPSTREAM: usb: gadget: uvc: queue empty isoc requests if no video buffer is available
ANDROID: GKI: Update symbol list for xiaomi
ANDROID: vendor_hooks:vendor hook for madvise_cold_or_pageout_pte_range.
ANDROID: ABI: Update pixel symbol list
ANDROID: KVM: arm64: iommu: Erase pvmfw from EL1 if possible
ANDROID: ABI: Update oplus symbol list
ANDROID: Allow vendor module to reclaim a memcg
ANDROID: Export memcg functions to allow module to add new files
ANDROID: vendor_hooks: add hooks in mem_cgroup subsystem
ANDROID: GKI: Update symbols to symbol list
ANDROID: block: export tracepoints
ANDROID: vendor_hook: Avoid clearing protect-flag before waking waiters
ANDROID: KVM: arm64: Deprecate late pKVM module loading
ANDROID: ABI: Update symbol for Exynos SoC
ANDROID: 6/7/2023 KMI update
ANDROID: db845c: Update symbol list
FROMLIST: ufs: core: Add error handling for MCQ mode
FROMLIST: ufs: mcq: Use ufshcd_mcq_poll_cqe_lock() in mcq mode
FROMLIST: ufs: mcq: Added ufshcd_mcq_abort()
FROMLIST: ufs: mcq: Add support for clean up mcq resources
FROMLIST: ufs: mcq: Add supporting functions for mcq abort
FROMLIST: ufs: core: Update the ufshcd_clear_cmds() functionality
FROMLIST: ufs: core: Combine 32-bit command_desc_base_addr_lo/hi
ANDROID: GKI: Add OEM data to mutex/rwsem
BACKPORT: mm: Multi-gen LRU: remove wait_event_killable()
FROMGIT: Binder: Add async from to transaction record
BACKPORT: FROMGIT: Binder: Add timestamp to transaction record
ANDROID: GKI: add ANDROID_OEM_DATA() in struct request_queue
ANDROID: GKI: Add ANDROID_OEM_DATA() in struct ufs_hba
ANDROID: GKI: add ANDROID_OEM_DATA in struct bio
ANDROID: GKI: Add ANDROID_OEM_DATA() in struct queue_limits
ANDROID: GKI: Add ANDROID_OEM_DATA in struct ufs_dev_info
ANDROID: sched: Add oem data in struct rq
ANDROID: nl80211: reserve UAPI attributes to support backporting after KMI freeze
ANDROID: GKI: mm: Add Android ABI padding to MGLRU structures
ANDROID: abi_gki_aarch64_qcom: Add secure hibernation APIs
ANDROID: abi_gki_aarch64_qcom: Add hibernation APIs
ANDROID: vendor hooks: Encrypt snapshot for bootloader based hibernation
UPSTREAM: tty: serial: qcom-geni-serial: Add support for Hibernation feature
ANDROID: abi_gki_aarch64_qcom: Add clk_restore_context and clk_save_context
ANDROID: vendor hooks: Add hooks to support bootloader based hibernation
ANDROID: gki_defconfig: Enable CONFIG_HIBERNATION flag
ANDROID: vendor hooks: Export symbols for bootloader based hibernation
ANDROID: gki_defconfig: enable CONFIG_LED_TRIGGER_PHY
ANDROID: add vendor fields to swap_info_struct to record swap stats
ANDROID: add vendor fields to swap_slots_cache to support multiple swap devices
ANDROID: add vendor fields to lruvec to record refault stats
ANDROID: vendor_hooks: add a field in mem_cgroup
ANDROID: vendor_hooks: add a field in pglist_data
ANDROID: GKI: Update db845c symbol list for down_write
ANDROID: fix atomisp driver missing in 6.4 kernel
BACKPORT: mm: do not increment pgfault stats when page fault handler retries
ANDROID: GKI: enable per-vma lock stats
UPSTREAM: mm: change per-VMA lock statistics to be disabled by default
UPSTREAM: s390/mm: try VMA lock-based page fault handling first
UPSTREAM: mm: separate vma->lock from vm_area_struct
UPSTREAM: mm/mmap: free vm_area_struct without call_rcu in exit_mmap
UPSTREAM: powerc/mm: try VMA lock-based page fault handling first
UPSTREAM: arm64/mm: try VMA lock-based page fault handling first
UPSTREAM: x86/mm: try VMA lock-based page fault handling first
UPSTREAM: mm: introduce per-VMA lock statistics
UPSTREAM: mm: prevent userfaults to be handled under per-vma lock
UPSTREAM: mm: prevent do_swap_page from handling page faults under VMA lock
UPSTREAM: mm: add FAULT_FLAG_VMA_LOCK flag
UPSTREAM: mm: fall back to mmap_lock if vma->anon_vma is not yet set
UPSTREAM: mm: introduce lock_vma_under_rcu to be used from arch-specific code
BACKPORT: mm: introduce vma detached flag
UPSTREAM: mm/mmap: prevent pagefault handler from racing with mmu_notifier registration
UPSTREAM: kernel/fork: assert no VMA readers during its destruction
UPSTREAM: mm: conditionally write-lock VMA in free_pgtables
UPSTREAM: mm: write-lock VMAs before removing them from VMA tree
UPSTREAM: mm/mremap: write-lock VMA while remapping it to a new address range
FROMLIST: mm/mmap: write-lock VMAs affected by VMA expansion
FROMLIST: mm/mmap: write-lock VMAs in vma_adjust
FROMLIST: mm/mmap: write-lock VMAs before merging, splitting or expanding them
UPSTREAM: mm/khugepaged: write-lock VMA while collapsing a huge page
FROMLIST: mm/mmap: move VMA locking before vma_adjust_trans_huge call
UPSTREAM: mm: mark VMA as being written when changing vm_flags
UPSTREAM: mm: add per-VMA lock and helper functions to control it
UPSTREAM: mm: move mmap_lock assert function definitions
UPSTREAM: mm: rcu safe VMA freeing
UPSTREAM: mm: introduce CONFIG_PER_VMA_LOCK
UPSTREAM: mm: introduce vm_flags_reset_once to replace WRITE_ONCE vm_flags updates
UPSTREAM: mm: export dump_mm()
UPSTREAM: mm: introduce __vm_flags_mod and use it in untrack_pfn
UPSTREAM: mm: replace vma->vm_flags indirect modification in ksm_madvise
UPSTREAM: mm: replace vma->vm_flags direct modifications with modifier calls
UPSTREAM: mm: replace VM_LOCKED_CLEAR_MASK with VM_LOCKED_MASK
UPSTREAM: mm: introduce vma->vm_flags wrapper functions
UPSTREAM: kernel/fork: convert vma assignment to a memcpy
ANDROID: GKI: dentry: add Android ABI padding to some structures
ANDROID: GKI: sched: add Android ABI padding to some structures
ANDROID: GKI: elevator: add Android ABI padding to some structures
ANDROID: GKI: phy: add Android ABI padding to some structures
ANDROID: GKI: workqueue.h: add Android ABI padding to some structures
ANDROID: GKI: scsi: add Android ABI padding to some structures
ANDROID: GKI: device.h: add Android ABI padding to some structures
ANDROID: GKI: timer.h: add Android ABI padding to a structure
ANDROID: GKI: USB: add Android ABI padding to some structures
ANDROID: GKI: sched.h: add Android ABI padding to some structures
ANDROID: GKI: module.h: add Android ABI padding to some structures
ANDROID: GKI: sock.h: add Android ABI padding to some structures
ANDROID: GKI: sched: add Android ABI padding to some structures
ANDROID: GKI: mount.h: add Android ABI padding to some structures
ANDROID: GKI: mm: add Android ABI padding to some structures
ANDROID: GKI: add some padding to some driver core structures
ANDROID: GKI: add padding to struct HID structures
ANDROID: GKI: USB: XHCI: add Android ABI padding to lots of xhci structures
ANDROID: GKI: dwc3: add Android ABI padding to some structures
ANDROID: GKI: sound/usb/card.h: add Android ABI padding to struct snd_usb_endpoint
ANDROID: GKI: user_namespace.h: add Android ABI padding to a structure
ANDROID: GKI: quota.h: add Android ABI padding to some structures
ANDROID: GKI: mmu_notifier.h: add Android ABI padding to some structures
ANDROID: GKI: mm.h: add Android ABI padding to a structure
ANDROID: GKI: kobject.h: add Android ABI padding to some structures
ANDROID: GKI: kernfs.h: add Android ABI padding to some structures
ANDROID: GKI: irqdomain.h: add Android ABI padding to a structure
ANDROID: GKI: ioport.h: add Android ABI padding to a structure
ANDROID: GKI: iomap.h: add Android ABI padding to a structure
ANDROID: GKI: hrtimer.h: add Android ABI padding to a structure
ANDROID: GKI: genhd.h: add Android ABI padding to some structures
ANDROID: GKI: ethtool.h: add Android ABI padding to a structure
ANDROID: GKI: dma-mapping.h: add Android ABI padding to a structure
ANDROID: GKI: networking: add Android ABI padding to a lot of networking structures
ANDROID: GKI: blk_types.h: add Android ABI padding to a structure
ANDROID: GKI: scsi.h: add Android ABI padding to a structure
ANDROID: GKI: pci: add Android ABI padding to some structures
ANDROID: GKI: add Android ABI padding to struct nf_conn
ANDROID: GKI: add kabi padding for structures for the android14 release
UPSTREAM: ipv{4,6}/raw: fix output xfrm lookup wrt protocol
UPSTREAM: inet: Add IP_LOCAL_PORT_RANGE socket option
UPSTREAM: sched/fair: Fixes for capacity inversion detection
UPSTREAM: sched/fair: Consider capacity inversion in util_fits_cpu()
UPSTREAM: sched/fair: Detect capacity inversion
ANDROID: KVM: arm64: Initialize hfgwtr_el2 correctly
UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
ANDROID: GKI: Add symbols and update symbol list for Unisoc(2nd)
ANDROID: ABI: update symbol list related to meminfo for galaxy
ANDROID: vendor_hooks: add hooks for extra memory
BACKPORT: FROMLIST: ovl: get_acl: Fix null pointer dereference at realinode in rcu-walk mode
BACKPORT: FROMLIST: ovl: ovl_permission: Fix null pointer dereference at realinode in rcu-walk mode
BACKPORT: FROMLIST: ovl: Let helper ovl_i_path_real() return the realinode
ANDROID: GKI: Update symbol list for xiaomi
ANDROID: vendor_hooks:vendor hook for control memory dirty rate
ANDROID: f2fs: enable cleancache
FROMGIT: userfaultfd: fix regression in userfaultfd_unmap_prep()
FROMGIT: BACKPORT: mm: avoid rewalk in mmap_region
FROMGIT: maple_tree: clear up index and last setting in single entry tree
FROMGIT: maple_tree: add mas_prev_range() and mas_find_range_rev interface
FROMGIT: maple_tree: introduce mas_prev_slot() interface
FROMGIT: maple_tree: relocate mas_rewalk() and mas_rewalk_if_dead()
FROMGIT: maple_tree: add mas_next_range() and mas_find_range() interfaces
FROMGIT: maple_tree: introduce mas_next_slot() interface
FROMGIT: maple_tree: try harder to keep active node with mas_prev()
FROMGIT: maple_tree: try harder to keep active node after mas_next()
FROMGIT: BACKPORT: mm/mmap: change do_vmi_align_munmap() for maple tree iterator changes
FROMLIST: BACKPORT: maple_tree: Refine mas_preallocate() node calculations
ANDROID: maple_tree: Move mas_wr_modify node size calculation to mas_wr_node_size()
FROMLIST: BACKPORT: maple_tree: Move mas_wr_end_piv() below mas_wr_extend_null()
ANDROID: mm: Fix __vma_adjust() writes for the maple tree
FROMLIST: BACKPORT: mm: Set up vma iterator for vma_iter_prealloc() calls
FROMGIT: maple_tree: avoid unnecessary ascending
FROMLIST: BACKPORT: mm: Change do_vmi_align_munmap() side tree index
UPSTREAM: mm/mmap: remove preallocation from do_mas_align_munmap()
ANDROID: abi_gki_aarch64_qcom: Update QCOM symbol list
ANDROID: GKI: Update symbol list for xiaomi
ANDROID: vendor_hooks:vendor hook for mmput
ANDROID: ABI: update symbol list for galaxy
ANDROID: task_mmu: add vendor hook for swap entry
ANDROID: mm: add vendor hooks in madvise for swap entry
BACKPORT: FROMLIST: arm64: mte: Simplify swap tag restoration logic
FROMLIST: mm: Call arch_swap_restore() from unuse_pte()
FROMLIST: mm: Call arch_swap_restore() from do_swap_page()
ANDROID: abi_gki_aarch64_qcom: Update symbol list
ANDROID: GKI: Update symbol list for xiaomi
ANDROID: vendor_hooks:vendor hook for __alloc_pages_slowpath.
ANDROID: ABI: Update honor symbol list
ANDROID: mm: create vendor hooks for memory reclaim
UPSTREAM: kcsan: Avoid READ_ONCE() in read_instrumented_memory()
ANDROID: abi_gki_aarch64_qcom: update symbol list
ANDROID: Update ABI as part of crash fix
ANDROID: Fix incorrect hook declaration
ANDROID: abi_gki_aarch64_qcom: Add GIC and hibernation APIs
ANDROID: gic-v3: Export gic_v3_resume() for vendor GIC enhancements
ANDROID: irqchip/irq-gic-v3: Add vendor hook for gic suspend
ANDROID: abi_gki_aarch64_qcom: Update abi_gki_aarch64_qcom for DMA
Conflicts:
drivers/ufs/host/ufs-qcom.c
Change-Id: I9479fd1209d3769cd3c098554ddaceb31267f368
Signed-off-by: jianzhou <quic_jianzhou@quicinc.com>
|
||
Max Filippov
|
6b2849b3e0 |
xtensa: fix lock_mm_and_find_vma in case VMA not found
commit 03f889378f33aa9a9d8e5f49ba94134cf6158090 upstream.
MMU version of lock_mm_and_find_vma releases the mm lock before
returning when VMA is not found. Do the same in noMMU version.
This fixes hang on an attempt to handle protection fault.
Fixes: d85a143b69ab ("xtensa: fix NOMMU build with lock_mm_and_find_vma() conversion")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Linus Torvalds
|
323846590c |
xtensa: fix NOMMU build with lock_mm_and_find_vma() conversion
commit d85a143b69abb4d7544227e26d12c4c7735ab27d upstream.
It turns out that xtensa has a really odd configuration situation: you
can do a no-MMU config, but still have the page fault code enabled.
Which doesn't sound all that sensible, but it turns out that xtensa can
have protection faults even without the MMU, and we have this:
config PFAULT
bool "Handle protection faults" if EXPERT && !MMU
default y
help
Handle protection faults. MMU configurations must enable it.
noMMU configurations may disable it if used memory map never
generates protection faults or faults are always fatal.
If unsure, say Y.
which completely violated my expectations of the page fault handling.
End result: Guenter reports that the xtensa no-MMU builds all fail with
arch/xtensa/mm/fault.c: In function ‘do_page_fault’:
arch/xtensa/mm/fault.c:133:8: error: implicit declaration of function ‘lock_mm_and_find_vma’
because I never exposed the new lock_mm_and_find_vma() function for the
no-MMU case.
Doing so is simple enough, and fixes the problem.
Reported-and-tested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: a050ba1e7422 ("mm/fault: convert remaining simple cases to lock_mm_and_find_vma()")
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Linus Torvalds
|
e6bbad7571 |
mm: always expand the stack with the mmap write lock held
commit 8d7071af890768438c14db6172cc8f9f4d04e184 upstream This finishes the job of always holding the mmap write lock when extending the user stack vma, and removes the 'write_locked' argument from the vm helper functions again. For some cases, we just avoid expanding the stack at all: drivers and page pinning really shouldn't be extending any stacks. Let's see if any strange users really wanted that. It's worth noting that architectures that weren't converted to the new lock_mm_and_find_vma() helper function are left using the legacy "expand_stack()" function, but it has been changed to drop the mmap_lock and take it for writing while expanding the vma. This makes it fairly straightforward to convert the remaining architectures. As a result of dropping and re-taking the lock, the calling conventions for this function have also changed, since the old vma may no longer be valid. So it will now return the new vma if successful, and NULL - and the lock dropped - if the area could not be extended. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [6.1: Patch drivers/iommu/io-pgfault.c instead] Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Liam R. Howlett
|
6a6b5616c3 |
mm: make find_extend_vma() fail if write lock not held
commit f440fa1ac955e2898893f9301568435eb5cdfc4b upstream. Make calls to extend_vma() and find_extend_vma() fail if the write lock is required. To avoid making this a flag-day event, this still allows the old read-locking case for the trivial situations, and passes in a flag to say "is it write-locked". That way write-lockers can say "yes, I'm being careful", and legacy users will continue to work in all the common cases until they have been fully converted to the new world order. Co-Developed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Ben Hutchings
|
1f4197f050 |
arm/mm: Convert to using lock_mm_and_find_vma()
commit 8b35ca3e45e35a26a21427f35d4093606e93ad0a upstream. arm has an additional check for address < FIRST_USER_ADDRESS before expanding the stack. Since FIRST_USER_ADDRESS is defined everywhere (generally as 0), move that check to the generic expand_downwards(). Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
755aa1bc6a |
mm: make the page fault mmap locking killable
commit eda0047296a16d65a7f2bc60a408f70d178b2014 upstream. This is done as a separate patch from introducing the new lock_mm_and_find_vma() helper, because while it's an obvious change, it's not what x86 used to do in this area. We already abort the page fault on fatal signals anyway, so why should we wait for the mmap lock only to then abort later? With the new helper function that returns without the lock held on failure anyway, this is particularly easy and straightforward. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
d6a5c7a1a6 |
mm: introduce new 'lock_mm_and_find_vma()' page fault helper
commit c2508ec5a58db67093f4fb8bf89a9a7c53a109e9 upstream. .. and make x86 use it. This basically extracts the existing x86 "find and expand faulting vma" code, but extends it to also take the mmap lock for writing in case we actually do need to expand the vma. We've historically short-circuited that case, and have some rather ugly special logic to serialize the stack segment expansion (since we only hold the mmap lock for reading) that doesn't match the normal VM locking. That slight violation of locking worked well, right up until it didn't: the maple tree code really does want proper locking even for simple extension of an existing vma. So extract the code for "look up the vma of the fault" from x86, fix it up to do the necessary write locking, and make it available as a helper function for other architectures that can use the common helper. Note: I say "common helper", but it really only handles the normal stack-grows-down case. Which is all architectures except for PA-RISC and IA64. So some rare architectures can't use the helper, but if they care they'll just need to open-code this logic. It's also worth pointing out that this code really would like to have an optimistic "mmap_upgrade_trylock()" to make it quicker to go from a read-lock (for the common case) to taking the write lock (for having to extend the vma) in the normal single-threaded situation where there is no other locking activity. But that _is_ all the very uncommon special case, so while it would be nice to have such an operation, it probably doesn't matter in reality. I did put in the skeleton code for such a possible future expansion, even if it only acts as pseudo-documentation for what we're doing. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [6.1: Ignore CONFIG_PER_VMA_LOCK context] Signed-off-by: Samuel Mendoza-Jonas <samjonas@amazon.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Tony Luck
|
84f077802e |
mm, hwpoison: when copy-on-write hits poison, take page offline
commit d302c2398ba269e788a4f37ae57c07a7fcabaa42 upstream. Cannot call memory_failure() directly from the fault handler because mmap_lock (and others) are held. It is important, but not urgent, to mark the source page as h/w poisoned and unmap it from other tasks. Use memory_failure_queue() to request a call to memory_failure() for the page with the error. Also provide a stub version for CONFIG_MEMORY_FAILURE=n Link: https://lkml.kernel.org/r/20221021200120.175753-3-tony.luck@intel.com Signed-off-by: Tony Luck <tony.luck@intel.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Naoya Horiguchi <naoya.horiguchi@nec.com> Cc: Nicholas Piggin <npiggin@gmail.com> Cc: Shuai Xue <xueshuai@linux.alibaba.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> [ Due to missing commits e591ef7d96d6e ("mm,hwpoison,hugetlb,memory_hotplug: hotremove memory section with hwpoisoned hugepage") 5033091de814a ("mm/hwpoison: introduce per-memory_block hwpoison counter") The impact of e591ef7d96d6e is its introduction of an additional flag in __get_huge_page_for_hwpoison() that serves as an indication a hwpoisoned hugetlb page should have its migratable bit cleared. The impact of 5033091de814a is contexual. Resolve by ignoring both missing commits. - jane] Signed-off-by: Jane Chu <jane.chu@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Tony Luck
|
4af5960d7c |
mm, hwpoison: try to recover from copy-on write faults
commit a873dfe1032a132bf89f9e19a6ac44f5a0b78754 upstream. Patch series "Copy-on-write poison recovery", v3. Part 1 deals with the process that triggered the copy on write fault with a store to a shared read-only page. That process is send a SIGBUS with the usual machine check decoration to specify the virtual address of the lost page, together with the scope. Part 2 sets up to asynchronously take the page with the uncorrected error offline to prevent additional machine check faults. H/t to Miaohe Lin <linmiaohe@huawei.com> and Shuai Xue <xueshuai@linux.alibaba.com> for pointing me to the existing function to queue a call to memory_failure(). On x86 there is some duplicate reporting (because the error is also signalled by the memory controller as well as by the core that triggered the machine check). Console logs look like this: This patch (of 2): If the kernel is copying a page as the result of a copy-on-write fault and runs into an uncorrectable error, Linux will crash because it does not have recovery code for this case where poison is consumed by the kernel. It is easy to set up a test case. Just inject an error into a private page, fork(2), and have the child process write to the page. I wrapped that neatly into a test at: git://git.kernel.org/pub/scm/linux/kernel/git/aegl/ras-tools.git just enable ACPI error injection and run: # ./einj_mem-uc -f copy-on-write Add a new copy_user_highpage_mc() function that uses copy_mc_to_kernel() on architectures where that is available (currently x86 and powerpc). When an error is detected during the page copy, return VM_FAULT_HWPOISON to caller of wp_page_copy(). This propagates up the call stack. Both x86 and powerpc have code in their fault handler to deal with this code by sending a SIGBUS to the application. Note that this patch avoids a system crash and signals the process that triggered the copy-on-write action. It does not take any action for the memory error that is still in the shared page. To handle that a call to memory_failure() is needed. But this cannot be done from wp_page_copy() because it holds mmap_lock(). Perhaps the architecture fault handlers can deal with this loose end in a subsequent patch? On Intel/x86 this loose end will often be handled automatically because the memory controller provides an additional notification of the h/w poison in memory, the handler for this will call memory_failure(). This isn't a 100% solution. If there are multiple errors, not all may be logged in this way. [tony.luck@intel.com: add call to kmsan_unpoison_memory(), per Miaohe Lin] Link: https://lkml.kernel.org/r/20221031201029.102123-2-tony.luck@intel.com Link: https://lkml.kernel.org/r/20221021200120.175753-1-tony.luck@intel.com Link: https://lkml.kernel.org/r/20221021200120.175753-2-tony.luck@intel.com Signed-off-by: Tony Luck <tony.luck@intel.com> Reviewed-by: Dan Williams <dan.j.williams@intel.com> Reviewed-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Reviewed-by: Alexander Potapenko <glider@google.com> Tested-by: Shuai Xue <xueshuai@linux.alibaba.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Igned-off-by: Jane Chu <jane.chu@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
David Woodhouse
|
42a018a796 |
mm/mmap: Fix error return in do_vmi_align_munmap()
commit 6c26bd4384da24841bac4f067741bbca18b0fb74 upstream,
If mas_store_gfp() in the gather loop failed, the 'error' variable that
ultimately gets returned was not being set. In many cases, its original
value of -ENOMEM was still in place, and that was fine. But if VMAs had
been split at the start or end of the range, then 'error' could be zero.
Change to the 'error = foo(); if (error) goto â¦' idiom to fix the bug.
Also clean up a later case which avoided the same bug by *explicitly*
setting error = -ENOMEM right before calling the function that might
return -ENOMEM.
In a final cosmetic change, move the 'Point of no return' comment to
*after* the goto. That's been in the wrong place since the preallocation
was removed, and this new error path was added.
Fixes: 606c812eb1d5 ("mm/mmap: Fix error path in do_vmi_align_munmap()")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Liam R. Howlett
|
a149174ff8 |
mm/mmap: Fix error path in do_vmi_align_munmap()
commit 606c812eb1d5b5fb0dd9e330ca94b52d7c227830 upstream
The error unrolling was leaving the VMAs detached in many cases and
leaving the locked_vm statistic altered, and skipping the unrolling
entirely in the case of the vma tree write failing.
Fix the error path by re-attaching the detached VMAs and adding the
necessary goto for the failed vma tree write, and fix the locked_vm
statistic by only updating after the vma tree write succeeds.
Fixes:
|
||
chenzhiwei
|
ff8496749d |
ANDROID: vendor_hooks: vendor hook for MM
2 Vendor hooks add:
trace_android_vh_free_one_page_bypass
trace_android_vh_rmqueue_smallest_bypass
Add vendor hook points in __free_one_page and __rmqueue to
manager some customized pages instead of freeing/allocating.
Bug: 286350069
Change-Id: If63e164c02a279f4f14ebd8603f49c58ba0fbc8a
Signed-off-by: chenzhiwei <chenzhiwei@xiaomi.corp-partner.google.com>
|
||
|
Greg Kroah-Hartman
|
a09603eb2f |
This is the 6.1.36 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmSb+ZMACgkQONu9yGCS
aT7qORAAmbYIAtIdWp+3wAM8g9TihQAeknz6f7Q8sxUB1EkZKJ9TgnFdR1IPPcBI
BWMUNutyUtHY90XTlZbVM04P070FafWjyT23+sdNG+pZGv+sOJkTHO6NgvkFlt0m
doOq9ojOe6hXS5oqK+8grfbwBG0VDUv7HHuUKsGBLhlDAHP58sVqtkrpiK2EiJpx
WGIR1t7gPd7jIxsnWTSurdjGfrAUw3SmE07K6sjwGgHsc2Mvd5vluQ+ljnmlz2qd
3WMyHymIhNP69/HY5Zz6sqCNGJ0eglp6IP8VPw9a7eGDu1UNp2Gu+P5ZB4FR7ABg
Rbsvrkr/08S9on0OSFiYJ11sfbzdIb4AfGdSHnUpeuqBp5ak1JS5jE6eSiy9YZU/
V9wDFdlDDwwORCWTMJzcTvhtlzWI+BkKq0bZEiYSxeCZ6m5RKi0i6X/lOPFt/ihA
PfEHGZVZ12atEEnYm5iich8Frqyp3nOYJKR972/zeKkkcWoYslFA6KuA3PA3eV7S
rdbz3hK6T3kZTe7FUvmghdi1lGgIKYy8IOiqY9tbMHWa3YQ7k5ZA2BZOiCEri0RF
tfzT1wI4DknbEXv5fs5PQ8c8eYMXaFKxdZ4+ndfB7f/jPn6IEK2xb5VtbnLe/NIE
qeRtanzccoKh8P7CmnwWqQ4CaqVeZTFrQ3jiadptSbpTnt3qzlM=
=oSd/
-----END PGP SIGNATURE-----
Merge 6.1.36 into android14-6.1-lts
Changes in 6.1.36
drm/amd/display: Use dc_update_planes_and_stream
drm/amd/display: Add wrapper to call planes and stream update
drm/amd/display: fix the system hang while disable PSR
tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms
tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
ata: libata-scsi: Avoid deadlock on rescan after device resume
mm: Fix copy_from_user_nofault().
tpm, tpm_tis: Claim locality in interrupt handler
tpm_crb: Add support for CRB devices based on Pluton
ksmbd: validate command payload size
ksmbd: fix out-of-bound read in smb2_write
ksmbd: validate session id and tree id in the compound request
tick/common: Align tick period during sched_timer setup
selftests: mptcp: remove duplicated entries in usage
selftests: mptcp: join: fix ShellCheck warnings
selftests: mptcp: lib: skip if missing symbol
selftests: mptcp: connect: skip transp tests if not supported
selftests: mptcp: connect: skip disconnect tests if not supported
selftests: mptcp: pm nl: remove hardcoded default limits
selftests: mptcp: pm nl: skip fullmesh flag checks if not supported
selftests: mptcp: sockopt: relax expected returned size
selftests: mptcp: sockopt: skip getsockopt checks if not supported
selftests: mptcp: userspace pm: skip if 'ip' tool is unavailable
selftests: mptcp: userspace pm: skip if not supported
selftests: mptcp: lib: skip if not below kernel version
selftests: mptcp: join: use 'iptables-legacy' if available
selftests: mptcp: join: helpers to skip tests
selftests: mptcp: join: skip check if MIB counter not supported
selftests: mptcp: join: support local endpoint being tracked or not
selftests: mptcp: join: skip Fastclose tests if not supported
selftests: mptcp: join: support RM_ADDR for used endpoints or not
selftests: mptcp: join: skip implicit tests if not supported
selftests: mptcp: join: skip backup if set flag on ID not supported
selftests: mptcp: join: skip fullmesh flag tests if not supported
selftests: mptcp: join: skip MPC backups tests if not supported
selftests/mount_setattr: fix redefine struct mount_attr build error
selftests: mptcp: diag: skip listen tests if not supported
selftests: mptcp: sockopt: skip TCP_INQ checks if not supported
selftests: mptcp: join: skip test if iptables/tc cmds fail
selftests: mptcp: join: skip userspace PM tests if not supported
selftests: mptcp: join: skip fail tests if not supported
selftests: mptcp: join: fix "userspace pm add & remove address"
writeback: fix dereferencing NULL mapping->host on writeback_page_template
scripts: fix the gfp flags header path in gfp-translate
nilfs2: fix buffer corruption due to concurrent device reads
ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
KVM: Avoid illegal stage2 mapping on invalid memory slot
Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
PCI: hv: Add a per-bus mutex state_lock
io_uring/net: clear msg_controllen on partial sendmsg retry
io_uring/net: disable partial retries for recvmsg with cmsg
mptcp: handle correctly disconnect() failures
mptcp: fix possible divide by zero in recvmsg()
mptcp: fix possible list corruption on passive MPJ
mptcp: consolidate fallback and non fallback state machine
cgroup: Do not corrupt task iteration when rebinding subsystem
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in freezer_css_{online,offline}()
mmc: litex_mmc: set PROBE_PREFER_ASYNCHRONOUS
mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: mmci: stm32: fix max busy timeout calculation
mmc: sdhci-spear: fix deferred probing
mmc: bcm2835: fix deferred probing
mmc: sunxi: fix deferred probing
bpf: ensure main program has an extable
wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0
spi: spi-geni-qcom: correctly handle -EPROBE_DEFER from dma_request_chan()
regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
regmap: spi-avmm: Fix regmap_bus max_raw_write
arm64: dts: rockchip: Fix rk356x PCIe register and range mappings
io_uring/poll: serialize poll linked timer start with poll removal
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
x86/mm: Avoid using set_pgd() outside of real PGD pages
memfd: check for non-NULL file_seals in memfd_create() syscall
mmc: meson-gx: fix deferred probing
ieee802154: hwsim: Fix possible memory leaks
xfrm: Treat already-verified secpath entries as optional
xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
xfrm: Ensure policies always checked on XFRM-I input path
KVM: arm64: PMU: Restore the host's PMUSERENR_EL0
bpf: track immediate values written to stack by BPF_ST instruction
bpf: Fix verifier id tracking of scalars on spill
xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
bpf: Fix a bpf_jit_dump issue for x86_64 with sysctl bpf_jit_enable.
selftests: net: tls: check if FIPS mode is enabled
selftests: net: vrf-xfrm-tests: change authentication and encryption algos
selftests: net: fcnal-test: check if FIPS mode is enabled
xfrm: Linearize the skb after offloading if needed.
net/mlx5: DR, Fix wrong action data allocation in decap action
sfc: use budget for TX completions
net: qca_spi: Avoid high load if QCA7000 is not available
mmc: mtk-sd: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: omap: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: owl: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: sh_mmcif: fix deferred probing
mmc: usdhi60rol0: fix deferred probing
ipvs: align inner_mac_header for encapsulation
net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
net: dsa: mt7530: fix handling of LLDP frames
be2net: Extend xmit workaround to BE3 chip
netfilter: nf_tables: fix chain binding transaction logic
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: drop map element references from preparation phase
netfilter: nft_set_pipapo: .walk does not deal with generations
netfilter: nf_tables: disallow element updates of bound anonymous sets
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: reject unbound chain set before commit phase
netfilter: nf_tables: disallow updates of anonymous sets
netfilter: nfnetlink_osf: fix module autoload
Revert "net: phy: dp83867: perform soft reset and retain established link"
bpf/btf: Accept function names that contain dots
bpf: Force kprobe multi expected_attach_type for kprobe_multi link
io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr
selftests: forwarding: Fix race condition in mirror installation
platform/x86/amd/pmf: Register notify handler only if SPS is enabled
sch_netem: acquire qdisc lock in netem_change()
revert "net: align SO_RCVMARK required privileges with SO_MARK"
arm64: dts: rockchip: Enable GPU on SOQuartz CM4
arm64: dts: rockchip: fix nEXTRST on SOQuartz
gpiolib: Fix GPIO chip IRQ initialization restriction
gpio: sifive: add missing check for platform_get_irq
gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain()
scsi: target: iscsi: Prevent login threads from racing between each other
HID: wacom: Add error check to wacom_parse_and_register()
arm64: Add missing Set/Way CMO encodings
smb3: missing null check in SMB2_change_notify
media: cec: core: disable adapter in cec_devnode_unregister
media: cec: core: don't set last_initiator if tx in progress
nfcsim.c: Fix error checking for debugfs_create_dir
btrfs: fix an uninitialized variable warning in btrfs_log_inode
usb: gadget: udc: fix NULL dereference in remove()
nvme: double KA polling frequency to avoid KATO with TBKAS on
nvme: check IO start time when deciding to defer KA
nvme: improve handling of long keep alives
Input: soc_button_array - add invalid acpi_index DMI quirk handling
arm64: dts: qcom: sc7280-idp: drop incorrect dai-cells from WCD938x SDW
arm64: dts: qcom: sc7280-qcard: drop incorrect dai-cells from WCD938x SDW
s390/cio: unregister device when the only path is gone
spi: lpspi: disable lpspi module irq in DMA mode
ASoC: codecs: wcd938x-sdw: do not set can_multi_write flag
ASoC: simple-card: Add missing of_node_put() in case of error
soundwire: dmi-quirks: add new mapping for HP Spectre x360
soundwire: qcom: add proper error paths in qcom_swrm_startup()
ASoC: nau8824: Add quirk to active-high jack-detect
ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
gfs2: Don't get stuck writing page onto itself under direct I/O
s390/purgatory: disable branch profiling
ASoC: fsl_sai: Enable BCI bit if SAI works on synchronous mode with BYP asserted
ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256
i2c: mchp-pci1xxxx: Avoid cast to incompatible function type
ARM: dts: Fix erroneous ADS touchscreen polarities
null_blk: Fix: memory release when memory_backed=1
drm/exynos: vidi: fix a wrong error return
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
vhost_vdpa: tell vqs about the negotiated
vhost_net: revert upend_idx only on retriable error
KVM: arm64: Restore GICv2-on-GICv3 functionality
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
smb: move client and server files to common directory fs/smb
Linux 6.1.36
Note, this "merges away" commit:
|
||
|
Roberto Sassu
|
1a2793a25a |
memfd: check for non-NULL file_seals in memfd_create() syscall
[ Upstream commit 935d44acf621aa0688fef8312dec3e5940f38f4e ]
Ensure that file_seals is non-NULL before using it in the memfd_create()
syscall. One situation in which memfd_file_seals_ptr() could return a
NULL pointer when CONFIG_SHMEM=n, oopsing the kernel.
Link: https://lkml.kernel.org/r/20230607132427.2867435-1-roberto.sassu@huaweicloud.com
Fixes:
|
||
Alexei Starovoitov
|
2e7ad879e1 |
mm: Fix copy_from_user_nofault().
commit d319f344561de23e810515d109c7278919bff7b0 upstream. There are several issues with copy_from_user_nofault(): - access_ok() is designed for user context only and for that reason it has WARN_ON_IN_IRQ() which triggers when bpf, kprobe, eprobe and perf on ppc are calling it from irq. - it's missing nmi_uaccess_okay() which is a nop on all architectures except x86 where it's required. The comment in arch/x86/mm/tlb.c explains the details why it's necessary. Calling copy_from_user_nofault() from bpf, [ke]probe without this check is not safe. - __copy_from_user_inatomic() under CONFIG_HARDENED_USERCOPY is calling check_object_size()->__check_object_size()->check_heap_object()->find_vmap_area()->spin_lock() which is not safe to do from bpf, [ke]probe and perf due to potential deadlock. Fix all three issues. At the end the copy_from_user_nofault() becomes equivalent to copy_from_user_nmi() from safety point of view with a difference in the return value. Reported-by: Hsin-Wei Hung <hsinweih@uci.edu> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Florian Lehner <dev@der-flo.net> Tested-by: Hsin-Wei Hung <hsinweih@uci.edu> Tested-by: Florian Lehner <dev@der-flo.net> Link: https://lore.kernel.org/r/20230410174345.4376-2-dev@der-flo.net Signed-off-by: Alexei Starovoitov <ast@kernel.org> Cc: Javier Honduvilla Coto <javierhonduco@gmail.com> Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
1e4b07ffa3 |
This is the 6.1.35 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmSTArUACgkQONu9yGCS
aT7L1w//S9q9UHGxXd4awCjyj3doC4UMaMjH0b/BT8GmDM5lpbqqvWBgWe7zrvnK
L/VOGj6pkgBuH7uBLmRVZKkRwnyFcxKnW+BwVxn3WFE5UjCBrxqjry228Wp9FCR9
i/4C/6ls+vA+Ll2GkvSVogPkTwtC1A8hsI6r4qQMbNyeTySd9SF6nfo3uR2olBW6
UN3NdIY6Lzo7t/Jbn+4zLhgDbQ28bn3IymS8jPAFQBoRHNOeKh6UFEu7Mzjbn6Nb
YrcHxr4/xAjnof7JV1JZOVVA2BoUCIStB4INv6Ke9XucIs8Y0UzU7MeeqPLh1lBO
aKhGADdO3shj0OGsLfmzfYlGu5+5lQ3yFN8ZVTzQTYTZUFLnddUjB3a/DwKR0Nza
A6LjUID2jRmoNtMWDHlX9Wqyv5iuIzl2hqs2jGc3o/EHAQ2IFlMMee+mjkEqmalO
iRyCt5Ekr/P8MrTQHPcJ26uPh+TGvcooBSGSKu6WNFozNQ7sxSl7QJONLMs0tUtk
JzcTxw7cAtbxcsfDX0k3z2Mp6d1YuQvwo22mVYioO7+nhB6MaRNVPkhbVf3koMeD
lB/ISmr8Lv4CZLS4xYUlYHQyPGT+YTkLpbncV+WQe4+9ounbuz71tKpoB7XbBVgY
52Qc9aLAAKi8yyFbNRoxWo98RXx5fWTzQMMqM2N2KExsF75EW/k=
=/x/n
-----END PGP SIGNATURE-----
Merge 6.1.35 into android14-6.1-lts
Changes in 6.1.35
x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed
test_firmware: Use kstrtobool() instead of strtobool()
test_firmware: prevent race conditions by a correct implementation of locking
cgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers
cgroup: always put cset in cgroup_css_set_put_fork
cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks()
qcom: llcc/edac: Fix the base address used for accessing LLCC banks
EDAC/qcom: Get rid of hardcoded register offsets
ksmbd: validate smb request protocol id
of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset()
power: supply: ab8500: Fix external_power_changed race
power: supply: sc27xx: Fix external_power_changed race
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
ARM: dts: vexpress: add missing cache properties
tools: gpio: fix debounce_period_us output of lsgpio
selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change
power: supply: Ratelimit no data debug output
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0
regulator: Fix error checking for debugfs_create_dir
irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues
irqchip/meson-gpio: Mark OF related data as maybe unused
power: supply: Fix logic checking if system is running from battery
drm: panel-orientation-quirks: Change Air's quirk to support Air Plus
btrfs: scrub: try harder to mark RAID56 block groups read-only
btrfs: handle memory allocation failure in btrfs_csum_one_bio
ASoC: soc-pcm: test if a BE can be prepared
ASoC: Intel: avs: Account for UID of ACPI device
ASoC: Intel: avs: Add missing checks on FE startup
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()
MIPS: unhide PATA_PLATFORM
MIPS: Restore Au1300 support
MIPS: Alchemy: fix dbdma2
mips: Move initrd_start check after initrd address sanitisation.
ASoC: cs35l41: Fix default regmap values for some registers
ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
xen/blkfront: Only check REQ_FUA for writes
drm:amd:amdgpu: Fix missing buffer object unlock in failure path
io_uring: unlock sqd->lock before sq thread release CPU
NVMe: Add MAXIO 1602 to bogus nid list.
irqchip/gic: Correctly validate OF quirk descriptors
wifi: cfg80211: fix locking in regulatory disconnect
wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid()
epoll: ep_autoremove_wake_function should use list_del_init_careful
ocfs2: fix use-after-free when unmounting read-only filesystem
ocfs2: check new file size on fallocate call
zswap: do not shrink if cgroup may not zswap
nios2: dts: Fix tse_mac "max-frame-size" property
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: reject devices with insufficient block count
LoongArch: Fix perf event id calculation
io_uring/net: save msghdr->msg_control for retries
kexec: support purgatories with .text.hot sections
x86/purgatory: remove PGO flags
riscv/purgatory: remove PGO flags
powerpc/purgatory: remove PGO flags
btrfs: do not ASSERT() on duplicated global roots
btrfs: fix iomap_begin length for nocow writes
btrfs: can_nocow_file_extent should pass down args->strict from callers
ALSA: usb-audio: Fix broken resume due to UAC3 power state
ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback
dm thin metadata: check fail_io before using data_sm
dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard
net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open
nouveau: fix client work fence deletion race
RDMA/uverbs: Restrict usage of privileged QKEYs
drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1
net: usb: qmi_wwan: add support for Compal RXM-G1
drm/amd/display: edp do not add non-edid timings
drm/amd: Make sure image is written to trigger VBIOS image update flow
drm/amd: Tighten permissions on VBIOS flashing attributes
drm/amd/pm: workaround for compute workload type on some skus
drm/amdgpu: add missing radeon secondary PCI ID
ALSA: hda/realtek: Add a quirk for Compaq N14JP6
thunderbolt: Do not touch CL state configuration during discovery
thunderbolt: dma_test: Use correct value for absent rings when creating paths
thunderbolt: Mask ring interrupt on Intel hardware as well
clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr
USB: serial: option: add Quectel EM061KGL series
serial: lantiq: add missing interrupt ack
usb: typec: ucsi: Fix command cancellation
usb: typec: Fix fast_role_swap_current show function
usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
usb: gadget: udc: core: Prevent soft_connect_store() race
USB: dwc3: qcom: fix NULL-deref on suspend
USB: dwc3: fix use-after-free on core driver unbind
usb: dwc3: gadget: Reset num TRBs before giving back the request
RDMA/rtrs: Fix the last iu->buf leak in err path
RDMA/rtrs: Fix rxe_dealloc_pd warning
RDMA/rxe: Fix packet length checks
RDMA/rxe: Fix ref count error in check_rkey()
spi: cadence-quadspi: Add missing check for dma_set_mask
spi: fsl-dspi: avoid SCK glitches with continuous transfers
netfilter: nf_tables: integrate pipapo into commit protocol
netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
ice: Fix XDP memory leak when NIC is brought up and down
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
net: enetc: correct the indexes of highest and 2nd highest TCs
ping6: Fix send to link-local addresses with VRF.
igb: Fix extts capture value format for 82580/i354/i350
net/sched: simplify tcf_pedit_act
net/sched: act_pedit: remove extra check for key type
net/sched: act_pedit: Parse L3 Header for L4 offset
octeontx2-af: Fix promiscuous mode
net/sched: cls_u32: Fix reference counter leak leading to overflow
wifi: mac80211: fix link activation settings order
wifi: cfg80211: fix link del callback to call correct handler
wifi: mac80211: take lock before setting vif links
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
iavf: remove mask from iavf_irq_enable_queues()
octeontx2-af: fixed resource availability check
octeontx2-af: fix lbk link credits on cn10k
RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions
RDMA/mlx5: Create an indirect flow table for steering anchor
RDMA/cma: Always set static rate to 0 for RoCE
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/mlx5: Fix affinity assignment
IB/isert: Fix dead lock in ib_isert
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix incorrect release of isert connection
net: ethtool: correct MAX attribute value for stats
ipvlan: fix bound dev checking for IPv6 l3s mode
sctp: fix an error code in sctp_sf_eat_auth()
igc: Clean the TX buffer and TX descriptor ring
igc: Fix possible system crash when loading module
igb: fix nvm.ops.read() error handling
net: phylink: report correct max speed for QUSGMII
net: phylink: use a dedicated helper to parse usgmii control word
drm/nouveau: don't detect DSM for non-NVIDIA device
drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow
drm/nouveau/dp: check for NULL nv_connector->native_mode
drm/nouveau: add nv_encoder pointer check for NULL
selftests/tc-testing: Fix Error: Specified qdisc kind is unknown.
selftests/tc-testing: Fix Error: failed to find target LOG
selftests/tc-testing: Fix SFB db test
sched: add new attr TCA_EXT_WARN_MSG to report tc extact message
net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs
net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting
selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step
cifs: fix lease break oops in xfstest generic/098
ext4: drop the call to ext4_error() from ext4_get_group_info()
net/sched: cls_api: Fix lockup on flushing explicitly created chain
net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames
net: lapbether: only support ethernet devices
net: macsec: fix double free of percpu stats
sfc: fix XDP queues mode with legacy IRQ
dm: don't lock fs when the map is NULL during suspend or resume
net: tipc: resize nlattr array to correct size
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
octeon_ep: Add missing check for ioremap
afs: Fix vlserver probe RTT handling
parisc: Delete redundant register definitions in <asm/assembly.h>
rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period
drm/amdgpu: Don't set struct drm_driver.output_poll_changed
net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy
Revert "net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy"
net/sched: act_api: add specific EXT_WARN_MSG for tc action
neighbour: delete neigh_lookup_nodev as not used
scsi: target: core: Fix error path in target_setup_session()
x86/boot/compressed: prefer cc-option for CFLAGS additions
MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
MIPS: Prefer cc-option for additions to cflags
kbuild: Update assembler calls to use proper flags and language target
Linux 6.1.35
Change-Id: Ib27a87c9bcf16c70a0f4dd567551c2ae44702a4b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Nhat Pham
|
447f325497 |
zswap: do not shrink if cgroup may not zswap
commit 0bdf0efa180a9cb1361cbded4e2260a49306ac89 upstream.
Before storing a page, zswap first checks if the number of stored pages
exceeds the limit specified by memory.zswap.max, for each cgroup in the
hierarchy. If this limit is reached or exceeded, then zswap shrinking is
triggered and short-circuits the store attempt.
However, since the zswap's LRU is not memcg-aware, this can create the
following pathological behavior: the cgroup whose zswap limit is 0 will
evict pages from other cgroups continually, without lowering its own zswap
usage. This means the shrinking will continue until the need for swap
ceases or the pool becomes empty.
As a result of this, we observe a disproportionate amount of zswap
writeback and a perpetually small zswap pool in our experiments, even
though the pool limit is never hit.
More generally, a cgroup might unnecessarily evict pages from other
cgroups before we drive the memcg back below its limit.
This patch fixes the issue by rejecting zswap store attempt without
shrinking the pool when obj_cgroup_may_zswap() returns false.
[akpm@linux-foundation.org: fix return of unintialized value]
[akpm@linux-foundation.org: s/ENOSPC/ENOMEM/]
Link: https://lkml.kernel.org/r/20230530222440.2777700-1-nphamcs@gmail.com
Link: https://lkml.kernel.org/r/20230530232435.3097106-1-nphamcs@gmail.com
Fixes:
|
||
|
Deyao Ren
|
bdfdc9261f |
Revert "Merge remote-tracking branch into HEAD"
This reverts commit
|
||
|
Greg Kroah-Hartman
|
ed6634a559 |
Merge 'android14-6.1' into 'android14-6.1-lts'
This catches the -lts branch up with all of the recent changes that have gone into the non-lts branch, INCLUDING the ABI update which we want here to ensure that we do NOT break any newly added dependent symbols (and to bring back in the reverts that were required before the ABI break). This includes the following commits: |
||
Matthias Maennich
|
73185e2d4e |
ANDROID: Remove all but top-level OWNERS
Now that the branch is used to create production GKI images, need to institute ACK DrNo for all commits. The DrNo approvers are in the android-mainline branch at /OWNERS_DrNo. Bug: 287162457 Signed-off-by: Matthias Maennich <maennich@google.com> Change-Id: Id5bb83d7add5f314df6816c1c51b4bf2d8018e79 |
||
|
Greg Kroah-Hartman
|
ee4c9c95ff |
Merge 6.1.34 into android14-6.1-lts
Changes in 6.1.34
scsi: megaraid_sas: Add flexible array member for SGLs
net: sfp: fix state loss when updating state_hw_mask
spi: mt65xx: make sure operations completed before unloading
platform/surface: aggregator: Allow completion work-items to be executed in parallel
platform/surface: aggregator_tabletsw: Add support for book mode in KIP subsystem
spi: qup: Request DMA before enabling clocks
afs: Fix setting of mtime when creating a file/dir/symlink
wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready()
neighbour: fix unaligned access to pneigh_entry
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294
bpf: Fix UAF in task local storage
bpf: Fix elem_size not being set for inner maps
net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
net: enetc: correct the statistics of rx bytes
net: enetc: correct rx_bytes statistics of XDP
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
drm/i915: Explain the magic numbers for AUX SYNC/precharge length
drm/i915: Use 18 fast wake AUX sync len
Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER
Bluetooth: Fix l2cap_disconnect_req deadlock
Bluetooth: ISO: don't try to remove CIG if there are bound CIS left
Bluetooth: L2CAP: Add missing checks for invalid DCID
wifi: mac80211: use correct iftype HE cap
wifi: cfg80211: reject bad AP MLD address
wifi: mac80211: mlme: fix non-inheritence element
wifi: mac80211: don't translate beacon/presp addrs
qed/qede: Fix scheduling while atomic
wifi: cfg80211: fix locking in sched scan stop work
selftests/bpf: Verify optval=NULL case
selftests/bpf: Fix sockopt_sk selftest
netfilter: nft_bitwise: fix register tracking
netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
netfilter: ipset: Add schedule point in call_ad().
netfilter: nf_tables: out-of-bound check in chain blob
ipv6: rpl: Fix Route of Death.
tcp: gso: really support BIG TCP
rfs: annotate lockless accesses to sk->sk_rxhash
rfs: annotate lockless accesses to RFS sock flow table
net: sched: add rcu annotations around qdisc->qdisc_sleeping
drm/i915/selftests: Stop using kthread_stop()
drm/i915/selftests: Add some missing error propagation
net: sched: move rtm_tca_policy declaration to include file
net: sched: act_police: fix sparse errors in tcf_police_dump()
net: sched: fix possible refcount leak in tc_chain_tmplt_add()
bpf: Add extra path pointer check to d_path helper
drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram
lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
net: bcmgenet: Fix EEE implementation
bnxt_en: Don't issue AP reset during ethtool's reset operation
bnxt_en: Query default VLAN before VNIC setup on a VF
bnxt_en: Skip firmware fatal error recovery if chip is not accessible
bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
batman-adv: Broken sync while rescheduling delayed work
Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
Input: psmouse - fix OOB access in Elantech protocol
Input: fix open count when closing inhibited device
ALSA: hda: Fix kctl->id initialization
ALSA: ymfpci: Fix kctl->id initialization
ALSA: gus: Fix kctl->id initialization
ALSA: cmipci: Fix kctl->id initialization
ALSA: hda/realtek: Add quirk for Clevo NS50AU
ALSA: ice1712,ice1724: fix the kcontrol->id initialization
ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
ALSA: hda/realtek: Add Lenovo P3 Tower platform
ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41
drm/i915/gt: Use the correct error value when kernel_context() fails
drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs
drm/amdgpu: fix xclk freq on CHIP_STONEY
drm/amdgpu: change reserved vram info print
drm/amd/pm: Fix power context allocation in SMU13
drm/amd/display: Reduce sdp bw after urgent to 90%
wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif()
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket
can: j1939: change j1939_netdev_lock type to mutex
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails
mptcp: only send RM_ADDR in nl_cmd_remove
mptcp: add address into userspace pm list
mptcp: update userspace pm infos
selftests: mptcp: update userspace pm addr tests
selftests: mptcp: update userspace pm subflow tests
ceph: fix use-after-free bug for inodes when flushing capsnaps
s390/dasd: Use correct lock while counting channel queue length
Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
Bluetooth: fix debugfs registration
Bluetooth: hci_qca: fix debugfs registration
tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta'
rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting
rbd: get snapshot context after exclusive lock is ensured to be held
virtio_net: use control_buf for coalesce params
soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe()
pinctrl: meson-axg: add missing GPIOA_18 gpio group
usb: usbfs: Enforce page requirements for mmap
usb: usbfs: Use consistent mmap functions
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
mm: page_table_check: Ensure user pages are not slab pages
arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes
ARM: at91: pm: fix imbalanced reference counter for ethernet devices
ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc
ASoC: codecs: wsa883x: do not set can_multi_write flag
ASoC: codecs: wsa881x: do not set can_multi_write flag
arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards
arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals
arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
ASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback returning void
ASoC: mediatek: mt8195: fix use-after-free in driver remove path
ASoC: simple-card-utils: fix PCM constraint error check
blk-mq: fix blk_mq_hw_ctx active request accounting
arm64: dts: imx8mn-beacon: Fix SPI CS pinmux
i2c: mv64xxx: Fix reading invalid status value in atomic mode
firmware: arm_ffa: Set handle field to zero in memory descriptor
gpio: sim: fix memory corruption when adding named lines and unnamed hogs
i2c: sprd: Delete i2c adapter in .remove's error path
riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
eeprom: at24: also select REGMAP
soundwire: stream: Add missing clear of alloc_slave_rt
riscv: fix kprobe __user string arg print fault issue
vduse: avoid empty string for dev name
vhost: support PACKED when setting-getting vring_base
vhost_vdpa: support PACKED when setting-getting vring_base
ksmbd: fix out-of-bound read in deassemble_neg_contexts()
ksmbd: fix out-of-bound read in parse_lease_state()
ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop
Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled"
ext4: only check dquot_initialize_needed() when debugging
wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS
wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
Linux 6.1.34
Note, commit
|
||
|
Greg Kroah-Hartman
|
c5df11c964 |
Merge branch 'android14-6.1' into branch 'android14-6.1-lts'
This catches the -lts branch up with all of the recent changes that have gone into the non-lts branch, INCLUDING the ABI update which we want here to ensure that we do NOT break any newly added dependent symbols (and to bring back in the reverts that were required before the ABI break). This includes the following commits: |
||
Ruihan Li
|
df9bc25d13 |
mm: page_table_check: Ensure user pages are not slab pages
commit 44d0fb387b53e56c8a050bac5c7d460e21eb226f upstream.
The current uses of PageAnon in page table check functions can lead to
type confusion bugs between struct page and slab [1], if slab pages are
accidentally mapped into the user space. This is because slab reuses the
bits in struct page to store its internal states, which renders PageAnon
ineffective on slab pages.
Since slab pages are not expected to be mapped into the user space, this
patch adds BUG_ON(PageSlab(page)) checks to make sure that slab pages
are not inadvertently mapped. Otherwise, there must be some bugs in the
kernel.
Reported-by: syzbot+fcf1a817ceb50935ce99@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/lkml/000000000000258e5e05fae79fc1@google.com/ [1]
Fixes:
|
||
|
Ruihan Li
|
08378f0314 |
mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM
commit 81a31a860bb61d54eb688af2568d9332ed9b8942 upstream. Without EXCLUSIVE_SYSTEM_RAM, users are allowed to map arbitrary physical memory regions into the userspace via /dev/mem. At the same time, pages may change their properties (e.g., from anonymous pages to named pages) while they are still being mapped in the userspace, leading to "corruption" detected by the page table check. To avoid these false positives, this patch makes PAGE_TABLE_CHECK depends on EXCLUSIVE_SYSTEM_RAM. This dependency is understandable because PAGE_TABLE_CHECK is a hardening technique but /dev/mem without STRICT_DEVMEM (i.e., !EXCLUSIVE_SYSTEM_RAM) is itself a security problem. Even with EXCLUSIVE_SYSTEM_RAM, I/O pages may be still allowed to be mapped via /dev/mem. However, these pages are always considered as named pages, so they won't break the logic used in the page table check. Cc: <stable@vger.kernel.org> # 5.17 Signed-off-by: Ruihan Li <lrh2000@pku.edu.cn> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Pasha Tatashin <pasha.tatashin@soleen.com> Link: https://lore.kernel.org/r/20230515130958.32471-4-lrh2000@pku.edu.cn Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Suren Baghdasaryan
|
d31ddcdbb8 |
Revert "Revert "mm/mmap: regression fix for unmapped_area{_topdown}""
This reverts commit 52ace503ecf894ec2f63b8137f181868ea61d95a.
The issue that required the revert is fixed by:
0257d9908d38 ("maple_tree: make maple state reusable after mas_empty_area()")
Bug: 281094761
Change-Id: I97b45525689097d0c1369f81a994d50f0662c9c2
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Greg Kroah-Hartman
|
26c1cc6858 |
This is the 6.1.30 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRuPHsACgkQONu9yGCS
aT6USxAAx2uklTRE3mmIS9qytOjb8Z3gsA8LVaaQ3f25CWNiuverNj0mFyNtI9KX
84ZBS/G8aHA6z0dtdyMupHznHehQp7pVo0LOeVMz2bR+CjkpRQei2NimG8bGRcFK
W6c40w99lD9dYpaal3yajs+k+LF3BktmBNc0SynCjjyEy4YA5RbWOhtGX6P4VRqs
sPXcmmAHsqDPLfqsgsHiBNsiw+dCP7jY1a17rTxz1g49/4zS6BEGtxxpU4UZNbph
rKrX0sgF8UM15IfdFc0CiOXhAcL7QQfUbucJ/94180gclF4j6QqAMueAr6mLWkFd
Pj7vLn/KD2wA2dzTBekHZ9SYp31xcXomkzfdLoMMnazfy3RL4sO7WhJks0k0T2En
3LIlsRZx/C2ztf3SLq2z2Bw/ExaefrydLI9cWJBi7CQ5yUVO15edcv40W4pxoMOL
xFDZhCksC+JNc74HPYKTmg+SJQsxtYeLrwb6zW43aJByY+rls70crfhdS5fORvmH
G8qDS2PCNAqpulxyxQtYxiIcRiM4SqPskves+3nu7gBFGfsv2AJU1gNCorIpZuW8
DS2jrMwPv7gH+eUvqrnrtdA+Vk4TYWslg0mPlVNavX98i9/dC9Vjss3yXCYh7Q6u
0+BpSBLtKM4pahaMgKpYv/V/r+GKvIt7Npki8o/bs1nuykF04aw=
=hAQM
-----END PGP SIGNATURE-----
Merge 6.1.30 into android14-6.1-lts
Changes in 6.1.30
drm/fbdev-generic: prohibit potential out-of-bounds access
drm/mipi-dsi: Set the fwnode for mipi_dsi_device
ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
net: skb_partial_csum_set() fix against transport header magic value
net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend
tick/broadcast: Make broadcast device replacement work correctly
linux/dim: Do nothing if no time delta between samples
net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
net: phy: bcm7xx: Correct read from expansion register
netfilter: nf_tables: always release netdev hooks from notifier
netfilter: conntrack: fix possible bug_on with enable_hooks=1
bonding: fix send_peer_notif overflow
netlink: annotate accesses to nlk->cb_running
net: annotate sk->sk_err write from do_recvmmsg()
net: deal with most data-races in sk_wait_event()
net: add vlan_get_protocol_and_depth() helper
tcp: add annotations around sk->sk_shutdown accesses
gve: Remove the code of clearing PBA bit
ipvlan:Fix out-of-bounds caused by unclear skb->cb
net: mscc: ocelot: fix stat counter register values
net: datagram: fix data-races in datagram_poll()
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
af_unix: Fix data races around sk->sk_shutdown.
drm/i915/guc: Don't capture Gen8 regs on Xe devices
drm/i915: Fix NULL ptr deref by checking new_crtc_state
drm/i915/dp: prevent potential div-by-zero
drm/i915: Expand force_probe to block probe of devices as well.
drm/i915: taint kernel when force probing unsupported devices
fbdev: arcfb: Fix error handling in arcfb_probe()
ext4: reflect error codes from ext4_multi_mount_protect() to its callers
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
ext4: allow ext4_get_group_info() to fail
refscale: Move shutdown from wait_event() to wait_event_idle()
selftests: cgroup: Add 'malloc' failures checks in test_memcontrol
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
open: return EINVAL for O_DIRECTORY | O_CREAT
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
drm/displayid: add displayid_get_header() and check bounds better
drm/amd/display: populate subvp cmd info only for the top pipe
drm/amd/display: Correct DML calculation to align HW formula
platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750 data
drm/amd/display: Enable HostVM based on rIOMMU active
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores
arm64: dts: qcom: msm8996: Add missing DWC3 quirks
media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()
media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
media: pvrusb2: VIDEO_PVRUSB2 depends on DVB_CORE to use dvb_* symbols
ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()
drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
memstick: r592: Fix UAF bug in r592_remove due to race condition
arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from usb_dwc3_0
firmware: arm_sdei: Fix sleep from invalid context BUG
ACPI: EC: Fix oops when removing custom query handlers
drm/amd/display: fixed dcn30+ underflow issue
remoteproc: stm32_rproc: Add mutex protection for workqueue
drm/tegra: Avoid potential 32-bit integer overflow
drm/msm/dp: Clean up handling of DP AUX interrupts
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
arm64: dts: qcom: sdm845-polaris: Drop inexistent properties
irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4
ACPI: video: Remove desktops without backlight DMI quirks
drm/amd/display: Correct DML calculation to follow HW SPEC
drm/amd: Fix an out of bounds error in BIOS parser
drm/amdgpu: Fix sdma v4 sw fini error
media: Prefer designated initializers over memset for subdev pad ops
media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
wifi: ath: Silence memcpy run-time false positive warning
bpf: Annotate data races in bpf_local_storage
wifi: brcmfmac: pcie: Provide a buffer of random bytes to the device
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ext2: Check block size validity during mount
scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery
bnxt: avoid overflow in bnxt_get_nvram_directory()
net: pasemi: Fix return type of pasemi_mac_start_tx()
net: Catch invalid index in XPS mapping
netdev: Enforce index cap in netdev_get_tx_queue
scsi: target: iscsit: Free cmds before session free
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
gfs2: Fix inode height consistency check
scsi: ufs: ufs-pci: Add support for Intel Lunar Lake
ext4: set goal start correctly in ext4_mb_normalize_request
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
crypto: jitter - permanent and intermittent health errors
f2fs: Fix system crash due to lack of free space in LFS
f2fs: fix to drop all dirty pages during umount() if cp_error is set
f2fs: fix to check readonly condition correctly
samples/bpf: Fix fout leak in hbm's run_bpf_prog
bpf: Add preempt_count_{sub,add} into btf id deny list
md: fix soft lockup in status_resync
wifi: iwlwifi: pcie: fix possible NULL pointer dereference
wifi: iwlwifi: add a new PCI device ID for BZ device
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
wifi: iwlwifi: mvm: fix ptk_pn memory leak
block, bfq: Fix division by zero error on zero wsum
wifi: ath11k: Ignore frags from uninitialized peer in dp.
wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO
null_blk: Always check queue mode setting from configfs
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
wifi: ath11k: Fix SKB corruption in REO destination ring
nbd: fix incomplete validation of ioctl arg
ipvs: Update width of source for ip_vs_sync_conn_options
Bluetooth: btusb: Add new PID/VID 04ca:3801 for MT7663
Bluetooth: Add new quirk for broken local ext features page 2
Bluetooth: btrtl: add support for the RTL8723CS
Bluetooth: Improve support for Actions Semi ATS2851 based devices
Bluetooth: btrtl: check for NULL in btrtl_set_quirks()
Bluetooth: btintel: Add LE States quirk support
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
Bluetooth: Add new quirk for broken set random RPA timeout for ATS2851
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
Bluetooth: btrtl: Add the support for RTL8851B
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
HID: apple: Set the tilde quirk flag on the Geyser 4 and later
staging: axis-fifo: initialize timeouts in init only
ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42)
HID: logitech-hidpp: Don't use the USB serial for USB devices
HID: logitech-hidpp: Reconcile USB and Unifying serials
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
ALSA: hda: LNL: add HD Audio PCI ID
ASoC: amd: Add Dell G15 5525 to quirks list
ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
HID: apple: Set the tilde quirk flag on the Geyser 3
HID: Ignore battery for ELAN touchscreen on ROG Flow X13 GV301RA
HID: wacom: generic: Set battery quirk only when we see battery data
usb: typec: tcpm: fix multiple times discover svids error
serial: 8250: Reinit port->pm on port specific driver unbind
mcb-pci: Reallocate memory region to avoid memory overlapping
sched: Fix KCSAN noinstr violation
lkdtm/stackleak: Fix noinstr violation
recordmcount: Fix memory leaks in the uwrite function
soundwire: dmi-quirks: add remapping for Intel 'Rooks County' NUC M15
phy: st: miphy28lp: use _poll_timeout functions for waits
soundwire: qcom: gracefully handle too many ports in DT
soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow
mfd: intel_soc_pmic_chtwc: Add Lenovo Yoga Book X90F to intel_cht_wc_models
mfd: dln2: Fix memory leak in dln2_probe()
mfd: intel-lpss: Add Intel Meteor Lake PCH-S LPSS PCI IDs
parisc: Replace regular spinlock with spin_trylock on panic path
platform/x86: Move existing HP drivers to a new hp subdir
platform/x86: hp-wmi: add micmute to hp_wmi_keymap struct
drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs
xfrm: don't check the default policy if the policy allows the packet
Revert "Fix XFRM-I support for nested ESP tunnels"
drm/msm/dp: unregister audio driver during unbind
drm/msm/dpu: Assign missing writeback log_mask
drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header
drm/msm/dpu: Remove duplicate register defines from INTF
dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and qcom, sync-dual-dsi
platform: Provide a remove callback that returns no value
ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
cpupower: Make TSC read per CPU for Mperf monitor
xfrm: Reject optional tunnel/BEET mode templates in outbound policies
af_key: Reject optional tunnel/BEET mode templates in outbound policies
drm/msm: Fix submit error-path leaks
selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test
selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test
net: fec: Better handle pm_runtime_get() failing in .remove()
net: phy: dp83867: add w/a for packet errors seen with short cables
ALSA: firewire-digi00x: prevent potential use after free
wifi: mt76: connac: fix stats->tx_bytes calculation
ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
sfc: disable RXFCS and RXALL features by default
vsock: avoid to close connected socket after the timeout
tcp: fix possible sk_priority leak in tcp_v4_send_reset()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
serial: 8250_bcm7271: balance clk_enable calls
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
erspan: get the proto with the md version for collect_md
net: dsa: rzn1-a5psw: enable management frames for CPU port
net: dsa: rzn1-a5psw: fix STP states handling
net: dsa: rzn1-a5psw: disable learning for standalone ports
net: hns3: fix output information incomplete for dumping tx queue info with debugfs
net: hns3: fix sending pfc frames after reset issue
net: hns3: fix reset delay time to avoid configuration timeout
net: hns3: fix reset timeout when enable full VF
media: netup_unidvb: fix use-after-free at del_timer()
SUNRPC: double free xprt_ctxt while still in use
SUNRPC: always free ctxt when freeing deferred request
SUNRPC: Fix trace_svc_register() call site
ASoC: mediatek: mt8186: Fix use-after-free in driver remove path
ASoC: SOF: topology: Fix logic for copying tuples
drm/exynos: fix g2d_open/close helper function definitions
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
virtio-net: Maintain reverse cleanup order
virtio_net: Fix error unwinding of XDP initialization
tipc: add tipc_bearer_min_mtu to calculate min mtu
tipc: do not update mtu if msg_max is too small in mtu negotiation
tipc: check the bearer min mtu properly when setting it by netlink
s390/cio: include subchannels without devices also for evaluation
can: dev: fix missing CAN XL support in can_put_echo_skb()
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
ice: introduce clear_reset_state operation
ice: Fix ice VF reset during iavf initialization
wifi: cfg80211: Drop entries with invalid BSSIDs in RNR
wifi: mac80211: fortify the spinlock against deadlock by interrupt
wifi: mac80211: fix min center freq offset tracing
wifi: mac80211: Abort running color change when stopping the AP
wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
wifi: iwlwifi: fw: fix DBGI dump
wifi: iwlwifi: fix OEM's name in the ppag approved list
wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
wifi: iwlwifi: mvm: don't trust firmware n_channels
scsi: storvsc: Don't pass unused PFNs to Hyper-V host
net: tun: rebuild error handling in tun_get_user
tun: Fix memory leak for detached NAPI queue.
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset
igb: fix bit_shift to be in [1..8] range
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
net: wwan: iosm: fix NULL pointer dereference when removing device
net: pcs: xpcs: fix C73 AN not getting enabled
net: selftests: Fix optstring
netfilter: nf_tables: fix nft_trans type confusion
netfilter: nft_set_rbtree: fix null deref on element insertion
bridge: always declare tunnel functions
ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
USB: usbtmc: Fix direction for 0-length ioctl control messages
usb-storage: fix deadlock when a scsi command timeouts more than once
USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()
usb: dwc3: debugfs: Resume dwc3 before accessing registers
usb: gadget: u_ether: Fix host MAC address case
usb: typec: altmodes/displayport: fix pin_assignment_show
Revert "usb: gadget: udc: core: Prevent redundant calls to pullup"
Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"
xhci-pci: Only run d3cold avoidance quirk for s2idle
xhci: Fix incorrect tracking of free space on transfer rings
ALSA: hda: Fix Oops by 9.1 surround channel names
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda/realtek: Add quirk for Clevo L140AU
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop
can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
can: kvaser_pciefd: Call request_irq() before enabling interrupts
can: kvaser_pciefd: Empty SRB buffer in probe
can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
can: kvaser_pciefd: Disable interrupts in probe error path
wifi: rtw88: use work to update rate to avoid RCU warning
SMB3: Close all deferred handles of inode in case of handle lease break
SMB3: drop reference to cfile before sending oplock break
ksmbd: smb2: Allow messages padded to 8byte boundary
ksmbd: allocate one more byte for implied bcc[0]
ksmbd: fix wrong UserName check in session_user
ksmbd: fix global-out-of-bounds in smb2_find_context_vals
KVM: Fix vcpu_array[0] races
statfs: enforce statfs[64] structure initialization
maple_tree: make maple state reusable after mas_empty_area()
mm: fix zswap writeback race condition
serial: Add support for Advantech PCI-1611U card
serial: 8250_exar: Add support for USR298x PCI Modems
serial: qcom-geni: fix enabling deactivated interrupt
thunderbolt: Clear registers properly when auto clear isn't in use
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
ceph: force updating the msg pointer in non-split case
drm/amd/pm: fix possible power mode mismatch between driver and PMFW
drm/amdgpu/gmc11: implement get_vbios_fb_size()
drm/amdgpu/gfx10: Disable gfxoff before disabling powergating.
drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well
drm/amdgpu: refine get gpu clock counter method
drm/amdgpu/gfx11: update gpu_clock_counter logic
dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs
powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device
tpm/tpm_tis: Disable interrupts for more Lenovo devices
powerpc/64s/radix: Fix soft dirty tracking
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
s390/dasd: fix command reject error on ESE devices
s390/crypto: use vector instructions only if available for ChaCha20
s390/qdio: fix do_sqbs() inline assembly constraint
arm64: mte: Do not set PG_mte_tagged if tags were not initialized
rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler
rethook, fprobe: do not trace rethook related functions
remoteproc: imx_dsp_rproc: Fix kernel test robot sparse warning
crypto: testmgr - fix RNG performance in fuzz tests
drm/amdgpu: declare firmware for new MES 11.0.4
drm/amd/amdgpu: introduce gc_*_mes_2.bin v2
drm/amdgpu: reserve the old gc_11_0_*_mes.bin
Linux 6.1.30
Change-Id: I411885affcf017410aab34bf3fba2dde96df6593
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
ef75a88787 |
Merge 6.1.28 into android14-6.1-lts
Changes in 6.1.28
ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15
ASoC: Intel: soc-acpi: add table for Intel 'Rooks County' NUC M15
ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm
x86/hyperv: Block root partition functionality in a Confidential VM
ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22)
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
ASoC: da7213.c: add missing pm_runtime_disable()
net: wwan: t7xx: do not compile with -Werror
selftests mount: Fix mount_setattr_test builds failed
scsi: mpi3mr: Handle soft reset in progress fault code (0xF002)
net: sfp: add quirk enabling 2500Base-x for HG MXPD-483II
platform/x86: thinkpad_acpi: Add missing T14s Gen1 type to s2idle quirk list
wifi: ath11k: reduce the MHI timeout to 20s
tracing: Error if a trace event has an array for a __field()
asm-generic/io.h: suppress endianness warnings for readq() and writeq()
x86/cpu: Add model number for Intel Arrow Lake processor
wireguard: timers: cast enum limits members to int in prints
wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset
ASoC: amd: fix ACP version typo mistake
ASoC: amd: ps: update the acp clock source.
arm64: Always load shadow stack pointer directly from the task struct
arm64: Stash shadow stack pointer in the task struct on interrupt
powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU
PCI: kirin: Select REGMAP_MMIO
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: qcom: Fix the incorrect register usage in v2.7.0 config
phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes
IMA: allow/fix UML builds
usb: gadget: udc: core: Invoke usb_gadget_connect only when started
usb: gadget: udc: core: Prevent redundant calls to pullup
usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
USB: dwc3: fix runtime pm imbalance on probe errors
USB: dwc3: fix runtime pm imbalance on unbind
hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
hwmon: (adt7475) Use device_property APIs when configuring polarity
tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site
posix-cpu-timers: Implement the missing timer_wait_running callback
media: ov8856: Do not check for for module version
blk-stat: fix QUEUE_FLAG_STATS clear
blk-crypto: don't use struct request_queue for public interfaces
blk-crypto: add a blk_crypto_config_supported_natively helper
blk-crypto: move internal only declarations to blk-crypto-internal.h
blk-crypto: Add a missing include directive
blk-mq: release crypto keyslot before reporting I/O complete
blk-crypto: make blk_crypto_evict_key() return void
blk-crypto: make blk_crypto_evict_key() more robust
staging: iio: resolver: ads1210: fix config mode
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
xhci: fix debugfs register accesses while suspended
serial: fix TIOCSRS485 locking
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
serial: max310x: fix IO data corruption in batched operations
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
fs: fix sysctls.c built
MIPS: fw: Allow firmware to pass a empty env
ipmi:ssif: Add send_retries increment
ipmi: fix SSIF not responding under certain cond.
iio: addac: stx104: Fix race condition when converting analog-to-digital
iio: addac: stx104: Fix race condition for stx104_write_raw()
kheaders: Use array declaration instead of char
wifi: mt76: add missing locking to protect against concurrent rx/status calls
pwm: meson: Fix axg ao mux parents
pwm: meson: Fix g12a ao clk81 name
soundwire: qcom: correct setting ignore bit on v1.5.1
pinctrl: qcom: lpass-lpi: set output value before enabling output
ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus
ring-buffer: Sync IRQ works before buffer destruction
crypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON()
crypto: safexcel - Cleanup ring IRQ workqueues on load failure
crypto: arm64/aes-neonbs - fix crash with CFI enabled
crypto: ccp - Don't initialize CCP for PSP 0x1649
rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
KVM: arm64: Avoid vcpu->mutex v. kvm->lock inversion in CPU_ON
KVM: arm64: Avoid lock inversion when setting the VM register width
KVM: arm64: Use config_lock to protect data ordered against KVM_RUN
KVM: arm64: Use config_lock to protect vgic state
KVM: arm64: vgic: Don't acquire its_lock before config_lock
relayfs: fix out-of-bounds access in relay_file_read
drm/amd/display: Remove stutter only configurations
drm/amd/display: limit timing for single dimm memory
drm/amd/display: fix PSR-SU/DSC interoperability support
drm/amd/display: fix a divided-by-zero error
KVM: RISC-V: Retry fault if vma_lookup() results become invalid
ksmbd: fix racy issue under cocurrent smb2 tree disconnect
ksmbd: call rcu_barrier() in ksmbd_server_exit()
ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
ksmbd: fix memleak in session setup
ksmbd: not allow guest user on multichannel
ksmbd: fix deadlock in ksmbd_find_crypto_ctx()
ACPI: video: Remove acpi_backlight=video quirk for Lenovo ThinkPad W530
i2c: omap: Fix standard mode false ACK readings
riscv: mm: remove redundant parameter of create_fdt_early_page_table
tracing: Fix permissions for the buffer_percent file
swsmu/amdgpu_smu: Fix the wrong if-condition
drm/amd/pm: re-enable the gfx imu when smu resume
iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE
RISC-V: Align SBI probe implementation with spec
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
ubifs: Fix memleak when insert_old_idx() failed
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Free memory for tmpfile name
ubifs: Fix memory leak in do_rename
ceph: fix potential use-after-free bug when trimming caps
xfs: don't consider future format versions valid
cxl/hdm: Fail upon detecting 0-sized decoders
bus: mhi: host: Remove duplicate ee check for syserr
bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state
bus: mhi: host: Range check CHDBOFF and ERDBOFF
ASoC: dt-bindings: qcom,lpass-rx-macro: correct minItems for clocks
kunit: improve KTAP compliance of KUnit test output
kunit: fix bug in the order of lines in debugfs logs
rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem
selftests/resctrl: Move ->setup() call outside of test specific branches
selftests/resctrl: Allow ->setup() to return errors
selftests/resctrl: Check for return value after write_schemata()
selinux: fix Makefile dependencies of flask.h
selinux: ensure av_permissions.h is built when needed
tpm, tpm_tis: Do not skip reset of original interrupt vector
tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register
tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
tpm, tpm_tis: Claim locality before writing interrupt registers
tpm, tpm: Implement usage counter for locality
tpm, tpm_tis: Claim locality when interrupts are reenabled on resume
erofs: stop parsing non-compact HEAD index if clusterofs is invalid
erofs: initialize packed inode after root inode is assigned
erofs: fix potential overflow calculating xattr_isize
drm/rockchip: Drop unbalanced obj unref
drm/i915/dg2: Drop one PCI ID
drm/vgem: add missing mutex_destroy
drm/probe-helper: Cancel previous job before starting new one
drm/amdgpu: register a vga_switcheroo client for MacBooks with apple-gmux
tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007
soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
arm64: dts: renesas: r9a07g044: Update IRQ numbers for SSI channels
arm64: dts: renesas: r9a07g054: Update IRQ numbers for SSI channels
arm64: dts: renesas: r9a07g043: Introduce SOC_PERIPHERAL_IRQ() macro to specify interrupt property
arm64: dts: renesas: r9a07g043: Update IRQ numbers for SSI channels
drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached
drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
ARM: dts: qcom-apq8064: Fix opp table child name
regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted
arm64: dts: ti: k3-am62-main: Fix GPIO numbers in DT
arm64: dts: ti: k3-am62a7-sk: Fix DDR size to full 4GB
arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name
arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames
arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename
arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
arm64: dts: qcom: sc7280: fix EUD port properties
arm64: dts: qcom: sdm845: correct dynamic power coefficients
arm64: dts: qcom: sdm845: Fix the PCI I/O port range
arm64: dts: qcom: msm8998: Fix the PCI I/O port range
arm64: dts: qcom: sc7280: Fix the PCI I/O port range
arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
arm64: dts: qcom: ipq6018: Fix the PCI I/O port range
arm64: dts: qcom: msm8996: Fix the PCI I/O port range
arm64: dts: qcom: sm8250: Fix the PCI I/O port range
arm64: dts: qcom: sm8150: Fix the PCI I/O port range
arm64: dts: qcom: sm8450: Fix the PCI I/O port range
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
ARM: dts: qcom: ipq8064: Fix the PCI I/O port range
ARM: dts: qcom: sdx55: Fix the unit address of PCIe EP node
x86/MCE/AMD: Use an u64 for bank_map
media: bdisp: Add missing check for create_workqueue
media: platform: mtk-mdp3: Add missing check and free for ida_alloc
media: amphion: decoder implement display delay enable
media: av7110: prevent underflow in write_ts_to_decoder()
firmware: qcom_scm: Clear download bit during reboot
drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
media: max9286: Free control handler
arm64: dts: ti: k3-am625: Correct L2 cache size to 512KB
arm64: dts: ti: k3-am62a7: Correct L2 cache size to 512KB
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm: msm: adreno: Disable preemption on Adreno 510
virt/coco/sev-guest: Double-buffer messages
arm64: dts: qcom: sm8350-microsoft-surface: fix USB dual-role mode property
drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings
ACPI: processor: Fix evaluating _PDC method when running as Xen dom0
mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
arm64: dts: qcom: sm8450: fix pcie1 gpios properties name
drm: rcar-du: Fix a NULL vs IS_ERR() bug
ARM: dts: gta04: fix excess dma channel usage
firmware: arm_scmi: Fix xfers allocation on Rx channel
perf/arm-cmn: Move overlapping wp_combine field
ARM: dts: stm32: fix spi1 pin assignment on stm32mp15
arm64: dts: apple: t8103: Disable unused PCIe ports
cpufreq: mediatek: fix passing zero to 'PTR_ERR'
cpufreq: mediatek: fix KP caused by handler usage after regulator_put/clk_put
cpufreq: mediatek: raise proc/sram max voltage for MT8516
cpufreq: mediatek: Raise proc and sram max voltage for MT7622/7623
cpufreq: qcom-cpufreq-hw: Revert adding cpufreq qos
arm64: dts: mediatek: mt8192-asurada: Fix voltage constraint for Vgpu
ACPI: VIOT: Initialize the correct IOMMU fwspec
drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
drm/mediatek: dp: Change the aux retries times when receiving AUX_DEFER
mailbox: mpfs: switch to txdone_poll
soc: bcm: brcmstb: biuctrl: fix of_iomap leak
soc: renesas: renesas-soc: Release 'chipid' from ioremap()
gpu: host1x: Fix potential double free if IOMMU is disabled
gpu: host1x: Fix memory leak of device names
arm64: dts: qcom: sc7280-herobrine-villager: correct trackpad supply
arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
arm64: dts: qcom: sc7180-trogdor-pazquel: correct trackpad supply
arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator
arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator
arm64: dts: qcom: apq8096-db820c: drop unit address from PMI8994 regulator
drm/ttm: optimize pool allocations a bit v2
drm/ttm/pool: Fix ttm_pool_alloc error path
regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow()
regulator: core: Avoid lockdep reports when resolving supplies
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
arm64: dts: qcom: msm8994-angler: Fix cont_splash_mem mapping
arm64: dts: qcom: msm8994-angler: removed clash with smem_region
arm64: dts: sc7180: Rename qspi data12 as data23
arm64: dts: sc7280: Rename qspi data12 as data23
media: mediatek: vcodec: Use 4K frame size when supported by stateful decoder
media: mediatek: vcodec: Make MM21 the default capture format
media: mediatek: vcodec: Force capture queue format to MM21
media: mediatek: vcodec: add params to record lat and core lat_buf count
media: mediatek: vcodec: using each instance lat_buf count replace core ready list
media: mediatek: vcodec: move lat_buf to the top of core list
media: mediatek: vcodec: add core decode done event
media: mediatek: vcodec: remove unused lat_buf
media: mediatek: vcodec: making sure queue_work successfully
media: mediatek: vcodec: change lat thread decode error condition
media: cedrus: fix use after free bug in cedrus_remove due to race condition
media: rkvdec: fix use after free bug in rkvdec_remove
platform/x86/amd/pmf: Move out of BIOS SMN pair for driver probe
platform/x86/amd: pmc: Don't try to read SMU version on Picasso
platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso
platform/x86/amd: pmc: Don't dump data after resume from s0i3 on picasso
platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read`
platform/x86/amd: pmc: Utilize SMN index 0 for driver probe
platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: platform: mtk-mdp3: fix potential frame size overflow in mdp_try_fmt_mplane()
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: v4l: async: Return async sub-devices to subnotifier list
media: hi846: Fix memleak in hi846_init_controls()
drm/amd/display: Fix potential null dereference
media: rc: gpio-ir-recv: Fix support for wake-up
media: venus: dec: Fix handling of the start cmd
media: venus: dec: Fix capture formats enumeration order
regulator: stm32-pwr: fix of_iomap leak
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
perf/arm-cmn: Fix port detection for CMN-700
media: mediatek: vcodec: fix decoder disable pm crash
media: mediatek: vcodec: add remove function for decoder platform driver
debugobject: Prevent init race with static objects
drm/i915: Make intel_get_crtc_new_encoder() less oopsy
tick/common: Align tick period with the HZ tick.
ACPI: bus: Ensure that notify handlers are not running after removal
cpufreq: use correct unit when verify cur freq
rpmsg: glink: Propagate TX failures in intentless mode as well
hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E
platform/chrome: cros_typec_switch: Add missing fwnode_handle_put()
wifi: ath6kl: minor fix for allocation size
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath11k: Use platform_get_irq() to get the interrupt
wifi: ath5k: Use platform_get_irq() to get the interrupt
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath11k: fix SAC bug on peer addition with sta band migration
wifi: brcmfmac: support CQM RSSI notification with older firmware
wifi: ath6kl: reduce WARN to dev_dbg() in callback
tools: bpftool: Remove invalid \' json escape
wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
bpf: take into account liveness when propagating precision
bpf: fix precision propagation verbose logging
crypto: qat - fix concurrency issue when device state changes
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
wifi: ath11k: fix deinitialization of firmware resources
selftests/bpf: Fix a fd leak in an error path in network_helpers.c
bpf: Remove misleading spec_v1 check on var-offset stack read
net: pcs: xpcs: remove double-read of link state when using AN
vlan: partially enable SIOCSHWTSTAMP in container
net/packet: annotate accesses to po->xmit
net/packet: convert po->origdev to an atomic flag
net/packet: convert po->auxdata to an atomic flag
libbpf: Fix ld_imm64 copy logic for ksym in light skeleton.
net: dsa: qca8k: remove assignment of an_enabled in pcs_get_state()
netfilter: keep conntrack reference until IPsecv6 policy checks are done
bpf: Fix __reg_bound_offset 64->32 var_off subreg propagation
scsi: target: core: Change the way target_xcopy_do_work() sets restiction on max I/O
scsi: target: Move sess cmd counter to new struct
scsi: target: Move cmd counter allocation
scsi: target: Pass in cmd counter to use during cmd setup
scsi: target: iscsit: isert: Alloc per conn cmd counter
scsi: target: iscsit: Stop/wait on cmds during conn close
scsi: target: Fix multiple LUN_RESET handling
scsi: target: iscsit: Fix TAS handling during conn cleanup
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
net: sunhme: Fix uninitialized return code
f2fs: handle dqget error in f2fs_transfer_project_quota()
f2fs: fix uninitialized skipped_gc_rwsem
f2fs: apply zone capacity to all zone type
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
f2fs: fix scheduling while atomic in decompression path
crypto: caam - Clear some memory in instantiate_rng
crypto: sa2ul - Select CRYPTO_DES
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
scsi: libsas: Add sas_ata_device_link_abort()
scsi: hisi_sas: Handle NCQ error when IPTT is valid
wifi: rt2x00: Fix memory leak when handling surveys
f2fs: fix iostat lock protection
net: qrtr: correct types of trace event parameters
selftests: xsk: Use correct UMEM size in testapp_invalid_desc
selftests: xsk: Disable IPv6 on VETH1
selftests: xsk: Deflakify STATS_RX_DROPPED test
selftests/bpf: Wait for receive in cg_storage_multi test
bpftool: Fix bug for long instructions in program CFG dumps
crypto: drbg - Only fail when jent is unavailable in FIPS mode
xsk: Fix unaligned descriptor validation
f2fs: fix to avoid use-after-free for cached IPU bio
wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
bpf/btf: Fix is_int_ptr()
scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
net: ethernet: stmmac: dwmac-rk: rework optional clock handling
net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling
wifi: ath11k: fix writing to unintended memory region
bpf, sockmap: fix deadlocks in the sockhash and sockmap
nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns()
nvmet: fix Identify Namespace handling
nvmet: fix Identify Controller handling
nvmet: fix Identify Active Namespace ID list handling
nvmet: fix I/O Command Set specific Identify Controller
nvme: fix async event trace event
nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
selftests/bpf: Use read_perf_max_sample_freq() in perf_event_stackmap
selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach
blk-mq: don't plug for head insertions in blk_execute_rq_nowait
wifi: iwlwifi: debug: fix crash in __iwl_err()
wifi: iwlwifi: trans: don't trigger d3 interrupt twice
wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported protocols
bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
f2fs: fix to check return value of f2fs_do_truncate_blocks()
f2fs: fix to check return value of inc_valid_block_count()
md/raid10: fix task hung in raid10d
md/raid10: fix leak of 'r10bio->remaining' for recovery
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix memleak of md thread
md/raid10: don't call bio_start_io_acct twice for bio which experienced read error
wifi: iwlwifi: mvm: don't drop unencrypted MCAST frames
wifi: iwlwifi: yoyo: skip dump correctly on hw error
wifi: iwlwifi: yoyo: Fix possible division by zero
wifi: iwlwifi: mvm: initialize seq variable
wifi: iwlwifi: fw: move memset before early return
jdb2: Don't refuse invalidation of already invalidated buffers
io_uring/rsrc: use nospec'ed indexes
wifi: iwlwifi: make the loop for card preparation effective
wifi: mt76: mt7915: expose device tree match table
wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
wifi: mt76: add flexible polling wait-interval support
wifi: mt76: mt7921e: fix probe timeout after reboot
wifi: mt76: fix 6GHz high channel not be scanned
mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data
wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe`
wifi: mt76: mt7921e: improve reliability of dma reset
wifi: mt76: mt7921e: stop chip reset worker in unregister hook
wifi: mt76: connac: fix txd multicast rate setting
wifi: iwlwifi: mvm: check firmware response size
netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert()
netfilter: conntrack: fix wrong ct->timeout value
wifi: iwlwifi: fw: fix memory leak in debugfs
ixgbe: Allow flow hash to be set via ethtool
ixgbe: Enable setting RSS table to default values
net/mlx5e: Don't clone flow post action attributes second time
net/mlx5: E-switch, Create per vport table based on devlink encap mode
net/mlx5: E-switch, Don't destroy indirect table in split rule
net/mlx5e: Fix error flow in representor failing to add vport rx rule
net/mlx5: Remove "recovery" arg from mlx5_load_one() function
net/mlx5: Suspend auxiliary devices only in case of PCI device suspend
Revert "net/mlx5: Remove "recovery" arg from mlx5_load_one() function"
net/mlx5: Use recovery timeout on sync reset flow
net/mlx5e: Nullify table pointer when failing to create
net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports
bpf: Fix race between btf_put and btf_idr walk.
bpf: Don't EFAULT for getsockopt with optval=NULL
netfilter: nf_tables: don't write table validation state without mutex
net: dpaa: Fix uninitialized variable in dpaa_stop()
net/sched: sch_fq: fix integer overflow of "credit"
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
netlink: Use copy_to_user() for optval in netlink_getsockopt().
net: amd: Fix link leak when verifying config failed
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
ASoC: cs35l41: Only disable internal boost
drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler()
pstore: Revert pmsg_lock back to a normal mutex
usb: host: xhci-rcar: remove leftover quirk handling
usb: dwc3: gadget: Change condition for processing suspend event
serial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted
fpga: bridge: fix kernel-doc parameter description
iio: light: max44009: add missing OF device matching
serial: 8250_bcm7271: Fix arbitration handling
spi: atmel-quadspi: Don't leak clk enable count in pm resume
spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()
spi: imx: Don't skip cleanup in remove's error path
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE
PCI: imx6: Install the fault handler only on compatible match
ASoC: es8316: Handle optional IRQ assignment
linux/vt_buffer.h: allow either builtin or modular for macros
spi: qup: Don't skip cleanup in remove's error path
interconnect: qcom: rpm: drop bogus pm domain attach
spi: fsl-spi: Fix CPM/QE mode Litte Endian
vmci_host: fix a race condition in vmci_host_poll() causing GPF
of: Fix modalias string generation
PCI/EDR: Clear Device Status after EDR error recovery
ia64: mm/contig: fix section mismatch warning/error
ia64: salinfo: placate defined-but-not-used warning
scripts/gdb: bail early if there are no clocks
scripts/gdb: bail early if there are no generic PD
HID: amd_sfh: Correct the structure fields
HID: amd_sfh: Correct the sensor enable and disable command
HID: amd_sfh: Fix illuminance value
HID: amd_sfh: Add support for shutdown operation
HID: amd_sfh: Correct the stop all command
HID: amd_sfh: Increase sensor command timeout for SFH1.1
HID: amd_sfh: Handle "no sensors" enabled for SFH1.1
cacheinfo: Check sib_leaf in cache_leaves_are_shared()
coresight: etm_pmu: Set the module field
drm/panel: novatek-nt35950: Improve error handling
ASoC: fsl_mqs: move of_node_put() to the correct location
PCI/PM: Extend D3hot delay for NVIDIA HDA controllers
drm/panel: novatek-nt35950: Only unregister DSI1 if it exists
spi: cadence-quadspi: fix suspend-resume implementations
i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
scripts/gdb: raise error with reduced debugging information
uapi/linux/const.h: prefer ISO-friendly __typeof__
sh: sq: Fix incorrect element size for allocating bitmap buffer
usb: gadget: tegra-xudc: Fix crash in vbus_draw
usb: chipidea: fix missing goto in `ci_hdrc_probe`
usb: mtu3: fix kernel panic at qmu transfer done irq handler
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
tty: serial: fsl_lpuart: adjust buffer length to the intended size
serial: 8250: Add missing wakeup event reporting
spi: cadence-quadspi: use macro DEFINE_SIMPLE_DEV_PM_OPS
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
spmi: Add a check for remove callback when removing a SPMI driver
virtio_ring: don't update event idx on get_buf
fbdev: mmp: Fix deferred clk handling in mmphw_probe()
selftests/powerpc/pmu: Fix sample field check in the mmcra_thresh_marked_sample_test
macintosh/windfarm_smu_sat: Add missing of_node_put()
powerpc/perf: Properly detect mpc7450 family
powerpc/mpc512x: fix resource printk format warning
powerpc/wii: fix resource printk format warnings
powerpc/sysdev/tsi108: fix resource printk format warnings
macintosh: via-pmu-led: requires ATA to be set
powerpc/rtas: use memmove for potentially overlapping buffer copy
sched/fair: Fix inaccurate tally of ttwu_move_affine
perf/core: Fix hardlockup failure caused by perf throttle
Revert "objtool: Support addition to set CFA base"
riscv: Fix ptdump when KASAN is enabled
sched/rt: Fix bad task migration for rt tasks
tracing/user_events: Ensure write index cannot be negative
clk: at91: clk-sam9x60-pll: fix return value check
IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init
RDMA/siw: Fix potential page_array out of range access
clk: mediatek: mt2712: Add error handling to clk_mt2712_apmixed_probe()
clk: mediatek: Consistently use GATE_MTK() macro
clk: mediatek: mt7622: Properly use CLK_IS_CRITICAL flag
clk: mediatek: mt8135: Properly use CLK_IS_CRITICAL flag
RDMA/rdmavt: Delete unnecessary NULL check
clk: qcom: gcc-qcm2290: Fix up gcc_sdcc2_apps_clk_src
workqueue: Fix hung time report of worker pools
rtc: omap: include header for omap_rtc_power_off_program prototype
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
rtc: k3: handle errors while enabling wake irq
RDMA/erdma: Use fixed hardware page size
fs/ntfs3: Fix memory leak if ntfs_read_mft failed
fs/ntfs3: Add check for kmemdup
fs/ntfs3: Fix OOB read in indx_insert_into_buffer
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN
power: supply: generic-adc-battery: fix unit scaling
clk: add missing of_node_put() in "assigned-clocks" property parsing
RDMA/siw: Remove namespace check from siw_netdev_event()
clk: qcom: gcc-sm6115: Mark RCGs shared where applicable
power: supply: rk817: Fix low SOC bugs
RDMA/cm: Trace icm_send_rej event before the cm state is reset
RDMA/srpt: Add a check for valid 'mad_agent' pointer
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
clk: imx: fracn-gppll: fix the rate table
clk: imx: fracn-gppll: disable hardware select control
clk: imx: imx8ulp: Fix XBAR_DIVBUS and AD_SLOW clock parents
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
iommu/amd: Set page size bitmap during V2 domain allocation
clk: qcom: lpasscc-sc7280: Skip qdsp6ss clock registration
clk: qcom: lpassaudiocc-sc7280: Add required gdsc power domain clks in lpass_cc_sc7280_desc
clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
clk: qcom: dispcc-qcm2290: get rid of test clock
clk: qcom: dispcc-qcm2290: Remove inexistent DSI1PHY clk
Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
swiotlb: fix debugfs reporting of reserved memory pools
RDMA/mlx5: Check pcie_relaxed_ordering_enabled() in UMR
RDMA/mlx5: Fix flow counter query via DEVX
SUNRPC: remove the maximum number of retries in call_bind_status
RDMA/mlx5: Use correct device num_ports when modify DC
clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails
openrisc: Properly store r31 to pt_regs on unhandled exceptions
timekeeping: Fix references to nonexistent ktime_get_fast_ns()
SMB3: Add missing locks to protect deferred close file list
SMB3: Close deferred file handles in case of handle lease break
ext4: fix i_disksize exceeding i_size problem in paritally written case
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration
pinctrl: renesas: r8a779f0: Fix tsn1_avtp_pps pin group
pinctrl: renesas: r8a779g0: Fix Group 4/5 pin functions
pinctrl: renesas: r8a779g0: Fix Group 6/7 pin functions
pinctrl: renesas: r8a779g0: Fix ERROROUTC function names
leds: TI_LMU_COMMON: select REGMAP instead of depending on it
pinctrl: ralink: reintroduce ralink,rt2880-pinmux compatible string
dmaengine: mv_xor_v2: Fix an error code.
leds: tca6507: Fix error handling of using fwnode_property_read_string
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Configure double buffering before reading in .get_state()
soundwire: cadence: rename sdw_cdns_dai_dma_data as sdw_cdns_dai_runtime
soundwire: intel: don't save hw_params for use in prepare
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
phy: ti: j721e-wiz: Fix unreachable code in wiz_mode_select()
dma: gpi: remove spurious unlock in gpi_ch_init
dmaengine: dw-edma: Fix to change for continuous transfer
dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing
dmaengine: at_xdmac: do not enable all cyclic channels
pinctrl-bcm2835.c: fix race condition when setting gpio dir
thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe
mfd: tqmx86: Do not access I2C_DETECT register through io_base
mfd: tqmx86: Specify IO port register range more precisely
mfd: tqmx86: Correct board names for TQMxE39x
mfd: ocelot-spi: Fix unsupported bulk read
mfd: arizona-spi: Add missing MODULE_DEVICE_TABLE
hte: tegra: fix 'struct of_device_id' build error
hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id()
ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini
PM: hibernate: Turn snapshot_test into global variable
PM: hibernate: Do not get block device exclusively in test_resume mode
afs: Fix updating of i_size with dv jump from server
afs: Fix getattr to report server i_size on dirs, not local size
afs: Avoid endless loop if file is larger than expected
parisc: Fix argument pointer in real64_call_asm()
parisc: Ensure page alignment in flush functions
ALSA: usb-audio: Add quirk for Pioneer DDJ-800
ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6
ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
nilfs2: do not write dirty data after degenerating to read-only
nilfs2: fix infinite loop in nilfs_mdt_get_block()
mm: do not reclaim private data from pinned page
drbd: correctly submit flush bio on barrier
md/raid10: fix null-ptr-deref in raid10_sync_request
md/raid5: Improve performance for sequential IO
kasan: hw_tags: avoid invalid virt_to_page()
mtd: core: provide unique name for nvmem device, take two
mtd: core: fix nvmem error reporting
mtd: core: fix error path for nvmem provider
mtd: spi-nor: core: Update flash's current address mode when changing address mode
mailbox: zynqmp: Fix IPI isr handling
kcsan: Avoid READ_ONCE() in read_instrumented_memory()
mailbox: zynqmp: Fix typo in IPI documentation
wifi: rtl8xxxu: RTL8192EU always needs full init
wifi: rtw89: fix potential race condition between napi_init and napi_enable
clk: microchip: fix potential UAF in auxdev release callback
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
scripts/gdb: fix lx-timerlist for Python3
btrfs: scrub: reject unsupported scrub flags
s390/dasd: fix hanging blockdevice after request requeue
ia64: fix an addr to taddr in huge_pte_offset()
mm/mempolicy: correctly update prev when policy is equal on mbind
vhost_vdpa: fix unmap process in no-batch mode
dm verity: fix error handling for check_at_most_once on FEC
dm clone: call kmem_cache_destroy() in dm_clone_init() error path
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
dm flakey: fix a crash with invalid table line
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
dm: don't lock fs when the map is NULL in process of resume
blk-iocost: avoid 64-bit division in ioc_timer_fn
cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
cifs: protect session status check in smb2_reconnect()
thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype
bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
wifi: ath11k: synchronize ath11k_mac_he_gi_to_nl80211_he_gi()'s return type
perf auxtrace: Fix address filter entire kernel size
perf intel-pt: Fix CYC timestamps after standalone CBR
block/blk-iocost (gcc13): keep large values in a new enum
sfc (gcc13): synchronize ef100_enqueue_skb()'s return type
i40e: Remove unused i40e status codes
i40e: Remove string printing for i40e_status
i40e: use int for i40e_status
drm/amd/display (gcc13): fix enum mismatch
debugobject: Ensure pool refill (again)
scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort()
netfilter: nf_tables: deactivate anonymous set from preparation phase
Linux 6.1.28
Change-Id: I61b5133e2d051cc2aa39b8c7c1be3fc25da40210
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Todd Kjos
|
d645236cfd |
ANDROID: fix kernelci build failure in vmscan.c
Vendor hooks added in vmscan.c directly referenced a vendor-specific
field which is only defined if CONFIG_ANDROID_VENDOR_OEM_DATA is
enabled. A kernelci config wich CONFIG_ANDROID_VENDOR_OEM_DATA
disabled and CONFIG_ANDROID_VENDOR_HOOKS enabled has a build-break
due to the undefined field.
Fixes:
|
||
zhouwenhao
|
87f8c82651 |
ANDROID: vendor_hooks:vendor hook for madvise_cold_or_pageout_pte_range.
add vendor hook in madvise_cold_or_pageout_pte_range to control the pages to be reclaimed more fine-grained. Bug: 284808098 Signed-off-by: zhouwenhao <zhouwenhao@xiaomi.com> Change-Id: I298fde436df192cea9b1541d857f3a46808e06f2 |
||
|
Greg Kroah-Hartman
|
9fcc8018f0 |
This is the 6.1.27 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRO+SoACgkQONu9yGCS aT4zTA//UkIj0wfAZ3s3WAx8X0yFZKh5d/Fr0l50gbFt2Lvd4xA1vLNJVZb3rUGF +FWxpkAbvIuQcYdqHx4JjUuvnTykNGi5JPbXt4lXQpH8/EgsjY1PKSrG3Z9aRTpO 4HMo8wzIEYuuJWoOlKtXQQirKnrmDkCgPRZmS9wIT2CwtPbbWpfrOyzRNJ30p4VU EqZ/EXd1eSX3rpNlq1ksi8BlEkaK/+VEnOx0R1VjCcvi4QldencQFzYdj2xhb33r 7o9e0cnE/Y7RzV2ArwVn/41QBXscgKU2IqNeujcSsrsvLmI8YtRnSnvrORwV1zWz LDRArSt1DvMUq5JKvnLMkpbCXdTOWX2E5EwllVGx4w+8GdFzKgFKmt1q6mCtduCo M4ex82j29gJkDf3u0oZkikaMtOXTA+/deBKgbC1NbMDWMrW1fyl68ovXxjEVfs1A cUshn3jgSknL1MB4wb2ItTi+Qun6FHLaDhL+YuZuw/OytxIKltX5HzgWQYCrm4b4 qXd6AvGmE/aJAR99t/2lC+Snhdmrw0DNQJCtxJ9HVI1sp16jYLlCFbPQiMAGAaXJ 1i174ssXd6PQebNo0cWAr/yRMpRakqiSSWla/a0z71TGbMtL9WJp9f+ZnUWHjJAI 9wf5pmnyst6TmB24xiGltGOBW42SCyx7mipoSUwEurqe1j5sPJs= =pA4R -----END PGP SIGNATURE----- Merge 6.1.27 into android14-6.1-lts Changes in 6.1.27 um: Only disable SSE on clang to work around old GCC bugs phy: phy-brcm-usb: Utilize platform_get_irq_byname_optional() KVM: arm64: Retry fault if vma_lookup() results become invalid mm/mempolicy: fix use-after-free of VMA iterator mptcp: stops worker on unaccepted sockets at listener close mptcp: fix accept vs worker race wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU bluetooth: Perform careful capability checks in hci_sock_ioctl() btrfs: fix uninitialized variable warnings USB: serial: option: add UNISOC vendor and TOZED LT70C product driver core: Don't require dynamic_debug for initcall_debug probe timing riscv: Move early dtb mapping into the fixmap region riscv: Do not set initial_boot_params to the linear address of the dtb riscv: No need to relocate the dtb as it lies in the fixmap region Linux 6.1.27 Change-Id: I25f8ead528e2f8f2694bce3eb16a3e02aa969c53 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
jianzhou
|
e555c11e74 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (a0290fa) into qcom-6.1
* refs/heads/tmp-a0290fa:
ANDROID: GKI: Update symbols to abi_gki_aarch64_oplus for extend copy & fbarrier feature
ANDROID: abi_gki_aarch64_qcom: Update symbol list
ANDROID: mmc: core: Export core functions for kernel modules usage
ANDROID: vendor_hooks: Define new hooks in _mmc_suspend/resume
ANDROID: update symbol for unisoc vendor_hooks
ANDROID: vendor_hooks: psci: add hook to check if cpu is allowed to power off
ANDROID: Add vendor hook to the effective_cpu_util
ANDROID: Update symbol list for mtk
ANDROID: ABI: update symbol list for galaxy
ANDROID: update symbol for unisoc vendor_hooks
ANDROID: thermal: Add vendor hook to check power range
ANDROID: thermal: Add vendor hook to get thermal zone device
ANDROID: thermal: Add hook for cpufreq thermal
ANDROID: virt: gunyah: Delta between v13 and v14
Revert "ANDROID: gki_config: use DWARFv5 rather than DWARFv4"
ANDROID: gunyah: Sync with latest "mailbox: Add Gunyah message queue mailbox"
FROMLIST: scsi: ufs: core: Fix mcq tag calcualtion
UPSTREAM: ufs: mcq: qcom: Fix passing zero to PTR_ERR
UPSTREAM: ufs: mcq: qcom: Clean the return path of ufs_qcom_mcq_config_resource
UPSTREAM: scsi: ufs: core: Print trs for pending requests in MCQ mode
UPSTREAM: scsi: ufs: core: Add trace event for MCQ
UPSTREAM: mm,kfence: decouple kfence from page granularity mapping judgement
UPSTREAM: mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
UPSTREAM: mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages
UPSTREAM: usb: gadget: f_fs: Add unbind event before functionfs_unbind
UPSTREAM: mm: kmsan: handle alloc failures in kmsan_vmap_pages_range_noflush()
ANDROID: defconfig: Enable debug configs in consolidate-fragment
ANDROID: ABI: Update oplus symbol list
Revert "FROMGIT: usb: gadget: udc: core: Prevent redundant calls to pullup"
ANDROID: GKI: Update symbols to symbol list
ANDROID: vendor_hooks: Add hooks for binder proc transaction
UPSTREAM: mm: kmsan: handle alloc failures in kmsan_ioremap_page_range()
UPSTREAM: mm/huge_memory.c: warn with pr_warn_ratelimited instead of VM_WARN_ON_ONCE_FOLIO
UPSTREAM: mm/userfaultfd: fix uffd-wp handling for THP migration entries
UPSTREAM: mm/khugepaged: check again on anon uffd-wp during isolation
UPSTREAM: fuse: always revalidate rename target dentry
ANDROID: GKI: update xiaomi symbol list
BACKPORT: FROMGIT: Multi-gen LRU: fix workingset accounting
BACKPORT: FROMGIT: PCI: dwc: Wait for link up only if link is started
ANDROID: ABI: update symbol list for exynos
ANDROID: ufs: Improve MCQ err handling
ANDROID: ABI: Update oplus symbol list
ANDROID: GKI: sched: add rvh for new cfs task util
ANDROID: Disable BTI_KERNEL, enable UNWIND_PATCH_PAC_INTO_SCS
BACKPORT: arm64: implement dynamic shadow call stack for Clang
UPSTREAM: scs: add support for dynamic shadow call stacks
BACKPORT: arm64: unwind: add asynchronous unwind tables to kernel and modules
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Add hook in shrink_node_memcgs
ANDROID: ashmem: Export is_ashmem_file
ANDROID: ABI: update symbol list related to show_mem for Exynos
ANDROID: vendor_hooks: Add hooks for memory when debug
ANDROID: GKI: Update symbol list for honor
ANDROID: mutex: Add vendor hook to init mutex oem data.
ANDROID: bazel: Adding make_goals to consolidate build
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hook: add hooks in dm_bufio.c
ANDROID: abi_gki_aarch64_qcom: update QCOM symbol list
ANDROID: ABI: Update honor symbol list
ANDROID: mm: create vendor hooks for do_shrink_slab()
ANDROID: mm: create vendor hooks for shrink_slab()
BACKPORT: usb: dwc3: fix gadget mode suspend interrupt handler issue
ANDROID: GKI: update symbol list file for xiaomi
ANDROID: 5/24/2023 KMI update
ANDROID: virt: gunyah: Add KABI reservations
ANDROID: virt: gunyah: Sync with KMI impacting changes from v13
ANDROID: virt: gunyah: Force struct gh_rm as opaque
Revert "ANDROID: gki_config: use DWARFv5 rather than DWARFv4"
ANDROID: ABI: Update symbol list for Exynos SoC
ANDROID: power: Add ANDROID_OEM_DATA in freq_qos_request.
ANDROID: GKI: net: add vendor hooks for 'struct sock' lifecycle
ANDROID: GKI: net: add vendor hooks for 'struct nf_conn' lifecycle
ANDROID: GKI: add vendor padding variable in struct sock
ANDROID: GKI: add vendor padding variable in struct nf_conn
ANDROID: GKI: add vendor padding variable in struct skb_shared_info
UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
UPSTREAM: cpuidle: teo: Introduce util-awareness
UPSTREAM: cpuidle: teo: Optionally skip polling states in teo_find_shallower_state()
ANDROID: ABI: Update oplus symbol list
ANDROID: thermal: Add vendor hooks for thermal
ANDROID: GKI: Update symbol list for honor
ANDROID: mm: create vendor hooks for page alloc
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Add hooks for cpufreq_acct_update_power
ANDROID: ABI: Update symbol list for Exynos SoC
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Add hooks for account irqtime process tick
ANDROID: vendor_hooks: Add hooks to dup_task_struct
ANDROID: vendor_hooks: Add hooks to record the time of the process in various states
ANDROID: vendor_hooks: Add hooks for signal
ANDROID: power: wakeup_reason: change abort log
ANDROID: virt: gunyah: Delta between v13 and v14
ANDROID: GKI: Update symbol list for xiaomi
ANDROID: psi: Add vendor hooks for PSI tracing
UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
FROMGIT: scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue
ANDROID: ABI: Update oplus symbol list
ANDROID: android: Export symbols for invoking cpufreq_update_util()
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Export the tracepoints task_rename
ANDROID: Add macros to create reserved data fields to backport upstream changes
ANDROID: retry page allocation from buddy on lock contention
UPSTREAM: KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg()
ANDROID: arm64: Check FGT cap before touching HFGWTR_EL2
Revert "ANDROID: Partially Revert "ANDROID: KVM: arm64: Allow tweaking HFGWTR_EL2 from modules""
FROMGIT: f2fs: fix the wrong condition to determine atomic context
ANDROID: GKI: update symbol list file for honor
ANDROID: ABI: Update symbol list for imx
ANDROID: mm: shmem: initialize the vendor data
ANDROID: GKI: refresh STG ABI to new version
ANDROID: GKI: Add symbols to symbol list for vivo
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Add hooks for account process tick
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: add hook account_process_tick_gran
ANDROID: vendor_hooks: Add hook in try_to_unmap_one()
ANDROID: vendor_hooks: Add hook in mmap_region()
ANDROID: Partially Revert "ANDROID: KVM: arm64: Allow tweaking HFGWTR_EL2 from modules"
ANDROID: GKI: update the ABI symbol list
ANDROID: freezer: Add vendor hook to freezer for GKI purpose.
ANDROID: freezer: export the freezer_cgrp_subsys for GKI purpose.
ANDROID: GKI: update the ABI symbol list
ANDROID: Add vendor hooks for binder perf tuning
ANDROID: Add vendor hooks to signal.
ANDROID: Update the ABI symbol list
ANDROID: page_pinner: add missing page_pinner_put_page
ANDROID: page_pinner: prevent pp_buffer uninitialized access
ANDROID: page_pinner: prevent pp_buffer access before initialization
ANDROID: mm: fix use-after free of page_ext in page_pinner
ANDROID: mm: introduce page_pinner
ANDROID: abi_gki_aarch64_qcom: Add gh_rm_register_platform_ops
ANDROID: gunyah: Sync remaining gunyah drivers with latest
ANDROID: gunyah: Sync with latest "mailbox: Add Gunyah message queue mailbox"
ANDROID: gunyah: Sync with latest "gunyah: Common types and error codes for Gunyah hypercalls"
ANDROID: gunyah: Sync with latest hypercalls
ANDROID: gunyah: Sync with latest documentation and UAPI
ANDROID: gunyah: Sync with latest "firmware: qcom_scm: Register Gunyah platform ops"
BACKPORT: firmware: qcom_scm: Use fixed width src vm bitmap
BACKPORT: misc: fastrpc: Pass bitfield into qcom_scm_assign_mem
ANDROID: gunyah: Sync with latest "virt: gunyah: Add ioeventfd"
ANDROID: gunyah: Sync with latest "gunyah: vm_mgr: Add ioctls to support basic non-proxy VM boot"
ANDROID: gunyah: Sync with latest "gunyah: vm_mgr: Add/remove user memory regions"
ANDROID: gunyah: Sync with latest "virt: gunyah: Add resource tickets"
ANDROID: gunyah: Sync with latest "gunyah: vm_mgr: Add framework for VM Functions"
ANDROID: gunyah: Sync with latest "gunyah: rsc_mgr: Add resource manager RPC core"
ANDROID: gunyah: Sync with latest "virt: gunyah: Translate gh_rm_hyp_resource into gunyah_resource"
ANDROID: gunyah: Sync with latest "virt: gunyah: Add hypercalls to identify Gunyah"
BACKPORT: overflow: Introduce overflows_type() and castable_to_type()
UPSTREAM: drm/amd/display: set dcn315 lb bpp to 48
UPSTREAM: drm/amdgpu: Fix desktop freezed after gpu-reset
UPSTREAM: drm/i915: Fix fast wake AUX sync len
UPSTREAM: ASN.1: Fix check for strdup() success
UPSTREAM: ASoC: fsl_sai: Fix pins setting for i.MX8QM platform
UPSTREAM: ASoC: fsl_asrc_dma: fix potential null-ptr-deref
UPSTREAM: ASoC: SOF: pm: Tear down pipelines only if DSP was active
UPSTREAM: fpga: bridge: properly initialize bridge device before populating children
UPSTREAM: iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
UPSTREAM: Input: pegasus-notetaker - check pipe type when probing
UPSTREAM: gcc: disable '-Warray-bounds' for gcc-13 too
UPSTREAM: sctp: Call inet6_destroy_sock() via sk->sk_destruct().
UPSTREAM: dccp: Call inet6_destroy_sock() via sk->sk_destruct().
UPSTREAM: netfilter: nf_tables: deactivate anonymous set from preparation phase
ANDROID: GKI: add symbol list file for unisoc
UPSTREAM: inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
UPSTREAM: purgatory: fix disabling debug info
UPSTREAM: MIPS: Define RUNTIME_DISCARD_EXIT in LD script
UPSTREAM: usb: dwc3: debugfs: Resume dwc3 before accessing registers
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Export the tracepoints sched_stat_sleep and sched_waking to let module probe them
ANDROID: vendor_hooks: Export the tracepoints sched_stat_iowait, sched_stat_blocked, sched_stat_wait to let modules probe them
ANDROID: vendor_hooks: export get_wchan
ANDROID: workqueue: export symbol of the function wq_worker_comm()
BACKPORT: mm/kmemleak: fix UAF bug in kmemleak_scan()
ANDROID: clang: update to 17.0.2
ANDROID: abi_gki_aarch64_qcom: update symbol list
UPSTREAM: media: add nv12_8l128 and nv12_10be_8l128 video format.
ANDROID: ABI: update symbol list for galaxy
ANDROID: db845c: Remove MAKE_GOALS from build.config
ANDROID: GKI: gen_gki_modules_headers update preprocessing
FROMGIT: locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers
FROMGIT: xfrm: Check if_id in inbound policy/secpath match
ANDROID: always add the struct wireless_dev * to struct net_device
ANDROID: ABI: Update symbol list for imx
ANDROID: KVM: arm64: Always unmap protected regions from the host
FROMLIST: usb: typec: altmodes/displayport: fix pin_assignment_show
ANDROID: block: Improve shared tag set performance
ANDROID: Update ABI representation broken by update race
ANDROID: GKI: update the ABI symbol list
ANDROID: cgroup: Add vendor hook for cpuset.
ANDROID: export cpuset_cpus_allowed()for GKI purpose.
ANDROID: sched: Add vendor hooks for cpu affinity.
ANDROID: GKI: Update owners for GKI modules lists
ANDROID: abi_gki_aarch64_qcom: Add USB SND power domain symbol
FROMGIT: usb: xhci: Remove unused udev from xhci_log_ctx trace event
ANDROID: 5/10/2023 KMI update
ANDROID: KVM: arm64: Allow tweaking HFGWTR_EL2 from modules
ANDROID: KVM: arm64: Allow tweaking HCR_EL2 from modules
ANDROID: GKI: Trimmed symbol lists for 80211 modules
ANDROID: GKI: DB845C: cfg/mac 80211 as vendor modules
ANDROID: GKI: cfg/mac 80211 as vendor modules
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Add hooks for futex
ANDROID: vendor_hooks: Add hooks for oem futex optimization
FROMGIT: wifi: nl80211: Add support for randomizing TA of auth and deauth frames
ANDROID: GKI: update the ABI symbol list
ANDROID: sched: Add ANDROID_OEM_DATA_ARRAY in user_struct.
ANDROID: power: Add vendor hook to qos for GKI purpose.
ANDROID: GKI: update the ABI symbol list
ANDROID: export find_user() & free_uid()for GKI purpose.
ANDROID: user: Add vendor hook to user for GKI purpose
ANDROID: sched: add trace_android_vh_map_util_freq parameter
FROMGIT: usb: gadget: udc: core: Prevent redundant calls to pullup
FROMGIT: usb: gadget: udc: core: Invoke usb_gadget_connect only when started
Revert "Revert "KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU""
Revert "Revert "KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run""
Revert "Revert "KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow""
Revert "Revert "KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode""
Revert "Revert "pwm: meson: Explicitly set .polarity in .get_state()""
Revert "Revert "pwm: sprd: Explicitly set .polarity in .get_state()""
Revert "Revert "pwm: iqs620a: Explicitly set .polarity in .get_state()""
Revert "Revert "pwm: cros-ec: Explicitly set .polarity in .get_state()""
Revert "Revert "pwm: hibvt: Explicitly set .polarity in .get_state()""
Revert "Revert "pwm: Make .get_state() callback return an error code""
Revert "Revert "raw: Fix NULL deref in raw_get_next().""
Revert "Revert "raw: use net_hash_mix() in hash function""
FROMLIST: scsi: ufs: core: Fix mcq nr_hw_queues
FROMLIST: scsi: ufs: core: Rename symbol sizeof_utp_transfer_cmd_desc()
FROMLIST: scsi: ufs: core: Fix mcq tag calcualtion
ANDROID: GKI: Remove MAKE_GOALS from build.config
ANDROID: GKI: Add symbols to symbol list for vivo
ANDROID: KVM: arm64: Restrict pKVM hyp exports
ANDROID: kleaf: move NDK_TRIPLE for arm to build.config.constants.
FROMLIST: clocksource/drivers/timer-mediatek: Make timer-mediatek become loadable module
FROMLIST: clocksource/drivers/timer-of: Remove __init markings
FROMLIST: clocksource/drivers/mmio: Export clocksource_mmio_init()
FROMLIST: time/sched_clock: Export sched_clock_register()
ANDROID: ABI: Update symbol list for Exynos SoC
Revert "Revert "ANDROID: cpufreq: Add a restricted vendor hook for freq transition""
ANDROID: usb: gadget: configfs: Protect composite_setup in a spinlock
Revert "ANDROID: uid_sys_stat: split the global lock uid_lock to the fine-grained"
ANDROID: GKI: update symbol list file for xiaomi
ANDROID: GKI: x86_64: Remove 80211 from protected modules
ANDROID: GKI: Update owners for GKI modules lists
FROMLIST: binder: fix UAF caused by faulty buffer cleanup
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hooks: Add hooks to select binder worklist
ANDROID: vendor_hooks: Add hooks for binder
ANDROID: vendor_hooks: Add hooks for rwsem and mutex
ANDROID: vendor_hooks: Add hooks for binder proc transaction
ANDROID: vendor_hooks: Add hook for binder
ANDROID: vendor_hooks: Add hooks for mutex and rwsem optimistic spin
ANDROID: vendor_hooks: Add hooks for rwsem and mutex
ANDROID: ABI: Update cpu-profiler symbol list for Exynos SoC
ANDROID: ABI: Update WLBT, Sensor symbol list for Exynos SoC
ANDROID: ABI: Update GPU symbol for Exynos SoC
ANDROID: ABI: Update oplus symbol list
ANDROID: vendor_hook: add hooks to protect locking-tsk in cpu scheduler
ufs: Update struct ufs_hba
ANDROID: ABI: Update DRM symbol for Exynos SoC
fscrypt: destroy keyring after security_sb_delete()
ANDROID: GKI: Increase max 8250 uarts
ANDROID: ABI: Update Audio symbol for Exynos SoC
UPSTREAM: ufs: mcq: qcom: Fix passing zero to PTR_ERR
UPSTREAM: ufs: mcq: qcom: Clean the return path of ufs_qcom_mcq_config_resource
ANDROID: Update symbol list for Exynos SoC
fscrypt: optimize fscrypt_initialize()
fscrypt: use WARN_ON_ONCE instead of WARN_ON
fscrypt: new helper function - fscrypt_prepare_lookup_partial()
fscrypt: check for NULL keyring in fscrypt_put_master_key_activeref()
fscrypt: improve fscrypt_destroy_keyring() documentation
drm/rockchip: vop2: Use regcache_sync() to fix suspend/resume
drm/rockchip: vop2: fix suspend/resume
drm/amd/display: set dcn315 lb bpp to 48
drm/amdgpu: Fix desktop freezed after gpu-reset
drm/i915: Fix fast wake AUX sync len
mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
memstick: fix memory leak if card device is never registered
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
tools/mm/page_owner_sort.c: fix TGID output when cull=tg is used
kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
nilfs2: initialize unused bytes in segment summary blocks
maple_tree: fix a potential memory leak, OOB access, or other unpredictable bug
maple_tree: fix mas_empty_area() search
LoongArch: Mark 3 symbol exports as non-GPL
rust: kernel: Mark rust_fmt_argument as extern "C"
maple_tree: make maple state reusable after mas_empty_area_rev()
LoongArch: Fix probing of the CRC32 feature
btrfs: get the next extent map during fiemap/lseek more efficiently
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
iio: light: tsl2772: fix reading proximity-diodes from device tree
iio: dac: ad5755: Add missing fwnode_handle_put()
drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes
Revert "userfaultfd: don't fail on unrecognized features"
mtd: spi-nor: fix memory leak when using debugfs_lookup()
platform/x86: asus-nb-wmi: Add quirk_asus_tablet_mode to other ROG Flow X13 models
platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
xen/netback: use same error messages for same errors
nvme-tcp: fix a possible UAF when failing to allocate an io queue
drm: test: Fix 32-bit issue in drm_buddy_test
drm: buddy_allocator: Fix buddy allocator init on 32-bit systems
s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
platform/x86: gigabyte-wmi: add support for B650 AORUS ELITE AX
net: dsa: b53: mmap: add phy ops
scsi: core: Improve scsi_vpd_inquiry() checks
scsi: megaraid_sas: Fix fw_crash_buffer_show()
selftests: sigaltstack: fix -Wuninitialized
platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
platform/x86/intel: vsec: Fix a memory leak in intel_vsec_add_aux
f2fs: Fix f2fs_truncate_partial_nodes ftrace event
net: bridge: switchdev: don't notify FDB entries with "master dynamic"
e1000e: Disable TSO on i219-LM card to increase speed
bpf: Fix incorrect verifier pruning due to missing register precision taints
spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe()
mlxsw: pci: Fix possible crash during initialization
net: rpl: fix rpl header size calculation
bonding: Fix memory leak when changing bond type to Ethernet
mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
bnxt_en: Do not initialize PTP on older P3/P4 chips
netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements
netfilter: nf_tables: validate catch-all set elements
i40e: fix i40e_setup_misc_vector() error handling
i40e: fix accessing vsi->active_filters without holding lock
netfilter: nf_tables: fix ifdef to also consider nf_tables=m
sfc: Fix use-after-free due to selftest_work
virtio_net: bugfix overflow inside xdp_linearize_page()
net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
regulator: fan53555: Fix wrong TCS_SLEW_MASK
regulator: fan53555: Explicitly include bits header
rust: str: fix requierments->requirements typo
netfilter: nf_tables: Modify nla_memdup's flag to GFP_KERNEL_ACCOUNT
netfilter: br_netfilter: fix recent physdev match breakage
arm64: dts: imx8mp-verdin: correct off-on-delay
arm64: dts: imx8mm-verdin: correct off-on-delay
arm64: dts: imx8mm-evk: correct pmic clock source
arm64: dts: qcom: sc8280xp-pmics: fix pon compatible and registers
arm64: dts: meson-g12-common: specify full DMC range
arm64: dts: qcom: ipq8074-hk10: enable QMP device, not the PHY node
arm64: dts: qcom: hk10: use "okay" instead of "ok"
arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
arm64: dts: rockchip: Lower sd speed on rk3566-soquartz
ARM: dts: rockchip: fix a typo error for rk3288 spdif node
Conflicts:
android/abi_gki_aarch64.stg
android/gki_system_dlkm_modules
Change-Id: I753eb5791de01079ea02b215e38a149fe0626f76
Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@10256832 UKQ2.230604.001
Signed-off-by: jianzhou <quic_jianzhou@quicinc.com>
|
||
Liujie Xie
|
3efffff553 |
ANDROID: Allow vendor module to reclaim a memcg
Export try_to_free_mem_cgroup_pages function to allow vendor modules to reclaim a memory cgroup. Bug: 192052083 Signed-off-by: Liujie Xie <xieliujie@oppo.com> (cherry picked from commit a8385d61f27b57d98fb6245a23477c6ed5db4a7c) (cherry picked from commit 1ed025b9a1c8dc1420ccf1a656797b85eacd2bdb) Change-Id: Iec6ef50f5c71c62d0c9aa6de90e56a143dac61c1 Signed-off-by: lvwenhuan <lvwenhuan@oppo.com> |
||
|
Liujie Xie
|
f627d47d36 |
ANDROID: Export memcg functions to allow module to add new files
Export cgroup_add_legacy_cftypes and a helper function to allow vendor module to expose additional files in the memory cgroup hierarchy. Bug: 192052083 Signed-off-by: Liujie Xie <xieliujie@oppo.com> (cherry picked from commit f41a95eadca98506e627b21f5cc73332bba4d95c) (cherry picked from commit bf24c43b7f90290d2ac6f8163b43ab00f8f820b9) Change-Id: Ie2b936b3e77c7ab6d740d1bb6d70e03c70a326a7 Signed-off-by: lvwenhuan <lvwenhuan@oppo.com> |
||
|
Liujie Xie
|
032458b9cb |
ANDROID: vendor_hooks: add hooks in mem_cgroup subsystem
Add hooks to tune memory policy based on mem_cgroup. Bug: 192052083 Signed-off-by: Liujie Xie <xieliujie@oppo.com> (cherry picked from commit 1cdcf76b1532ca8092bb6601f45d27c1ed19f448) (cherry picked from commit 7af5027889c760a4e02abf7cbd1b95685af4b233) Change-Id: Ica1a5409eed86fbd466edd2c7557f94972a40175 Signed-off-by: lvwenhuan <lvwenhuan@oppo.com> |
||
|
Kalesh Singh
|
b0375cb69c |
BACKPORT: mm: Multi-gen LRU: remove wait_event_killable()
Android 14 and later default to MGLRU [1] and field telemetry showed occasional long tail latency (>100ms) in the reclaim path. Tracing revealed priority inversion in the reclaim path. In try_to_inc_max_seq(), when high priority tasks were blocked on wait_event_killable(), the preemption of the low priority task to call wake_up_all() caused those high priority tasks to wait longer than necessary. In general, this problem is not different from others of its kind, e.g., one caused by mutex_lock(). However, it is specific to MGLRU because it introduced the new wait queue lruvec->mm_state.wait. The purpose of this new wait queue is to avoid the thundering herd problem. If many direct reclaimers rush into try_to_inc_max_seq(), only one can succeed, i.e., the one to wake up the rest, and the rest who failed might cause premature OOM kills if they do not wait. So far there is no evidence supporting this scenario, based on how often the wait has been hit. And this begs the question how useful the wait queue is in practice. Based on Minchan's recommendation, which is in line with his commit |
||
Shreyas K K
|
d7e1f4f021 |
ANDROID: vendor hooks: Add hooks to support bootloader based hibernation
Add vendor hooks to disable randomization of swap slot allocation for swap partition used for saving hibernation image. Another level of randomization of swap slots takes place at the firmware level as well in order to address the wear leveling for UFS/MMC devices, so this vendor hook checks if a block device represents the swap partition being used for saving hibernation image, if yes, the swap slot allocation for such partition is serialized at kernel level. There is a performance advantage of reading contiguous pages of hibernation image, it makes the restore logic of hibernation image simpler and faster as there are no seeks involved in the secondary storage to read multiple contiguous pages of the image. Bug: 279879797 Change-Id: I8258b5166d8c6952fe9eb91a5a9826f33b836f00 Signed-off-by: Vivek Kumar <quic_vivekuma@quicinc.com> Signed-off-by: Shreyas K K <quic_shrekk@quicinc.com> |
||
|
Suren Baghdasaryan
|
a264d8efcb |
BACKPORT: mm: do not increment pgfault stats when page fault handler retries
If the page fault handler requests a retry, we will count the fault
multiple times. This is a relatively harmless problem as the retry paths
are not often requested, and the only user-visible problem is that the
fault counter will be slightly higher than it should be. Nevertheless,
userspace only took one fault, and should not see the fact that the kernel
had to retry the fault multiple times.
Move page fault accounting into mm_account_fault() and skip incomplete
faults which will be accounted upon completion.
Link: https://lkml.kernel.org/r/20230419175836.3857458-1-surenb@google.com
Fixes:
|
||
|
Suren Baghdasaryan
|
78c6875e2f |
UPSTREAM: mm: change per-VMA lock statistics to be disabled by default
Change CONFIG_PER_VMA_LOCK_STATS to be disabled by default, as most users don't need it. Add configuration help to clarify its usage. Link: https://lkml.kernel.org/r/20230428173533.18158-1-surenb@google.com Fixes: 52f238653e45 ("mm: introduce per-VMA lock statistics") Signed-off-by: Suren Baghdasaryan <surenb@google.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 6152e53d9671b0ccc21c1bca842617b32ccfc5d8) Bug: 161210518 Change-Id: Ibd57999a415b5433ae3b99365ea50526a35452d1 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
23fcd3167e |
UPSTREAM: mm/mmap: free vm_area_struct without call_rcu in exit_mmap
call_rcu() can take a long time when callback offloading is enabled. Its use in the vm_area_free can cause regressions in the exit path when multiple VMAs are being freed. Because exit_mmap() is called only after the last mm user drops its refcount, the page fault handlers can't be racing with it. Any other possible user like oom-reaper or process_mrelease are already synchronized using mmap_lock. Therefore exit_mmap() can free VMAs directly, without the use of call_rcu(). Expose __vm_area_free() and use it from exit_mmap() to avoid possible call_rcu() floods and performance regressions caused by it. Link: https://lkml.kernel.org/r/20230227173632.3292573-33-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 0d2ebf9c3f7822e7ba3e4792ea3b6b19aa2da34a) Bug: 161210518 Change-Id: I4fbf3ef38fdb22a3c80dcc61125ec21d2c426100 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
ebbbcdfeaf |
UPSTREAM: mm: introduce per-VMA lock statistics
Add a new CONFIG_PER_VMA_LOCK_STATS config option to dump extra statistics about handling page fault under VMA lock. Link: https://lkml.kernel.org/r/20230227173632.3292573-29-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 52f238653e452e0fda61e880f263a173d219acd1) Bug: 161210518 Change-Id: I1bc9ab9bc0307af26e0c51ba12f9ad561af5b6c8 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
4e4c6989ae |
UPSTREAM: mm: prevent userfaults to be handled under per-vma lock
Due to the possibility of handle_userfault dropping mmap_lock, avoid fault handling under VMA lock and retry holding mmap_lock. This can be handled more gracefully in the future. Link: https://lkml.kernel.org/r/20230227173632.3292573-28-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Suggested-by: Peter Xu <peterx@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 444eeb17437a0ef526c606e9141a415d3b7dfddd) Bug: 161210518 Change-Id: I383603d637497ea9917ad08908530f91052a17cc Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
6e306e82ac |
UPSTREAM: mm: prevent do_swap_page from handling page faults under VMA lock
Due to the possibility of do_swap_page dropping mmap_lock, abort fault handling under VMA lock and retry holding mmap_lock. This can be handled more gracefully in the future. Link: https://lkml.kernel.org/r/20230227173632.3292573-27-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Laurent Dufour <laurent.dufour@fr.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 17c05f18e54158a3eed0c22c85b7a756b63dcc01) Bug: 161210518 Change-Id: I047f4d0e0ca3b3bf9505e5cda2da768c88bed20e Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
c06661eab5 |
UPSTREAM: mm: fall back to mmap_lock if vma->anon_vma is not yet set
When vma->anon_vma is not set, page fault handler will set it by either reusing anon_vma of an adjacent VMA if VMAs are compatible or by allocating a new one. find_mergeable_anon_vma() walks VMA tree to find a compatible adjacent VMA and that requires not only the faulting VMA to be stable but also the tree structure and other VMAs inside that tree. Therefore locking just the faulting VMA is not enough for this search. Fall back to taking mmap_lock when vma->anon_vma is not set. This situation happens only on the first page fault and should not affect overall performance. Link: https://lkml.kernel.org/r/20230227173632.3292573-25-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 2ac0af1b66e3b66307f53b1cc446514308ec466d) Bug: 161210518 Change-Id: Iafacad5bda7bb138b290f38421a22d828051b067 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
5949b78f6c |
UPSTREAM: mm: introduce lock_vma_under_rcu to be used from arch-specific code
Introduce lock_vma_under_rcu function to lookup and lock a VMA during page fault handling. When VMA is not found, can't be locked or changes after being locked, the function returns NULL. The lookup is performed under RCU protection to prevent the found VMA from being destroyed before the VMA lock is acquired. VMA lock statistics are updated according to the results. For now only anonymous VMAs can be searched this way. In other cases the function returns NULL. Link: https://lkml.kernel.org/r/20230227173632.3292573-24-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 50ee32537206140e4cf6e47024be29a84d458d49) Bug: 161210518 Change-Id: I4872bb04f5c8a515e4b31bc36c95e15b62cbd0da Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
35ffa4830e |
BACKPORT: mm: introduce vma detached flag
Per-vma locking mechanism will search for VMA under RCU protection and then after locking it, has to ensure it was not removed from the VMA tree after we found it. To make this check efficient, introduce a vma->detached flag to mark VMAs which were removed from the VMA tree. Link: https://lkml.kernel.org/r/20230227173632.3292573-23-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 457f67be5910a2b5f1fda8af06bfe4d3492a0a4f) [surenb: vma_complete does not exist in 6.1, therefore patch is adjusted to mark VMAs detached directly in vma_expand and __vma_adjust] Bug: 161210518 Change-Id: Id1f31733cb7a36f3f1294b2be83cf3b87ba3f812 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
3c6748cd51 |
UPSTREAM: mm/mmap: prevent pagefault handler from racing with mmu_notifier registration
Page fault handlers might need to fire MMU notifications while a new notifier is being registered. Modify mm_take_all_locks to write-lock all VMAs and prevent this race with page fault handlers that would hold VMA locks. VMAs are locked before i_mmap_rwsem and anon_vma to keep the same locking order as in page fault handlers. Link: https://lkml.kernel.org/r/20230227173632.3292573-22-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit eeff9a5d47f89bc641034fea05501c8a6de131cb) Bug: 161210518 Change-Id: I4176bf0e1b07f03dfc1ac7dd37d7941d5a1dbc02 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
9cc64c7fb9 |
UPSTREAM: mm: conditionally write-lock VMA in free_pgtables
Normally free_pgtables needs to lock affected VMAs except for the case when VMAs were isolated under VMA write-lock. munmap() does just that, isolating while holding appropriate locks and then downgrading mmap_lock and dropping per-VMA locks before freeing page tables. Add a parameter to free_pgtables for such scenario. Link: https://lkml.kernel.org/r/20230227173632.3292573-20-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 98e51a2239d9d419d819cd61a2e720ebf19a8b0a) Bug: 161210518 Change-Id: I3c9177cce187526407754baf7641d3741ca7b0cb Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
5f1e1ab919 |
UPSTREAM: mm: write-lock VMAs before removing them from VMA tree
Write-locking VMAs before isolating them ensures that page fault handlers don't operate on isolated VMAs. [surenb@google.com: mm/nommu: remove unnecessary VMA locking] Link: https://lkml.kernel.org/r/20230301190457.1498985-1-surenb@google.com Link: https://lore.kernel.org/all/Y%2F8CJQGNuMUTdLwP@localhost/ Link: https://lkml.kernel.org/r/20230227173632.3292573-19-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 73046fd00b069ffd198eda099dae966e152fae39) Bug: 161210518 Change-Id: Ia742da40896e6bc4e8150911596f80dca5ef3e12 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
24ecdbc5e2 |
UPSTREAM: mm/mremap: write-lock VMA while remapping it to a new address range
Write-lock VMA as locked before copying it and when copy_vma produces a new VMA. Link: https://lkml.kernel.org/r/20230227173632.3292573-18-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reviewed-by: Laurent Dufour <laurent.dufour@fr.ibm.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit d6ac235de4ba6dc659eebb5f4e5ba0a8523d8424) Bug: 161210518 Change-Id: I38b5c5689380754a366223caff30e1ac4aaf7cc4 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
2554cb4775 |
FROMLIST: mm/mmap: write-lock VMAs affected by VMA expansion
vma_expand changes VMA boundaries and might result in freeing an adjacent VMA. Write-lock affected VMAs to prevent concurrent page faults. Signed-off-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20230109205336.3665937-22-surenb@google.com/ [surenb: using older v1 of patchset due to __vma_adjust() being removed in 6.2-rc4] [surenb: lock next earlier when removing it like we do in v3: https://lore.kernel.org/all/20230216051750.3125598-18-surenb@google.com/] Bug: 161210518 Change-Id: I31aff80996b4ad646bdd6861ff6479c8eb2a690a Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
57b3f8a5ab |
FROMLIST: mm/mmap: write-lock VMAs in vma_adjust
vma_adjust modifies a VMA and possibly its neighbors. Write-lock them before making the modifications. Signed-off-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20230109205336.3665937-21-surenb@google.com/ [surenb: using older v1 of patchset due to __vma_adjust() being removed in 6.2-rc4] [surenb: minor fixes in next_next locking inside __vma_adjust] Bug: 161210518 Change-Id: I9ab2f88c82a7071fe2f1a14c51a2e6f1b6196681 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
998ec9f54d |
FROMLIST: mm/mmap: write-lock VMAs before merging, splitting or expanding them
Decisions about whether VMAs can be merged, split or expanded must be made while VMAs are protected from the changes which can affect that decision. For example, merge_vma uses vma->anon_vma in its decision whether the VMA can be merged. Meanwhile, page fault handler changes vma->anon_vma during COW operation. Write-lock all VMAs which might be affected by a merge or split operation before making decision how such operations should be performed. Signed-off-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20230216051750.3125598-17-surenb@google.com/ [surenb: using older v3 of patchset due to missing __vma_adjust() refactoring in 6.2-rc4 which introduced vma_prepare()] Bug: 161210518 Change-Id: I56d84aa67366a1988fc81296da7164ad7f89a5c0 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
d73ebe031c |
UPSTREAM: mm/khugepaged: write-lock VMA while collapsing a huge page
Protect VMA from concurrent page fault handler while collapsing a huge page. Page fault handler needs a stable PMD to use PTL and relies on per-VMA lock to prevent concurrent PMD changes. pmdp_collapse_flush(), set_huge_pmd() and collapse_and_free_pmd() can modify a PMD, which will not be detected by a page fault handler without proper locking. Before this patch, page tables can be walked under any one of the mmap_lock, the mapping lock, and the anon_vma lock; so when khugepaged unlinks and frees page tables, it must ensure that all of those either are locked or don't exist. This patch adds a fourth lock under which page tables can be traversed, and so khugepaged must also lock out that one. [surenb@google.com: vm_lock/i_mmap_rwsem inversion in retract_page_tables] Link: https://lkml.kernel.org/r/20230303213250.3555716-1-surenb@google.com [surenb@google.com: build fix] Link: https://lkml.kernel.org/r/CAJuCfpFjWhtzRE1X=J+_JjgJzNKhq-=JT8yTBSTHthwp0pqWZw@mail.gmail.com Link: https://lkml.kernel.org/r/20230227173632.3292573-16-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 55fd6fccad3172c0feaaa817f0a1283629ff183e) Bug: 161210518 Change-Id: I6c3cddd7861dd03fe496c4de20f284dc692c8654 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
3771808d64 |
FROMLIST: mm/mmap: move VMA locking before vma_adjust_trans_huge call
vma_adjust_trans_huge() modifies the VMA and such modifications should be done after VMA is marked as being written. Therefore move VMA flag modifications before vma_adjust_trans_huge() so that VMA is marked before all these modifications. Signed-off-by: Suren Baghdasaryan <surenb@google.com> Link: https://lore.kernel.org/all/20230216051750.3125598-15-surenb@google.com/ [surenb: using older v3 of patchset due to missing __vma_adjust() refactoring in 6.2-rc4 which introduced vma_prepare()] Bug: 161210518 Change-Id: I650162fd85fabee00a8a05ddb32318e654270cb1 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
a9ea3113d4 |
UPSTREAM: mm: add per-VMA lock and helper functions to control it
Introduce per-VMA locking. The lock implementation relies on a per-vma
and per-mm sequence counters to note exclusive locking:
- read lock - (implemented by vma_start_read) requires the vma
(vm_lock_seq) and mm (mm_lock_seq) sequence counters to differ.
If they match then there must be a vma exclusive lock held somewhere.
- read unlock - (implemented by vma_end_read) is a trivial vma->lock
unlock.
- write lock - (vma_start_write) requires the mmap_lock to be held
exclusively and the current mm counter is assigned to the vma counter.
This will allow multiple vmas to be locked under a single mmap_lock
write lock (e.g. during vma merging). The vma counter is modified
under exclusive vma lock.
- write unlock - (vma_end_write_all) is a batch release of all vma
locks held. It doesn't pair with a specific vma_start_write! It is
done before exclusive mmap_lock is released by incrementing mm
sequence counter (mm_lock_seq).
- write downgrade - if the mmap_lock is downgraded to the read lock, all
vma write locks are released as well (effectivelly same as write
unlock).
Link: https://lkml.kernel.org/r/20230227173632.3292573-13-surenb@google.com
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 5e31275cc997f8ec5d9e8d65fe9840ebed89db19)
Bug: 161210518
Change-Id: I5e0db53a4b5562e59dd031fabbae4f97acc1bce1
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Suren Baghdasaryan
|
04f73ad5b4 |
UPSTREAM: mm: introduce CONFIG_PER_VMA_LOCK
Patch series "Per-VMA locks", v4. LWN article describing the feature: https://lwn.net/Articles/906852/ Per-vma locks idea that was discussed during SPF [1] discussion at LSF/MM last year [2], which concluded with suggestion that “a reader/writer semaphore could be put into the VMA itself; that would have the effect of using the VMA as a sort of range lock. There would still be contention at the VMA level, but it would be an improvement.” This patchset implements this suggested approach. When handling page faults we lookup the VMA that contains the faulting page under RCU protection and try to acquire its lock. If that fails we fall back to using mmap_lock, similar to how SPF handled this situation. One notable way the implementation deviates from the proposal is the way VMAs are read-locked. During some of mm updates, multiple VMAs need to be locked until the end of the update (e.g. vma_merge, split_vma, etc). Tracking all the locked VMAs, avoiding recursive locks, figuring out when it's safe to unlock previously locked VMAs would make the code more complex. So, instead of the usual lock/unlock pattern, the proposed solution marks a VMA as locked and provides an efficient way to: 1. Identify locked VMAs. 2. Unlock all locked VMAs in bulk. We also postpone unlocking the locked VMAs until the end of the update, when we do mmap_write_unlock. Potentially this keeps a VMA locked for longer than is absolutely necessary but it results in a big reduction of code complexity. Read-locking a VMA is done using two sequence numbers - one in the vm_area_struct and one in the mm_struct. VMA is considered read-locked when these sequence numbers are equal. To read-lock a VMA we set the sequence number in vm_area_struct to be equal to the sequence number in mm_struct. To unlock all VMAs we increment mm_struct's seq number. This allows for an efficient way to track locked VMAs and to drop the locks on all VMAs at the end of the update. The patchset implements per-VMA locking only for anonymous pages which are not in swap and avoids userfaultfs as their implementation is more complex. Additional support for file-back page faults, swapped and user pages can be added incrementally. Performance benchmarks show similar although slightly smaller benefits as with SPF patchset (~75% of SPF benefits). Still, with lower complexity this approach might be more desirable. Since RFC was posted in September 2022, two separate Google teams outside of Android evaluated the patchset and confirmed positive results. Here are the known usecases when per-VMA locks show benefits: Android: Apps with high number of threads (~100) launch times improve by up to 20%. Each thread mmaps several areas upon startup (Stack and Thread-local storage (TLS), thread signal stack, indirect ref table), which requires taking mmap_lock in write mode. Page faults take mmap_lock in read mode. During app launch, both thread creation and page faults establishing the active workinget are happening in parallel and that causes lock contention between mm writers and readers even if updates and page faults are happening in different VMAs. Per-vma locks prevent this contention by providing more granular lock. Google Fibers: We have several dynamically sized thread pools that spawn new threads under increased load and reduce their number when idling. For example, Google's in-process scheduling/threading framework, UMCG/Fibers, is backed by such a thread pool. When idling, only a small number of idle worker threads are available; when a spike of incoming requests arrive, each request is handled in its own "fiber", which is a work item posted onto a UMCG worker thread; quite often these spikes lead to a number of new threads spawning. Each new thread needs to allocate and register an RSEQ section on its TLS, then register itself with the kernel as a UMCG worker thread, and only after that it can be considered by the in-process UMCG/Fiber scheduler as available to do useful work. In short, during an incoming workload spike new threads have to be spawned, and they perform several syscalls (RSEQ registration, UMCG worker registration, memory allocations) before they can actually start doing useful work. Removing any bottlenecks on this thread startup path will greatly improve our services' latencies when faced with request/workload spikes. At high scale, mmap_lock contention during thread creation and stack page faults leads to user-visible multi-second serving latencies in a similar pattern to Android app startup. Per-VMA locking patchset has been run successfully in limited experiments with user-facing production workloads. In these experiments, we observed that the peak thread creation rate was high enough that thread creation is no longer a bottleneck. TCP zerocopy receive: From the point of view of TCP zerocopy receive, the per-vma lock patch is massively beneficial. In today's implementation, a process with N threads where N - 1 are performing zerocopy receive and 1 thread is performing madvise() with the write lock taken (e.g. needs to change vm_flags) will result in all N -1 receive threads blocking until the madvise is done. Conversely, on a busy process receiving a lot of data, an madvise operation that does need to take the mmap lock in write mode will need to wait for all of the receives to be done - a lose:lose proposition. Per-VMA locking _removes_ by definition this source of contention entirely. There are other benefits for receive as well, chiefly a reduction in cacheline bouncing across receiving threads for locking/unlocking the single mmap lock. On an RPC style synthetic workload with 4KB RPCs: 1a) The find+lock+unlock VMA path in the base case, without the per-vma lock patchset, is about 0.7% of cycles as measured by perf. 1b) mmap_read_lock + mmap_read_unlock in the base case is about 0.5% cycles overall - most of this is within the TCP read hotpath (a small fraction is 'other' usage in the system). 2a) The find+lock+unlock VMA path, with the per-vma patchset and a trivial patch written to take advantage of it in TCP, is about 0.4% of cycles (down from 0.7% above) 2b) mmap_read_lock + mmap_read_unlock in the per-vma patchset is < 0.1% cycles and is out of the TCP read hotpath entirely (down from 0.5% before, the remaining usage is the 'other' usage in the system). So, in addition to entirely removing an onerous source of contention, it also reduces the CPU cycles of TCP receive zerocopy by about 0.5%+ (compared to overall cycles in perf) for the 'small' RPC scenario. In https://lkml.kernel.org/r/87fsaqouyd.fsf_-_@stealth, Punit demonstrated throughput improvements of as much as 188% from this patchset. This patch (of 25): This configuration variable will be used to build the support for VMA locking during page fault handling. This is enabled on supported architectures with SMP and MMU set. The architecture support is needed since the page fault handler is called from the architecture's page faulting code which needs modifications to handle faults under VMA lock. Link: https://lkml.kernel.org/r/20230227173632.3292573-1-surenb@google.com Link: https://lkml.kernel.org/r/20230227173632.3292573-10-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 0b6cc04f3db3604c1485049bc9582523c2b44b75) Bug: 161210518 Change-Id: I787e1d28194655fb717d38718b2b839ef4e6226c Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
ef8351241d |
UPSTREAM: mm: introduce vm_flags_reset_once to replace WRITE_ONCE vm_flags updates
Provide vm_flags_reset_once() and replace the vm_flags updates which used WRITE_ONCE() to prevent compiler optimizations. Link: https://lkml.kernel.org/r/20230201000116.1333160-1-surenb@google.com Fixes: 0cce31a0aa0e ("mm: replace vma->vm_flags direct modifications with modifier calls") Signed-off-by: Suren Baghdasaryan <surenb@google.com> Reported-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 601c3c29dbeb049862faa00917f2daf094a71028) Bug: 161210518 Change-Id: Ied961a1bfbdc25b79268ba04515960c664052d61 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
75977e5919 |
UPSTREAM: mm: export dump_mm()
mmap_assert_write_locked() is used in vm_flags modifiers. Because mmap_assert_write_locked() uses dump_mm() and vm_flags are sometimes modified from inside a module, it's necessary to export dump_mm() function. Link: https://lkml.kernel.org/r/20230126193752.297968-8-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: David Rientjes <rientjes@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Thelen <gthelen@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@Oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Minchan Kim <minchan@google.com> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Peter Oskolkov <posk@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Sebastian Reichel <sebastian.reichel@collabora.com> Cc: Shakeel Butt <shakeelb@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit c2fdc235300a027adc04a41b383bd78ab5da56f4) Bug: 161210518 Change-Id: I78d82d04c26c9ae3bcd118e281d2ac8531e1ad81 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
2ff3b23c7f |
UPSTREAM: mm: introduce __vm_flags_mod and use it in untrack_pfn
There are scenarios when vm_flags can be modified without exclusive mmap_lock, such as: - after VMA was isolated and mmap_lock was downgraded or dropped - in exit_mmap when there are no other mm users and locking is unnecessary Introduce __vm_flags_mod to avoid assertions when the caller takes responsibility for the required locking. Pass a hint to untrack_pfn to conditionally use __vm_flags_mod for flags modification to avoid assertion. Link: https://lkml.kernel.org/r/20230126193752.297968-7-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: David Rientjes <rientjes@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Thelen <gthelen@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@Oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Minchan Kim <minchan@google.com> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Peter Oskolkov <posk@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Sebastian Reichel <sebastian.reichel@collabora.com> Cc: Shakeel Butt <shakeelb@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 68f48381d7fdd1cbb9d88c37a4dfbb98ac78226d) Bug: 161210518 Change-Id: I6ba44b03cde4c9b96d80423d41accab1effb71ac Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
5dd0547a3e |
UPSTREAM: mm: replace vma->vm_flags direct modifications with modifier calls
Replace direct modifications to vma->vm_flags with calls to modifier functions to be able to track flag changes and to keep vma locking correctness. [akpm@linux-foundation.org: fix drivers/misc/open-dice.c, per Hyeonggon Yoo] Link: https://lkml.kernel.org/r/20230126193752.297968-5-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Acked-by: Sebastian Reichel <sebastian.reichel@collabora.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: David Rientjes <rientjes@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Thelen <gthelen@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Minchan Kim <minchan@google.com> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Peter Oskolkov <posk@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Shakeel Butt <shakeelb@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 1c71222e5f2393b5ea1a41795c67589eea7e3490) Bug: 161210518 Change-Id: Ifc352b487db109adab17dd33a83f5c7e68c0bbc6 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Suren Baghdasaryan
|
bf16383ebd |
UPSTREAM: mm: replace VM_LOCKED_CLEAR_MASK with VM_LOCKED_MASK
To simplify the usage of VM_LOCKED_CLEAR_MASK in vm_flags_clear(), replace it with VM_LOCKED_MASK bitmask and convert all users. Link: https://lkml.kernel.org/r/20230126193752.297968-4-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Thelen <gthelen@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Liam R. Howlett <Liam.Howlett@Oracle.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Minchan Kim <minchan@google.com> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Peter Oskolkov <posk@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Sebastian Reichel <sebastian.reichel@collabora.com> Cc: Shakeel Butt <shakeelb@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit e430a95a04efc557bc4ff9b3035c7c85aee5d63f) Bug: 161210518 Change-Id: I17bbcc01a133511dbfaf3d82fbc4b25ecdd0b376 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Jaewon Kim
|
a390414140 |
ANDROID: vendor_hooks: add hooks for extra memory
Add vendor hooks for extra memory. If there is extra memory, this can be accounted like other memory stats. One of the usecases could be cleancache. If some of ram memory is used for cleancache, its free, cache, and total size could be added through these vendor hooks. Bug: 283896254 Change-Id: Iad7330310528581f09842f45860f05dc84823f41 Signed-off-by: Jaewon Kim <jaewon31.kim@samsung.com> |
||
xiaofeng
|
508ca06639 |
ANDROID: vendor_hooks:vendor hook for control memory dirty rate
When the IO pressure increases or the system performs dirty page balancing, the frame rate of the foreground application may become unstable. Therefore, a hook point is added to limit the buffer IO rate from the source. Bug: 262189942 Change-Id: I5214d611a388c5e8d87dc44ffde86ead1834ddff Signed-off-by: xiaofeng <xiaofeng5@xiaomi.com> |
||
|
Liam R. Howlett
|
2ea053d317 |
FROMGIT: userfaultfd: fix regression in userfaultfd_unmap_prep()
Android reported a performance regression in the userfaultfd unmap path.
A closer inspection on the userfaultfd_unmap_prep() change showed that a
second tree walk would be necessary in the reworked code.
Fix the regression by passing each VMA that will be unmapped through to
the userfaultfd_unmap_prep() function as they are added to the unmap list,
instead of re-walking the tree for the VMA.
Link: https://lkml.kernel.org/r/20230601015402.2819343-1-Liam.Howlett@oracle.com
Fixes:
|
||
|
Liam R. Howlett
|
2f5f352e6a |
FROMGIT: BACKPORT: mm: avoid rewalk in mmap_region
If the iterator has moved to the previous entry, then step forward one range, back to the gap. Link: https://lkml.kernel.org/r/20230518145544.1722059-36-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit d3f028c7599ea2297dd630e1a6acaf4915c769d3 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) Bug: 274059236 Change-Id: Ic45e095c728095d41647a704a287596d03489cdf Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
5ff9438fe1 |
FROMGIT: BACKPORT: mm/mmap: change do_vmi_align_munmap() for maple tree iterator changes
The maple tree iterator clean up is incompatible with the way do_vmi_align_munmap() expects it to behave. Update the expected behaviour to map now since the change will work currently. Link: https://lkml.kernel.org/r/20230518145544.1722059-23-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Cc: David Binderman <dcb314@hotmail.com> Cc: Peng Zhang <zhangpeng.00@bytedance.com> Cc: Sergey Senozhatsky <senozhatsky@chromium.org> Cc: Vernon Yang <vernon2gm@gmail.com> Cc: Wei Yang <richard.weiyang@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit a4d5b9fbaf42d668c1b5c7f231f79776a9419a91 git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable) [surenb: adjust for missing vma_iter_load] Bug: 274059236 Change-Id: Id05ab617a3539f885a32c7d3031098a8c005fff8 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
aede79b81e |
ANDROID: mm: Fix __vma_adjust() writes for the maple tree
Only write when necessary to the maple tree. This should only occur
when the VMA changes. In the __vma_adjust() case, it is either the vma
when it is expanded, the next vma when the boundary expands into 'vma',
writing the 'insert', or when vma expands/shrinks for shift_arg_pages().
The mas_preallocate() setup should track the intended write to ensure
the correct number of nodes are preallocated for the pending write.
Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Link:
|
||
|
Liam R. Howlett
|
b802573f44 |
FROMLIST: BACKPORT: mm: Set up vma iterator for vma_iter_prealloc() calls
Set the correct limits for vma_iter_prealloc() calls so that the maple tree can be smarter about how many nodes are needed. Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/lkml/20230601021605.2823123-11-Liam.Howlett@oracle.com/ [surenb: remove vma_iter-related changes not present in 6.1 kernel] Bug: 274059236 Change-Id: I05d1989e35b2e72b9346743f290da66739b3ee59 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
e9fdabfc2a |
FROMLIST: BACKPORT: mm: Change do_vmi_align_munmap() side tree index
The majority of the calls to munmap a VMA is for a single vma. The maple tree is able to store a single entry at 0, with a size of 1 as a pointer and avoid any allocations. Change do_vmi_align_munmap() to store the VMAs being munmap()'ed into a tree indexed by the count. This will leverage the ability to store the first entry without a node allocation. Storing the entries into a tree by the count and not the vma start and end means changing the functions which iterate over the entries. Update unmap_vmas() and free_pgtables() to take a maple state and a tree end address to support this functionality. Passing through the same maple state to unmap_vmas() and free_pgtables() means the state needs to be reset between calls. This happens in the static unmap_region() and exit_mmap(). Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Link: https://lore.kernel.org/lkml/20230601021605.2823123-5-Liam.Howlett@oracle.com/ [surenb: skip changes passing maple state to unmap_vmas() and free_pgtables()] Bug: 274059236 Change-Id: If38cfecd51da884bcfdbdfdfbf955a0b338d3d60 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Liam R. Howlett
|
25bed2fdbc |
UPSTREAM: mm/mmap: remove preallocation from do_mas_align_munmap()
In preparation of passing the vma state through split, the pre-allocation that occurs before the split has to be moved to after. Since the preallocation would then live right next to the store, just call store instead of preallocating. This effectively restores the potential error path of splitting and not munmap'ing which pre-dates the maple tree. Link: https://lkml.kernel.org/r/20230120162650.984577-12-Liam.Howlett@oracle.com Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 0378c0a0e9e463b9e31b94fbbbc10f94b34225b6) Bug: 274059236 Change-Id: I3539fb3a08043dae1bc8aaa6c7f285711a0b5548 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Sooyong Suk
|
aee36dd530 |
ANDROID: mm: add vendor hooks in madvise for swap entry
Add vendor hooks in madvise for swap entry - android_vh_madvise_pageout_swap_entry - android_vh_madvise_swapin_walk_pmd_entry - android_vh_process_madvise_end Bug: 284059805 Change-Id: Ic389244e343737a583286c20cadb6774efd8890c Signed-off-by: Sooyong Suk <s.suk@samsung.com> |
||
|
Peter Collingbourne
|
131714e34b |
FROMLIST: mm: Call arch_swap_restore() from unuse_pte()
We would like to move away from requiring architectures to restore metadata from swap in the set_pte_at() implementation, as this is not only error-prone but adds complexity to the arch-specific code. This requires us to call arch_swap_restore() before calling swap_free() whenever pages are restored from swap. We are currently doing so everywhere except in unuse_pte(); do so there as well. Signed-off-by: Peter Collingbourne <pcc@google.com> Link: https://linux-review.googlesource.com/id/I68276653e612d64cde271ce1b5a99ae05d6bbc4f Suggested-by: David Hildenbrand <david@redhat.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: "Huang, Ying" <ying.huang@intel.com> Reviewed-by: Steven Price <steven.price@arm.com> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Link: https://lore.kernel.org/all/20230523004312.1807357-3-pcc@google.com/ Change-Id: I68276653e612d64cde271ce1b5a99ae05d6bbc4f Bug: 274890466 |
||
|
Peter Collingbourne
|
3805b879f5 |
FROMLIST: mm: Call arch_swap_restore() from do_swap_page()
Commit |
||
|
xiaofeng
|
025b5a487b |
ANDROID: vendor_hooks:vendor hook for __alloc_pages_slowpath.
add vendor hook in __alloc_pages_slowpath ahead of __alloc_pages_direct_reclaim and warn_alloc. Bug: 243629905 Change-Id: Ieacc6cf79823c0bfacfdeec9afb55ed66f40d0b0 Signed-off-by: xiaofeng <xiaofeng5@xiaomi.com> |
||
Dezhi Huang
|
3e2dc32f59 |
ANDROID: mm: create vendor hooks for memory reclaim
we try to adjust page reclaim operations based on the running task and kernel memory pressure. Thus, we want to create some vendor hooks into kernel6.1. Firstly, we add ADNRROID_VENDOR_DATA into the struct scan_control, special operations would be performed based on this special scan option. We measure the importance of the current process in the system and obtain its weight, which is recorded in ANDROID_VENDOR_DATA. The hook function: trace_android_vh_modify_scan_control is added inside of the function modify_scan_control() to adjust reclaim operations based on memory pressure. The hook function: trace_android_vh_should_continue_reclaim is added inside of the function shrink_node() to decide if page_reclaim would continue or not based on memory pressure. The hook function: trace_android_vh_file_is_tiny_bypass is added into the function prepare_scan_count() to decide if the file pages should be skipped in condition to file refualts and memory pressure. Bug: 279793370 Change-Id: I1efe9d3e866f37b0295c7cd94ec8ca0117a9bd4a Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com> |
||
Zhenhua Huang
|
78fe8913d1 |
UPSTREAM: mm,kfence: decouple kfence from page granularity mapping judgement
Kfence only needs its pool to be mapped as page granularity, if it is inited early. Previous judgement was a bit over protected. From [1], Mark suggested to "just map the KFENCE region a page granularity". So I decouple it from judgement and do page granularity mapping for kfence pool only. Need to be noticed that late init of kfence pool still requires page granularity mapping. Page granularity mapping in theory cost more(2M per 1GB) memory on arm64 platform. Like what I've tested on QEMU(emulated 1GB RAM) with gki_defconfig, also turning off rodata protection: Before: [root@liebao ]# cat /proc/meminfo MemTotal: 999484 kB After: [root@liebao ]# cat /proc/meminfo MemTotal: 1001480 kB To implement this, also relocate the kfence pool allocation before the linear mapping setting up, arm64_kfence_alloc_pool is to allocate phys addr, __kfence_pool is to be set after linear mapping set up. LINK: [1] https://lore.kernel.org/linux-arm-kernel/Y+IsdrvDNILA59UN@FVFF77S0Q05N/ Suggested-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com> Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> Reviewed-by: Marco Elver <elver@google.com> Link: https://lore.kernel.org/r/1679066974-690-1-git-send-email-quic_zhenhuah@quicinc.com Signed-off-by: Will Deacon <will@kernel.org> BUG: 284812202 Change-Id: I8e7c565d3f4d6349a028a6a060259d62cf5beee7 (cherry picked from commit bfa7965b33ab79fc3b2f8adc14704075fe2416cd) Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com> |
||
Tetsuo Handa
|
8035e57ec7 |
UPSTREAM: mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
commit 1007843a91909a4995ee78a538f62d8665705b66 upstream.
syzbot is reporting circular locking dependency which involves
zonelist_update_seq seqlock [1], for this lock is checked by memory
allocation requests which do not need to be retried.
One deadlock scenario is kmalloc(GFP_ATOMIC) from an interrupt handler.
CPU0
----
__build_all_zonelists() {
write_seqlock(&zonelist_update_seq); // makes zonelist_update_seq.seqcount odd
// e.g. timer interrupt handler runs at this moment
some_timer_func() {
kmalloc(GFP_ATOMIC) {
__alloc_pages_slowpath() {
read_seqbegin(&zonelist_update_seq) {
// spins forever because zonelist_update_seq.seqcount is odd
}
}
}
}
// e.g. timer interrupt handler finishes
write_sequnlock(&zonelist_update_seq); // makes zonelist_update_seq.seqcount even
}
This deadlock scenario can be easily eliminated by not calling
read_seqbegin(&zonelist_update_seq) from !__GFP_DIRECT_RECLAIM allocation
requests, for retry is applicable to only __GFP_DIRECT_RECLAIM allocation
requests. But Michal Hocko does not know whether we should go with this
approach.
Another deadlock scenario which syzbot is reporting is a race between
kmalloc(GFP_ATOMIC) from tty_insert_flip_string_and_push_buffer() with
port->lock held and printk() from __build_all_zonelists() with
zonelist_update_seq held.
CPU0 CPU1
---- ----
pty_write() {
tty_insert_flip_string_and_push_buffer() {
__build_all_zonelists() {
write_seqlock(&zonelist_update_seq);
build_zonelists() {
printk() {
vprintk() {
vprintk_default() {
vprintk_emit() {
console_unlock() {
console_flush_all() {
console_emit_next_record() {
con->write() = serial8250_console_write() {
spin_lock_irqsave(&port->lock, flags);
tty_insert_flip_string() {
tty_insert_flip_string_fixed_flag() {
__tty_buffer_request_room() {
tty_buffer_alloc() {
kmalloc(GFP_ATOMIC | __GFP_NOWARN) {
__alloc_pages_slowpath() {
zonelist_iter_begin() {
read_seqbegin(&zonelist_update_seq); // spins forever because zonelist_update_seq.seqcount is odd
spin_lock_irqsave(&port->lock, flags); // spins forever because port->lock is held
}
}
}
}
}
}
}
}
spin_unlock_irqrestore(&port->lock, flags);
// message is printed to console
spin_unlock_irqrestore(&port->lock, flags);
}
}
}
}
}
}
}
}
}
write_sequnlock(&zonelist_update_seq);
}
}
}
This deadlock scenario can be eliminated by
preventing interrupt context from calling kmalloc(GFP_ATOMIC)
and
preventing printk() from calling console_flush_all()
while zonelist_update_seq.seqcount is odd.
Since Petr Mladek thinks that __build_all_zonelists() can become a
candidate for deferring printk() [2], let's address this problem by
disabling local interrupts in order to avoid kmalloc(GFP_ATOMIC)
and
disabling synchronous printk() in order to avoid console_flush_all()
.
As a side effect of minimizing duration of zonelist_update_seq.seqcount
being odd by disabling synchronous printk(), latency at
read_seqbegin(&zonelist_update_seq) for both !__GFP_DIRECT_RECLAIM and
__GFP_DIRECT_RECLAIM allocation requests will be reduced. Although, from
lockdep perspective, not calling read_seqbegin(&zonelist_update_seq) (i.e.
do not record unnecessary locking dependency) from interrupt context is
still preferable, even if we don't allow calling kmalloc(GFP_ATOMIC)
inside
write_seqlock(&zonelist_update_seq)/write_sequnlock(&zonelist_update_seq)
section...
Link: https://lkml.kernel.org/r/8796b95c-3da3-5885-fddd-6ef55f30e4d3@I-love.SAKURA.ne.jp
Fixes:
|
||
Mel Gorman
|
fa3ef799ad |
UPSTREAM: mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages
commit 4d73ba5fa710fe7d432e0b271e6fecd252aef66e upstream. A bug was reported by Yuanxi Liu where allocating 1G pages at runtime is taking an excessive amount of time for large amounts of memory. Further testing allocating huge pages that the cost is linear i.e. if allocating 1G pages in batches of 10 then the time to allocate nr_hugepages from 10->20->30->etc increases linearly even though 10 pages are allocated at each step. Profiles indicated that much of the time is spent checking the validity within already existing huge pages and then attempting a migration that fails after isolating the range, draining pages and a whole lot of other useless work. Commit |
||
Alexander Potapenko
|
f800df6e1f |
UPSTREAM: mm: kmsan: handle alloc failures in kmsan_vmap_pages_range_noflush()
commit 47ebd0310e89c087f56e58c103c44b72a2f6b216 upstream. As reported by Dipanjan Das, when KMSAN is used together with kernel fault injection (or, generally, even without the latter), calls to kcalloc() or __vmap_pages_range_noflush() may fail, leaving the metadata mappings for the virtual mapping in an inconsistent state. When these metadata mappings are accessed later, the kernel crashes. To address the problem, we return a non-zero error code from kmsan_vmap_pages_range_noflush() in the case of any allocation/mapping failure inside it, and make vmap_pages_range_noflush() return an error if KMSAN fails to allocate the metadata. This patch also removes KMSAN_WARN_ON() from vmap_pages_range_noflush(), as these allocation failures are not fatal anymore. Link: https://lkml.kernel.org/r/20230413131223.4135168-1-glider@google.com Fixes: |
||
|
Alexander Potapenko
|
843caf6daa |
UPSTREAM: mm: kmsan: handle alloc failures in kmsan_ioremap_page_range()
commit fdea03e12aa2a44a7bb34144208be97fc25dfd90 upstream. Similarly to kmsan_vmap_pages_range_noflush(), kmsan_ioremap_page_range() must also properly handle allocation/mapping failures. In the case of such, it must clean up the already created metadata mappings and return an error code, so that the error can be propagated to ioremap_page_range(). Without doing so, KMSAN may silently fail to bring the metadata for the page range into a consistent state, which will result in user-visible crashes when trying to access them. Link: https://lkml.kernel.org/r/20230413131223.4135168-2-glider@google.com Fixes: |
||
Naoya Horiguchi
|
ac51e1f090 |
UPSTREAM: mm/huge_memory.c: warn with pr_warn_ratelimited instead of VM_WARN_ON_ONCE_FOLIO
commit 4737edbbdd4958ae29ca6a310a6a2fa4e0684b01 upstream. split_huge_page_to_list() WARNs when called for huge zero pages, which sounds to me too harsh because it does not imply a kernel bug, but just notifies the event to admins. On the other hand, this is considered as critical by syzkaller and makes its testing less efficient, which seems to me harmful. So replace the VM_WARN_ON_ONCE_FOLIO with pr_warn_ratelimited. Link: https://lkml.kernel.org/r/20230406082004.2185420-1-naoya.horiguchi@linux.dev Fixes: |
||
David Hildenbrand
|
12132bd611 |
UPSTREAM: mm/userfaultfd: fix uffd-wp handling for THP migration entries
commit 24bf08c4376be417f16ceb609188b16f461b0443 upstream.
Looks like what we fixed for hugetlb in commit 44f86392bdd1 ("mm/hugetlb:
fix uffd-wp handling for migration entries in
hugetlb_change_protection()") similarly applies to THP.
Setting/clearing uffd-wp on THP migration entries is not implemented
properly. Further, while removing migration PMDs considers the uffd-wp
bit, inserting migration PMDs does not consider the uffd-wp bit.
We have to set/clear independently of the migration entry type in
change_huge_pmd() and properly copy the uffd-wp bit in
set_pmd_migration_entry().
Verified using a simple reproducer that triggers migration of a THP, that
the set_pmd_migration_entry() no longer loses the uffd-wp bit.
Link: https://lkml.kernel.org/r/20230405160236.587705-2-david@redhat.com
Fixes:
|
||
Peter Xu
|
ab721b09b1 |
UPSTREAM: mm/khugepaged: check again on anon uffd-wp during isolation
commit dd47ac428c3f5f3bcabe845f36be870fe6c20784 upstream. Khugepaged collapse an anonymous thp in two rounds of scans. The 2nd round done in __collapse_huge_page_isolate() after hpage_collapse_scan_pmd(), during which all the locks will be released temporarily. It means the pgtable can change during this phase before 2nd round starts. It's logically possible some ptes got wr-protected during this phase, and we can errornously collapse a thp without noticing some ptes are wr-protected by userfault. |
||
|
Kalesh Singh
|
500484f5be |
BACKPORT: FROMGIT: Multi-gen LRU: fix workingset accounting
On Android app cycle workloads, MGLRU showed a significant reduction in
workingset refaults although pgpgin/pswpin remained relatively unchanged.
This indicated MGLRU may be undercounting workingset refaults.
This has impact on userspace programs, like Android's LMKD, that monitor
workingset refault statistics to detect thrashing.
It was found that refaults were only accounted if the MGLRU shadow entry
was for a recently evicted folio. However, recently evicted folios should
be accounted as workingset activation, and refaults should be accounted
regardless of recency.
Fix MGLRU's workingset refault and activation accounting to more closely
match that of the conventional active/inactive LRU.
Link: https://lkml.kernel.org/r/20230523205922.3852731-1-kaleshsingh@google.com
Fixes:
|
||
|
Liujie Xie
|
6f3353ca09 |
ANDROID: vendor_hooks: Add hook in shrink_node_memcgs
Add vendor hook in shrink_node_memcgs to adjust whether to skip memory reclamation of memcg. Bug: 226482420 Signed-off-by: Liujie Xie <xieliujie@oppo.com> (cherry picked from commit b7ea1c49876197a3b5f17f7bb2699c5594f0b57e) Change-Id: I925856353e63c5a821027de4f8476c833e21b982 Signed-off-by: lvwenhuan <lvwenhuan@oppo.com> |
||
|
Liujie Xie
|
573ba7b6e6 |
ANDROID: vendor_hooks: Add hooks for memory when debug
Add vendors hooks for recording memory used Vendor modules allocate and manages the memory itself. These memories might not be included in kernel memory statistics. Also, detailed references and vendor-specific information are managed only inside modules. When various problems such as memory leaks occurs, these information should be showed in real-time. Bug: 182443489 Bug: 234407991 Bug: 277799025 Signed-off-by: Liujie Xie <xieliujie@oppo.com> Change-Id: I62d8bb2b6650d8b187b433f97eb833ef0b784df1 Signed-off-by: Hyesoo Yu <hyesoo.yu@samsung.com> |
||
|
Dezhi Huang
|
94b540c38d |
ANDROID: mm: create vendor hooks for do_shrink_slab()
The hook function: trace_android_vh_do_shrink_slab is added inside of the function do_shrink_slab() to changed the numbers of page to be reclaimed from kernel. Bug: 279793370 Change-Id: I7c0b955be97f841c69bc99a152b59ed9823707ed Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com> |
||
|
Dezhi Huang
|
da4e60efe1 |
ANDROID: mm: create vendor hooks for shrink_slab()
Trace_android_vh_shrink_slab_bypass is added in the beginning of the function shrink_slab() to bypass kernel page reclaim in some conditons. Bug: 279793370 Change-Id: I6d5c8be28addf43d6fc9d07b5133135641590c3a Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com> |
||
Domenico Cerasuolo
|
2cab13f500 |
mm: fix zswap writeback race condition
commit 04fc7816089c5a32c29a04ec94b998e219dfb946 upstream. The zswap writeback mechanism can cause a race condition resulting in memory corruption, where a swapped out page gets swapped in with data that was written to a different page. The race unfolds like this: 1. a page with data A and swap offset X is stored in zswap 2. page A is removed off the LRU by zpool driver for writeback in zswap-shrink work, data for A is mapped by zpool driver 3. user space program faults and invalidates page entry A, offset X is considered free 4. kswapd stores page B at offset X in zswap (zswap could also be full, if so, page B would then be IOed to X, then skip step 5.) 5. entry A is replaced by B in tree->rbroot, this doesn't affect the local reference held by zswap-shrink work 6. zswap-shrink work writes back A at X, and frees zswap entry A 7. swapin of slot X brings A in memory instead of B The fix: Once the swap page cache has been allocated (case ZSWAP_SWAPCACHE_NEW), zswap-shrink work just checks that the local zswap_entry reference is still the same as the one in the tree. If it's not the same it means that it's either been invalidated or replaced, in both cases the writeback is aborted because the local entry contains stale data. Reproducer: I originally found this by running `stress` overnight to validate my work on the zswap writeback mechanism, it manifested after hours on my test machine. The key to make it happen is having zswap writebacks, so whatever setup pumps /sys/kernel/debug/zswap/written_back_pages should do the trick. In order to reproduce this faster on a vm, I setup a system with ~100M of available memory and a 500M swap file, then running `stress --vm 1 --vm-bytes 300000000 --vm-stride 4000` makes it happen in matter of tens of minutes. One can speed things up even more by swinging /sys/module/zswap/parameters/max_pool_percent up and down between, say, 20 and 1; this makes it reproduce in tens of seconds. It's crucial to set `--vm-stride` to something other than 4096 otherwise `stress` won't realize that memory has been corrupted because all pages would have the same data. Link: https://lkml.kernel.org/r/20230503151200.19707-1-cerasuolodomenico@gmail.com Signed-off-by: Domenico Cerasuolo <cerasuolodomenico@gmail.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Chris Li (Google) <chrisl@kernel.org> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Minchan Kim <minchan@kernel.org> Cc: Nitin Gupta <ngupta@vflare.org> Cc: Seth Jennings <sjenning@redhat.com> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Dezhi Huang
|
784f566942 |
ANDROID: mm: create vendor hooks for page alloc
Add vendor hook inside of get_page_from_freelist() to check and modify the watermark in some special situations. Additional page flag bit will be set for future identification. Separately, a vendor hook inside of page_add_new_anon_rmap() is added to set the referenced bit in some situations, e.g. if the special bit in the page flag mentioned before is set, we will give this page one more chance before it gets reclaimed. Bug: 279793368 Change-Id: I363853a050a87201f6f368ccc580485dddd6c6b6 Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com> |
||
Minchan Kim
|
718da042d1 |
ANDROID: retry page allocation from buddy on lock contention
spin_trylock may fail due to a parallel drain in rmqueue_pcplist.
In the case, it should retry to allocate with buddy.
It matches with upstream policy.
Fixes:
|
||
|
Charan Teja Kalla
|
a26891749b |
ANDROID: mm: shmem: initialize the vendor data
Vendor data is not initialized which can make the drivers to see the
junk. Initialize it.
Bug: 273448633
Fixes:
|
||
|
Jiewen Wang
|
1a40d683e8 |
ANDROID: vendor_hooks: Add hook in try_to_unmap_one()
Add hook in try_to_unmap_one() to trace this function for debug memory swap bugs. Bug: 198385827 Change-Id: I1fdbe60e09bb491b949e06a07133710453ecca03 Signed-off-by: Jiewen Wang <jiewen.wang@vivo.com> (cherry picked from commit 5a70133febf92e1269f98b533ce9f188c2e3b135) |
||
|
Jiewen Wang
|
190af40844 |
ANDROID: vendor_hooks: Add hook in mmap_region()
Add hook in mmap_region() to record the vma and address information of monitored processes. Bug: 198385827 Change-Id: I0bde29113b47ca7f4a9f5d42a54188e791ca3b7e Signed-off-by: Jiewen Wang <jiewen.wang@vivo.com> (cherry picked from commit 73c9d4a9d575107b90a6d9f415fa56f963264d06) |
||
|
Minchan Kim
|
2488e2e472 |
ANDROID: page_pinner: add missing page_pinner_put_page
aosp/2369528 missed page_pinner_put_page in put_page_testzero path. Fix it. Bug: 274967172 Change-Id: Ia2af2ffb752f8405b4289ca88cde09f201548e1f Signed-off-by: Minchan Kim <minchan@google.com> |
||
|
Charan Teja Kalla
|
d47c9481da |
ANDROID: page_pinner: prevent pp_buffer uninitialized access
There is a race window between page_pinner_inited set and the pp_buffer initialization which cause accessing the pp_buffer->lock. Avoid this by moving the pp_buffer initialization to page_ext_ops->init() which sets the page_pinner_inited only after the pp_buffer is initialized. Race scenario: 1) init_page_pinner is called --> page_pinner_inited is set. 2) __alloc_contig_migrate_range --> __page_pinner_failure_detect() accesses the pp_buffer->lock(yet to be initialized). 3) Then the pp_buffer is allocated and initialized. Below is the issue call stack: spin_bug+0x0 _raw_spin_lock_irqsave+0x3c __page_pinner_failure_detect+0x110 __alloc_contig_migrate_range+0x1c4 alloc_contig_range+0x130 cma_alloc+0x170 dma_alloc_contiguous+0xa0 __dma_direct_alloc_pages+0x16c dma_direct_alloc+0x88 Bug: 259024332 Change-Id: I6849ac4d944498b9a431b47cad7adc7903c9bbaa Signed-off-by: Charan Teja Kalla <quic_charante@quicinc.com> |
||
|
Charan Teja Kalla
|
231a4cccec |
ANDROID: mm: fix use-after free of page_ext in page_pinner
Apply new page_ext refcounting scheme to page_pinner. Bug: 236222283 Bug: 240196534 [surenb: extracted from aosp/2369529] Change-Id: I3b64caf5a7e8ff316507cc3933f5b3696142268d Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Minchan Kim
|
e6e6e1273d |
ANDROID: mm: introduce page_pinner
For CMA allocation, it's really critical to migrate a page but sometimes it fails. One of the reasons is some driver holds a page refcount for a long time so VM couldn't migrate the page at that time. The concern here is there is no way to find the who hold the refcount of the page effectively. This patch introduces feature to keep tracking page's pinner. All get_page sites are vulnerable to pin a page for a long time but the cost to keep track it would be significat since get_page is the most frequent kernel operation. Furthermore, the page could be not user page but kernel page which is not related to the page migration failure. Thus, this patch keeps tracks of only migration failed pages to reduce runtime cost. Once page migration fails in CMA allocation path, those pages are marked as "migration failure" and every put_page operation against those pages, callstack of the put are recorded into page_pinner buffer. Later, admin can see what pages were failed and who released the refcount since the failure. It really helps effectively to find out longtime refcount holder to prevent the page migration. note: page_pinner doesn't guarantee attributing/unattributing are atomic if they happen at the same time. It's just best effort so false-positive could happen. Bug: 183414571 BUg: 240196534 Signed-off-by: Minchan Kim <minchan@kernel.org> Signed-off-by: Minchan Kim <minchan@google.com> Change-Id: I603d0c0122734c377db6b1eb95848a6f734173a0 (cherry picked from commit 898cfbf094a2fc13c67fab5b5d3c916f0139833a) |
||
|
Greg Kroah-Hartman
|
dec77ff4b5 |
Merge b1644a0031 ("drm/rockchip: vop2: Use regcache_sync() to fix suspend/resume") into android14-6.1
Steps on the way to 6.1.26 Change-Id: I76647cf6aaf4db218b2013de08a01cd9d11b0bb3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Waiman Long
|
9e8fe54a71 |
BACKPORT: mm/kmemleak: fix UAF bug in kmemleak_scan()
Commit |
||
|
jianzhou
|
106629f5e1 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.25 (98d56a5) into qcom-6.1
* refs/heads/tmp-98d56a5:
FROMLIST: ANDROID: GKI: psi: remove 500ms min window size limitation for triggers
ANDROID: uid_sys_stat: split the global lock uid_lock to the fine-grained locks for each hlist in hash_table.
ANDROID: uid_sys_stats: defer process_notifier work if uid_lock is contended
ANDROID: Add symbols for pkvm module support
ANDROID: abi_gki_aarch64_qcom: Add dma_resv iterator symbols
ANDROID: Unnest MAKE_GOALS from build configs
ANDROID: iommu/dma: Add support for DMA_ATTR_SYS_CACHE_NWA
ANDROID: iommu/dma: Add support for DMA_ATTR_SYS_CACHE
ANDROID: iommu/io-pgtable-arm: Add IOMMU_SYS_CACHE/_NWA
ANDROID: Enable CONFIG_ZONE_DEVICE
ANDROID: abi_gki_aarch64_qcom: Add sock_gen_put
BACKPORT: FROMLIST: Revert "scsi: ufs: core: Initialize devfreq synchronously"
FROMLIST: staging: greybus: drop loopback test files
UPSTREAM: wifi: cfg80211: Authentication offload to user space for MLO connection in STA mode
UPSTREAM: wifi: cfg80211: trace: remove MAC_PR_{FMT,ARG}
ANDROID: arm64: Add support for system cache memory type
ANDROID: fuse-bpf: Fix bpf_test_xattr testcase error
ANDROID: fuse-bpf: Simplify and fix setting bpf program
ANDROID: GKI: update the ABI symbol list
ANDROID: schedutil: add vendor hook for adjusting util to freq calculation
BACKPORT: FROMLIST: arm64: Also reset KASAN tag if page is not PG_mte_tagged
FROMLIST: arm64: mte: Do not set PG_mte_tagged if tags were not initialized
ANDROID: GKI: Convert USB network adpaters to modules
ANDROID: KVM: arm64: Prevent kmemleak from accessing EL2 module sections
ANDROID: KVM: arm64: Move addr_is_allowed_memory() check into host callback
UPSTREAM: wifi: cfg80211: Authentication offload to user space for MLO connection in STA mode
ANDROID: Enable CONFIG_ZONE_DEVICE
ANDROID: abi_gki_aarch64_qcom: Add sock_gen_put
BACKPORT: FROMLIST: Revert "scsi: ufs: core: Initialize devfreq synchronously"
FROMLIST: staging: greybus: drop loopback test files
ANDROID: fuse-bpf: Make fuse_test compile and pass
ANDROID: abi_gki_aarch64_qcom: Add missing symbol to QCOM list
ANDROID: Update ABI representation
ANDROID: ABI: Update QCOM symbol list for display drivers
ANDROID: KVM: arm64: Prevent kmemleak from accessing .hyp.data
ANDROID: 4/26/2023 KMI update
ANDROID: mm: Create hooks for ZONE_MOVABLE allocs
ANDROID: zram: allow zram to allocate CMA pages
ANDROID: mm: add cma pcp list
ANDROID: cma: redirect page allocation to CMA
ANDROID: GKI: fscrypt: add OEM data to struct fscrypt_operations
ANDROID: KVM: arm64: iommu: Pass device specific flags to hypervisor
ANDROID: abi_gki_aarch64_qcom: Update qcom abi symbol list
ANDROID: vmscan: Support multiple kswapd threads per node
ANDROID: mm: Export kswapd function
ANDROID: gki_defconfig: enable IPV6_MROUTE_MULTIPLE_TABLES
Revert "ANDROID: gki_defconfig: remove CONFIG_CLEANCACHE from gki_defconfig"
ANDROID: Revert "mm: remove cleancache"
ANDROID: dma-buf: heaps: dmabuf page pool spinlock should be spinlock_t
ANDROID: GKI: Update db845c symbol list for dmabuf_page_pool_get_size
ANDROID: GKI: Update virtual_device symbol list for dmabuf_page_pool_get_size
ANDROID: dma-heap: Let system heap report total pool size
ANDROID: dma-buf: heaps: Add a sysfs file to report total pool size.
ANDROID: block: Prepare for preserving the zoned write order
ANDROID: Update symbol list for Exynos SoC
ANDROID: ABI: Update symbol list for imx
ANDROID: db845c: Update symbol list
ANDROID: preserve CRC for xhci symbols
Revert "raw: use net_hash_mix() in hash function"
Revert "raw: Fix NULL deref in raw_get_next()."
Revert "pwm: Make .get_state() callback return an error code"
Revert "pwm: hibvt: Explicitly set .polarity in .get_state()"
Revert "pwm: cros-ec: Explicitly set .polarity in .get_state()"
Revert "pwm: iqs620a: Explicitly set .polarity in .get_state()"
Revert "pwm: sprd: Explicitly set .polarity in .get_state()"
Revert "pwm: meson: Explicitly set .polarity in .get_state()"
Revert "KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode"
Revert "KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow"
Revert "KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run"
Revert "KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU"
BACKPORT: KVM: arm64: Make vcpu flag updates non-preemptible
BACKPORT: KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs
FROMGIT: usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API
ANDROID: Update symbol list for mtk
FROMGIT: usb: dwc3: gadget: Execute gadget stop after halting the controller
UPSTREAM: scsi: ufs: core: Print trs for pending requests in MCQ mode
UPSTREAM: scsi: ufs: core: Add trace event for MCQ
ANDROID: ABI: update the pixel symbol list
FROMGIT: USB: dwc3: gadget: drop dead hibernation code
FROMGIT: usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
FROMGIT: media: add RealVideo format RV30 and RV40
FROMGIT: media: add Sorenson Spark video format
ANDROID: Update ABI representation for imx symbol list updates
ANDROID: ABI: Add clk/power related symbols for imx
ANDROID: ABI: Add phy/pinctrl/regulator related symbols for imx
ANDROID: ABI: Add bus/mmc/dma related symbols for imx
ANDROID: ABI: Add display related symbols for imx
ANDROID: ABI: Add video/camera related symbols for imx
ANDROID: ABI: Add sensor/led/iput related symbols for imx
ANDROID: ABI: Add usb related symbols for imx
ANDROID: ABI: Add net related symbols for imx
ANDROID: ABI: Add sound/soc/ related symbols for imx
ANDROID: KVM: arm64: Clear the PTEs which are not refcounted on unmap path
Revert "ANDROID: Add utf8_data_table for case-folding support"
ANDROID: Add filp_open_block() for zram
ANDROID: GKI: add init symbol list file for vivo
FROMGIT: clocksource/drivers/timer-mediatek: Split out CPUXGPT timers
ANDROID: dma-buf: Export is_dma_buf_file
Linux 6.1.25
cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
cgroup/cpuset: Skip spread flags update on v2
nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD
nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN
cifs: fix negotiate context parsing
i2c: ocores: generate stop condition after timeout in polling mode
x86/rtc: Remove __init for runtime functions
sched/fair: Fix imbalance overflow
powerpc/papr_scm: Update the NUMA distance table for the target node
i2c: mchp-pci1xxxx: Update Timing registers
ubi: Fix deadlock caused by recursively holding work_sem
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
mptcp: stricter state check in mptcp_worker
mptcp: use mptcp_schedule_work instead of open-coding it
drm/amd/pm: correct SMU13.0.7 max shader clock reporting
drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
cgroup/cpuset: Fix partition root's cpuset.cpus update bug
cgroup: fix display of forceidle time at root
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
scsi: ses: Handle enclosure with just a primary component gracefully
net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
net: phy: nxp-c45-tja11xx: add remove callback
net: sfp: initialize sfp->i2c_block_size at sfp allocation
HID: intel-ish-hid: Fix kernel panic during warm reset
riscv: add icache flush for nommu sigreturn trampoline
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
maple_tree: fix write memory barrier of nodes once dead for RCU mode
tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance
tracing: Add trace_array_puts() to write into instance
KVM: SVM: Flush Hyper-V TLB when required
x86/hyperv: KVM: Rename "hv_enlightenments" to "hv_vmcb_enlightenments"
KVM: SVM: Add a proper field for Hyper-V VMCB enlightenments
KVM: selftests: Move "struct hv_enlightenments" to x86_64/svm.h
x86/hyperv: Move VMCB enlightenment definitions to hyperv-tlfs.h
ACPI: resource: Add Medion S17413 to IRQ override quirk
drm/amdgpu/gfx: set cg flags to enter/exit safe mode
drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs
drm/amdgpu: add mes resume when do gfx post soft reset
wifi: iwlwifi: mvm: protect TXQ list manipulation
wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
nvme: send Identify with CNS 06h only to I/O controllers
asymmetric_keys: log on fatal failures in PE/pkcs7
verify_pefile: relax wrapper length check
hwmon: (xgene) Fix ioremap and memremap leak
hwmon: (peci/cputemp) Fix miscalculated DTS for SKX
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
ACPI: video: Add backlight=native DMI quirk for Acer Aspire 3830TG
block: ublk_drv: mark device as LIVE before adding disk
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
i2c: hisi: Avoid redundant interrupts
i2c: imx-lpi2c: clean rx/tx buffers upon new message
wifi: mwifiex: mark OF related data as maybe unused
selftests/bpf: Fix progs/find_vma_fail1.c build error.
power: supply: axp288_fuel_gauge: Added check for negative values
power: supply: cros_usbpd: reclassify "default case!" as debug
power: supply: rk817: Fix unsigned comparison with less than zero
ARM: dts: qcom: apq8026-lg-lenok: add missing reserved memory
ARM: 9290/1: uaccess: Fix KASAN false-positives
libbpf: Fix single-line struct definition output in btf_dump
skbuff: Fix a race between coalescing and releasing SKBs
net: macb: fix a memory corruption in extended buffer descriptor mode
udp6: fix potential access to stale information
selftests: openvswitch: adjust datapath NL message declaration
RDMA/core: Fix GID entry ref leak when create_ah fails
sctp: fix a potential overflow in sctp_ifwdtsn_skip
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
net: wwan: iosm: Fix error handling path in ipc_pcie_probe()
qlcnic: check pci_reset_function result
drm/armada: Fix a potential double free in an error handling path
Bluetooth: Set ISO Data Path on broadcast sink
Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt
Bluetooth: Fix printing errors if LE Connection times out
Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure
net: openvswitch: fix race on port output
iavf: remove active_cvlans and active_svlans bitmaps
iavf: refactor VLAN filter states
bonding: fix ns validation on backup slaves
tcp: restrict net.ipv4.tcp_app_win
niu: Fix missing unwind goto in niu_alloc_channels()
KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs
KVM: arm64: Initialise hypervisor copies of host symbols unconditionally
bpf, arm64: Fixed a BTI error on returning to patched function
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
dmaengine: apple-admac: Fix 'current_tx' not getting freed
dmaengine: apple-admac: Set src_addr_widths capability
dmaengine: apple-admac: Handle 'global' interrupt flags
LoongArch, bpf: Fix jit to skip speculation barrier opcode
bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp
RDMA/cma: Allow UD qp_type to join multicast only
clk: rs9: Fix suspend/resume
RDMA/erdma: Defer probing if netdevice can not be found
RDMA/erdma: Inline mtt entries into WQE if supported
RDMA/erdma: Update default EQ depth to 4096 and max_send_wr to 8192
IB/mlx5: Add support for 400G_8X lane speed
RDMA/irdma: Add ipv4 check to irdma_find_listener()
RDMA/irdma: Increase iWARP CM default rexmit count
RDMA/irdma: Fix memory leak of PBLE objects
RDMA/irdma: Do not generate SW completions for NOPs
clk: sprd: set max_register according to mapping range
drm/i915/dsi: fix DSS CTL register offsets for TGL+
fbcon: set_con2fb_map needs to set con2fb_map!
fbcon: Fix error paths in set_con2fb_map
KVM: arm64: PMU: Restore the guest's EL0 event counting after migration
mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
mtd: rawnand: meson: fix bitmask for length in command word
mtdblock: tolerate corrected bit-flips
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
btrfs: fix fast csum implementation detection
btrfs: restore the thread_pool= behavior in remount for the end I/O workqueues
Bluetooth: hci_conn: Fix possible UAF
Bluetooth: Free potentially unfreed SCO connection
bluetooth: btbcm: Fix logic error in forming the board name.
Bluetooth: Fix race condition in hidp_session_thread
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
ALSA: hda/hdmi: disable KAE for Intel DG2
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
ALSA: emu10k1: don't create old pass-through playback device on Audigy
ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: emu10k1: fix capture interrupt handler unlinking
drm/amd/display: Pass the right info to drm_dp_remove_payload
Revert "pinctrl: amd: Disable and mask interrupts on resume"
f2fs: remove unnessary comment in __may_age_extent_tree
f2fs: allocate node blocks for atomic write block replacement
f2fs: use cow inode data when updating atomic write
f2fs: remove power-of-two limitation of zoned device
f2fs: allocate trace path buffer from names_cache
ANDROID: ABI: Update the tcpci symbols for pixel
ANDROID: ABI: Add drm_atomic_bridge_chain_disable and drm_atomic_bridge_chain_enable in QCOM symbol list
ANDROID: firmware/psci: Remove PSCI_1_1_FN64_MEM_PROTECT definition
ANDROID: Add initial symbol list for Exynos SoC
f2fs: add has_enough_free_secs()
f2fs: relax sanity check if checkpoint is corrupted
f2fs: refactor f2fs_gc to call checkpoint in urgent condition
f2fs: remove folio_detach_private() in .invalidate_folio and .release_folio
f2fs: remove bulk remove_proc_entry() and unnecessary kobject_del()
f2fs: support iopoll method
Linux 6.1.24
bpftool: Print newline before '}' for struct with padding only fields
mm: enable maple tree RCU mode by default.
maple_tree: add RCU lock checking to rcu callback functions
maple_tree: add smp_rmb() to dead node detection
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
maple_tree: fix freeing of nodes in rcu mode
maple_tree: detect dead nodes in mas_start()
maple_tree: refine ma_state init from mas_start()
maple_tree: be more cautious about dead nodes
maple_tree: fix mas_prev() and mas_find() state handling
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
maple_tree: reduce user error potential
maple_tree: fix potential rcu issue
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
mm: take a page reference when removing device exclusive entries
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
drm/bridge: lt9611: Fix PLL being unable to lock
drm/i915/dp_mst: Fix payload removal during output disabling
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
drm/amd/display: Clear MST topology if it fails to resume
blk-throttle: Fix that bps of child could exceed bps limited in parent
maple_tree: fix a potential concurrency bug in RCU mode
maple_tree: fix get wrong data_end in mtree_lookup_walk()
mm/hugetlb: fix uffd wr-protection for CoW optimization path
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ring-buffer: Fix race while reader and writer are on the same page
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
drm/i915: Fix context runtime accounting
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
ublk: read any SQE values upfront
wifi: mt76: ignore key disable commands
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
zsmalloc: document freeable stats
tracing/synthetic: Make lastcmd_mutex static
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing: Free error logs of tracing instances
tracing/osnoise: Fix notify new tracing_max_latency
tracing/timerlat: Notify new max thread latency
tracing/synthetic: Fix races on freeing last_cmd
net: stmmac: Add queue reset into stmmac_xdp_open() function
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
ACPI: video: Make acpi_backlight=video work independent from GPU driver
ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: isotp: fix race between isotp_sendsmg() and isotp_release()
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
fs: drop peer group ids under namespace lock
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
ftrace: Mark get_lock_parent_ip() __always_inline
perf/core: Fix the same task check in perf_event_set_output
block: don't set GD_NEED_PART_SCAN if scan partition failed
block: ublk: make sure that block size is set correctly
cifs: sanitize paths in cifs_update_super_prepath.
nvme: fix discard support without oncs
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
io_uring: fix memory leak when removing provided buffers
io_uring: fix return value when removing provided buffers
iio: adc: ad7791: fix IRQ flags
blk-mq: directly poll requests
counter: 104-quad-8: Fix Synapse action reported for Index signals
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
coresight: etm4x: Do not access TRCIDR1 for identification
mm: kfence: fix handling discontiguous page
mm: kfence: fix PG_slab and memcg_data clearing
KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
x86/ACPI/boot: Use FADT version to check support for online capable
x86/acpi/boot: Correct acpi_is_processor_usable() check
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
ALSA: hda/realtek: Add quirk for Clevo X370SNW
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
serial: 8250: Prevent starting up DMA Rx on THRI interrupt
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
nilfs2: fix sysfs interface lifetime
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: sh-sci: Fix transmit end interrupt handler
iio: light: cm32181: Unregister second I2C client if present
iio: buffer: make sure O_NONBLOCK is respected
iio: buffer: correctly return bytes written in output buffers
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: adc: qcom-spmi-adc5: Fix the channel name
iio: adis16480: select CONFIG_CRC32
drivers: iio: adc: ltc2497: fix LSB shift
USB: serial: option: add Quectel RM500U-CN modem
USB: serial: option: add Telit FE990 compositions
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: dwc3: pci: add support for the Intel Meteor Lake-S
usb: cdnsp: Fixes error: uninitialized symbol 'len'
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
xhci: Free the command allocated for setting LPM if we return early
usb: xhci: tegra: fix sleep in atomic call
PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
cxl/pci: Handle excessive CDAT length
cxl/pci: Handle truncated CDAT entries
cxl/pci: Handle truncated CDAT header
cxl/pci: Fix CDAT retrieval on big endian
net: stmmac: check fwnode for phy device before scanning for phy
arm64: compat: Work around uninitialized variable warning
gve: Secure enough bytes in the first TX desc for all TCP pkts
netlink: annotate lockless accesses to nlk->max_recvmsg_len
ethtool: reset #lanes when lanes is omitted
ping: Fix potentail NULL deref for /proc/net/icmp.
raw: Fix NULL deref in raw_get_next().
raw: use net_hash_mix() in hash function
ice: Reset FDIR counter in FDIR init stage
ice: fix wrong fallback logic for FDIR
NFSD: callback request does not use correct credential for AUTH_SYS
sunrpc: only free unix grouplist after RCU settles
net: stmmac: fix up RX flow hash indirection table when setting channels
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
gpio: davinci: Add irq chip flag to skip set wake
gpio: davinci: Do not clear the bank intr enable bit in save_context
platform/x86: think-lmi: Clean up display of current_value on Thinkstation
platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
platform/x86: think-lmi: Fix memory leak when showing current settings
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
sctp: check send stream number after wait_for_sndbuf
net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
net: don't let netpoll invoke NAPI if in xmit context
ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
icmp: guard against too small mtu
nfsd: call op_release, even when op_func returns an error
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
wifi: brcmfmac: Fix SDIO suspend/resume regression
l2tp: generate correct module alias strings
net: stmmac: remove redundant fixup to support fixed-link mode
net: stmmac: check if MAC needs to attach to a PHY
net: phylink: add phylink_expects_phy() method
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
KVM: s390: pv: fix external interruption loop not always detected
ASoC: codecs: lpass: fix the order or clks turn off during suspend
pwm: meson: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: Make .get_state() callback return an error code
ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
Drivers: vmbus: Check for channel allocation before looking up relids
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode
dm: fix improper splitting for abnormal bios
dm: change "unsigned" to "unsigned int"
dm integrity: Remove bi_sector that's only used by commented debug code
dm cache: Add some documentation to dm-cache-background-tracker.h
f2fs: remove batched_trim_sections node description
f2fs: fix to check return value of inc_valid_block_count()
f2fs: fix to check return value of f2fs_do_truncate_blocks()
f2fs: fix passing relative address when discard zones
f2fs: fix potential corruption when moving a directory
f2fs: add radix_tree_preload_end in error case
f2fs: fix to recover quota data correctly
f2fs: fix to check readonly condition correctly
docs: f2fs: Correct instruction to disable checkpoint
f2fs: fix to keep consistent i_gc_rwsem lock order
f2fs: fix to drop all dirty pages during umount() if cp_error is set
f2fs: fix to avoid use-after-free for cached IPU bio
f2fs: remove unneeded in-memory i_crtime copy
f2fs: use f2fs_hw_is_readonly() instead of bdev_read_only()
f2fs: use common implementation of file type
f2fs: merge lz4hc_compress_pages() to lz4_compress_pages()
f2fs: convert to use sysfs_emit
f2fs: set default compress option only when sb_has_compression
f2fs: Fix system crash due to lack of free space in LFS
f2fs: remove struct victim_selection default_v_ops
f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block
f2fs: fix iostat lock protection
f2fs: fix align check for npo2
f2fs: add compression feature check for all compress mount opt
f2fs: convert is_extension_exist() to return bool type
f2fs: fix scheduling while atomic in decompression path
f2fs: preserve direct write semantics when buffering is forced
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
f2fs: remove else in f2fs_write_cache_pages()
f2fs: apply zone capacity to all zone type
f2fs: fix to handle filemap_fdatawrite() error in f2fs_ioc_decompress_file/f2fs_ioc_compress_file
f2fs: convert to MAX_SBI_FLAG instead of 32 in stat_show()
f2fs: Fix discard bug on zoned block devices with 2MiB zone size
f2fs: remove entire rb_entry sharing
f2fs: factor out discard_cmd usage from general rb_tree use
f2fs: factor out victim_entry usage from general rb_tree use
f2fs: fix uninitialized skipped_gc_rwsem
f2fs: handle dqget error in f2fs_transfer_project_quota()
f2fs: convert to use bitmap API
f2fs: export compress_percent and compress_watermark entries
f2fs: make f2fs_sync_inode_meta() static
f2fs: Fix f2fs_truncate_partial_nodes ftrace event
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/serial/renesas,scif.yaml
android/abi_gki_aarch64.stg
net/qrtr/af_qrtr.c
net/qrtr/ns.c
Change-Id: I2b2b2f1569aa65700b2382c7ea4ea5d84c8f573c
Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@10066587 UKQ2.230504.001
Signed-off-by: jianzhou <quic_jianzhou@quicinc.com>
|
||
Lorenzo Stoakes
|
6b5b755463 |
mm/mempolicy: correctly update prev when policy is equal on mbind
commit 00ca0f2e86bf40b016a646e6323a8941a09cf106 upstream.
The refactoring in commit f4e9e0e69468 ("mm/mempolicy: fix use-after-free
of VMA iterator") introduces a subtle bug which arises when attempting to
apply a new NUMA policy across a range of VMAs in mbind_range().
The refactoring passes a **prev pointer to keep track of the previous VMA
in order to reduce duplication, and in all but one case it keeps this
correctly updated.
The bug arises when a VMA within the specified range has an equivalent
policy as determined by mpol_equal() - which unlike other cases, does not
update prev.
This can result in a situation where, later in the iteration, a VMA is
found whose policy does need to change. At this point, vma_merge() is
invoked with prev pointing to a VMA which is before the previous VMA.
Since vma_merge() discovers the curr VMA by looking for the one
immediately after prev, it will now be in a situation where this VMA is
incorrect and the merge will not proceed correctly.
This is checked in the VM_WARN_ON() invariant case with end >
curr->vm_end, which, if a merge is possible, results in a warning (if
CONFIG_DEBUG_VM is specified).
I note that vma_merge() performs these invariant checks only after
merge_prev/merge_next are checked, which is debatable as it hides this
issue if no merge is possible even though a buggy situation has arisen.
The solution is simply to update the prev pointer even when policies are
equal.
This caused a bug to arise in the 6.2.y stable tree, and this patch
resolves this bug.
Link: https://lkml.kernel.org/r/83f1d612acb519d777bebf7f3359317c4e7f4265.1682866629.git.lstoakes@gmail.com
Fixes: f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator")
Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/oe-lkp/202304292203.44ddeff6-oliver.sang@intel.com
Cc: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Mark Rutland
|
da4c747730 |
kasan: hw_tags: avoid invalid virt_to_page()
commit 29083fd84da576bfb3563d044f98d38e6b338f00 upstream.
When booting with 'kasan.vmalloc=off', a kernel configured with support
for KASAN_HW_TAGS will explode at boot time due to bogus use of
virt_to_page() on a vmalloc adddress. With CONFIG_DEBUG_VIRTUAL selected
this will be reported explicitly, and with or without CONFIG_DEBUG_VIRTUAL
the kernel will dereference a bogus address:
| ------------[ cut here ]------------
| virt_to_phys used for non-linear address: (____ptrval____) (0xffff800008000000)
| WARNING: CPU: 0 PID: 0 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x78/0x80
| Modules linked in:
| CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-rc3-00073-g83865133300d-dirty #4
| Hardware name: linux,dummy-virt (DT)
| pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : __virt_to_phys+0x78/0x80
| lr : __virt_to_phys+0x78/0x80
| sp : ffffcd076afd3c80
| x29: ffffcd076afd3c80 x28: 0068000000000f07 x27: ffff800008000000
| x26: fffffbfff0000000 x25: fffffbffff000000 x24: ff00000000000000
| x23: ffffcd076ad3c000 x22: fffffc0000000000 x21: ffff800008000000
| x20: ffff800008004000 x19: ffff800008000000 x18: ffff800008004000
| x17: 666678302820295f x16: ffffffffffffffff x15: 0000000000000004
| x14: ffffcd076b009e88 x13: 0000000000000fff x12: 0000000000000003
| x11: 00000000ffffefff x10: c0000000ffffefff x9 : 0000000000000000
| x8 : 0000000000000000 x7 : 205d303030303030 x6 : 302e30202020205b
| x5 : ffffcd076b41d63f x4 : ffffcd076afd3827 x3 : 0000000000000000
| x2 : 0000000000000000 x1 : ffffcd076afd3a30 x0 : 000000000000004f
| Call trace:
| __virt_to_phys+0x78/0x80
| __kasan_unpoison_vmalloc+0xd4/0x478
| __vmalloc_node_range+0x77c/0x7b8
| __vmalloc_node+0x54/0x64
| init_IRQ+0x94/0xc8
| start_kernel+0x194/0x420
| __primary_switched+0xbc/0xc4
| ---[ end trace 0000000000000000 ]---
| Unable to handle kernel paging request at virtual address 03fffacbe27b8000
| Mem abort info:
| ESR = 0x0000000096000004
| EC = 0x25: DABT (current EL), IL = 32 bits
| SET = 0, FnV = 0
| EA = 0, S1PTW = 0
| FSC = 0x04: level 0 translation fault
| Data abort info:
| ISV = 0, ISS = 0x00000004
| CM = 0, WnR = 0
| swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041bc5000
| [03fffacbe27b8000] pgd=0000000000000000, p4d=0000000000000000
| Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
| Modules linked in:
| CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.3.0-rc3-00073-g83865133300d-dirty #4
| Hardware name: linux,dummy-virt (DT)
| pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
| pc : __kasan_unpoison_vmalloc+0xe4/0x478
| lr : __kasan_unpoison_vmalloc+0xd4/0x478
| sp : ffffcd076afd3ca0
| x29: ffffcd076afd3ca0 x28: 0068000000000f07 x27: ffff800008000000
| x26: 0000000000000000 x25: 03fffacbe27b8000 x24: ff00000000000000
| x23: ffffcd076ad3c000 x22: fffffc0000000000 x21: ffff800008000000
| x20: ffff800008004000 x19: ffff800008000000 x18: ffff800008004000
| x17: 666678302820295f x16: ffffffffffffffff x15: 0000000000000004
| x14: ffffcd076b009e88 x13: 0000000000000fff x12: 0000000000000001
| x11: 0000800008000000 x10: ffff800008000000 x9 : ffffb2f8dee00000
| x8 : 000ffffb2f8dee00 x7 : 205d303030303030 x6 : 302e30202020205b
| x5 : ffffcd076b41d63f x4 : ffffcd076afd3827 x3 : 0000000000000000
| x2 : 0000000000000000 x1 : ffffcd076afd3a30 x0 : ffffb2f8dee00000
| Call trace:
| __kasan_unpoison_vmalloc+0xe4/0x478
| __vmalloc_node_range+0x77c/0x7b8
| __vmalloc_node+0x54/0x64
| init_IRQ+0x94/0xc8
| start_kernel+0x194/0x420
| __primary_switched+0xbc/0xc4
| Code: d34cfc08 aa1f03fa 8b081b39 d503201f (f9400328)
| ---[ end trace 0000000000000000 ]---
| Kernel panic - not syncing: Attempted to kill the idle task!
This is because init_vmalloc_pages() erroneously calls virt_to_page() on
a vmalloc address, while virt_to_page() is only valid for addresses in
the linear/direct map. Since init_vmalloc_pages() expects virtual
addresses in the vmalloc range, it must use vmalloc_to_page() rather
than virt_to_page().
We call init_vmalloc_pages() from __kasan_unpoison_vmalloc(), where we
check !is_vmalloc_or_module_addr(), suggesting that we might encounter a
non-vmalloc address. Luckily, this never happens. By design, we only
call __kasan_unpoison_vmalloc() on pointers in the vmalloc area, and I
have verified that we don't violate that expectation. Given that,
is_vmalloc_or_module_addr() must always be true for any legitimate
argument to __kasan_unpoison_vmalloc().
Correct init_vmalloc_pages() to use vmalloc_to_page(), and remove the
redundant and misleading use of is_vmalloc_or_module_addr() in
__kasan_unpoison_vmalloc().
Link: https://lkml.kernel.org/r/20230418164212.1775741-1-mark.rutland@arm.com
Fixes:
|
||
Jan Kara
|
8d67449f90 |
mm: do not reclaim private data from pinned page
commit d824ec2a154677f63c56cc71ffe4578274f6e32e upstream. If the page is pinned, there's no point in trying to reclaim it. Furthermore if the page is from the page cache we don't want to reclaim fs-private data from the page because the pinning process may be writing to the page at any time and reclaiming fs private info on a dirty page can upset the filesystem (see link below). Link: https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz Link: https://lkml.kernel.org/r/20230428124140.30166-1-jack@suse.cz Signed-off-by: Jan Kara <jack@suse.cz> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: John Hubbard <jhubbard@nvidia.com> Acked-by: David Hildenbrand <david@redhat.com> Acked-by: Peter Xu <peterx@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Liam R. Howlett
|
862ea63fad |
mm/mempolicy: fix use-after-free of VMA iterator
commit f4e9e0e69468583c2c6d9d5c7bfc975e292bf188 upstream.
set_mempolicy_home_node() iterates over a list of VMAs and calls
mbind_range() on each VMA, which also iterates over the singular list of
the VMA passed in and potentially splits the VMA. Since the VMA iterator
is not passed through, set_mempolicy_home_node() may now point to a stale
node in the VMA tree. This can result in a UAF as reported by syzbot.
Avoid the stale maple tree node by passing the VMA iterator through to the
underlying call to split_vma().
mbind_range() is also overly complicated, since there are two calling
functions and one already handles iterating over the VMAs. Simplify
mbind_range() to only handle merging and splitting of the VMAs.
Align the new loop in do_mbind() and existing loop in
set_mempolicy_home_node() to use the reduced mbind_range() function. This
allows for a single location of the range calculation and avoids
constantly looking up the previous VMA (since this is a loop over the
VMAs).
Link: https://lore.kernel.org/linux-mm/000000000000c93feb05f87e24ad@google.com/
Fixes:
|
||
|
jianzhou
|
2f6c3deee2 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.23 (4ab5627) into msm-pineapple
* refs/heads/tmp-4ab5627:
ANDROID: Update symbol list for mtk
ANDROID: module: Add vendor hooks
ANDROID: kernel: Add restricted vendor hook in creds
ANDROID: enable CONFIG_USB_XHCI_PCI_RENESAS in gki_defconfig
ANDROID: Add utf8_data_table for case-folding support
UPSTREAM: usb: typec: altmodes/displayport: Add hpd sysfs attribute
ANDROID: vendor_hooks: Add vendor hook for tcpm logs
ANDROID: usb: typec: tcpm: Add vendor hook to modify port src caps
ANDROID: usb: typec: tcpm: Add vendor hook to store partner source capabilities
ANDROID: usb: typec: tcpm: vendor hook for timer adjustments
ANDROID: usb: typec: tcpci: Add vendor hook to mask vbus present
ANDROID: usb: typec: tcpci: Add vendor hooks for tcpci interface
UPSTREAM: scsi: ufs: mcq: Use active_reqs to check busy in clock scaling
FROMLIST: xfrm: Skip checking of already-verified secpath entries
Revert "Fix XFRM-I support for nested ESP tunnels"
FROMLIST: xfrm: Ensure policy checked for nested ESP tunnels
ANDROID: Update the ABI symbol list for typec mux
ANDROID: Update the ABI symbol list for typec port management
ANDROID: ABI: Add __irq_set_handler and irq_set_handler_data in QCOM symbol list
FROMGIT: soc: qcom: geni-se: Update Tx and Rx fifo depth based on QUP HW version
FROMGIT: soc: qcom: geni-se: Move qcom-geni-se.h to linux/soc/qcom/geni-se.h
ANDROID: CONFIG_PKVM_MODULE_PATH to /lib/modules/
ANDROID: KVM: arm64: Add a fallback for pKVM module loading
ANDROID: KVM: arm64: Add a custom module path for pKVM module loading
ANDROID: update the pixel symbol list
ANDROID: Add ufs symbol for mtk
ANDROID: scsi: ufs: Add hook to influence the UFS clock scaling policy
UPSTREAM: mm: multi-gen LRU: simplify lru_gen_look_around()
UPSTREAM: mm: multi-gen LRU: improve walk_pmd_range()
UPSTREAM: mm: multi-gen LRU: improve lru_gen_exit_memcg()
UPSTREAM: mm: multi-gen LRU: section for memcg LRU
UPSTREAM: mm: multi-gen LRU: section for Bloom filters
UPSTREAM: mm: multi-gen LRU: section for rmap/PT walk feedback
UPSTREAM: mm: multi-gen LRU: section for working set protection
UPSTREAM: mm: support POSIX_FADV_NOREUSE
UPSTREAM: mm: add vma_has_recency()
ANDROID: 4/12/2023 KMI update
ANDROID: ABI: remove stale symbol
ANDROID: fuse: Support errors from fuse daemon in canonical path
ANDROID: abi_gki_aarch64_qcom: Add memremap_pages and memunmap_pages
ANDROID: Enable CONFIG_ZONE_DEVICE
Revert "Revert "block/io_uring: pass in issue_flags for uring_cmd task_work handling""
Revert "Revert "net: mdio: fix owner field for mdio buses registered using device-tree""
FROMGIT: wifi: cfg80211/mac80211: report link ID on control port RX
UPSTREAM: iommu: Rename iommu-sva-lib.{c,h}
UPSTREAM: iommu: Per-domain I/O page fault handling
UPSTREAM: iommu: Prepare IOMMU domain for IOPF
UPSTREAM: iommu: Remove SVA related callbacks from iommu ops
UPSTREAM: iommu/sva: Refactoring iommu_sva_bind/unbind_device()
UPSTREAM: arm-smmu-v3/sva: Add SVA domain support
UPSTREAM: iommu/vt-d: Add SVA domain support
UPSTREAM: iommu: Add IOMMU SVA domain support
UPSTREAM: iommu: Add attach/detach_dev_pasid iommu interfaces
UPSTREAM: PCI: Enable PASID only when ACS RR & UF enabled on upstream path
UPSTREAM: iommu: Remove SVM_FLAG_SUPERVISOR_MODE support
UPSTREAM: iommu: Add max_pasids field in struct dev_iommu
UPSTREAM: iommu: Add max_pasids field in struct iommu_device
ANDROID: GKI: fscrypt: add ABI padding to struct fscrypt_operations
ANDROID: abi_gki_aarch64_qcom: Add sock_gen_put
ANDROID: arm64: Implement hypervisor workaround for SoCs with DMA beyond the PoC
ANDROID: GKI: add symbol list file for xiaomi
ANDROID: Add initial symbols list for imx
ANDROID: Add initial symbol list for mtk
ANDROID: virt: gunyah: Move arch_is_gh_guest under RM probe
ANDROID: GKI: Enable CONFIG_USB_CONFIGFS_F_UAC2
ANDROID: Update the pixel symbol list
BACKPORT: FROMLIST: Revert "scsi: ufs: core: Initialize devfreq synchronously"
ANDROID: abi_gki_aarch64_qcom: update abi
ANDROID: abi_gki_aarch64_qcom: Further update symbol list
ANDROID: GKI: Convert 80211 modules as unprotected
ANDROID: ABI: Update QCOM symbol list
Revert "FROMGIT: scsi: ufs: ufs-qcom: Add support for reinitializing the UFS device"
Revert "FROMGIT: scsi: ufs: ufs-qcom: Add support for finding max gear on new platforms"
Revert "block/io_uring: pass in issue_flags for uring_cmd task_work handling"
ANDROID: abi_gki_aarch64_qcom: Add of_icc_get_from_provider
FROMLIST: staging: greybus: drop loopback test files
ANDROID: KVM: arm64: Prevent pKVM module loading after IOMMU init
ANDROID: KVM: arm64: Factor out logic for setting SVE vector length at hyp
ANDROID: KVM: arm64: Fix pKVM module loading close
ANDROID: KVM: arm64: Handle permission issue while loading pKVM module
Linux 6.1.23
Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*"
x86/PVH: avoid 32-bit build warning when obtaining VGA console info
hsr: ratelimit only when errors are printed
drm/amdkfd: Get prange->offset after svm_range_vram_node_new
usb: ucsi: Fix ucsi->connector race
libbpf: Fix btf_dump's packed struct determination
selftests/bpf: Add few corner cases to test padding handling of btf_dump
libbpf: Fix BTF-to-C converter's padding logic
selftests/bpf: Test btf dump for struct with padding only fields
net: dsa: mv88e6xxx: replace VTU violation prints with trace points
net: dsa: mv88e6xxx: replace ATU violation prints with trace points
net: dsa: mv88e6xxx: read FID when handling ATU violations
KVM: arm64: Disable interrupts while walking userspace PTs
KVM: arm64: PMU: Fix GET_ONE_REG for vPMC regs to return the current value
drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk
drm/i915: Disable DC states for all commits
drm/i915/dpt: Treat the DPT BO as a framebuffer
drm/i915/gem: Flush lmem contents after construction
drm/amd/display: Take FEC Overhead into Timeslot Calculation
drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
drm/amdgpu: allow more APUs to do mode2 reset when go to S4
drm/etnaviv: fix reference leak when mmaping imported buffer
s390: reintroduce expoline dependence to scripts
s390/uaccess: add missing earlyclobber annotations to __clear_user()
dt-bindings: mtd: jedec,spi-nor: Document CPOL/CPHA support
rcu: Fix rcu_torture_read ftrace event
xtensa: fix KASAN report for show_stack
ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
ALSA: hda/realtek: Add quirks for some Clevo laptops
ALSA: usb-audio: Fix regression on detection of Roland VS-100
ALSA: hda/conexant: Partial revert of a quirk for Lenovo
NFSv4: Fix hangs when recovering open state after a server reboot
powerpc/64s: Fix __pte_needs_flush() false positive warning
powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled
powerpc: Don't try to copy PPR for task with NULL pt_regs
platform/x86: ideapad-laptop: Stop sending KEY_TOUCHPAD_TOGGLE
pinctrl: at91-pio4: fix domain name assignment
pinctrl: amd: Disable and mask interrupts on resume
modpost: Fix processing of CRCs on 32-bit build machines
net: phy: dp83869: fix default value for tx-/rx-internal-delay
xen/netback: don't do grant copy across page boundary
can: j1939: prevent deadlock by moving j1939_sk_errqueue()
dm: fix __send_duplicate_bios() to always allow for splitting IO
zonefs: Always invalidate last cached page on append write
vmxnet3: use gro callback when UPT is enabled
io_uring: fix poll/netmsg alloc caches
io_uring/rsrc: fix rogue rsrc node grabbing
io_uring/poll: clear single/double poll flags on poll arming
block/io_uring: pass in issue_flags for uring_cmd task_work handling
zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space
btrfs: scan device in non-exclusive mode
btrfs: fix race between quota disable and quota assign ioctls
btrfs: fix deadlock when aborting transaction during relocation with scrub
Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
Input: i8042 - add quirk for Fujitsu Lifebook A574/H
cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
cifs: prevent infinite recursion in CIFSGetDFSRefer()
Input: focaltech - use explicitly signed char type
Input: alps - fix compatibility with -funsigned-char
Input: i8042 - add TUXEDO devices to i8042 quirk tables for partial fix
iommu/vt-d: Allow zero SAGAW if second-stage not supported
Input: xpad - fix incorrectly applied patch for MAP_PROFILE_BUTTON
pinctrl: ocelot: Fix alt mode for ocelot
net: ethernet: mtk_eth_soc: add missing ppe cache flush when deleting a flow
net: ethernet: mtk_eth_soc: fix flow block refcounting logic
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
bnxt_en: Add missing 200G link speed reporting
bnxt_en: Fix typo in PCI id to device description string mapping
bnxt_en: Fix reporting of test result in ethtool selftest
i40e: fix registers dump after run ethtool adapter self test
net: ipa: compute DMA pool size properly
ALSA: ymfpci: Fix BUG_ON in probe function
ALSA: ymfpci: Create card with device-managed snd_devm_card_new()
ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg()
ice: add profile conflict check for AVF FDIR
ice: Fix ice_cfg_rdma_fltr() to only update relevant fields
smsc911x: avoid PHY being resumed when interface is not up
net: mvpp2: parser fix PPPoE
net: mvpp2: parser fix QinQ
net: mvpp2: classifier flow fix fragmentation flags
loop: LOOP_CONFIGURE: send uevents for partitions
ACPI: bus: Rework system-level device notification handling
s390/vfio-ap: fix memory leak in vfio_ap device driver
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
net: stmmac: don't reject VLANs when IFF_PROMISC is set
net/net_failover: fix txq exceeding warning
regulator: Handle deferred clk
r8169: fix RTL8168H and RTL8107E rx crc error
net: dsa: microchip: ksz8: fix MDB configuration with non-zero VID
net: dsa: microchip: ksz8863_smi: fix bulk access
net: dsa: microchip: ksz8: ksz8_fdb_dump: avoid extracting ghost entry from empty dynamic MAC table.
net: dsa: microchip: ksz8: fix offset for the timestamp filed
net: dsa: microchip: ksz8: fix ksz8_fdb_dump() to extract all 1024 entries
net: dsa: microchip: ksz8: fix ksz8_fdb_dump()
ptp_qoriq: fix memory leak in probe()
net: dsa: realtek: fix out-of-bounds access
scsi: mpt3sas: Don't print sense pool info twice
scsi: megaraid_sas: Fix crash after a double completion
sfc: ef10: don't overwrite offload features at NIC reset
SUNRPC: fix shutdown of NFS TCP client socket
mtd: rawnand: meson: invalidate cache on polling ECC bit
platform/surface: aggregator: Add missing fwnode_handle_put()
platform/x86: think-lmi: Add possible_values for ThinkStation
platform/x86: think-lmi: only display possible_values if available
platform/x86: think-lmi: use correct possible_values delimiters
platform/x86: think-lmi: add missing type attribute
PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
ALSA: usb-audio: Fix recursive locking at XRUN during syncing
mips: bmips: BCM6358: disable RAC flush for TP1
riscv/kvm: Fix VM hang in case of timer delta being zero.
ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
mtd: nand: mxic-ecc: Fix mxic_ecc_data_xfer_wait_for_completion() when irq is used
mtd: rawnand: meson: initialize struct with zeroes
btrfs: use temporary variable for space_info in btrfs_update_block_group
btrfs: fix uninitialized variable warning in btrfs_update_block_group
tracing: Fix wrong return in kprobe_event_gen_test.c
tools/power turbostat: fix decoding of HWP_STATUS
tools/power turbostat: Fix /dev/cpu_dma_latency warnings
fbdev: au1200fb: Fix potential divide by zero
fbdev: lxfb: Fix potential divide by zero
fbdev: intelfb: Fix potential divide by zero
fbdev: nvidia: Fix potential divide by zero
net/mlx5e: Lower maximum allowed MTU in XSK to match XDP prerequisites
drm/amdkfd: Fixed kfd_process cleanup on module exit.
nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range
fbdev: tgafb: Fix potential divide by zero
ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
ALSA: asihpi: check pao in control_message()
net: hsr: Don't log netdev_err message on unknown prp dst node
drm/amdkfd: fix potential kgd_mem UAFs
drm/amdkfd: fix a potential double free in pqm_create_queue
drm/amdkfd: Fix BO offset for multi-VMA page migration
x86/PVH: obtain VGA console info in Dom0
md: avoid signed overflow in slot_store()
ASoC: SOF: IPC4: update gain ipc msg definition to align with fw
ASoC: SOF: Intel: pci-tng: revert invalid bar size setting
ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit
ASoC: SOF: ipc3: Check for upper size limit for the received message
ACPI: video: Add backlight=native DMI quirk for Dell Vostro 15 3535
zstd: Fix definition of assert()
ASoC: Intel: avs: nau8825: Adjust clock control
ASoC: Intel: avs: ssm4567: Remove nau8825 bits
ASoC: Intel: avs: da7219: Explicitly define codec format
ASoC: Intel: avs: max98357a: Explicitly define codec format
ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
xfrm: Zero padding when dumping algos and encap
cifs: fix missing unload_nls() in smb2_reconnect()
arm64: efi: Set NX compat flag in PE/COFF header
net: mscc: ocelot: fix stats region batching
tracing: Do not let histogram values have some modifiers
tracing: Add .graph suffix option to histogram value
tracing: Add .percent suffix option to histogram values
tty: serial: fsl_lpuart: fix race on RX DMA shutdown
tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API
drm/msm/disp/dpu: fix sc7280_pp base offset
drm/msm/dpu: correct sm8250 and sm8350 scaler
drm/msm/dpu: Refactor sc7280_pp location
ARM: dts: aspeed: p10bmc: Update battery node name
riscv: ftrace: Fixup panic by disabling preemption
net: ethernet: ti: am65-cpsw/cpts: Fix CPTS release action
btrfs: zoned: count fresh BG region as zone unusable
btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING
kcsan: avoid passing -g for test
kernel: kcsan: kcsan_test: build without structleak plugin
fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
zonefs: Fix error message in zonefs_file_dio_append()
zonefs: Separate zone information from inode information
zonefs: Reduce struct zonefs_inode_info size
zonefs: Simplify IO error handling
zonefs: Reorganize code
cifs: avoid race conditions with parallel reconnects
cifs: prevent data race in cifs_reconnect_tcon()
cifs: update ip_addr for ses only for primary chan setup
thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers
ANDROID: usb: f_accessory: Check buffer size when initialised via composite
ANDROID: MGLRU: Avoid reactivation of anon pages on swap full
FROMGIT: f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block
ANDROID: incremental fs: Evict inodes before freeing mount data
ANDROID: fsnotify: Notify lower fs of open
ANDROID: fuse-bpf: Run bpf with migration disabled
ANDROID: fuse-bpf: Do not change bpf program in lookups
FROMGIT: ASoC: codecs: lpass: fix the order or clks turn off during suspend
ANDROID: GKI: Add a filegroup instead of _aarch64_additional_kmi symbol list
UPSTREAM: wifi: nl80211: fix puncturing bitmap policy
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/mtd/jedec,spi-nor.yaml
drivers/ufs/host/ufs-qcom.c
Change-Id: I7004221a9c748e28c3860cb57e3da9049a25481a
Signed-off-by: jianzhou <quic_jianzhou@quicinc.com>
|
||
Chris Goldsworthy
|
342be123fd |
ANDROID: mm: Create hooks for ZONE_MOVABLE allocs
Create a vendor hook inside of gfp_zone() to modify which allocations
get to enter ZONE_MOVABLE, by zeroing out __GFP_HIGHMEM inside of the
trace hook based on certain conditions.
Separately, create a trace hook in the readahead path to affect the
behavior of the tracehook in gfp_zone().
In 5.15, we had set_skip_swapcache_flags trace-hook in do_swap_page()
but commit ac26e9c7b809 ("ANDROID: cma: allow to use CMA in swap-in path")
added __GFP_CMA explicitly, so the set_skip_swapcache_flags trace hook
is no longer needed.
Note: To comply with vendor hook guidlines, avoid including types.h in
trace/hooks/mm.h and use unsigned int for gfp_t.
Bug: 158645321
Change-Id: Idfa6b0b06b1b819d706c847e702bc94ddf7aa55a
Signed-off-by: Chris Goldsworthy <cgoldswo@codeaurora.org>
Signed-off-by: Sukadev Bhattiprolu <quic_sukadev@quicinc.com>
|
||
Vinayak Menon
|
31f15608bb |
ANDROID: zram: allow zram to allocate CMA pages
Though zram pages are movable, they aren't allowed to enter MIGRATE_CMA pageblocks. zram is not seen to pin pages for long which can cause an issue. Moreover allowing zram to pick CMA pages can be helpful in cases seen where zram order 0 alloc fails when there are lots of free cma pages, resulting in kswapd or direct reclaim not making enough progress. Bug: 158645321 Link: https://lore.kernel.org/linux-mm/4c77bb100706b714213ff840d827a48e40ac9177.1604282969.git.cgoldswo@codeaurora.org/ Change-Id: I31f4a21781cdb31982a768daa59e9546d7667b08 Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> Signed-off-by: Chris Goldsworthy <cgoldswo@codeaurora.org> Signed-off-by: Suren Baghdasaryan <surenb@google.com> [isaacm@codeaurora.org: Resolve trivial merge conflicts] Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> Signed-off-by: Sukadev Bhattiprolu <quic_sukadev@quicinc.com> |
||
|
Chris Goldsworthy
|
433445e9a1 |
ANDROID: mm: add cma pcp list
Add a PCP list for __GFP_CMA allocations so as not to deprive MIGRATE_MOVABLE allocations quick access to pages on their PCP lists. Bug: 158645321 Change-Id: I9831eed113ec9e851b4f651755205ac9cf23b9be Signed-off-by: Liam Mark <lmark@codeaurora.org> Signed-off-by: Chris Goldsworthy <cgoldswo@codeaurora.org> [isaacm@codeaurora.org: Resolve merge conflicts related to new mm features] Signed-off-by: Isaac J. Manjarres <isaacm@quicinc.com> quic_sukadev@quicinc.com: Resolve merge conflicts due to earlier patch dropping gfp_flags;drop BUILD_BUG_ON related to MIGRATETYPE_HIGHATOMIC since its value changed. Signed-off-by: Sukadev Bhattiprolu <quic_sukadev@quicinc.com> |
||
Heesub Shin
|
f60c5572d2 |
ANDROID: cma: redirect page allocation to CMA
CMA pages are designed to be used as fallback for movable allocations and cannot be used for non-movable allocations. If CMA pages are utilized poorly, non-movable allocations may end up getting starved if all regular movable pages are allocated and the only pages left are CMA. Always using CMA pages first creates unacceptable performance problems. As a midway alternative, use CMA pages for certain userspace allocations. The userspace pages can be migrated or dropped quickly which giving decent utilization. Additionally, add a fall-backs for failed CMA allocations in rmqueue() and __rmqueue_pcplist() (the latter addition being driven by a report by the kernel test robot); these fallbacks were dealt with differently in the original version of the patch as the rmqueue() call chain has changed). Bug: 158645321 Link: https://lore.kernel.org/lkml/cover.1604282969.git.cgoldswo@codeaurora.org/ Change-Id: Iad46f0405b416e29ae788f82b79c9953513a9c9d Reported-by: kernel test robot <rong.a.chen@intel.com> Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by: Heesub Shin <heesub.shin@samsung.com> Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> [cgoldswo@codeaurora.org: Place in bugfixes; remove cma_alloc zone flag] Signed-off-by: Chris Goldsworthy <cgoldswo@codeaurora.org> [isaacm@codeaurora.org: Resolve merge conflicts to account for new mm features] Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> [quic_sukadev@quicinc.com: dropped unused gfp_flags parameter to __rmqueue_pcplist(), resolved some conflicts] Signed-off-by: Sukadev Bhattiprolu <quic_sukadev@quicinc.com> |
||
Charan Teja Reddy
|
88153d9a99 |
ANDROID: vmscan: Support multiple kswapd threads per node
Page replacement is handled in the Linux Kernel in one of two ways:
1) Asynchronously via kswapd
2) Synchronously, via direct reclaim
At page allocation time the allocating task is immediately given a page
from the zone free list allowing it to go right back to work doing
whatever it was doing; Probably directly or indirectly executing business
logic.
Just prior to satisfying the allocation, free pages is checked to see if
it has reached the zone low watermark and if so, kswapd is awakened.
Kswapd will start scanning pages looking for inactive pages to evict to
make room for new page allocations. The work of kswapd allows tasks to
continue allocating memory from their respective zone free list without
incurring any delay.
When the demand for free pages exceeds the rate that kswapd tasks can
supply them, page allocation works differently. Once the allocating task
finds that the number of free pages is at or below the zone min watermark,
the task will no longer pull pages from the free list. Instead, the task
will run the same CPU-bound routines as kswapd to satisfy its own
allocation by scanning and evicting pages. This is called a direct reclaim.
The time spent performing a direct reclaim can be substantial, often
taking tens to hundreds of milliseconds for small order0 allocations to
half a second or more for order9 huge-page allocations. In fact, kswapd is
not actually required on a linux system. It exists for the sole purpose of
optimizing performance by preventing direct reclaims.
When memory shortfall is sufficient to trigger direct reclaims, they can
occur in any task that is running on the system. A single aggressive
memory allocating task can set the stage for collateral damage to occur in
small tasks that rarely allocate additional memory. Consider the impact of
injecting an additional 100ms of latency when nscd allocates memory to
facilitate caching of a DNS query.
The presence of direct reclaims 10 years ago was a fairly reliable
indicator that too much was being asked of a Linux system. Kswapd was
likely wasting time scanning pages that were ineligible for eviction.
Adding RAM or reducing the working set size would usually make the problem
go away. Since then hardware has evolved to bring a new struggle for
kswapd. Storage speeds have increased by orders of magnitude while CPU
clock speeds stayed the same or even slowed down in exchange for more
cores per package. This presents a throughput problem for a single
threaded kswapd that will get worse with each generation of new hardware.
Test Details
NOTE: The tests below were run with shadow entries disabled. See the
associated patch and cover letter for details
The tests below were designed with the assumption that a kswapd bottleneck
is best demonstrated using filesystem reads. This way, the inactive list
will be full of clean pages, simplifying the analysis and allowing kswapd
to achieve the highest possible steal rate. Maximum steal rates for kswapd
are likely to be the same or lower for any other mix of page types on the
system.
Tests were run on a 2U Oracle X7-2L with 52 Intel Xeon Skylake 2GHz cores,
756GB of RAM and 8 x 3.6 TB NVMe Solid State Disk drives. Each drive has
an XFS file system mounted separately as /d0 through /d7. SSD drives
require multiple concurrent streams to show their potential, so I created
eleven 250GB zero-filled files on each drive so that I could test with
parallel reads.
The test script runs in multiple stages. At each stage, the number of dd
tasks run concurrently is increased by 2. I did not include all of the
test output for brevity.
During each stage dd tasks are launched to read from each drive in a round
robin fashion until the specified number of tasks for the stage has been
reached. Then iostat, vmstat and top are started in the background with 10
second intervals. After five minutes, all of the dd tasks are killed and
the iostat, vmstat and top output is parsed in order to report the
following:
CPU consumption
- sy - aggregate kernel mode CPU consumption from vmstat output. The value
doesn't tend to fluctuate much so I just grab the highest value.
Each sample is averaged over 10 seconds
- dd_cpu - for all of the dd tasks averaged across the top samples since
there is a lot of variation.
Throughput
- in Kbytes
- Command is iostat -x -d 10 -g total
This first test performs reads using O_DIRECT in order to show the maximum
throughput that can be obtained using these drives. It also demonstrates
how rapidly throughput scales as the number of dd tasks are increased.
The dd command for this test looks like this:
Command Used: dd iflag=direct if=/d${i}/$n of=/dev/null bs=4M
Test #1: Direct IO
dd sy dd_cpu throughput
6 0 2.33 14726026.40
10 1 2.95 19954974.80
16 1 2.63 24419689.30
22 1 2.63 25430303.20
28 1 2.91 26026513.20
34 1 2.53 26178618.00
40 1 2.18 26239229.20
46 1 1.91 26250550.40
52 1 1.69 26251845.60
58 1 1.54 26253205.60
64 1 1.43 26253780.80
70 1 1.31 26254154.80
76 1 1.21 26253660.80
82 1 1.12 26254214.80
88 1 1.07 26253770.00
90 1 1.04 26252406.40
Throughput was close to peak with only 22 dd tasks. Very little system CPU
was consumed as expected as the drives DMA directly into the user address
space when using direct IO.
In this next test, the iflag=direct option is removed and we only run the
test until the pgscan_kswapd from /proc/vmstat starts to increment. At
that point metrics are parsed and reported and the pagecache contents are
dropped prior to the next test. Lather, rinse, repeat.
Test #2: standard file system IO, no page replacement
dd sy dd_cpu throughput
6 2 28.78 5134316.40
10 3 31.40 8051218.40
16 5 34.73 11438106.80
22 7 33.65 14140596.40
28 8 31.24 16393455.20
34 10 29.88 18219463.60
40 11 28.33 19644159.60
46 11 25.05 20802497.60
52 13 26.92 22092370.00
58 13 23.29 22884881.20
64 14 23.12 23452248.80
70 15 22.40 23916468.00
76 16 22.06 24328737.20
82 17 20.97 24718693.20
88 16 18.57 25149404.40
90 16 18.31 25245565.60
Each read has to pause after the buffer in kernel space is populated while
those pages are added to the pagecache and copied into the user address
space. For this reason, more parallel streams are required to achieve peak
throughput. The copy operation consumes substantially more CPU than direct
IO as expected.
The next test measures throughput after kswapd starts running. This is the
same test only we wait for kswapd to wake up before we start collecting
metrics. The script actually keeps track of a few things that were not
mentioned earlier. It tracks direct reclaims and page scans by watching
the metrics in /proc/vmstat. CPU consumption for kswapd is tracked the
same way it is tracked for dd.
Since the test is 100% reads, you can assume that the page steal rate for
kswapd and direct reclaims is almost identical to the scan rate.
Test #3: 1 kswapd thread per node
dd sy dd_cpu kswapd0 kswapd1 throughput dr pgscan_kswapd pgscan_direct
10 4 26.07 28.56 27.03 7355924.40 0 459316976 0
16 7 34.94 69.33 69.66 10867895.20 0 872661643 0
22 10 36.03 93.99 99.33 13130613.60 489 1037654473 11268334
28 10 30.34 95.90 98.60 14601509.60 671 1182591373 15429142
34 14 34.77 97.50 99.23 16468012.00 10850 1069005644 249839515
40 17 36.32 91.49 97.11 17335987.60 18903 975417728 434467710
46 19 38.40 90.54 91.61 17705394.40 25369 855737040 582427973
52 22 40.88 83.97 83.70 17607680.40 31250 709532935 724282458
58 25 40.89 82.19 80.14 17976905.60 35060 657796473 804117540
64 28 41.77 73.49 75.20 18001910.00 39073 561813658 895289337
70 33 45.51 63.78 64.39 17061897.20 44523 379465571 1020726436
76 36 46.95 57.96 60.32 16964459.60 47717 291299464 1093172384
82 39 47.16 55.43 56.16 16949956.00 49479 247071062 1134163008
88 42 47.41 53.75 47.62 16930911.20 51521 195449924 1180442208
90 43 47.18 51.40 50.59 16864428.00 51618 190758156 1183203901
In the previous test where kswapd was not involved, the system-wide kernel
mode CPU consumption with 90 dd tasks was 16%. In this test CPU consumption
with 90 tasks is at 43%. With 52 cores, and two kswapd tasks (one per NUMA
node), kswapd can only be responsible for a little over 4% of the increase.
The rest is likely caused by 51,618 direct reclaims that scanned 1.2
billion pages over the five minute time period of the test.
Same test, more kswapd tasks:
Test #4: 4 kswapd threads per node
dd sy dd_cpu kswapd0 kswapd1 throughput dr pgscan_kswapd pgscan_direct
10 5 27.09 16.65 14.17 7842605.60 0 459105291 0
16 10 37.12 26.02 24.85 11352920.40 15 920527796 358515
22 11 36.94 37.13 35.82 13771869.60 0 1132169011 0
28 13 35.23 48.43 46.86 16089746.00 0 1312902070 0
34 15 33.37 53.02 55.69 18314856.40 0 1476169080 0
40 19 35.90 69.60 64.41 19836126.80 0 1629999149 0
46 22 36.82 88.55 57.20 20740216.40 0 1708478106 0
52 24 34.38 93.76 68.34 21758352.00 0 1794055559 0
58 24 30.51 79.20 82.33 22735594.00 0 1872794397 0
64 26 30.21 97.12 76.73 23302203.60 176 1916593721 4206821
70 33 32.92 92.91 92.87 23776588.00 3575 1817685086 85574159
76 37 31.62 91.20 89.83 24308196.80 4752 1812262569 113981763
82 29 25.53 93.23 92.33 24802791.20 306 2032093122 7350704
88 43 37.12 76.18 77.01 25145694.40 20310 1253204719 487048202
90 42 38.56 73.90 74.57 22516787.60 22774 1193637495 545463615
By increasing the number of kswapd threads, throughput increased by ~50%
while kernel mode CPU utilization decreased or stayed the same, likely due
to a decrease in the number of parallel tasks at any given time doing page
replacement.
Signed-off-by: Buddy Lumpkin <buddy.lumpkin@oracle.com>
Bug: 201263306
Link: https://lore.kernel.org/lkml/1522661062-39745-1-git-send-email-buddy.lumpkin@oracle.com
[charante@codeaurora.org]: Changes made to select number of kswapds through uapi
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
[quic_vjitta@quicinc.com]: Changes made to move multiple kswapd threads logic to vendor hooks
Signed-off-by: Vijayanand Jitta <quic_vjitta@quicinc.com>
(cherry picked from commit 0d61a651e4dd3c61d1658cc92e0b0450c8374738)
Change-Id: I8425cab7f40cbeaf65af0ea118c1a9ac7da0930e
[quic_vjitta@quicinc.com]: Resolved minor merge conflicts
Signed-off-by: Vijayanand Jitta <quic_vjitta@quicinc.com>
|
||
Vijayanand Jitta
|
d167f5b990 |
ANDROID: mm: Export kswapd function
To support multiple kswap threads vendor modules need access to kswapd function. So, export it. Bug: 201263306 Change-Id: I442612710835f39836a295e9d1936f86826ab960 Signed-off-by: Vijayanand Jitta <quic_vjitta@quicinc.com> (cherry picked from commit 12972dd7bfa306aa07c92966c4efe7b1c0c5e043) |
||
|
Suren Baghdasaryan
|
71c7092b68 |
ANDROID: Revert "mm: remove cleancache"
This reverts commit
|
||
|
Tetsuo Handa
|
b528537d13 |
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
commit 1007843a91909a4995ee78a538f62d8665705b66 upstream.
syzbot is reporting circular locking dependency which involves
zonelist_update_seq seqlock [1], for this lock is checked by memory
allocation requests which do not need to be retried.
One deadlock scenario is kmalloc(GFP_ATOMIC) from an interrupt handler.
CPU0
----
__build_all_zonelists() {
write_seqlock(&zonelist_update_seq); // makes zonelist_update_seq.seqcount odd
// e.g. timer interrupt handler runs at this moment
some_timer_func() {
kmalloc(GFP_ATOMIC) {
__alloc_pages_slowpath() {
read_seqbegin(&zonelist_update_seq) {
// spins forever because zonelist_update_seq.seqcount is odd
}
}
}
}
// e.g. timer interrupt handler finishes
write_sequnlock(&zonelist_update_seq); // makes zonelist_update_seq.seqcount even
}
This deadlock scenario can be easily eliminated by not calling
read_seqbegin(&zonelist_update_seq) from !__GFP_DIRECT_RECLAIM allocation
requests, for retry is applicable to only __GFP_DIRECT_RECLAIM allocation
requests. But Michal Hocko does not know whether we should go with this
approach.
Another deadlock scenario which syzbot is reporting is a race between
kmalloc(GFP_ATOMIC) from tty_insert_flip_string_and_push_buffer() with
port->lock held and printk() from __build_all_zonelists() with
zonelist_update_seq held.
CPU0 CPU1
---- ----
pty_write() {
tty_insert_flip_string_and_push_buffer() {
__build_all_zonelists() {
write_seqlock(&zonelist_update_seq);
build_zonelists() {
printk() {
vprintk() {
vprintk_default() {
vprintk_emit() {
console_unlock() {
console_flush_all() {
console_emit_next_record() {
con->write() = serial8250_console_write() {
spin_lock_irqsave(&port->lock, flags);
tty_insert_flip_string() {
tty_insert_flip_string_fixed_flag() {
__tty_buffer_request_room() {
tty_buffer_alloc() {
kmalloc(GFP_ATOMIC | __GFP_NOWARN) {
__alloc_pages_slowpath() {
zonelist_iter_begin() {
read_seqbegin(&zonelist_update_seq); // spins forever because zonelist_update_seq.seqcount is odd
spin_lock_irqsave(&port->lock, flags); // spins forever because port->lock is held
}
}
}
}
}
}
}
}
spin_unlock_irqrestore(&port->lock, flags);
// message is printed to console
spin_unlock_irqrestore(&port->lock, flags);
}
}
}
}
}
}
}
}
}
write_sequnlock(&zonelist_update_seq);
}
}
}
This deadlock scenario can be eliminated by
preventing interrupt context from calling kmalloc(GFP_ATOMIC)
and
preventing printk() from calling console_flush_all()
while zonelist_update_seq.seqcount is odd.
Since Petr Mladek thinks that __build_all_zonelists() can become a
candidate for deferring printk() [2], let's address this problem by
disabling local interrupts in order to avoid kmalloc(GFP_ATOMIC)
and
disabling synchronous printk() in order to avoid console_flush_all()
.
As a side effect of minimizing duration of zonelist_update_seq.seqcount
being odd by disabling synchronous printk(), latency at
read_seqbegin(&zonelist_update_seq) for both !__GFP_DIRECT_RECLAIM and
__GFP_DIRECT_RECLAIM allocation requests will be reduced. Although, from
lockdep perspective, not calling read_seqbegin(&zonelist_update_seq) (i.e.
do not record unnecessary locking dependency) from interrupt context is
still preferable, even if we don't allow calling kmalloc(GFP_ATOMIC)
inside
write_seqlock(&zonelist_update_seq)/write_sequnlock(&zonelist_update_seq)
section...
Link: https://lkml.kernel.org/r/8796b95c-3da3-5885-fddd-6ef55f30e4d3@I-love.SAKURA.ne.jp
Fixes:
|
||
|
Liam R. Howlett
|
7e6631f782 |
mm/mmap: regression fix for unmapped_area{_topdown}
commit 58c5d0d6d522112577c7eeb71d382ea642ed7be4 upstream.
The maple tree limits the gap returned to a window that specifically fits
what was asked. This may not be optimal in the case of switching search
directions or a gap that does not satisfy the requested space for other
reasons. Fix the search by retrying the operation and limiting the search
window in the rare occasion that a conflict occurs.
Link: https://lkml.kernel.org/r/20230414185919.4175572-1-Liam.Howlett@oracle.com
Fixes:
|
||
|
Mel Gorman
|
059f24aff6 |
mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages
commit 4d73ba5fa710fe7d432e0b271e6fecd252aef66e upstream. A bug was reported by Yuanxi Liu where allocating 1G pages at runtime is taking an excessive amount of time for large amounts of memory. Further testing allocating huge pages that the cost is linear i.e. if allocating 1G pages in batches of 10 then the time to allocate nr_hugepages from 10->20->30->etc increases linearly even though 10 pages are allocated at each step. Profiles indicated that much of the time is spent checking the validity within already existing huge pages and then attempting a migration that fails after isolating the range, draining pages and a whole lot of other useless work. Commit |
||
|
Alexander Potapenko
|
bd6f3421a5 |
mm: kmsan: handle alloc failures in kmsan_vmap_pages_range_noflush()
commit 47ebd0310e89c087f56e58c103c44b72a2f6b216 upstream.
As reported by Dipanjan Das, when KMSAN is used together with kernel fault
injection (or, generally, even without the latter), calls to kcalloc() or
__vmap_pages_range_noflush() may fail, leaving the metadata mappings for
the virtual mapping in an inconsistent state. When these metadata
mappings are accessed later, the kernel crashes.
To address the problem, we return a non-zero error code from
kmsan_vmap_pages_range_noflush() in the case of any allocation/mapping
failure inside it, and make vmap_pages_range_noflush() return an error if
KMSAN fails to allocate the metadata.
This patch also removes KMSAN_WARN_ON() from vmap_pages_range_noflush(),
as these allocation failures are not fatal anymore.
Link: https://lkml.kernel.org/r/20230413131223.4135168-1-glider@google.com
Fixes:
|
||
|
Alexander Potapenko
|
433a7ecaed |
mm: kmsan: handle alloc failures in kmsan_ioremap_page_range()
commit fdea03e12aa2a44a7bb34144208be97fc25dfd90 upstream.
Similarly to kmsan_vmap_pages_range_noflush(), kmsan_ioremap_page_range()
must also properly handle allocation/mapping failures. In the case of
such, it must clean up the already created metadata mappings and return an
error code, so that the error can be propagated to ioremap_page_range().
Without doing so, KMSAN may silently fail to bring the metadata for the
page range into a consistent state, which will result in user-visible
crashes when trying to access them.
Link: https://lkml.kernel.org/r/20230413131223.4135168-2-glider@google.com
Fixes:
|
||
|
Naoya Horiguchi
|
e8a7bdb6f7 |
mm/huge_memory.c: warn with pr_warn_ratelimited instead of VM_WARN_ON_ONCE_FOLIO
commit 4737edbbdd4958ae29ca6a310a6a2fa4e0684b01 upstream.
split_huge_page_to_list() WARNs when called for huge zero pages, which
sounds to me too harsh because it does not imply a kernel bug, but just
notifies the event to admins. On the other hand, this is considered as
critical by syzkaller and makes its testing less efficient, which seems to
me harmful.
So replace the VM_WARN_ON_ONCE_FOLIO with pr_warn_ratelimited.
Link: https://lkml.kernel.org/r/20230406082004.2185420-1-naoya.horiguchi@linux.dev
Fixes:
|
||
|
Peter Xu
|
519dbe737f |
mm/khugepaged: check again on anon uffd-wp during isolation
commit dd47ac428c3f5f3bcabe845f36be870fe6c20784 upstream. Khugepaged collapse an anonymous thp in two rounds of scans. The 2nd round done in __collapse_huge_page_isolate() after hpage_collapse_scan_pmd(), during which all the locks will be released temporarily. It means the pgtable can change during this phase before 2nd round starts. It's logically possible some ptes got wr-protected during this phase, and we can errornously collapse a thp without noticing some ptes are wr-protected by userfault. |
||
|
David Hildenbrand
|
cc647e05db |
mm/userfaultfd: fix uffd-wp handling for THP migration entries
commit 24bf08c4376be417f16ceb609188b16f461b0443 upstream.
Looks like what we fixed for hugetlb in commit 44f86392bdd1 ("mm/hugetlb:
fix uffd-wp handling for migration entries in
hugetlb_change_protection()") similarly applies to THP.
Setting/clearing uffd-wp on THP migration entries is not implemented
properly. Further, while removing migration PMDs considers the uffd-wp
bit, inserting migration PMDs does not consider the uffd-wp bit.
We have to set/clear independently of the migration entry type in
change_huge_pmd() and properly copy the uffd-wp bit in
set_pmd_migration_entry().
Verified using a simple reproducer that triggers migration of a THP, that
the set_pmd_migration_entry() no longer loses the uffd-wp bit.
Link: https://lkml.kernel.org/r/20230405160236.587705-2-david@redhat.com
Fixes:
|
||
Baokun Li
|
3e6bd2653f |
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
commit 1ba1199ec5747f475538c0d25a32804e5ba1dfde upstream. KASAN report null-ptr-deref: ================================================================== BUG: KASAN: null-ptr-deref in bdi_split_work_to_wbs+0x5c5/0x7b0 Write of size 8 at addr 0000000000000000 by task sync/943 CPU: 5 PID: 943 Comm: sync Tainted: 6.3.0-rc5-next-20230406-dirty #461 Call Trace: <TASK> dump_stack_lvl+0x7f/0xc0 print_report+0x2ba/0x340 kasan_report+0xc4/0x120 kasan_check_range+0x1b7/0x2e0 __kasan_check_write+0x24/0x40 bdi_split_work_to_wbs+0x5c5/0x7b0 sync_inodes_sb+0x195/0x630 sync_inodes_one_sb+0x3a/0x50 iterate_supers+0x106/0x1b0 ksys_sync+0x98/0x160 [...] ================================================================== The race that causes the above issue is as follows: cpu1 cpu2 -------------------------|------------------------- inode_switch_wbs INIT_WORK(&isw->work, inode_switch_wbs_work_fn) queue_rcu_work(isw_wq, &isw->work) // queue_work async inode_switch_wbs_work_fn wb_put_many(old_wb, nr_switched) percpu_ref_put_many ref->data->release(ref) cgwb_release queue_work(cgwb_release_wq, &wb->release_work) // queue_work async &wb->release_work cgwb_release_workfn ksys_sync iterate_supers sync_inodes_one_sb sync_inodes_sb bdi_split_work_to_wbs kmalloc(sizeof(*work), GFP_ATOMIC) // alloc memory failed percpu_ref_exit ref->data = NULL kfree(data) wb_get(wb) percpu_ref_get(&wb->refcnt) percpu_ref_get_many(ref, 1) atomic_long_add(nr, &ref->data->count) atomic64_add(i, v) // trigger null-ptr-deref bdi_split_work_to_wbs() traverses &bdi->wb_list to split work into all wbs. If the allocation of new work fails, the on-stack fallback will be used and the reference count of the current wb is increased afterwards. If cgroup writeback membership switches occur before getting the reference count and the current wb is released as old_wd, then calling wb_get() or wb_put() will trigger the null pointer dereference above. This issue was introduced in v4.3-rc7 (see fix tag1). Both sync_inodes_sb() and __writeback_inodes_sb_nr() calls to bdi_split_work_to_wbs() can trigger this issue. For scenarios called via sync_inodes_sb(), originally commit |
||
|
jianzhou
|
f7cee9f6c1 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.22 (cc425b8) into msm-pineapple
* refs/heads/tmp-cc425b8:
ANDROID: defconfig: Remove "-mainline" from LOCALVERSION for gki and consolidate
ANDROID: GKI: Update symbols to symbol list
ANDROID: KVM: arm64: Remove the non-consuming hyp trace interface
FROMLIST: ANDROID: GKI: psi: remove 500ms min window size limitation for triggers
Revert "ANDROID: cpufreq: Add a restricted vendor hook for freq transition"
Revert "ANDROID: kernel: Add restricted vendor hook in creds"
ANDROID: ABI: update symbol list for galaxy
Revert "net: mdio: fix owner field for mdio buses registered using device-tree"
ANDROID: update ABI for gunyah series
ANDROID: gunyah: Add protected VM firmware boot support
ANDROID: gunyah: vm_mgr: Add lent memory
ANDROID: abi_gki_aarch64_qcom: Add Gunyah symbols
ANDROID: gunyah: Enable gunyah configs
ANDROID: gunyah: Add support for Gunyah vendor modules
FROMLIST: MAINTAINERS: Add Gunyah hypervisor drivers section
FROMLIST: virt: gunyah: Add ioeventfd
FROMLIST: virt: gunyah: Add irqfd interface
FROMLIST: virt: gunyah: Add hypercalls for sending doorbell
FROMLIST: virt: gunyah: Add proxy-scheduled vCPUs
FROMLIST: virt: gunyah: Add IO handlers
BACKPORT: FROMLIST: virt: gunyah: Add resource tickets
BACKPORT: FROMLIST: gunyah: vm_mgr: Add framework to add VM Functions
FROMLIST: virt: gunyah: Translate gh_rm_hyp_resource into gunyah_resource
FROMLIST: docs: gunyah: Document Gunyah VM Manager
BACKPORT: FROMLIST: gunyah: rsc_mgr: Add platform ops on mem_lend/mem_reclaim
FROMLIST: samples: Add sample userspace Gunyah VM Manager
BACKPORT: FROMLIST: gunyah: vm_mgr: Add ioctls to support basic non-proxy VM boot
FROMLIST: gunyah: vm_mgr: Add/remove user memory regions
FROMLIST: gunyah: rsc_mgr: Add RPC for sharing memory
BACKPORT: FROMLIST: gunyah: vm_mgr: Introduce basic VM Manager
FROMLIST: gunyah: rsc_mgr: Add VM lifecycle RPC
FROMLIST: gunyah: rsc_mgr: Add resource manager RPC core
FROMLIST: mailbox: Add Gunyah message queue mailbox
FROMLIST: virt: gunyah: msgq: Add hypercalls to send and receive messages
FROMLIST: virt: gunyah: Identify hypervisor version
FROMLIST: virt: gunyah: Add hypercalls to identify Gunyah
FROMLIST: gunyah: Common types and error codes for Gunyah hypercalls
FROMLIST: dt-bindings: Add binding for gunyah hypervisor
FROMLIST: docs: gunyah: Introduce Gunyah Hypervisor
FROMLIST: mailbox: Allow direct registration to a channel
ANDROID: Fix the KMI
ANDROID: mm: shmem: whitelist the symbols in the shmem
ANDROID: mm/shmem: Add a trace hook to get the shmem folio
ANDROID: mm: shmem: add vendor data in 'shmem_inode_info'
ANDROID: 3/29/2023 KMI update
ANDROID: ufs: core: move Android quirks into separate field
ANDROID: KVM: arm64: Save and restore host sve state in pKVM
ANDROID: KVM: arm64: Specialize deactivate fpsimd traps on guest fpsimd trap
ANDROID: KVM: arm64: Specialize handling of host fpsimd state on EL2 trap n/vhe
ANDROID: KVM: arm64: Allocate memory at hyp for host sve state
ANDROID: KVM: arm64: Store the maximum sve vector length at hyp
ANDROID: KVM: arm64: Allocate host fp state at pkvm init rather than per cpu
ANDROID: KVM: arm64: Move loaded host fp state to pkvm
ANDROID: KVM: arm64: Use helper to get the host fpsimd state in pKVM
ANDROID: KVM: arm64: Use enum instead of helper for fp state
ANDROID: KVM: arm64: Do not map the host fpsimd state to hyp in pKVM
ANDROID: KVM: arm64: Clarify rationale for ZCR_EL1 value restored on guest exit
Revert "Revert "scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD""
Revert "Revert "drm/msm/gem: Prevent blocking within shrinker loop""
Revert "Revert "PCI: loongson: Add more devices that need MRRS quirk""
Revert "Revert "PCI: loongson: Prevent LS7A MRRS increases""
Revert "Revert "netfilter: ctnetlink: make event listener tracking global""
Revert "Revert "HID: retain initial quirks set up when creating HID devices""
Revert "Revert "sbitmap: Try each queue to wake up at least one waiter""
Revert "Revert "sbitmap: Advance the queue index before waking up a queue""
Revert "Revert "sbitmap: correct wake_batch recalculation to avoid potential IO hung""
Revert "Revert "sbitmap: Use single per-bitmap counting to wake up queued tags""
Linux 6.1.22
drm/amdkfd: Fix the memory overrun
drm/amdkfd: add GC 11.0.4 KFD support
drm/amdkfd: Fix the warning of array-index-out-of-bounds
drm/amdkfd: introduce dummy cache info for property asic
sched/fair: Sanitize vruntime of entity being migrated
sched/fair: sanitize vruntime of entity being placed
dm crypt: avoid accessing uninitialized tasklet
dm crypt: add cond_resched() to dmcrypt_write()
dm stats: check for and propagate alloc_percpu failure
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
bus: imx-weim: fix branch condition evaluates to a garbage value
mm/ksm: fix race with VMA iteration and mm_struct teardown
soc: qcom: llcc: Fix slice configuration values for SC8280XP
arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers
arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent
firmware: arm_scmi: Fix device node validation for mailbox transport
tee: amdtee: fix race condition in amdtee_open_session
riscv: Handle zicsr/zifencei issues between clang and binutils
riscv: mm: Fix incorrect ASID argument when flushing TLB
drm/amdgpu: reposition the gpu reset checking for reuse
drm/amdgpu: skip ASIC reset for APUs when go to S4
drm/i915: Preserve crtc_state->inherited during state clearing
drm/i915/active: Fix missing debug object activation
drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi
drm/meson: fix missing component unbind on bind errors
drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk
drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
wifi: mac80211: fix qos on mesh interfaces
ksmbd: return unsupported error on smb1 mount
ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect
ksmbd: don't terminate inactive sessions after a few seconds
ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION
ksmbd: fix wrong signingkey creation when encryption is AES256
maple_tree: fix mas_skip_node() end slot detection
test_maple_tree: add more testing for mas_empty_area()
Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare"
io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()
io_uring/net: avoid sending -ECONNABORTED on repeated connection requests
kfence: avoid passing -g for test
mm: kfence: fix using kfence_metadata without initialization in show_object()
usb: ucsi_acpi: Increase the command completion timeout
usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
usb: chipidea: core: fix possible concurrent when switch role
usb: chipdea: core: fix return -EINVAL if request role is the same with current role
usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver
usb: cdnsp: Fixes issue with redundant Status Stage
usb: cdns3: Fix issue with using incorrect PCI device function
usb: typec: tcpm: fix warning when handle discover_identity message
usb: typec: tcpm: fix create duplicate source-capabilities file
dm thin: fix deadlock when swapping to thin device
igb: revert rtnl_lock() that causes deadlock
arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
lockd: set file_lock start and end when decoding nlm4 testargs
fsverity: Remove WQ_UNBOUND from fsverity read workqueue
fscrypt: destroy keyring after security_sb_delete()
mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP
efi: sysfb_efi: Fix DMI quirks not working for simpledrm
Bluetooth: Fix race condition in hci_cmd_sync_clear
btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile
usb: gadget: u_audio: don't let userspace block driver unbind
usb: dwc2: fix a devres leak in hw_enable upon suspend resume
usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host"
usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
selftests/x86/amx: Add a ptrace test
x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf()
cifs: fix dentry lookups in directory handle cache
cifs: print session id while listing open files
cifs: dump pending mids for all channels in DebugData
cifs: empty interface list when server doesn't support query interfaces
cifs: do not poll server interfaces too regularly
cifs: append path to open_enter trace event
cifs: lock chan_lock outside match_session
act_mirred: use the backlog for nested calls to mirred ingress
net/sched: act_mirred: better wording on protection against excessive stack growth
drm/amd: Fix initialization mistake for NBIO 7.3.0
drm/amdgpu: Fix call trace warning and hang when removing amdgpu device
sh: sanitize the flags on sigreturn
drm/amd/display: Update clock table to include highest clock setting
net: usb: qmi_wwan: add Telit 0x1080 composition
net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
platform/x86: int3472: Add GPIOs to Surface Go 3 Board data
scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
scsi: mpi3mr: Bad drive in topology results kernel crash
scsi: mpi3mr: NVMe command size greater than 8K fails
scsi: mpi3mr: Wait for diagnostic save during controller init
scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled
scsi: lpfc: Avoid usage of list iterator variable after loop
scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
scsi: ufs: core: Add soft dependency on governor_simpleondemand
scsi: hisi_sas: Check devm_add_action() return value
scsi: qla2xxx: Add option to disable FC2 Target support
scsi: target: iscsi: Fix an error message in iscsi_check_key()
selftests/bpf: check that modifier resolves after pointer
m68k: Only force 030 bus error if PC not in exception table
m68k: mm: Fix systems with memory at end of 32-bit address space
HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse
ca8210: fix mac_len negative array access
HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update()
riscv: Bump COMMAND_LINE_SIZE value to 1024
ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable
ACPI: x86: Drop quirk for HP Elitebook
ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43)
ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit
thunderbolt: Use const qualifier for `ring_interrupt_index`
thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
thunderbolt: Disable interrupt auto clear for rings
thunderbolt: Fix memory leak in margining
thunderbolt: Add quirk to disable CLx
thunderbolt: Call tb_check_quirks() after initializing adapters
thunderbolt: Use scale field when allocating USB3 bandwidth
uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
smb3: fix unusable share after force unmount failure
smb3: lower default deferred close timeout to address perf regression
scsi: qla2xxx: Perform lockless command completion in abort path
scsi: qla2xxx: Synchronize the IOCB count to be in order
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
hwmon: fix potential sensor registration fail if of_node is missing
entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up
perf/x86/amd/core: Always clear status for idx
entry: Fix noinstr warning in __enter_from_user_mode()
platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
Bluetooth: HCI: Fix global-out-of-bounds
Bluetooth: mgmt: Fix MGMT add advmon with RSSI command
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
Bluetooth: L2CAP: Fix responding with wrong PDU type
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
drm/amd/display: Set dcn32 caps.seamless_odm
net: mdio: thunder: Add missing fwnode_handle_put()
net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case
net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup()
net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup()
net: asix: fix modprobe "sysfs: cannot create duplicate filename"
gve: Cache link_speed value from device
Bluetooth: Remove "Power-on" check from Mesh feature
Bluetooth: ISO: fix timestamped HCI ISO data packet parsing
Bluetooth: btusb: Remove detection of ISO packets over bulk
Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet
Bluetooth: hci_sync: Resume adv with no RPA when active scan
ksmbd: fix possible refcount leak in smb2_open()
ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES
ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA
hvc/xen: prevent concurrent accesses to the shared ring
mlxsw: spectrum_fid: Fix incorrect local port type
nvme-tcp: fix nvme_tcp_term_pdu to match spec
net/sonic: use dma_mapping_error() for error check
erspan: do not use skb_mac_header() in ndo_start_xmit()
atm: idt77252: fix kmemleak when rmmod idt77252
net: dsa: tag_brcm: legacy: fix daisy-chained switches
net/mlx5: E-Switch, Fix an Oops in error handling code
net/mlx5: Read the TC mapping of all priorities on ETS query
net/mlx5e: Overcome slow response for first macsec ASO WQE
net/mlx5: Fix steering rules cleanup
net/mlx5e: Block entering switchdev mode with ns inconsistency
net/mlx5e: Set uplink rep as NETNS_LOCAL
bpf: Adjust insufficient default bpf_jit_limit
i40e: fix flow director packet filter programming
iavf: fix hang on reboot with ice
ice: check if VF exists before mode check
keys: Do not cache key in task struct if key is requested from kernel thread
bootconfig: Fix testcase to increase max node
octeontx2-vf: Add missing free for alloc_percpu
net/ps3_gelic_net: Use dma_mapping_error
net/ps3_gelic_net: Fix RX sk_buff length
net: usb: lan78xx: Limit packet length to skb->len
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
drm/i915/gt: perform uc late init after probe error injection
drm/i915/guc: Fix missing ecodes
drm/i915/guc: Rename GuC register state capture node to be more obvious
drm/i915/fbdev: lock the fbdev obj before vma pin
drm/i915: Print return value on error
mlxsw: core_thermal: Fix fan speed in maximum cooling state
thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function
net: stmmac: Fix for mismatched host/device DMA address width
net: mdio: fix owner field for mdio buses registered using ACPI
net: mdio: fix owner field for mdio buses registered using device-tree
net: phy: Ensure state transitions are processed from phy_stop()
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
efi/libstub: smbios: Use length member instead of record struct size
net: usb: smsc95xx: Limit packet length to skb->len
net: dsa: b53: mmap: fix device tree support
nfsd: don't replace page in rq_pages if it's a continuation of last page
scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
i2c: hisi: Only use the completion interrupt to finish the transfer
i2c: mxs: ensure that DMA buffers are safe for DMA
i2c: imx-lpi2c: check only for enabled interrupt flags
igc: fix the validation logic for taprio's gate list
igbvf: Regard vf reset nack as success
intel/igbvf: free irq on the error path in igbvf_request_msix()
iavf: do not track VLAN 0 filters
iavf: fix non-tunneled IPv6 UDP packet type and hashing
iavf: fix inverted Rx hash condition leading to disabled hash
xsk: Add missing overflow check in xdp_umem_reg
NFS: Fix /proc/PID/io read_bytes for buffered reads
arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes
arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl
arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio
arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS
power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent
drm/amd/display: Fix DP MST sinks removal issue
mptcp: fix UaF in listener shutdown
mptcp: use the workqueue to destroy unaccepted sockets
mptcp: refactor passive socket initialization
drm/amd/display: Remove OTG DIV register write for Virtual signals.
drm/amd/display: fix k1 k2 divider programming for phantom streams
drm/amd/display: Include virtual signal to set k1 and k2 values
tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
perf: fix perf_event_context->time
perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output
interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT
interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function
interconnect: qcom: osm-l3: fix icc_onecell_data allocation
Revert "Revert "wait: Return number of exclusive waiters awaken""
Revert "Revert "kobject: modify kobject_get_path() to take a const *""
UPSTREAM: mm: multi-gen LRU: avoid futile retries
UPSTREAM: mm: multi-gen LRU: simplify arch_has_hw_pte_young() check
BACKPORT: mm: multi-gen LRU: clarify scan_control flags
BACKPORT: mm: multi-gen LRU: per-node lru_gen_folio lists
UPSTREAM: mm: multi-gen LRU: shuffle should_run_aging()
BACKPORT: mm: multi-gen LRU: remove aging fairness safeguard
UPSTREAM: mm: multi-gen LRU: remove eviction fairness safeguard
UPSTREAM: mm: multi-gen LRU: rename lrugen->lists[] to lrugen->folios[]
UPSTREAM: mm: multi-gen LRU: rename lru_gen_struct to lru_gen_folio
ANDROID: Update symbol lists for dmabuf_page_pool
ANDROID: dma-buf: heaps: Move dmabuf_page_pool struct out of the KMI
ANDROID: dma-buf: system_heap: kmap_local_page instead of kmap_atomic
ANDROID: dma-buf: system_heap: Add pagepool support to system heap
ANDROID: dma-buf: heaps: Minor cleanup of dmabuf_page_pool includes
ANDROID: dma-buf: heaps: replace mutex lock with spinlock
ANDROID: dma-buf: heaps: fix a warning in dmabuf page pools
ANDROID: dma-heap: Make the page-pool library built-in
ANDROID: dma-buf: heaps: Add a shrinker controlled page pool
UPSTREAM: usb: typec: tcpci: Add callback for evaluating contaminant presence
UPSTREAM: usb: typec: tcpm: Add callbacks to mitigate wakeups due to contaminant
ANDROID: GKI: defconfig: Enable DMA-BUF sysfs stats
UPSTREAM: wifi: nl80211: Allow authentication frames and set keys on NAN interface
UPSTREAM: wifi: cfg80211: Allow action frames to be transmitted with link BSS in MLD
UPSTREAM: wifi: cfg80211: include puncturing bitmap in channel switch events
UPSTREAM: wifi: nl80211: validate and configure puncturing bitmap
BACKPORT: wifi: cfg80211: move puncturing bitmap validation from mac80211
UPSTREAM: wifi: nl80211: add MLO_LINK_ID to CMD_STOP_AP event
UPSTREAM: wifi: cfg80211: Extend cfg80211_update_owe_info_event() for MLD AP
UPSTREAM: wifi: cfg80211: Extend cfg80211_new_sta() for MLD AP
UPSTREAM: wifi: cfg80211: Authentication offload to user space for MLO connection in STA mode
UPSTREAM: wifi: cfg80211: trace: remove MAC_PR_{FMT,ARG}
UPSTREAM: cfg80211: Update Transition Disable policy during port authorization
UPSTREAM: wifi: cfg80211: Support 32 bytes KCK key in GTK rekey offload
UPSTREAM: wifi: nl80211: use link ID in NL80211_CMD_SET_BSS
UPSTREAM: wifi: cfg80211: support reporting failed links
ANDROID: KVM: arm64: Allow post-freeze backports to pKVM
ANDROID: KVM: arm64: Expose host_{un}share_hyp() to modules
ANDROID: gki_config: use DWARFv5 rather than DWARFv4
FROMGIT: pstore: Revert pmsg_lock back to a normal mutex
ANDROID: GKI: Multi arch exports protection support
ANDROID: ABI: update symbol list for galaxy
FROMGIT: f2fs: fix scheduling while atomic in decompression path
ANDROID: dm-default-key: update for blk_crypto_evict_key() returning void
FROMGIT: blk-crypto: make blk_crypto_evict_key() more robust
FROMGIT: blk-crypto: make blk_crypto_evict_key() return void
FROMGIT: blk-mq: release crypto keyslot before reporting I/O complete
ANDROID: gki_defconfig: enable CONFIG_CRYPTO_GHASH_ARM64_CE
Revert "ANDROID: module: Add vendor hooks"
Revert "ANDROID: GKI: Export clocksource_mmio_init"
ANDROID: clang: update to 17.0.0
FROMGIT: f2fs v2: factor out discard_cmd usage from general rb_tree use
ANDROID: ABI: Update QCOM symbol list
ANDROID: ABI: update symbol list for galaxy
ANDROID: update db845c symbol list.
Revert "drm/msm/gem: Prevent blocking within shrinker loop"
Revert "scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD"
ANDROID: ABI: Update QCOM symbol list for minidump
ANDROID: ABI: Update QCOM symbol list
ANDROID: ABI: Update QCOM symbol list
Linux 6.1.21
powerpc/64: Replace -mcpu=e500mc64 by -mcpu=e5500
powerpc: Disable CPU unknown by CLANG when CC_IS_CLANG
perf: Fix check before add_event_to_groups() in perf_group_detach()
io_uring/msg_ring: let target know allocated index
virt/coco/sev-guest: Add throttling awareness
virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
virt/coco/sev-guest: Do some code style cleanups
virt/coco/sev-guest: Carve out the request issuing logic into a helper
virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request()
virt/coco/sev-guest: Simplify extended guest request handling
virt/coco/sev-guest: Check SEV_SNP attribute at probe time
powerpc: Pass correct CPU reference to assembler
x86/resctrl: Clear staged_config[] before and after it is used
x86/mm: Fix use of uninitialized buffer in sme_enable()
x86/mce: Make sure logged MCEs are processed after sysfs update
ASoC: qcom: q6prm: fix incorrect clk_root passed to ADSP
ASoC: Intel: soc-acpi: fix copy-paste issue in topology names
cpuidle: psci: Iterate backwards over list in psci_pd_remove()
fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent
trace/hwlat: Do not start per-cpu thread if it is already running
trace/hwlat: Do not wipe the contents of per-cpu thread data
fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
mmc: sdhci_am654: lower power-on failed message severity
powerpc/boot: Don't always pass -mcpu=powerpc when building 32-bit uImage
powerpc/64: Set default CPU in Kconfig
mm: teach mincore_hugetlb about pte markers
mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
vp_vdpa: fix the crash in hot unplug with vp_vdpa
ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
ocfs2: fix data corruption after failed write
ftrace: Fix invalid address access in lookup_rec() when index is 0
mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
mptcp: avoid setting TCP_CLOSE state twice
mptcp: add ro_after_init for tcp{,v6}_prot_override
mptcp: fix possible deadlock in subflow_error_report
drm/amd/display: disconnect MPCC only on OTG change
drm/amd/display: Do not set DRR on pipe Commit
drm/amd/pm: bump SMU 13.0.4 driver_if header version
drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
drm/amdgpu: Don't resume IOMMU after incomplete init
drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
drm/i915/active: Fix misuse of non-idle barriers as fence trackers
drm/sun4i: fix missing component unbind on bind errors
drm/shmem-helper: Remove another errant put in error path
riscv: asid: Fixup stale TLB entry cause application crash
Revert "riscv: mm: notify remote harts about mmu cache updates"
ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
ALSA: hda: intel-dsp-config: add MTL PCI id
KVM: nVMX: add missing consistency checks for CR0 and CR4
KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
cifs: Fix smb2_set_path_size()
tracing: Make tracepoint lockdep check actually test something
tracing: Check field value in hist_field_name()
tracing: Make splice_read available again
cifs: generate signkey for the channel that's reconnecting
md: select BLOCK_LEGACY_AUTOLOAD
interconnect: exynos: fix registration race
interconnect: exynos: fix node leak in probe PM QoS error path
interconnect: qcom: msm8974: fix registration race
interconnect: qcom: rpmh: fix registration race
interconnect: qcom: rpmh: fix probe child-node error handling
interconnect: qcom: rpm: fix registration race
interconnect: qcom: rpm: fix probe child-node error handling
interconnect: qcom: osm-l3: fix registration race
interconnect: fix mem leak when freeing nodes
interconnect: imx: fix registration race
interconnect: fix provider registration API
interconnect: fix icc_provider_del() error handling
s390/ipl: add missing intersection check to ipl_report handling
drm/ttm: Fix a NULL pointer dereference
memory: tegra30-emc: fix interconnect registration race
memory: tegra124-emc: fix interconnect registration race
memory: tegra20-emc: fix interconnect registration race
memory: tegra: fix interconnect registration race
firmware: xilinx: don't make a sleepable memory allocation from an atomic context
serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
serial: 8250_fsl: fix handle_irq locking
serial: 8250_em: Fix UART port type
tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
Revert "tty: serial: fsl_lpuart: adjust SERIAL_FSL_LPUART_CONSOLE config dependency"
ext4: fix possible double unlock when moving a directory
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
sh: intc: Avoid spurious sizeof-pointer-div warning
LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
net/9p: fix bug in client create for .L
drm/amdkfd: Fix an illegal memory access
ext4: fix task hung in ext4_xattr_delete_inode
ext4: update s_journal_inum if it changes after journal replay
ext4: fail ext4_iget if special inode unallocated
rust: arch/um: Disable FP/SIMD instruction to match x86
jffs2: correct logic when creating a hole in jffs2_write_begin
soc: mediatek: mtk-svs: keep svs alive if CONFIG_DEBUG_FS not supported
mmc: atmel-mci: fix race between stop command and start of next command
media: m5mols: fix off-by-one loop termination error
hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
kconfig: Update config changed flag before calling callback
hwmon: tmp512: drop of_match_ptr for ID table
hwmon: (ucd90320) Add minimum delay between bus accesses
hwmon: (ina3221) return prober error code
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (adt7475) Display smoothing attributes in correct order
bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
ethernet: sun: add check for the mdesc_grab()
net: dsa: microchip: fix RGMII delay configuration on KSZ8765/KSZ8794/KSZ8795
qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
selftests: net: devlink_port_split.py: skip test if no suitable device available
i825xx: sni_82596: use eth_hw_addr_set()
net/iucv: Fix size of interrupt data
net: atlantic: Fix crash when XDP is enabled but no program is loaded
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
ipv4: Fix incorrect table ID in IOCTL path
sh_eth: avoid PHY being resumed when interface is not up
ravb: avoid PHY being resumed when interface is not up
net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
net: dsa: don't error out when drivers return ETH_DATA_LEN in .port_max_mtu()
ice: xsk: disable txq irq before flushing hw
veth: Fix use after free in XDP_REDIRECT
net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
net/mlx5e: Fix cleanup null-ptr deref on encap lock
net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port
net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
net/mlx5e: Support Geneve and GRE with VF tunnel offload
net/mlx5: Disable eswitch before waiting for VF pages
net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
net/mlx5e: Don't cache tunnel offloads capability
net/mlx5e: Fix macsec ASO context alignment
block: sunvdc: add check for mdesc_grab() returning NULL
nvmet: avoid potential UAF in nvmet_req_complete()
nvme: fix handling single range discard request
block: null_blk: Fix handling of fake timeout request
powerpc/mm: Fix false detection of read faults
drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
net: usb: smsc75xx: Limit packet length to skb->len
net/smc: fix deadlock triggered by cancel_delayed_work_syn()
mlxsw: spectrum: Fix incorrect parsing depth after reload
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
tcp: Fix bind() conflict check for dual-stack wildcard address.
net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
net: tunnels: annotate lockless accesses to dev->needed_headroom
loop: Fix use-after-free issues
block: do not reverse request order when flushing plug list
net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
net: dsa: mt7530: remove now incorrect comment regarding port 5
qed/qed_dev: guard against a possible division by zero
net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
drm/i915/psr: Use calculated io and fast wake lines
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
vdpa_sim: not reset state in vdpasim_queue_ready
vhost-vdpa: free iommu domain after last use during cleanup
i40e: Fix kernel crash during reboot when adapter is in recovery mode
ipvlan: Make skb->skb_iif track skb->dev for l3s mode
nfc: pn533: initialize struct pn533_out_arg properly
selftests: fix LLVM build for i386 and x86_64
wifi: cfg80211: fix MLO connection ownership
wifi: nl80211: fix NULL-ptr deref in offchan check
vdpa/mlx5: should not activate virtq object when suspended
tcp: tcp_make_synack() can be called from process context
ftrace,kcfi: Define ftrace_stub_graph conditionally
scsi: core: Fix a procfs host directory removal regression
scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
netfilter: nft_redir: correct value of inet type `.maxattrs`
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_nat: correct length for loading protocol registers
ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt
scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
scsi: mpi3mr: Return proper values for failures in firmware init path
scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
scsi: mpi3mr: Fix config page DMA memory leak
scsi: mpi3mr: Fix throttle_groups memory leak
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
ASoC: SOF: ipc4-topology: set dmic dai index from copier
ASOC: SOF: Intel: pci-tgl: Fix device description
ASoC: SOF: Intel: SKL: Fix device description
ASoC: SOF: Intel: HDA: Fix device description
ASoC: SOF: Intel: MTL: Fix the device description
clk: HI655X: select REGMAP instead of depending on it
drm/meson: fix 1px pink line on GXM when scaling video overlay
cifs: Move the in_send statistic to __smb_send_rqst()
fbdev: chipsfb: Fix error codes in chipsfb_pci_init()
drm/panfrost: Don't sync rpm suspension after mmu flushing
drm/msm/gem: Prevent blocking within shrinker loop
drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
xfrm: Allow transport-mode states with AF_UNSPEC selector
Conflicts:
Documentation/devicetree/bindings
arch/arm64/gunyah/Makefile
drivers/interconnect/qcom/icc-rpmh.c
drivers/soc/qcom/llcc-qcom.c
drivers/virt/Kconfig
drivers/virt/gunyah/Kconfig
drivers/virt/gunyah/Makefile
Change-Id: Iff2b0ada13463b9bd0093924a8baa22d0bf46888
Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@9894404 UKQ2.230406.001
Signed-off-by: jianzhou <quic_jianzhou@quicinc.com>
|
||
|
Greg Kroah-Hartman
|
0fff48d6fe |
Merge 6.1.24 into android14-6.1
Changes in 6.1.24
dm cache: Add some documentation to dm-cache-background-tracker.h
dm integrity: Remove bi_sector that's only used by commented debug code
dm: change "unsigned" to "unsigned int"
dm: fix improper splitting for abnormal bios
KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode
KVM: arm64: PMU: Distinguish between 64bit counter and 64bit overflow
KVM: arm64: PMU: Sanitise PMCR_EL0.LP on first vcpu run
KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
Drivers: vmbus: Check for channel allocation before looking up relids
ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
pwm: Make .get_state() callback return an error code
pwm: hibvt: Explicitly set .polarity in .get_state()
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: iqs620a: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
pwm: meson: Explicitly set .polarity in .get_state()
ASoC: codecs: lpass: fix the order or clks turn off during suspend
KVM: s390: pv: fix external interruption loop not always detected
wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
net: phylink: add phylink_expects_phy() method
net: stmmac: check if MAC needs to attach to a PHY
net: stmmac: remove redundant fixup to support fixed-link mode
l2tp: generate correct module alias strings
wifi: brcmfmac: Fix SDIO suspend/resume regression
NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
nfsd: call op_release, even when op_func returns an error
icmp: guard against too small mtu
ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
net: don't let netpoll invoke NAPI if in xmit context
net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
sctp: check send stream number after wait_for_sndbuf
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
platform/x86: think-lmi: Fix memory leak when showing current settings
platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings
platform/x86: think-lmi: Clean up display of current_value on Thinkstation
gpio: davinci: Do not clear the bank intr enable bit in save_context
gpio: davinci: Add irq chip flag to skip set wake
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
net: stmmac: fix up RX flow hash indirection table when setting channels
sunrpc: only free unix grouplist after RCU settles
NFSD: callback request does not use correct credential for AUTH_SYS
ice: fix wrong fallback logic for FDIR
ice: Reset FDIR counter in FDIR init stage
raw: use net_hash_mix() in hash function
raw: Fix NULL deref in raw_get_next().
ping: Fix potentail NULL deref for /proc/net/icmp.
ethtool: reset #lanes when lanes is omitted
netlink: annotate lockless accesses to nlk->max_recvmsg_len
gve: Secure enough bytes in the first TX desc for all TCP pkts
arm64: compat: Work around uninitialized variable warning
net: stmmac: check fwnode for phy device before scanning for phy
cxl/pci: Fix CDAT retrieval on big endian
cxl/pci: Handle truncated CDAT header
cxl/pci: Handle truncated CDAT entries
cxl/pci: Handle excessive CDAT length
PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
usb: xhci: tegra: fix sleep in atomic call
xhci: Free the command allocated for setting LPM if we return early
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
usb: cdnsp: Fixes error: uninitialized symbol 'len'
usb: dwc3: pci: add support for the Intel Meteor Lake-S
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
drivers: iio: adc: ltc2497: fix LSB shift
iio: adis16480: select CONFIG_CRC32
iio: adc: qcom-spmi-adc5: Fix the channel name
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: buffer: correctly return bytes written in output buffers
iio: buffer: make sure O_NONBLOCK is respected
iio: light: cm32181: Unregister second I2C client if present
tty: serial: sh-sci: Fix transmit end interrupt handler
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
serial: 8250: Prevent starting up DMA Rx on THRI interrupt
ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
ALSA: hda/realtek: Add quirk for Clevo X370SNW
ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
x86/acpi/boot: Correct acpi_is_processor_usable() check
x86/ACPI/boot: Use FADT version to check support for online capable
KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
mm: kfence: fix PG_slab and memcg_data clearing
mm: kfence: fix handling discontiguous page
coresight: etm4x: Do not access TRCIDR1 for identification
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
counter: 104-quad-8: Fix Synapse action reported for Index signals
blk-mq: directly poll requests
iio: adc: ad7791: fix IRQ flags
io_uring: fix return value when removing provided buffers
io_uring: fix memory leak when removing provided buffers
scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
nvme: fix discard support without oncs
cifs: sanitize paths in cifs_update_super_prepath.
block: ublk: make sure that block size is set correctly
block: don't set GD_NEED_PART_SCAN if scan partition failed
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
fs: drop peer group ids under namespace lock
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
can: isotp: fix race between isotp_sendsmg() and isotp_release()
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos
ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
ACPI: video: Make acpi_backlight=video work independent from GPU driver
ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
net: stmmac: Add queue reset into stmmac_xdp_open() function
tracing/synthetic: Fix races on freeing last_cmd
tracing/timerlat: Notify new max thread latency
tracing/osnoise: Fix notify new tracing_max_latency
tracing: Free error logs of tracing instances
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
tracing/synthetic: Make lastcmd_mutex static
zsmalloc: document freeable stats
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
wifi: mt76: ignore key disable commands
ublk: read any SQE values upfront
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
drm/nouveau/disp: Support more modes by checking with lower bpc
drm/i915: Fix context runtime accounting
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
mm/hugetlb: fix uffd wr-protection for CoW optimization path
maple_tree: fix get wrong data_end in mtree_lookup_walk()
maple_tree: fix a potential concurrency bug in RCU mode
blk-throttle: Fix that bps of child could exceed bps limited in parent
drm/amd/display: Clear MST topology if it fails to resume
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
drm/i915/dp_mst: Fix payload removal during output disabling
drm/bridge: lt9611: Fix PLL being unable to lock
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
mm: take a page reference when removing device exclusive entries
maple_tree: remove GFP_ZERO from kmem_cache_alloc() and kmem_cache_alloc_bulk()
maple_tree: fix potential rcu issue
maple_tree: reduce user error potential
maple_tree: fix handle of invalidated state in mas_wr_store_setup()
maple_tree: fix mas_prev() and mas_find() state handling
maple_tree: be more cautious about dead nodes
maple_tree: refine ma_state init from mas_start()
maple_tree: detect dead nodes in mas_start()
maple_tree: fix freeing of nodes in rcu mode
maple_tree: remove extra smp_wmb() from mas_dead_leaves()
maple_tree: add smp_rmb() to dead node detection
maple_tree: add RCU lock checking to rcu callback functions
mm: enable maple tree RCU mode by default.
bpftool: Print newline before '}' for struct with padding only fields
Linux 6.1.24
Change-Id: I475408e1166927565c7788e7095bdf2cb236c4b2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Liam R. Howlett
|
1c87a6f82a |
mm: enable maple tree RCU mode by default.
commit 3dd4432549415f3c65dd52d5c687629efbf4ece1 upstream.
Use the maple tree in RCU mode for VMA tracking.
The maple tree tracks the stack and is able to update the pivot
(lower/upper boundary) in-place to allow the page fault handler to write
to the tree while holding just the mmap read lock. This is safe as the
writes to the stack have a guard VMA which ensures there will always be
a NULL in the direction of the growth and thus will only update a pivot.
It is possible, but not recommended, to have VMAs that grow up/down
without guard VMAs. syzbot has constructed a testcase which sets up a
VMA to grow and consume the empty space. Overwriting the entire NULL
entry causes the tree to be altered in a way that is not safe for
concurrent readers; the readers may see a node being rewritten or one
that does not match the maple state they are using.
Enabling RCU mode allows the concurrent readers to see a stable node and
will return the expected result.
Link: https://lkml.kernel.org/r/20230227173632.3292573-9-surenb@google.com
Cc: stable@vger.kernel.org
Fixes:
|
||
Alistair Popple
|
0b73b8ac30 |
mm: take a page reference when removing device exclusive entries
commit 7c7b962938ddda6a9cd095de557ee5250706ea88 upstream.
Device exclusive page table entries are used to prevent CPU access to a
page whilst it is being accessed from a device. Typically this is used to
implement atomic operations when the underlying bus does not support
atomic access. When a CPU thread encounters a device exclusive entry it
locks the page and restores the original entry after calling mmu notifiers
to signal drivers that exclusive access is no longer available.
The device exclusive entry holds a reference to the page making it safe to
access the struct page whilst the entry is present. However the fault
handling code does not hold the PTL when taking the page lock. This means
if there are multiple threads faulting concurrently on the device
exclusive entry one will remove the entry whilst others will wait on the
page lock without holding a reference.
This can lead to threads locking or waiting on a folio with a zero
refcount. Whilst mmap_lock prevents the pages getting freed via munmap()
they may still be freed by a migration. This leads to warnings such as
PAGE_FLAGS_CHECK_AT_FREE due to the page being locked when the refcount
drops to zero.
Fix this by trying to take a reference on the folio before locking it.
The code already checks the PTE under the PTL and aborts if the entry is
no longer there. It is also possible the folio has been unmapped, freed
and re-allocated allowing a reference to be taken on an unrelated folio.
This case is also detected by the PTE check and the folio is unlocked
without further changes.
Link: https://lkml.kernel.org/r/20230330012519.804116-1-apopple@nvidia.com
Fixes:
|
||
|
Peter Xu
|
f042ee354c |
mm/hugetlb: fix uffd wr-protection for CoW optimization path
commit 60d5b473d61be61ac315e544fcd6a8234a79500e upstream.
This patch fixes an issue that a hugetlb uffd-wr-protected mapping can be
writable even with uffd-wp bit set. It only happens with hugetlb private
mappings, when someone firstly wr-protects a missing pte (which will
install a pte marker), then a write to the same page without any prior
access to the page.
Userfaultfd-wp trap for hugetlb was implemented in hugetlb_fault() before
reaching hugetlb_wp() to avoid taking more locks that userfault won't
need. However there's one CoW optimization path that can trigger
hugetlb_wp() inside hugetlb_no_page(), which will bypass the trap.
This patch skips hugetlb_wp() for CoW and retries the fault if uffd-wp bit
is detected. The new path will only trigger in the CoW optimization path
because generic hugetlb_fault() (e.g. when a present pte was
wr-protected) will resolve the uffd-wp bit already. Also make sure
anonymous UNSHARE won't be affected and can still be resolved, IOW only
skip CoW not CoR.
This patch will be needed for v5.19+ hence copy stable.
[peterx@redhat.com: v2]
Link: https://lkml.kernel.org/r/ZBzOqwF2wrHgBVZb@x1n
[peterx@redhat.com: v3]
Link: https://lkml.kernel.org/r/20230324142620.2344140-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20230321191840.1897940-1-peterx@redhat.com
Fixes:
|
||
Rongwei Wang
|
85cc118ce6 |
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
commit 6fe7d6b992113719e96744d974212df3fcddc76c upstream.
The si->lock must be held when deleting the si from the available list.
Otherwise, another thread can re-add the si to the available list, which
can lead to memory corruption. The only place we have found where this
happens is in the swapoff path. This case can be described as below:
core 0 core 1
swapoff
del_from_avail_list(si) waiting
try lock si->lock acquire swap_avail_lock
and re-add si into
swap_avail_head
acquire si->lock but missing si already being added again, and continuing
to clear SWP_WRITEOK, etc.
It can be easily found that a massive warning messages can be triggered
inside get_swap_pages() by some special cases, for example, we call
madvise(MADV_PAGEOUT) on blocks of touched memory concurrently, meanwhile,
run much swapon-swapoff operations (e.g. stress-ng-swap).
However, in the worst case, panic can be caused by the above scene. In
swapoff(), the memory used by si could be kept in swap_info[] after
turning off a swap. This means memory corruption will not be caused
immediately until allocated and reset for a new swap in the swapon path.
A panic message caused: (with CONFIG_PLIST_DEBUG enabled)
------------[ cut here ]------------
top: 00000000e58a3003, n: 0000000013e75cda, p: 000000008cd4451a
prev: 0000000035b1e58a, n: 000000008cd4451a, p: 000000002150ee8d
next: 000000008cd4451a, n: 000000008cd4451a, p: 000000008cd4451a
WARNING: CPU: 21 PID: 1843 at lib/plist.c:60 plist_check_prev_next_node+0x50/0x70
Modules linked in: rfkill(E) crct10dif_ce(E)...
CPU: 21 PID: 1843 Comm: stress-ng Kdump: ... 5.10.134+
Hardware name: Alibaba Cloud ECS, BIOS 0.0.0 02/06/2015
pstate: 60400005 (nZCv daif +PAN -UAO -TCO BTYPE=--)
pc : plist_check_prev_next_node+0x50/0x70
lr : plist_check_prev_next_node+0x50/0x70
sp : ffff0018009d3c30
x29: ffff0018009d3c40 x28: ffff800011b32a98
x27: 0000000000000000 x26: ffff001803908000
x25: ffff8000128ea088 x24: ffff800011b32a48
x23: 0000000000000028 x22: ffff001800875c00
x21: ffff800010f9e520 x20: ffff001800875c00
x19: ffff001800fdc6e0 x18: 0000000000000030
x17: 0000000000000000 x16: 0000000000000000
x15: 0736076307640766 x14: 0730073007380731
x13: 0736076307640766 x12: 0730073007380731
x11: 000000000004058d x10: 0000000085a85b76
x9 : ffff8000101436e4 x8 : ffff800011c8ce08
x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff0017df9ed338 x4 : 0000000000000001
x3 : ffff8017ce62a000 x2 : ffff0017df9ed340
x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
plist_check_prev_next_node+0x50/0x70
plist_check_head+0x80/0xf0
plist_add+0x28/0x140
add_to_avail_list+0x9c/0xf0
_enable_swap_info+0x78/0xb4
__do_sys_swapon+0x918/0xa10
__arm64_sys_swapon+0x20/0x30
el0_svc_common+0x8c/0x220
do_el0_svc+0x2c/0x90
el0_svc+0x1c/0x30
el0_sync_handler+0xa8/0xb0
el0_sync+0x148/0x180
irq event stamp: 2082270
Now, si->lock locked before calling 'del_from_avail_list()' to make sure
other thread see the si had been deleted and SWP_WRITEOK cleared together,
will not reinsert again.
This problem exists in versions after stable 5.10.y.
Link: https://lkml.kernel.org/r/20230404154716.23058-1-rongwei.wang@linux.alibaba.com
Fixes:
|
||
Yafang Shao
|
ef6bd8f64c |
mm: vmalloc: avoid warn_alloc noise caused by fatal signal
commit f349b15e183d6956f1b63d6ff57849ff10c7edd5 upstream. There're some suspicious warn_alloc on my test serer, for example, [13366.518837] warn_alloc: 81 callbacks suppressed [13366.518841] test_verifier: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [13366.522240] CPU: 30 PID: 722463 Comm: test_verifier Kdump: loaded Tainted: G W O 6.2.0+ #638 [13366.524216] Call Trace: [13366.524702] <TASK> [13366.525148] dump_stack_lvl+0x6c/0x80 [13366.525712] dump_stack+0x10/0x20 [13366.526239] warn_alloc+0x119/0x190 [13366.526783] ? alloc_pages_bulk_array_mempolicy+0x9e/0x2a0 [13366.527470] __vmalloc_area_node+0x546/0x5b0 [13366.528066] __vmalloc_node_range+0xc2/0x210 [13366.528660] __vmalloc_node+0x42/0x50 [13366.529186] ? bpf_prog_realloc+0x53/0xc0 [13366.529743] __vmalloc+0x1e/0x30 [13366.530235] bpf_prog_realloc+0x53/0xc0 [13366.530771] bpf_patch_insn_single+0x80/0x1b0 [13366.531351] bpf_jit_blind_constants+0xe9/0x1c0 [13366.531932] ? __free_pages+0xee/0x100 [13366.532457] ? free_large_kmalloc+0x58/0xb0 [13366.533002] bpf_int_jit_compile+0x8c/0x5e0 [13366.533546] bpf_prog_select_runtime+0xb4/0x100 [13366.534108] bpf_prog_load+0x6b1/0xa50 [13366.534610] ? perf_event_task_tick+0x96/0xb0 [13366.535151] ? security_capable+0x3a/0x60 [13366.535663] __sys_bpf+0xb38/0x2190 [13366.536120] ? kvm_clock_get_cycles+0x9/0x10 [13366.536643] __x64_sys_bpf+0x1c/0x30 [13366.537094] do_syscall_64+0x38/0x90 [13366.537554] entry_SYSCALL_64_after_hwframe+0x72/0xdc [13366.538107] RIP: 0033:0x7f78310f8e29 [13366.538561] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 17 e0 2c 00 f7 d8 64 89 01 48 [13366.540286] RSP: 002b:00007ffe2a61fff8 EFLAGS: 00000206 ORIG_RAX: 0000000000000141 [13366.541031] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f78310f8e29 [13366.541749] RDX: 0000000000000080 RSI: 00007ffe2a6200b0 RDI: 0000000000000005 [13366.542470] RBP: 00007ffe2a620010 R08: 00007ffe2a6202a0 R09: 00007ffe2a6200b0 [13366.543183] R10: 00000000000f423e R11: 0000000000000206 R12: 0000000000407800 [13366.543900] R13: 00007ffe2a620540 R14: 0000000000000000 R15: 0000000000000000 [13366.544623] </TASK> [13366.545260] Mem-Info: [13366.546121] active_anon:81319 inactive_anon:20733 isolated_anon:0 active_file:69450 inactive_file:5624 isolated_file:0 unevictable:0 dirty:10 writeback:0 slab_reclaimable:69649 slab_unreclaimable:48930 mapped:27400 shmem:12868 pagetables:4929 sec_pagetables:0 bounce:0 kernel_misc_reclaimable:0 free:15870308 free_pcp:142935 free_cma:0 [13366.551886] Node 0 active_anon:224836kB inactive_anon:33528kB active_file:175692kB inactive_file:13752kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:59248kB dirty:32kB writeback:0kB shmem:18252kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:4616kB pagetables:10664kB sec_pagetables:0kB all_unreclaimable? no [13366.555184] Node 1 active_anon:100440kB inactive_anon:49404kB active_file:102108kB inactive_file:8744kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:50352kB dirty:8kB writeback:0kB shmem:33220kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:3896kB pagetables:9052kB sec_pagetables:0kB all_unreclaimable? no [13366.558262] Node 0 DMA free:15360kB boost:0kB min:304kB low:380kB high:456kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [13366.560821] lowmem_reserve[]: 0 2735 31873 31873 31873 [13366.561981] Node 0 DMA32 free:2790904kB boost:0kB min:56028kB low:70032kB high:84036kB reserved_highatomic:0KB active_anon:1936kB inactive_anon:20kB active_file:396kB inactive_file:344kB unevictable:0kB writepending:0kB present:3129200kB managed:2801520kB mlocked:0kB bounce:0kB free_pcp:5188kB local_pcp:0kB free_cma:0kB [13366.565148] lowmem_reserve[]: 0 0 29137 29137 29137 [13366.566168] Node 0 Normal free:28533824kB boost:0kB min:596740kB low:745924kB high:895108kB reserved_highatomic:28672KB active_anon:222900kB inactive_anon:33508kB active_file:175296kB inactive_file:13408kB unevictable:0kB writepending:32kB present:30408704kB managed:29837172kB mlocked:0kB bounce:0kB free_pcp:295724kB local_pcp:0kB free_cma:0kB [13366.569485] lowmem_reserve[]: 0 0 0 0 0 [13366.570416] Node 1 Normal free:32141144kB boost:0kB min:660504kB low:825628kB high:990752kB reserved_highatomic:69632KB active_anon:100440kB inactive_anon:49404kB active_file:102108kB inactive_file:8744kB unevictable:0kB writepending:8kB present:33554432kB managed:33025372kB mlocked:0kB bounce:0kB free_pcp:270880kB local_pcp:46860kB free_cma:0kB [13366.573403] lowmem_reserve[]: 0 0 0 0 0 [13366.574015] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [13366.575474] Node 0 DMA32: 782*4kB (UME) 756*8kB (UME) 736*16kB (UME) 745*32kB (UME) 694*64kB (UME) 653*128kB (UME) 595*256kB (UME) 552*512kB (UME) 454*1024kB (UME) 347*2048kB (UME) 246*4096kB (UME) = 2790904kB [13366.577442] Node 0 Normal: 33856*4kB (UMEH) 51815*8kB (UMEH) 42418*16kB (UMEH) 36272*32kB (UMEH) 22195*64kB (UMEH) 10296*128kB (UMEH) 7238*256kB (UMEH) 5638*512kB (UEH) 5337*1024kB (UMEH) 3506*2048kB (UMEH) 1470*4096kB (UME) = 28533784kB [13366.580460] Node 1 Normal: 15776*4kB (UMEH) 37485*8kB (UMEH) 29509*16kB (UMEH) 21420*32kB (UMEH) 14818*64kB (UMEH) 13051*128kB (UMEH) 9918*256kB (UMEH) 7374*512kB (UMEH) 5397*1024kB (UMEH) 3887*2048kB (UMEH) 2002*4096kB (UME) = 32141240kB [13366.583027] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [13366.584380] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [13366.585702] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [13366.587042] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [13366.588372] 87386 total pagecache pages [13366.589266] 0 pages in swap cache [13366.590327] Free swap = 0kB [13366.591227] Total swap = 0kB [13366.592142] 16777082 pages RAM [13366.593057] 0 pages HighMem/MovableOnly [13366.594037] 357226 pages reserved [13366.594979] 0 pages hwpoisoned This failure really confuse me as there're still lots of available pages. Finally I figured out it was caused by a fatal signal. When a process is allocating memory via vm_area_alloc_pages(), it will break directly even if it hasn't allocated the requested pages when it receives a fatal signal. In that case, we shouldn't show this warn_alloc, as it is useless. We only need to show this warning when there're really no enough pages. Link: https://lkml.kernel.org/r/20230330162625.13604-1-laoar.shao@gmail.com Signed-off-by: Yafang Shao <laoar.shao@gmail.com> Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: Uladzislau Rezki (Sony) <urezki@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Muchun Song
|
54df8e39ce |
mm: kfence: fix handling discontiguous page
commit 1f2803b2660f4b04d48d065072c0ae0c9ca255fd upstream.
The struct pages could be discontiguous when the kfence pool is allocated
via alloc_contig_pages() with CONFIG_SPARSEMEM and
!CONFIG_SPARSEMEM_VMEMMAP.
This may result in setting PG_slab and memcg_data to a arbitrary
address (may be not used as a struct page), which in the worst case
might corrupt the kernel.
So the iteration should use nth_page().
Link: https://lkml.kernel.org/r/20230323025003.94447-1-songmuchun@bytedance.com
Fixes:
|
||
|
Muchun Song
|
476699a8a7 |
mm: kfence: fix PG_slab and memcg_data clearing
commit 3ee2d7471fa4963a2ced0a84f0653ce88b43c5b2 upstream.
It does not reset PG_slab and memcg_data when KFENCE fails to initialize
kfence pool at runtime. It is reporting a "Bad page state" message when
kfence pool is freed to buddy. The checking of whether it is a compound
head page seems unnecessary since we already guarantee this when
allocating kfence pool. Remove the check to simplify the code.
Link: https://lkml.kernel.org/r/20230320030059.20189-1-songmuchun@bytedance.com
Fixes:
|
||
T.J. Alumbaugh
|
451d7c42ea |
UPSTREAM: mm: multi-gen LRU: simplify lru_gen_look_around()
Update the folio generation in place with or without current->reclaim_state->mm_walk. The LRU lock is held for longer, if mm_walk is NULL and the number of folios to update is more than PAGEVEC_SIZE. This causes a measurable regression from the LRU lock contention during a microbencmark. But a tiny regression is not worth the complexity. Link: https://lkml.kernel.org/r/20230118001827.1040870-8-talumbau@google.com Change-Id: I9ce18b4f4062e6c1c13c98ece9422478eb8e1846 Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit abf086721a2f1e6897c57796f7268df1b194c750) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
T.J. Alumbaugh
|
fae7f9ea58 |
UPSTREAM: mm: multi-gen LRU: improve walk_pmd_range()
Improve readability of walk_pmd_range() and walk_pmd_range_locked(). Link: https://lkml.kernel.org/r/20230118001827.1040870-7-talumbau@google.com Change-Id: Ia084fbf53fe989673b7804ca8ca520af12d7d52a Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b5ff4133617d0eced35b685da0bd0929dd9fabb7) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
T.J. Alumbaugh
|
24307a538b |
UPSTREAM: mm: multi-gen LRU: improve lru_gen_exit_memcg()
Add warnings and poison ->next. Link: https://lkml.kernel.org/r/20230118001827.1040870-6-talumbau@google.com Change-Id: I53de9e04c1ae941e122b33cd45d2bbb5f34aae0c Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 37cc99979d04cca677c0ad5c0acd1149ec165d1b) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
T.J. Alumbaugh
|
e1cf082319 |
UPSTREAM: mm: multi-gen LRU: section for memcg LRU
Move memcg LRU code into a dedicated section. Improve the design doc to outline its architecture. Link: https://lkml.kernel.org/r/20230118001827.1040870-5-talumbau@google.com Change-Id: Id252e420cff7a858acb098cf2b3642da5c40f602 Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 36c7b4db7c942ae9e1b111f0c6b468c8b2e33842) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
T.J. Alumbaugh
|
282363eb6f |
UPSTREAM: mm: multi-gen LRU: section for Bloom filters
Move Bloom filters code into a dedicated section. Improve the design doc to explain Bloom filter usage and connection between aging and eviction in their use. Link: https://lkml.kernel.org/r/20230118001827.1040870-4-talumbau@google.com Change-Id: I73e866f687c1ed9f5c8538086aa39408b79897db Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit ccbbbb85945d8f0255aa9dbc1b617017e2294f2c) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
T.J. Alumbaugh
|
4d8cf6f6f0 |
UPSTREAM: mm: multi-gen LRU: section for rmap/PT walk feedback
Add a section for lru_gen_look_around() in the code and the design doc. Link: https://lkml.kernel.org/r/20230118001827.1040870-3-talumbau@google.com Change-Id: I5097af63f61b3b69ec2abee6cdbdc33c296df213 Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit db19a43d9b3a8876552f00f656008206ef9a5efa) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
T.J. Alumbaugh
|
014c372cc3 |
UPSTREAM: mm: multi-gen LRU: section for working set protection
Patch series "mm: multi-gen LRU: improve". This patch series improves a few MGLRU functions, collects related functions, and adds additional documentation. This patch (of 7): Add a section for working set protection in the code and the design doc. The admin doc already contains its usage. Link: https://lkml.kernel.org/r/20230118001827.1040870-1-talumbau@google.com Link: https://lkml.kernel.org/r/20230118001827.1040870-2-talumbau@google.com Change-Id: I65599075fd42951db7739a2ab7cee78516e157b3 Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 7b8144e63d84716f16a1b929e0c7e03ae5c4d5c1) Bug: 274865848 Signed-off-by: T.J. Mercier <tjmercier@google.com> |
||
|
Yu Zhao
|
8666944cf9 |
UPSTREAM: mm: support POSIX_FADV_NOREUSE
This patch adds POSIX_FADV_NOREUSE to vma_has_recency() so that the LRU
algorithm can ignore access to mapped files marked by this flag.
The advantages of POSIX_FADV_NOREUSE are:
1. Unlike MADV_SEQUENTIAL and MADV_RANDOM, it does not alter the
default readahead behavior.
2. Unlike MADV_SEQUENTIAL and MADV_RANDOM, it does not split VMAs and
therefore does not take mmap_lock.
3. Unlike MADV_COLD, setting it has a negligible cost, regardless of
how many pages it affects.
Its limitations are:
1. Like POSIX_FADV_RANDOM and POSIX_FADV_SEQUENTIAL, it currently does
not support range. IOW, its scope is the entire file.
2. It currently does not ignore access through file descriptors.
Specifically, for the active/inactive LRU, given a file page shared
by two users and one of them having set POSIX_FADV_NOREUSE on the
file, this page will be activated upon the second user accessing
it. This corner case can be covered by checking POSIX_FADV_NOREUSE
before calling folio_mark_accessed() on the read path. But it is
considered not worth the effort.
There have been a few attempts to support POSIX_FADV_NOREUSE, e.g., [1].
This time the goal is to fill a niche: a few desktop applications, e.g.,
large file transferring and video encoding/decoding, want fast file
streaming with mmap() rather than direct IO. Among those applications, an
SVT-AV1 regression was reported when running with MGLRU [2]. The
following test can reproduce that regression.
kb=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
kb=$((kb - 8*1024*1024))
modprobe brd rd_nr=1 rd_size=$kb
dd if=/dev/zero of=/dev/ram0 bs=1M
mkfs.ext4 /dev/ram0
mount /dev/ram0 /mnt/
swapoff -a
fallocate -l 8G /mnt/swapfile
mkswap /mnt/swapfile
swapon /mnt/swapfile
wget http://ultravideo.cs.tut.fi/video/Bosphorus_3840x2160_120fps_420_8bit_YUV_Y4M.7z
7z e -o/mnt/ Bosphorus_3840x2160_120fps_420_8bit_YUV_Y4M.7z
SvtAv1EncApp --preset 12 -w 3840 -h 2160 \
-i /mnt/Bosphorus_3840x2160.y4m
For MGLRU, the following change showed a [9-11]% increase in FPS,
which makes it on par with the active/inactive LRU.
patch Source/App/EncApp/EbAppMain.c <<EOF
31a32
> #include <fcntl.h>
35d35
< #include <fcntl.h> /* _O_BINARY */
117a118
> posix_fadvise(config->mmap.fd, 0, 0, POSIX_FADV_NOREUSE);
EOF
[1] https://lore.kernel.org/r/1308923350-7932-1-git-send-email-andrea@betterlinux.com/
[2] https://openbenchmarking.org/result/2209259-PTS-MGLRU8GB57
Link: https://lkml.kernel.org/r/20221230215252.2628425-2-yuzhao@google.com
Change-Id: I0b7f5f971d78014ea1ba44cee6a8ec902a4330d0
Signed-off-by: Yu Zhao <yuzhao@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrea Righi <andrea.righi@canonical.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michael Larabel <Michael@MichaelLarabel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 17e810229cb3068b692fa078bd9b3a6527e0866a)
Bug: 274865848
Signed-off-by: T.J. Mercier <tjmercier@google.com>
|
||
|
Yu Zhao
|
6ddfdb3d53 |
UPSTREAM: mm: add vma_has_recency()
Add vma_has_recency() to indicate whether a VMA may exhibit temporal
locality that the LRU algorithm relies on.
This function returns false for VMAs marked by VM_SEQ_READ or
VM_RAND_READ. While the former flag indicates linear access, i.e., a
special case of spatial locality, both flags indicate a lack of temporal
locality, i.e., the reuse of an area within a relatively small duration.
"Recency" is chosen over "locality" to avoid confusion between temporal
and spatial localities.
Before this patch, the active/inactive LRU only ignored the accessed bit
from VMAs marked by VM_SEQ_READ. After this patch, the active/inactive
LRU and MGLRU share the same logic: they both ignore the accessed bit if
vma_has_recency() returns false.
For the active/inactive LRU, the following fio test showed a [6, 8]%
increase in IOPS when randomly accessing mapped files under memory
pressure.
kb=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
kb=$((kb - 8*1024*1024))
modprobe brd rd_nr=1 rd_size=$kb
dd if=/dev/zero of=/dev/ram0 bs=1M
mkfs.ext4 /dev/ram0
mount /dev/ram0 /mnt/
swapoff -a
fio --name=test --directory=/mnt/ --ioengine=mmap --numjobs=8 \
--size=8G --rw=randrw --time_based --runtime=10m \
--group_reporting
The discussion that led to this patch is here [1]. Additional test
results are available in that thread.
[1] https://lore.kernel.org/r/Y31s%2FK8T85jh05wH@google.com/
Link: https://lkml.kernel.org/r/20221230215252.2628425-1-yuzhao@google.com
Change-Id: I291dcb795197659e40e46539cd32b857677c34ad
Signed-off-by: Yu Zhao <yuzhao@google.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrea Righi <andrea.righi@canonical.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michael Larabel <Michael@MichaelLarabel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 8788f6781486769d9598dcaedc3fe0eb12fc3e59)
Bug: 274865848
Signed-off-by: T.J. Mercier <tjmercier@google.com>
|
||
|
Kalesh Singh
|
ae678a47ee |
ANDROID: MGLRU: Avoid reactivation of anon pages on swap full
Avoid anon reclaim if swapping full since this reactivates the pages. Bug: 261619133 Bug: 276521916 Change-Id: Ia3af7fe8d5b29405830a812e73f95d11a0f8ee3a Signed-off-by: Kalesh Singh <kaleshsingh@google.com> |
||
|
jianzhou
|
63bb445b95 |
Merge keystone/android14-6.1-keystone-qcom-release.6.1.20 (2be6a1c) into msm-pineapple
* refs/heads/tmp-2be6a1c:
ANDROID: mm: add get_page_owner_handle function
ANDROID: mm: add get_each_object_track function
ANDROID: mm: Export get_slabinfo
ANDROID: mm: Export page_ext_[get|put]
ANDROID: mm: Export si_swapinfo
ANDROID: mm: Export vmalloc_nr_pages
ANDROID: mm: Export pcpu_nr_pages
ANDROID: dma-buf: add dma_buf_get_each function
ANDROID: abi_gki_aarch64_qcom: Update symbol list
Revert "HID: core: Provide new max_buffer_size attribute to over-ride the default"
Revert "HID: uhid: Over-ride the default maximum data buffer value with our own"
Revert "ANDROID: sound: usb: Add vendor hooks for connect & disconnect"
Revert "ANDROID: usb: host: export additional xhci symbols for ring management"
Revert "ANDROID: sound: usb: Export symbols for endpoint management"
ANDROID: abi_gki_aarch64_qcom: Sort list
ANDROID: of: of_reserved_mem: Increase limit for reserved_mem regions
ANDROID: update the db845c symbol list
ANDROID: Update the .stg file due to internal io_uring changes
Revert "netfilter: ctnetlink: make event listener tracking global"
Revert "PCI: loongson: Prevent LS7A MRRS increases"
Revert "PCI: loongson: Add more devices that need MRRS quirk"
ANDROID: remove CONFIG_NET_CLS_TCINDEX from gki_defconfig
ANDROID: GKI: Enable USB C DP alternate mode support
ANDROID: abi_gki_aarch64_qcom: Add USB offload symbols
ANDROID: sound: usb: Add vendor hooks for connect & disconnect
ANDROID: sound: usb: Export symbols for endpoint management
ANDROID: usb: host: export additional xhci symbols for ring management
ANDROID: ABI: Update QCOM symbol list
FROMGIT: f2fs: remove entire rb_entry sharing
FROMGIT: f2fs: factor out discard_cmd usage from general rb_tree use
FROMGIT: f2fs: factor out victim_entry usage from general rb_tree use
UPSTREAM: loop: Fix use-after-free issues
ANDROID: fuse-bpf: Correctly put backing files
ANDROID: Revert "psi: allow unprivileged users with CAP_SYS_RESOURCE to write psi files"
ANDROID: gic: Add vendor hook for gic-v3 resume
ANDROID: abi_gki_aarch64_qcom: add system_freezable_power_efficient_wq
ANDROID: GKI: arm64: Enable KMI strict mode
ANDROID: GKI: QCOM: Remove stale symbols
FROMGIT: usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
Linux 6.1.20
UML: define RUNTIME_DISCARD_EXIT
Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES"
filelocks: use mount idmapping for setlease permission check
drm/amd/display: adjust MALL size available for DCN32 and DCN321
drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60
media: rc: gpio-ir-recv: add remove function
media: ov5640: Fix analogue gain control
scripts: handle BrokenPipeError for python scripts
PCI: Add SolidRun vendor ID
macintosh: windfarm: Use unsigned type for 1-bit bitfields
alpha: fix R_ALPHA_LITERAL reloc for large modules
powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
powerpc/64: Move paca allocation to early_setup()
powerpc/64: Fix task_cpu in early boot when booting non-zero cpuid
powerpc/bpf/32: Only set a stack frame when necessary
clk: renesas: rcar-gen3: Disable R-Car H3 ES1.*
powerpc/iommu: fix memory leak with using debugfs_lookup()
powerpc/64: Don't recurse irq replay
MIPS: Fix a compilation issue
tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
drm/msm/adreno: fix runtime PM imbalance at unbind
adreno: Shutdown the GPU properly
drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4
drm/amdgpu/soc21: don't expose AV1 if VCN0 is harvested
ext4: Fix deadlock during directory rename
drm/amdgpu: fix return value check in kfd
RISC-V: Don't check text_mutex during stop_machine
riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
erofs: Revert "erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
af_unix: fix struct pid leaks in OOB support
net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
SUNRPC: Fix a server shutdown leak
octeontx2-af: Unlock contexts in the queue context cache in case of fault detection
net/smc: fix fallback failed while sendmsg with fastopen
ethernet: ice: avoid gcc-9 integer overflow warning
ice: Fix DSCP PFC TLV creation
NFSD: Protect against filesystem freezing
block: fix wrong mode for blkdev_put() from disk_scan_partitions()
platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
platform: mellanox: select REGMAP instead of depending on it
netfilter: conntrack: adopt safer max chain length
scsi: sd: Fix wrong zone_write_granularity value during revalidate
scsi: megaraid_sas: Update max supported LD IDs to 240
net: tls: fix device-offloaded sendpage straddling records
net: ethernet: mtk_eth_soc: fix RX data corruption issue
net: phy: smsc: fix link up detection in forced irq mode
btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES
btrfs: fix extent map logging bit not cleared for split maps after dropping range
m68k: mm: Move initrd phys_to_virt handling after paging_init()
netfilter: tproxy: fix deadlock due to missing BH disable
netfilter: ctnetlink: revert to dumping mark regardless of event type
bnxt_en: Avoid order-5 memory allocation for TPA data
net: phylib: get rid of unnecessary locking
net: stmmac: add to set device wake up flag when stmmac init phy
drm/msm/dpu: clear DSPP reservations in rm release
drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks
drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK
drm/msm/dpu: fix len of sc7180 ctl blocks
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
ice: copy last block omitted in ice_get_module_eeprom()
net: caif: Fix use-after-free in cfusbl_device_notify()
net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver
perf stat: Fix counting when initial delay configured
net: use indirect calls helpers for sk_exit_memory_pressure()
net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
netfilter: nft_quota: copy content when cloning expression
netfilter: nft_last: copy content when cloning expression
selftests: nft_nat: ensuring the listening side is up before starting the client
net: lan966x: Fix port police support using tc-matchall
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
drm/msm/dpu: disable features unsupported by QCM2290
tls: rx: fix return value for async crypto
powerpc: dts: t1040rdb: fix compatible string for Rev A boards
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
bgmac: fix *initial* chip reset to support BCM5358
drm/msm/a5xx: fix context faults during ring switch
drm/msm/a5xx: fix the emptyness check in the preempt code
drm/msm/a5xx: fix highest bank bit for a530
drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
drm/msm: Fix potential invalid ptr free
drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID
ext4: Fix possible corruption when moving a directory
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
riscv: Add header include guards to insn.h
block: fix scan partition for exclusively open device again
block: Revert "block: Do not reread partition table on exclusively open device"
drm/i915: Populate encoder->devdata for DSI on icl+
drm/i915: Do panel VBT init early if the VBT declares an explicit panel type
drm/i915: Introduce intel_panel_init_alloc()
spi: intel: Check number of chip selects after reading the descriptor
ipmi:ssif: Add a timer between request retries
ipmi:ssif: Increase the message retry time
ipmi:ssif: Remove rtc_us_timer
Input: exc3000 - properly stop timer on shutdown
bus: mhi: ep: Change state_lock to mutex
bus: mhi: ep: Power up/down MHI stack during MHI RESET
udf: Fix off-by-one error when discarding preallocation
fs: dlm: fix race setting stop tx flag
fs: dlm: be sure to call dlm_send_queue_flush()
fs: dlm: use WARN_ON_ONCE() instead of WARN_ON()
fs: dlm: fix use after free in midcomms commit
fd: dlm: trace send/recv of dlm message and rcom
fs: dlm: use packet in dlm_mhandle
fs: dlm: remove send repeat remove handling
fs: dlm: start midcomms before scand
fs: dlm: add midcomms init/start functions
fs: dlm: fix log of lowcomms vs midcomms
KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
KVM: x86: Move guts of kvm_arch_init() to standalone helper
KVM: VMX: Don't bother disabling eVMCS static key on module exit
KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
nfc: change order inside nfc_se_io error path
HID: uhid: Over-ride the default maximum data buffer value with our own
HID: core: Provide new max_buffer_size attribute to over-ride the default
ext4: zero i_disksize when initializing the bootloader inode
ext4: fix WARNING in ext4_update_inline_data
ext4: move where set the MAY_INLINE_DATA flag is set
ext4: fix another off-by-one fsmap error on 1k block filesystems
ext4: fix RENAME_WHITEOUT handling for inline directories
ext4: fix cgroup writeback accounting with fs-layer encryption
staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
staging: rtl8723bs: Fix key-store index handling
drm/connector: print max_requested_bpc in state debugfs
drm/display: Don't block HDR_OUTPUT_METADATA on unknown EOTF
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21
drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
RISC-V: Stop emitting attributes
fork: allow CLONE_NEWTIME in clone3 flags
perf inject: Fix --buildid-all not to eat up MMAP2
erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
io_uring/uring_cmd: ensure that device supports IOPOLL
btrfs: fix percent calculation for bg reclaim message
btrfs: fix unnecessary increment of read error stat on write error
fs: prevent out-of-bounds array speculation when closing a file descriptor
ANDROID: remove CONFIG_NET_CLS_TCINDEX from gki_defconfig
ANDROID: abi_gki_aarch64_qcom: update symbol list
ANDROID: further fix incorrectly submitted KMI update
ANDROID: fix incorrectly submitted KMI update
ANDROID: ABI: Update QCOM symbol list
ANDROID: thermal: vendor hook to disable thermal cooling stats
ANDROID: GKI: 3/15/2023 KMI update
ANDROID: GKI: Enable MGLRU by default
Revert "Revert "sched/psi: Stop relying on timer_pending() for poll_work rescheduling""
ANDROID: update db845c symbol list
UPSTREAM: scsi: ufs: core: Simplify ufshcd_execute_start_stop()
UPSTREAM: scsi: ufs: core: Rely on the block layer for setting RQF_PM
UPSTREAM: scsi: ufs: mcq: Fix incorrectly set queue depth
UPSTREAM: scsi: ufs: ufs-mediatek: Guard power management functions with CONFIG_PM
UPSTREAM: scsi: ufs: core: Initialize devfreq synchronously
UPSTREAM: scsi: ufs: Make the TC G210 driver dependent on CONFIG_OF
UPSTREAM: scsi: ufs: core: Fix an error handling path in ufshcd_read_desc_param()
UPSTREAM: scsi: ufs: core: Fix kernel-doc syntax
UPSTREAM: scsi: ufs: core: Add hibernation callbacks
UPSTREAM: scsi: ufs: core: Limit DMA alignment check
UPSTREAM: scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
UPSTREAM: scsi: ufs: qcom: fix platform_msi_domain_free_irqs() reference
UPSTREAM: scsi: core: Extend struct scsi_exec_args
UPSTREAM: scsi: core: Remove scsi_execute_req()/scsi_execute() functions
UPSTREAM: scsi: cxlflash: Convert to scsi_execute_cmd()
UPSTREAM: scsi: target: target_core_pscsi: Convert to scsi_execute_cmd()
UPSTREAM: scsi: virtio_scsi: Convert to scsi_execute_cmd()
UPSTREAM: scsi: sr: Convert to scsi_execute_cmd()
UPSTREAM: scsi: ses: Convert to scsi_execute_cmd()
UPSTREAM: scsi: zbc: Convert to scsi_execute_cmd()
UPSTREAM: scsi: sd: Convert to scsi_execute_cmd()
UPSTREAM: scsi: spi: Convert to scsi_execute_cmd()
UPSTREAM: scsi: core: Convert to scsi_execute_cmd()
UPSTREAM: scsi: scsi_dh: Convert to scsi_execute_cmd()
UPSTREAM: scsi: ch: Convert to scsi_execute_cmd()
UPSTREAM: scsi: hwmon: drivetemp: Convert to scsi_execute_cmd()
UPSTREAM: scsi: ata: libata-scsi: Convert to scsi_execute_cmd()
UPSTREAM: scsi: core: Add struct for args to execution functions
UPSTREAM: scsi: core: Fix the scsi_device_put() might_sleep annotation
UPSTREAM: scsi: core: scsi_error: Do not queue pointless abort workqueue functions
ANDROID: scsi: ufs: Enable CONFIG_SCSI_UFS_VARIABLE_SG_ENTRY_SIZE if encryption is enabled
FROMGIT: scsi: ufs: core: Enable DMA clustering
FROMGIT: scsi: ufs: exynos: Fix the maximum segment size
FROMGIT: scsi: ufs: ufs: Remove duplicate entry
FROMGIT: scsi: ufs: qcom: Add MCQ ESI config vendor specific ops
FROMGIT: scsi: ufs: core: mcq: Add Event Specific Interrupt enable and config functions
FROMGIT: scsi: ufs: core: Add Event Specific Interrupt configuration vendor specific ops
FROMGIT: scsi: ufs: core: mcq: Enable multi-circular queue
FROMGIT: scsi: ufs: core: mcq: Add completion support in poll
FROMGIT: scsi: ufs: mcq: Add completion support of a CQE
FROMGIT: scsi: ufs: core: Prepare for completion in MCQ
FROMGIT: scsi: ufs: core: mcq: Find hardware queue to queue request
FROMGIT: scsi: ufs: core: Prepare ufshcd_send_command() for MCQ
FROMGIT: scsi: ufs: core: mcq: Use shared tags for MCQ mode
FROMGIT: scsi: ufs: core: mcq: Configure operation and runtime interface
FROMGIT: scsi: ufs: core: mcq: Allocate memory for MCQ mode
FROMGIT: scsi: ufs: core: mcq: Calculate queue depth
FROMGIT: scsi: ufs: core: mcq: Configure resource regions
FROMGIT: scsi: ufs: core: mcq: Add support to allocate multiple queues
FROMGIT: scsi: ufs: core: Defer adding host to SCSI if MCQ is supported
FROMGIT: scsi: ufs: core: Introduce multi-circular queue capability
FROMGIT: scsi: ufs: core: Probe for EXT_IID support
FROMGIT: scsi: core: Fix invisible definition compilation warning
FROMGIT: scsi: ufs: core: bsg: Fix sometimes-uninitialized warnings
FROMGIT: scsi: ufs: ufs-qcom: Add support for finding max gear on new platforms
FROMGIT: scsi: ufs: ufs-qcom: Add support for reinitializing the UFS device
FROMGIT: scsi: ufs: ufs-qcom: Factor out the logic finding the HS Gear
FROMGIT: scsi: ufs: core: Add reinit_notify() callback
FROMGIT: scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
FROMGIT: scsi: ufs: ufs-qcom: Use dev_err_probe() for printing probe error
FROMGIT: scsi: ufs: ufs-qcom: Use bitfields where appropriate
FROMGIT: scsi: ufs: ufs-qcom: Remove unnecessary WARN_ON()
FROMGIT: scsi: ufs: ufs-qcom: Remove unnecessary goto statements
FROMGIT: scsi: ufs: ufs-unisoc: Add support for Unisoc UFS host controller
FROMGIT: scsi: ufs: core: Remove ufshcd_map_desc_id_to_length()
FROMGIT: scsi: ufs: core: Remove len parameter from ufshcd_set_active_icc_lvl()
FROMGIT: scsi: ufs: core: Remove redundant desc_size variable from hba
FROMGIT: scsi: ufs: core: Remove redundant wb check
FROMGIT: scsi: ufs: core: Allow UFS host drivers to override the sg entry size
FROMGIT: scsi: ufs: core: Pass the clock scaling timeout as an argument
FROMGIT: scsi: ufs: core: Reduce the clock scaling latency
FROMGIT: scsi: ufs: ufs-qcom: Use dev_err() where possible
FROMGIT: scsi: ufs: ufs-qcom: Remove usage of dbg_print_en
FROMGIT: scsi: ufs: ufs-qcom: Clean up dbg_register_dump
FROMGIT: scsi: ufs: ufs-qcom: Drop unnecessary NULL checks
FROMGIT: scsi: ufs: core: bsg: Add advanced RPMB support in ufs_bsg
FROMGIT: scsi: ufs: core: Pass EHS length into ufshcd_prepare_req_desc_hdr()
FROMGIT: scsi: ufs: core: Advanced RPMB detection
FROMGIT: scsi: ufs: core: Remove check_upiu_size() from ufshcd.h
FROMGIT: scsi: ufs: Fix a deadlock between PM and the SCSI error handler
FROMGIT: scsi: ufs: Track system suspend / resume activity
FROMGIT: scsi: core: Support failing requests while recovering
FROMGIT: scsi: core: Change the return type of .eh_timed_out()
ANDROID: Disable AF_RXRPC for allmodconfig.
UPSTREAM: arm64: pass ESR_ELx to die() of cfi_handler
UPSTREAM: block: Fix the blk_mq_destroy_queue() documentation
ANDROID: KVM: arm64: pKVM module loading before deprivilege
ANDROID: KVM: arm64: Move pKVM host deprivilege to device_initcall
ANDROID: KVM: arm64: Cleanup useless declarations
ANDROID: CONFIG_MODPROBE_PATH to toolbox's modprobe
ANDROID: ABI: update symbol list for galaxy
ANDROID: arm64: add vendor hooks for unusal abort cases
ANDROID: arm64: add vendor hooks for kernel fault cases
ANDROID: power: add vendor hooks for try_to_freeze fail
ANDROID: softlockup: add vendor hook for a softlockup task
ANDROID: bug: add vendor hook for bug trap
ANDROID: update abi definition due to io_uring changes.
UPSTREAM: Revert "blk-cgroup: dropping parent refcount after pd_free_fn() is done"
UPSTREAM: Revert "blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()"
Revert "kobject: modify kobject_get_path() to take a const *"
Revert "wait: Return number of exclusive waiters awaken"
Revert "sbitmap: Use single per-bitmap counting to wake up queued tags"
Revert "sbitmap: correct wake_batch recalculation to avoid potential IO hung"
Revert "sbitmap: Advance the queue index before waking up a queue"
Revert "sbitmap: Try each queue to wake up at least one waiter"
Revert "HID: retain initial quirks set up when creating HID devices"
ANDROID: abi_gki_aarch64_qcom: Add vma apis
ANDROID: KVM: arm64: Move hyp events in a hyp/ folder
ANDROID: KVM: arm64: Allow single char for hyp tracing interface
ANDROID: KVM: arm64: Hyp tracing polling to 100ms
ANDROID: KVM: arm64: Fix nVHE enter/exit events
ANDROID: KVM: arm64: Handle pipe buffer overflow for hyp tracing
ANDROID: KVM: arm64: Flush hyp trace pipe when tracing stops
ANDROID: ring-buffer: Fix ring_buffer_read_page for external writers
ANDROID: KVM: arm64: Add trace_clock for nVHE tracing
ANDROID: KVM: arm64: Add common "trace_pipe" file for hyp tracing
ANDROID: KVM: arm64: Allow to reset hyp trace buffers
ANDROID: KVM: arm64: Add common "trace" file for hyp tracing
ANDROID: KVM: arm64: Add __pkvm_enable_tracing
ANDROID: KVM: arm64: Empty buffer support for hyp tracing trace file
ANDROID: KVM: arm64: Rename nVHE hyp event ELF sections
Linux 6.1.19
staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
tpm: disable hwrng for fTPM on some AMD designs
Linux 6.1.18
usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
arm64: Reset KASAN tag in copy_highpage with HW tags only
arm64: mte: Fix/clarify the PG_mte_tagged semantics
arm64: efi: Make efi_rt_lock a raw_spinlock
io_uring/poll: allow some retries for poll triggering spuriously
io_uring: fix two assignments in if conditions
media: uvcvideo: Fix race condition with usb_kill_urb
drm/i915: Fix system suspend without fbdev being initialized
drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs
drm/display/dp_mst: Fix payload addition on a disconnected sink
drm/display/dp_mst: Fix down message handling after a packet reception error
drm/display/dp_mst: Fix down/up message handling after sink disconnect
drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state()
vDPA/ifcvf: allocate the adapter in dev_add()
vDPA/ifcvf: manage ifcvf_hw in the mgmt_dev
vDPA/ifcvf: ifcvf_request_irq works on ifcvf_hw
vDPA/ifcvf: decouple config/dev IRQ requester and vectors allocator from the adapter
vDPA/ifcvf: decouple vq irq requester from the adapter
vDPA/ifcvf: decouple config IRQ releaser from the adapter
vDPA/ifcvf: decouple vq IRQ releasers from the adapter
vDPA/ifcvf: alloc the mgmt_dev before the adapter
vDPA/ifcvf: decouple config space ops from the adapter
vDPA/ifcvf: decouple hw features manipulators from the adapter
x86/resctl: fix scheduler confusion with 'current'
net: tls: avoid hanging tasks on the tx_lock
soundwire: cadence: Drain the RX FIFO after an IO timeout
soundwire: cadence: Remove wasted space in response_buf
iommu: Attach device group to old domain in error path
RDMA/cma: Distinguish between sockaddr_in and sockaddr_in6 by size
phy: rockchip-typec: Fix unsigned comparison with less than zero
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
PCI: Add ACS quirk for Wangxun NICs
PCI: loongson: Add more devices that need MRRS quirk
kernel/fail_function: fix memory leak with using debugfs_lookup()
drivers: base: dd: fix memory leak with using debugfs_lookup()
drivers: base: component: fix memory leak with using debugfs_lookup()
misc: vmw_balloon: fix memory leak with using debugfs_lookup()
tty: pcn_uart: fix memory leak with using debugfs_lookup()
PCI: Distribute available resources for root buses, too
PCI: Take other bus devices into account when distributing resources
PCI: Align extra resources for hotplug bridges properly
usb: gadget: uvc: Make bSourceID read/write
usb: uvc: Enumerate valid values for color matching
USB: ene_usb6250: Allocate enough memory for full object
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()
USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()
USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
USB: isp1362: fix memory leak with using debugfs_lookup()
USB: isp116x: fix memory leak with using debugfs_lookup()
USB: fotg210: fix memory leak with using debugfs_lookup()
USB: sl811: fix memory leak with using debugfs_lookup()
USB: uhci: fix memory leak with using debugfs_lookup()
USB: ULPI: fix memory leak with using debugfs_lookup()
USB: chipidea: fix memory leak with using debugfs_lookup()
USB: dwc3: fix memory leak with using debugfs_lookup()
staging: pi433: fix memory leak with using debugfs_lookup()
PCI: loongson: Prevent LS7A MRRS increases
soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe()
media: uvcvideo: Add GUID for BGRA/X 8:8:8:8
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
bus: mhi: ep: Fix the debug message for MHI_PKT_TYPE_RESET_CHAN_CMD cmd
tools/iio/iio_utils:fix memory leak
mei: bus-fixup:upon error print return values of send and receive
serial: sc16is7xx: setup GPIO controller later in probe
tty: serial: fsl_lpuart: disable the CTS when send break signal
tty: fix out-of-bounds access in tty_driver_lookup_tty()
staging: emxx_udc: Add checks for dma_alloc_coherent()
cacheinfo: Fix shared_cpu_map to handle shared caches at different levels
USB: fix memory leak with using debugfs_lookup()
media: uvcvideo: Silence memcpy() run-time false positive warnings
media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Handle cameras with invalid descriptors
media: uvcvideo: Remove format descriptions
PCI/ACPI: Account for _S0W of the target bridge in acpi_pci_bridge_d3()
iommu/amd: Fix error handling for pdev_pri_ats_enable()
IB/hfi1: Update RMT size calculation
mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
kernel/printk/index.c: fix memory leak with using debugfs_lookup()
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
thermal: intel: quark_dts: fix error pointer dereference
ASoC: mediatek: mt8195: add missing initialization
ASoC: zl38060 add gpiolib dependency
nvme-fabrics: show well known discovery name
nvme-tcp: don't access released socket during error recovery
nvme: bring back auto-removal of deleted namespaces during sequential scan
ASoC: apple: mca: Improve handling of unavailable DMA channels
ASoC: apple: mca: Fix SERDES reset sequence
ASoC: apple: mca: Fix final status read on SERDES reset
ASoC: adau7118: don't disable regulators on device unbind
loop: loop_set_status_from_info() check before assignment
io_uring: fix size calculation when registering buf ring
rtc: allow rtc_read_alarm without read_alarm callback
scsi: mpi3mr: Use number of bits to manage bitmap sizes
scsi: mpi3mr: Fix an issue found by KASAN
scsi: ipr: Work around fortify-string warning
genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()
rtc: sun6i: Always export the internal oscillator
spi: tegra210-quad: Fix iterator outside loop
vc_screen: modify vcs_size() handling in vcs_read()
tcp: tcp_check_req() can be called from process context
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
net: dsa: felix: fix internal MDIO controller resource length
net: dsa: seville: ignore mscc-miim read errors from Lynx PCS
net/sched: act_sample: fix action bind logic
net/sched: act_mpls: fix action bind logic
net/sched: act_pedit: fix action bind logic
net/sched: transition act_pedit to rcu and percpu stats
nfc: fix memory leak of se_io context in nfc_genl_se_io
ext4: fix incorrect options show of original mount_opt and extend mount_opt2
net/mlx5: Geneve, Fix handling of Geneve object id as error code
net/mlx5e: Verify flow_source cap before using it
net/mlx5: ECPF, wait for VF pages only after disabling host PFs
mlx5: fix possible ptp queue fifo use-after-free
mlx5: fix skb leak while fifo resync and push
spi: tegra210-quad: Fix validate combined sequence
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
9p/xen: fix connection sequence
9p/xen: fix version parsing
net: fix __dev_kfree_skb_any() vs drop monitor
octeontx2-pf: Use correct struct reference in test condition
sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
net: sunhme: Fix region request
octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet
ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
drm/i915: move a Kconfig symbol to unbreak the menu presentation
ptp: vclock: use mutex to fix "sleep on atomic" bug
netfilter: x_tables: fix percpu counter block leak on error path when creating new netns
netfilter: ctnetlink: make event listener tracking global
netfilter: xt_length: use skb len to match in length_mt6
netfilter: ebtables: fix table blob use-after-free
netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
netfilter: conntrack: fix rmmod double-free race
netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
watchdog: Fix kmemleak in watchdog_cdev_register
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
watchdog: rzg2l_wdt: Handle TYPE-B reset for RZ/V2M
watchdog: rzg2l_wdt: Issue a reset before we put the PM clocks
f2fs: synchronize atomic write aborts
um: virt-pci: properly remove PCI device from bus
um: virtio_uml: move device breaking into workqueue
um: virtio_uml: mark device as unregistered when breaking it
um: virtio_uml: free command if adding to virtqueue failed
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
netfilter: nf_tables: allow to fetch set elements when table has an owner
ext4: don't show commit interval if it is zero
ext4: use ext4_fc_tl_mem in fast-commit replay path
soc: qcom: stats: Populate all subsystem debugfs files
f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: Re-statistic cleaned znode count if commit failed
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubifs: Fix memory leak in alloc_wbufs()
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubi: Fix use-after-free when volume resizing failed
ubifs: Reserve one leb for each journal head while doing budget
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubifs: Fix memory leak in ubifs_sysfs_init()
ubifs: Fix build errors as symbol undefined
ubi: ensure that VID header offset + VID header size <= alloc, size
um: vector: Fix memory leak in vector_config
f2fs: fix to abort atomic write only during do_exist()
f2fs: allow set compression option of files without blocks
fs: f2fs: initialize fsdata in pagecache_write()
soc: mediatek: mtk-svs: Use pm_runtime_resume_and_get() in svs_init01()
soc: mediatek: mtk-svs: reset svs when svs_resume() fail
soc: mediatek: mtk-svs: restore default voltages when svs_init02() fail
f2fs: clear atomic_write_task in f2fs_abort_atomic_write()
f2fs: correct i_size change for atomic writes
f2fs: introduce trace_f2fs_replace_atomic_write_block
pwm: stm32-lp: fix the check on arr and cmp registers update
pwm: sifive: Always let the first pwm_apply_state succeed
soc: mediatek: mtk-svs: Enable the IRQ later
memory: renesas-rpc-if: Move resource acquisition to .probe()
memory: renesas-rpc-if: Split-off private data from struct rpcif
soc: mediatek: mtk-pm-domains: Allow mt8186 ADSP default power on
objtool: Fix memory leak in create_static_call_sections()
f2fs: fix to avoid potential deadlock
f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin
driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event()
fs/jfs: fix shift exponent db_agl2size negative
auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()
net/sched: Retire tcindex classifier
Linux 6.1.17
Revert "blk-cgroup: dropping parent refcount after pd_free_fn() is done"
Revert "blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()"
ANDROID: ABI: update symbol list for galaxy
ANDROID: Re-apply vendor hooks for information of blocked tasks
ANDROID: ABI: Add missing symbols to QCOM list
Linux 6.1.16
net: avoid double iput when sock_alloc_file fails
kbuild: Port silent mode detection to future gnu make.
sbitmap: Try each queue to wake up at least one waiter
wait: Return number of exclusive waiters awaken
sbitmap: Advance the queue index before waking up a queue
brd: use radix_tree_maybe_preload instead of radix_tree_preload
qede: avoid uninitialized entries in coal_entry array
drm/edid: fix parsing of 3D modes from HDMI VSDB
drm/edid: fix AVI infoframe aspect ratio handling
drm/gud: Fix UBSAN warning
drm/i915: Don't use BAR mappings for ring buffers with LLC
drm/i915: Don't use stolen memory for ring buffers with LLC
drm/radeon: Fix eDP for single-display iMac11,2
drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
drm/amd: Fix initialization for nbio 7.5.1
vfio/type1: restore locked_vm
vfio/type1: track locked_vm per dma
vfio/type1: prevent underflow of locked_vm via exec()
vfio/type1: exclude mdevs from VFIO_UPDATE_VADDR
iommu/vt-d: Fix PASID directory pointer coherency
iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode
bus: mhi: ep: Save channel state locally during suspend and resume
bus: mhi: ep: Move chan->lock to the start of processing queued ch ring
bus: mhi: ep: Only send -ENOTCONN status if client driver is available
PCI/DPC: Await readiness of secondary bus after reset
PCI: Avoid FLR for AMD FCH AHCI adapters
PCI: hotplug: Allow marking devices as disconnected during bind/unbind
PCI: Unify delay handling for reset and resume
PCI/PM: Observe reset delay irrespective of bridge_d3
MIPS: DTS: CI20: fix otg power gpio
riscv: ftrace: Reduce the detour code size to half
riscv: ftrace: Remove wasted nops for !RISCV_ISA_C
riscv, mm: Perform BPF exhandler fixup on page fault
riscv: jump_label: Fixup unaligned arch_static_branch function
riscv: mm: fix regression due to update_mmu_cache change
riscv: Avoid enabling interrupts in die()
RISC-V: add a spin_shadow_stack declaration
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Don't attach if enclosure has no components
scsi: qla2xxx: Remove increment of interface err cnt
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Remove unintended flag clearing
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
scsi: qla2xxx: Check if port is online before sending ELS
scsi: qla2xxx: Fix link failure in NPIV environment
scsi: aacraid: Allocate cmd_priv with scsicmd
iommu/amd: Improve page fault error reporting
iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
tracing/eprobe: Fix to add filter on eprobe description in README file
tools/bootconfig: fix single & used for logical condition
ring-buffer: Handle race between rb_move_tail and rb_check_pages
memory tier: release the new_memtier in find_create_memory_tier()
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ktest.pl: Fix missing "end_monitor" when machine check fails
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
ktest.pl: Give back console on Ctrt^C on monitor
mm/thp: check and bail out if page in deferred queue already
mm: memcontrol: deprecate charge moving
docs: gdbmacros: print newest record
remoteproc/mtk_scp: Move clk ops outside send_lock
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
mips: fix syscall_get_nr
dax/kmem: Fix leak of memory-hotplug resources
alpha: fix FEN fault handling
mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON
panic: fix the panic_print NMI backtrace setting
regulator: core: Use ktime_get_boottime() to determine how long a regulator was off
ceph: update the time stamps and try to drop the suid/sgid
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
fuse: add inode/permission checks to fileattr_get/fileattr_set
arm64: mm: hugetlb: Disable HUGETLB_PAGE_OPTIMIZE_VMEMMAP
ARM: dts: exynos: correct TMU phandle in Odroid HC1
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Exynos5250
ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
ARM: dts: exynos: correct TMU phandle in Exynos4
ARM: dts: exynos: correct TMU phandle in Exynos4210
ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node
ARM: dts: qcom: sdx65: Add Qcom SMMU-500 as the fallback for IOMMU node
hwmon: (nct6775) Fix incorrect parenthesization in nct6775_write_fan_div()
hwmon: (peci/cputemp) Fix off-by-one in coretemp_label allocation
dm flakey: fix a bug with 32-bit highmem systems
dm flakey: don't corrupt the zero page
dm cache: free background tracker's queued work in btracker_destroy
dm flakey: fix logic when corrupting a bio
thermal: intel: powerclamp: Fix cur_state for multi package system
qede: fix interrupt coalescing configuration
cpuidle: add ARCH_SUSPEND_POSSIBLE dependencies
wifi: cfg80211: Set SSID if it is not already set
wifi: cfg80211: Fix use after free for wext
wifi: ath11k: allow system suspend to survive ath11k
wifi: rtl8xxxu: Use a longer retry limit of 48
wifi: rtw88: use RTW_FLAG_POWERON flag to prevent to power on/off twice
dm: add cond_resched() to dm_wq_requeue_work()
dm: add cond_resched() to dm_wq_work()
dm: send just one event on resize, not two
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
mtd: spi-nor: sfdp: Fix index value for SCCR dwords
cxl/pmem: Fix nvdimm registration races
ext4: refuse to create ea block when umounted
ext4: optimize ea_inode block expansion
jbd2: fix data missing when reusing bh which is ready to be checkpointed
ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
mm/damon/paddr: fix missing folio_put()
crypto: qat - fix out-of-bounds read
irqdomain: Fix domain registration race
irqdomain: Fix mapping-creation race
irqdomain: Refactor __irq_domain_alloc_irqs()
irqdomain: Drop bogus fwspec-mapping error handling
irqdomain: Look for existing mapping only once
irqdomain: Fix disassociation race
irqdomain: Fix association race
selftests: seccomp: Fix incorrect kernel headers search path
selftests: vm: Fix incorrect kernel headers search path
selftests: dmabuf-heaps: Fix incorrect kernel headers search path
selftests: drivers: Fix incorrect kernel headers search path
selftests: futex: Fix incorrect kernel headers search path
selftests: ipc: Fix incorrect kernel headers search path
selftests: perf_events: Fix incorrect kernel headers search path
selftests: mount_setattr: Fix incorrect kernel headers search path
selftests: move_mount_set_group: Fix incorrect kernel headers search path
selftests: rseq: Fix incorrect kernel headers search path
selftests: sync: Fix incorrect kernel headers search path
selftests: ptp: Fix incorrect kernel headers search path
selftests: user_events: Fix incorrect kernel headers search path
selftests: filesystems: Fix incorrect kernel headers search path
selftests: gpio: Fix incorrect kernel headers search path
selftests: media_tests: Fix incorrect kernel headers search path
selftests: kcmp: Fix incorrect kernel headers search path
selftests: membarrier: Fix incorrect kernel headers search path
selftests: pidfd: Fix incorrect kernel headers search path
selftests: clone3: Fix incorrect kernel headers search path
selftests: arm64: Fix incorrect kernel headers search path
selftests: pid_namespace: Fix incorrect kernel headers search path
selftests: core: Fix incorrect kernel headers search path
selftests: sched: Fix incorrect kernel headers search path
selftests/ftrace: Fix eprobe syntax test case to check filter support
selftests/powerpc: Fix incorrect kernel headers search path
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
ima: fix error handling logic when file measurement failed
brd: check for REQ_NOWAIT and set correct page allocation mask
brd: return 0/-error from brd_insert_page()
brd: mark as nowait compatible
virt/sev-guest: Return -EIO if certificate buffer is not large enough
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
x86/speculation: Allow enabling STIBP with legacy IBRS
x86/microcode/AMD: Fix mixed steppings support
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
selftests: x86: Fix incorrect kernel headers search path
KVM: SVM: hyper-v: placate modpost section mismatch error
KVM: SVM: Fix potential overflow in SEV's send|receive_update_data()
KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: SVM: Don't put/load AVIC when setting virtual APIC mode
KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target
KVM: SVM: Flush the "current" TLB when activating AVIC
KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled
KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps
KVM: x86: Purge "highest ISR" cache when updating APICv state
KVM: Register /dev/kvm as the _very_ last thing during initialization
KVM: VMX: Fix crash due to uninitialized current_vmcs
KVM: Destroy target device if coalesced MMIO unregistration fails
RDMA/siw: Fix user page pinning accounting
md: don't update recovery_cp when curr_resync is ACTIVE
udf: Fix file corruption when appending just after end of preallocated extent
udf: Detect system inodes linked into directory hierarchy
udf: Preserve link count of system files
udf: Do not update file length for failed writes to inline files
udf: Do not bother merging very long extents
udf: Truncate added extents on failed expansion
selftests/landlock: Test ptrace as much as possible with Yama
selftests/landlock: Skip overlayfs tests when not supported
fs/cramfs/inode.c: initialize file_ra_state
ocfs2: fix non-auto defrag path not working issue
ocfs2: fix defrag path triggering jbd2 ASSERT
f2fs: fix kernel crash due to null io->bio
f2fs: fix cgroup writeback accounting with fs-layer encryption
f2fs: retry to update the inode page given data corruption
f2fs: fix information leak in f2fs_move_inline_dirents()
fs: dlm: send FIN ack back in right cases
fs: dlm: move sending fin message into state change handling
fs: dlm: don't set stop rx flag after node reset
exfat: fix inode->i_blocks for non-512 byte sector size device
exfat: redefine DIR_DELETED as the bad cluster number
exfat: fix unexpected EOF while reading dir
exfat: fix reporting fs error when reading dir beyond EOF
fs: hfsplus: fix UAF issue in hfsplus_put_super
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
io_uring: mark task TASK_RUNNING before handling resume/task work
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
torture: Fix hang during kthread shutdown phase
ksmbd: fix possible memory leak in smb2_lock()
ksmbd: do not allow the actual frame length to be smaller than the rfc1002 length
ksmbd: fix wrong data area length for smb2 lock request
locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath
btrfs: hold block group refcount during async discard
scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi
scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
cifs: return a single-use cfid if we did not get a lease
cifs: Check the lease context if we actually got a lease
cifs: don't try to use rdma offload on encrypted connections
cifs: split out smb3_use_rdma_offload() helper
cifs: introduce cifs_io_parms in smb2_async_writev()
cifs: fix mount on old smb servers
cifs: Fix uninitialized memory reads for oparms.mode
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
KVM: s390: disable migration mode when dirty tracking is disabled
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390: discard .interp section
s390/extmem: return correct segment type in __segment_load()
io_uring: fix fget leak when fs don't support nowait buffered read
io_uring: remove MSG_NOSIGNAL from recvmsg
io_uring/rsrc: disallow multi-source reg buffers
io_uring: add reschedule point to handle_tw_list()
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
io_uring: use user visible tail in io_uring_poll()
io_uring: Replace 0-length array with flexible array
ipmi_ssif: Rename idle state and check
ipmi:ssif: resend_msg() cannot fail
ipmi: ipmb: Fix the MODULE_PARM_DESC associated to 'retry_time_ms'
rtc: pm8xxx: fix set-alarm race
block: be a bit more careful in checking for NULL bdev while polling
block: clear bio->bi_bdev when putting a bio back in the cache
block: don't allow multiple bios for IOCB_NOWAIT issue
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
driver core: fw_devlink: Avoid spurious error message
drm/shmem-helper: Revert accidental non-GPL export
cifs: prevent data race in smb2_reconnect()
nfsd: don't hand out delegation on setuid files being opened for write
nfsd: zero out pointers after putting nfsd_files on COPY setup error
dm cache: add cond_resched() to various workqueue loops
dm thin: add cond_resched() to various workqueue loops
drm/amd/display: Disable HUBP/DPP PG on DCN314 for now
drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
drm/amd/display: Enable P-state validation checks for DCN314
HID: logitech-hidpp: Don't restart communication if not necessary
scsi: ufs: core: Fix device management cmd timeout flow
scsi: snic: Fix memory leak with using debugfs_lookup()
drm/amd/display: Do not commit pipe when updating DRR
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
hwmon: (nct6775) B650/B660/X670 ASUS boards support
hwmon: (nct6775) Directly call ASUS ACPI WMI method
hwmon: (coretemp) Simplify platform device handling
gfs2: Improve gfs2_make_fs_rw error handling
drm/amd/display: fix FCLK pstate change underflow
Revert "drm/amdgpu: TA unload messages are not actually sent to psp when amdgpu is uninstalled"
regulator: s5m8767: Bounds check id indexing into arrays
regulator: max77802: Bounds check regulator id against opmode
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
ASoC: soc-compress: Reposition and add pcm_mutex
drm/msm/dpu: Add DSC hardware blocks to register snapshot
docs/scripts/gdb: add necessary make scripts_gdb step
habanalabs: fix bug in timestamps registration code
habanalabs: extend fatal messages to contain PCI info
drm/amd/display: Set hvm_enabled flag for S/G mode
drm/drm_print: correct format problem
drm: rcar-du: Fix setting a reserved bit in DPLLCR
drm: rcar-du: Add quirk for H3 ES1.x pclk workaround
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
HID: uclogic: Add support for XP-PEN Deco Pro MW
HID: uclogic: Add support for XP-PEN Deco Pro SW
HID: uclogic: Add battery quirk
HID: uclogic: Add frame type quirk
drm/amd/display: fix mapping to non-allocated address
drm: amd: display: Fix memory leakage
drm/amd: Avoid ASSERT for some message failures
Revert "fbcon: don't lose the console font across generic->chip driver switch"
scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write
drm/amdkfd: Page aligned memory reserve size
drm/amd: Avoid BUG() for case of SRIOV missing IP version
drm/radeon: free iio for atombios when driver shutdown
drm/amd/display: Defer DIG FIFO disable after VID stream enable
drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
HID: Add Mapping for System Microphone Mute
drm/omap: dsi: Fix excessive stack usage
drm/amd/display: Fix potential null-deref in dm_resume
drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write
drm/amd/display: Reduce expected sdp bandwidth for dcn321
drm: panel-orientation-quirks: Add quirk for DynaBook K50
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F
scm: add user copy checks to put_cmsg()
devlink: Fix TP_STRUCT_entry in trace of devlink health report
s390/kfence: fix page fault reporting
hv_netvsc: Check status in SEND_RNDIS_PKT completion message
wifi: rtw89: debug: avoid invalid access on RTW89_DBG_SEL_MAC_30
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
Bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921
Bluetooth: Fix issue with Actions Semi ATS2851 based devices
PM: EM: fix memory leak with using debugfs_lookup()
PM: domains: fix memory leak with using debugfs_lookup()
time/debug: Fix memory leak with using debugfs_lookup()
s390/idle: mark arch_cpu_idle() noinstr
uaccess: Add minimum bounds check on kernel buffer size
coda: Avoid partial allocation of sig_inputArgs
net/mlx5: fw_tracer: Fix debug print
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
gcc-plugins: drop -std=gnu++11 to fix GCC 13 build
can: isotp: check CAN address family in isotp_bind()
netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj()
s390/mm,ptdump: avoid Kasan vs Memcpy Real markers swapping
m68k: Check syscall_trace_enter() return code
net: bcmgenet: Add a check for oversized packets
crypto: hisilicon: Wipe entire pool on error
clocksource: Suspend the watchdog temporarily when high read latency detected
thermal: intel: intel_pch: Add support for Wellsburg PCH
bpf, docs: Fix modulo zero, division by zero, overflow, and underflow
ACPI: Don't build ACPICA with '-Os'
ice: add missing checks for PF vsi type
ice: restrict PTP HW clock freq adjustments to 100, 000, 000 PPB
inet: fix fast path in __inet_hash_connect()
wifi: mt7601u: fix an integer underflow
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
bpftool: Always disable stack protection for BPF objects
x86/bugs: Reset speculation control settings on init
timers: Prevent union confusion from unexpected restart_syscall()
thermal: intel: Fix unsigned comparison with less than zero
wifi: ath11k: debugfs: fix to work with multiple PCI devices
rcu-tasks: Handle queue-shrink/callback-enqueue race condition
rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
wifi: ath11k: fix monitor mode bringup crash
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
perf/x86/intel/uncore: Add Meteor Lake support
cpuidle: lib/bug: Disable rcu_is_watching() during WARN/BUG
cpuidle: drivers: firmware: psci: Dont instrument suspend code
x86/fpu: Don't set TIF_NEED_FPU_LOAD for PF_IO_WORKER threads
cpuidle, intel_idle: Fix CPUIDLE_FLAG_INIT_XSTATE
arm64: zynqmp: Enable hs termination flag for USB dwc3 controller
btrfs: scrub: improve tree block error reporting
trace/blktrace: fix memory leak with using debugfs_lookup()
blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and blkcg_deactivate_policy()
blk-cgroup: dropping parent refcount after pd_free_fn() is done
blk-iocost: fix divide by 0 error in calc_lcoefs()
fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
exit: Detect and fix irq disabled state in oops
context_tracking: Fix noinstr vs KASAN
udf: Define EFSCORRUPTED error code
arm64: dts: qcom: msm8996: Add additional A2NoC clocks
ARM: OMAP2+: omap4-common: Fix refcount leak bug
rpmsg: glink: Release driver_override
rpmsg: glink: Avoid infinite loop on intent for missing channel
media: saa7134: Use video_unregister_device for radio_dev
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: atomisp: Only set default_run_mode on first open of a stream/asd
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: drivers/media/v4l2-core/v4l2-h264 : add detection of null pointers
media: amphion: correct the unspecified color space
media: imx-jpeg: Apply clk_bulk api instead of operating specific clk
media: hantro: Fix JPEG encoder ENUM_FRMSIZE on RK3399
media: v4l2-jpeg: ignore the unknown APP14 marker
media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data
media: platform: mtk-mdp3: fix Kconfig dependencies
media: platform: mtk-mdp3: remove unused VIDEO_MEDIATEK_VPU config
media: camss: csiphy-3ph: avoid undefined behavior
media: platform: mtk-mdp3: Fix return value check in mdp_probe()
media: i2c: imx219: Fix binning for RAW8 capture
media: i2c: imx219: Split common registers from mode tables
media: i2c: ov772x: Fix memleak in ov772x_probe()
media: mc: Get media_device directly from pad
media: ov5640: Handle delays when no reset_gpio set
media: ov5640: Fix soft reset sequence and timings
media: ov5675: Fix memleak in ov5675_init_controls()
media: ov2740: Fix memleak in ov2740_init_controls()
media: max9286: Fix memleak in max9286_v4l2_register()
builddeb: clean generated package content
s390/vdso: Drop '-shared' from KBUILD_CFLAGS_64
powerpc: Remove linker flag from KBUILD_AFLAGS
media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init()
media: platform: ti: Add missing check for devm_regulator_get
media: ti: cal: fix possible memory leak in cal_ctx_create()
remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
Revert "remoteproc: qcom_q6v5_mss: map/unmap metadata region before/after use"
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
IB/hfi1: Fix math bugs in hfi1_can_pin_pages()
RDMA/rxe: Fix missing memory barriers in rxe_queue.h
RDMA/rxe: cleanup some error handling in rxe_verbs.c
iommu/vt-d: Allow to use flush-queue when first level is default
iommu/vt-d: Fix error handling in sva enable/disable paths
dmaengine: ptdma: check for null desc before calling pt_cmd_callback
dmaengine: dw-axi-dmac: Do not dereference NULL structure
dmaengine: sf-pdma: pdma_desc memory leak fix
iommu/amd: Do not identity map v2 capable device when snp is enabled
iommu: Fix error unwind in iommu_group_alloc()
iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()
PCI: qcom: Fix host-init error handling
phy: rockchip-typec: fix tcphy_get_mode error case
PCI: Fix dropping valid root bus resources with .end = zero
dmaengine: dw-edma: Fix readq_ch() return value truncation
usb: host: fsl-mph-dr-of: reuse device_set_of_node_from_dev
mtd: mtdpart: Don't create platform device that'll never probe
driver core: fw_devlink: Make cycle detection more robust
driver core: fw_devlink: Improve check for fwnode with no device/driver
driver core: fw_devlink: Consolidate device link flag computation
driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle
driver core: fw_devlink: Don't purge child fwnode's consumer links
driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links
tty: serial: imx: disable Ageing Timer interrupt request irq
tty: serial: imx: Handle RS485 DE signal active high
serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
RDMA/irdma: Cap MSIX used to online CPUs + 1
usb: max-3421: Fix setting of I/O pins
RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()
power: supply: remove faulty cooling logic
iommu/vt-d: Set No Execute Enable bit in PASID table entry
iommu/dart: Fix apple_dart_device_group for PCI groups
iommu: dart: Support >64 stream IDs
iommu: dart: Add suspend/resume support
PCI: mt7621: Delay phy ports initialization
phy: mediatek: remove temporary variable @mask_
usb: gadget: configfs: Restrict symlink creation is UDC already binded
usb: musb: mediatek: don't unregister something that wasn't registered
RDMA/cxgb4: add null-ptr-check after ip_dev_find()
tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case
usb: early: xhci-dbc: Fix a potential out-of-bound memory access
fpga: microchip-spi: rewrite status polling in a time measurable way
fpga: microchip-spi: move SPI I/O buffers out of stack
dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers
fotg210-udc: Add missing completion handler
firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
drivers: base: transport_class: fix resource leak when transport_add_device() fails
drivers: base: transport_class: fix possible memory leak
driver core: location: Free struct acpi_pld_info *pld before return false
driver core: fix resource leak in device_add()
misc: fastrpc: Fix an error handling path in fastrpc_rpmsg_probe()
misc/mei/hdcp: Use correct macros to initialize uuid_le
mei: pxp: Use correct macros to initialize uuid_le
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF
firmware: stratix10-svc: fix error handle while alloc/add device failed
firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe()
applicom: Fix PCI device refcount leak in applicom_init()
eeprom: idt_89hpesx: Fix error handling in idt_init()
Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol"
serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init()
tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown()
tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown()
hwtracing: hisi_ptt: Only add the supported devices to the filters list
PCI: endpoint: pci-epf-vntb: Add epf_ntb_mw_bar_clear() num_mws kernel-doc
PCI: endpoint: pci-epf-vntb: Clean up kernel_doc warning
PCI: switchtec: Return -EFAULT for copy_to_user() errors
PCI/IOV: Enlarge virtfn sysfs name buffer
usb: typec: intel_pmc_mux: Don't leak the ACPI device reference count
coresight: cti: Add PM runtime call in enable_store
coresight: cti: Prevent negative values of enable count
coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR
media: uvcvideo: Refactor power_line_frequency_controls_limited
media: uvcvideo: Refactor uvc_ctrl_mappings_uvcXX
media: uvcvideo: Implement mask for V4L2_CTRL_TYPE_MENU
media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
alpha/boot/tools/objstrip: fix the check for ELF header
kobject: Fix slab-out-of-bounds in fill_kobj_path()
kobject: modify kobject_get_path() to take a const *
driver core: fix potential null-ptr-deref in device_add()
soundwire: cadence: Don't overflow the command FIFOs
i2c: designware: fix i2c_dw_clk_rate() return size to be u32
usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe()
iio: light: tsl2563: Do not hardcode interrupt trigger type
RDMA/hns: Fix refcount leak in hns_roce_mmap
dmaengine: HISI_DMA should depend on ARCH_HISI
RDMA/erdma: Fix refcount leak in erdma_mmap
dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
mfd: cs5535: Don't build on UML
objtool: add UACCESS exceptions for __tsan_volatile_read/write
perf tests stat_all_metrics: Change true workload to sleep workload for system wide check
printf: fix errname.c list
perf record: Fix segfault with --overwrite and --max-size
selftests: use printf instead of echo -ne
selftests/ftrace: Fix bash specific "==" operator
selftests: find echo binary to use -ne options
sparc: allow PM configs for sparc32 COMPILE_TEST
perf tools: Fix auto-complete on aarch64
perf test bpf: Skip test if kernel-debuginfo is not present
perf intel-pt: Do not try to queue auxtrace data on pipe
perf inject: Use perf_data__read() for auxtrace
tools/tracing/rtla: osnoise_hist: use total duration for average calculation
leds: simatic-ipc-leds-gpio: Make sure we have the GPIO providing driver
leds: is31fl319x: Wrap mutex_destroy() for devm_add_action_or_rest()
leds: led-core: Fix refcount leak in of_led_get()
perf llvm: Fix inadvertent file creation
gfs2: jdata writepage fix
cifs: use tcon allocation functions even for dummy tcon
cifs: Fix warning and UAF when destroy the MR list
cifs: Fix lost destroy smbd connection when MR allocate failed
NFSD: copy the whole verifier in nfsd_copy_write_verifier
nfsd: don't fsync nfsd_files on last close
nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
NFSD: fix problems with cleanup on errors in nfsd4_copy
nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
nfsd: fix race to check ls_layouts
NFSD: fix leaked reference count of nfsd4_ssc_umount_item
NFSD: enhance inter-server copy cleanup
drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()
ALSA: hda/hdmi: Register with vga_switcheroo on Dual GPU Macbooks
hid: bigben_probe(): validate report count
HID: bigben: use spinlock to safely schedule workers
HID: bigben_worker() remove unneeded check on report_field
HID: bigben: use spinlock to protect concurrent accesses
ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
NFS: fix disabling of swap
nfs4trace: fix state manager flag printing
dm: remove flush_scheduled_work() during local_exit()
ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
hwmon: (mlxreg-fan) Return zero speed for broken fan
spi: bcm63xx-hsspi: Fix multi-bit mode setting
HID: logitech-hidpp: Hard-code HID++ 1.0 fast scroll support
drm/amd/display: don't call dc_interrupt_set() for disabled crtcs
ASoC: codecs: lpass: fix incorrect mclk rate
ASoC: codecs: lpass: register mclk after runtime pm
ASoC: qcom: q6apm-dai: Add SNDRV_PCM_INFO_BATCH flag
ASoC: qcom: q6apm-dai: fix race condition while updating the position pointer
ASoC: qcom: q6apm-lpass-dai: unprepare stream if its already prepared
HID: retain initial quirks set up when creating HID devices
HID: multitouch: Add quirks for flipped axes
scsi: aic94xx: Add missing check for dma_map_single()
scsi: mpt3sas: Fix a memory leak
drm/amdgpu: fix enum odm_combine_mode mismatch
ALSA: hda: Fix the control element identification for multiple codecs
hwmon: (ltc2945) Handle error case in ltc2945_value_store
hwmon: (asus-ec-sensors) add missing mutex path
regulator: tps65219: use generic set_bypass()
ASoC: dt-bindings: meson: fix gx-card codec node regex
ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
ASoC: rsnd: fixup #endif position
regmap: apply reg_base and reg_downshift for single register ops
dm: improve shrinker debug names
ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
ASoC: mchp-spdifrx: fix controls that works with completion mechanism
ASoC: mchp-spdifrx: fix return value in case completion times out
ASoC: mchp-spdifrx: fix controls which rely on rsr register
spi: dw_bt1: fix MUX_MMIO dependencies
ASoC: topology: Properly access value coming from topology file
gpio: vf610: connect GPIO label to dev name
dt-bindings: display: mediatek: Fix the fallback for mediatek,mt8186-disp-ccorr
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
drm/mediatek: Clean dangling pointer on bind error path
drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
drm/mediatek: Drop unbalanced obj unref
drm/mediatek: Use NULL instead of 0 for NULL pointer
drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update()
pinctrl: renesas: rzg2l: Fix configuring the GPIO pins as interrupts
drm/tegra: firewall: Check for is_addr_reg existence in IMM check
gpu: host1x: Don't skip assigning syncpoints to channels
gpu: host1x: Fix mask for syncpoint increment register
pinctrl: mediatek: Initialize variable *buf to zero
pinctrl: mediatek: Initialize variable pullen and pullup to zero
pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
habanalabs: bugs fixes in timestamps buff alloc
drm/msm/mdp5: Add check for kzalloc
drm/msm/dpu: Add check for pstates
drm/msm/dpu: Add check for cstate
drm/msm: use strscpy instead of strncpy
drm/msm/dpu: sc7180: add missing WB2 clock control
scsi: ufs: exynos: Fix DMA alignment for PAGE_SIZE != 4096
drm/msm/dsi: Allow 2 CTRLs on v2.5.0
drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
regulator: tps65219: use IS_ERR() to detect an error pointer
drm/bridge: lt9611: pass a pointer to the of node
drm/bridge: lt9611: fix clock calculation
drm/bridge: lt9611: fix programming of video modes
drm/bridge: lt9611: fix polarity programming
drm/bridge: lt9611: fix HPD reenablement
drm/bridge: lt9611: fix sleep mode setup
drm/msm/dpu: Disallow unallocated resources to be returned
drm/msm/gem: Add check for kmalloc
drm/amdgpu: Use the sched from entity for amdgpu_cs trace
ALSA: hda/ca0132: minor fix for allocation size
drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
drm/bridge: tc358767: Set default CLRSIPO count
ASoC: fsl_sai: initialize is_dsp_mode flag
scsi: qla2xxx: edif: Fix clang warning
scsi: qla2xxx: Fix exchange oversubscription for management commands
scsi: qla2xxx: Fix exchange oversubscription
drm/panel-edp: fix name for IVO product id 854b
drm/msm: clean event_thread->worker in case of an error
drm/vc4: hdmi: Correct interlaced timings again
drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
drm/vc4: hvs: Correct interrupt masking bit assignment for HVS5
drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4
drm/vc4: hvs: Set AXI panic modes
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init()
hwmon: (ftsteutates) Fix scaling of measurements
drm/vc4: drop all currently held locks if deadlock happens
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm: tidss: Fix pixel format definition
drm/vc4: dpi: Fix format mapping for RGB565
drm/vkms: Fix null-ptr-deref in vkms_release()
drm/vkms: Fix memory leak in vkms_init()
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC
drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec
drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
sefltests: netdevsim: wait for devlink instance after netns removal
selftest: fib_tests: Always cleanup before exit
net/mlx4_en: Introduce flexible array to silence overflow warning
net: lan966x: Fix possible deadlock inside PTP
net: bcmgenet: fix MoCA LED control
l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
selftests/net: Interpret UDP_GRO cmsg data as an int value
net/smc: fix application data exception
net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
bpf: Fix global subprog context argument resolution logic
LoongArch, bpf: Use 4 instructions for function address in JIT
xsk: check IFF_UP earlier in Tx path
can: esd_usb: Make use of can_change_state() and relocate checking skb for NULL
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
selftests/bpf: Fix xdp_do_redirect on s390x
bpf: Zeroing allocated object from slab in bpf memory allocator
wifi: mac80211: pass 'sta' to ieee80211_rx_data_set_sta()
selftests/bpf: Fix map_kptr test.
thermal/drivers/hisi: Drop second sensor hi3660
tools/lib/thermal: Fix thermal_sampling_exit()
wifi: mac80211: fix off-by-one link setting
wifi: mac80211: avoid u32_encode_bits() warning
wifi: mac80211: Don't translate MLD addresses for multicast
wifi: mac80211: fix non-MLO station association
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
wifi: mac80211: move color collision detection report in a delayed work
crypto: crypto4xx - Call dma_unmap_page when done
crypto: octeontx2 - Fix objects shared between several modules
ACPI: resource: Do IRQ override on all TongFang GMxRGxx
ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models
selftests/bpf: Fix out-of-srctree build
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: iwl3945: Add missing check for create_singlethread_workqueue
clocksource/drivers/riscv: Patch riscv_clock_next_event() jump before first use
RISC-V: time: initialize hrtimer based broadcast clock event device
m68k: /proc/hardware should depend on PROC_FS
crypto: rsa-pkcs1pad - Use akcipher_request_complete
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
xen/grant-dma-iommu: Implement a dummy probe_device() callback
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
s390/ap: fix status returned by ap_qact()
s390/ap: fix status returned by ap_aqic()
s390: vfio-ap: tighten the NIB validity check
net: ipa: generic command param fix
Bluetooth: hci_qca: get wakeup status from serdev device handle
Bluetooth: L2CAP: Fix potential user-after-free
Bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds
cpufreq: davinci: Fix clk use after free
OPP: fix error checking in opp_migrate_dentry()
tap: tap_open(): correctly initialize socket uid
tun: tun_chr_open(): correctly initialize socket uid
net: add sock_init_data_uid()
s390/boot: fix mem_detect extended area allocation
s390/mem_detect: rely on diag260() if sclp_early_get_memsize() fails
s390/boot: cleanup decompressor header files
s390/vmem: fix empty page tables cleanup under KASAN
s390/mem_detect: fix detect_memory() error handling
irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
irqchip: Fix refcount leak in platform_irqchip_probe
net/mlx5: Enhance debug print in page allocation failure
wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read
wifi: mt76: add memory barrier to SDIO queue kick
wifi: mt76: mt7915: fix WED TxS reporting
wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work
bpftool: profile online CPUs instead of possible
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
selftests/bpf: Initialize tc in xdp_synproxy
can: rcar_canfd: Fix R-Car V3U GAFLCFG field accesses
kselftest/arm64: Fix enumeration of systems without 128 bit SME
wifi: iwlwifi: mei: fix compilation errors in rfkill()
s390/bpf: Add expoline to tail calls
leds: led-class: Add missing put_device() to led_put()
crypto: xts - Handle EBUSY correctly
selftests/bpf: Fix vmtest static compilation error
selftests/bpf: Use consistent build-id type for liburandom_read.so
x86/microcode: Adjust late loading result reporting message
x86/microcode: Check CPU capabilities after late microcode update correctly
x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
powercap: fix possible name leak in powercap_register_zone()
crypto: seqiv - Handle EBUSY correctly
crypto: essiv - Handle EBUSY correctly
crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
selftests/bpf: Fix build errors if CONFIG_NF_CONNTRACK=m
ACPI: battery: Fix missing NUL-termination with large strings
wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
thermal/drivers/imx_sc_thermal: Fix the loop condition
thermal/drivers/imx_sc_thermal: Drop empty platform remove function
wifi: orinoco: check return value of hermes_write_wordrec()
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
wifi: rtw89: Add missing check for alloc_workqueue
wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()
thermal/drivers/tsens: limit num_sensors to 9 for msm8939
thermal/drivers/tsens: fix slope values for msm8939
thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
thermal/drivers/tsens: Drop msm8976-specific defines
x86/signal: Fix the value returned by strict_sas_size()
s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue()
s390/early: fix sclp_early_sccb variable lifetime
workqueue: Protects wq_unbound_cpumask with wq_pool_attach_mutex
kselftest/arm64: Fix syscall-abi for systems without 128 bit SME
arm64/cpufeature: Fix field sign for DIT hwcap detection
selftests/xsk: print correct error codes when exiting
selftests/xsk: print correct payload for packet dump
ACPICA: nsrepair: handle cases without a return value correctly
platform/chrome: cros_ec_typec: Update port DP VDO
crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
lib/mpi: Fix buffer overrun when SG is too long
rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
genirq: Fix the return type of kstat_cpu_irqs_sum()
ACPICA: Drop port I/O validation for some regions
crypto: x86/ghash - fix unaligned access in ghash_setkey()
libbpf: Fix invalid return address register in s390
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
libbpf: Fix btf__align_of() by taking into account field offsets
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
wifi: rtw89: 8852c: rfk: correct DPK settings
wifi: rtw89: 8852c: rfk: correct DACK setting
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
wifi: rsi: Fix memory leak in rsi_coex_attach()
wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans()
wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read()
wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr()
wifi: mt76: mt7915: check return value before accessing free_block_num
wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
wifi: mt76: mt7915: add missing of_node_put()
block: use proper return value from bio_failfast()
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
block: Fix io statistics for cgroup in throttle path
block: sync mixed merged request's failfast with 1st bio's
erofs: relinquish volume with mutex held
arm64: dts: qcom: pmk8350: Use the correct PON compatible
arm64: dts: qcom: pmk8350: Specify PBS register for PON
block: ublk: check IO buffer based on flag need_get_data
KEYS: asymmetric: Fix ECDSA use via keyctl uapi
x86/perf/zhaoxin: Add stepping check for ZXC
perf/x86/intel/ds: Fix the conversion from TSC to perf time
sched/rt: pick_next_rt_entity(): check list_entry
s390/dasd: Fix potential memleak in dasd_eckd_init()
arm64: dts: qcom: msm8992-lg-bullhead: Enable regulators
arm64: dts: qcom: msm8992-*: Fix up comments
arm64: dts: qcom: msm8953: correct TLMM gpio-ranges
arm64: dts: qcom: msm8992-lg-bullhead: Correct memory overlaps with the SMEM and MPSS memory regions
arm64: dts: qcom: sm8450: drop incorrect cells from serial
arm64: dts: qcom: sm8350: drop incorrect cells from serial
arm64: dts: qcom: msm8996 switch from RPM_SMD_BB_CLK1 to RPM_SMD_XO_CLK_SRC
arm64: dts: qcom: msm8996: support using GPLL0 as kryocc input
blk-mq: correct stale comment of .get_budget
blk-mq: Fix potential io hung for shared sbitmap per tagset
blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
blk-mq: avoid sleep in blk_mq_alloc_request_hctx
ARM: dts: stm32: Update part number NVMEM description on stm32mp131
arm64: dts: mediatek: mt7986: Fix watchdog compatible
arm64: dts: mediatek: mt8195: Fix watchdog compatible
arm64: dts: mediatek: mt8186: Fix watchdog compatible
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
arm64: dts: mt8186: Fix CPU map for single-cluster SoC
arm64: dts: mt8192: Fix CPU map for single-cluster SoC
arm64: dts: mt8195: Fix CPU map for single-cluster SoC
sbitmap: correct wake_batch recalculation to avoid potential IO hung
sbitmap: Use single per-bitmap counting to wake up queued tags
sbitmap: remove redundant check in __sbitmap_queue_get_batch
ARM: dts: imx7s: correct iomuxc gpr mux controller cells
ublk_drv: don't probe partitions if the ubq daemon isn't trusted
ublk_drv: remove nr_aborted_queues from ublk_device
ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
arm64: dts: meson: radxa-zero: allow usb otg mode
arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
locking/rwsem: Disable preemption in all down_read*() and up_read() code paths
arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip
arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names
arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix invalid rtc node name
arm64: dts: amlogic: meson-gxl-s905w-jethome-jethub-j80: fix invalid rtc node name
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix supply name of USB controller node
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
ARM: imx: Call ida_simple_remove() for ida_simple_get
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
ARM: s3c: fix s3c64xx_set_timer_source prototype
ARM: bcm2835_defconfig: Enable the framebuffer
arm64: dts: mediatek: mt8192: Mark scp_adsp clock as broken
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
arm64: dts: qcom: msm8992-bullhead: Disable dfps_data_mem
arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem size
arm64: dts: msm8992-bullhead: add memory hole region
arm64: tegra: Fix duplicate regulator on Jetson TX1
arm64: dts: ti: k3-am62-main: Fix clocks for McSPI
arm64: dts: ti: k3-am62: Enable SPI nodes at the board level
cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
arm64: dts: meson-axg: jethub-j1xx: Fix MAC address node names
arm64: dts: meson-gxl: jethub-j80: Fix Bluetooth MAC node name
arm64: dts: meson-gxl: jethub-j80: Fix WiFi MAC address node
arm64: dts: qcom: sc8280xp: Vote for CX in USB controllers
arm64: dts: qcom: sc8280xp: correct SPMI bus address cells
arm64: dts: qcom: sc7280: correct SPMI bus address cells
arm64: dts: qcom: sc7180: correct SPMI bus address cells
x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC
arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
arm64: dts: mediatek: mt8186: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8195: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8192: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
arm64: dts: mediatek: mt8195: Add power domain to U3PHY1 T-PHY
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
arm64: dts: imx8m: Align SoC unique ID node unit address
arm64: dts: qcom: sm6125-seine: Clean up gpio-keys (volume down)
arm64: dts: qcom: sm6125: Reorder HSUSB PHY clocks to match bindings
arm64: dts: qcom: sm6350: Fix up the ramoops node
arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k
arm64: dts: qcom: msm8996-tone: Fix USB taking 6 minutes to wake up
arm64: dts: qcom: qcs404: use symbol names for PCIe resets
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
ata: ahci: Revert "ata: ahci: Add Tiger Lake UP{3,4} AHCI controller"
powerpc/mm: Rearrange if-else block to avoid clang warning
HID: asus: use spinlock to safely schedule workers
HID: asus: use spinlock to protect concurrent accesses
Revert "ANDROID: disble the UID_SYS_STATS driver"
Revert "exit: Remove profile_task_exit & profile_munmap"
FROMGIT: pstore: Revert pmsg_lock back to a normal mutex
ANDROID: ABI: Update allowed list for QCOM
ANDROID: ABI: Add missing symbols to QCOM list
fscrypt: support decrypting data from large folios
fsverity: support verifying data from large folios
fsverity.rst: update git repo URL for fsverity-utils
ext4: allow verity with fs block size < PAGE_SIZE
fs/buffer.c: support fsverity in block_read_full_folio()
f2fs: simplify f2fs_readpage_limit()
ext4: simplify ext4_readpage_limit()
fsverity: support enabling with tree block size < PAGE_SIZE
fsverity: support verification with tree block size < PAGE_SIZE
fsverity: replace fsverity_hash_page() with fsverity_hash_block()
fsverity: use EFBIG for file too large to enable verity
fsverity: store log2(digest_size) precomputed
fsverity: simplify Merkle tree readahead size calculation
fsverity: use unsigned long for level_start
fsverity: remove debug messages and CONFIG_FS_VERITY_DEBUG
fsverity: pass pos and size to ->write_merkle_tree_block
fsverity: optimize fsverity_cleanup_inode() on non-verity files
fsverity: optimize fsverity_prepare_setattr() on non-verity files
fsverity: optimize fsverity_file_open() on non-verity files
fscrypt: clean up fscrypt_add_test_dummy_key()
fs/super.c: stop calling fscrypt_destroy_keyring() from __put_super()
f2fs: stop calling fscrypt_add_test_dummy_key()
ext4: stop calling fscrypt_add_test_dummy_key()
fscrypt: add the test dummy encryption key on-demand
f2fs: drop unnecessary arg for f2fs_ioc_*()
f2fs: Revert "f2fs: truncate blocks in batch in __complete_revoke_list()"
f2fs: synchronize atomic write aborts
f2fs: fix wrong segment count
f2fs: replace si->sbi w/ sbi in stat_show()
f2fs: export ipu policy in debugfs
f2fs: make kobj_type structures constant
f2fs: fix to do sanity check on extent cache correctly
f2fs: add missing description for ipu_policy node
f2fs: fix to set ipu policy
f2fs: fix typos in comments
f2fs: fix kernel crash due to null io->bio
f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx()
f2fs: add sysfs nodes to set last_age_weight
f2fs: fix f2fs_show_options to show nogc_merge mount option
f2fs: fix cgroup writeback accounting with fs-layer encryption
f2fs: fix wrong calculation of block age
f2fs: fix to update age extent in f2fs_do_zero_range()
f2fs: fix to update age extent correctly during truncation
f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
f2fs: retry to update the inode page given data corruption
f2fs: fix to handle F2FS_IOC_START_ATOMIC_REPLACE in f2fs_compat_ioctl()
f2fs: clean up i_compress_flag and i_compress_level usage
f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info
f2fs: factor the read/write tracing logic into a helper
f2fs: remove __has_curseg_space
f2fs: refactor next blk selection
f2fs: remove __allocate_new_section
f2fs: refactor __allocate_new_segment
f2fs: add a f2fs_curseg_valid_blocks helper
f2fs: simplify do_checkpoint
f2fs: remove __add_sum_entry
f2fs: fix to abort atomic write only during do_exist()
f2fs: allow set compression option of files without blocks
f2fs: fix information leak in f2fs_move_inline_dirents()
fs: f2fs: initialize fsdata in pagecache_write()
f2fs: fix to check warm_data_age_threshold
f2fs: return true if all cmd were issued or no cmd need to be issued for f2fs_issue_discard_timeout()
f2fs: clarify compress level bit offset
f2fs: fix to show discard_unit mount opt
f2fs: fix to do sanity check on extent cache correctly
f2fs: remove unneeded f2fs_cp_error() in f2fs_create_whiteout()
f2fs: clear atomic_write_task in f2fs_abort_atomic_write()
f2fs: introduce trace_f2fs_replace_atomic_write_block
f2fs: introduce discard_io_aware_gran sysfs node
f2fs: drop useless initializer and unneeded local variable
f2fs: add iostat support for flush
f2fs: support accounting iostat count and avg_bytes
f2fs: convert discard_wake and gc_wake to bool type
f2fs: convert to use MIN_DISCARD_GRANULARITY macro
f2fs: merge f2fs_show_injection_info() into time_to_inject()
f2fs: add a f2fs_ prefix to punch_hole() and expand_inode_data()
f2fs: remove unnecessary blank lines
f2fs: mark f2fs_init_compress_mempool w/ __init
f2fs: judge whether discard_unit is section only when have CONFIG_BLK_DEV_ZONED
f2fs: start freeing cluster pages from the unused number
MAINTAINERS: Add f2fs's patchwork
f2fs: deliver the accumulated 'issued' to __issue_discard_cmd_orderly()
f2fs: avoid to check PG_error flag
f2fs: add missing doc for fault injection sysfs
f2fs: fix to avoid potential deadlock
f2fs: introduce IS_F2FS_IPU_* macro
f2fs: refactor the hole reporting and allocation logic in f2fs_map_blocks
f2fs: factor out a f2fs_map_no_dnode
f2fs: factor a f2fs_map_blocks_cached helper
f2fs: remove the create argument to f2fs_map_blocks
f2fs: remove f2fs_get_block
docs: f2fs: fix html doc error
f2fs: simplify __allocate_data_block
f2fs: reflow prepare_write_begin
f2fs: f2fs_do_map_lock
f2fs: add a f2fs_get_block_locked helper
f2fs: add a f2fs_lookup_extent_cache_block helper
f2fs: split __submit_bio
f2fs: rename F2FS_MAP_UNWRITTEN to F2FS_MAP_DELALLOC
f2fs: decouple F2FS_MAP_ from buffer head flags
f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin
f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
f2fs: remove unused PAGE_PRIVATE_ATOMIC_WRITE
f2fs: fix to support .migrate_folio for compressed inode
f2fs: file: drop useless initializer in expand_inode_data()
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/display/mediatek/mediatek,ccorr.yaml
Documentation/devicetree/bindings/sound/amlogic,gx-sound-card.yaml
android/abi_gki_aarch64.stg
drivers/hwtracing/coresight/coresight-cti-sysfs.c
drivers/soc/qcom/qcom_stats.c
drivers/ufs/host/ufs-qcom.c
drivers/ufs/host/ufs-qcom.h
Change-Id: I6a2a516fd53a940d28d7f51b0b73f816b2a632fc
Upstream-Build: ks_qcom-android14-6.1-keystone-qcom-release@9839361 UKQ2.230328.002
Signed-off-by: jianzhou <quic_jianzhou@quicinc.com>
|
||
|
Greg Kroah-Hartman
|
db50ac4d0a |
Merge 6.1.22 into android14-6.1
Changes in 6.1.22 interconnect: qcom: osm-l3: fix icc_onecell_data allocation interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output perf: fix perf_event_context->time tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr drm/amd/display: Include virtual signal to set k1 and k2 values drm/amd/display: fix k1 k2 divider programming for phantom streams drm/amd/display: Remove OTG DIV register write for Virtual signals. mptcp: refactor passive socket initialization mptcp: use the workqueue to destroy unaccepted sockets mptcp: fix UaF in listener shutdown drm/amd/display: Fix DP MST sinks removal issue arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes NFS: Fix /proc/PID/io read_bytes for buffered reads xsk: Add missing overflow check in xdp_umem_reg iavf: fix inverted Rx hash condition leading to disabled hash iavf: fix non-tunneled IPv6 UDP packet type and hashing iavf: do not track VLAN 0 filters intel/igbvf: free irq on the error path in igbvf_request_msix() igbvf: Regard vf reset nack as success igc: fix the validation logic for taprio's gate list i2c: imx-lpi2c: check only for enabled interrupt flags i2c: mxs: ensure that DMA buffers are safe for DMA i2c: hisi: Only use the completion interrupt to finish the transfer scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() nfsd: don't replace page in rq_pages if it's a continuation of last page net: dsa: b53: mmap: fix device tree support net: usb: smsc95xx: Limit packet length to skb->len efi/libstub: smbios: Use length member instead of record struct size qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info xirc2ps_cs: Fix use after free bug in xirc2ps_detach net: phy: Ensure state transitions are processed from phy_stop() net: mdio: fix owner field for mdio buses registered using device-tree net: mdio: fix owner field for mdio buses registered using ACPI net: stmmac: Fix for mismatched host/device DMA address width thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function mlxsw: core_thermal: Fix fan speed in maximum cooling state drm/i915: Print return value on error drm/i915/fbdev: lock the fbdev obj before vma pin drm/i915/guc: Rename GuC register state capture node to be more obvious drm/i915/guc: Fix missing ecodes drm/i915/gt: perform uc late init after probe error injection net: qcom/emac: Fix use after free bug in emac_remove due to race condition net: usb: lan78xx: Limit packet length to skb->len net/ps3_gelic_net: Fix RX sk_buff length net/ps3_gelic_net: Use dma_mapping_error octeontx2-vf: Add missing free for alloc_percpu bootconfig: Fix testcase to increase max node keys: Do not cache key in task struct if key is requested from kernel thread ice: check if VF exists before mode check iavf: fix hang on reboot with ice i40e: fix flow director packet filter programming bpf: Adjust insufficient default bpf_jit_limit net/mlx5e: Set uplink rep as NETNS_LOCAL net/mlx5e: Block entering switchdev mode with ns inconsistency net/mlx5: Fix steering rules cleanup net/mlx5e: Overcome slow response for first macsec ASO WQE net/mlx5: Read the TC mapping of all priorities on ETS query net/mlx5: E-Switch, Fix an Oops in error handling code net: dsa: tag_brcm: legacy: fix daisy-chained switches atm: idt77252: fix kmemleak when rmmod idt77252 erspan: do not use skb_mac_header() in ndo_start_xmit() net/sonic: use dma_mapping_error() for error check nvme-tcp: fix nvme_tcp_term_pdu to match spec mlxsw: spectrum_fid: Fix incorrect local port type hvc/xen: prevent concurrent accesses to the shared ring ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES ksmbd: fix possible refcount leak in smb2_open() Bluetooth: hci_sync: Resume adv with no RPA when active scan Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet Bluetooth: btusb: Remove detection of ISO packets over bulk Bluetooth: ISO: fix timestamped HCI ISO data packet parsing Bluetooth: Remove "Power-on" check from Mesh feature gve: Cache link_speed value from device net: asix: fix modprobe "sysfs: cannot create duplicate filename" net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case net: mdio: thunder: Add missing fwnode_handle_put() drm/amd/display: Set dcn32 caps.seamless_odm Bluetooth: btqcomsmd: Fix command timeout after setting BD address Bluetooth: L2CAP: Fix responding with wrong PDU type Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work Bluetooth: mgmt: Fix MGMT add advmon with RSSI command Bluetooth: HCI: Fix global-out-of-bounds platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl entry: Fix noinstr warning in __enter_from_user_mode() perf/x86/amd/core: Always clear status for idx entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up hwmon: fix potential sensor registration fail if of_node is missing hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs scsi: qla2xxx: Synchronize the IOCB count to be in order scsi: qla2xxx: Perform lockless command completion in abort path smb3: lower default deferred close timeout to address perf regression smb3: fix unusable share after force unmount failure uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 thunderbolt: Use scale field when allocating USB3 bandwidth thunderbolt: Call tb_check_quirks() after initializing adapters thunderbolt: Add quirk to disable CLx thunderbolt: Fix memory leak in margining thunderbolt: Disable interrupt auto clear for rings thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access thunderbolt: Use const qualifier for `ring_interrupt_index` thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) ACPI: x86: Drop quirk for HP Elitebook ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable riscv: Bump COMMAND_LINE_SIZE value to 1024 drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded ca8210: fix mac_len negative array access HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse HID: intel-ish-hid: ipc: Fix potential use-after-free in work function m68k: mm: Fix systems with memory at end of 32-bit address space m68k: Only force 030 bus error if PC not in exception table selftests/bpf: check that modifier resolves after pointer scsi: target: iscsi: Fix an error message in iscsi_check_key() scsi: qla2xxx: Add option to disable FC2 Target support scsi: hisi_sas: Check devm_add_action() return value scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() scsi: lpfc: Avoid usage of list iterator variable after loop scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled scsi: mpi3mr: Wait for diagnostic save during controller init scsi: mpi3mr: NVMe command size greater than 8K fails scsi: mpi3mr: Bad drive in topology results kernel crash scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file platform/x86: int3472: Add GPIOs to Surface Go 3 Board data net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 net: usb: qmi_wwan: add Telit 0x1080 composition drm/amd/display: Update clock table to include highest clock setting sh: sanitize the flags on sigreturn drm/amdgpu: Fix call trace warning and hang when removing amdgpu device drm/amd: Fix initialization mistake for NBIO 7.3.0 net/sched: act_mirred: better wording on protection against excessive stack growth act_mirred: use the backlog for nested calls to mirred ingress cifs: lock chan_lock outside match_session cifs: append path to open_enter trace event cifs: do not poll server interfaces too regularly cifs: empty interface list when server doesn't support query interfaces cifs: dump pending mids for all channels in DebugData cifs: print session id while listing open files cifs: fix dentry lookups in directory handle cache x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() selftests/x86/amx: Add a ptrace test scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host" usb: dwc2: fix a devres leak in hw_enable upon suspend resume usb: gadget: u_audio: don't let userspace block driver unbind btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile Bluetooth: Fix race condition in hci_cmd_sync_clear efi: sysfb_efi: Fix DMI quirks not working for simpledrm mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP fscrypt: destroy keyring after security_sb_delete() fsverity: Remove WQ_UNBOUND from fsverity read workqueue lockd: set file_lock start and end when decoding nlm4 testargs arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name igb: revert rtnl_lock() that causes deadlock dm thin: fix deadlock when swapping to thin device usb: typec: tcpm: fix create duplicate source-capabilities file usb: typec: tcpm: fix warning when handle discover_identity message usb: cdns3: Fix issue with using incorrect PCI device function usb: cdnsp: Fixes issue with redundant Status Stage usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: chipidea: core: fix possible concurrent when switch role usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() usb: ucsi_acpi: Increase the command completion timeout mm: kfence: fix using kfence_metadata without initialization in show_object() kfence: avoid passing -g for test io_uring/net: avoid sending -ECONNABORTED on repeated connection requests io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare" test_maple_tree: add more testing for mas_empty_area() maple_tree: fix mas_skip_node() end slot detection ksmbd: fix wrong signingkey creation when encryption is AES256 ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION ksmbd: don't terminate inactive sessions after a few seconds ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect ksmbd: return unsupported error on smb1 mount wifi: mac80211: fix qos on mesh interfaces nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk drm/meson: fix missing component unbind on bind errors drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi drm/i915/active: Fix missing debug object activation drm/i915: Preserve crtc_state->inherited during state clearing drm/amdgpu: skip ASIC reset for APUs when go to S4 drm/amdgpu: reposition the gpu reset checking for reuse riscv: mm: Fix incorrect ASID argument when flushing TLB riscv: Handle zicsr/zifencei issues between clang and binutils tee: amdtee: fix race condition in amdtee_open_session firmware: arm_scmi: Fix device node validation for mailbox transport arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers soc: qcom: llcc: Fix slice configuration values for SC8280XP mm/ksm: fix race with VMA iteration and mm_struct teardown bus: imx-weim: fix branch condition evaluates to a garbage value i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() dm stats: check for and propagate alloc_percpu failure dm crypt: add cond_resched() to dmcrypt_write() dm crypt: avoid accessing uninitialized tasklet sched/fair: sanitize vruntime of entity being placed sched/fair: Sanitize vruntime of entity being migrated drm/amdkfd: introduce dummy cache info for property asic drm/amdkfd: Fix the warning of array-index-out-of-bounds drm/amdkfd: add GC 11.0.4 KFD support drm/amdkfd: Fix the memory overrun Linux 6.1.22 Change-Id: Id13b4655dbfb59c29a0b8953e5e0cda3703f1879 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Charan Teja Kalla
|
d13275473e |
ANDROID: mm/shmem: Add a trace hook to get the shmem folio
Add a trace hook whose callback be used to fill the folio that can be used for shmem fs. This VH also takes the 'shmem_inode_info' which can contain the vendor specific data. Bug: 273448633 Change-Id: Ia48480bba6dba1ee37a3297b69fd61877dae8dc9 Signed-off-by: Charan Teja Kalla <quic_charante@quicinc.com> |
||
|
Liam R. Howlett
|
286b0cab31 |
mm/ksm: fix race with VMA iteration and mm_struct teardown
commit 6db504ce55bdbc575723938fc480713c9183f6a2 upstream.
exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held
in write mode. Ensure that the maple tree is still valid by checking
ksm_test_exit() after taking the mmap_lock in read mode, but before the
for_each_vma() iterator dereferences a destroyed maple tree.
Since the maple tree is destroyed, the flags telling lockdep to check an
external lock has been cleared. Skip the for_each_vma() iterator to avoid
dereferencing a maple tree without the external lock flag, which would
create a lockdep warning.
Link: https://lkml.kernel.org/r/20230308220310.3119196-1-Liam.Howlett@oracle.com
Fixes:
|
||
|
Peter Collingbourne
|
450317033f |
Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare"
commit f446883d12b8bfa486f7c98d403054d61d38c989 upstream. This reverts commit |
||
Marco Elver
|
1c00030a59 |
kfence: avoid passing -g for test
commit 2e08ca1802441224f5b7cc6bffbb687f7406de95 upstream.
Nathan reported that when building with GNU as and a version of clang that
defaults to DWARF5:
$ make -skj"$(nproc)" ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- \
LLVM=1 LLVM_IAS=0 O=build \
mrproper allmodconfig mm/kfence/kfence_test.o
/tmp/kfence_test-08a0a0.s: Assembler messages:
/tmp/kfence_test-08a0a0.s:14627: Error: non-constant .uleb128 is not supported
/tmp/kfence_test-08a0a0.s:14628: Error: non-constant .uleb128 is not supported
/tmp/kfence_test-08a0a0.s:14632: Error: non-constant .uleb128 is not supported
/tmp/kfence_test-08a0a0.s:14633: Error: non-constant .uleb128 is not supported
/tmp/kfence_test-08a0a0.s:14639: Error: non-constant .uleb128 is not supported
...
This is because `-g` defaults to the compiler debug info default. If the
assembler does not support some of the directives used, the above errors
occur. To fix, remove the explicit passing of `-g`.
All the test wants is that stack traces print valid function names, and
debug info is not required for that. (I currently cannot recall why I
added the explicit `-g`.)
Link: https://lkml.kernel.org/r/20230316224705.709984-1-elver@google.com
Fixes:
|
||
|
Muchun Song
|
f2a4304e9f |
mm: kfence: fix using kfence_metadata without initialization in show_object()
commit 1c86a188e03156223a34d09ce290b49bd4dd0403 upstream.
The variable kfence_metadata is initialized in kfence_init_pool(), then,
it is not initialized if kfence is disabled after booting. In this case,
kfence_metadata will be used (e.g. ->lock and ->state fields) without
initialization when reading /sys/kernel/debug/kfence/objects. There will
be a warning if you enable CONFIG_DEBUG_SPINLOCK. Fix it by creating
debugfs files when necessary.
Link: https://lkml.kernel.org/r/20230315034441.44321-1-songmuchun@bytedance.com
Fixes:
|