769612f594
This catches the android14-6.1 branch up with the 6.1.43 LTS upstream release. It contains the following commits: *e8ac95d4bcRevert "arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2" *cf0f262265Revert "locking/rtmutex: Fix task->pi_waiters integrity" *38b64945f1Revert "ring-buffer: Fix wrong stat of cpu_buffer->read" *7f81705800Merge 6.1.43 into android14-6.1-lts |\ | *52a953d093Linux 6.1.43 | *c3d576baa6dma-buf: fix an error pointer vs NULL bug | *23acc2b850dma-buf: keep the signaling time of merged fences v3 | *665e6fd714test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation | *0ab95d5ce8selftests: mptcp: sockopt: use 'iptables-legacy' if available | *bd2decac73mptcp: ensure subflow is unhashed before cleaning the backlog | *ab79c7541dcpufreq: intel_pstate: Drop ACPI _PSS states table patching | *602a1cbc24ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily | *f7fcc0f1b2ACPI: processor: perflib: Use the "no limit" frequency QoS | *d701687c89drm/amd/display: Write to correct dirty_rect | *d58fb94f24drm/amd/display: perform a bounds check before filling dirty rectangles | *0441c44154tracing: Fix trace_event_raw_event_synth() if else statement | *f5e8f7a02cdrm/amd/display: set per pipe dppclk to 0 when dpp is off | *73679f8c45rbd: retrieve and check lock owner twice before blocklisting | *0c0b6412c9rbd: harden get_lock_owner_info() a bit | *c0d067c79brbd: make get_lock_owner_info() return a single locker or NULL | *3d215ad49cdm cache policy smq: ensure IO doesn't prevent cleaner policy progress | *507f70c06adrm/i915/dpt: Use shmem for dpt objects | *e046aecb73ceph: never send metrics if disable_send_metrics is set | *8ab9ad1638PM: sleep: wakeirq: fix wake irq arming | *356e711640arm64/sme: Set new vector length before reallocating | *ff54cb993bASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register | *6deb8727f2s390/dasd: print copy pair message only for the correct error | *c4ae208cc3s390/dasd: fix hanging device after quiesce/resume | *2b58bd3847LoongArch: BPF: Enable bpf_probe_read{, str}() on LoongArch | *8a5e0c1f71LoongArch: BPF: Fix check condition to call lu32id in move_imm() | *024ed3b9b8Revert "um: Use swap() to make code cleaner" | *e1d54962a6soundwire: fix enumeration completion | *dda7cfcaa4selftests: mptcp: join: only check for ip6tables if needed | *aedec6019dnet: dsa: qca8k: fix mdb add/del case with 0 VID | *828f9526f0net: dsa: qca8k: fix broken search_and_del | *d42c326288net: dsa: qca8k: fix search_and_insert wrong handling of new rule | *e1fda7c125virtio-net: fix race between set queues and probe | *cd1a8952ffxen: speed up grant-table reclaim | *af7aa4fe94proc/vmcore: fix signedness bug in read_from_oldmem() | *7f1715d827locking/rtmutex: Fix task->pi_waiters integrity | *d392d2d72airqchip/gic-v4.1: Properly lock VPEs when doing a directLPI invalidation | *a80d2cb27dirq-bcm6345-l1: Do not assume a fixed block to cpu mapping | *2edb87931atpm_tis: Explicitly check for error code | *c9af433b11ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() | *d79f730bb8nfsd: Remove incorrect check in nfsd4_validate_stateid | *e5a87723e8file: always lock position for FMODE_ATOMIC_POS | *2663e2cb91x86/MCE/AMD: Decrement threshold_bank refcount when removing threshold blocks | *360c98f583btrfs: check for commit error at btrfs_attach_transaction_barrier() | *a7b85dc316btrfs: check if the transaction was aborted at btrfs_wait_for_commit() | *cbec34d302btrfs: account block group tree when calculating global reserve size | *5fec6f7903hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled | *85f8077893hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature | *bf7b30dc16ALSA: hda/relatek: Enable Mute LED on HP 250 G8 | *db3c5ca314ALSA: hda/realtek: Support ASUS G713PV laptop | *96a0b80eb1Revert "xhci: add quirk for host controllers that don't update endpoint DCS" | *9615ca54bctty: n_gsm: fix UAF in gsm_cleanup_mux | *7ae9f55a49staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() | *41e05572e8staging: r8712: Fix memory leak in _r8712_init_xmit_priv() | *ef301c41a1Documentation: security-bugs.rst: clarify CVE handling | *ddb9503d1cDocumentation: security-bugs.rst: update preferences when dealing with the linux-distros group | *9ae3d7941fRevert "usb: xhci: tegra: Fix error check" | *cf8203ea19usb: xhci-mtk: set the dma max_seg_size | *c0ebcc7e7fusb: cdns3: fix incorrect calculation of ep_buf_size when more than one config | *9590eeef4dUSB: quirks: add quirk for Focusrite Scarlett | *98a6054d51usb: ohci-at91: Fix the unhandle interrupt when resume | *a280625541usb: misc: ehset: fix wrong if condition | *c1fad1695busb: dwc3: don't reset device side if dwc3 was configured as host-only | *84ff2e988busb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy | *bf4986fbebRevert "usb: dwc3: core: Enable AutoRetry feature in the controller" | *60816ac26fusb: typec: Use sysfs_emit_at when concatenating the string | *9e4c1e68bfusb: typec: Iterate pds array when showing the pd list | *59feda7f38usb: typec: Set port->pd before adding device for typec_port | *efd354eb79can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED | *60dea45ea3USB: serial: simple: sort driver entries | *889122fe36USB: serial: simple: add Kaufmann RKS+CAN VCP | *6341ef50caUSB: serial: option: add Quectel EC200A module support | *f13b7a9f16USB: serial: option: support Quectel EM060K_128 | *71bef922ffserial: sifive: Fix sifive_serial_console_setup() section | *ace0efeb56serial: 8250_dw: Preserve original value of DLF register | *016a4a2a75serial: qcom-geni: drop bogus runtime pm state update | *eb1a542824KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid | *d8eb0c480fKVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest | *ed8bbe6627KVM: Grab a reference to KVM for VM and vCPU stats file descriptors | *c80b7c8f9dusb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate | *de77000c19USB: gadget: Fix the memory leak in raw_gadget driver | *0f23a9eb8ausb: gadget: call usb_gadget_check_config() to verify UDC capability | *0cf9741aa3Revert "usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()" | *a3a3c7bddatracing: Fix warning in trace_buffered_event_disable() | *77996fa5c6ring-buffer: Fix wrong stat of cpu_buffer->read | *9d0a4a7777ata: pata_ns87415: mark ns87560_tf_read static | *84415f934aublk: fail to recover device if queue setup is interrupted | *0d5916c439ublk: fail to start device if queue setup is interrupted | *c741076a3cublk_drv: move ublk_get_device_from_id into ublk_ctrl_uring_cmd | *a39bf13f86drm/msm: Disallow submit with fence id 0 | *3398e8b283drm/msm: Switch idr_lock to spinlock | *d722661362RDMA/irdma: Report correct WC error | *fe3409cd01RDMA/irdma: Fix op_type reporting in CQEs | *e139cc2974drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() | *5c58d120bfdrm/amd: Fix an error handling mistake in psp_sw_init() | *ce114218f7dm raid: protect md_stop() with 'reconfig_mutex' | *e08db3f85ddm raid: clean up four equivalent goto tags in raid_ctr() | *d43c7edfebdm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths | *37b5a0bdb8xenbus: check xen_domain in xenbus_probe_initcall | *a71cd15a85drm/i915: Fix an error handling path in igt_write_huge() | *ddac66e802smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request | *55704f087fblock: Fix a source code comment in include/uapi/linux/blkzoned.h | *f656ba177fASoC: fsl_spdif: Silence output on stop | *6806494ed4cxl/acpi: Return 'rc' instead of '0' in cxl_parse_cfmws() | *748fadc08bcxl/acpi: Fix a use-after-free in cxl_parse_cfmws() | *1b8b835373drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() | *b8500538b8RDMA/bnxt_re: Prevent handling any completions after qp destroy | *d335b5fb33RDMA/mthca: Fix crash when polling CQ for shared QPs | *5986e96be7RDMA/irdma: Fix data race on CQP request done | *4e1a5842a3RDMA/irdma: Fix data race on CQP completion stats | *b83e4c1e4cRDMA/irdma: Add missing read barriers | *14627d02b1drm/msm/adreno: Fix snapshot BINDLESS_DATA size | *b6432b6870drm/msm/dpu: drop enum dpu_core_perf_data_bus_id | *10b5920c33RDMA/mlx4: Make check for invalid flags stricter | *539cf23cb4tipc: stop tipc crypto on failure in tipc_node_create | *5f6a842db1tipc: check return value of pskb_trim() | *0069a11a6fbenet: fix return value check in be_lancer_xmit_workarounds() | *0f7432b7c3net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 | *eefc0b3215net/sched: mqprio: add extack to mqprio_parse_nlattr() | *5523d2e319net/sched: mqprio: refactor nlattr parsing to a separate function | *7218974abamm: suppress mm fault logging if fatal signal already pending | *268cb07ef3netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID | *4237462a07netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR | *89a4d1a897netfilter: nft_set_rbtree: fix overlap expiration walk | *c09df09241igc: Fix Kernel Panic during ndo_tx_timeout callback | *1ecdbf2467x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory | *cb160f4f90platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 | *847265678enet: stmmac: Apply redundant write work around on 4.xx too | *17e67a071bocteontx2-af: Fix hash extraction enable configuration | *9b0c968a13octeontx2-af: Removed unnecessary debug messages. | *517a4f3b09team: reset team's flags when down link is P2P device | *4c50927853bonding: reset bond's flags when down link is P2P device | *46bf2459d6ice: Fix memory management in ice_ethtool_fdir.c | *51aea7e9d5tcp: Reduce chance of collisions in inet6_hashfn(). | *776da4eca0ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address | *6ed1e466efethernet: atheros: fix return value check in atl1e_tso_csum() | *85c38ac62catheros: fix return value check in atl1_tso() | *01cb355bb9phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() | *69534f5ab7vxlan: fix GRO with VXLAN-GPE | *9e22b434ffvxlan: generalize vxlan_parse_gpe_hdr and remove unused args | *ddc6ab3834vxlan: calculate correct header length for GPE | *4de5cd8d89net: hns3: fix wrong bw weight of disabled tc issue | *487b685c81net: hns3: fix wrong tc bandwidth weight data issue | *b93161779bnet: hns3: fix the imp capability bit cannot exceed 32 bits issue | *e3339d44e0net: phy: marvell10g: fix 88x3310 power up | *c76d3742b6iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED | *469879eda3iavf: fix potential deadlock on allocation failure | *c0fa9a5a7ai40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() | *940a2c75f5media: amphion: Fix firmware path to match linux-firmware | *70f9f05abamedia: staging: atomisp: select V4L2_FWNODE | *accc838fd6soundwire: qcom: update status correctly with mask | *cf52320a39phy: qcom-snps-femto-v2: properly enable ref clock | *01d8e49999phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend | *b6132813bephy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc | *3a5dbdc53aphy: phy-mtk-dp: Fix an error code in probe() | *15c94c3151drm/amd/display: Prevent vtotal from being set to 0 | *d5741133e6drm/amd/display: Fix possible underflow for displays with large vblank | *342ec1696ddrm/amd/display: update extended blank for dcn314 onwards | *27931ea53cdrm/amd/display: Add FAMS validation before trying to use it | *6415d5de13drm/amd/display: fix dc/core/dc.c kernel-doc | *549f205819drm/amd/display: Rework comments on dc file | *4eed29e8a8maple_tree: fix 32 bit mas_next testing | *1b6e8744edmaple_tree: add __init and __exit to test module | *cba7ddf552test_maple_tree: test modifications while iterating | *a6e2a0e414tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails | *bee9946688Revert "tracing: Add "(fault)" name injection to kernel probes" | *f3baa42afetracing: Allow synthetic events to pass around stacktraces | *d92ee6bce1tracing/probes: Fix to avoid double count of the string length on the array | *16cc222026tracing/probes: Add symstr type for dynamic events | *f5ded0c11dmptcp: do not rely on implicit state check in mptcp_listen() | *fbe9fa195emptcp: introduce 'sk' to replace 'sock->sk' in mptcp_listen() | *cde7f2fd63arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 | *eb1de0a234KVM: arm64: Condition HW AF updates on config option | *17e188e0fedrm/ttm: never consider pinned BOs for eviction&swap | *a7451c38e1tty: fix hang on tty device with no_room set | *72deb17550n_tty: Rename tail to old_tail in n_tty_read() | *e9c44738cbdrm/ttm: Don't leak a resource on eviction error | *3a8f9b8ccfdrm/ttm: Don't print error message if eviction was interrupted | *76fcfc6ae3drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix | *f8b61a2c29drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt | *41c666e2b7drm/amd/display: Update correct DCN314 register header | *8f0582fb6ddrm/amd/display: fix dcn315 single stream crb allocation | *38fa05cad9drm/amd/display: add pixel rate based CRB allocation support | *ad8c209544drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 | *acba20a5b2drm/amd/display: use low clocks for no plane configs | *8d515d39d8drm/amd/display: add ODM case when looking for first split pipe | *3a88351318drm/amd/display: Use min transition for all SubVP plane add/remove | *a5397c85f0drm/amd/display: Include surface of unaffected streams | *d5b3e4cf99drm/amd/display: Copy DC context in the commit streams | *4efb2d2200drm/amd/display: Enable new commit sequence only for DCN32x | *bc2c700388drm/amd/display: Rework context change check | *810329d3d4drm/amd/display: Check if link state is valid | *f1edb2f58adrm/amd/display: add FB_DAMAGE_CLIPS support | *ed92b595afPCI: rockchip: Don't advertise MSI-X in PCIe capabilities | *7b65231b65PCI: rockchip: Fix window mapping and address translation for endpoint | *3b117fd8cfPCI: rockchip: Remove writes to unused registers | *13b9c5f605PCI/ASPM: Avoid link retraining race | *4d1cd90ceaPCI/ASPM: Factor out pcie_wait_for_retrain() | *8dfeae8082PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() | *ecd9da1d05MIPS: Loongson: Fix build error when make modules_install | *3fac9a39f8MIPS: Loongson: Move arch cflags to MIPS top level Makefile | *70957ae160i2c: nomadik: Remove a useless call in the remove function | *a9be061237i2c: nomadik: Use devm_clk_get_enabled() | *82dee5b258i2c: nomadik: Remove unnecessary goto label | *1dc23fb83bi2c: Improve size determinations | *38a8983ae1i2c: Delete error messages for failed memory allocations | *7b7291ab29btrfs: fix race between quota disable and relocation | *44e2afbf65gpio: mvebu: fix irq domain leak | *8ee94aab99gpio: mvebu: Make use of devm_pwmchip_add | *19156bcb88pwm: Add a stub for devm_pwmchip_add() | *b2d8ac988fgpio: tps68470: Make tps68470_gpio_output() always set the initial value | *04f7d49174io_uring: don't audit the capability check in io_uring_create() | *017f686bcbKVM: s390: pv: fix index value of replaced ASCE | *e8df129860powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close | *557ea2ff05blk-mq: Fix stall due to recursive flush plug | *0935bbbf6ejbd2: Fix wrongly judgement for buffer head removing while doing checkpoint | *6e385845eedrm/amd: Align SMU11 SMU_MSG_OverridePcieParameters implementation with SMU13 | *32631ac27cdrm/amd: Move helper for dynamic speed switch check out of smu13 | *53dd2ca2c0ovl: fix null pointer dereference in ovl_permission() | *a9174f0d7adrm/amd/display: Keep PHY active for dp config | *2bb9121616platform/x86/amd/pmf: reduce verbosity of apmf_get_system_params | *fd14866ebeplatform/x86/amd/pmf: Notify OS power slider update | *b068314fd8netfilter: nf_tables: fix underflow in chain reference counter | *35651fde1anetfilter: nf_tables: fix underflow in object reference counter * |f5aa90efe8FROMLIST: Revert "fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT" * |469cf75fccRevert "sched/psi: Fix avgs_work re-arm in psi_avgs_work()" * |d18fe3efdaRevert "sched/psi: Rearrange polling code in preparation" * |5b039dbb91Revert "sched/psi: Rename existing poll members in preparation" * |ed063a7e76Revert "sched/psi: Extract update_triggers side effect" * |2c1e89916bRevert "sched/psi: Allow unprivileged polling of N*2s period" * |ffed79e366Revert "sched/psi: use kernfs polling functions for PSI trigger polling" * |8976ff249fMerge 6.1.42 into android14-6.1-lts |\| | *d2a6dc4eafLinux 6.1.42 | *1d4607f2a5Revert "drm/amd/display: edp do not add non-edid timings" | *2f2ba3c162drm/amd/display: Add polling method to handle MST reply packet | *78ea2ed76cdrm/amd/display: fix linux dp link lost handled only one time | *b31143b0fbdrm/amd/display: Clean up errors & warnings in amdgpu_dm.c | *c14702daf1drm/amd/display: force connector state when bpc changes during compliance | *00f68f5c1bdrm/dp_mst: Clear MSG_RDY flag before sending new message | *c085ffaf67drm/amd/display: fix some coding style issues | *374735cbe2drm/amd/display: use max_dsc_bpp in amdgpu_dm | *268bfb3782selftests/bpf: Fix sk_assign on s390x | *fd1e31d1bcselftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code | *a7c1eb9cb8selftests/bpf: make test_align selftest more robust | *4c8f30a2adbpf: aggressively forget precise markings during state checkpointing | *8b57a37d0ebpf: stop setting precise in current state | *56675ddcb0bpf: allow precision tracking for programs with subprogs | *dd33fbe4afscripts/kallsyms: update the usage in the comment block | *5fab8c91e5scripts/kallsyms.c Make the comment up-to-date with current implementation | *320f980bc0kallsyms: add kallsyms_seqs_of_names to list of special symbols | *7531eb07b2spi: dw: Remove misleading comment for Mount Evans SoC | *70a3015683drm/ttm: fix bulk_move corruption when adding a entry | *61622fa379tracing/histograms: Return an error if we fail to add histogram to hist_vars list | *bae17da3aejbd2: recheck chechpointing non-dirty buffer | *b9f0f20ab0net: phy: prevent stale pointer dereference in phy_init() | *f311c76800tcp: annotate data-races around fastopenq.max_qlen | *01a1563a09tcp: annotate data-races around icsk->icsk_user_timeout | *918a1beb0atcp: annotate data-races around tp->notsent_lowat | *b02f8fce7ctcp: annotate data-races around rskq_defer_accept | *17c3d75833tcp: annotate data-races around tp->linger2 | *e639397202tcp: annotate data-races around icsk->icsk_syn_retries | *d27a1aa37etcp: annotate data-races around tp->keepalive_probes | *161b069389tcp: annotate data-races around tp->keepalive_intvl | *87b8466eb0tcp: annotate data-races around tp->keepalive_time | *2c84a3d78atcp: annotate data-races around tp->tsoffset | *949eb83880tcp: annotate data-races around tp->tcp_tx_delay | *0d4d6b083dBluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() | *e969bfed84Bluetooth: ISO: fix iso_conn related locking and validity issues | *59bd1e476bBluetooth: hci_event: call disconnect callback before deleting conn | *13ad45ad14Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync | *e18922ce3enetfilter: nf_tables: skip bound chain on rule flush | *ec3e856075netfilter: nf_tables: skip bound chain in netns release path | *90c3955bebnetfilter: nft_set_pipapo: fix improper element removal | *f372992820netfilter: nf_tables: can't schedule in nft_chain_validate | *6026fa4f47netfilter: nf_tables: fix spurious set element insertion failure | *c1dc350a37ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp | *050c24656allc: Don't drop packet from non-root netns. | *50e4b32d2efbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe | *a44ff12573Revert "tcp: avoid the lookup process failing to get sk in ehash table" | *d1a4d697a9net:ipv6: check return value of pskb_trim() | *205bad1b30net: ipv4: Use kfree_sensitive instead of kfree | *fac47182d3tcp: annotate data-races around tcp_rsk(req)->ts_recent | *aa32235da4tcp: annotate data-races around tcp_rsk(req)->txhash | *f62a00b7d1net: ipv4: use consistent txhash in TIME_WAIT and SYN_RECV | *1d8e3ec4f0igc: Prevent garbled TX queue with XDP ZEROCOPY | *c0268bc0d7igc: Avoid transmit queue timeout for XDP | *bb6ae775ffbpf, arm64: Fix BTI type used for freplace attached functions | *8620c53cedbpf: Repeat check_max_stack_depth for async callbacks | *d55ff358b0bpf: Fix subprog idx logic in check_max_stack_depth | *c355f3a27bocteontx2-pf: Dont allocate BPIDs for LBK interfaces | *0f56bfe19asecurity: keys: Modify mismatched function name | *3fc081edddiavf: fix reset task race with iavf_remove() | *2647ff59c5iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies | *9743519240iavf: Wait for reset in callbacks which trigger it | *f43ab442a8iavf: make functions static where possible | *9e36533d66iavf: send VLAN offloading caps once after VFR | *5d1c0ac33diavf: Move netdev_update_features() into watchdog task | *6d9d01689biavf: use internal state to free traffic IRQs | *6e1d8f1332iavf: Fix out-of-bounds when setting channels on remove | *ca12b98e04iavf: Fix use-after-free in free_netdev | *ce3ec3fc64net: dsa: microchip: correct KSZ8795 static MAC table access | *54830adfd9net: dsa: microchip: ksz8_r_sta_mac_table(): Avoid using error code for empty entries | *8a60427c8anet: dsa: microchip: ksz8: Make ksz8_r_sta_mac_table() static | *e4820a764enet: dsa: microchip: ksz8: Separate static MAC table operations for code reuse | *155f594534net: sched: cls_bpf: Undo tcf_bind_filter in case of an error | *2256b27f54net: sched: cls_u32: Undo refcount decrement in case update failed | *a934579346net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode | *fa753f8656net: sched: cls_matchall: Undo tcf_bind_filter in case of failure after mall_set_parms | *813572a08dASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() | *c55901d381cifs: fix mid leak during reconnection after timeout threshold | *855643c8d2net: ethernet: mtk_eth_soc: handle probe deferral | *6924f3c898bridge: Add extack warning when enabling STP in netns. | *3325b8ddfenet: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() | *4148d6c766dsa: mv88e6xxx: Do a final check before timing out | *f4c0a6b8cekallsyms: strip LTO-only suffixes from promoted global functions | *5004d383fekallsyms: Correctly sequence symbols when CONFIG_LTO_CLANG=y | *28fdfda791kallsyms: Improve the performance of kallsyms_lookup_name() | *c401b72836spi: s3c64xx: clear loopback bit after loopback test | *9c85f71d3fbtrfs: be a bit more careful when setting mirror_num_ret in btrfs_map_block | *08bdd70974perf build: Fix library not found error when using CSLIBS | *6aa851f627fbdev: imxfb: Removed unneeded release_mem_region | *e7bb9436eafbdev: imxfb: warn about invalid left/right margin | *7a2d80a8c2spi: bcm63xx: fix max prepend length | *6af800f917pinctrl: renesas: rzg2l: Handle non-unique subnode names | *be087281dcpinctrl: renesas: rzv2m: Handle non-unique subnode names | *92cc015332sched/psi: use kernfs polling functions for PSI trigger polling | *d5dca19776sched/psi: Allow unprivileged polling of N*2s period | *fb4bc32fc1sched/psi: Extract update_triggers side effect | *c1623d4d0bsched/psi: Rename existing poll members in preparation | *c176dda0a6sched/psi: Rearrange polling code in preparation | *7d8bba4da1sched/psi: Fix avgs_work re-arm in psi_avgs_work() | *45f739e8fbsched/fair: Use recent_used_cpu to test p->cpus_ptr | *6ede0d0f88ASoC: qcom: q6apm: do not close GPR port before closing graph | *5da98d0438ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR | *e3495bc994ASoC: codecs: wcd938x: fix mbhc impedance loglevel | *3122e90b5cASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() | *da64c8889fnet: hns3: fix strncpy() not using dest-buf length as length issue | *39695e87d8igb: Fix igb_down hung on surprise removal | *6887f35881wifi: iwlwifi: pcie: add device id 51F1 for killer 1675 | *6862557e9awifi: iwlwifi: mvm: avoid baid size integer overflow | *a46a624914wifi: iwlwifi: Add support for new PCI Id | *8e0a94e31awifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() | *408d40c729devlink: report devlink_port_type_warn source device | *0d14264155net: ethernet: litex: add support for 64 bit stats | *86f9330a49wifi: ath11k: fix memory leak in WMI firmware stats | *766e606536spi: dw: Add compatible for Intel Mount Evans SoC | *d0124848c7wifi: mac80211_hwsim: Fix possible NULL dereference | *8656b31d2ewifi: ath11k: add support default regdb while searching board-2.bin for WCN6855 | *4e291a07afbpf: tcp: Avoid taking fast sock lock in iterator | *c006fe361cbpf: Address KCSAN report on bpf_lru_list | *10fa03a9c1bpf: Print a warning only if writing to unprivileged_bpf_disabled. | *8d1342108cwifi: ath11k: fix registration of 6Ghz-only phy without the full channel range | *78a5f711efsched/fair: Don't balance task to its current running CPU | *896f4d6046rcu: Mark additional concurrent load from ->cpu_no_qs.b.exp | *9027d69221rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic() | *e055d0ec88ACPI: video: Add backlight=native DMI quirk for Dell Studio 1569 | *aa7cdf487aFS: JFS: Check for read-only mounted filesystem in txBegin | *3e5eb6c5ecFS: JFS: Fix null-ptr-deref Read in txBegin | *da0a7c6975MIPS: dec: prom: Address -Warray-bounds warning | *bdf07ab159fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev | *a682414980udf: Fix uninitialized array access for some pathnames | *cce9107c31ovl: check type and offset of struct vfsmount in ovl_entry | *5228d4d505HID: add quirk for 03f0:464a HP Elite Presenter Mouse | *6432843debquota: fix warning in dqgrab() | *1f2ec87f4aquota: Properly disable quotas when add_dquot_ref() fails | *2a97ec7809ALSA: emu10k1: roll up loops in DSP setup code for Audigy | *2e1be420b8drm/radeon: Fix integer overflow in radeon_cs_parser_init | *0ca3768534ext4: correct inline offset when handling xattrs in inode body | *aba8f85ecaASoC: codecs: wcd938x: fix soundwire initialisation race | *1a261a4193ASoC: codecs: wcd938x: fix codec initialisation race | *8b11d2f0e5ASoC: codecs: wcd934x: fix resource leaks on component remove | *bb241ae928ASoC: codecs: wcd938x: fix missing mbhc init error handling | *4eac89ffc5ASoC: codecs: wcd938x: fix resource leaks on component remove | *c584b5eca3ASoC: tegra: Fix AMX byte map | *d55fc2bdaaASoC: qdsp6: audioreach: fix topology probe deferral | *17feff71d0ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove | *b0fbf3c353ASoC: codecs: wcd938x: fix missing clsh ctrl error handling | *1dd61a5b5cASoC: cs42l51: fix driver to properly autoload with automatic module loading | *0e3cf64324ASoC: rt5640: Fix sleep in atomic context | *e5b2389e04ASoC: tegra: Fix ADX byte map | *24bed70aa6ASoC: fsl_sai: Revert "ASoC: fsl_sai: Enable MCTL_MCLK_EN bit for master mode" | *6518812877ASoC: fsl_sai: Disable bit clock with transmitter | *b9741ba942drm/amd/display: Keep PHY active for DP displays on DCN31 | *889bac5fd7drm/amd/display: check TG is non-null before checking if enabled | *9f28e8c2bedrm/amd/display: Disable MPC split by default on special asic | *4385420741drm/amd/display: only accept async flips for fast updates | *917bef37cfdrm/client: Fix memory leak in drm_client_modeset_probe | *b5359d7a50drm/client: Fix memory leak in drm_client_target_cloned | *91bd7acf89drm/amdgpu/pm: make mclk consistent for smu 13.0.7 | *0b4f3d9a5cdrm/amdgpu/pm: make gfxclock consistent for sienna cichlid | *13cb7bfbccdrm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel | *19e7b9f1f7dma-buf/dma-resv: Stop leaking on krealloc() failure | *25ad249699selftests: tc: add ConnTrack procfs kconfig | *54950747d5can: gs_usb: gs_can_open(): improve error handling | *995f47d766can: bcm: Fix UAF in bcm_proc_show() | *a2d31762d7can: mcp251xfd: __mcp251xfd_chip_set_mode(): increase poll timeout | *aa5cf8bd13arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes | *3e463a4f38regmap: Account for register length in SMBus I/O limits | *ef7ad397fbof: Preserve "of-display" device name for compatibility | *f16c2eb694regmap: Drop initial version of maximum transfer length fixes | *efeac348cdselftests: tc: add 'ct' action kconfig dep | *4986dd1b51selftests: tc: set timeout to 15 minutes | *ddf7e8984cbtrfs: fix race between balance and cancel/pause | *c828e913c8fuse: ioctl: translate ENOSYS in outarg | *c35ea60619btrfs: zoned: fix memory leak after finding block group with super blocks | *0a5e0bc8e8btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand | *549f5093e9fuse: Apply flags2 only when userspace set the FUSE_INIT_EXT | *af6d1fc5b8fuse: revalidate: don't invalidate if interrupted | *89e994688ebtrfs: fix warning when putting transaction with qgroups enabled after abort | *c1b3d1a9c6perf probe: Add test for regression introduced by switch to die_get_decl_file() | *00edfa6d4fkeys: Fix linking a duplicate key to a keyring's assoc_array | *4984a10a21maple_tree: fix node allocation testing on 32 bit | *85718972b0maple_tree: set the node limit when creating a new root node | *e0c3e25cfcALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx | *0f493b5bfeALSA: hda/realtek: Add quirk for Clevo NS70AU | *7ed4e52973ALSA: hda/realtek - remove 3k pull low procedure | *1b87f546a0io_uring: treat -EAGAIN for REQ_F_NOWAIT as final for io-wq * |b2d799c4d4Merge 6.1.41 into android14-6.1-lts |\| | *5302e81aa2Linux 6.1.41 | *ed9b87010ax86/cpu/amd: Add a Zenbleed fix | *5fc203d8d3x86/cpu/amd: Move the errata checking functionality up * |f12524c9deRevert "Revert "8250: add support for ASIX devices with a FIFO bug"" * |f1311733c2Merge 6.1.40 into android14-6.1-lts |\| | *7538911373Linux 6.1.40 | *9879d6e1canet/ncsi: change from ndo_set_mac_address to dev_set_mac_address | *e2c3356907net/ncsi: make one oem_gma function for all mfr id | *e4a0e09b79drm/atomic: Fix potential use-after-free in nonblocking commits | *d34a3470ednet/sched: sch_qfq: reintroduce lmax bound check for MTU | *ff06cd411aswiotlb: mark swiotlb_memblock_alloc() as __init | *d64b70df23Revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" | *fbfb6b7cb2MIPS: kvm: Fix build error with KVM_MIPS_DEBUG_COP0_COUNTERS enabled | *fec55ec035scsi: qla2xxx: Fix end of loop test | *f459d586fdscsi: qla2xxx: Remove unused nvme_ls_waitq wait queue | *b06d1b5253scsi: qla2xxx: Pointer may be dereferenced | *b88b1241fbscsi: qla2xxx: Correct the index of array | *e466930717scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() | *ce2cdbe530scsi: qla2xxx: Fix potential NULL pointer dereference | *2dddbf8de1scsi: qla2xxx: Fix buffer overrun | *477bc74ad1scsi: qla2xxx: Avoid fcport pointer dereference | *2b3bdef089scsi: qla2xxx: Array index may go out of bound | *d994ac7c78scsi: qla2xxx: Fix mem access after free | *90770dad1escsi: qla2xxx: Wait for io return on terminate rport | *1802e5d098scsi: qla2xxx: Fix hang in task management | *35985b0741scsi: qla2xxx: Fix task management cmd fail due to unavailable resource | *843665c426scsi: qla2xxx: Fix task management cmd failure | *ff92567d90scsi: qla2xxx: Multi-que support for TMF | *95e34129f3tracing/user_events: Fix struct arg size match check | *a95c1fede2tracing/probes: Fix to update dynamic data counter if fetcharg uses it | *837f92d27ftracing/probes: Fix not to count error code to total length | *2f41d35b58selftests: mptcp: pm_nl_ctl: fix 32-bit support | *ee352299a6selftests: mptcp: depend on SYN_COOKIES | *08daab11f3selftests: mptcp: userspace_pm: report errors with 'remove' tests | *4098a43182selftests: mptcp: userspace_pm: use correct server port | *c118baa05fselftests: mptcp: sockopt: return error if wrong mark | *671486793fselftests: mptcp: connect: fail if nft supposed to work | *938d5b7a75tracing: Fix null pointer dereference in tracing_err_log_open() | *fbcd0c2b56fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() | *ce3ec57faffprobe: Release rethook after the ftrace_ops is unregistered | *2e9a46e467pwm: meson: fix handling of period/duty if greater than UINT_MAX | *ba1ede19e6pwm: meson: modify and simplify calculation in meson_pwm_get_state | *9a2c57fd32PM: QoS: Restore support for default value on frequency QoS | *15ec83da43perf/x86: Fix lockdep warning in for_each_sibling_event() on SPR | *22fc9fd723xtensa: ISS: fix call to split_if_spec | *6a05de6da5cifs: if deferred close is disabled then close files immediately | *bd8cd38d3adrm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 | *11dc77a645drm/amd/pm: share the code around SMU13 pcie parameters update | *99fe81d219ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() | *8b0b63fdacring-buffer: Fix deadloop issue on reading trace_pipe | *90947ebf87net: ena: fix shift-out-of-bounds in exponential backoff | *b1a726ad33regmap-irq: Fix out-of-bounds access when allocating config buffers | *aeb62beaf9perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() | *e2c7a05a48samples: ftrace: Save required argument registers in sample trampolines | *9d6a260bbfnvme: don't reject probe due to duplicate IDs for single-ported PCIe devices | *be970e22c5tracing: Fix memory leak of iter->temp when reading trace_pipe | *5fd32eb6fatracing/histograms: Add histograms to hist_vars if they have referenced variables | *0a1dc6377adm: verity-loadpin: Add NULL pointer check for 'bdev' parameter | *08aaeda414s390/decompressor: fix misaligned symbol build error | *2ebf4ddcc6bus: ixp4xx: fix IXP4XX_EXP_T1_MASK | *599c0ebdb5Revert "8250: add support for ASIX devices with a FIFO bug" | *801daff007soundwire: qcom: fix storing port config out-of-bounds | *76ab057de7opp: Fix use-after-free in lazy_opp_tables after probe deferral | *be06ffa8f4meson saradc: fix clock divider mask length | *610ddd79fcxhci: Show ZHAOXIN xHCI root hub speed correctly | *892ef75930xhci: Fix TRB prefetch issue of ZHAOXIN hosts | *8e273a2190xhci: Fix resume issue of some ZHAOXIN hosts | *8293614798ceph: don't let check_caps skip sending responses for revoke msgs | *0471d907d8ceph: fix blindly expanding the readahead windows | *d545ff97cfceph: add a dedicated private data for netfs rreq | *183c0ae4falibceph: harden msgr2.1 frame segment length checks | *cb8a31a56dfirmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() | *5553d587a3tty: serial: imx: fix rs485 rx after tx | *f0bf102ef9tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk | *34f5b826ddtty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error | *9fd9e1d098serial: atmel: don't enable IRQs prematurely | *f037f60387drm/ttm: Don't leak a resource on swapout move error | *fe26d0fa94drm/amdgpu: avoid restore process run into dead loop. | *8404d0e274drm/amd/display: Add monitor specific edid quirk | *7ad40467fddrm/amd/display: Correct `DMUB_FW_VERSION` macro | *ad85fc99d6drm/amd/display: add a NULL pointer check | *3092beeb25drm/amd: Disable PSR-SU on Parade 0803 TCON | *91e69e67d4drm/amdgpu: fix clearing mappings for BOs that are always valid in VM | *3546f76c7adrm/amd/display: disable seamless boot if force_odm_combine is enabled | *a2ef3163c3drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 | *c4629c7575drm/amd/display: edp do not add non-edid timings | *31fb25ecbbdrm/amd/display: fix seamless odm transitions | *c41963e50adrm/rockchip: vop: Leave vblank enabled in self-refresh | *db0a9a2991drm/atomic: Allow vblank-enabled + self-refresh "disable" | *6436ca035bscsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() | *7adcc32eb5fs: dlm: fix mismatch of plock results from userspace | *adeaef5a00fs: dlm: make F_SETLK use unkillable wait_event | *2a37d73395fs: dlm: interrupt posix locks only when process is killed | *a1b6adf4b1fs: dlm: fix cleanup pending ops when interrupted | *3346ffdee4fs: dlm: return positive pid value for F_GETLK | *be19cb6716dm init: add dm-mod.waitfor to wait for asynchronously probed block devices | *e30128926amd/raid0: add discard support for the 'original' layout | *31df8b9609mfd: pm8008: Fix module autoloading | *7ef181f84emisc: pci_endpoint_test: Re-init completion for every test | *c2dba13bc0misc: pci_endpoint_test: Free IRQs before removing the device | *0813bb2f2cPCI: rockchip: Set address alignment for endpoint mode | *5b15ebec56PCI: rockchip: Use u32 variable to access 32-bit registers | *1a48294adePCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core | *dfd20ebcaePCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked | *05f55f7530PCI: rockchip: Write PCI Device ID to correct register | *b2e2ffbfd3PCI: rockchip: Assert PCI Configuration Enable bit after probe | *07d997ef10PCI: epf-test: Fix DMA transfer completion detection | *bcd276f143PCI: epf-test: Fix DMA transfer completion initialization | *cf0d7b7270PCI: qcom: Disable write access to read only registers for IP v2.3.3 | *c459365ec7PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 | *465c195e86PCI: Release resource invalidated by coalescing | *3367d4be9bPCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold | *25cb64ecc3s390/zcrypt: do not retry administrative requests | *026e46d26ascsi: mpi3mr: Propagate sense data for admin queue SCSI I/O | *b933df9ddadm integrity: reduce vmalloc space footprint on 32-bit architectures | *ef709350efhwrng: imx-rngc - fix the timeout for init and self check | *c7feb54b11jfs: jfs_dmap: Validate db_l2nbperpage while mounting | *9e54fd14bdext2/dax: Fix ext2_setsize when len is page aligned | *33f8dff6e1soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup | *5dc507de0cfs: dlm: revert check required context while close | *95d49f79e9ext4: only update i_reserved_data_blocks on successful block allocation | *deef86fa30ext4: turn quotas off if mount failed after enabling quotas | *029c6b106fext4: fix to check return value of freeze_bdev() in ext4_shutdown() | *e861961f3aext4: fix wrong unit use in ext4_mb_new_blocks | *2038d35749ext4: get block from bh in ext4_free_blocks for fast commit replay | *782166ac85ext4: fix wrong unit use in ext4_mb_clear_bb | *0a90e70efaext4: Fix reusing stale buffer heads from last failed mounting | *bd9cf2a5f9MIPS: KVM: Fix NULL pointer dereference | *d56b7a43a2MIPS: Loongson: Fix cpu_probe_loongson() again | *58d1c81307powerpc/64s: Fix native_hpte_remove() to be irq-safe | *484b8fb1ffpowerpc/security: Fix Speculation_Store_Bypass reporting on Power10 | *23ab732b96misc: fastrpc: Create fastrpc scalar with correct buffer count | *16eceb3959powerpc: Fail build if using recordmcount with binutils v2.37 | *5aea2ac374tracing/user_events: Fix incorrect return value for writing operation when events are disabled | *a4336343eakasan: add kasan_tag_mismatch prototype | *6d806841f1net: phy: dp83td510: fix kernel stall during netboot in DP83TD510E PHY driver | *eac0aac07fnet: bcmgenet: Ensure MDIO unregistration has clocks enabled | *de67dadd5cmtd: rawnand: meson: fix unaligned DMA buffers handling | *bb4e824d6btpm: return false from tpm_amd_is_rng_defective on non-x86 platforms | *ad249709d2tpm: tis_i2c: Limit write bursts to I2C_SMBUS_BLOCK_MAX (32) bytes | *f5a734a689tpm: tis_i2c: Limit read bursts to I2C_SMBUS_BLOCK_MAX (32) bytes | *99b998fb9dtpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation | *0028313700tpm: Do not remap from ACPI resources again for Pluton TPM | *6d8488509epinctrl: amd: Unify debounce handling into amd_pinconf_set() | *dce19c966dpinctrl: amd: Drop pull up select configuration | *326b3f17bepinctrl: amd: Use amd_pinconf_set() for all config options | *3cadcab402pinctrl: amd: Only use special debounce behavior for GPIO 0 | *57f6d48af4pinctrl: amd: Revert "pinctrl: amd: disable and mask interrupts on probe" | *1cd1a0151fpinctrl: amd: Detect and mask spurious interrupts | *1516518794pinctrl: amd: Fix mistake in handling clearing pins at startup | *8a2d8e17c7pinctrl: amd: Detect internal GPIO0 debounce handling | *4484ce0e49pinctrl: amd: Add fields for interrupt status and wake status | *a56afed6d5pinctrl: amd: Adjust debugfs output | *03590f9be9pinctrl: amd: Add Z-state wake control bits | *a996fec74cf2fs: fix deadlock in i_xattr_sem and inode page lock | *2cb10f4e6cf2fs: fix the wrong condition to determine atomic context | *13e8af958cdrm/amd/pm: add abnormal fan detection for smu 13.0.0 | *e8b6b7b813drm/amdgpu: Fix minmax warning | *d7d53c669ddrm/amdgpu: add the fan abnormal detection feature | *c8c703befddrm/amd/pm: revise the ASPM settings for thunderbolt attached scenario | *4596c81291drm/amdgpu/sdma4: set align mask to 255 | *7c880188c7drm/client: Send hotplug event after registering a client | *40e2ed0e56cifs: fix session state check in smb2_find_smb_ses | *c4a5fb1ae5ovl: fix null pointer dereference in ovl_get_acl_rcu() | *06b3f0bf41ovl: let helper ovl_i_path_real() return the realinode | *000a9a72effs/ntfs3: Check fields while reading | *bf2f2c059fnvme-pci: fix DMA direction of unmapping integrity data | *70feebdbfanet/sched: sch_qfq: account for stab overhead in qfq_enqueue | *4b33836824net/sched: sch_qfq: refactor parsing of netlink parameters | *0aec8dab2bwifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() | *3d1dc71b8fnet/sched: make psched_mtu() RTNL-less safe | *1c806e4066netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write() | *1b125be4e0riscv: mm: fix truncation warning on RV32 | *174cfa0317net/sched: flower: Ensure both minimum and maximum ports are specified | *b11a9b4f28bpf: cpumap: Fix memory leak in cpu_map_update_elem | *4719576d6ewifi: airo: avoid uninitialized warning in airo_get_rate() | *9e6474e5d7erofs: fix fsdax unavailability for chunk-based regular files | *dc8158a95ferofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF | *83879f72e0erofs: avoid useless loops in z_erofs_pcluster_readmore() when reading beyond EOF | *27272795a7octeontx2-pf: Add additional check for MCAM rules | *5a9aecb665drm/i915: Fix one wrong caching mode enum usage | *f1e746aedddrm/i915: Don't preserve dpll_hw_state for slave crtc in Bigjoiner | *ba05762e4ariscv, bpf: Fix inconsistent JIT image generation | *13a30e22eanvme: fix the NVME_ID_NS_NVM_STS_MASK definition | *66afb6a54eigc: Fix inserting of empty frame for launchtime | *1b87509ef6igc: Fix launchtime before start of cycle | *f92a82dc48kernel/trace: Fix cleanup logic of enable_trace_eprobe | *7772d5c440platform/x86: wmi: Break possible infinite loop when parsing GUID | *89726b0303net: dsa: qca8k: Add check for skb_copy | *436b7cc7eaipv6/addrconf: fix a potential refcount underflow for idev | *5554414227NTB: ntb_tool: Add check for devm_kcalloc | *8d7b875866NTB: ntb_transport: fix possible memory leak while device_register() fails | *bece67815antb: intel: Fix error handling in intel_ntb_pci_driver_init() | *d4317d41f0NTB: amd: Fix error handling in amd_ntb_pci_driver_init() | *4e5daadf8cntb: idt: Fix error handling in idt_pci_driver_init() | *360db93bebudp6: fix udp6_ehashfn() typo | *1462e9d9aaicmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). | *1731234e8bnet: prevent skb corruption on frag list segmentation | *685b57a122net: bgmac: postpone turning IRQs off to avoid SoC hangs | *dc47046675ionic: remove WARN_ON to prevent panic_on_warn | *6cc293d29cocteontx2-af: Move validation of ptp pointer before its usage | *bb56b7905bocteontx2-af: Promisc enable/disable through mbox | *2b4086a66agve: Set default duplex configuration to full | *c91fb29bb0net/sched: cls_fw: Fix improper refcount update leads to use-after-free | *831fbc2065net: mvneta: fix txq_map in case of txq_number==1 | *b2e74dedb0bpf: Fix max stack depth check for async callbacks | *714d81a5c4scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER | *574d5236a8scsi: qla2xxx: Fix error code in qla2x00_start_sp() | *49f6ac6f1cblk-crypto: use dynamic lock class for blk_crypto_profile::lock | *d752be635bigc: Handle PPS start time programming for past time values | *246fc961c8igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings | *e962fd5933net/mlx5e: Check for NOT_READY flag state after locking | *83a8f7337anet/mlx5e: fix memory leak in mlx5e_ptp_open | *75df2fe6d1net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create | *7ca1914cbdnet/mlx5e: fix double free in mlx5e_destroy_flow_table | *68b654e9ebigc: Remove delay during TX ring configuration | *dfaed769b9ice: Fix max_rate check while configuring TX rate limits | *1294311ce9drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags | *fd5b64c1cfswiotlb: reduce the number of areas to match actual memory pool size | *fc3db7fbdfswiotlb: reduce the swiotlb buffer size on allocation failure | *24b24863a0swiotlb: always set the number of areas before allocating the pool | *02d43b8a4fdrm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime | *d48029c655drm/panel: simple: Add connector_type for innolux_at043tn24 | *ef572ffa8eksmbd: fix out of bounds read in smb2_sess_setup | *869ef4f296ksmbd: add missing compound request handing in some commands | *2d57a1590fworkqueue: clean up WORK_* constant types, clarify masking | *4b5ab640aanet: lan743x: Don't sleep in atomic context | *5a45ed1ae3HID: amd_sfh: Fix for shift-out-of-bounds | *d0b30d8e4dHID: amd_sfh: Rename the float32 variable * |bd041b5977ANDROID: GKI: Fix block/genhd.c exports from having their CRC changed * |c0e5631df8Revert "blk-mq: fix potential io hang by wrong 'wake_batch'" * |c057db2f88Revert "bpf: Remove bpf trampoline selector" * |17f0b3c7eeRevert "drm/bridge: Introduce pre_enable_prev_first to alter bridge init order" * |b3c3fc85c7Revert "drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec" * |b435525822Merge 6.1.39 into android14-6.1-lts |\| | *a456e17438Linux 6.1.39 | *f32dfc802eio_uring: Use io_schedule* in cqring wait | *c55b552e0bsh: hd64461: Handle virq offset for offchip IRQ base and HD64461 IRQ | *0ff5d219ebsh: mach-dreamcast: Handle virq offset in cascaded IRQ demux | *5628b9aa31sh: mach-highlander: Handle virq offset in cascaded IRL demux | *fe7daa313dsh: mach-r2d: Handle virq offset in cascaded IRL demux | *899cc8f798block/partition: fix signedness issue for Amiga partitions | *da012a025ftty: serial: fsl_lpuart: add earlycon for imx8ulp platform | *3173bfdf89wireguard: netlink: send staged packets when setting initial private key | *561aaadf0dwireguard: queueing: use saner cpu selection wrapping | *40f83dd66anetfilter: nf_tables: prevent OOB access in nft_byteorder_eval | *fc95c8b02cnetfilter: nf_tables: do not ignore genmask when looking up chain by id | *05561f822fnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free | *f145373334netfilter: nf_tables: unbind non-anonymous set if rule construction fails | *ad2928e7f3mtd: parsers: refer to ARCH_BCMBCA instead of ARCH_BCM4908 | *1bdcffaa0ddrm/i915/tc: Fix system resume MST mode restore for DP-alt sinks | *99025116f5drm/i915/tc: Fix TC port link ref init for DP MST during HW readout | *eaa0043a85drm/i915: Fix TypeC mode initialization during system resume | *a02c6dc0efmm/mmap: Fix extra maple tree write | *9222068bc8xfs: fix xfs_inodegc_stop racing with mod_delayed_work | *1b20685295xfs: disable reaping in fscounters scrub | *25c1991f9fxfs: check that per-cpu inodegc workers actually run on that cpu | *f6e37e2400xfs: explicitly specify cpu when forcing inodegc delayed work to run immediately | *6b7c52f373fs: no need to check source | *d53879f54bblktrace: use inline function for blk_trace_remove() while blktrace is disabled | *ab0bd172d6leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename | *9077ec19adARM: orion5x: fix d2net gpio initialization | *600b51aa44ARM: dts: qcom: ipq4019: fix broken NAND controller properties override | *9030a7e836regulator: tps65219: Fix matching interrupts for their regulators | *d9eaa90d7dASoC: mediatek: mt8173: Fix snd_soc_component_initialize error path | *1c9b356bbeASoC: mediatek: mt8173: Fix irq error path | *3929b5dd8fbtrfs: do not BUG_ON() on tree mod log failure at __btrfs_cow_block() | *bc662a1e1fbtrfs: fix extent buffer leak after tree mod log failure at split_node() | *a53d78d9a8btrfs: fix race when deleting quota root from the dirty cow roots list | *9634e5360bbtrfs: reinsert BGs failed to reclaim | *d9f1e518abbtrfs: add block-group tree to lockdep classes | *3702c5342cbtrfs: bail out reclaim process if filesystem is read-only | *8560861095btrfs: delete unused BGs while reclaiming BGs | *4fadf53fa9btrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile | *8fcb478b55ipvs: increase ip_vs_conn_tab_bits range for 64BIT | *759e582b1cusb: typec: ucsi: Mark dGPUs as DEVICE scope | *f2a6ce3eeci2c: nvidia-gpu: Remove ccgx,firmware-build property | *7b67af8deai2c: nvidia-gpu: Add ACPI property to align with device-tree | *f40d621387fs: Lock moved directories | *10c159f994fs: Establish locking order for unrelated directories | *6654d2a165Revert "f2fs: fix potential corruption when moving a directory" | *6aaa22ec73ext4: Remove ext4 locking of moved directory | *606e463eeffs: avoid empty option when generating legacy mount string | *6df680709djffs2: reduce stack usage in jffs2_build_xattr_subsystem() | *1f34bf8b44shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs | *23fbff67b0mm/damon/ops-common: atomically test and clear young on ptes and pmds | *33893c6c1fautofs: use flexible array in ioctl structure | *cd52323ac4integrity: Fix possible multiple allocation in integrity_inode_get() | *0cbbb029ffum: Use HOST_DIR for mrproper | *219a9ec09dwatch_queue: prevent dangling pipe pointer | *7ecea5ce3dbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent | *68118c339cbcache: Remove unnecessary NULL point check in node allocations | *25ec4779d0bcache: fixup btree_cache_wait list damage | *97ccc14d11wifi: mt76: mt7921e: fix init command fail with enabled device | *d8985a0e44wifi: ath10k: Serialize wake_tx_queue ops | *1a312d5a8cwifi: cfg80211: fix regulatory disconnect for non-MLO | *5b2b6586c5mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used. | *30c5f362b6mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS | *69bc320351mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M | *182bf07a24mmc: core: disable TRIM on Kingston EMMC04G-M627 | *b50d6e06ccio_uring: wait interruptibly for request completions on exit | *9440b24fbcirqchip/loongson-pch-pic: Fix initialization of HT vector register | *2b4e43b5adNFSD: add encoding of op_recall flag for write delegation | *f672f2ca9dirqchip/loongson-pch-pic: Fix potential incorrect hwirq assignment | *8753eeb2d3i2c: qup: Add missing unwind goto in qup_i2c_probe() | *b990e37603btrfs: do not BUG_ON() on tree mod log failure at balance_level() | *2445a35d05extcon: usbc-tusb320: Unregister typec port on driver removal | *ee08e1fc94extcon: usbc-tusb320: Convert to i2c's .probe_new() | *d5eb0375d7dm ioctl: Avoid double-fetch of version | *2798779419dm ioctl: have constant on the right side of the test | *fd4497aca3dm: avoid split of quoted strings where possible | *0783867a30dm: fix undue/missing spaces | *15970b0828i2c: xiic: Don't try to handle more interrupt events after error | *e9fbb7c2f6apparmor: fix missing error check for rhashtable_insert_fast | *8fb11fa480sh: dma: Fix DMA channel offset calculation | *b837c69236s390/qeth: Fix vipa deletion | *f5ea303502afs: Fix accidental truncation when storing data | *4a141c3c03octeontx-af: fix hardware timestamp configuration | *947d741adfnet: dsa: sja1105: always enable the send_meta options | *079dc659e3net: dsa: tag_sja1105: fix MAC DA patching from meta frames | *97a6d99c54pptp: Fix fib lookup calls. | *0a1b80ff4friscv: move memblock_allow_resize() after linear mapping is ready | *78c6cf1dc7fanotify: disallow mount/sb marks on kernel internal pseudo fs | *18d78c5552net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX | *67eb4aee2cxsk: Honor SO_BINDTODEVICE on bind | *6baa6e4836bpf, btf: Warn but return no error for NULL btf from __register_btf_kfunc_id_set() | *cd398daabetcp: annotate data races in __tcp_oow_rate_limited() | *ced61418f4net: fix net_dev_start_xmit trace event vs skb_transport_offset() | *6469dc1c13net: dsa: tag_sja1105: fix source port decoding in vlan_filtering=0 bridge mode | *fd03500476net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode | *d50baa75c6powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node | *d33b0ddf7apowerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y | *c86a2517dfntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr() | *a5485a9431octeontx2-af: Add validation before accessing cgx and lmac | *bd246c92d2octeontx2-af: Fix mapping for NIX block from CGX connection | *c2c5c6d2c4f2fs: fix error path handling in truncate_dnode() | *cfdb9c1a74mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 | *4033b47642drm/amd: Don't try to enable secure display TA multiple times | *0d4e60e23cdrm/amdgpu: fix number of fence calculations | *d3dcdb43c8spi: bcm-qspi: return error if neither hif_mspi nor mspi is available | *d4f5b1dd81mlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init | *0b24d3e4b9net: dsa: vsc73xx: fix MTU configuration | *f67ef8f9f6ibmvnic: Do not reset dql stats on NON_FATAL err | *c07efe4dbcBluetooth: MGMT: Fix marking SCAN_RSP as not connectable | *40ca66eef3Bluetooth: MGMT: Use BIT macro when defining bitfields | *1a7f268cccBluetooth: MGMT: add CIS feature bits to controller information | *4aa515393fBluetooth: ISO: use hci_sync for setting CIG parameters | *018b12ff16Bluetooth: fix invalid-bdaddr quirk for non-persistent setup | *102f3555ceAdd MODULE_FIRMWARE() for FIRMWARE_TG357766. | *f721042447net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT | *060d36670dnet: dsa: sja1105: always enable the INCL_SRCPT option | *2f99d19dc6net: dsa: felix: don't drop PTP frames with tag_8021q when RX timestamping is disabled | *e9dda2b68cnet: mscc: ocelot: don't keep PTP configuration of all ports in single structure | *7826202689net: mscc: ocelot: don't report that RX timestamping is enabled by default | *a252547c89spi: spi-geni-qcom: enable SPI_CONTROLLER_MUST_TX for GPI DMA mode | *946edfb7d4net/sched: act_ipt: add sanity checks on skb before calling target | *a6c9b0f7banet: add a couple of helpers for iph tot_len | *201948effanet/sched: act_ipt: add sanity checks on table name and hook locations | *1aa5a6a6d2sctp: fix potential deadlock on &net->sctp.addr_wq_lock | *9dbcfc01d6media: cec: i2c: ch7322: also select REGMAP | *0623f13959f2fs: check return value of freeze_super() | *dcb526d768drm/i915/guc/slpc: Apply min softlimit correctly | *61070305d5drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times | *df53f7a3dbrtc: st-lpc: Release some resources in st_rtc_probe() in case of error | *3781d0e6c1md/raid10: fix the condition to call bio_end_io_acct() | *07e81c9208pwm: mtk_disp: Fix the disable flow of disp_pwm | *75439e6cd2pwm: ab8500: Fix error code in probe() | *61aad933e5pwm: sysfs: Do not apply state to already disabled PWMs | *c8fa254b77pwm: imx-tpm: force 'real_period' to be zero in suspend | *29ddfd5460lib/bitmap: drop optimization of bitmap_{from,to}_arr64 | *d986fb02a1phy: tegra: xusb: check return value of devm_kzalloc() | *055ea8efdfmfd: stmpe: Only disable the regulators if they are enabled | *f7d56de13chwtracing: hisi_ptt: Fix potential sleep in atomic context | *34eef9e8c8clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags | *94f3bcfcd1misc: fastrpc: check return value of devm_kasprintf() | *7e3ee25e8ccpufreq: mediatek: correct voltages for MT7622 and MT7623 | *86bfb18badKVM: s390/diag: fix racy access of physical cpu number in diag 9c handler | *c78ad1060cKVM: s390: vsie: fix the length of APCB bitmap | *e716693f02mfd: stmfx: Nullify stmfx->vdd in case of error | *18abe5f4c3mfd: stmfx: Fix error path in stmfx_chip_init | *5bd9dc3e76bus: fsl-mc: don't assume child devices are all fsl-mc devices | *e27948f329nvmem: rmem: Use NVMEM_DEVID_AUTO | *2791847940nvmem: sunplus-ocotp: release otp->clk before return | *e3a71d821edrivers: fwnode: fix fwnode_irq_get[_byname]() | *51ae92e329device property: Clarify description of returned value in some functions | *73209e3f8adevice property: Fix documentation for fwnode_get_next_parent() | *852659fe83serial: 8250_omap: Use force_suspend and resume for system suspend | *e348173400Revert "usb: common: usb-conn-gpio: Set last role to unknown before initial detection" | *22b1e2af69mfd: intel-lpss: Add missing check for platform_get_resource | *2e8ab68460mfd: wcd934x: Fix an error handling path in wcd934x_slim_probe() | *7a37abf096usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() | *04b1c0798dusb: common: usb-conn-gpio: Set last role to unknown before initial detection | *155bb9b4e3usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() | *63b3360d43usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() | *90159b329fKVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes | *ebe83e9bb8f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() | *15c073e752f2fs: fix potential deadlock due to unpaired node_write lock use | *2e980eb955gfs2: Fix duplicate should_fault_in_pages() call | *f5d7f9e155sh: Avoid using IRQ0 on SH3 and SH4 | *d199218881media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() | *c8470b7de8media: venus: helpers: Fix ALIGN() of non power of two | *8339bd9181mfd: rt5033: Drop rt5033-battery sub-device | *6d702c7a22coresight: Fix loss of connection info when a module is unloaded | *76efcb6cdai3c: master: svc: fix cpu schedule in spin lock | *c0ed8b8049lkdtm: replace ll_rw_block with submit_bh | *f5d80ad7b6kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR | *9c4f52b618serial: 8250: lock port for UART_IER access in omap8250_irq() | *3a1ab191e0serial: core: lock port for start_rx() in uart_resume_port() | *65a7cfc009serial: 8250: lock port for stop_rx() in omap8250_irq() | *44470207dbserial: core: lock port for stop_rx() in uart_suspend_port() | *c494fe1b66usb: misc: eud: Fix eud sysfs path (use 'qcom_eud') | *b5ab04a19eusb: hide unused usbfs_notify_suspend/resume functions | *dd9b7c89a8usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() | *ac961d0571extcon: Fix kernel doc of property capability fields to avoid warnings | *e4c94de6caextcon: Fix kernel doc of property fields to avoid warnings | *e60a827ac0usb: gadget: u_serial: Add null pointer check in gserial_suspend | *c3b322b84ausb: dwc3: qcom: Fix potential memory leak | *6aecf5e19bstaging: vchiq_arm: mark vchiq_platform_init() static | *2ed441a763clk: qcom: mmcc-msm8974: use clk_rcg2_shared_ops for mdp_clk_src clock | *3c4f7d4990clk: qcom: dispcc-qcm2290: Fix GPLL0_OUT_DIV handling | *203ab76704clk: qcom: dispcc-qcm2290: Fix BI_TCXO_AO handling | *b80c4629e9clk: qcom: ipq6018: fix networking resets | *b20854ef6cclk: qcom: reset: support resetting multiple bits | *0e481ef854media: mediatek: vcodec: using decoder status instead of core work count | *42ec6269f9media: hi846: fix usage of pm_runtime_get_if_in_use() | *1ac45cab77media: i2c: Correct format propagation for st-mipid02 | *8abb53c516media: usb: siano: Fix warning due to null work_func_t function pointer | *e230146b86media: videodev2.h: Fix struct v4l2_input tuner index comment | *cb8e8950d7media: amphion: initiate a drain of the capture queue in dynamic resolution change | *c0d500726cmedia: amphion: drop repeated codec data for vc1g format | *bc43061b42media: amphion: drop repeated codec data for vc1l format | *a8af55f7f4media: usb: Check az6007_read() return value | *0b3d2aa627clk: qcom: gcc-qcm2290: Mark RCGs shared where applicable | *792998a8cfclk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks | *f0cafc443cclk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs | *51e5f4e720clk: qcom: mmcc-msm8974: remove oxili_ocmemgx_clk | *9812b33d17serial: 8250: omap: Fix freeing of resources on failed register | *b6e30a54a5usb: dwc2: Fix some error handling paths | *98b6582b37usb: dwc2: platform: Improve error reporting for problems during .remove() | *e91366b72csh: j2: Use ioremap() to translate device tree address into kernel memory | *d6dd477436f2fs: do not allow to defragment files have FI_COMPRESS_RELEASED | *190bdec8a7dt-bindings: power: reset: qcom-pon: Only allow reboot-mode pre-pmk8350 | *c3f5604abaw1: fix loop in w1_fini() | *eab6485377w1: w1_therm: fix locking behavior in convert_t | *ef04741188SUNRPC: Fix UAF in svc_tcp_listen_data_ready() | *6f1c81886bbtrfs: fix race when deleting free space root from the dirty cow roots list | *defc914227block: increment diskseq on all media change events | *28b58a8d10block: change all __u32 annotations to __be32 in affs_hardblocks.h | *40d6a1261ablock: add overflow checks for Amiga partition support | *a4c79ea1e9block: fix signed int overflow in Amiga partition support | *3eb4e47a94ALSA: pcm: Fix potential data race at PCM memory allocation helpers | *14eb1a2b6fALSA: jack: Fix mutex call in snd_jack_report() | *83c6725556ALSA: hda/realtek: Add quirk for Clevo NPx0SNx | *21ce551a85ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook | *e0d7a96b27mm/mmap: Fix VM_LOCKED check in do_vmi_align_munmap() | *b91748bdbfRevert "drm/amd/display: edp do not add non-edid timings" | *96b1bc9a6fiio: accel: fxls8962af: fixup buffer scan element type | *04a579517biio: accel: fxls8962af: errata bug only applicable for FXLS8962AF | *fcdae54e3diio: adc: ad7192: Fix internal/external clock selection | *b61f26a8a0iio: adc: ad7192: Fix null ad7192_state pointer access | *238edc04ddphy: tegra: xusb: Clear the driver reference in usb-phy dev | *c2a0884134usb: dwc3: gadget: Propagate core init errors to UDC during pullup | *a0b3696203USB: serial: option: add LARA-R6 01B PIDs | *f57e2c0830md/raid1-10: fix casting from randomized structure in raid1_submit_write() | *b6872b4a7dx86/efi: Make efi_set_virtual_address_map IBT safe | *9766921494arm64: sme: Use STR P to clear FFR context field in streaming SVE mode | *be54803be8ksmbd: avoid field overflow warning | *babaab6ef6smb: client: fix broken file attrs with nodfs mounts | *9fb981a86acifs: do all necessary checks for credits within or before locking | *4fe07d55a5cifs: prevent use-after-free by freeing the cfile later | *e28d7a3f4befi/libstub: Disable PCI DMA before grabbing the EFI memory map | *1e596c181ckbuild: Disable GCOV for *.mod.o | *c5696a8a54hwrng: st - keep clock enabled while hwrng is registered | *d88158d816dax/kmem: Pass valid argument to memory_group_register_static | *7b8106d905dax: Introduce alloc_dev_dax_id() | *03859868abdax: Fix dax_mapping_release() use after free | *1bf709b962SMB3: Do not send lease break acknowledgment if all file handles have been closed | *c2bf8d7b8fNFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION | *7053178436NFSv4.2: fix wrong shrinker_id | *08749a9005crypto: qat - unmap buffers before free for RSA | *32b09834c3crypto: qat - unmap buffer before free for DH | *da1729e661crypto: qat - Use helper to set reqsize | *2db49992fccrypto: kpp - Add helper to set reqsize | *c14964fe8eARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard | *dd872d5576modpost: fix off by one in is_executable_section() | *64c358c9abcrypto: jitter - correct health test during initialization | *7ab0e37f80crypto: marvell/cesa - Fix type mismatch warning | *6852d82e6cmodpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} | *1df287bd89modpost: fix section mismatch message for R_ARM_ABS32 | *5a4adb1ececrypto: nx - fix build warnings when DEBUG_FS is not enabled | *2be41ef57cmodpost: remove broken calculation of exception_table_entry size | *22c30022cdhwrng: virtio - Fix race on data_avail and actual data | *8f98749d53vfio/mdev: Move the compat_class initialization to module init | *e2e52c8dfbPCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() | *222f64e56bPCI: endpoint: functions/pci-epf-test: Fix dma_chan direction | *e14379d026PCI: endpoint: Fix a Kconfig prompt of vNTB driver | *38b64bdb72PCI: endpoint: Fix Kconfig indent style | *4e6c406ccbpowerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary | *ea356080c1powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo | *526129937criscv: uprobes: Restore thread.bad_cause | *d25166e1e9PCI: qcom: Disable write access to read only registers for IP v2.9.0 | *1cf0ecb0c7PCI: qcom: Use DWC helpers for modifying the read-only DBI registers | *8640e941fdPCI: qcom: Use lower case for hex | *a350f10777PCI: qcom: Sort and group registers and bitfield definitions | *db962c7a71PCI: qcom: Remove PCIE20_ prefix from register definitions | *865d128cabpowerpc: update ppc_save_regs to save current r1 in pt_regs | *4cff1be1cbpowerpc: simplify ppc_save_regs | *d9a1aaea85powerpc/powernv/sriov: perform null check on iov before dereferencing iov | *0af388fce3pinctrl: at91-pio4: check return value of devm_kasprintf() | *35404a47bapinctrl: microchip-sgpio: check return value of devm_kasprintf() | *4e82f92c34powerpc/64s: Fix VAS mm use after free | *75d65c1cc4perf tool x86: Fix perf_env memory leak | *0dafc849b9perf tool x86: Consolidate is_amd check into single function | *c94376dbd6platform/x86/dell/dell-rbtn: Fix resources leaking on error path | *9999a9f004perf dwarf-aux: Fix off-by-one in die_get_varname() | *4e06e8b1f9platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles | *4309bd9e98perf script: Fix allocation of evsel->priv related to per-event dump files | *7cfd310111powerpc/signal32: Force inlining of __unsafe_save_user_regs() and save_tm_user_regs_unsafe() | *af0c61c5bbpowerpc/interrupt: Don't read MSR from interrupt_exit_kernel_prepare() | *081f642b31kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures | *c32afc7e86pinctrl: npcm7xx: Add missing check for ioremap | *fc45a8be5epinctrl:sunplus: Add check for kmalloc | *8362ea6158platform/x86: think-lmi: Correct NVME password handling | *699b593101platform/x86: think-lmi: Correct System password interface | *61545eb787platform/x86: think-lmi: mutex protection around multiple WMI calls | *d1390b057dpinctrl: cherryview: Return correct value if pin in push-pull mode | *1ebe7d40edperf bench: Add missing setlocale() call to allow usage of %'d style formatting | *251c6615a7scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state | *7d3664d24fPCI: Add pci_clear_master() stub for non-CONFIG_PCI | *019d4fd93apinctrl: sunplus: Add check for kmalloc | *bc796f65cdPCI: ftpci100: Release the clock resources | *a982c13e11PCI: pciehp: Cancel bringup sequence if card is not present | *6c1b079e26scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() | *7aecdd4791PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free | *3a080e1b11platform/x86: lenovo-yogabook: Set default keyboard backligh brightness on probe() | *fa177f7011platform/x86: lenovo-yogabook: Reprobe devices on remove() | *3e6c92a346platform/x86: lenovo-yogabook: Fix work race on remove() | *727fb7083epinctrl: bcm2835: Handle gpiochip_add_pin_range() errors | *c316bde418scsi: qedf: Fix NULL dereference in error handling | *c52502b674PCI: vmd: Reset VMD config register between soft reboots | *ebafa12c8fPCI: cadence: Fix Gen2 Link Retraining process | *79e1d940fdASoC: amd: acp: clear pdm dma interrupt mask | *c6764757e8ARM: dts: lan966x: kontron-d10: fix SPI CS | *712a7f3a06ARM: dts: lan966x: kontron-d10: fix board reset | *49451db71bclk: Fix memory leak in devm_clk_notifier_register() | *03a705c1d7ASoC: imx-audmix: check return value of devm_kasprintf() | *e4f2a1feebovl: update of dentry revalidate flags after copy up | *83356d6f0adrivers: meson: secure-pwrc: always enable DMA domain | *511b47f8cbclk: ti: clkctrl: check return value of kasprintf() | *67684f0688clk: keystone: sci-clk: check return value of kasprintf() | *a20450f473clk: si5341: free unused memory on probe failure | *11581850a7clk: si5341: check return value of {devm_}kasprintf() | *0a89a906baclk: si5341: return error if one synth clock registration fails | *5470a0e81fclk: cdce925: check return value of kasprintf() | *0b5c9e9695clk: vc5: check memory returned by kasprintf() | *af8affd123drm/msm/dpu: correct MERGE_3D length | *0e2c51a16fdrm/amdgpu: Fix usage of UMC fill record in RAS | *8d68ba9255drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function. | *643a85190aarm64: dts: mediatek: mt8192: Fix CPUs capacity-dmips-mhz | *846c79d2a5arm64: dts: mediatek: Add cpufreq nodes for MT8192 | *4e9f1a2367drm/msm/dp: Free resources after unregistering them | *ecf02762d4drm/msm/dsi: Remove incorrect references to slice_count | *ef25872788drm/msm/dsi: Flip greater-than check for slice_count and slice_per_intf | *937da3db61drm/msm/dsi: Use DSC slice(s) packet size to compute word count | *bc6d856b1cdrm/msm/dpu: Fix slice_last_group_size calculation | *7dca0dde50drm/msm/dpu: do not enable color-management if DSPPs are not available | *d28b83252eALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer | *96bafece6fclk: tegra: tegra124-emc: Fix potential memory leak | *b35cb0c05bclk: clocking-wizard: Fix Oops in clk_wzrd_register_divider() | *9ff9f928c6clk: bcm: rpi: Fix off by one in raspberrypi_discover_clocks() | *4842a84639arm64: dts: qcom: sm8250-edo: Panel framebuffer is 2.5k instead of 4k | *7089f1aa0barm64: dts: qcom: sdm845: Flush RSC sleep & wake votes | *6317d03026clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() | *280a5ff665clk: imx93: fix memory leak and missing unwind goto in imx93_clocks_probe | *9ba3693b03clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe | *1839032251clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe | *bf7ab557d6RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context | *c9be352be9RDMA/bnxt_re: wraparound mbox producer index | *154bed0fd6drm/msm/a5xx: really check for A510 in a5xx_gpu_init | *b10db1d213amdgpu: validate offset_in_bo of drm_amdgpu_gem_va | *1afca9e0feRDMA/rxe: Fix access checks in rxe_check_bind_mw | *0cd210c594RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_mw.c | *34bbf074f7RDMA/rxe: Add ibdev_dbg macros for rxe | *78cb71dd60HID: uclogic: Modular KUnit tests should not depend on KUNIT=y | *1420545b8adrm/radeon: fix possible division-by-zero errors | *c1164aeb96drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode | *82934a338bsoc: mediatek: SVS: Fix MT8192 GPU node name | *fabadad9e2drm/amdkfd: Fix potential deallocation of previously deallocated memory. | *384717042ddrm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() | *36786e2a73drm/amd/display: Fix a test CalculatePrefetchSchedule() | *4812faba0aclk: Export clk_hw_forward_rate_request() | *90d4c487cdARM: dts: BCM5301X: fix duplex-full => full-duplex | *1ae94553dchwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 | *421d359127hwmon: (gsc-hwmon) fix fan pwm temperature scaling | *9e633411d1ARM: dts: stm32: fix i2s endpoint format property for stm32mp15xx-dkx | *dc2707deebARM: dts: stm32: Fix audio routing on STM32MP15xx DHCOM PDK2 | *03b2c470a1Input: pm8941-powerkey - fix debounce on gen2+ PMICs | *421ce97657arm64: dts: ti: k3-j7200: Fix physical address of pin | *3b4c218040fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() | *52b04ac85fdrm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register | *6878bdd757arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 | *5d14292dbaARM: dts: iwg20d-q7-common: Fix backlight pwm specifier | *766e0b6f4cRDMA/hns: Fix hns_roce_table_get return value | *b99395ab60IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate | *ebec507398RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes | *750f0a302asoc/fsl/qe: fix usb.c build errors | *b2194d7dfcARM: dts: meson8: correct uart_B and uart_C clock references | *863054be8dASoC: es8316: Do not set rate constraints for unsupported MCLKs | *3b575d9302ASoC: es8316: Increment max value for ALC Capture Target Volume control | *c02f27c295ARM: dts: qcom: apq8074-dragonboard: Set DMA as remotely controlled | *9f79e638d4memory: brcmstb_dpfe: fix testing array offset after use | *09722ac9f1ARM: dts: stm32: Shorten the AV96 HDMI sound card name | *666be7fef4arm64: dts: mediatek: mt8183: Add mediatek,broken-save-restore-fw to kukui | *1bdb9751b4arm64: dts: qcom: apq8096: fix fixed regulator name property | *75c019119earm64: dts: qcom: pm7250b: add missing spmi-vadc include | *c63997426dARM: omap2: fix missing tick_broadcast() prototype | *e91ffbd655ARM: ep93xx: fix missing-prototype warnings | *deda0761dcdrm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H | *25a724c2fadrm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec | *5044e5f251drm/bridge: Introduce pre_enable_prev_first to alter bridge init order | *1d9473b88earm64: dts: qcom: apq8016-sbc: Fix 1.8V power rail on LS expansion | *638d54f5c5arm64: dts: qcom: apq8016-sbc: Fix regulator constraints | *2ad75715fcarm64: dts: qcom: sdm845-polaris: add missing touchscreen child node reg | *266cf247ddarm64: dts: qcom: sm8350: correct DMA controller unit address | *42d0fbbbf4arm64: dts: qcom: sm8350: Add GPI DMA compatible fallback | *aa14fefca2arm64: dts: qcom: sdm845: correct camss unit address | *e3789d63a3arm64: dts: qcom: sdm630: correct camss unit address | *173b6412a5arm64: dts: qcom: msm8996: correct camss unit address | *4d810c12d6arm64: dts: qcom: msm8994: correct SPMI unit address | *98cd405217arm64: dts: qcom: msm8916: correct MMC unit address | *aa2d2407f5arm64: dts: qcom: msm8916: correct camss unit address | *0cff846820ARM: dts: qcom: msm8974: do not use underscore in node name (again) | *376daf3aa8drm/bridge: anx7625: Prevent endless probe loop | *4536679f79drm/bridge: anx7625: Convert to i2c's .probe_new() | *93a0378035ARM: dts: gta04: Move model property out of pinctrl node | *af5bcfb4f8clk: renesas: rzg2l: Fix CPG_SIPLL5_CLK1 register write | *2128318c91iommu/virtio: Return size mapped for a detached domain | *0f2c11ccfdiommu/virtio: Detach domain on endpoint release | *ed41f708b3drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK | *f4c6e5d734drm/msm/disp/dpu: get timing engine status from intf status register | *74abb8d3cddrm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed rate | *dd129da1fdRDMA/bnxt_re: Fix to remove an unnecessary log | *c37eca42acRDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid | *66eb6c47b5RDMA/bnxt_re: Use unique names while registering interrupts | *f2279e3e38RDMA/bnxt_re: Fix to remove unnecessary return labels | *b43b064498RDMA/bnxt_re: Disable/kill tasklet only if it is enabled | *280e58d8b0hwmon: (f71882fg) prevent possible division by zero | *08cc7cd2c2clk: imx: scu: use _safe list iterator to avoid a use after free | *3fc9637f37drm/bridge: tc358767: Switch to devm MIPI-DSI helpers | *929b6c6e6aarm64: dts: microchip: sparx5: do not use PSCI on reference boards | *13602e6132bus: ti-sysc: Fix dispc quirk masking bool variables | *46a8dff210ARM: dts: stm32: Move ethernet MAC EEPROM from SoM to carrier boards | *7a3c39e34cdrm/vkms: Fix RGB565 pixel conversion | *048b7168acdrm: Add fixed-point helper to get rounded integer values | *fa4ee16e81drm/vkms: isolate pixel conversion functionality | *9d59f5f52cASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices | *49fca83f6fdriver: soc: xilinx: use _safe loop iterator to avoid a use after free | *39bdb97f87drm/panel: sharp-ls043t1le01: adjust mode settings | *aeca0e1c33drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` | *ac96a15163Input: adxl34x - do not hardcode interrupt trigger type | *3134cc51e9clk: rs9: Fix .driver_data content in i2c_device_id | *6014e7422cclk: vc7: Fix .driver_data content in i2c_device_id | *53b5b4d1a8clk: vc5: Fix .driver_data content in i2c_device_id | *4db655d1b2bootmem: remove the vmemmap pages from kmemleak in free_bootmem_page | *548b67c0aaclk: vc5: Use `clamp()` to restrict PLL range | *50fb32197fmm: call arch_swap_restore() from do_swap_page() | *5cf97c2df2ARM: dts: meson8b: correct uart_B and uart_C clock references | *2b55a98572ARM: dts: BCM5301X: Drop "clock-names" from the SPI node | *2dc8b685d9drm/vram-helper: fix function names in vram helper doc | *8e739c8c6edrm/bridge: tc358768: fix THS_TRAILCNT computation | *010f68aecddrm/bridge: tc358768: fix TXTAGOCNT computation | *7b19315737drm/bridge: tc358768: fix THS_ZEROCNT computation | *2545a8d06adrm/bridge: tc358768: fix TCLK_TRAILCNT computation | *587ba0805edrm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation | *06dc491cf4drm/bridge: tc358768: fix TCLK_ZEROCNT computation | *9d56ec0b24drm/bridge: tc358768: fix PLL target frequency | *d2aad3c1e4drm/bridge: tc358768: fix PLL parameters computation | *c4cf126320drm/bridge: tc358768: always enable HS video mode | *63f3bc83b1drm/bridge: ti-sn65dsi83: Fix enable error path | *df3b7e337dInput: drv260x - sleep between polling GO bit | *9d27705e3cdrm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() | *9fbe61e3c2drm/amd/display: Explicitly specify update type per plane info change | *cb86b0e3d9radeon: avoid double free in ci_dpm_init() | *064e33b359drm/amd/display: Add logging for display MALL refresh setting | *3b3186c770netlink: Add __sock_i_ino() for __netlink_diag_dump(). | *f6d2e25c64ipvlan: Fix return value of ipvlan_queue_xmit() | *d6cf5026afnetfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. | *5c618daa50netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one | *cfcb9f0a49lib/ts_bm: reset initial match offset for every block of text | *425d9d3a92net: nfc: Fix use-after-free caused by nfc_llcp_find_local | *446f556793sfc: fix crash when reading stats while NIC is resetting | *94817712b5ocfs2: Fix use of slab data with sendpage | *8c438ff5d9net: axienet: Move reset before 64-bit DMA detection | *17d6b6354fgtp: Fix use-after-free in __gtp_encap_destroy(). | *b48c24392dselftests: rtnetlink: remove netdevsim device after ipsec offload test | *37b6143376bonding: do not assume skb mac_header is set | *e9331c8fa4netlink: do not hard code device address lenth in fdb dumps | *61ffe8b1eenetlink: fix potential deadlock in netlink_set_err() | *509d5d40c2net: stmmac: fix double serdes powerdown | *12bcb53328can: kvaser_pciefd: Set hardware timestamp on transmitted packets | *70ace9ba20can: kvaser_pciefd: Add function to set skb hwtstamps | *787b404209can: length: fix bitstuffing count | *cfb3106234bpf: Fix bpf socket lookup from tc/xdp to respect socket VRF bindings | *c7415c521abpf: Call __bpf_sk_lookup()/__bpf_skc_lookup() directly via TC hookpoint | *5e9b38de66bpf: Factor out socket lookup functions for the TC hookpoint. | *e3754e9741wifi: ath9k: convert msecs to jiffies where needed | *52bc4b89cdwifi: iwlwifi: mvm: indicate HW decrypt for beacon protection | *ed98f5c074mmc: Add MMC_QUIRK_BROKEN_SD_CACHE for Kingston Canvas Go Plus from 11/2019 | *f114b159b2wifi: ieee80211: Fix the common size calculation for reconfiguration ML | *ffb0733664wifi: cfg80211/mac80211: Fix ML element common size calculation | *132b7129c5wifi: cfg80211: fix regulatory disconnect with OCB/NAN | *27268ba347wifi: cfg80211: drop incorrect nontransmitted BSS update code | *0862669693wifi: cfg80211: rewrite merging of inherited elements | *d875120c35wifi: mac80211: Remove "Missing iftype sband data/EHT cap" spam | *2d690495ebwifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() | *657a83f079wifi: iwlwifi: pull from TXQs with softirqs disabled | *41b1704fadwifi: ath11k: Add missing check for ioremap | *228dd5d5fdrtnetlink: extend RTEXT_FILTER_SKIP_STATS to IFLA_VF_INFO | *c682018f5cwifi: mac80211: Fix permissions for valid_links debugfs entry | *41fc1c5678wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() | *16b5292beememstick r592: make memstick_debug_get_tpc_name() static | *93126e3966mmc: mediatek: Avoid ugly error message when SDIO wakeup IRQ isn't used | *fd4f89302fkexec: fix a memory leak in crash_shrink_memory() | *6525435d14watchdog/perf: more properly prevent false positives with turbo modes | *a3cf423b58watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config | *b27af27fc9selftests: cgroup: fix unexpected failure on test_memcg_low | *75704a10eaice: handle extts in the miscellaneous interrupt thread | *77f09d836bwifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown | *eb205a0690wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled | *54257a7634selftests/bpf: Fix check_mtu using wrong variable type | *da79a0bc36wifi: mac80211: recalc min chandef for new STA links | *272240f20dwifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart | *cf5beb8ce9samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60 | *09740fa982wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes | *0d89e50952wifi: ray_cs: Fix an error handling path in ray_probe() | *3d218755c4wifi: wl3501_cs: Fix an error handling path in wl3501_probe() | *d5569b970bwifi: atmel: Fix an error handling path in atmel_probe() | *e48b7c2416wifi: orinoco: Fix an error handling path in orinoco_cs_probe() | *9a201822adwifi: orinoco: Fix an error handling path in spectrum_cs_probe() | *4fc6481323regulator: core: Streamline debugfs operations | *6a241e6b9eregulator: core: Fix more error checking for debugfs_create_dir() | *be84e69082selftests/bpf: Do not use sign-file as testcase | *20109ddd5bbpf: Fix memleak due to fentry attach failure | *8ea165e1f8bpf: Remove bpf trampoline selector | *1949721c74bpftool: JIT limited misreported as negative value on aarch64 | *bac93b35f9nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() | *34d04d7019spi: dw: Round of n_bytes to power of 2 | *c6a9fc82febpf: Don't EFAULT for {g,s}setsockopt with wrong optlen | *34fe7aa8eflibbpf: fix offsetof() and container_of() to work with CO-RE | *8404f8de1esctp: add bpf_bypass_getsockopt proto callback | *f21f2ae562wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() | *51cb8329f2wifi: wilc1000: fix for absent RSN capabilities WFA testcase | *ded1a7a570spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG | *56c25f2763samples/bpf: Fix buffer overflow in tcp_basertt | *a7434a4dcclibbpf: btf_dump_type_data_check_overflow needs to consider BTF_MEMBER_BITFIELD_SIZE | *d1c2ff2bd8wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx | *6928d6e9b0wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation | *bb3a9ed2b1igc: Enable and fix RX hash usage by netstack | *f57ba91a46pstore/ram: Add check for kstrdup | *2672144b86ima: Fix build warnings | *9085f2ca94evm: Fix build warnings | *b050ade6e0evm: Complete description of evm_inode_setattr() | *ea1432a402locking/atomic: arm: fix sync ops | *6b54f5c684x86/mm: Fix __swp_entry_to_pte() for Xen PV guests | *3745f628c3perf/ibs: Fix interface via core pmu events | *64d09c0e83kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined | *b8a6ba524drcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale | *3506e64ec1rcu/rcuscale: Move rcu_scale_*() after kfree_scale_cleanup() | *7a34922194rcuscale: Move shutdown from wait_event() to wait_event_idle() | *a0a1f1c924rcutorture: Correct name of use_softirq module parameter | *b1cdc56bc1rcu-tasks: Stop rcu_tasks_invoke_cbs() from using never-onlined CPUs | *d58f0f0ce6rcu: Make rcu_cpu_starting() rely on interrupts being disabled | *5d56a8d670thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() | *2b7e2251c4cpufreq: intel_pstate: Fix energy_performance_preference for passive | *50d64210eeARM: 9303/1: kprobes: avoid missing-declaration warnings | *3f9e54eb38PM: domains: Move the verification of in-params from genpd_add_device() | *f1f5248cedpowercap: RAPL: Fix CONFIG_IOSF_MBI dependency | *be9c8c9c84drivers/perf: hisi: Don't migrate perf to the CPU going to teardown | *6b025ec148x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() | *c598fefef3x86/mm: Allow guest.enc_status_change_prepare() to fail | *3e03681f07perf/arm-cmn: Fix DTC reset | *6368a71dcaPM: domains: fix integer overflow issues in genpd_parse_state() | *919dd531ebclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe | *2d3f42d22ftracing/timer: Add missing hrtimer modes to decode_hrtimer_mode(). | *77cc52f1b8tick/rcu: Fix bogus ratelimit condition | *e7aff15ba2posix-timers: Prevent RT livelock in itimer_delete() | *9a53410038erofs: fix compact 4B support for 16k block size | *ec94df6bcferofs: simplify iloc() | *423453bb50svcrdma: Prevent page release when nothing was received | *faf004e98dirqchip/jcore-aic: Fix missing allocation of IRQ descriptors | *0cf83d3698irqchip/stm32-exti: Fix warning on initialized field overwritten | *aa07e56c6ablock: fix blktrace debugfs entries leakage | *067c08f78dmd/raid1-10: submit write io directly if bitmap is not enabled | *f98b89fbf8md/raid1-10: factor out a helper to submit normal write | *fa0f13a833md/raid1-10: factor out a helper to add bio to plug | *a5a1ec06efmd/raid10: fix io loss while replacement replace rdev | *222cc459d5md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request | *05d10428e8md/raid10: fix wrong setting of max_corr_read_errors | *b5cb16d31bmd/raid10: fix overflow of md/safe_mode_delay | *be1a3ec63amd/raid10: check slab-out-of-bounds in md_bitmap_get_counter | *e1379e067bnvme-core: fix dev_pm_qos memleak | *bf3c2caab9nvme-core: add missing fault-injection cleanup | *a584cf03ffnvme-auth: don't ignore key generation failures when initializing ctrl keys | *43d0724d75nvme-core: fix memory leak in dhchap_ctrl_secret | *2e9b141307nvme-core: fix memory leak in dhchap_secret_store | *0a220ef9ddnvme-auth: no need to reset chap contexts on re-authentication | *3999c850e7nvme-auth: remove symbol export from nvme_auth_reset | *9de0a1dfe3nvme-auth: rename authentication work elements | *3f6c988897nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap | *ce16368280lockd: drop inappropriate svc_get() from locked_get() | *931bd6758bblk-mq: fix potential io hang by wrong 'wake_batch' | *c2a0eb3b20virt: sevguest: Add CONFIG_CRYPTO dependency | *7ca5e95f2ax86/sev: Fix calculation of end address based on number of pages | *8ceeb3fc86blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost | *c0df916535x86/resctrl: Only show tasks' pid in current pid namespace | *d3b39ea248erofs: kill hooked chains to avoid loops on deduplicated compressed images | *daed10290berofs: move zdata.h into zdata.c | *041ff2c21berofs: remove tagged pointer helpers | *3379f13ebcerofs: avoid tagged pointers to mark sync decompression | *3564500b0derofs: clean up cached I/O strategies | *73b9d7ea08block: Fix the type of the second bdev_op_is_zoned_write() argument | *0fd958feaefs: pipe: reveal missing function protoypes | *9f12effd40drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 * |79ad050bddMerge 6.1.38 into android14-6.1-lts |\| | *61fd484b2cLinux 6.1.38 | *c50065a392drm/amd/display: Ensure vmin and vmax adjust for DCE | *9d0b2afadfdrm/amdgpu: Validate VM ioctl flags. | *fe56f507a1docs: Set minimal gtags / GNU GLOBAL version to 6.6.5 | *c437b26bc3scripts/tags.sh: Resolve gtags empty index generation | *50e36c2897perf symbols: Symbol lookup with kcore can fail if multiple segments match stext | *67e3b5230cnubus: Partially revert proc_create_single_data() conversion | *296927dbaeexecve: always mark stack as growing down during early stack setup | *d856e6f8a0PCI/ACPI: Call _REG when transitioning D-states | *788c76c33dPCI/ACPI: Validate acpi_pci_set_power_state() parameter | *a905b0b318drm/amd/display: Do not update DRR while BW optimizations pending | *dd6d6f9d47drm/amd/display: Remove optimization for VRR updates | *6b2849b3e0xtensa: fix lock_mm_and_find_vma in case VMA not found * |8dc085b841Merge 6.1.37 into android14-6.1-lts |\| | *0f4ac6b4c5Linux 6.1.37 | *323846590cxtensa: fix NOMMU build with lock_mm_and_find_vma() conversion | *c2d89256decsky: fix up lock_mm_and_find_vma() conversion | *4a1db15878parisc: fix expand_stack() conversion | *0a1da2dde4sparc32: fix lock_mm_and_find_vma() conversion | *00f04a3385Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe" | *a536383ef0HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651. | *d89750b196HID: wacom: Use ktime_t rather than int when dealing with timestamps | *879e79c3aeHID: hidraw: fix data race on device refcount | *cae8542495fbdev: fix potential OOB read in fast_imageblit() | *e6bbad7571mm: always expand the stack with the mmap write lock held | *c4b31d1b69execve: expand new process stack manually ahead of time | *6a6b5616c3mm: make find_extend_vma() fail if write lock not held | *48c232819epowerpc/mm: convert coprocessor fault to lock_mm_and_find_vma() | *21ee33d51bmm/fault: convert remaining simple cases to lock_mm_and_find_vma() | *1f4197f050arm/mm: Convert to using lock_mm_and_find_vma() | *ac764deea7riscv/mm: Convert to using lock_mm_and_find_vma() | *7227d70accmips/mm: Convert to using lock_mm_and_find_vma() | *82972ea17bpowerpc/mm: Convert to using lock_mm_and_find_vma() | *b92cd80e5farm64/mm: Convert to using lock_mm_and_find_vma() | *755aa1bc6amm: make the page fault mmap locking killable | *d6a5c7a1a6mm: introduce new 'lock_mm_and_find_vma()' page fault helper | *4e2ad53abamaple_tree: fix potential out-of-bounds access in mas_wr_end_piv() | *31cde3bdadcan: isotp: isotp_sendmsg(): fix return error fix on TX path | *0af4750eaax86/smp: Cure kexec() vs. mwait_play_dead() breakage | *6d3b2e0aefx86/smp: Use dedicated cache-line for mwait_play_dead() | *50a1abc677x86/smp: Remove pointless wmb()s from native_stop_other_cpus() | *e47037d28bx86/smp: Dont access non-existing CPUID leaf | *edadebb349x86/smp: Make stop_other_cpus() more robust | *94a69d6999x86/microcode/AMD: Load late on both threads too | *84f077802emm, hwpoison: when copy-on-write hits poison, take page offline | *4af5960d7cmm, hwpoison: try to recover from copy-on write faults | *69925a346amptcp: ensure listener is unhashed before updating the sk status | *42a018a796mm/mmap: Fix error return in do_vmi_align_munmap() | *a149174ff8mm/mmap: Fix error path in do_vmi_align_munmap() * |8b02e8901dMerge branch 'android14-6.1' into 'android14-6.1-lts' * |16e5091129ANDROID: ABI: Update STG ABI to format version 2 * |1ef7816a50Merge branch 'android14-6.1' into 'android14-6.1-lts' * |524f946fbcMerge branch 'android14-6.1' into 'android14-6.1-lts' * |bfa917516cRevert "gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain()" * |a09603eb2fMerge 6.1.36 into android14-6.1-lts |\| | *a1c449d00fLinux 6.1.36 | *29429a1f58smb: move client and server files to common directory fs/smb | *9d3e4bca4bi2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle | *81d4078f7ax86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys | *679354bea0KVM: arm64: Restore GICv2-on-GICv3 functionality | *6ab9468d3evhost_net: revert upend_idx only on retriable error | *454e4f391avhost_vdpa: tell vqs about the negotiated | *1af1cd7be3drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl | *022f2306d9drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl | *aa88042218drm/exynos: vidi: fix a wrong error return | *711f727f7bnull_blk: Fix: memory release when memory_backed=1 | *f6076a1386ARM: dts: Fix erroneous ADS touchscreen polarities | *1d1baefacdi2c: mchp-pci1xxxx: Avoid cast to incompatible function type | *8e32575994ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 | *cfa01235b5ASoC: fsl_sai: Enable BCI bit if SAI works on synchronous mode with BYP asserted | *570583c625s390/purgatory: disable branch profiling | *c2888c460dgfs2: Don't get stuck writing page onto itself under direct I/O | *878dad66b9ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x | *1c97025d44ASoC: nau8824: Add quirk to active-high jack-detect | *5cc506e9b3soundwire: qcom: add proper error paths in qcom_swrm_startup() | *2839e0b64esoundwire: dmi-quirks: add new mapping for HP Spectre x360 | *ee4d36a14dASoC: simple-card: Add missing of_node_put() in case of error | *e701fb0a5dASoC: codecs: wcd938x-sdw: do not set can_multi_write flag | *06b9522ca8spi: lpspi: disable lpspi module irq in DMA mode | *39a77f005fs390/cio: unregister device when the only path is gone | *552a24eb71arm64: dts: qcom: sc7280-qcard: drop incorrect dai-cells from WCD938x SDW | *4de58b7c14arm64: dts: qcom: sc7280-idp: drop incorrect dai-cells from WCD938x SDW | *2e8ebf1a44Input: soc_button_array - add invalid acpi_index DMI quirk handling | *ba0cc7a2e5nvme: improve handling of long keep alives | *06d9ec407fnvme: check IO start time when deciding to defer KA | *8a72260619nvme: double KA polling frequency to avoid KATO with TBKAS on | *c8f988c37ausb: gadget: udc: fix NULL dereference in remove() | *3f6391062dbtrfs: fix an uninitialized variable warning in btrfs_log_inode | *a2c3e9bfc0nfcsim.c: Fix error checking for debugfs_create_dir | *a05df06431media: cec: core: don't set last_initiator if tx in progress | *f37956a140media: cec: core: disable adapter in cec_devnode_unregister | *9d8ac2726csmb3: missing null check in SMB2_change_notify | *3e8458c5b2arm64: Add missing Set/Way CMO encodings | *8428f4c00dHID: wacom: Add error check to wacom_parse_and_register() | *aaa50510adscsi: target: iscsi: Prevent login threads from racing between each other | *0357259cb1gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain() | *8592ada80egpio: sifive: add missing check for platform_get_irq | *cb1108e174gpiolib: Fix GPIO chip IRQ initialization restriction | *90714f7ed7arm64: dts: rockchip: fix nEXTRST on SOQuartz | *e51abd4808arm64: dts: rockchip: Enable GPU on SOQuartz CM4 | *ec3d0f12e7revert "net: align SO_RCVMARK required privileges with SO_MARK" | *b2e2f9c093sch_netem: acquire qdisc lock in netem_change() | *0434277b72platform/x86/amd/pmf: Register notify handler only if SPS is enabled | *2d580c73afselftests: forwarding: Fix race condition in mirror installation | *eff07bf118io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr | *1b7b048c22bpf: Force kprobe multi expected_attach_type for kprobe_multi link | *fc3afb3378bpf/btf: Accept function names that contain dots | *22cc989f2bRevert "net: phy: dp83867: perform soft reset and retain established link" | *3e04743dbanetfilter: nfnetlink_osf: fix module autoload | *abd3afddbfnetfilter: nf_tables: disallow updates of anonymous sets | *c34b220385netfilter: nf_tables: reject unbound chain set before commit phase | *46f801ab5fnetfilter: nf_tables: reject unbound anonymous set before commit phase | *b60c0ce0ffnetfilter: nf_tables: disallow element updates of bound anonymous sets | *0d836f9175netfilter: nft_set_pipapo: .walk does not deal with generations | *d60be2da67netfilter: nf_tables: drop map element references from preparation phase | *df27be7c15netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain | *891cd2edddnetfilter: nf_tables: fix chain binding transaction logic | *f5b6dbec26be2net: Extend xmit workaround to BE3 chip | *50f689918dnet: dsa: mt7530: fix handling of LLDP frames | *a50f84af21net: dsa: mt7530: fix handling of BPDUs on MT7530 switch | *a4e4c71901net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch | *7fd2e9a69eipvs: align inner_mac_header for encapsulation | *6d1eec1f2dmmc: usdhi60rol0: fix deferred probing | *7e10fff133mmc: sh_mmcif: fix deferred probing | *565b8bd290mmc: sdhci-acpi: fix deferred probing | *645f89ee3emmc: owl: fix deferred probing | *251101c32ammc: omap_hsmmc: fix deferred probing | *0057a905demmc: omap: fix deferred probing | *f73b380518mmc: mvsdio: fix deferred probing | *4806f6b6b7mmc: mtk-sd: fix deferred probing | *d28b7a8733net: qca_spi: Avoid high load if QCA7000 is not available | *1d4dd09f13sfc: use budget for TX completions | *0bbb8164ednet/mlx5: DR, Fix wrong action data allocation in decap action | *b062caf4f7xfrm: Linearize the skb after offloading if needed. | *fff9a18e01selftests: net: fcnal-test: check if FIPS mode is enabled | *0793ead2ffselftests: net: vrf-xfrm-tests: change authentication and encryption algos | *6919634176selftests: net: tls: check if FIPS mode is enabled | *ac5671d100bpf: Fix a bpf_jit_dump issue for x86_64 with sysctl bpf_jit_enable. | *8bb51cdc4fxfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets | *d9a0b1a53cbpf: Fix verifier id tracking of scalars on spill | *461fc3391cbpf: track immediate values written to stack by BPF_ST instruction | *b36ba84f09KVM: arm64: PMU: Restore the host's PMUSERENR_EL0 | *c803e91600xfrm: Ensure policies always checked on XFRM-I input path | *94e81817f0xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c | *8ea03341f7xfrm: Treat already-verified secpath entries as optional | *43489b2cbaieee802154: hwsim: Fix possible memory leaks | *caddcdf2a9mmc: meson-gx: fix deferred probing | *1a2793a25amemfd: check for non-NULL file_seals in memfd_create() syscall | *364fdcbb03x86/mm: Avoid using set_pgd() outside of real PGD pages | *cbfee3d9d5nilfs2: prevent general protection fault in nilfs_clear_dirty_page() | *24f473769eio_uring/poll: serialize poll linked timer start with poll removal | *2d80c85fa4arm64: dts: rockchip: Fix rk356x PCIe register and range mappings | *277a7c23b5regmap: spi-avmm: Fix regmap_bus max_raw_write | *b385b1d28eregulator: pca9450: Fix LDO3OUT and LDO4OUT MASK | *ad5daeaa3dspi: spi-geni-qcom: correctly handle -EPROBE_DEFER from dma_request_chan() | *21945b7a86wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0 | *1dfca388fcbpf: ensure main program has an extable | *03b2149d5ammc: sunxi: fix deferred probing | *8b8756324cmmc: bcm2835: fix deferred probing | *1db5a39a90mmc: sdhci-spear: fix deferred probing | *f1b17198e4mmc: mmci: stm32: fix max busy timeout calculation | *6c2af0fd83mmc: meson-gx: remove redundant mmc_request_done() call from irq context | *687d34c578mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 | *3dd0041c41mmc: litex_mmc: set PROBE_PREFER_ASYNCHRONOUS | *0d7a4e6589cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in freezer_css_{online,offline}() | *7b162a18d3cgroup: Do not corrupt task iteration when rebinding subsystem | *c2c46a7028mptcp: consolidate fallback and non fallback state machine | *1d31275426mptcp: fix possible list corruption on passive MPJ | *b747e75598mptcp: fix possible divide by zero in recvmsg() | *b7bb71dfb5mptcp: handle correctly disconnect() failures | *1d9dc9bed9io_uring/net: disable partial retries for recvmsg with cmsg | *4d729cc67bio_uring/net: clear msg_controllen on partial sendmsg retry | *4db49d59a8PCI: hv: Add a per-bus mutex state_lock | *091d03d198PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic | *5c09925b18PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev | *da2fff20d9Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" | *a74a9d9b75PCI: hv: Fix a race condition bug in hv_pci_query_relations() | *ba803d7ac1Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs | *191cb91329Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails | *4f7e702b74KVM: Avoid illegal stage2 mapping on invalid memory slot | *390aeb5ae7ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() | *8e63b1fd24nilfs2: fix buffer corruption due to concurrent device reads | *d5d7cde2adscripts: fix the gfp flags header path in gfp-translate | *4a89bfb1a1writeback: fix dereferencing NULL mapping->host on writeback_page_template | *1fed1f8513selftests: mptcp: join: fix "userspace pm add & remove address" | *53e096bcaeselftests: mptcp: join: skip fail tests if not supported | *f17459121cselftests: mptcp: join: skip userspace PM tests if not supported | *f40a7ded34selftests: mptcp: join: skip test if iptables/tc cmds fail | *bce23d1254selftests: mptcp: sockopt: skip TCP_INQ checks if not supported | *157dcb2000selftests: mptcp: diag: skip listen tests if not supported | *755c8857abselftests/mount_setattr: fix redefine struct mount_attr build error | *94851666afselftests: mptcp: join: skip MPC backups tests if not supported | *fe1f28db73selftests: mptcp: join: skip fullmesh flag tests if not supported | *6313c493e3selftests: mptcp: join: skip backup if set flag on ID not supported | *efb4f6c2ddselftests: mptcp: join: skip implicit tests if not supported | *dd6c284a34selftests: mptcp: join: support RM_ADDR for used endpoints or not | *695cce2f2cselftests: mptcp: join: skip Fastclose tests if not supported | *0381f30735selftests: mptcp: join: support local endpoint being tracked or not | *1c0d9b4b47selftests: mptcp: join: skip check if MIB counter not supported | *e35edb09e5selftests: mptcp: join: helpers to skip tests | *4d65ec947dselftests: mptcp: join: use 'iptables-legacy' if available | *44d3366bf4selftests: mptcp: lib: skip if not below kernel version | *c5bdd8eb8eselftests: mptcp: userspace pm: skip if not supported | *733bf9d80dselftests: mptcp: userspace pm: skip if 'ip' tool is unavailable | *bfe225dec6selftests: mptcp: sockopt: skip getsockopt checks if not supported | *103b4e62deselftests: mptcp: sockopt: relax expected returned size | *61c1bf0666selftests: mptcp: pm nl: skip fullmesh flag checks if not supported | *41f7f7f6e4selftests: mptcp: pm nl: remove hardcoded default limits | *e79e5e7642selftests: mptcp: connect: skip disconnect tests if not supported | *cba0db9c15selftests: mptcp: connect: skip transp tests if not supported | *9ead68270bselftests: mptcp: lib: skip if missing symbol | *4bed22c687selftests: mptcp: join: fix ShellCheck warnings | *a032ccca15selftests: mptcp: remove duplicated entries in usage | *0c6552f837tick/common: Align tick period during sched_timer setup | *854156d12cksmbd: validate session id and tree id in the compound request | *c86211159bksmbd: fix out-of-bound read in smb2_write | *9650cf70ecksmbd: validate command payload size | *0fd4ac3773tpm_crb: Add support for CRB devices based on Pluton | *a46fa56966tpm, tpm_tis: Claim locality in interrupt handler | *2e7ad879e1mm: Fix copy_from_user_nofault(). | *4ed740c648ata: libata-scsi: Avoid deadlock on rescan after device resume | *c4465bff4dtty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A | *17732fed85tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms | *9bcac45389drm/amd/display: fix the system hang while disable PSR | *e538342002drm/amd/display: Add wrapper to call planes and stream update | *8d855bc676drm/amd/display: Use dc_update_planes_and_stream * |1118d7f559ANDROID: GKI: irq-gic-v3: fix up breakage in 6.1.35 merge * |1e4b07ffa3Merge 6.1.35 into android14-6.1-lts |\| | *e84a4e368aLinux 6.1.35 | *a76d4933c3kbuild: Update assembler calls to use proper flags and language target | *5abcd2c18dMIPS: Prefer cc-option for additions to cflags | *1d485ddcbaMIPS: Move '-Wa,-msoft-float' check from as-option to cc-option | *d51d258997x86/boot/compressed: prefer cc-option for CFLAGS additions | *bdd22f2aa1scsi: target: core: Fix error path in target_setup_session() | *741c96715fneighbour: delete neigh_lookup_nodev as not used | *26435338f9net/sched: act_api: add specific EXT_WARN_MSG for tc action | *ab1bbd79f4Revert "net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy" | *8f37599811net/sched: act_api: move TCA_EXT_WARN_MSG to the correct hierarchy | *4b4cae8e4bdrm/amdgpu: Don't set struct drm_driver.output_poll_changed | *c6cbb4e1c1rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period | *8d842af30bparisc: Delete redundant register definitions in <asm/assembly.h> | *616aba5536afs: Fix vlserver probe RTT handling | *34dc1eed99octeon_ep: Add missing check for ioremap | *35d848164fselftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET | *6ab77b3b85net: tipc: resize nlattr array to correct size | *d24c965817dm: don't lock fs when the map is NULL during suspend or resume | *010179208csfc: fix XDP queues mode with legacy IRQ | *23efdbfa8enet: macsec: fix double free of percpu stats | *4ea1f33444net: lapbether: only support ethernet devices | *59f0c7bec3net: dsa: felix: fix taprio guard band overflow at 10Mbps with jumbo frames | *3626e93cd8net/sched: cls_api: Fix lockup on flushing explicitly created chain | *fa285d799dext4: drop the call to ext4_error() from ext4_get_group_info() | *d7d6e830cdcifs: fix lease break oops in xfstest generic/098 | *e8119d4d16selftests: forwarding: hw_stats_l3: Set addrgenmode in a separate step | *ea3f336f71net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting | *ac57be24dcnet/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs | *096c00ea80sched: add new attr TCA_EXT_WARN_MSG to report tc extact message | *e568e0e168selftests/tc-testing: Fix SFB db test | *700d7bf300selftests/tc-testing: Fix Error: failed to find target LOG | *8a086daf20selftests/tc-testing: Fix Error: Specified qdisc kind is unknown. | *62aecf23f3drm/nouveau: add nv_encoder pointer check for NULL | *fb725beca6drm/nouveau/dp: check for NULL nv_connector->native_mode | *a5acbe4ea5drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow | *90748be0f4drm/nouveau: don't detect DSM for non-NVIDIA device | *835457c0d6net: phylink: use a dedicated helper to parse usgmii control word | *fabf9cb413net: phylink: report correct max speed for QUSGMII | *df7477a8bdigb: fix nvm.ops.read() error handling | *9710e5c30bigc: Fix possible system crash when loading module | *c6612bf33eigc: Clean the TX buffer and TX descriptor ring | *fe289f8feesctp: fix an error code in sctp_sf_eat_auth() | *0b8ae7d6e4ipvlan: fix bound dev checking for IPv6 l3s mode | *33bd6b76acnet: ethtool: correct MAX attribute value for stats | *277fbf63b3IB/isert: Fix incorrect release of isert connection | *f77965f487IB/isert: Fix possible list corruption in CMA handler | *4e55c9abe9IB/isert: Fix dead lock in ib_isert | *1def2a94f4RDMA/mlx5: Fix affinity assignment | *8618f8f723IB/uverbs: Fix to consider event queue closing also upon non-blocking mode | *4dc0b367c3RDMA/cma: Always set static rate to 0 for RoCE | *ec6d49687dRDMA/mlx5: Create an indirect flow table for steering anchor | *3a83145b66RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions | *c764fed5e5octeontx2-af: fix lbk link credits on cn10k | *7c6d504146octeontx2-af: fixed resource availability check | *b4a3cae58ciavf: remove mask from iavf_irq_enable_queues() | *26256aa7edRDMA/rxe: Fix the use-before-initialization error of resp_pkts | *b0b3848e03RDMA/rxe: Removed unused name from rxe_task struct | *e83bc93886wifi: mac80211: take lock before setting vif links | *170ceadf4awifi: cfg80211: fix link del callback to call correct handler | *49f3a79f03wifi: mac80211: fix link activation settings order | *07f9cc229bnet/sched: cls_u32: Fix reference counter leak leading to overflow | *c9411f014eocteontx2-af: Fix promiscuous mode | *5cf38fbc82net/sched: act_pedit: Parse L3 Header for L4 offset | *fb25478f66net/sched: act_pedit: remove extra check for key type | *b4e5d0c4cfnet/sched: simplify tcf_pedit_act | *300be9f1dcigb: Fix extts capture value format for 82580/i354/i350 | *a4a912aee1ping6: Fix send to link-local addresses with VRF. | *381d49ec68net: enetc: correct the indexes of highest and 2nd highest TCs | *4aaa3b730dnetfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE | *bec51844f9ice: Fix XDP memory leak when NIC is brought up and down | *8fddf3f051netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM | *55b7a00f34netfilter: nf_tables: integrate pipapo into commit protocol | *839d38d3b0spi: fsl-dspi: avoid SCK glitches with continuous transfers | *4857924806spi: cadence-quadspi: Add missing check for dma_set_mask | *2906e0d75bRDMA/rxe: Fix ref count error in check_rkey() | *7617a59f00RDMA/rxe: Fix packet length checks | *00b276bc7bRDMA/rtrs: Fix rxe_dealloc_pd warning | *77226c9785RDMA/rtrs: Fix the last iu->buf leak in err path | *03285557deusb: dwc3: gadget: Reset num TRBs before giving back the request | *7bee7f13c0USB: dwc3: fix use-after-free on core driver unbind | *307fe59490USB: dwc3: qcom: fix NULL-deref on suspend | *d8195536ceusb: gadget: udc: core: Prevent soft_connect_store() race | *3c048d42c3usb: gadget: udc: core: Offload usb_udc_vbus_handler processing | *3a1882841fusb: typec: Fix fast_role_swap_current show function | *2bf8ea2e9eusb: typec: ucsi: Fix command cancellation | *b352f7b6a6serial: lantiq: add missing interrupt ack | *04b3145db2USB: serial: option: add Quectel EM061KGL series | *03b5964a28clk: pxa: fix NULL pointer dereference in pxa3xx_clk_update_accr | *5532962c9ethunderbolt: Mask ring interrupt on Intel hardware as well | *d799f73d5dthunderbolt: dma_test: Use correct value for absent rings when creating paths | *081b5f1ebcthunderbolt: Do not touch CL state configuration during discovery | *1eb0eff7daALSA: hda/realtek: Add a quirk for Compaq N14JP6 | *21863dc45adrm/amdgpu: add missing radeon secondary PCI ID | *6f5b5ce939drm/amd/pm: workaround for compute workload type on some skus | *b69a10df90drm/amd: Tighten permissions on VBIOS flashing attributes | *b2706d862bdrm/amd: Make sure image is written to trigger VBIOS image update flow | *ee8c6580c3drm/amd/display: edp do not add non-edid timings | *2cb6026df1net: usb: qmi_wwan: add support for Compal RXM-G1 | *5d1fdfb3d1drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 | *f6d74371ceRDMA/uverbs: Restrict usage of privileged QKEYs | *5a144bad3enouveau: fix client work fence deletion race | *33965ac340net: ethernet: stmicro: stmmac: fix possible memory leak in __stmmac_open | *bfaf388d35dm thin: fix issue_discard to pass GFP_NOIO to __blkdev_issue_discard | *088ad777eedm thin metadata: check fail_io before using data_sm | *1886db9a4eALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback | *029e0f1f75ALSA: usb-audio: Fix broken resume due to UAC3 power state | *9e1c7968a2btrfs: can_nocow_file_extent should pass down args->strict from callers | *4e9da0cda1btrfs: fix iomap_begin length for nocow writes | *4389fb6b6abtrfs: do not ASSERT() on duplicated global roots | *7e23b1ec72powerpc/purgatory: remove PGO flags | *352f62431ariscv/purgatory: remove PGO flags | *2cf6e32e86x86/purgatory: remove PGO flags | *013027918akexec: support purgatories with .text.hot sections | *c9c3163c7aio_uring/net: save msghdr->msg_control for retries | *cffaa97ffbLoongArch: Fix perf event id calculation | *ad64865722nilfs2: reject devices with insufficient block count | *69caea4eednilfs2: fix possible out-of-bounds segment allocation in resize ioctl | *8f47a9665anilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() | *3d4bc38f71nios2: dts: Fix tse_mac "max-frame-size" property | *447f325497zswap: do not shrink if cgroup may not zswap | *9f17645f85ocfs2: check new file size on fallocate call | *534b4bbc85ocfs2: fix use-after-free when unmounting read-only filesystem | *3a340c63c0epoll: ep_autoremove_wake_function should use list_del_init_careful | *6d304091e0wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() | *b11f953a61wifi: cfg80211: fix locking in regulatory disconnect | *9a9adc42a5irqchip/gic: Correctly validate OF quirk descriptors | *22efb27a21NVMe: Add MAXIO 1602 to bogus nid list. | *c9c2059450io_uring: unlock sqd->lock before sq thread release CPU | *8ca9880735drm:amd:amdgpu: Fix missing buffer object unlock in failure path | *41c383c496xen/blkfront: Only check REQ_FUA for writes | *75955d6986ASoC: dwc: move DMA init to snd_soc_dai_driver probe() | *7e57a56374ASoC: cs35l41: Fix default regmap values for some registers | *424fc90272mips: Move initrd_start check after initrd address sanitisation. | *dd035c08eeMIPS: Alchemy: fix dbdma2 | *34dd1a90abMIPS: Restore Au1300 support | *048ad52d52MIPS: unhide PATA_PLATFORM | *3d48ea53c4parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() | *e522a12e48parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() | *0b09b35caeASoC: Intel: avs: Add missing checks on FE startup | *5daa27bcb3ASoC: Intel: avs: Account for UID of ACPI device | *c33fded7f1ASoC: soc-pcm: test if a BE can be prepared | *0a9b2164b7btrfs: handle memory allocation failure in btrfs_csum_one_bio | *e9a5175d5ebtrfs: scrub: try harder to mark RAID56 block groups read-only | *c45aed7431drm: panel-orientation-quirks: Change Air's quirk to support Air Plus | *2d9144c0capower: supply: Fix logic checking if system is running from battery | *808e103ebairqchip/meson-gpio: Mark OF related data as maybe unused | *0cdb593c2firqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues | *bf8324676bregulator: Fix error checking for debugfs_create_dir | *c94be1f039platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 | *cdf9cfc1bbPCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports | *22358b9c41power: supply: Ratelimit no data debug output | *a7620312a0selftests: gpio: gpio-sim: Fix BUG: test FAILED due to recent change | *79a0a3695etools: gpio: fix debounce_period_us output of lsgpio | *cc1444a363ARM: dts: vexpress: add missing cache properties | *398bf0d67bpower: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() | *66a88d04cfpower: supply: sc27xx: Fix external_power_changed race | *e3d2bdca18power: supply: ab8500: Fix external_power_changed race | *628e40a225of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset() | *e01fc7caacksmbd: validate smb request protocol id | *fec79e4f7dEDAC/qcom: Get rid of hardcoded register offsets | *4b3ec6b6ffqcom: llcc/edac: Fix the base address used for accessing LLCC banks | *314e973f36cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() | *c68b4db581cgroup: always put cset in cgroup_css_set_put_fork | *7a2e2ca9adcgroup: bpf: use cgroup_lock()/cgroup_unlock() wrappers | *6111f0add6test_firmware: prevent race conditions by a correct implementation of locking | *aa2dfdc4edtest_firmware: Use kstrtobool() instead of strtobool() | *100cd6d0e5x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed * |ed6634a559Merge 'android14-6.1' into 'android14-6.1-lts' * |3a63e65526Revert "Bluetooth: fix debugfs registration" * |fb909d9beaRevert "Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER" * |18dcace71eRevert "net/ipv6: fix bool/int mismatch for skip_notify_on_dev_down" * |16cecdd743Revert "neighbour: fix unaligned access to pneigh_entry" * |ee4c9c95ffMerge 6.1.34 into android14-6.1-lts |\| | *ca87e77a2eLinux 6.1.34 | *1aaa74177fRevert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE" | *a7e9c2e407wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS | *8fafd87155wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS | *5b2438f0a7ext4: only check dquot_initialize_needed() when debugging | *77eed67ba2Revert "ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled" | *543c12c264ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop | *8f2984233cksmbd: fix out-of-bound read in parse_lease_state() | *bf12d7fb63ksmbd: fix out-of-bound read in deassemble_neg_contexts() | *fb322da83cvhost_vdpa: support PACKED when setting-getting vring_base | *b839b65456vhost: support PACKED when setting-getting vring_base | *6c5a69c5ddvduse: avoid empty string for dev name | *7e48d635f2riscv: fix kprobe __user string arg print fault issue | *14e4f37e46soundwire: stream: Add missing clear of alloc_slave_rt | *e17734900aeeprom: at24: also select REGMAP | *67180e079briscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable | *e4b76cd771i2c: sprd: Delete i2c adapter in .remove's error path | *c53f2e8462gpio: sim: fix memory corruption when adding named lines and unnamed hogs | *4106894328firmware: arm_ffa: Set handle field to zero in memory descriptor | *f24cb5a042i2c: mv64xxx: Fix reading invalid status value in atomic mode | *8e64012c03arm64: dts: imx8mn-beacon: Fix SPI CS pinmux | *b64bbe8b1ablk-mq: fix blk_mq_hw_ctx active request accounting | *c3d87d415fASoC: simple-card-utils: fix PCM constraint error check | *c0f9f799baASoC: mediatek: mt8195: fix use-after-free in driver remove path | *50f2160afbASoC: mediatek: mt8195-afe-pcm: Convert to platform remove callback returning void | *370711d7f0arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts | *efe115560aarm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals | *5a607e53f2arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards | *037449ce1cASoC: codecs: wsa881x: do not set can_multi_write flag | *8b13854f26ASoC: codecs: wsa883x: do not set can_multi_write flag | *58ab8a0ff8ARM: dts: at91: sama7g5ek: fix debounce delay property for shdwc | *4b8ebe5393ARM: at91: pm: fix imbalanced reference counter for ethernet devices | *c97f30d215arm64: dts: qcom: sc8280xp: Flush RSC sleep & wake votes | *df9bc25d13mm: page_table_check: Ensure user pages are not slab pages | *08378f0314mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM | *3901170529usb: usbfs: Use consistent mmap functions | *80e29f11beusb: usbfs: Enforce page requirements for mmap | *42a7314f2bpinctrl: meson-axg: add missing GPIOA_18 gpio group | *fdeb712929soc: qcom: icc-bwmon: fix incorrect error code passed to dev_err_probe() | *30c26b985cvirtio_net: use control_buf for coalesce params | *222a6bc8a7rbd: get snapshot context after exclusive lock is ensured to be held | *d647ee673crbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting | *939f00e482tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta' | *d088bea08aBluetooth: hci_qca: fix debugfs registration | *e5ae01fd46Bluetooth: fix debugfs registration | *a5490d6a74Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk | *1e1e2ee0cfs390/dasd: Use correct lock while counting channel queue length | *6f5c0eec89ceph: fix use-after-free bug for inodes when flushing capsnaps | *443cf752f7selftests: mptcp: update userspace pm subflow tests | *8f0ba8ec18selftests: mptcp: update userspace pm addr tests | *3fa051b18fmptcp: update userspace pm infos | *9b7fa33fdamptcp: add address into userspace pm list | *d80a36ad40mptcp: only send RM_ADDR in nl_cmd_remove | *e0b04a9f97can: j1939: avoid possible use-after-free when j1939_can_rx_register fails | *8a46c4a2bccan: j1939: change j1939_netdev_lock type to mutex | *db15e90a8ccan: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket | *727964650awifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif() | *8953be60ecdrm/amd/display: Reduce sdp bw after urgent to 90% | *8695a443addrm/amd/pm: Fix power context allocation in SMU13 | *8e143bae25drm/amdgpu: change reserved vram info print | *34419aa0b4drm/amdgpu: fix xclk freq on CHIP_STONEY | *416ba40ff3drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs | *8d42c563e4drm/i915/gt: Use the correct error value when kernel_context() fails | *b40b349132ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 | *b1acff11b6ALSA: hda/realtek: Add Lenovo P3 Tower platform | *6321135063ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 | *0df0097ea2ALSA: ice1712,ice1724: fix the kcontrol->id initialization | *caad8a0a10ALSA: hda/realtek: Add quirk for Clevo NS50AU | *3454490e03ALSA: cmipci: Fix kctl->id initialization | *c35034fd64ALSA: gus: Fix kctl->id initialization | *1f6c520932ALSA: ymfpci: Fix kctl->id initialization | *be0b9b7a6dALSA: hda: Fix kctl->id initialization | *c8a46f39ddInput: fix open count when closing inhibited device | *f9172a0bb5Input: psmouse - fix OOB access in Elantech protocol | *00b59734f5Input: xpad - delete a Razer DeathAdder mouse VID/PID entry | *32c2c234bcbatman-adv: Broken sync while rescheduling delayed work | *f9b9c84696bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks | *abc7062313bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event | *5ce24936d5bnxt_en: Skip firmware fatal error recovery if chip is not accessible | *5fc86a4580bnxt_en: Query default VLAN before VNIC setup on a VF | *53a0c6d5c9bnxt_en: Don't issue AP reset during ethtool's reset operation | *5df74018d1net: bcmgenet: Fix EEE implementation | *d4925800a4lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() | *c5a17f3247drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram | *dbc880567abpf: Add extra path pointer check to d_path helper | *06177b9290net: sched: fix possible refcount leak in tc_chain_tmplt_add() | *e582ceda5anet: sched: act_police: fix sparse errors in tcf_police_dump() | *60f39768efnet: sched: move rtm_tca_policy declaration to include file | *76eef453a6drm/i915/selftests: Add some missing error propagation | *4e7f1f6da7drm/i915/selftests: Stop using kthread_stop() | *9d9a38b563net: sched: add rcu annotations around qdisc->qdisc_sleeping | *8a74ea37e1rfs: annotate lockless accesses to RFS sock flow table | *3d9eface2erfs: annotate lockless accesses to sk->sk_rxhash | *f8e6aa0e60tcp: gso: really support BIG TCP | *251b5d68acipv6: rpl: Fix Route of Death. | *65f2def206netfilter: nf_tables: out-of-bound check in chain blob | *fea199dbf6netfilter: ipset: Add schedule point in call_ad(). | *f057da51c0netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper | *1f26ea49a5netfilter: nft_bitwise: fix register tracking | *81e11b6c1aselftests/bpf: Fix sockopt_sk selftest | *1ba0353545selftests/bpf: Verify optval=NULL case | *0d18f8b90bwifi: cfg80211: fix locking in sched scan stop work | *4a64e92846qed/qede: Fix scheduling while atomic | *79c975514cwifi: mac80211: don't translate beacon/presp addrs | *4dd40fec5bwifi: mac80211: mlme: fix non-inheritence element | *8b6ab4bfbawifi: cfg80211: reject bad AP MLD address | *434cf4fbeewifi: mac80211: use correct iftype HE cap | *3e8a7573ffBluetooth: L2CAP: Add missing checks for invalid DCID | *66b3f7425aBluetooth: ISO: don't try to remove CIG if there are bound CIS left | *9c7e51b947Bluetooth: Fix l2cap_disconnect_req deadlock | *17aac12002Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER | *5f285409c9drm/i915: Use 18 fast wake AUX sync len | *7bf7bebdc2drm/i915: Explain the magic numbers for AUX SYNC/precharge length | *1d37434ffcnet/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values | *a22c0a0346net: enetc: correct rx_bytes statistics of XDP | *b3fc768a74net: enetc: correct the statistics of rx bytes | *7a5cdd4bc1net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT | *76e38e6e1bnet/ipv6: fix bool/int mismatch for skip_notify_on_dev_down | *3849e7fceabpf: Fix elem_size not being set for inner maps | *d7612a922bbpf: Fix UAF in task local storage | *9166225c3bnet/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294 | *332f36a09cnet: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods | *8af3119388neighbour: fix unaligned access to pneigh_entry | *898c9a0ee7bpf, sockmap: Avoid potential NULL dereference in sk_psock_verdict_data_ready() | *e783f639b8wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll | *84c699681aafs: Fix setting of mtime when creating a file/dir/symlink | *fb7058dd02spi: qup: Request DMA before enabling clocks | *ec2e12b14aplatform/surface: aggregator_tabletsw: Add support for book mode in KIP subsystem | *24845da026platform/surface: aggregator: Allow completion work-items to be executed in parallel | *31c3de5f7bspi: mt65xx: make sure operations completed before unloading | *097acf0aa6net: sfp: fix state loss when updating state_hw_mask | *ec3ce2c7cfscsi: megaraid_sas: Add flexible array member for SGLs * |32d0f34bbcRevert "tcp: deny tcp_disconnect() when threads are waiting" * |2a77668d45Merge 6.1.33 into android14-6.1-lts |\| | *2f3918bc53Linux 6.1.33 | *c3fcfe8931ext4: enable the lazy init thread when remounting read/write | *84683a2cf5selftests: mptcp: join: avoid using 'cmp --bytes' | *fbb6db561dselftests: mptcp: simult flows: skip if MPTCP is not supported | *4bc022b953selftests: mptcp: diag: skip if MPTCP is not supported | *e8631d84c0arm64: efi: Use SMBIOS processor version to key off Ampere quirk | *b026755cc9tls: rx: strp: don't use GFP_KERNEL in softirq context | *a2961463d7xfs: verify buffer contents when we skip log replay | *4042d7ad40drm/amd/display: Have Payload Properly Created After Resume | *4a9d63181fiommu/amd/pgtbl_v2: Fix domain max address | *3264d875f5tpm, tpm_tis: Request threaded interrupt handler | *77ee4f8c02regmap: Account for register length when chunking | *a8eaa9a06afs/ntfs3: Validate MFT flags before replaying logs | *0b28edf227KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() | *4f303c0b9dksmbd: fix multiple out-of-bounds read during context decoding | *522a9417f6ksmbd: fix slab-out-of-bounds read in smb2_handle_negotiate | *4c6bdaacb3ksmbd: fix incorrect AllocationSize set in smb2_get_info | *f7add4d159ksmbd: fix UAF issue from opinfo->conn | *8072ea6743ksmbd: fix credit count leakage | *5f4d3810caKVM: x86: Account fastpath-only VM-Exits in vCPU stats | *b1d5667afaKVM: arm64: Populate fault info for watchpoint | *0659aee089test_firmware: fix the memory leak of the allocated firmware buffer | *eef67dfdc0test_firmware: fix a memory leak with reqs buffer | *33aebb0148powerpc/xmon: Use KSYM_NAME_LEN in array size | *97211945efserial: cpm_uart: Fix a COMPILE_TEST dependency | *7493392a37serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() | *3270095f6efbcon: Fix null-ptr-deref in soft_cursor | *ef8aeffb2cext4: add lockdep annotations for i_data_sem for ea_inode's | *140aa33f96ext4: disallow ea_inodes with extended attributes | *277cea6f77ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() | *b112babc56ext4: add EA_INODE checking to ext4_iget() | *9ce0319b05mptcp: fix active subflow finalization | *977a63afd4mptcp: fix connect timeout handling | *97ecfe67f5selftests: mptcp: userspace pm: skip if MPTCP is not supported | *f324df8de0selftests: mptcp: sockopt: skip if MPTCP is not supported | *0fea987ccfselftests: mptcp: join: skip if MPTCP is not supported | *17ddf2a54eselftests: mptcp: pm nl: skip if MPTCP is not supported | *68ecc09a14selftests: mptcp: connect: skip if MPTCP is not supported | *3f731926a1tracing/probe: trace_probe_primary_from_call(): checked list_first_entry | *7403630eb9tracing/histograms: Allow variables to have some modifiers | *2a1195f0e0tracing/timerlat: Always wakeup the timerlat thread | *007c042256mtdchar: mark bits of ioctl handler noinline | *d7c34c8f60selinux: don't use make's grouped targets feature yet | *6fb0b098f6io_uring: undeprecate epoll_ctl support | *94f97b8df0riscv: perf: Fix callchain parse error with kernel tracepoint events | *c40dc6e266tpm, tpm_tis: correct tpm_tis_flags enumeration values | *b0e21c42c1iommu/amd: Fix domain flush size when syncing iotlb | *251cf7fd5apowerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall | *2a72e6814fblock: fix revalidate performance regression | *867ad8cba2phy: qcom-qmp-pcie-msm8996: fix init-count imbalance | *5daf7a171dphy: qcom-qmp-combo: fix init-count imbalance | *1af8dd5403btrfs: fix csum_tree_block page iteration to avoid tripping on -Werror=array-bounds | *380d2da555tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK | *2c8aa1163ammc: pwrseq: sd8787: Fix WILC CHIP_EN and RESETN toggling order | *f25568e080mmc: vub300: fix invalid response handling | *03974abbf2x86/mtrr: Revert 90b926e68f50 ("x86/pat: Fix pat_x_mtrr_type() for MTRR disabled case") | *8db2ea7b80drm/amd/pm: reverse mclk and fclk clocks levels for renoir | *f05f3fcc78drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp | *1c729bd5b3drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 | *0f8f233ed7drm/amd/pm: resolve reboot exception for si oland | *e0a0f5d2badrm/amd/pm: reverse mclk and fclk clocks levels for vangogh | *00abb872efdrm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 | *2f91f92bd8drm/amdgpu: enable tmz by default for GC 11.0.1 | *009886965eata: libata-scsi: Use correct device no in ata_find_dev() | *63a44b01dfscsi: stex: Fix gcc 13 warnings | *2e787e5153misc: fastrpc: reject new invocations during device removal | *93f2aa05afmisc: fastrpc: return -EPIPE to invocations on device removal | *cbfed647fdmd/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() | *704842c97ausb: gadget: f_fs: Add unbind event before functionfs_unbind | *cc8c9864dausb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM | *08e8ff68a3dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type | *ef12610ff5net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 | *3cfdc3fc18iio: dac: build ad5758 driver when AD5758 is selected | *f453753900iio: adc: stm32-adc: skip adc-diff-channels setup if none is present | *735d033bediio: adc: ad7192: Change "shorted" channels to differential | *84f4d63ae1iio: addac: ad74413: fix resistance input processing | *ab0c2dffe8iio: dac: mcp4725: Fix i2c_master_send() return value handling | *89f92d4353iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag | *2eb2696051iio: adc: stm32-adc: skip adc-channels setup if none is present | *54d737d796iio: light: vcnl4035: fixed chip ID check | *2896a356eddt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value | *cb2a612c39iio: imu: inv_icm42600: fix timestamp reset | *3fb021f5c1HID: wacom: avoid integer overflow in wacom_intuos_inout() | *254be1f648HID: google: add jewel USB id | *23c241676fiio: adc: mxs-lradc: fix the order of two cleanup operations | *b6867ce5fbiio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method | *47cc3cae30media: uvcvideo: Don't expose unsupported formats to userspace | *4d77637112drivers: base: cacheinfo: Fix shared_cpu_map changes in event of CPU hotplug | *7d233f9359mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() | *4124000cf4media: mediatek: vcodec: Only apply 4K frame sizes on decoder formats | *bafe94ac99KVM: arm64: vgic: Fix locking comment | *150a5f74a5KVM: arm64: vgic: Wrap vgic_its_create() with config_lock | *4129d71e5bKVM: arm64: vgic: Fix a circular locking issue | *7df6008b87block: Deny writable memory mapping if block is read-only | *16ddd3bc67nvme-pci: Add quirk for Teamgroup MP33 SSD | *a731273f3cublk: fix AB-BA lockdep warning | *68ce1d57e5drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged | *baa8901ad7ceph: silence smatch warning in reconnect_caps_cb() | *56e5d63e4eatm: hide unused procfs functions | *47d0f62679drm/msm: Be more shouty if per-process pgtables aren't working | *c62a9a6beaALSA: oss: avoid missing-prototype warnings | *e4f1532a9cnvme: do not let the user delete a ctrl before a complete initialization | *f481c2af49nvme-multipath: don't call blk_mark_disk_dead in nvme_mpath_remove_disk | *d001347067netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT | *def67e27f2net: wwan: t7xx: Ensure init is completed before system sleep | *ae72bd1a4bwifi: b43: fix incorrect __packed annotation | *c061e13c72scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed | *7402fb48efwifi: iwlwifi: mvm: Add locking to the rate read flow | *788f129f63wifi: mac80211: recalc chanctx mindef before assigning | *a034600611wifi: mac80211: consider reserved chanctx for mindef | *aefa37aa32wifi: mac80211: simplify chanctx allocation | *bdd97c99b3arm64: vdso: Pass (void *) to virt_to_page() | *6bf0f6bfcdarm64/mm: mark private VM_FAULT_X defines as vm_fault_t | *e0b5316e2eARM: dts: stm32: add pin map for CAN controller on stm32f7 | *de16dfe7cawifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value | *329da6d07cACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P | *905b247f6es390/topology: honour nr_cpu_ids when adding CPUs | *26cfe2faa8s390/pkey: zeroize key blobs | *9f2f538cd8ASoC: SOF: pm: save io region state in case of errors in resume | *eb708aee41ASoC: SOF: sof-client-probes: fix pm_runtime imbalance in error handling | *1cc6301dfcASoC: SOF: pcm: fix pm_runtime imbalance in error handling | *a6637d5a8fASoC: SOF: debug: conditionally bump runtime_pm counter on exceptions | *d5d61f747emedia: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 | *d0088ea444media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() | *4a8ecfb220media: dvb-core: Fix use-after-free due to race at dvb_register_device() | *93b5dfebcbmedia: dvb-core: Fix use-after-free due on race condition at dvb_net | *bf3b6f82fdmedia: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table | *ea2938c27bmedia: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() | *dd68399361media: dvb_ca_en50221: fix a size write bug | *058822591bmedia: netup_unidvb: fix irq init by register it at the end of probe | *b769fbf04amedia: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address | *5d2923fb0bmedia: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() | *6906e613e6media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer | *4e896b2263media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() | *336ca9b371media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() | *1027c8c068media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() | *8914ae00dbmedia: dvb_demux: fix a bug for the continuity counter | *59dad726deASoC: ssm2602: Add workaround for playback distortions | *7fbdd3bd7bALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V | *603f239216ASoC: dt-bindings: Adjust #sound-dai-cells on TI's single-DAI codecs | *f6d2aa322cxfrm: Check if_id in inbound policy/secpath match | *40798c566bum: harddog: fix modular build | *c03dd93905ASoC: dwc: limit the number of overrun messages | *0960fb87cdASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 | *7d98a36b10nvme-pci: add quirk for missing secondary temperature thresholds | *53786bfadcnvme-pci: add NVME_QUIRK_BOGUS_NID for HS-SSD-FUTURE 2048G | *46193dd43dblock/rnbd: replace REQ_OP_FLUSH with REQ_OP_WRITE | *5af920e4d1nbd: Fix debugfs_create_dir error checking | *f83c32ed05fbdev: stifb: Fix info entry in sti_struct on error path | *be2aefa202fbdev: modedb: Add 1920x1080 at 60 Hz video mode | *c6c0a9f619fbdev: imsttfb: Fix use after free bug in imsttfb_probe | *3e336ad6f5drm/amdgpu: set gfx9 onwards APU atomics support to be true | *5ae4a618a1gfs2: Don't deref jdesc in evict | *61c3962ab1platform/mellanox: fix potential race in mlxbf-tmfifo driver | *809efd7a69platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield | *18913fc7c1media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE | *705f4dcc41hwmon: (k10temp) Add PCI ID for family 19, model 78h | *6578e0f196ARM: 9295/1: unwind:fix unwind abort for uleb128 case | *0433baa893btrfs: abort transaction when sibling keys check fails for leaves | *e2d161c539drm/ast: Fix ARM compatibility | *cad1abbe48mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() | *88a042d599drm/amdgpu: Use the default reset when loading or reloading the driver | *6a40da6007ASoC: Intel: soc-acpi-cht: Add quirk for Nextbook Ares 8A tablet | *a7ec48a419ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs. | *867dae5547watchdog: menz069_wdt: fix watchdog initialisation | *787e74b213drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" | *e2feb39312mptcp: add annotations around sk->sk_shutdown accesses | *0b9e6d64cdmptcp: fix data race around msk->first access | *519f16d96cmptcp: consolidate passive msk socket initialization | *fa2cbd1d68mptcp: simplify subflow_syn_recv_sock() | *9872e8c632mptcp: avoid unneeded address copy | *1b9e3ab669mptcp: add annotations around msk->subflow accesses | *c5ebb5cec9mptcp: avoid unneeded __mptcp_nmpc_socket() usage | *ea9d7382d5rtnetlink: call validate_linkmsg in rtnl_create_link | *62dcac528bmtd: rawnand: marvell: don't set the NAND frequency select | *2187cb72b9mtd: rawnand: marvell: ensure timing values are written | *a0843347a9net: dsa: mv88e6xxx: Increase wait after reset deactivation | *c3fc733798tcp: fix mishandling when the sack compression is deferred. | *eac615ed3cnet/sched: flower: fix possible OOB write in fl_set_geneve_opt() | *4fc2724f44iommu/mediatek: Flush IOTLB completely only if domain has been attached | *9316fdd57fnet/mlx5: Read embedded cpu after init bit cleared | *4156c6ff33net/mlx5e: Fix error handling in mlx5e_refresh_tirs | *7c3e271626nvme: fix the name of Zone Append for verbose logging | *4e5a5cda3dnfsd: fix double fget() bug in __write_ports_addfd() | *401a1cf50budp6: Fix race condition in udp6_sendmsg & connect | *507182f132net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report | *5c05ef3630net: sched: fix NULL pointer dereference in mq_attach | *f8884108a2net/sched: Prohibit regrafting ingress or clsact Qdiscs | *be3e1f71cbnet/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs | *1ec1434630net/sched: sch_clsact: Only create under TC_H_CLSACT | *89a0f4dcaenet/sched: sch_ingress: Only create under TC_H_INGRESS | *d67a5a587cnet/smc: Don't use RMBs not mapped to new link in SMCRv2 ADD LINK | *8c3ec8e789net/smc: Scan from current RMB list when no position specified | *752836e1a2tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set | *c2251ce048tcp: deny tcp_disconnect() when threads are waiting | *0dec22a09daf_packet: do not use READ_ONCE() in packet_bind() | *906134664fRDMA/irdma: Fix Local Invalidate fencing | *07322c8a12RDMA/irdma: Prevent QP use after free | *3cf7747414mtd: rawnand: ingenic: fix empty stub helper definitions | *789394f1dfperf ftrace latency: Remove unnecessary "--" from --use-nsec option | *7164961a9camd-xgbe: fix the false linkup in xgbe_phy_status | *d615070b0etls: improve lockless access safety of tls_err_abort() | *0b64a2bf16af_packet: Fix data-races of pkt_sk(sk)->num. | *a2c2364e5fnetrom: fix info-leak in nr_write_internal() | *ae0ef97f1enet: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure | *724aa4fd9enet/mlx5e: Don't attach netdev profile while handling internal error | *9c7ae143a0net/mlx5: fw_tracer, Fix event handling | *e73b7de4bfnet/mlx5: SF, Drain health before removing device | *9e49af9766net/mlx5: Drain health before unregistering devlink | *ddd8d552a8riscv: Fix unused variable warning when BUILTIN_DTB is set | *72fef70abedmaengine: pl330: rename _start to prevent build error | *bd424277a1nfsd: make a copy of struct iattr before calling notify_change | *dac09fec5biommu/amd: Fix up merge conflict resolution | *817ce9b1d2iommu/amd: Handle GALog overflows | *c3ff24625aiommu/amd: Don't block updates to GATag if guest mode is on | *bf1f3f4aa4iommu/rockchip: Fix unwind goto issue | *0021441cbbRDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx | *dcaa61b73dRDMA/bnxt_re: Fix a possible memory leak | *44fc5eb0e2dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() | *ef8c761693RDMA/hns: Modify the value of long message loopback slice | *736e1c4e54RDMA/hns: Fix base address table allocation | *38771c0eefRDMA/hns: Fix timeout attr in query qp for HIP08 | *241de3fec1RDMA/efa: Fix unsupported page sizes in device | *21c0eb0648phy: amlogic: phy-meson-g12a-mipi-dphy-analog: fix CNTL2_DIF_TX_CTL0 value | *836f874d43RDMA/bnxt_re: Fix the page_size used during the MR creation * |c5df11c964Merge branch 'android14-6.1' into branch 'android14-6.1-lts' * |3a53767f1fRevert "bpf, sockmap: Pass skb ownership through read_skb" * |8e369c7704Revert "bpf, sockmap: Convert schedule_work into delayed_work" * |d7c3711e7dRevert "bpf, sockmap: Reschedule is now done through backlog" * |4903ee3f95Revert "bpf, sockmap: Improved check for empty queue" * |51ffabff7cRevert "bpf, sockmap: Handle fin correctly" * |3ce63059c1Revert "bpf, sockmap: TCP data stall on recv before accept" * |c7e4973846Revert "bpf, sockmap: Wake up polling after data copy" * |0851b00164Revert "bpf, sockmap: Incorrectly handling copied_seq" * |26b6ad0f34Merge 6.1.32 into android14-6.1-lts |\| | *76ba310227Linux 6.1.32 | *cd51ba98aetools headers UAPI: Sync the linux/in.h with the kernel sources | *2cd02ae656netfilter: ctnetlink: Support offloaded conntrack entry deletion | *55ce796e9bcpufreq: amd-pstate: Add ->fast_switch() callback | *c18f6919b4cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() | *efc8ec1636block: fix bio-cache for passthru IO | *5d08604754Revert "thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function" | *2333dbc88fbluetooth: Add cmd validity checks at the start of hci_sock_ioctl() | *6c1fad655bdrm/amd: Don't allow s0ix on APUs older than Raven | *83a7f27c5bocteontx2-af: Add validation for lmac type | *3236221bb8RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" | *592af07ac0wifi: iwlwifi: mvm: fix potential memory leak | *0c469078bdwifi: iwlwifi: mvm: support wowlan info notification version 2 | *b5ceb6aac6wifi: rtw89: correct 5 MHz mask setting | *07c8c1a3cfnet: phy: mscc: enable VSC8501/2 RGMII RX clock | *7c95f56995page_pool: fix inconsistency for page_pool_ring_[un]lock() | *7dccd5fa7enet: page_pool: use in_softirq() instead | *cd3c5e4e0dvfio/type1: check pfn valid before converting to struct page | *6793a3c632blk-mq: fix race condition in active queue accounting | *fe735073a5bpf, sockmap: Incorrectly handling copied_seq | *dd628fc697bpf, sockmap: Wake up polling after data copy | *ab90b68f65bpf, sockmap: TCP data stall on recv before accept | *3a2129ebaebpf, sockmap: Handle fin correctly | *ba4fec5bd6bpf, sockmap: Improved check for empty queue | *1e4e379ccdbpf, sockmap: Reschedule is now done through backlog | *9f4d7efb33bpf, sockmap: Convert schedule_work into delayed_work | *4ae2af3e59bpf, sockmap: Pass skb ownership through read_skb | *49b5b5bfeegpio-f7188x: fix chip name and pin count on Nuvoton chip | *085f27f48cnet/mlx5: E-switch, Devcom, sync devcom events and devcom comp register | *3347ac7a81tls: rx: strp: preserve decryption status of skbs when needed | *ba93977437tls: rx: strp: factor out copying skb data | *52a89de3e9tls: rx: strp: force mixed decrypted records into copy mode | *c48b8399e4tls: rx: strp: fix determining record length in copy mode | *ecd9f6ed9etls: rx: strp: set the skb->len of detached / CoW'ed skbs | *e734a693a2tls: rx: device: fix checking decryption status | *b3e54fb3a3platform/x86/amd/pmf: Fix CnQF and auto-mode after resume | *8e8c33cc89selftests/bpf: Fix pkg-config call building sign-file | *ca39992f10firmware: arm_ffa: Fix usage of partition info get count flag | *3f5413c954ipv{4,6}/raw: fix output xfrm lookup wrt protocol | *6728486447inet: Add IP_LOCAL_PORT_RANGE socket option * |c3dee37bcdRevert "Revert "binder_alloc: add missing mmap_lock calls when using the VMA"" * |f9689ed69bRevert "Revert "android: binder: stop saving a pointer to the VMA"" * |896fd52618Revert "binder: add lockless binder_alloc_(set|get)_vma()" * |9f67f4f500Revert "binder: fix UAF caused by faulty buffer cleanup" * |940f3dad8fRevert "binder: fix UAF of alloc->vma in race with munmap()" * |03c3264a15Merge 6.1.31 into android14-6.1-lts |\| | *d2869ace6eLinux 6.1.31 | *2f32b89d81net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE | *3bcb97e4243c589_cs: Fix an error handling path in tc589_probe() | *9540765d18net/smc: Reset connection when trying to use SMCRv2 fails. | *be4022669eregulator: mt6359: add read check for PMIC MT6359 | *22157f7445firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors | *1ae70faa86arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay | *3e8a82fb55net/mlx5: Devcom, serialize devcom registration | *eaa365c104net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device | *411e4d6caanet/mlx5: Collect command failures data only for known commands | *390aa5c006net/mlx5: Fix error message when failing to allocate device memory | *59dd110ca2net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE | *b17294e7aanet/mlx5: Handle pairing of E-switch via uplink un/load APIs | *e501ab1366net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs | *6f0dce5f78net/mlx5e: do as little as possible in napi poll when budget is 0 | *00959a1badnet/mlx5e: Use correct encap attribute during invalidation | *362063df6cnet/mlx5e: Fix deadlock in tc route query code | *2051f762c5net/mlx5e: Fix SQ wake logic in ptp napi_poll context | *47b4f741a3platform/mellanox: mlxbf-pmc: fix sscanf() error checking | *04238c2385forcedeth: Fix an error handling path in nv_probe() | *0392c9185dsctp: fix an issue that plpmtu can never go to complete state | *c9e09b070dcxl: Wait Memory_Info_Valid before access memory related info | *ad72cb5899ASoC: Intel: avs: Access path components under lock | *6ae9cf40b4ASoC: Intel: avs: Fix declaration of enum avs_channel_config | *5eaaad19c8ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg | *d8cfe5ccc9x86/show_trace_log_lvl: Ensure stack pointer is aligned, again | *a7edc86e14xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() | *53384076f7x86/pci/xen: populate MSI sysfs entries | *84b211b028ARM: dts: imx6qdl-mba6: Add missing pvcie-supply regulator | *225a5f394bcoresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet() | *5522469095platform/x86: ISST: Remove 8 socket limit | *f34428b5a3regulator: pca9450: Fix BUCK2 enable_mask | *ccc6e9ded6fs: fix undefined behavior in bit shift for SB_NOUSER | *dfc5aaa57ffirmware: arm_ffa: Fix FFA device names for logical partitions | *ad73dc7263firmware: arm_ffa: Check if ffa_driver remove is present before executing | *06ec5be891optee: fix uninited async notif value | *9c744c6ff2power: supply: sbs-charger: Fix INHIBITED bit for Status reg | *71e60a58d7power: supply: bq24190: Call power_supply_changed() after updating input current | *1f02bfd5d9power: supply: bq25890: Call power_supply_changed() after updating input current or voltage | *57842035d2power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize | *221f7cb122power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes | *3c573e7910power: supply: bq27xxx: Move bq27xxx_battery_update() down | *9108ede08dpower: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() | *d952a1eaafpower: supply: bq27xxx: Fix poll_interval handling and races on remove | *e65fee4568power: supply: bq27xxx: Fix I2C IRQ race on remove | *d746fbf4f0power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition | *e1073f8147power: supply: mt6360: add a check of devm_work_autocancel in mt6360_charger_probe | *2ac38f130epower: supply: leds: Fix blink to LED on transition | *94373413e1cifs: mapchars mount option ignored | *91dd8aab9cipv6: Fix out-of-bounds access in ipv6_find_tlv() | *9bc1dbfd91lan966x: Fix unloading/loading of the driver | *1a9e80f757bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps | *177ee41f61bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields | *a1d7c357f4octeontx2-pf: Fix TSOv6 offload | *4883d9e2a2selftests: fib_tests: mute cleanup error message | *722af06e61drm: fix drmm_mutex_init() | *cc18b46859net: fix skb leak in __skb_tstamp_tx() | *8d81d3b0edASoC: lpass: Fix for KASAN use_after_free out of bounds | *53764a17f5media: radio-shark: Add endpoint checks | *d5dba4b7bfUSB: sisusbvga: Add endpoint checks | *09e9d1f52fUSB: core: Add routines for endpoint checks in old drivers | *2a112f0462udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). | *ed66e6327anet: fix stack overflow when LRO is disabled for virtual interfaces | *c8fdf7fecafbdev: udlfb: Fix endpoint check | *d7fff52c99debugobjects: Don't wake up kswapd from fill_pool() | *8694853768irqchip/mips-gic: Use raw spinlock for gic_lock | *dc1b7641a9irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable | *4ca6b06e9bx86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms | *ed0ef89508perf/x86/uncore: Correct the number of CHAs on SPR | *f3078be2fedrm/amd/amdgpu: limit one queue per gang | *34570f85a2selftests/memfd: Fix unknown type name build failure | *931ea1ed31binder: fix UAF of alloc->vma in race with munmap() | *e1e198eff1binder: fix UAF caused by faulty buffer cleanup | *d7cee853bcbinder: add lockless binder_alloc_(set|get)_vma() | *72a94f8c14Revert "android: binder: stop saving a pointer to the VMA" | *7e6b854854Revert "binder_alloc: add missing mmap_lock calls when using the VMA" | *8069bcaa5bdrm/amd/pm: Fix output of pp_od_clk_voltage | *6acfbdda4ddrm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 | *8756863c7fdrm/radeon: reintroduce radeon_dp_work_func content | *3897ac532adrm/mgag200: Fix gamma lut not initialized. | *3970ee926edt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type | *937264cd9abtrfs: use nofs when cleaning up aborted transactions | *63e12910b7gpio: mockup: Fix mode of debugfs files | *b49706d179parisc: Handle kprobes breakpoints only in kernel context | *5596e2ef5fparisc: Enable LOCKDEP support | *d935edd510parisc: Allow to reboot machine after system halt | *c49ffd89b6parisc: Fix flush_dcache_page() for usage from irq context | *c0993b463fparisc: Handle kgdb breakpoints only in kernel context | *e1f14a4071parisc: Use num_present_cpus() in alternative patching code | *bd90ac0002xtensa: add __bswap{si,di}2 helpers | *522bbbfcb6xtensa: fix signal delivery to FDPIC process | *0845660508m68k: Move signal frame following exception on 68020/030 | *6147745d43net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize | *da1e8adab3ASoC: rt5682: Disable jack detection interrupt during suspend | *72c28207c1power: supply: bq25890: Fix external_power_changed race | *0456b91212power: supply: axp288_fuel_gauge: Fix external_power_changed race | *7d5e0150eemmc: block: ensure error propagation for non-blk | *a24aec210ammc: sdhci-esdhc-imx: make "no-mmc-hs400" works | *0d97634ad4SUNRPC: Don't change task->tk_status after the call to rpc_exit_task | *40599969ffALSA: hda/realtek: Enable headset onLenovo M70/M90 | *7d3d306f15ALSA: hda: Fix unhandled register update during auto-suspend period | *5222e81afaALSA: hda/ca0132: add quirk for EVGA X299 DARK | *688c9af6e5platform/x86/intel/ifs: Annotate work queue on stack so object debug does not complain | *c26b9e1931x86/mm: Avoid incomplete Global INVLPG flushes | *4eb600f386arm64: Also reset KASAN tag if page is not PG_mte_tagged | *8bdf47f9dbocfs2: Switch to security_inode_init_security() | *28ee628fffdrm/amd/display: hpd rx irq not working with eDP interface | *7bfd4c0ebcnet: dsa: mv88e6xxx: Add RGMII delay to 88E6320 | *66ede2e423platform/x86: hp-wmi: Fix cast to smaller integer type warning | *0dbc898f59skbuff: Proactively round up to kmalloc bucket size | *ac2f5739fddrm/amdgpu/mes11: enable reg active poll | *a2fe4534bbdrm/amd/amdgpu: update mes11 api def | *ae9e65319fwatchdog: sp5100_tco: Immediately trigger upon starting. | *7cd46930b8tpm: Prevent hwrng from activating during resume | *25d38d5eaatpm: Re-enable TPM chip boostrapping non-tpm_tis TPM drivers | *e76f61a2c5tpm, tpm_tis: startup chip before testing for interrupts | *9953dbf65ftpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume | *c5a5d33886tpm, tpm_tis: Only handle supported interrupts | *5c4c8075bctpm, tpm_tis: Avoid cache incoherency in test for interrupts | *1ec145277ausb: dwc3: fix gadget mode suspend interrupt handler issue * |fd07e1d347ANDROID: GKI: add skb_pull_data to android/abi_gki_aarch64_virtual_device * |83377b0a3fANDROID: GKI: preserve CRC generation for some bluetooth symbols * |907f29932cRevert "Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"" * |bfd5fc9a7eRevert "tipc: add tipc_bearer_min_mtu to calculate min mtu" * |d71d75e074Revert "tipc: do not update mtu if msg_max is too small in mtu negotiation" * |9626cfb677Revert "tipc: check the bearer min mtu properly when setting it by netlink" * |5caf658594Revert "platform: Provide a remove callback that returns no value" * |f1fdb6e6a9Revert "ASoC: fsl_micfil: Fix error handler with pm_runtime_enable" * |e2b436192bRevert "firmware: arm_sdei: Fix sleep from invalid context BUG" * |26c1cc6858Merge 6.1.30 into android14-6.1-lts |\| | *a343b0dd87Linux 6.1.30 | *da9a8dc33ddrm/amdgpu: reserve the old gc_11_0_*_mes.bin | *616843d5a1drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 | *09bf14907ddrm/amdgpu: declare firmware for new MES 11.0.4 | *f05ccf6a6acrypto: testmgr - fix RNG performance in fuzz tests | *682679fc95remoteproc: imx_dsp_rproc: Fix kernel test robot sparse warning | *7099e14f60rethook, fprobe: do not trace rethook related functions | *c46d3efb4drethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler | *4e38a02b22arm64: mte: Do not set PG_mte_tagged if tags were not initialized | *02cf4a336es390/qdio: fix do_sqbs() inline assembly constraint | *25e8d30507s390/crypto: use vector instructions only if available for ChaCha20 | *eeb63c07bas390/dasd: fix command reject error on ESE devices | *acc2a40e42nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() | *0fc73f310cpowerpc/64s/radix: Fix soft dirty tracking | *ae5d148965tpm/tpm_tis: Disable interrupts for more Lenovo devices | *9a74146540powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device | *fc983cf5ddpowerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs | *6e092fa42edt-bindings: ata: ahci-ceva: Cover all 4 iommus entries | *76313a63f7drm/amdgpu/gfx11: update gpu_clock_counter logic | *055852074cdrm/amdgpu: refine get gpu clock counter method | *4e2f9159f9drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well | *abfe2ffc00drm/amdgpu/gfx10: Disable gfxoff before disabling powergating. | *9de5a98588drm/amdgpu/gmc11: implement get_vbios_fb_size() | *903e942500drm/amd/pm: fix possible power mode mismatch between driver and PMFW | *595824a450ceph: force updating the msg pointer in non-split case | *3338d0b9acvc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF | *e16629c639thunderbolt: Clear registers properly when auto clear isn't in use | *abc7e50e89serial: qcom-geni: fix enabling deactivated interrupt | *1db5db7a99serial: 8250_exar: Add support for USR298x PCI Modems | *cda8aa19bfserial: Add support for Advantech PCI-1611U card | *2cab13f500mm: fix zswap writeback race condition | *254ee53028maple_tree: make maple state reusable after mas_empty_area() | *6c4172d44cstatfs: enforce statfs[64] structure initialization | *154de42fe3KVM: Fix vcpu_array[0] races | *75378b03a9ksmbd: fix global-out-of-bounds in smb2_find_context_vals | *40d90ee027ksmbd: fix wrong UserName check in session_user | *af7335a4b9ksmbd: allocate one more byte for implied bcc[0] | *f1d013b0f0ksmbd: smb2: Allow messages padded to 8byte boundary | *4d25f93e64SMB3: drop reference to cfile before sending oplock break | *3b66d58c89SMB3: Close all deferred handles of inode in case of handle lease break | *107677a8f4wifi: rtw88: use work to update rate to avoid RCU warning | *d61191092dcan: kvaser_pciefd: Disable interrupts in probe error path | *eabb11236acan: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt | *45ce3beb02can: kvaser_pciefd: Clear listen-only bit if not explicitly requested | *fcdfc1860fcan: kvaser_pciefd: Empty SRB buffer in probe | *50bdf44a1bcan: kvaser_pciefd: Call request_irq() before enabling interrupts | *24bdfcb099can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() | *9cd1025b1acan: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag | *836641cc41can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag | *0eee95cbbbALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop | *0cc95fdb67ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops | *4ea7c3388fALSA: hda/realtek: Add quirk for 2nd ASUS GU603 | *9328c65694ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 | *30043b0a06ALSA: hda/realtek: Add quirk for Clevo L140AU | *0e1e6c0779ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table | *dc8c569d59ALSA: hda: Fix Oops by 9.1 surround channel names | *44f2ed29e1xhci: Fix incorrect tracking of free space on transfer rings | *643a453878xhci-pci: Only run d3cold avoidance quirk for s2idle | *ea56ede911Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started" | *7356d42cefRevert "usb: gadget: udc: core: Prevent redundant calls to pullup" | *08bd1be1c7usb: typec: altmodes/displayport: fix pin_assignment_show | *f1f810e541usb: gadget: u_ether: Fix host MAC address case | *a9342bd4c2usb: dwc3: debugfs: Resume dwc3 before accessing registers | *ad43004fd5usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() | *56a0769fa4USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value | *4c3312745fusb-storage: fix deadlock when a scsi command timeouts more than once | *0ced12bdf6USB: usbtmc: Fix direction for 0-length ioctl control messages | *2cd7d88fcbALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go | *d319fe244ebridge: always declare tunnel functions | *a836be60a3netfilter: nft_set_rbtree: fix null deref on element insertion | *8f58c53857netfilter: nf_tables: fix nft_trans type confusion | *d862b63605net: selftests: Fix optstring | *fdc5c8fb57net: pcs: xpcs: fix C73 AN not getting enabled | *ee44bacf46net: wwan: iosm: fix NULL pointer dereference when removing device | *c3e3e8933fvlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() | *e02d2b987cigb: fix bit_shift to be in [1..8] range | *516114d7fbnet: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset | *172146c26fcassini: Fix a memory leak in the error handling path of cas_init_one() | *9cae243b9atun: Fix memory leak for detached NAPI queue. | *e2d59768f8net: tun: rebuild error handling in tun_get_user | *ae42c6f79cscsi: storvsc: Don't pass unused PFNs to Hyper-V host | *557ba100d8wifi: iwlwifi: mvm: don't trust firmware n_channels | *a270c552cewifi: iwlwifi: mvm: fix OEM's name in the tas approved list | *bc907fbf48wifi: iwlwifi: fix OEM's name in the ppag approved list | *2160e11981wifi: iwlwifi: fw: fix DBGI dump | *a20550b3aawifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock | *bc22656432wifi: mac80211: Abort running color change when stopping the AP | *01a4503d9fwifi: mac80211: fix min center freq offset tracing | *c79d794a2cwifi: mac80211: fortify the spinlock against deadlock by interrupt | *f9a85347e4wifi: cfg80211: Drop entries with invalid BSSIDs in RNR | *dda9c9b117ice: Fix ice VF reset during iavf initialization | *f181d799fbice: introduce clear_reset_state operation | *36e6c7ada5net: bcmgenet: Restore phy_stop() depending upon suspend/close | *41357a52b8net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop() | *e90cefcffdcan: dev: fix missing CAN XL support in can_put_echo_skb() | *c9abef1e07s390/cio: include subchannels without devices also for evaluation | *f215b62f59tipc: check the bearer min mtu properly when setting it by netlink | *259683001dtipc: do not update mtu if msg_max is too small in mtu negotiation | *735c64ea88tipc: add tipc_bearer_min_mtu to calculate min mtu | *73f53bc295virtio_net: Fix error unwinding of XDP initialization | *978a55b0c0virtio-net: Maintain reverse cleanup order | *6fbedf987bnet: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() | *82ede43544drm/exynos: fix g2d_open/close helper function definitions | *866c78a3a9ASoC: SOF: topology: Fix logic for copying tuples | *3e56a1c048ASoC: mediatek: mt8186: Fix use-after-free in driver remove path | *da1b698976SUNRPC: Fix trace_svc_register() call site | *47adb84916SUNRPC: always free ctxt when freeing deferred request | *fd86534872SUNRPC: double free xprt_ctxt while still in use | *07821524f6media: netup_unidvb: fix use-after-free at del_timer() | *4147a0cee1net: hns3: fix reset timeout when enable full VF | *89982e0501net: hns3: fix reset delay time to avoid configuration timeout | *2a06c5ab7bnet: hns3: fix sending pfc frames after reset issue | *8ee34c90cenet: hns3: fix output information incomplete for dumping tx queue info with debugfs | *37c1e28967net: dsa: rzn1-a5psw: disable learning for standalone ports | *7ceeb5608dnet: dsa: rzn1-a5psw: fix STP states handling | *374c9cf3adnet: dsa: rzn1-a5psw: enable management frames for CPU port | *33a93db909erspan: get the proto with the md version for collect_md | *2a3e5f428fserial: 8250_bcm7271: fix leak in `brcmuart_probe` | *dcf08087c2serial: 8250_bcm7271: balance clk_enable calls | *081790eee6serial: arc_uart: fix of_iomap leak in `arc_serial_probe` | *820a60a416tcp: fix possible sk_priority leak in tcp_v4_send_reset() | *9bcf4794f1vsock: avoid to close connected socket after the timeout | *116cc7670fsfc: disable RXFCS and RXALL features by default | *1c052acd71ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 | *a16bf8f9c8wifi: mt76: connac: fix stats->tx_bytes calculation | *ee1a221d94ALSA: firewire-digi00x: prevent potential use after free | *ea9c758184net: phy: dp83867: add w/a for packet errors seen with short cables | *9407454a9bnet: fec: Better handle pm_runtime_get() failing in .remove() | *e412fa5d81selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test | *7099beeec9selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test | *c498e5d392drm/msm: Fix submit error-path leaks | *474d57adf1af_key: Reject optional tunnel/BEET mode templates in outbound policies | *e5a0b280b0xfrm: Reject optional tunnel/BEET mode templates in outbound policies | *0d778f0cb1cpupower: Make TSC read per CPU for Mperf monitor | *ce6c7befc2ASoC: fsl_micfil: Fix error handler with pm_runtime_enable | *9d3ac384cbplatform: Provide a remove callback that returns no value | *394336e139dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and qcom, sync-dual-dsi | *97d6437cbfdrm/msm/dpu: Remove duplicate register defines from INTF | *d6d90e1402drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header | *092f382f65drm/msm/dpu: Assign missing writeback log_mask | *ccde7016d1drm/msm/dp: unregister audio driver during unbind | *6867c4b5dbRevert "Fix XFRM-I support for nested ESP tunnels" | *070d0047c6xfrm: don't check the default policy if the policy allows the packet | *7b5a8a23acdrm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs | *b5f3f923d4platform/x86: hp-wmi: add micmute to hp_wmi_keymap struct | *1189b7f495platform/x86: Move existing HP drivers to a new hp subdir | *c9888aaed1parisc: Replace regular spinlock with spin_trylock on panic path | *e112b2e265mfd: intel-lpss: Add Intel Meteor Lake PCH-S LPSS PCI IDs | *77f43c014amfd: dln2: Fix memory leak in dln2_probe() | *d3ee2f9e30mfd: intel_soc_pmic_chtwc: Add Lenovo Yoga Book X90F to intel_cht_wc_models | *4e5e9da139soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow | *60eb1afb4fsoundwire: qcom: gracefully handle too many ports in DT | *3060b08d63phy: st: miphy28lp: use _poll_timeout functions for waits | *81e8f1abd0soundwire: dmi-quirks: add remapping for Intel 'Rooks County' NUC M15 | *895130e63crecordmcount: Fix memory leaks in the uwrite function | *4e2df91118lkdtm/stackleak: Fix noinstr violation | *fa825017fbsched: Fix KCSAN noinstr violation | *eaa182a6c8mcb-pci: Reallocate memory region to avoid memory overlapping | *af4d6dbb1aserial: 8250: Reinit port->pm on port specific driver unbind | *6a4cef8244usb: typec: tcpm: fix multiple times discover svids error | *1edff076ccHID: wacom: generic: Set battery quirk only when we see battery data | *37358a22a3HID: Ignore battery for ELAN touchscreen on ROG Flow X13 GV301RA | *10ba1c3424HID: apple: Set the tilde quirk flag on the Geyser 3 | *f3e2f3e0a7ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x | *1a6371c50bASoC: amd: Add Dell G15 5525 to quirks list | *26fda37345ALSA: hda: LNL: add HD Audio PCI ID | *907d6b615eusb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 | *b484aa2147spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 | *1844749dcfHID: logitech-hidpp: Reconcile USB and Unifying serials | *16420da845HID: logitech-hidpp: Don't use the USB serial for USB devices | *2e64faf655ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) | *6ce24d176estaging: axis-fifo: initialize timeouts in init only | *b268082188HID: apple: Set the tilde quirk flag on the Geyser 4 and later | *ec310591cfstaging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE | *022fe9fcacBluetooth: btrtl: Add the support for RTL8851B | *fd269a0435Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp | *2f4a1b24daBluetooth: Add new quirk for broken set random RPA timeout for ATS2851 | *76dd7893bdBluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set | *803ba6dcc4Bluetooth: btintel: Add LE States quirk support | *ea160ece08Bluetooth: btrtl: check for NULL in btrtl_set_quirks() | *f4f3cbdbf2Bluetooth: Improve support for Actions Semi ATS2851 based devices | *88deda7cd8Bluetooth: btrtl: add support for the RTL8723CS | *c97ab50441Bluetooth: Add new quirk for broken local ext features page 2 | *d9a68e9e89Bluetooth: btusb: Add new PID/VID 04ca:3801 for MT7663 | *75481fa7aaipvs: Update width of source for ip_vs_sync_conn_options | *fab766c8a1nbd: fix incomplete validation of ioctl arg | *068fd06148wifi: ath11k: Fix SKB corruption in REO destination ring | *57189c8851wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace | *fd35b7bb6dnull_blk: Always check queue mode setting from configfs | *63e2d06adfwifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO | *e78526a06bwifi: ath11k: Ignore frags from uninitialized peer in dp. | *1655cfc852block, bfq: Fix division by zero error on zero wsum | *dbebdee3f2wifi: iwlwifi: mvm: fix ptk_pn memory leak | *eb1ef44efawifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf | *19f063df73wifi: iwlwifi: add a new PCI device ID for BZ device | *0f9a1bcb94wifi: iwlwifi: pcie: fix possible NULL pointer dereference | *b4acb6c3edmd: fix soft lockup in status_resync | *60039bf72fbpf: Add preempt_count_{sub,add} into btf id deny list | *f2065b8b0asamples/bpf: Fix fout leak in hbm's run_bpf_prog | *e05d63f8b4f2fs: fix to check readonly condition correctly | *7741ddc882f2fs: fix to drop all dirty pages during umount() if cp_error is set | *f4631d295af2fs: Fix system crash due to lack of free space in LFS | *c1b0b32f2dcrypto: jitter - permanent and intermittent health errors | *9d4430b7f8ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() | *c6bee89700ext4: set goal start correctly in ext4_mb_normalize_request | *7739981b9cscsi: ufs: ufs-pci: Add support for Intel Lunar Lake | *d485903231gfs2: Fix inode height consistency check | *9c6da3b7f1scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition | *c9115f49cflib: cpu_rmap: Avoid use after free on rmap->obj array entries | *a7a4def6c7scsi: target: iscsit: Free cmds before session free | *d957a100bcnetdev: Enforce index cap in netdev_get_tx_queue | *cf1fe8ccb5net: Catch invalid index in XPS mapping | *ee5929c1e8net: pasemi: Fix return type of pasemi_mac_start_tx() | *efb1a25751bnxt: avoid overflow in bnxt_get_nvram_directory() | *8a72289694scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery | *a9df88cb31scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow | *e6f4fb2889ext2: Check block size validity during mount | *f8a6c53ff1wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex | *c35105f375wifi: brcmfmac: pcie: Provide a buffer of random bytes to the device | *4e7a81b5e7bpf: Annotate data races in bpf_local_storage | *660ab31561wifi: ath: Silence memcpy run-time false positive warning | *48e4e06e2cmedia: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup | *83c42283bfmedia: Prefer designated initializers over memset for subdev pad ops | *210ef6cd8edrm/amdgpu: Fix sdma v4 sw fini error | *5675ecd2e0drm/amd: Fix an out of bounds error in BIOS parser | *ec5f00a59adrm/amd/display: Correct DML calculation to follow HW SPEC | *cf180afea3ACPI: video: Remove desktops without backlight DMI quirks | *86ba4f7b9firqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 | *57b5a56cecarm64: dts: qcom: sdm845-polaris: Drop inexistent properties | *fee6133490ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects | *8c4a7163b7ACPICA: Avoid undefined behavior: applying zero offset to null pointer | *b1db73e27fdrm/msm/dp: Clean up handling of DP AUX interrupts | *a6eb3aa0ecdrm/tegra: Avoid potential 32-bit integer overflow | *a7f9c14aceremoteproc: stm32_rproc: Add mutex protection for workqueue | *3dc61a19c9drm/amd/display: fixed dcn30+ underflow issue | *86a159fd5bACPI: EC: Fix oops when removing custom query handlers | *a8267bc8defirmware: arm_sdei: Fix sleep from invalid context BUG | *b963e1b706arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from usb_dwc3_0 | *9a342d4eb9memstick: r592: Fix UAF bug in r592_remove due to race condition | *110d420252drm/rockchip: dw_hdmi: cleanup drm encoder during unbind | *79ca94bc3eACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() | *cc4273233amedia: pvrusb2: VIDEO_PVRUSB2 depends on DVB_CORE to use dvb_* symbols | *3c67f49a66media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish | *6738841f6fmedia: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() | *346c975524arm64: dts: qcom: msm8996: Add missing DWC3 quirks | *44361033a8remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores | *10add04ee6regmap: cache: Return error in cache sync operations for REGCACHE_NONE | *34813f041ddrm/amd/display: Use DC_LOG_DC in the trasform pixel function | *d547d499e4drm/amd/display: Enable HostVM based on rIOMMU active | *898b031dc2platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750 data | *09f7da1301drm/amd/display: Correct DML calculation to align HW formula | *92e6c79acadrm/amd/display: populate subvp cmd info only for the top pipe | *4b17053ba2drm/displayid: add displayid_get_header() and check bounds better | *48960a503ffs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() | *e8c322b76eopen: return EINVAL for O_DIRECTORY | O_CREAT | *d0a8c0e31arcu: Protect rcu_print_task_exp_stall() ->exp_tasks access | *801593f70bselftests: cgroup: Add 'malloc' failures checks in test_memcontrol | *522c441fafrefscale: Move shutdown from wait_event() to wait_event_idle() | *b4319e457dext4: allow ext4_get_group_info() to fail | *f12aa035e8ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set | *cd2341c26fext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled | *cc4086759fext4: reflect error codes from ext4_multi_mount_protect() to its callers | *5a08a72da3fbdev: arcfb: Fix error handling in arcfb_probe() | *dcd289136bdrm/i915: taint kernel when force probing unsupported devices | *36fa618775drm/i915: Expand force_probe to block probe of devices as well. | *86d73b1f98drm/i915/dp: prevent potential div-by-zero | *dbf25cc21bdrm/i915: Fix NULL ptr deref by checking new_crtc_state | *1b485f39acdrm/i915/guc: Don't capture Gen8 regs on Xe devices | *e410895892af_unix: Fix data races around sk->sk_shutdown. | *75924fb0f3af_unix: Fix a data race of sk->sk_receive_queue->qlen. | *8759c1a361net: datagram: fix data-races in datagram_poll() | *9e62a49608net: mscc: ocelot: fix stat counter register values | *610a433810ipvlan:Fix out-of-bounds caused by unclear skb->cb | *d695dccb74gve: Remove the code of clearing PBA bit | *b4c0af8974tcp: add annotations around sk->sk_shutdown accesses | *55caf900e1net: add vlan_get_protocol_and_depth() helper | *65531f5675net: deal with most data-races in sk_wait_event() | *bd0f360ee8net: annotate sk->sk_err write from do_recvmmsg() | *a115dadf89netlink: annotate accesses to nlk->cb_running | *6b4585a3c9bonding: fix send_peer_notif overflow | *d9176dc690netfilter: conntrack: fix possible bug_on with enable_hooks=1 | *30e4b13b1bnetfilter: nf_tables: always release netdev hooks from notifier | *6fa2e7bb7bnet: phy: bcm7xx: Correct read from expansion register | *7145f2309dnet: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). | *edc1f6d89bnet: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register | *9e916db758linux/dim: Do nothing if no time delta between samples | *a84b08314ftick/broadcast: Make broadcast device replacement work correctly | *2628417026scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend | *27c6b573d1net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() | *3e785c8debnet: skb_partial_csum_set() fix against transport header magic value | *8547757056ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings | *3ff962242fdrm/mipi-dsi: Set the fwnode for mipi_dsi_device | *efd2821b8adrm/fbdev-generic: prohibit potential out-of-bounds access * |51b8218413Merge 6.1.29 into android14-6.1-lts |\| | *fa74641fb6Linux 6.1.29 | *49f63bd062drm/amd/display: Fix hang when skipping modeset | *7f6738e003spi: fsl-cpm: Use 16 bit mode for large transfers with even size | *441fa64299spi: fsl-spi: Re-organise transfer bits_per_word adaptation | *76ce326826x86: fix clear_user_rep_good() exception handling annotation | *4ae066699dx86/amd_nb: Add PCI ID for family 19h model 78h | *514728ffc0f2fs: inode: fix to do sanity check on extent cache correctly | *85eb8b61ddf2fs: fix to do sanity check on extent cache correctly | *18ecffd036drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values | *c5fa4eedddext4: fix invalid free tracking in ext4_xattr_move_to_block() | *d87a4e4094ext4: remove a BUG_ON in ext4_mb_release_group_pa() | *19fb73b8eaext4: fix lockdep warning when enabling MMP | *6e7a97628fext4: bail out of ext4_xattr_ibody_get() fails for any reason | *1d2caddbeeext4: add bounds checking in get_max_inline_xattr_value_size() | *665cc3ba50ext4: fix deadlock when converting an inline directory in nojournal mode | *f68876aeefext4: improve error handling from ext4_dirhash() | *25c9fca7b7ext4: improve error recovery code paths in __ext4_remount() | *748e4bb27dext4: check iomap type only if ext4_iomap_begin() does not fail | *b006e22285ext4: fix data races when using cached status extents | *1fffe47505ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum | *dba62fa84aext4: fix WARNING in mb_find_extent | *1b9c92432flocking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers | *98643c9910drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage | *f95a60099ddrm: Add missing DP DSC extended capability definitions. | *4aba9ab6a0ksmbd: fix racy issue from smb2 close and logoff with multichannel | *502cf97090ksmbd: block asynchronous requests when making a delay on session setup | *1fc8a2b14eksmbd: destroy expired sessions | *f623f627adksmbd: fix racy issue from session setup and logoff | *91bbf9cb23ksmbd: Implements sess->ksmbd_chann_list as xarray | *3db734e4d9drm/amd/display: Change default Z8 watermark values | *a009acf687drm/amd/display: Update Z8 SR exit/enter latencies | *e22ef15610drm/amd/display: Update Z8 watermarks for DCN314 | *cf49b2ff25ASoC: codecs: wcd938x: fix accessing regmap on unattached devices | *400950f66aASoC: codecs: constify static sdw_slave_ops struct | *5279ab199cASoC: rt1318: Add RT1318 SDCA vendor-specific driver | *1d383f9d65drm/amd/display: Lowering min Z8 residency time | *e6332695d4drm/amd/display: Update minimum stutter residency for DCN314 Z8 | *25f6036242drm/amd/display: Add minimum Z8 residency debug option | *97b3d8eed0drm/amd/display: Fix Z8 support configurations | *1822513408drm/amd/display: Add debug option to skip PSR CRTC disable | *bcde2c8779drm/amd/display: Add Z8 allow states to z-state support list | *8346882016drm/amd/display: Refactor eDP PSR codes | *74a03d3c8ddrm/i915: Check pipe source size when using skl+ scalers | *549ce5199ddrm/i915/mtl: update scaler source and destination limits for MTL | *20a1064a75wifi: rtw88: rtw8821c: Fix rfe_option field width | *6578ae84e9irqchip/loongson-eiointc: Fix registration of syscore_ops | *fa29d577e2irqchip/loongson-eiointc: Fix incorrect use of acpi_get_vec_parent | *9e7f788dd7irqchip/loongarch: Adjust acpi_cascade_irqdomain_init() and sub-routines | *c5111be873drm/msm: fix missing wq allocation error handling | *46062a1c0adrm/msm: Hangcheck progress detection | *a7fdb37d93drm/msm/adreno: Simplify read64/write64 helpers | *cba2856958f2fs: factor out victim_entry usage from general rb_tree use | *4377b1d3b1f2fs: allocate the extent_cache by default | *33112a0a17f2fs: refactor extent_cache to support for read and more | *3af09dee7ff2fs: remove unnecessary __init_extent_tree | *91b1554e66f2fs: move internal functions into extent_cache.c | *155ff41cf2f2fs: specify extent cache for read explicitly | *77d2651cc8drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error | *b2bd08be1afs/ntfs3: Refactoring of various minor issues | *fb98336e23HID: wacom: insert timestamp to packed Bluetooth (BT) events | *fb2f0c0004HID: wacom: Set a default resolution for older tablets | *7a07311304drm/amd: Use `amdgpu_ucode_*` helpers for MES | *a3e3a640d4drm/amd: Add a new helper for loading/validating microcode | *3e1fa150e7drm/amd: Load MES microcode during early_init | *369b891842drm/amdgpu: remove deprecated MES version vars | *506da05a5edrm/amd/pm: avoid potential UBSAN issue on legacy asics | *2a179117a3drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend | *17a6941567drm/amd/pm: parse pp_handle under appropriate conditions | *348dcdf102drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes | *7a8248317bdrm/amdgpu: Fix vram recover doesn't work after whole GPU reset (v2) | *6197fb331adrm/amdgpu: change gfx 11.0.4 external_id range | *28c2e072fadrm/amdgpu/jpeg: Remove harvest checking for JPEG3 | *f661ad5365drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras | *02e6cb9b3adrm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini | *59cb2d46e1drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() | *59e2439111drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini | *f2e43c9804drm/amd/display: fix flickering caused by S/G mode | *4c1e747ca6drm/amd/display: filter out invalid bits in pipe_fuses | *c2b2641ecbdrm/amd/display: Fix 4to1 MPC black screen with DPP RCO | *cc9942840adrm/amd/display: Add NULL plane_state check for cursor disable logic | *bfe56245f4drm/panel: otm8009a: Set backlight parent to panel device | *2e51d7c09dirqchip/loongson-eiointc: Fix returned value on parsing MADT | *84c64fb578irqchip/loongson-pch-pic: Fix pch_pic_acpi_init calling | *8a0b544b7cf2fs: fix potential corruption when moving a directory | *424f8cdc0af2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block | *aa0f98c5d1drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() | *6e1476225edrm/msm: fix workqueue leak on bind errors | *544711591adrm/msm: fix vram leak on bind errors | *0fad173f9cdrm/msm: fix drm device leak on bind errors | *dd8ce825b1drm/msm: fix NULL-deref on irq uninstall | *16e0e6fb45drm/msm: fix NULL-deref on snapshot tear down | *5b6b81decddrm/i915/color: Fix typo for Plane CSC indexes | *2b01534c8fdrm/bridge: lt8912b: Fix DSI Video Mode | *47bfe12804drm/msm/adreno: fix runtime PM imbalance at gpu load | *3d0fdfefb3ARM: dts: aspeed: romed8hm3: Fix GPIO polarity of system-fault LED | *f327c74436ARM: dts: s5pv210: correct MIPI CSIS clock name | *5503ea70deARM: dts: exynos: fix WM8960 clock name in Itop Elite | *6efe88c34fARM: dts: aspeed: asrock: Correct firmware flash SPI clocks | *a64910ba86sysctl: clarify register_sysctl_init() base directory order | *c3c70209a9remoteproc: rcar_rproc: Call of_node_put() on iteration error | *948f81dac3remoteproc: imx_rproc: Call of_node_put() on iteration error | *fe3497c3bfremoteproc: imx_dsp_rproc: Call of_node_put() on iteration error | *8a0fc842afremoteproc: st: Call of_node_put() on iteration error | *0d6b66657cremoteproc: stm32: Call of_node_put() on iteration error | *fde64a409bproc_sysctl: enhance documentation | *f4708645c1proc_sysctl: update docs for __register_sysctl_table() | *c93185ffd9sh: nmi_debug: fix return value of __setup handler | *2ebd006435sh: init: use OF_EARLY_FLATTREE for early init | *ab2221dc3csh: mcount.S: fix build error when PRINTK is not enabled | *fdac282b3csh: math-emu: fix macro redefined warning | *6d103a5765SMB3: force unmount was failing to close deferred close files | *bb0091a5c9smb3: fix problem remounting a share after shutdown | *145f54ea33inotify: Avoid reporting event with invalid wd | *d759abeb27platform/x86: thinkpad_acpi: Add profile force ability | *66d4f7f327platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i | *e614c1de9eplatform/x86: thinkpad_acpi: Fix platform profiles on T490 | *a02d29de79platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet | *61549b7414platform/x86/intel-uncore-freq: Return error on write frequency | *b886ad6b6bcifs: release leases for deferred close handles when freezing | *187f89cff7cifs: fix pcchunk length type in smb2_copychunk_range | *c5544c95adbtrfs: zoned: fix full zone super block reading on ZNS | *4def3a0a85btrfs: zoned: zone finish data relocation BG with last IO | *1e8de3223bbtrfs: fix space cache inconsistency after error loading it from disk | *1689eabbc3btrfs: print-tree: parent bytenr must be aligned to sector size | *83ae0282f1btrfs: make clear_cache mount option to rebuild FST without disabling it | *dd5a21941fbtrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add | *15e877e592btrfs: don't free qgroup space unless specified | *44c52544b2btrfs: fix encoded write i_size corruption with no-holes | *17eaeee4c5btrfs: fix assertion of exclop condition when starting balance | *0a99cd08e2btrfs: properly reject clear_cache and v1 cache for block-group-tree | *8583cc10aabtrfs: zoned: fix wrong use of bitops API in btrfs_ensure_empty_zones | *bcd7aa2963btrfs: fix btrfs_prev_leaf() to not return the same key twice | *000322b29cx86/retbleed: Fix return thunk alignment | *2feac714c6RISC-V: fix taking the text_mutex twice during sifive errata patching | *0fad198fffRISC-V: take text_mutex during alternative patching | *13a0e212ddperf stat: Separate bperf from bpf_profiler | *602603baaeperf tracepoint: Fix memory leak in is_valid_tracepoint() | *3fb0d061ddperf symbols: Fix return incorrect build_id size in elf_read_build_id() | *2dd641d78dcrypto: engine - fix crypto_queue backlog handling | *14a2259317crypto: engine - Use crypto_request_complete | *6ba620fc91crypto: api - Add scaffolding to change completion function signature | *1055eddce7crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() | *267db6bff3perf cs-etm: Fix timeless decode mode detection | *b6671b7172perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp() | *d592598f47perf pmu: zfree() expects a pointer to a pointer to zero it after freeing its contents | *36a840a862perf vendor events power9: Remove UTF-8 characters from JSON files | *0dabe1ae74perf ftrace: Make system wide the default target for latency subcommand | *4406061261perf tests record_offcpu.sh: Fix redirection of stderr to stdin | *6d20672d52perf vendor events s390: Remove UTF-8 characters from JSON file | *b2b9169960perf scripts intel-pt-events.py: Fix IPC output for Python 2 | *f108cbc836perf record: Fix "read LOST count failed" msg with sample read | *2424b456c3net: enetc: check the index of the SFI rather than the handle | *d86d42e4a9virtio_net: suppress cpu stall when free_unused_bufs | *4a61d79656ice: block LAN in case of VF to VF offload | *2f80efc46bnet: dsa: mt7530: fix network connectivity with multiple CPU ports | *9d46edd93anet: dsa: mt7530: split-off common parts from mt7531_setup | *98fc75c172net: dsa: mt7530: fix corrupt frames using trgmii on 40 MHz XTAL MT7621 | *c6fafaa6f2KVM: s390: fix race in gmap_make_secure() | *4e875cf90dALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` | *7887397338drm/amdgpu: add a missing lock for AMDGPU_SCHED | *f2e8e33862af_packet: Don't send zero-byte data in packet_sendmsg_spkt(). | *0d02efe7f2ionic: catch failure from devlink_alloc | *942a2a0184ethtool: Fix uninitialized number of lanes | *a05e5634c1ionic: remove noise from ethtool rxnfc error msg | *3cad35b62eocteontx2-vf: Detach LF resources on probe cleanup | *401d11f274octeontx2-pf: Disable packet I/O for graceful exit | *d28f6ad8b1octeontx2-af: Skip PFs if not enabled | *ac613d0bd2octeontx2-af: Fix issues with NPC field hash extract | *ab0742bd5bocteontx2-af: Update/Fix NPC field hash extract feature | *2b84d24d3aocteontx2-pf: Add additional checks while configuring ucast/bcast/mcast rules | *bd9234da97octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support | *14504aaa8bocteontx2-pf: Increase the size of dmac filter flows | *2376ca72b5octeontx2-af: Fix depth of cam and mem table. | *1c98271e0cocteontx2-af: Fix start and end bit for scan config | *e92399f527octeontx2-af: Secure APR table update with the lock | *419cc2c507selftests: netfilter: fix libmnl pkg-config usage | *4b08cdd239drm/i915/mtl: Add the missing CPU transcoder mask in intel_device_info | *2bb120405ariscv: compat_syscall_table: Fixup compile warning | *40f8b3f5e6rxrpc: Fix hard call timeout units | *ab14de49e4sfc: Fix module EEPROM reporting for QSFP modules | *68b1614b32r8152: move setting r8153b_rx_agg_chg_indicate() | *2642d7c136r8152: fix the poor throughput for 2.5G devices | *fbdde7ef25r8152: fix flow control issue of RTL8156A | *e2efb94966net/sched: act_mirred: Add carrier check | *3b3537d4a0i2c: tegra: Fix PEC support for SMBUS block read | *ffa97b5952RISC-V: mm: Enable huge page support to kernel_page_present() function | *1e8ad3e45bwatchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() | *c36975a654block: Skip destroyed blkg when restart in blkg_destroy_all() | *7c4c6e2a40writeback: fix call of incorrect macro | *5ac2914f67net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu | *1f274d5316net: ipv6: fix skb hash for some RST packets | *686c70131eselftests: srv6: make srv6_end_dt46_l3vpn_test more robust | *5a98019e96sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() | *55866fe3fdnet/sched: cls_api: remove block_cb from driver_list before freeing | *7fa93e39fbtcp: fix skb_copy_ubufs() vs BIG TCP | *449280afaanet/ncsi: clear Tx enable mode when handling a Config required AEN | *a78b922d11octeontx2-pf: mcs: Do not reset PN while updating secy | *fd59ec1455octeontx2-pf: mcs: Fix shared counters logic | *a8ddb974f0octeontx2-pf: mcs: Clear stats before freeing resource | *c52ebecd89octeontx2-pf: mcs: Match macsec ethertype along with DMAC | *a3dcc45ecaocteontx2-pf: mcs: Fix NULL pointer dereferences | *9ff806d070octeontx2-af: mcs: Fix MCS block interrupt | *add6bdb8d6octeontx2-af: mcs: Config parser to skip 8B header | *39b436f0acocteontx2-af: mcs: Write TCAM_DATA and TCAM_MASK registers at once | *06fdaf7711octeonxt2-af: mcs: Fix per port bypass config | *1924450175ixgbe: Fix panic during XDP_TX with > 64 CPUs | *80a791a199drm/amd/display: Update bounding box values for DCN321 | *7bba2e5e09drm/amd/display: Do not clear GPINT register when releasing DMUB from reset | *ccb0ad946adrm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset | *bb13726625drm/amd/display: Fixes for dcn32_clk_mgr implementation | *b7ae53dd0ddrm/amd/display: Return error code on DSC atomic check failure | *374f7fa01adrm/amd/display: Add missing WA and MCLK validation | *0b47019f54drm/amd/display: Remove FPU guards from the DML folder | *3738a23083scsi: qedi: Fix use after free bug in qedi_remove() | *e60e5d6722ASoC: Intel: soc-acpi-byt: Fix "WM510205" match no longer working | *1193a36f58KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults | *71e848bac0KVM: VMX: Make CR0.WP a guest owned bit | *27ec4cbc1dKVM: x86: Make use of kvm_read_cr*_bits() when testing bits | *956777b253KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled | *d20a0195b3KVM: x86/mmu: Avoid indirect call for get_cr3 | *28d0f85affdrm/amd/display: Ext displays with dock can't recognized after resume | *d69d5e2a81fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() | *93eb8dd4b4mtd: spi-nor: spansion: Enable JFFS2 write buffer for Infineon s25hx SEMPER flash | *50f54a48f6mailbox: zynqmp: Fix counts of child nodes | *e63a796b85mailbox: zynq: Switch to flexible array to simplify code | *b12078b67asoc: qcom: llcc: Do not create EDAC platform device on SDM845 | *bf9712195fqcom: llcc/edac: Support polling mode for ECC handling | *4fdb257b2amtd: spi-nor: spansion: Enable JFFS2 write buffer for Infineon s28hx SEMPER flash | *8630dfcdabmtd: spi-nor: Add a RWW flag | *897a40dbcfmtd: spi-nor: add SFDP fixups for Quad Page Program | *de26d26f55mtd: spi-nor: spansion: Remove NO_SFDP_FLAGS from s28hs512t info | *b951d4924cKVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available | *189cdd8fe7KVM: x86: Track supported PERF_CAPABILITIES in kvm_caps | *0457b6d04fperf/x86/core: Zero @lbr instead of returning -1 in x86_perf_get_lbr() stub | *9239f895a8crypto: ccp - Clear PSP interrupt status register before calling handler | *add662775ddrm/vmwgfx: Fix Legacy Display Unit atomic drm support | *b3204cb3e0drm/vmwgfx: Remove explicit and broken vblank handling | *c613c951e6usb: dwc3: gadget: Execute gadget stop after halting the controller | *065c3d4319USB: dwc3: gadget: drop dead hibernation code * |ec2daee24cANDROID: add memset32 to db835c list of exported symbols needed. * |3ec1d2a158Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__" * |b4c489e551Revert "posix-cpu-timers: Implement the missing timer_wait_running callback" * |e4446b24fdRevert "KVM: arm64: Avoid vcpu->mutex v. kvm->lock inversion in CPU_ON" * |2bd2fb9c82Revert "KVM: arm64: Avoid lock inversion when setting the VM register width" * |b8b87a4a37Revert "KVM: arm64: Use config_lock to protect data ordered against KVM_RUN" * |6c2658e477Revert "KVM: arm64: Use config_lock to protect vgic state" * |c937035a5dRevert "KVM: arm64: vgic: Don't acquire its_lock before config_lock" * |ef75a88787Merge 6.1.28 into android14-6.1-lts |\| | *bf4ad6fa4eLinux 6.1.28 | *4507918cd1netfilter: nf_tables: deactivate anonymous set from preparation phase | *1887a4faffscsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() | *6dc7e36334debugobject: Ensure pool refill (again) | *010842e882drm/amd/display (gcc13): fix enum mismatch | *915923898fi40e: use int for i40e_status | *8c82be5525i40e: Remove string printing for i40e_status | *3cd9d45e87i40e: Remove unused i40e status codes | *b593f157a8sfc (gcc13): synchronize ef100_enqueue_skb()'s return type | *245653ed73block/blk-iocost (gcc13): keep large values in a new enum | *40db6d172bperf intel-pt: Fix CYC timestamps after standalone CBR | *376e662ebbperf auxtrace: Fix address filter entire kernel size | *146b7251c1wifi: ath11k: synchronize ath11k_mac_he_gi_to_nl80211_he_gi()'s return type | *d8d206beb3bonding (gcc13): synchronize bond_{a,t}lb_xmit() types | *55c91905b9thunderbolt: Use correct type in tb_port_is_clx_enabled() prototype | *e4a37e9060cifs: protect session status check in smb2_reconnect() | *64d62ac6d6cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname | *a744060574blk-iocost: avoid 64-bit division in ioc_timer_fn | *7ac1a137bedm: don't lock fs when the map is NULL in process of resume | *9a94ebc74cdm ioctl: fix nested locking in table_clear() to remove deadlock concern | *cb874a190fdm flakey: fix a crash with invalid table line | *3877b5c150dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path | *21d5198c21dm clone: call kmem_cache_destroy() in dm_clone_init() error path | *1da79e01e4dm verity: fix error handling for check_at_most_once on FEC | *2f5aa54e40vhost_vdpa: fix unmap process in no-batch mode | *6b5b755463mm/mempolicy: correctly update prev when policy is equal on mbind | *840516585cia64: fix an addr to taddr in huge_pte_offset() | *7964bacf83s390/dasd: fix hanging blockdevice after request requeue | *9628d45a06btrfs: scrub: reject unsupported scrub flags | *7a0a402930scripts/gdb: fix lx-timerlist for Python3 | *a16e911775clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent | *5b4052aa95clk: microchip: fix potential UAF in auxdev release callback | *39712c8aebwifi: rtw89: fix potential race condition between napi_init and napi_enable | *4309330641wifi: rtl8xxxu: RTL8192EU always needs full init | *ead3b023aemailbox: zynqmp: Fix typo in IPI documentation | *706ae66574kcsan: Avoid READ_ONCE() in read_instrumented_memory() | *c051c472fbmailbox: zynqmp: Fix IPI isr handling | *8cc1ab7de2mtd: spi-nor: core: Update flash's current address mode when changing address mode | *f1b4affca1mtd: core: fix error path for nvmem provider | *26358f3304mtd: core: fix nvmem error reporting | *43a72c1619mtd: core: provide unique name for nvmem device, take two | *da4c747730kasan: hw_tags: avoid invalid virt_to_page() | *507fbfa79amd/raid5: Improve performance for sequential IO | *b50fd1c3d9md/raid10: fix null-ptr-deref in raid10_sync_request | *acffdf1a7fdrbd: correctly submit flush bio on barrier | *8d67449f90mm: do not reclaim private data from pinned page | *25457d07c8nilfs2: fix infinite loop in nilfs_mdt_get_block() | *a73201c607nilfs2: do not write dirty data after degenerating to read-only | *4844052acbALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop | *358aa78c02ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED | *6d57f6cc21ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 | *b433bfab89ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 | *9e915d81f5ALSA: usb-audio: Add quirk for Pioneer DDJ-800 | *fd02867177parisc: Ensure page alignment in flush functions | *b80b7a9bb8parisc: Fix argument pointer in real64_call_asm() | *274c0b0c2fafs: Avoid endless loop if file is larger than expected | *7b6ccf752aafs: Fix getattr to report server i_size on dirs, not local size | *2cfce11132afs: Fix updating of i_size with dv jump from server | *72f3217aa1PM: hibernate: Do not get block device exclusively in test_resume mode | *208ba216ccPM: hibernate: Turn snapshot_test into global variable | *fc3153a914ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini | *fed87ce073hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id() | *a51e150ef9hte: tegra: fix 'struct of_device_id' build error | *5790f76dd2mfd: arizona-spi: Add missing MODULE_DEVICE_TABLE | *d617022971mfd: ocelot-spi: Fix unsupported bulk read | *eefc8cbb60mfd: tqmx86: Correct board names for TQMxE39x | *4598908562mfd: tqmx86: Specify IO port register range more precisely | *8c989fa9e8mfd: tqmx86: Do not access I2C_DETECT register through io_base | *b3b3f66bd4thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe | *86dfb47094pinctrl-bcm2835.c: fix race condition when setting gpio dir | *6107896806dmaengine: at_xdmac: do not enable all cyclic channels | *a8c24a80dedmaengine: dw-edma: Fix to enable to issue dma request on DMA processing | *7d28c500e5dmaengine: dw-edma: Fix to change for continuous transfer | *502c33c7e7dma: gpi: remove spurious unlock in gpi_ch_init | *a1f131d2e1phy: ti: j721e-wiz: Fix unreachable code in wiz_mode_select() | *548113502ephy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port | *6c0df503cdsoundwire: intel: don't save hw_params for use in prepare | *bae3248bb1soundwire: cadence: rename sdw_cdns_dai_dma_data as sdw_cdns_dai_runtime | *655b647245pwm: mtk-disp: Configure double buffering before reading in .get_state() | *7cbcb1ca53pwm: mtk-disp: Disable shadow registers before setting backlight values | *19f5910a1eleds: tca6507: Fix error handling of using fwnode_property_read_string | *8c16219c96dmaengine: mv_xor_v2: Fix an error code. | *60d95b747fpinctrl: ralink: reintroduce ralink,rt2880-pinmux compatible string | *1b50402d3aleds: TI_LMU_COMMON: select REGMAP instead of depending on it | *eefc7676d5pinctrl: renesas: r8a779g0: Fix ERROROUTC function names | *d6004abdf5pinctrl: renesas: r8a779g0: Fix Group 6/7 pin functions | *3727fafed7pinctrl: renesas: r8a779g0: Fix Group 4/5 pin functions | *9af5833818pinctrl: renesas: r8a779f0: Fix tsn1_avtp_pps pin group | *6a02dda054pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration | *96d440bee1ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline | *d30090eb54ext4: fix i_disksize exceeding i_size problem in paritally written case | *32dce45c8eSMB3: Close deferred file handles in case of handle lease break | *3aa9d065b0SMB3: Add missing locks to protect deferred close file list | *c2b990d7aatimekeeping: Fix references to nonexistent ktime_get_fast_ns() | *b265609a2aopenrisc: Properly store r31 to pt_regs on unhandled exceptions | *369d9e8faeclocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails | *07ad6cc82bRDMA/mlx5: Use correct device num_ports when modify DC | *43d48cec9aSUNRPC: remove the maximum number of retries in call_bind_status | *10dcd0ed78RDMA/mlx5: Fix flow counter query via DEVX | *9116528937RDMA/mlx5: Check pcie_relaxed_ordering_enabled() in UMR | *4aa9243ebeswiotlb: fix debugfs reporting of reserved memory pools | *e6c69b06e7swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup | *36d087e49dInput: raspberrypi-ts - fix refcount leak in rpi_ts_probe | *ed90364b42clk: qcom: dispcc-qcm2290: Remove inexistent DSI1PHY clk | *86d9cafdd8clk: qcom: dispcc-qcm2290: get rid of test clock | *c3d4119fa5clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling | *b75450f51cclk: qcom: lpassaudiocc-sc7280: Add required gdsc power domain clks in lpass_cc_sc7280_desc | *0b421824ecclk: qcom: lpasscc-sc7280: Skip qdsp6ss clock registration | *8f7f8d06afiommu/amd: Set page size bitmap during V2 domain allocation | *c49a8c5c8bNFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease | *9b75bd4eefclk: imx: imx8ulp: Fix XBAR_DIVBUS and AD_SLOW clock parents | *72ff6c1156clk: imx: fracn-gppll: disable hardware select control | *b32bb99316clk: imx: fracn-gppll: fix the rate table | *dce59b5443IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests | *39d39bfb82IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order | *4323aaedebRDMA/srpt: Add a check for valid 'mad_agent' pointer | *720c915a62RDMA/cm: Trace icm_send_rej event before the cm state is reset | *40b4ad4c17power: supply: rk817: Fix low SOC bugs | *8be358c804clk: qcom: gcc-sm6115: Mark RCGs shared where applicable | *e70ce21939RDMA/siw: Remove namespace check from siw_netdev_event() | *d3b2acaa14clk: add missing of_node_put() in "assigned-clocks" property parsing | *a2b3eaaa97power: supply: generic-adc-battery: fix unit scaling | *37f689d859iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN | *9163a5b4edfs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de() | *17048287acfs/ntfs3: Fix OOB read in indx_insert_into_buffer | *7898db22edfs/ntfs3: Add check for kmemdup | *1bc6bb657dfs/ntfs3: Fix memory leak if ntfs_read_mft failed | *7d374becc0RDMA/erdma: Use fixed hardware page size | *bb0433ae6frtc: k3: handle errors while enabling wake irq | *8a4e9482f4rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time | *3ce0df3493RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() | *5f5876ae29rtc: omap: include header for omap_rtc_power_off_program prototype | *c3c2aee6f9workqueue: Fix hung time report of worker pools | *8fbcfff083clk: qcom: gcc-qcm2290: Fix up gcc_sdcc2_apps_clk_src | *bddbb3b9dcRDMA/rdmavt: Delete unnecessary NULL check | *a6d8529dcfclk: mediatek: mt8135: Properly use CLK_IS_CRITICAL flag | *d193c4aea3clk: mediatek: mt7622: Properly use CLK_IS_CRITICAL flag | *2b18f12fe6clk: mediatek: Consistently use GATE_MTK() macro | *6f24e8ef33clk: mediatek: mt2712: Add error handling to clk_mt2712_apmixed_probe() | *23cc819125RDMA/siw: Fix potential page_array out of range access | *d7c8d32e5dIB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init | *a2290ed2afclk: at91: clk-sam9x60-pll: fix return value check | *0489c2b2c3tracing/user_events: Ensure write index cannot be negative | *6472a6d0c7sched/rt: Fix bad task migration for rt tasks | *1969b143d0riscv: Fix ptdump when KASAN is enabled | *e38f070a57Revert "objtool: Support addition to set CFA base" | *2d44928903perf/core: Fix hardlockup failure caused by perf throttle | *944465c772sched/fair: Fix inaccurate tally of ttwu_move_affine | *46f773f39epowerpc/rtas: use memmove for potentially overlapping buffer copy | *8bcecadabbmacintosh: via-pmu-led: requires ATA to be set | *5dae22c28fpowerpc/sysdev/tsi108: fix resource printk format warnings | *89e458456cpowerpc/wii: fix resource printk format warnings | *2f40b71e46powerpc/mpc512x: fix resource printk format warning | *f9325ac52fpowerpc/perf: Properly detect mpc7450 family | *7c71aee351macintosh/windfarm_smu_sat: Add missing of_node_put() | *c0f49bbb30selftests/powerpc/pmu: Fix sample field check in the mmcra_thresh_marked_sample_test | *ae69d36d46fbdev: mmp: Fix deferred clk handling in mmphw_probe() | *ce818ee162virtio_ring: don't update event idx on get_buf | *428cc25270spmi: Add a check for remove callback when removing a SPMI driver | *ec01408c0fstaging: rtl8192e: Fix W_DISABLE# does not work after stop/start | *7f43a5bde8spi: cadence-quadspi: use macro DEFINE_SIMPLE_DEV_PM_OPS | *727e92fe13serial: 8250: Add missing wakeup event reporting | *1ae3e5f202tty: serial: fsl_lpuart: adjust buffer length to the intended size | *26d40b3fcafirmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe | *f262734286usb: mtu3: fix kernel panic at qmu transfer done irq handler | *17993a13b5usb: chipidea: fix missing goto in `ci_hdrc_probe` | *94fa043a47usb: gadget: tegra-xudc: Fix crash in vbus_draw | *6a1cfc3036sh: sq: Fix incorrect element size for allocating bitmap buffer | *ef9f854103uapi/linux/const.h: prefer ISO-friendly __typeof__ | *9bc5e54177scripts/gdb: raise error with reduced debugging information | *06e661a259i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path | *a712b5a952i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path | *79acf7fb85spi: cadence-quadspi: fix suspend-resume implementations | *eef4c4109adrm/panel: novatek-nt35950: Only unregister DSI1 if it exists | *08e9653bb9PCI/PM: Extend D3hot delay for NVIDIA HDA controllers | *402299cca8ASoC: fsl_mqs: move of_node_put() to the correct location | *225e81c3afdrm/panel: novatek-nt35950: Improve error handling | *18e21fa199coresight: etm_pmu: Set the module field | *f0b58720f2cacheinfo: Check sib_leaf in cache_leaves_are_shared() | *8ba48e58baHID: amd_sfh: Handle "no sensors" enabled for SFH1.1 | *198474bef3HID: amd_sfh: Increase sensor command timeout for SFH1.1 | *a5e4df860dHID: amd_sfh: Correct the stop all command | *959f6ae96bHID: amd_sfh: Add support for shutdown operation | *dac12293c7HID: amd_sfh: Fix illuminance value | *e66a085d90HID: amd_sfh: Correct the sensor enable and disable command | *269259b7c7HID: amd_sfh: Correct the structure fields | *7035d8b73ascripts/gdb: bail early if there are no generic PD | *ce81376364scripts/gdb: bail early if there are no clocks | *15b29ac9b8ia64: salinfo: placate defined-but-not-used warning | *f890f34a15ia64: mm/contig: fix section mismatch warning/error | *ab0f424cd2PCI/EDR: Clear Device Status after EDR error recovery | *3e28d59a5fof: Fix modalias string generation | *d22b2a3572vmci_host: fix a race condition in vmci_host_poll() causing GPF | *282efdf472spi: fsl-spi: Fix CPM/QE mode Litte Endian | *55a32fd96einterconnect: qcom: rpm: drop bogus pm domain attach | *2d0f63077fspi: qup: Don't skip cleanup in remove's error path | *5e678bfebblinux/vt_buffer.h: allow either builtin or modular for macros | *321946fa10ASoC: es8316: Handle optional IRQ assignment | *873fff9fd6PCI: imx6: Install the fault handler only on compatible match | *9de1183f3fASoC: soc-compress: Inherit atomicity from DAI link for Compress FE | *df23805209usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition | *6d16305a15spi: imx: Don't skip cleanup in remove's error path | *f6974fb204spi: atmel-quadspi: Free resources even if runtime resume failed in .remove() | *d748e32026spi: atmel-quadspi: Don't leak clk enable count in pm resume | *3eb8bebd02serial: 8250_bcm7271: Fix arbitration handling | *1757621b87iio: light: max44009: add missing OF device matching | *53cdfec251fpga: bridge: fix kernel-doc parameter description | *c996ca87cfserial: stm32: Re-assert RTS/DE GPIO in RS485 mode only if more data are transmitted | *3c5fafc27cusb: dwc3: gadget: Change condition for processing suspend event | *cd5708f605usb: host: xhci-rcar: remove leftover quirk handling | *9145880e8cpstore: Revert pmsg_lock back to a normal mutex | *70ee7b8a6ddrivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() | *2a50e44a66drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() | *a616392011ASoC: cs35l41: Only disable internal boost | *5eb0e23ab0ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it | *cb52e7f24ctcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. | *0211342dd6net: amd: Fix link leak when verifying config failed | *f040bee291netlink: Use copy_to_user() for optval in netlink_getsockopt(). | *952030c914Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" | *fc60067260ipv4: Fix potential uninit variable access bug in __ip_make_skb() | *4fbefeab88net/sched: sch_fq: fix integer overflow of "credit" | *8fa6c8dad4net: dpaa: Fix uninitialized variable in dpaa_stop() | *6cf1d03a42netfilter: nf_tables: don't write table validation state without mutex | *551a26668cbpf: Don't EFAULT for getsockopt with optval=NULL | *c3fb321447bpf: Fix race between btf_put and btf_idr walk. | *ad5b2cf5d1net: stmmac:fix system hang when setting up tag_8021q VLAN for DSA ports | *fd40d2eb5enet/mlx5e: Nullify table pointer when failing to create | *15968f6508net/mlx5: Use recovery timeout on sync reset flow | *c63830a1ccRevert "net/mlx5: Remove "recovery" arg from mlx5_load_one() function" | *c499593821net/mlx5: Suspend auxiliary devices only in case of PCI device suspend | *d481a6800bnet/mlx5: Remove "recovery" arg from mlx5_load_one() function | *62fea2c2e4net/mlx5e: Fix error flow in representor failing to add vport rx rule | *2ca9f9b837net/mlx5: E-switch, Don't destroy indirect table in split rule | *8b5f696288net/mlx5: E-switch, Create per vport table based on devlink encap mode | *c382b693ffnet/mlx5e: Don't clone flow post action attributes second time | *707a31951fixgbe: Enable setting RSS table to default values | *c8b37d2b5bixgbe: Allow flow hash to be set via ethtool | *37f64bc8e0wifi: iwlwifi: fw: fix memory leak in debugfs | *80c5ba0078netfilter: conntrack: fix wrong ct->timeout value | *6a62a2a09cnetfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert() | *d6e03af0a4wifi: iwlwifi: mvm: check firmware response size | *180c4ae0dewifi: mt76: connac: fix txd multicast rate setting | *d365e14483wifi: mt76: mt7921e: stop chip reset worker in unregister hook | *741bf262bdwifi: mt76: mt7921e: improve reliability of dma reset | *1ab837a342wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` | *11181b6c86mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data | *c42efff820wifi: mt76: fix 6GHz high channel not be scanned | *c5cdab3c04wifi: mt76: mt7921e: fix probe timeout after reboot | *27ce664b7fwifi: mt76: add flexible polling wait-interval support | *710f3c7fb3wifi: mt76: handle failure of vzalloc in mt7615_coredump_work | *9c036152adwifi: mt76: mt7915: expose device tree match table | *bd5121ef18wifi: iwlwifi: make the loop for card preparation effective | *5611be6c3dio_uring/rsrc: use nospec'ed indexes | *f1bd3414d9jdb2: Don't refuse invalidation of already invalidated buffers | *f6b46f8438wifi: iwlwifi: fw: move memset before early return | *6b345ddd49wifi: iwlwifi: mvm: initialize seq variable | *243f6d6ba5wifi: iwlwifi: yoyo: Fix possible division by zero | *7c31103f7fwifi: iwlwifi: yoyo: skip dump correctly on hw error | *164acf216cwifi: iwlwifi: mvm: don't drop unencrypted MCAST frames | *8f3382624cmd/raid10: don't call bio_start_io_acct twice for bio which experienced read error | *36ba0c7b86md/raid10: fix memleak of md thread | *b21019a220md/raid10: fix memleak for 'conf->bio_split' | *11141630f0md/raid10: fix leak of 'r10bio->remaining' for recovery | *9050576bffmd/raid10: fix task hung in raid10d | *df6222b01ff2fs: fix to check return value of inc_valid_block_count() | *2eb5d0165bf2fs: fix to check return value of f2fs_do_truncate_blocks() | *a8091dc814bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap | *339d14334awifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported protocols | *6f14a94501wifi: iwlwifi: trans: don't trigger d3 interrupt twice | *8e5d05ca15wifi: iwlwifi: debug: fix crash in __iwl_err() | *6aa401a654blk-mq: don't plug for head insertions in blk_execute_rq_nowait | *3c0b799346selftests/bpf: Fix leaked bpf_link in get_stackid_cannot_attach | *67c81ecbf7selftests/bpf: Use read_perf_max_sample_freq() in perf_event_stackmap | *160fcf5c6bnvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" | *0f1c4ae80dnvme: fix async event trace event | *1e4f23c61fnvmet: fix I/O Command Set specific Identify Controller | *fd95ae3bb8nvmet: fix Identify Active Namespace ID list handling | *4898a8d6b1nvmet: fix Identify Controller handling | *4a7a14e87cnvmet: fix Identify Namespace handling | *b743d68c9fnvmet: fix error handling in nvmet_execute_identify_cns_cs_ns() | *1d4ac7b0ffbpf, sockmap: fix deadlocks in the sockhash and sockmap | *cfc7ee210fwifi: ath11k: fix writing to unintended memory region | *f43744872anet: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling | *c649bf43a2net: ethernet: stmmac: dwmac-rk: rework optional clock handling | *e6f1ef4a53scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() | *52c3d68d99bpf/btf: Fix is_int_ptr() | *1f1267ce0bwifi: iwlwifi: fix duplicate entry in iwl_dev_info_table | *7d058f0ab1f2fs: fix to avoid use-after-free for cached IPU bio | *3ee343914cxsk: Fix unaligned descriptor validation | *8bc8e34e80crypto: drbg - Only fail when jent is unavailable in FIPS mode | *81366e333cbpftool: Fix bug for long instructions in program CFG dumps | *d199c2b394selftests/bpf: Wait for receive in cg_storage_multi test | *751168d0d2selftests: xsk: Deflakify STATS_RX_DROPPED test | *0ea59567d0selftests: xsk: Disable IPv6 on VETH1 | *30a4ff7eb4selftests: xsk: Use correct UMEM size in testapp_invalid_desc | *90d2f5225dnet: qrtr: correct types of trace event parameters | *a7f5be2ac0f2fs: fix iostat lock protection | *bea3f8aa99wifi: rt2x00: Fix memory leak when handling surveys | *828439964fscsi: hisi_sas: Handle NCQ error when IPTT is valid | *cd94f74888scsi: libsas: Add sas_ata_device_link_abort() | *f7871c9df1wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() | *4eb666646cwifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() | *7f6714fc2acrypto: sa2ul - Select CRYPTO_DES | *be42155499crypto: caam - Clear some memory in instantiate_rng | *74f74c8b84f2fs: fix scheduling while atomic in decompression path | *6604df2a9df2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() | *88fccb8d0cf2fs: apply zone capacity to all zone type | *d9e30b8ed4f2fs: fix uninitialized skipped_gc_rwsem | *61fbf097b7f2fs: handle dqget error in f2fs_transfer_project_quota() | *10f7b4975bnet: sunhme: Fix uninitialized return code | *e3e55385fascsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS | *770c3fd4d7scsi: target: iscsit: Fix TAS handling during conn cleanup | *eacfe32c36scsi: target: Fix multiple LUN_RESET handling | *cc84bbdde9scsi: target: iscsit: Stop/wait on cmds during conn close | *edd9002071scsi: target: iscsit: isert: Alloc per conn cmd counter | *b7ca8ded37scsi: target: Pass in cmd counter to use during cmd setup | *741443436escsi: target: Move cmd counter allocation | *76b77646f1scsi: target: Move sess cmd counter to new struct | *87ee7227ccscsi: target: core: Change the way target_xcopy_do_work() sets restiction on max I/O | *f9361cf40bbpf: Fix __reg_bound_offset 64->32 var_off subreg propagation | *2361aee1c5netfilter: keep conntrack reference until IPsecv6 policy checks are done | *8d05f25475net: dsa: qca8k: remove assignment of an_enabled in pcs_get_state() | *c997f28917libbpf: Fix ld_imm64 copy logic for ksym in light skeleton. | *382310d9c8net/packet: convert po->auxdata to an atomic flag | *3eae0f4c31net/packet: convert po->origdev to an atomic flag | *f2d971608anet/packet: annotate accesses to po->xmit | *c3ee3540a1vlan: partially enable SIOCSHWTSTAMP in container | *07782db81enet: pcs: xpcs: remove double-read of link state when using AN | *157c84b793bpf: Remove misleading spec_v1 check on var-offset stack read | *b73438a4a6selftests/bpf: Fix a fd leak in an error path in network_helpers.c | *0324300dcewifi: ath11k: fix deinitialization of firmware resources | *af5265c64dscm: fix MSG_CTRUNC setting condition for SO_PASSSEC | *1f1fba8b3acrypto: qat - fix concurrency issue when device state changes | *a62ba7e0d2bpf: fix precision propagation verbose logging | *0049d2eddabpf: take into account liveness when propagating precision | *78eee85913wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() | *154d4d630ewifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() | *1c8f46578dtools: bpftool: Remove invalid \' json escape | *644df7e865wifi: ath6kl: reduce WARN to dev_dbg() in callback | *0022a3936ewifi: brcmfmac: support CQM RSSI notification with older firmware | *9354826c02wifi: ath11k: fix SAC bug on peer addition with sta band migration | *76f9b0d6f0wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() | *7e5f42abfcwifi: ath5k: Use platform_get_irq() to get the interrupt | *7d3fd8da72wifi: ath11k: Use platform_get_irq() to get the interrupt | *9b9356a301wifi: ath9k: hif_usb: fix memory leak of remain_skbs | *1a59067bdewifi: ath6kl: minor fix for allocation size | *830d79af9eplatform/chrome: cros_typec_switch: Add missing fwnode_handle_put() | *aefea3016ahwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E | *d29faefa8drpmsg: glink: Propagate TX failures in intentless mode as well | *2f51bac276cpufreq: use correct unit when verify cur freq | *0985838a9cACPI: bus: Ensure that notify handlers are not running after removal | *290e26ec0dtick/common: Align tick period with the HZ tick. | *0fe6ef82e4drm/i915: Make intel_get_crtc_new_encoder() less oopsy | *fc2b20c092debugobject: Prevent init race with static objects | *1d1735c6fbmedia: mediatek: vcodec: add remove function for decoder platform driver | *c692a44bc5media: mediatek: vcodec: fix decoder disable pm crash | *54e85ee2b4perf/arm-cmn: Fix port detection for CMN-700 | *a8897bffcaarm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step | *3df8a87394x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() | *f25994f7a9regulator: stm32-pwr: fix of_iomap leak | *16c7fcbfe0media: venus: dec: Fix capture formats enumeration order | *1e229899e3media: venus: dec: Fix handling of the start cmd | *b21a9a57c7media: rc: gpio-ir-recv: Fix support for wake-up | *b75aaebac2drm/amd/display: Fix potential null dereference | *fd22e8c8c3media: hi846: Fix memleak in hi846_init_controls() | *893b267cccmedia: v4l: async: Return async sub-devices to subnotifier list | *45b7461d91media: rcar_fdp1: Fix refcount leak in probe and remove function | *affad9e791media: platform: mtk-mdp3: fix potential frame size overflow in mdp_try_fmt_mplane() | *5a72aea9acmedia: saa7134: fix use after free bug in saa7134_finidev due to race condition | *305262a23cmedia: dm1105: Fix use after free bug in dm1105_remove due to race condition | *1495945f7cplatform/x86/amd: pmc: Move out of BIOS SMN pair for STB init | *1603a098b4platform/x86/amd: pmc: Utilize SMN index 0 for driver probe | *f82af0dd22platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` | *4e6c35193aplatform/x86/amd: pmc: Don't dump data after resume from s0i3 on picasso | *abfb0ff870platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso | *d1dbf5b7eaplatform/x86/amd: pmc: Don't try to read SMU version on Picasso | *1c1798c45bplatform/x86/amd/pmf: Move out of BIOS SMN pair for driver probe | *6a17add9c6media: rkvdec: fix use after free bug in rkvdec_remove | *2cdc8f729dmedia: cedrus: fix use after free bug in cedrus_remove due to race condition | *231a6947ffmedia: mediatek: vcodec: change lat thread decode error condition | *b02cd74741media: mediatek: vcodec: making sure queue_work successfully | *60fe2a3d6dmedia: mediatek: vcodec: remove unused lat_buf | *8be5ead0b3media: mediatek: vcodec: add core decode done event | *894278b772media: mediatek: vcodec: move lat_buf to the top of core list | *f08900ca36media: mediatek: vcodec: using each instance lat_buf count replace core ready list | *8aae2e6444media: mediatek: vcodec: add params to record lat and core lat_buf count | *01dc8f41fcmedia: mediatek: vcodec: Force capture queue format to MM21 | *4d5c8a8916media: mediatek: vcodec: Make MM21 the default capture format | *5c4cc91b77media: mediatek: vcodec: Use 4K frame size when supported by stateful decoder | *0333177548arm64: dts: sc7280: Rename qspi data12 as data23 | *edbbd78148arm64: dts: sc7180: Rename qspi data12 as data23 | *39f6de10dfarm64: dts: qcom: msm8994-angler: removed clash with smem_region | *57aa05d59barm64: dts: qcom: msm8994-angler: Fix cont_splash_mem mapping | *7eaa457d1ex86/apic: Fix atomic update of offset in reserve_eilvt_offset() | *849ab4cf18regulator: core: Avoid lockdep reports when resolving supplies | *fd092b355aregulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() | *d2151c5d9ddrm/ttm/pool: Fix ttm_pool_alloc error path | *5e5a4185c6drm/ttm: optimize pool allocations a bit v2 | *dfd1c26e40arm64: dts: qcom: apq8096-db820c: drop unit address from PMI8994 regulator | *3a0c0f7c2farm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator | *3c8cb6155aarm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator | *f3694202d9arm64: dts: qcom: sc7180-trogdor-pazquel: correct trackpad supply | *f89b2591bbarm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply | *d7d13d353aarm64: dts: qcom: sc7280-herobrine-villager: correct trackpad supply | *958c6cbc32gpu: host1x: Fix memory leak of device names | *b81cfee967gpu: host1x: Fix potential double free if IOMMU is disabled | *62cb9c468dsoc: renesas: renesas-soc: Release 'chipid' from ioremap() | *724911eeaesoc: bcm: brcmstb: biuctrl: fix of_iomap leak | *4cf71779eamailbox: mpfs: switch to txdone_poll | *41a51318abdrm/mediatek: dp: Change the aux retries times when receiving AUX_DEFER | *e80c69eb79drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() | *a260921b81ACPI: VIOT: Initialize the correct IOMMU fwspec | *1a258bfa00arm64: dts: mediatek: mt8192-asurada: Fix voltage constraint for Vgpu | *82f6ffb8e0cpufreq: qcom-cpufreq-hw: Revert adding cpufreq qos | *2e8aad9cd5cpufreq: mediatek: Raise proc and sram max voltage for MT7622/7623 | *9a5fa6333fcpufreq: mediatek: raise proc/sram max voltage for MT8516 | *4bacdbd7d9cpufreq: mediatek: fix KP caused by handler usage after regulator_put/clk_put | *bd1c006872cpufreq: mediatek: fix passing zero to 'PTR_ERR' | *f977dbefeaarm64: dts: apple: t8103: Disable unused PCIe ports | *eb617ab023ARM: dts: stm32: fix spi1 pin assignment on stm32mp15 | *7ff92db0ddperf/arm-cmn: Move overlapping wp_combine field | *198ca89deafirmware: arm_scmi: Fix xfers allocation on Rx channel | *da3babe96bARM: dts: gta04: fix excess dma channel usage | *fd67875ebadrm: rcar-du: Fix a NULL vs IS_ERR() bug | *46a1c9ba90arm64: dts: qcom: sm8450: fix pcie1 gpios properties name | *98893ae40bmmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data | *1975bf0259ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 | *a24194121edrm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings | *acd8f2efa2arm64: dts: qcom: sm8350-microsoft-surface: fix USB dual-role mode property | *577a64725bvirt/coco/sev-guest: Double-buffer messages | *0289170151drm: msm: adreno: Disable preemption on Adreno 510 | *a8d2b46954drm/msm/adreno: drop bogus pm_runtime_set_active() | *a9b3ef13ebarm64: dts: ti: k3-am62a7: Correct L2 cache size to 512KB | *fe9dc0a264arm64: dts: ti: k3-am625: Correct L2 cache size to 512KB | *1e9fc6c473media: max9286: Free control handler | *052d22acd7drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 | *1f141fe515firmware: qcom_scm: Clear download bit during reboot | *423350af9emedia: av7110: prevent underflow in write_ts_to_decoder() | *0883003ffbmedia: amphion: decoder implement display delay enable | *51fc1880e4media: platform: mtk-mdp3: Add missing check and free for ida_alloc | *c2e5548173media: bdisp: Add missing check for create_workqueue | *ba8ffb1251x86/MCE/AMD: Use an u64 for bank_map | *c0a8025c74ARM: dts: qcom: sdx55: Fix the unit address of PCIe EP node | *2b5325f9ccARM: dts: qcom: ipq8064: Fix the PCI I/O port range | *2ebb3f120eARM: dts: qcom: ipq4019: Fix the PCI I/O port range | *671c3a4d7darm64: dts: qcom: sm8450: Fix the PCI I/O port range | *5334324f09arm64: dts: qcom: sm8150: Fix the PCI I/O port range | *be81014936arm64: dts: qcom: sm8250: Fix the PCI I/O port range | *87397ffbc9arm64: dts: qcom: msm8996: Fix the PCI I/O port range | *c8178285baarm64: dts: qcom: ipq6018: Fix the PCI I/O port range | *7803b357d9arm64: dts: qcom: ipq8074: Fix the PCI I/O port range | *ec67a4ef28arm64: dts: qcom: sc7280: Fix the PCI I/O port range | *a35d6fdd7farm64: dts: qcom: msm8998: Fix the PCI I/O port range | *6035794dd2arm64: dts: qcom: sdm845: Fix the PCI I/O port range | *44018ad5f2arm64: dts: qcom: sdm845: correct dynamic power coefficients | *7cb0802954arm64: dts: qcom: sc7280: fix EUD port properties | *bd90d249bcarm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name | *6c6a69f822arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename | *1be866857aarm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames | *c0454f814barm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name | *93c22d107aarm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property | *5ea54b26d6arm64: dts: ti: k3-am62a7-sk: Fix DDR size to full 4GB | *5d77e665eearm64: dts: ti: k3-am62-main: Fix GPIO numbers in DT | *d585d1072eregulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted | *36ecd6c6edARM: dts: qcom-apq8064: Fix opp table child name | *6006310a47EDAC/skx: Fix overflows on the DRAM row address mapping arrays | *2c8c8398e1drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources | *6524d3d587drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached | *6fcfd2861farm64: dts: renesas: r9a07g043: Update IRQ numbers for SSI channels | *14c480b2f3arm64: dts: renesas: r9a07g043: Introduce SOC_PERIPHERAL_IRQ() macro to specify interrupt property | *e83e635becarm64: dts: renesas: r9a07g054: Update IRQ numbers for SSI channels | *684fecd4f3arm64: dts: renesas: r9a07g044: Update IRQ numbers for SSI channels | *dc062516dbarm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table | *c82f50e55farm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table | *6dbcc493a1soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe | *f5222fbd79tools/x86/kcpuid: Fix avx512bw and avx512lvl fields in Fn00000007 | *78e32896ecdrm/amdgpu: register a vga_switcheroo client for MacBooks with apple-gmux | *809a3fb8d8drm/probe-helper: Cancel previous job before starting new one | *6bd38a1454drm/vgem: add missing mutex_destroy | *46473f3bd1drm/i915/dg2: Drop one PCI ID | *86a77cef09drm/rockchip: Drop unbalanced obj unref | *0955b8eac3erofs: fix potential overflow calculating xattr_isize | *50f1c1fba0erofs: initialize packed inode after root inode is assigned | *7ee7a86e28erofs: stop parsing non-compact HEAD index if clusterofs is invalid | *fe2f093b05tpm, tpm_tis: Claim locality when interrupts are reenabled on resume | *380f9f79b4tpm, tpm: Implement usage counter for locality | *71becf3ffetpm, tpm_tis: Claim locality before writing interrupt registers | *0085052a2ctpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed | *10eea3cfdatpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register | *12839c326atpm, tpm_tis: Do not skip reset of original interrupt vector | *784c206c66selinux: ensure av_permissions.h is built when needed | *5453f22911selinux: fix Makefile dependencies of flask.h | *74f77a799dselftests/resctrl: Check for return value after write_schemata() | *bceef0c7f6selftests/resctrl: Allow ->setup() to return errors | *7a570dda1dselftests/resctrl: Move ->setup() call outside of test specific branches | *0bf90aac43selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem | *ae6803b663rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check | *05f437eba0kunit: fix bug in the order of lines in debugfs logs | *9ad3b38677kunit: improve KTAP compliance of KUnit test output | *d0e2f01b53ASoC: dt-bindings: qcom,lpass-rx-macro: correct minItems for clocks | *a2cbb1a45abus: mhi: host: Range check CHDBOFF and ERDBOFF | *4afe300afbbus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state | *cc3e7c0333bus: mhi: host: Remove duplicate ee check for syserr | *a6f5c84b41cxl/hdm: Fail upon detecting 0-sized decoders | *0ae98a8b4fxfs: don't consider future format versions valid | *2b2515b809ceph: fix potential use-after-free bug when trimming caps | *9f565752b3ubifs: Fix memory leak in do_rename | *29738e1bccubifs: Free memory for tmpfile name | *884e961674ubi: Fix return value overwrite issue in try_write_vid_and_data() | *ef9aac6036ubifs: Fix memleak when insert_old_idx() failed | *18c2346856Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path" | *ccfe866220RISC-V: Align SBI probe implementation with spec | *f8076d2a7fiommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE | *f455c9cb9edrm/amd/pm: re-enable the gfx imu when smu resume | *d78777c1d4swsmu/amdgpu_smu: Fix the wrong if-condition | *d79d3430e1tracing: Fix permissions for the buffer_percent file | *339dd534f2riscv: mm: remove redundant parameter of create_fdt_early_page_table | *3c96dd239ai2c: omap: Fix standard mode false ACK readings | *142a975738ACPI: video: Remove acpi_backlight=video quirk for Lenovo ThinkPad W530 | *18973b73faksmbd: fix deadlock in ksmbd_find_crypto_ctx() | *1f04905865ksmbd: not allow guest user on multichannel | *c3a3259675ksmbd: fix memleak in session setup | *a70751dd7bksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() | *b80422474fksmbd: call rcu_barrier() in ksmbd_server_exit() | *bd80d35725ksmbd: fix racy issue under cocurrent smb2 tree disconnect | *cec378687aKVM: RISC-V: Retry fault if vma_lookup() results become invalid | *e43cf7abecdrm/amd/display: fix a divided-by-zero error | *09c41688b6drm/amd/display: fix PSR-SU/DSC interoperability support | *2abff94db2drm/amd/display: limit timing for single dimm memory | *5e1574aa06drm/amd/display: Remove stutter only configurations | *f6ee841ff2relayfs: fix out-of-bounds access in relay_file_read | *5bd77c2393KVM: arm64: vgic: Don't acquire its_lock before config_lock | *569f33c3c2KVM: arm64: Use config_lock to protect vgic state | *2b57af7bb9KVM: arm64: Use config_lock to protect data ordered against KVM_RUN | *6c9d3f2a5eKVM: arm64: Avoid lock inversion when setting the VM register width | *36e0c405b8KVM: arm64: Avoid vcpu->mutex v. kvm->lock inversion in CPU_ON | *f01c5f1ae9KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted | *eae127cd2creiserfs: Add security prefix to xattr name in reiserfs_security_write() | *c8a3341b33rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed | *c0bf94154ccrypto: ccp - Don't initialize CCP for PSP 0x1649 | *b952a9cf3dcrypto: arm64/aes-neonbs - fix crash with CFI enabled | *4d9d2fd867crypto: safexcel - Cleanup ring IRQ workqueues on load failure | *42ca037d0ccrypto: api - Demote BUG_ON() in crypto_unregister_alg() to a WARN_ON() | *d9834abd8bring-buffer: Sync IRQ works before buffer destruction | *ad7cc2a29ering-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus | *cb99866895pinctrl: qcom: lpass-lpi: set output value before enabling output | *956bbf1871soundwire: qcom: correct setting ignore bit on v1.5.1 | *c2c563c137pwm: meson: Fix g12a ao clk81 name | *f7e930b179pwm: meson: Fix axg ao mux parents | *1b0341e8fbwifi: mt76: add missing locking to protect against concurrent rx/status calls | *b9f6845a49kheaders: Use array declaration instead of char | *9fd4768b09iio: addac: stx104: Fix race condition for stx104_write_raw() | *c38a4eb8aaiio: addac: stx104: Fix race condition when converting analog-to-digital | *44847a506eipmi: fix SSIF not responding under certain cond. | *aeff5808f1ipmi:ssif: Add send_retries increment | *a6b54af407MIPS: fw: Allow firmware to pass a empty env | *7f3340bf06fs: fix sysctls.c built | *3e7b8a723btick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem | *c94e5baa98serial: max310x: fix IO data corruption in batched operations | *65fdabefd9serial: 8250: Fix serial8250_tx_empty() race with DMA Tx | *719a2f969bserial: fix TIOCSRS485 locking | *27df5bca96xhci: fix debugfs register accesses while suspended | *7fb0b81e85tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH | *ad44530d46staging: iio: resolver: ads1210: fix config mode | *64ef787bb1blk-crypto: make blk_crypto_evict_key() more robust | *26632a5382blk-crypto: make blk_crypto_evict_key() return void | *7d206ec7a0blk-mq: release crypto keyslot before reporting I/O complete | *3b5fbb8219blk-crypto: Add a missing include directive | *5ca1668a9fblk-crypto: move internal only declarations to blk-crypto-internal.h | *3aab3abb85blk-crypto: add a blk_crypto_config_supported_natively helper | *f0efb23651blk-crypto: don't use struct request_queue for public interfaces | *316ad076e0blk-stat: fix QUEUE_FLAG_STATS clear | *3285613127media: ov8856: Do not check for for module version | *bccf9fe296posix-cpu-timers: Implement the missing timer_wait_running callback | *1408d27f25tpm: Add !tpm_amd_is_rng_defective() to the hwrng_unregister() call site | *ee508dfbafhwmon: (adt7475) Use device_property APIs when configuring polarity | *d899ae3e76hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write | *986bd947bcUSB: dwc3: fix runtime pm imbalance on unbind | *d4b1e04d27USB: dwc3: fix runtime pm imbalance on probe errors | *befdcb8e88usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive | *491d32c896usb: gadget: udc: core: Prevent redundant calls to pullup | *f6aaeacf05usb: gadget: udc: core: Invoke usb_gadget_connect only when started | *5b6c295947IMA: allow/fix UML builds | *38a42842a6phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes | *5c274804e2PCI: qcom: Fix the incorrect register usage in v2.7.0 config | *58e56aa838PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock | *a071769560PCI: kirin: Select REGMAP_MMIO | *6e5bf8c9f7powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU | *4403c7b7e5arm64: Stash shadow stack pointer in the task struct on interrupt | *2dd0f8994darm64: Always load shadow stack pointer directly from the task struct | *06003e3975ASoC: amd: ps: update the acp clock source. | *f9dc736e68ASoC: amd: fix ACP version typo mistake | *f66cd99959wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset | *24d158856cwireguard: timers: cast enum limits members to int in prints | *103f618ceex86/cpu: Add model number for Intel Arrow Lake processor | *88b9e97c14asm-generic/io.h: suppress endianness warnings for readq() and writeq() | *5ded8299b7tracing: Error if a trace event has an array for a __field() | *324b854ce4wifi: ath11k: reduce the MHI timeout to 20s | *cde9040428platform/x86: thinkpad_acpi: Add missing T14s Gen1 type to s2idle quirk list | *7e26bfb49dnet: sfp: add quirk enabling 2500Base-x for HG MXPD-483II | *388764ea64scsi: mpi3mr: Handle soft reset in progress fault code (0xF002) | *0ac10535aeselftests mount: Fix mount_setattr_test builds failed | *ec6f22171dnet: wwan: t7xx: do not compile with -Werror | *c58f26bdeeASoC: da7213.c: add missing pm_runtime_disable() | *e373f76e20ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 | *372bec6747iio: adc: palmas_gpadc: fix NULL dereference on rmmod | *c81f5c8b8cASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) | *32aae78314x86/hyperv: Block root partition functionality in a Confidential VM | *5c7648e96dASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm | *a89c7b86b5ASoC: Intel: soc-acpi: add table for Intel 'Rooks County' NUC M15 | *4f7b42a9bfASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 * |473e97f66cANDROID: add Android KABI build files to root .gitignore file * |db91e7bd8cANDROID: add more gki_module headers to .gitignore file * |9fcc8018f0Merge 6.1.27 into android14-6.1-lts |\| | *ca48fc16c4Linux 6.1.27 | *0bbec73fddriscv: No need to relocate the dtb as it lies in the fixmap region | *17509e73acriscv: Do not set initial_boot_params to the linear address of the dtb | *ed96b31435riscv: Move early dtb mapping into the fixmap region | *7cb8c95c0adriver core: Don't require dynamic_debug for initcall_debug probe timing | *ce0555352aUSB: serial: option: add UNISOC vendor and TOZED LT70C product | *17e5ce4d89btrfs: fix uninitialized variable warnings | *47e6893a5bbluetooth: Perform careful capability checks in hci_sock_ioctl() | *c4acbf3761gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU | *d27acf15c8drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var | *e29661611ewifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() | *34cec5cd7amptcp: fix accept vs worker race | *b45d8f5375mptcp: stops worker on unaccepted sockets at listener close | *862ea63fadmm/mempolicy: fix use-after-free of VMA iterator | *e1562cc202KVM: arm64: Retry fault if vma_lookup() results become invalid | *d70f63be62phy: phy-brcm-usb: Utilize platform_get_irq_byname_optional() | *7d057bf201um: Only disable SSE on clang to work around old GCC bugs * |da95c44967Merge branch android14-6.1 into android14-6.1-lts * |b6c9bd5fa6Merge 6.1.26 into android14-6.1-lts |/ *ca1c9012c9Linux 6.1.26 *ab91b09f39ASN.1: Fix check for strdup() success *1831d8cbaeASoC: fsl_sai: Fix pins setting for i.MX8QM platform *6cb818ed5fASoC: fsl_asrc_dma: fix potential null-ptr-deref *7a6593b5d7ASoC: SOF: pm: Tear down pipelines only if DSP was active *b528537d13mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock *71b6df69f1fpga: bridge: properly initialize bridge device before populating children *f8c3eb751aiio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() *342c1db4faInput: pegasus-notetaker - check pipe type when probing *a93c20f583gcc: disable '-Warray-bounds' for gcc-13 too *a09b9383b7sctp: Call inet6_destroy_sock() via sk->sk_destruct(). *a530b33fe9dccp: Call inet6_destroy_sock() via sk->sk_destruct(). *a8cf114105inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). *588d682251purgatory: fix disabling debug info *7ca973d830fuse: always revalidate rename target dentry *f9a20ef5e8MIPS: Define RUNTIME_DISCARD_EXIT in LD script *8d6a870a42KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() *9e7976c0cdKVM: arm64: Make vcpu flag updates non-preemptible *d362a03d92sched/fair: Fixes for capacity inversion detection *799c7301desched/fair: Consider capacity inversion in util_fits_cpu() *fe1c982958sched/fair: Detect capacity inversion *7e6631f782mm/mmap: regression fix for unmapped_area{_topdown} *059f24aff6mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages *bd6f3421a5mm: kmsan: handle alloc failures in kmsan_vmap_pages_range_noflush() *433a7ecaedmm: kmsan: handle alloc failures in kmsan_ioremap_page_range() *e8a7bdb6f7mm/huge_memory.c: warn with pr_warn_ratelimited instead of VM_WARN_ON_ONCE_FOLIO *519dbe737fmm/khugepaged: check again on anon uffd-wp during isolation *cc647e05dbmm/userfaultfd: fix uffd-wp handling for THP migration entries Change-Id: I350bd9237fc904298f9b2c6756a227389bcf722e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
4823 lines
124 KiB
C
4823 lines
124 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* linux/kernel/signal.c
|
|
*
|
|
* Copyright (C) 1991, 1992 Linus Torvalds
|
|
*
|
|
* 1997-11-02 Modified for POSIX.1b signals by Richard Henderson
|
|
*
|
|
* 2003-06-02 Jim Houston - Concurrent Computer Corp.
|
|
* Changes to use preallocated sigqueue structures
|
|
* to allow signals to be sent reliably.
|
|
*/
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/export.h>
|
|
#include <linux/init.h>
|
|
#include <linux/sched/mm.h>
|
|
#include <linux/sched/user.h>
|
|
#include <linux/sched/debug.h>
|
|
#include <linux/sched/task.h>
|
|
#include <linux/sched/task_stack.h>
|
|
#include <linux/sched/cputime.h>
|
|
#include <linux/file.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/proc_fs.h>
|
|
#include <linux/tty.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/coredump.h>
|
|
#include <linux/security.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/signal.h>
|
|
#include <linux/signalfd.h>
|
|
#include <linux/ratelimit.h>
|
|
#include <linux/task_work.h>
|
|
#include <linux/capability.h>
|
|
#include <linux/freezer.h>
|
|
#include <linux/pid_namespace.h>
|
|
#include <linux/nsproxy.h>
|
|
#include <linux/user_namespace.h>
|
|
#include <linux/uprobes.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/cn_proc.h>
|
|
#include <linux/compiler.h>
|
|
#include <linux/posix-timers.h>
|
|
#include <linux/cgroup.h>
|
|
#include <linux/audit.h>
|
|
#include <linux/oom.h>
|
|
|
|
#define CREATE_TRACE_POINTS
|
|
#include <trace/events/signal.h>
|
|
|
|
#include <asm/param.h>
|
|
#include <linux/uaccess.h>
|
|
#include <asm/unistd.h>
|
|
#include <asm/siginfo.h>
|
|
#include <asm/cacheflush.h>
|
|
#include <asm/syscall.h> /* for syscall_get_* */
|
|
|
|
#undef CREATE_TRACE_POINTS
|
|
#include <trace/hooks/signal.h>
|
|
#include <trace/hooks/dtask.h>
|
|
/*
|
|
* SLAB caches for signal bits.
|
|
*/
|
|
|
|
static struct kmem_cache *sigqueue_cachep;
|
|
|
|
int print_fatal_signals __read_mostly;
|
|
|
|
static void __user *sig_handler(struct task_struct *t, int sig)
|
|
{
|
|
return t->sighand->action[sig - 1].sa.sa_handler;
|
|
}
|
|
|
|
static inline bool sig_handler_ignored(void __user *handler, int sig)
|
|
{
|
|
/* Is it explicitly or implicitly ignored? */
|
|
return handler == SIG_IGN ||
|
|
(handler == SIG_DFL && sig_kernel_ignore(sig));
|
|
}
|
|
|
|
static bool sig_task_ignored(struct task_struct *t, int sig, bool force)
|
|
{
|
|
void __user *handler;
|
|
|
|
handler = sig_handler(t, sig);
|
|
|
|
/* SIGKILL and SIGSTOP may not be sent to the global init */
|
|
if (unlikely(is_global_init(t) && sig_kernel_only(sig)))
|
|
return true;
|
|
|
|
if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) &&
|
|
handler == SIG_DFL && !(force && sig_kernel_only(sig)))
|
|
return true;
|
|
|
|
/* Only allow kernel generated signals to this kthread */
|
|
if (unlikely((t->flags & PF_KTHREAD) &&
|
|
(handler == SIG_KTHREAD_KERNEL) && !force))
|
|
return true;
|
|
|
|
return sig_handler_ignored(handler, sig);
|
|
}
|
|
|
|
static bool sig_ignored(struct task_struct *t, int sig, bool force)
|
|
{
|
|
/*
|
|
* Blocked signals are never ignored, since the
|
|
* signal handler may change by the time it is
|
|
* unblocked.
|
|
*/
|
|
if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig))
|
|
return false;
|
|
|
|
/*
|
|
* Tracers may want to know about even ignored signal unless it
|
|
* is SIGKILL which can't be reported anyway but can be ignored
|
|
* by SIGNAL_UNKILLABLE task.
|
|
*/
|
|
if (t->ptrace && sig != SIGKILL)
|
|
return false;
|
|
|
|
return sig_task_ignored(t, sig, force);
|
|
}
|
|
|
|
/*
|
|
* Re-calculate pending state from the set of locally pending
|
|
* signals, globally pending signals, and blocked signals.
|
|
*/
|
|
static inline bool has_pending_signals(sigset_t *signal, sigset_t *blocked)
|
|
{
|
|
unsigned long ready;
|
|
long i;
|
|
|
|
switch (_NSIG_WORDS) {
|
|
default:
|
|
for (i = _NSIG_WORDS, ready = 0; --i >= 0 ;)
|
|
ready |= signal->sig[i] &~ blocked->sig[i];
|
|
break;
|
|
|
|
case 4: ready = signal->sig[3] &~ blocked->sig[3];
|
|
ready |= signal->sig[2] &~ blocked->sig[2];
|
|
ready |= signal->sig[1] &~ blocked->sig[1];
|
|
ready |= signal->sig[0] &~ blocked->sig[0];
|
|
break;
|
|
|
|
case 2: ready = signal->sig[1] &~ blocked->sig[1];
|
|
ready |= signal->sig[0] &~ blocked->sig[0];
|
|
break;
|
|
|
|
case 1: ready = signal->sig[0] &~ blocked->sig[0];
|
|
}
|
|
return ready != 0;
|
|
}
|
|
|
|
#define PENDING(p,b) has_pending_signals(&(p)->signal, (b))
|
|
|
|
static bool recalc_sigpending_tsk(struct task_struct *t)
|
|
{
|
|
if ((t->jobctl & (JOBCTL_PENDING_MASK | JOBCTL_TRAP_FREEZE)) ||
|
|
PENDING(&t->pending, &t->blocked) ||
|
|
PENDING(&t->signal->shared_pending, &t->blocked) ||
|
|
cgroup_task_frozen(t)) {
|
|
set_tsk_thread_flag(t, TIF_SIGPENDING);
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* We must never clear the flag in another thread, or in current
|
|
* when it's possible the current syscall is returning -ERESTART*.
|
|
* So we don't clear it here, and only callers who know they should do.
|
|
*/
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* After recalculating TIF_SIGPENDING, we need to make sure the task wakes up.
|
|
* This is superfluous when called on current, the wakeup is a harmless no-op.
|
|
*/
|
|
void recalc_sigpending_and_wake(struct task_struct *t)
|
|
{
|
|
if (recalc_sigpending_tsk(t))
|
|
signal_wake_up(t, 0);
|
|
}
|
|
|
|
void recalc_sigpending(void)
|
|
{
|
|
if (!recalc_sigpending_tsk(current) && !freezing(current))
|
|
clear_thread_flag(TIF_SIGPENDING);
|
|
|
|
}
|
|
EXPORT_SYMBOL(recalc_sigpending);
|
|
|
|
void calculate_sigpending(void)
|
|
{
|
|
/* Have any signals or users of TIF_SIGPENDING been delayed
|
|
* until after fork?
|
|
*/
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
set_tsk_thread_flag(current, TIF_SIGPENDING);
|
|
recalc_sigpending();
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
}
|
|
|
|
/* Given the mask, find the first available signal that should be serviced. */
|
|
|
|
#define SYNCHRONOUS_MASK \
|
|
(sigmask(SIGSEGV) | sigmask(SIGBUS) | sigmask(SIGILL) | \
|
|
sigmask(SIGTRAP) | sigmask(SIGFPE) | sigmask(SIGSYS))
|
|
|
|
int next_signal(struct sigpending *pending, sigset_t *mask)
|
|
{
|
|
unsigned long i, *s, *m, x;
|
|
int sig = 0;
|
|
|
|
s = pending->signal.sig;
|
|
m = mask->sig;
|
|
|
|
/*
|
|
* Handle the first word specially: it contains the
|
|
* synchronous signals that need to be dequeued first.
|
|
*/
|
|
x = *s &~ *m;
|
|
if (x) {
|
|
if (x & SYNCHRONOUS_MASK)
|
|
x &= SYNCHRONOUS_MASK;
|
|
sig = ffz(~x) + 1;
|
|
return sig;
|
|
}
|
|
|
|
switch (_NSIG_WORDS) {
|
|
default:
|
|
for (i = 1; i < _NSIG_WORDS; ++i) {
|
|
x = *++s &~ *++m;
|
|
if (!x)
|
|
continue;
|
|
sig = ffz(~x) + i*_NSIG_BPW + 1;
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case 2:
|
|
x = s[1] &~ m[1];
|
|
if (!x)
|
|
break;
|
|
sig = ffz(~x) + _NSIG_BPW + 1;
|
|
break;
|
|
|
|
case 1:
|
|
/* Nothing to do */
|
|
break;
|
|
}
|
|
|
|
return sig;
|
|
}
|
|
|
|
static inline void print_dropped_signal(int sig)
|
|
{
|
|
static DEFINE_RATELIMIT_STATE(ratelimit_state, 5 * HZ, 10);
|
|
|
|
if (!print_fatal_signals)
|
|
return;
|
|
|
|
if (!__ratelimit(&ratelimit_state))
|
|
return;
|
|
|
|
pr_info("%s/%d: reached RLIMIT_SIGPENDING, dropped signal %d\n",
|
|
current->comm, current->pid, sig);
|
|
}
|
|
|
|
/**
|
|
* task_set_jobctl_pending - set jobctl pending bits
|
|
* @task: target task
|
|
* @mask: pending bits to set
|
|
*
|
|
* Clear @mask from @task->jobctl. @mask must be subset of
|
|
* %JOBCTL_PENDING_MASK | %JOBCTL_STOP_CONSUME | %JOBCTL_STOP_SIGMASK |
|
|
* %JOBCTL_TRAPPING. If stop signo is being set, the existing signo is
|
|
* cleared. If @task is already being killed or exiting, this function
|
|
* becomes noop.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @task->sighand->siglock held.
|
|
*
|
|
* RETURNS:
|
|
* %true if @mask is set, %false if made noop because @task was dying.
|
|
*/
|
|
bool task_set_jobctl_pending(struct task_struct *task, unsigned long mask)
|
|
{
|
|
BUG_ON(mask & ~(JOBCTL_PENDING_MASK | JOBCTL_STOP_CONSUME |
|
|
JOBCTL_STOP_SIGMASK | JOBCTL_TRAPPING));
|
|
BUG_ON((mask & JOBCTL_TRAPPING) && !(mask & JOBCTL_PENDING_MASK));
|
|
|
|
if (unlikely(fatal_signal_pending(task) || (task->flags & PF_EXITING)))
|
|
return false;
|
|
|
|
if (mask & JOBCTL_STOP_SIGMASK)
|
|
task->jobctl &= ~JOBCTL_STOP_SIGMASK;
|
|
|
|
task->jobctl |= mask;
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* task_clear_jobctl_trapping - clear jobctl trapping bit
|
|
* @task: target task
|
|
*
|
|
* If JOBCTL_TRAPPING is set, a ptracer is waiting for us to enter TRACED.
|
|
* Clear it and wake up the ptracer. Note that we don't need any further
|
|
* locking. @task->siglock guarantees that @task->parent points to the
|
|
* ptracer.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @task->sighand->siglock held.
|
|
*/
|
|
void task_clear_jobctl_trapping(struct task_struct *task)
|
|
{
|
|
if (unlikely(task->jobctl & JOBCTL_TRAPPING)) {
|
|
task->jobctl &= ~JOBCTL_TRAPPING;
|
|
smp_mb(); /* advised by wake_up_bit() */
|
|
wake_up_bit(&task->jobctl, JOBCTL_TRAPPING_BIT);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* task_clear_jobctl_pending - clear jobctl pending bits
|
|
* @task: target task
|
|
* @mask: pending bits to clear
|
|
*
|
|
* Clear @mask from @task->jobctl. @mask must be subset of
|
|
* %JOBCTL_PENDING_MASK. If %JOBCTL_STOP_PENDING is being cleared, other
|
|
* STOP bits are cleared together.
|
|
*
|
|
* If clearing of @mask leaves no stop or trap pending, this function calls
|
|
* task_clear_jobctl_trapping().
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @task->sighand->siglock held.
|
|
*/
|
|
void task_clear_jobctl_pending(struct task_struct *task, unsigned long mask)
|
|
{
|
|
BUG_ON(mask & ~JOBCTL_PENDING_MASK);
|
|
|
|
if (mask & JOBCTL_STOP_PENDING)
|
|
mask |= JOBCTL_STOP_CONSUME | JOBCTL_STOP_DEQUEUED;
|
|
|
|
task->jobctl &= ~mask;
|
|
|
|
if (!(task->jobctl & JOBCTL_PENDING_MASK))
|
|
task_clear_jobctl_trapping(task);
|
|
}
|
|
|
|
/**
|
|
* task_participate_group_stop - participate in a group stop
|
|
* @task: task participating in a group stop
|
|
*
|
|
* @task has %JOBCTL_STOP_PENDING set and is participating in a group stop.
|
|
* Group stop states are cleared and the group stop count is consumed if
|
|
* %JOBCTL_STOP_CONSUME was set. If the consumption completes the group
|
|
* stop, the appropriate `SIGNAL_*` flags are set.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @task->sighand->siglock held.
|
|
*
|
|
* RETURNS:
|
|
* %true if group stop completion should be notified to the parent, %false
|
|
* otherwise.
|
|
*/
|
|
static bool task_participate_group_stop(struct task_struct *task)
|
|
{
|
|
struct signal_struct *sig = task->signal;
|
|
bool consume = task->jobctl & JOBCTL_STOP_CONSUME;
|
|
|
|
WARN_ON_ONCE(!(task->jobctl & JOBCTL_STOP_PENDING));
|
|
|
|
task_clear_jobctl_pending(task, JOBCTL_STOP_PENDING);
|
|
|
|
if (!consume)
|
|
return false;
|
|
|
|
if (!WARN_ON_ONCE(sig->group_stop_count == 0))
|
|
sig->group_stop_count--;
|
|
|
|
/*
|
|
* Tell the caller to notify completion iff we are entering into a
|
|
* fresh group stop. Read comment in do_signal_stop() for details.
|
|
*/
|
|
if (!sig->group_stop_count && !(sig->flags & SIGNAL_STOP_STOPPED)) {
|
|
signal_set_stop_flags(sig, SIGNAL_STOP_STOPPED);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
void task_join_group_stop(struct task_struct *task)
|
|
{
|
|
unsigned long mask = current->jobctl & JOBCTL_STOP_SIGMASK;
|
|
struct signal_struct *sig = current->signal;
|
|
|
|
if (sig->group_stop_count) {
|
|
sig->group_stop_count++;
|
|
mask |= JOBCTL_STOP_CONSUME;
|
|
} else if (!(sig->flags & SIGNAL_STOP_STOPPED))
|
|
return;
|
|
|
|
/* Have the new thread join an on-going signal group stop */
|
|
task_set_jobctl_pending(task, mask | JOBCTL_STOP_PENDING);
|
|
}
|
|
|
|
/*
|
|
* allocate a new signal queue record
|
|
* - this may be called without locks if and only if t == current, otherwise an
|
|
* appropriate lock must be held to stop the target task from exiting
|
|
*/
|
|
static struct sigqueue *
|
|
__sigqueue_alloc(int sig, struct task_struct *t, gfp_t gfp_flags,
|
|
int override_rlimit, const unsigned int sigqueue_flags)
|
|
{
|
|
struct sigqueue *q = NULL;
|
|
struct ucounts *ucounts = NULL;
|
|
long sigpending;
|
|
|
|
/*
|
|
* Protect access to @t credentials. This can go away when all
|
|
* callers hold rcu read lock.
|
|
*
|
|
* NOTE! A pending signal will hold on to the user refcount,
|
|
* and we get/put the refcount only when the sigpending count
|
|
* changes from/to zero.
|
|
*/
|
|
rcu_read_lock();
|
|
ucounts = task_ucounts(t);
|
|
sigpending = inc_rlimit_get_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING);
|
|
rcu_read_unlock();
|
|
if (!sigpending)
|
|
return NULL;
|
|
|
|
if (override_rlimit || likely(sigpending <= task_rlimit(t, RLIMIT_SIGPENDING))) {
|
|
q = kmem_cache_alloc(sigqueue_cachep, gfp_flags);
|
|
} else {
|
|
print_dropped_signal(sig);
|
|
}
|
|
|
|
if (unlikely(q == NULL)) {
|
|
dec_rlimit_put_ucounts(ucounts, UCOUNT_RLIMIT_SIGPENDING);
|
|
} else {
|
|
INIT_LIST_HEAD(&q->list);
|
|
q->flags = sigqueue_flags;
|
|
q->ucounts = ucounts;
|
|
}
|
|
return q;
|
|
}
|
|
|
|
static void __sigqueue_free(struct sigqueue *q)
|
|
{
|
|
if (q->flags & SIGQUEUE_PREALLOC)
|
|
return;
|
|
if (q->ucounts) {
|
|
dec_rlimit_put_ucounts(q->ucounts, UCOUNT_RLIMIT_SIGPENDING);
|
|
q->ucounts = NULL;
|
|
}
|
|
kmem_cache_free(sigqueue_cachep, q);
|
|
}
|
|
|
|
void flush_sigqueue(struct sigpending *queue)
|
|
{
|
|
struct sigqueue *q;
|
|
|
|
sigemptyset(&queue->signal);
|
|
while (!list_empty(&queue->list)) {
|
|
q = list_entry(queue->list.next, struct sigqueue , list);
|
|
list_del_init(&q->list);
|
|
__sigqueue_free(q);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Flush all pending signals for this kthread.
|
|
*/
|
|
void flush_signals(struct task_struct *t)
|
|
{
|
|
unsigned long flags;
|
|
|
|
spin_lock_irqsave(&t->sighand->siglock, flags);
|
|
clear_tsk_thread_flag(t, TIF_SIGPENDING);
|
|
flush_sigqueue(&t->pending);
|
|
flush_sigqueue(&t->signal->shared_pending);
|
|
spin_unlock_irqrestore(&t->sighand->siglock, flags);
|
|
}
|
|
EXPORT_SYMBOL(flush_signals);
|
|
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
static void __flush_itimer_signals(struct sigpending *pending)
|
|
{
|
|
sigset_t signal, retain;
|
|
struct sigqueue *q, *n;
|
|
|
|
signal = pending->signal;
|
|
sigemptyset(&retain);
|
|
|
|
list_for_each_entry_safe(q, n, &pending->list, list) {
|
|
int sig = q->info.si_signo;
|
|
|
|
if (likely(q->info.si_code != SI_TIMER)) {
|
|
sigaddset(&retain, sig);
|
|
} else {
|
|
sigdelset(&signal, sig);
|
|
list_del_init(&q->list);
|
|
__sigqueue_free(q);
|
|
}
|
|
}
|
|
|
|
sigorsets(&pending->signal, &signal, &retain);
|
|
}
|
|
|
|
void flush_itimer_signals(void)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
unsigned long flags;
|
|
|
|
spin_lock_irqsave(&tsk->sighand->siglock, flags);
|
|
__flush_itimer_signals(&tsk->pending);
|
|
__flush_itimer_signals(&tsk->signal->shared_pending);
|
|
spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
|
|
}
|
|
#endif
|
|
|
|
void ignore_signals(struct task_struct *t)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < _NSIG; ++i)
|
|
t->sighand->action[i].sa.sa_handler = SIG_IGN;
|
|
|
|
flush_signals(t);
|
|
}
|
|
|
|
/*
|
|
* Flush all handlers for a task.
|
|
*/
|
|
|
|
void
|
|
flush_signal_handlers(struct task_struct *t, int force_default)
|
|
{
|
|
int i;
|
|
struct k_sigaction *ka = &t->sighand->action[0];
|
|
for (i = _NSIG ; i != 0 ; i--) {
|
|
if (force_default || ka->sa.sa_handler != SIG_IGN)
|
|
ka->sa.sa_handler = SIG_DFL;
|
|
ka->sa.sa_flags = 0;
|
|
#ifdef __ARCH_HAS_SA_RESTORER
|
|
ka->sa.sa_restorer = NULL;
|
|
#endif
|
|
sigemptyset(&ka->sa.sa_mask);
|
|
ka++;
|
|
}
|
|
}
|
|
|
|
bool unhandled_signal(struct task_struct *tsk, int sig)
|
|
{
|
|
void __user *handler = tsk->sighand->action[sig-1].sa.sa_handler;
|
|
if (is_global_init(tsk))
|
|
return true;
|
|
|
|
if (handler != SIG_IGN && handler != SIG_DFL)
|
|
return false;
|
|
|
|
/* If dying, we handle all new signals by ignoring them */
|
|
if (fatal_signal_pending(tsk))
|
|
return false;
|
|
|
|
/* if ptraced, let the tracer determine */
|
|
return !tsk->ptrace;
|
|
}
|
|
|
|
static void collect_signal(int sig, struct sigpending *list, kernel_siginfo_t *info,
|
|
bool *resched_timer)
|
|
{
|
|
struct sigqueue *q, *first = NULL;
|
|
|
|
/*
|
|
* Collect the siginfo appropriate to this signal. Check if
|
|
* there is another siginfo for the same signal.
|
|
*/
|
|
list_for_each_entry(q, &list->list, list) {
|
|
if (q->info.si_signo == sig) {
|
|
if (first)
|
|
goto still_pending;
|
|
first = q;
|
|
}
|
|
}
|
|
|
|
sigdelset(&list->signal, sig);
|
|
|
|
if (first) {
|
|
still_pending:
|
|
list_del_init(&first->list);
|
|
copy_siginfo(info, &first->info);
|
|
|
|
*resched_timer =
|
|
(first->flags & SIGQUEUE_PREALLOC) &&
|
|
(info->si_code == SI_TIMER) &&
|
|
(info->si_sys_private);
|
|
|
|
__sigqueue_free(first);
|
|
} else {
|
|
/*
|
|
* Ok, it wasn't in the queue. This must be
|
|
* a fast-pathed signal or we must have been
|
|
* out of queue space. So zero out the info.
|
|
*/
|
|
clear_siginfo(info);
|
|
info->si_signo = sig;
|
|
info->si_errno = 0;
|
|
info->si_code = SI_USER;
|
|
info->si_pid = 0;
|
|
info->si_uid = 0;
|
|
}
|
|
}
|
|
|
|
static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
|
|
kernel_siginfo_t *info, bool *resched_timer)
|
|
{
|
|
int sig = next_signal(pending, mask);
|
|
|
|
if (sig)
|
|
collect_signal(sig, pending, info, resched_timer);
|
|
return sig;
|
|
}
|
|
|
|
/*
|
|
* Dequeue a signal and return the element to the caller, which is
|
|
* expected to free it.
|
|
*
|
|
* All callers have to hold the siglock.
|
|
*/
|
|
int dequeue_signal(struct task_struct *tsk, sigset_t *mask,
|
|
kernel_siginfo_t *info, enum pid_type *type)
|
|
{
|
|
bool resched_timer = false;
|
|
int signr;
|
|
|
|
/* We only dequeue private signals from ourselves, we don't let
|
|
* signalfd steal them
|
|
*/
|
|
*type = PIDTYPE_PID;
|
|
signr = __dequeue_signal(&tsk->pending, mask, info, &resched_timer);
|
|
if (!signr) {
|
|
*type = PIDTYPE_TGID;
|
|
signr = __dequeue_signal(&tsk->signal->shared_pending,
|
|
mask, info, &resched_timer);
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
/*
|
|
* itimer signal ?
|
|
*
|
|
* itimers are process shared and we restart periodic
|
|
* itimers in the signal delivery path to prevent DoS
|
|
* attacks in the high resolution timer case. This is
|
|
* compliant with the old way of self-restarting
|
|
* itimers, as the SIGALRM is a legacy signal and only
|
|
* queued once. Changing the restart behaviour to
|
|
* restart the timer in the signal dequeue path is
|
|
* reducing the timer noise on heavy loaded !highres
|
|
* systems too.
|
|
*/
|
|
if (unlikely(signr == SIGALRM)) {
|
|
struct hrtimer *tmr = &tsk->signal->real_timer;
|
|
|
|
if (!hrtimer_is_queued(tmr) &&
|
|
tsk->signal->it_real_incr != 0) {
|
|
hrtimer_forward(tmr, tmr->base->get_time(),
|
|
tsk->signal->it_real_incr);
|
|
hrtimer_restart(tmr);
|
|
}
|
|
}
|
|
#endif
|
|
}
|
|
|
|
recalc_sigpending();
|
|
if (!signr)
|
|
return 0;
|
|
|
|
if (unlikely(sig_kernel_stop(signr))) {
|
|
/*
|
|
* Set a marker that we have dequeued a stop signal. Our
|
|
* caller might release the siglock and then the pending
|
|
* stop signal it is about to process is no longer in the
|
|
* pending bitmasks, but must still be cleared by a SIGCONT
|
|
* (and overruled by a SIGKILL). So those cases clear this
|
|
* shared flag after we've set it. Note that this flag may
|
|
* remain set after the signal we return is ignored or
|
|
* handled. That doesn't matter because its only purpose
|
|
* is to alert stop-signal processing code when another
|
|
* processor has come along and cleared the flag.
|
|
*/
|
|
current->jobctl |= JOBCTL_STOP_DEQUEUED;
|
|
}
|
|
#ifdef CONFIG_POSIX_TIMERS
|
|
if (resched_timer) {
|
|
/*
|
|
* Release the siglock to ensure proper locking order
|
|
* of timer locks outside of siglocks. Note, we leave
|
|
* irqs disabled here, since the posix-timers code is
|
|
* about to disable them again anyway.
|
|
*/
|
|
spin_unlock(&tsk->sighand->siglock);
|
|
posixtimer_rearm(info);
|
|
spin_lock(&tsk->sighand->siglock);
|
|
|
|
/* Don't expose the si_sys_private value to userspace */
|
|
info->si_sys_private = 0;
|
|
}
|
|
#endif
|
|
return signr;
|
|
}
|
|
EXPORT_SYMBOL_GPL(dequeue_signal);
|
|
|
|
static int dequeue_synchronous_signal(kernel_siginfo_t *info)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
struct sigpending *pending = &tsk->pending;
|
|
struct sigqueue *q, *sync = NULL;
|
|
|
|
/*
|
|
* Might a synchronous signal be in the queue?
|
|
*/
|
|
if (!((pending->signal.sig[0] & ~tsk->blocked.sig[0]) & SYNCHRONOUS_MASK))
|
|
return 0;
|
|
|
|
/*
|
|
* Return the first synchronous signal in the queue.
|
|
*/
|
|
list_for_each_entry(q, &pending->list, list) {
|
|
/* Synchronous signals have a positive si_code */
|
|
if ((q->info.si_code > SI_USER) &&
|
|
(sigmask(q->info.si_signo) & SYNCHRONOUS_MASK)) {
|
|
sync = q;
|
|
goto next;
|
|
}
|
|
}
|
|
return 0;
|
|
next:
|
|
/*
|
|
* Check if there is another siginfo for the same signal.
|
|
*/
|
|
list_for_each_entry_continue(q, &pending->list, list) {
|
|
if (q->info.si_signo == sync->info.si_signo)
|
|
goto still_pending;
|
|
}
|
|
|
|
sigdelset(&pending->signal, sync->info.si_signo);
|
|
recalc_sigpending();
|
|
still_pending:
|
|
list_del_init(&sync->list);
|
|
copy_siginfo(info, &sync->info);
|
|
__sigqueue_free(sync);
|
|
return info->si_signo;
|
|
}
|
|
|
|
/*
|
|
* Tell a process that it has a new active signal..
|
|
*
|
|
* NOTE! we rely on the previous spin_lock to
|
|
* lock interrupts for us! We can only be called with
|
|
* "siglock" held, and the local interrupt must
|
|
* have been disabled when that got acquired!
|
|
*
|
|
* No need to set need_resched since signal event passing
|
|
* goes through ->blocked
|
|
*/
|
|
void signal_wake_up_state(struct task_struct *t, unsigned int state)
|
|
{
|
|
lockdep_assert_held(&t->sighand->siglock);
|
|
|
|
set_tsk_thread_flag(t, TIF_SIGPENDING);
|
|
|
|
/*
|
|
* TASK_WAKEKILL also means wake it up in the stopped/traced/killable
|
|
* case. We don't check t->state here because there is a race with it
|
|
* executing another processor and just now entering stopped state.
|
|
* By using wake_up_state, we ensure the process will wake up and
|
|
* handle its death signal.
|
|
*/
|
|
if (!wake_up_state(t, state | TASK_INTERRUPTIBLE))
|
|
kick_process(t);
|
|
}
|
|
|
|
/*
|
|
* Remove signals in mask from the pending set and queue.
|
|
* Returns 1 if any signals were found.
|
|
*
|
|
* All callers must be holding the siglock.
|
|
*/
|
|
static void flush_sigqueue_mask(sigset_t *mask, struct sigpending *s)
|
|
{
|
|
struct sigqueue *q, *n;
|
|
sigset_t m;
|
|
|
|
sigandsets(&m, mask, &s->signal);
|
|
if (sigisemptyset(&m))
|
|
return;
|
|
|
|
sigandnsets(&s->signal, &s->signal, mask);
|
|
list_for_each_entry_safe(q, n, &s->list, list) {
|
|
if (sigismember(mask, q->info.si_signo)) {
|
|
list_del_init(&q->list);
|
|
__sigqueue_free(q);
|
|
}
|
|
}
|
|
}
|
|
|
|
static inline int is_si_special(const struct kernel_siginfo *info)
|
|
{
|
|
return info <= SEND_SIG_PRIV;
|
|
}
|
|
|
|
static inline bool si_fromuser(const struct kernel_siginfo *info)
|
|
{
|
|
return info == SEND_SIG_NOINFO ||
|
|
(!is_si_special(info) && SI_FROMUSER(info));
|
|
}
|
|
|
|
/*
|
|
* called with RCU read lock from check_kill_permission()
|
|
*/
|
|
static bool kill_ok_by_cred(struct task_struct *t)
|
|
{
|
|
const struct cred *cred = current_cred();
|
|
const struct cred *tcred = __task_cred(t);
|
|
|
|
return uid_eq(cred->euid, tcred->suid) ||
|
|
uid_eq(cred->euid, tcred->uid) ||
|
|
uid_eq(cred->uid, tcred->suid) ||
|
|
uid_eq(cred->uid, tcred->uid) ||
|
|
ns_capable(tcred->user_ns, CAP_KILL);
|
|
}
|
|
|
|
/*
|
|
* Bad permissions for sending the signal
|
|
* - the caller must hold the RCU read lock
|
|
*/
|
|
static int check_kill_permission(int sig, struct kernel_siginfo *info,
|
|
struct task_struct *t)
|
|
{
|
|
struct pid *sid;
|
|
int error;
|
|
|
|
if (!valid_signal(sig))
|
|
return -EINVAL;
|
|
|
|
if (!si_fromuser(info))
|
|
return 0;
|
|
|
|
error = audit_signal_info(sig, t); /* Let audit system see the signal */
|
|
if (error)
|
|
return error;
|
|
|
|
if (!same_thread_group(current, t) &&
|
|
!kill_ok_by_cred(t)) {
|
|
switch (sig) {
|
|
case SIGCONT:
|
|
sid = task_session(t);
|
|
/*
|
|
* We don't return the error if sid == NULL. The
|
|
* task was unhashed, the caller must notice this.
|
|
*/
|
|
if (!sid || sid == task_session(current))
|
|
break;
|
|
fallthrough;
|
|
default:
|
|
return -EPERM;
|
|
}
|
|
}
|
|
|
|
return security_task_kill(t, info, sig, NULL);
|
|
}
|
|
|
|
/**
|
|
* ptrace_trap_notify - schedule trap to notify ptracer
|
|
* @t: tracee wanting to notify tracer
|
|
*
|
|
* This function schedules sticky ptrace trap which is cleared on the next
|
|
* TRAP_STOP to notify ptracer of an event. @t must have been seized by
|
|
* ptracer.
|
|
*
|
|
* If @t is running, STOP trap will be taken. If trapped for STOP and
|
|
* ptracer is listening for events, tracee is woken up so that it can
|
|
* re-trap for the new event. If trapped otherwise, STOP trap will be
|
|
* eventually taken without returning to userland after the existing traps
|
|
* are finished by PTRACE_CONT.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @task->sighand->siglock held.
|
|
*/
|
|
static void ptrace_trap_notify(struct task_struct *t)
|
|
{
|
|
WARN_ON_ONCE(!(t->ptrace & PT_SEIZED));
|
|
lockdep_assert_held(&t->sighand->siglock);
|
|
|
|
task_set_jobctl_pending(t, JOBCTL_TRAP_NOTIFY);
|
|
ptrace_signal_wake_up(t, t->jobctl & JOBCTL_LISTENING);
|
|
}
|
|
|
|
/*
|
|
* Handle magic process-wide effects of stop/continue signals. Unlike
|
|
* the signal actions, these happen immediately at signal-generation
|
|
* time regardless of blocking, ignoring, or handling. This does the
|
|
* actual continuing for SIGCONT, but not the actual stopping for stop
|
|
* signals. The process stop is done as a signal action for SIG_DFL.
|
|
*
|
|
* Returns true if the signal should be actually delivered, otherwise
|
|
* it should be dropped.
|
|
*/
|
|
static bool prepare_signal(int sig, struct task_struct *p, bool force)
|
|
{
|
|
struct signal_struct *signal = p->signal;
|
|
struct task_struct *t;
|
|
sigset_t flush;
|
|
|
|
if (signal->flags & SIGNAL_GROUP_EXIT) {
|
|
if (signal->core_state)
|
|
return sig == SIGKILL;
|
|
/*
|
|
* The process is in the middle of dying, drop the signal.
|
|
*/
|
|
return false;
|
|
} else if (sig_kernel_stop(sig)) {
|
|
/*
|
|
* This is a stop signal. Remove SIGCONT from all queues.
|
|
*/
|
|
siginitset(&flush, sigmask(SIGCONT));
|
|
flush_sigqueue_mask(&flush, &signal->shared_pending);
|
|
for_each_thread(p, t)
|
|
flush_sigqueue_mask(&flush, &t->pending);
|
|
} else if (sig == SIGCONT) {
|
|
unsigned int why;
|
|
/*
|
|
* Remove all stop signals from all queues, wake all threads.
|
|
*/
|
|
siginitset(&flush, SIG_KERNEL_STOP_MASK);
|
|
flush_sigqueue_mask(&flush, &signal->shared_pending);
|
|
for_each_thread(p, t) {
|
|
flush_sigqueue_mask(&flush, &t->pending);
|
|
task_clear_jobctl_pending(t, JOBCTL_STOP_PENDING);
|
|
if (likely(!(t->ptrace & PT_SEIZED))) {
|
|
t->jobctl &= ~JOBCTL_STOPPED;
|
|
wake_up_state(t, __TASK_STOPPED);
|
|
} else
|
|
ptrace_trap_notify(t);
|
|
}
|
|
|
|
/*
|
|
* Notify the parent with CLD_CONTINUED if we were stopped.
|
|
*
|
|
* If we were in the middle of a group stop, we pretend it
|
|
* was already finished, and then continued. Since SIGCHLD
|
|
* doesn't queue we report only CLD_STOPPED, as if the next
|
|
* CLD_CONTINUED was dropped.
|
|
*/
|
|
why = 0;
|
|
if (signal->flags & SIGNAL_STOP_STOPPED)
|
|
why |= SIGNAL_CLD_CONTINUED;
|
|
else if (signal->group_stop_count)
|
|
why |= SIGNAL_CLD_STOPPED;
|
|
|
|
if (why) {
|
|
/*
|
|
* The first thread which returns from do_signal_stop()
|
|
* will take ->siglock, notice SIGNAL_CLD_MASK, and
|
|
* notify its parent. See get_signal().
|
|
*/
|
|
signal_set_stop_flags(signal, why | SIGNAL_STOP_CONTINUED);
|
|
signal->group_stop_count = 0;
|
|
signal->group_exit_code = 0;
|
|
}
|
|
}
|
|
|
|
return !sig_ignored(p, sig, force);
|
|
}
|
|
|
|
/*
|
|
* Test if P wants to take SIG. After we've checked all threads with this,
|
|
* it's equivalent to finding no threads not blocking SIG. Any threads not
|
|
* blocking SIG were ruled out because they are not running and already
|
|
* have pending signals. Such threads will dequeue from the shared queue
|
|
* as soon as they're available, so putting the signal on the shared queue
|
|
* will be equivalent to sending it to one such thread.
|
|
*/
|
|
static inline bool wants_signal(int sig, struct task_struct *p)
|
|
{
|
|
if (sigismember(&p->blocked, sig))
|
|
return false;
|
|
|
|
if (p->flags & PF_EXITING)
|
|
return false;
|
|
|
|
if (sig == SIGKILL)
|
|
return true;
|
|
|
|
if (task_is_stopped_or_traced(p))
|
|
return false;
|
|
|
|
return task_curr(p) || !task_sigpending(p);
|
|
}
|
|
|
|
static void complete_signal(int sig, struct task_struct *p, enum pid_type type)
|
|
{
|
|
struct signal_struct *signal = p->signal;
|
|
struct task_struct *t;
|
|
bool wake;
|
|
|
|
/*
|
|
* Now find a thread we can wake up to take the signal off the queue.
|
|
*
|
|
* If the main thread wants the signal, it gets first crack.
|
|
* Probably the least surprising to the average bear.
|
|
*/
|
|
if (wants_signal(sig, p))
|
|
t = p;
|
|
else if ((type == PIDTYPE_PID) || thread_group_empty(p))
|
|
/*
|
|
* There is just one thread and it does not need to be woken.
|
|
* It will dequeue unblocked signals before it runs again.
|
|
*/
|
|
return;
|
|
else {
|
|
/*
|
|
* Otherwise try to find a suitable thread.
|
|
*/
|
|
t = signal->curr_target;
|
|
while (!wants_signal(sig, t)) {
|
|
t = next_thread(t);
|
|
if (t == signal->curr_target)
|
|
/*
|
|
* No thread needs to be woken.
|
|
* Any eligible threads will see
|
|
* the signal in the queue soon.
|
|
*/
|
|
return;
|
|
}
|
|
signal->curr_target = t;
|
|
}
|
|
|
|
/*
|
|
* Found a killable thread. If the signal will be fatal,
|
|
* then start taking the whole group down immediately.
|
|
*/
|
|
if (sig_fatal(p, sig) &&
|
|
(signal->core_state || !(signal->flags & SIGNAL_GROUP_EXIT)) &&
|
|
!sigismember(&t->real_blocked, sig) &&
|
|
(sig == SIGKILL || !p->ptrace)) {
|
|
/*
|
|
* This signal will be fatal to the whole group.
|
|
*/
|
|
if (!sig_kernel_coredump(sig)) {
|
|
/*
|
|
* Start a group exit and wake everybody up.
|
|
* This way we don't have other threads
|
|
* running and doing things after a slower
|
|
* thread has the fatal signal pending.
|
|
*/
|
|
signal->flags = SIGNAL_GROUP_EXIT;
|
|
signal->group_exit_code = sig;
|
|
signal->group_stop_count = 0;
|
|
t = p;
|
|
do {
|
|
trace_android_vh_exit_signal(t);
|
|
task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK);
|
|
sigaddset(&t->pending.signal, SIGKILL);
|
|
wake = true;
|
|
trace_android_vh_exit_signal_whether_wake(t, &wake);
|
|
if (wake)
|
|
signal_wake_up(t, 1);
|
|
} while_each_thread(p, t);
|
|
return;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* The signal is already in the shared-pending queue.
|
|
* Tell the chosen thread to wake up and dequeue it.
|
|
*/
|
|
signal_wake_up(t, sig == SIGKILL);
|
|
return;
|
|
}
|
|
|
|
static inline bool legacy_queue(struct sigpending *signals, int sig)
|
|
{
|
|
return (sig < SIGRTMIN) && sigismember(&signals->signal, sig);
|
|
}
|
|
|
|
static int __send_signal_locked(int sig, struct kernel_siginfo *info,
|
|
struct task_struct *t, enum pid_type type, bool force)
|
|
{
|
|
struct sigpending *pending;
|
|
struct sigqueue *q;
|
|
int override_rlimit;
|
|
int ret = 0, result;
|
|
|
|
lockdep_assert_held(&t->sighand->siglock);
|
|
|
|
result = TRACE_SIGNAL_IGNORED;
|
|
if (!prepare_signal(sig, t, force))
|
|
goto ret;
|
|
|
|
pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;
|
|
/*
|
|
* Short-circuit ignored signals and support queuing
|
|
* exactly one non-rt signal, so that we can get more
|
|
* detailed information about the cause of the signal.
|
|
*/
|
|
result = TRACE_SIGNAL_ALREADY_PENDING;
|
|
if (legacy_queue(pending, sig))
|
|
goto ret;
|
|
|
|
result = TRACE_SIGNAL_DELIVERED;
|
|
/*
|
|
* Skip useless siginfo allocation for SIGKILL and kernel threads.
|
|
*/
|
|
if ((sig == SIGKILL) || (t->flags & PF_KTHREAD))
|
|
goto out_set;
|
|
|
|
/*
|
|
* Real-time signals must be queued if sent by sigqueue, or
|
|
* some other real-time mechanism. It is implementation
|
|
* defined whether kill() does so. We attempt to do so, on
|
|
* the principle of least surprise, but since kill is not
|
|
* allowed to fail with EAGAIN when low on memory we just
|
|
* make sure at least one signal gets delivered and don't
|
|
* pass on the info struct.
|
|
*/
|
|
if (sig < SIGRTMIN)
|
|
override_rlimit = (is_si_special(info) || info->si_code >= 0);
|
|
else
|
|
override_rlimit = 0;
|
|
|
|
q = __sigqueue_alloc(sig, t, GFP_ATOMIC, override_rlimit, 0);
|
|
|
|
if (q) {
|
|
list_add_tail(&q->list, &pending->list);
|
|
switch ((unsigned long) info) {
|
|
case (unsigned long) SEND_SIG_NOINFO:
|
|
clear_siginfo(&q->info);
|
|
q->info.si_signo = sig;
|
|
q->info.si_errno = 0;
|
|
q->info.si_code = SI_USER;
|
|
q->info.si_pid = task_tgid_nr_ns(current,
|
|
task_active_pid_ns(t));
|
|
rcu_read_lock();
|
|
q->info.si_uid =
|
|
from_kuid_munged(task_cred_xxx(t, user_ns),
|
|
current_uid());
|
|
rcu_read_unlock();
|
|
break;
|
|
case (unsigned long) SEND_SIG_PRIV:
|
|
clear_siginfo(&q->info);
|
|
q->info.si_signo = sig;
|
|
q->info.si_errno = 0;
|
|
q->info.si_code = SI_KERNEL;
|
|
q->info.si_pid = 0;
|
|
q->info.si_uid = 0;
|
|
break;
|
|
default:
|
|
copy_siginfo(&q->info, info);
|
|
break;
|
|
}
|
|
} else if (!is_si_special(info) &&
|
|
sig >= SIGRTMIN && info->si_code != SI_USER) {
|
|
/*
|
|
* Queue overflow, abort. We may abort if the
|
|
* signal was rt and sent by user using something
|
|
* other than kill().
|
|
*/
|
|
result = TRACE_SIGNAL_OVERFLOW_FAIL;
|
|
ret = -EAGAIN;
|
|
goto ret;
|
|
} else {
|
|
/*
|
|
* This is a silent loss of information. We still
|
|
* send the signal, but the *info bits are lost.
|
|
*/
|
|
result = TRACE_SIGNAL_LOSE_INFO;
|
|
}
|
|
|
|
out_set:
|
|
signalfd_notify(t, sig);
|
|
sigaddset(&pending->signal, sig);
|
|
|
|
/* Let multiprocess signals appear after on-going forks */
|
|
if (type > PIDTYPE_TGID) {
|
|
struct multiprocess_signals *delayed;
|
|
hlist_for_each_entry(delayed, &t->signal->multiprocess, node) {
|
|
sigset_t *signal = &delayed->signal;
|
|
/* Can't queue both a stop and a continue signal */
|
|
if (sig == SIGCONT)
|
|
sigdelsetmask(signal, SIG_KERNEL_STOP_MASK);
|
|
else if (sig_kernel_stop(sig))
|
|
sigdelset(signal, SIGCONT);
|
|
sigaddset(signal, sig);
|
|
}
|
|
}
|
|
|
|
complete_signal(sig, t, type);
|
|
ret:
|
|
trace_signal_generate(sig, info, t, type != PIDTYPE_PID, result);
|
|
return ret;
|
|
}
|
|
|
|
static inline bool has_si_pid_and_uid(struct kernel_siginfo *info)
|
|
{
|
|
bool ret = false;
|
|
switch (siginfo_layout(info->si_signo, info->si_code)) {
|
|
case SIL_KILL:
|
|
case SIL_CHLD:
|
|
case SIL_RT:
|
|
ret = true;
|
|
break;
|
|
case SIL_TIMER:
|
|
case SIL_POLL:
|
|
case SIL_FAULT:
|
|
case SIL_FAULT_TRAPNO:
|
|
case SIL_FAULT_MCEERR:
|
|
case SIL_FAULT_BNDERR:
|
|
case SIL_FAULT_PKUERR:
|
|
case SIL_FAULT_PERF_EVENT:
|
|
case SIL_SYS:
|
|
ret = false;
|
|
break;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
int send_signal_locked(int sig, struct kernel_siginfo *info,
|
|
struct task_struct *t, enum pid_type type)
|
|
{
|
|
/* Should SIGKILL or SIGSTOP be received by a pid namespace init? */
|
|
bool force = false;
|
|
|
|
if (info == SEND_SIG_NOINFO) {
|
|
/* Force if sent from an ancestor pid namespace */
|
|
force = !task_pid_nr_ns(current, task_active_pid_ns(t));
|
|
} else if (info == SEND_SIG_PRIV) {
|
|
/* Don't ignore kernel generated signals */
|
|
force = true;
|
|
} else if (has_si_pid_and_uid(info)) {
|
|
/* SIGKILL and SIGSTOP is special or has ids */
|
|
struct user_namespace *t_user_ns;
|
|
|
|
rcu_read_lock();
|
|
t_user_ns = task_cred_xxx(t, user_ns);
|
|
if (current_user_ns() != t_user_ns) {
|
|
kuid_t uid = make_kuid(current_user_ns(), info->si_uid);
|
|
info->si_uid = from_kuid_munged(t_user_ns, uid);
|
|
}
|
|
rcu_read_unlock();
|
|
|
|
/* A kernel generated signal? */
|
|
force = (info->si_code == SI_KERNEL);
|
|
|
|
/* From an ancestor pid namespace? */
|
|
if (!task_pid_nr_ns(current, task_active_pid_ns(t))) {
|
|
info->si_pid = 0;
|
|
force = true;
|
|
}
|
|
}
|
|
return __send_signal_locked(sig, info, t, type, force);
|
|
}
|
|
|
|
static void print_fatal_signal(int signr)
|
|
{
|
|
struct pt_regs *regs = signal_pt_regs();
|
|
pr_info("potentially unexpected fatal signal %d.\n", signr);
|
|
|
|
#if defined(__i386__) && !defined(__arch_um__)
|
|
pr_info("code at %08lx: ", regs->ip);
|
|
{
|
|
int i;
|
|
for (i = 0; i < 16; i++) {
|
|
unsigned char insn;
|
|
|
|
if (get_user(insn, (unsigned char *)(regs->ip + i)))
|
|
break;
|
|
pr_cont("%02x ", insn);
|
|
}
|
|
}
|
|
pr_cont("\n");
|
|
#endif
|
|
preempt_disable();
|
|
show_regs(regs);
|
|
preempt_enable();
|
|
}
|
|
|
|
static int __init setup_print_fatal_signals(char *str)
|
|
{
|
|
get_option (&str, &print_fatal_signals);
|
|
|
|
return 1;
|
|
}
|
|
|
|
__setup("print-fatal-signals=", setup_print_fatal_signals);
|
|
|
|
int do_send_sig_info(int sig, struct kernel_siginfo *info, struct task_struct *p,
|
|
enum pid_type type)
|
|
{
|
|
unsigned long flags;
|
|
int ret = -ESRCH;
|
|
trace_android_vh_do_send_sig_info(sig, current, p);
|
|
if (lock_task_sighand(p, &flags)) {
|
|
ret = send_signal_locked(sig, info, p, type);
|
|
unlock_task_sighand(p, &flags);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
enum sig_handler {
|
|
HANDLER_CURRENT, /* If reachable use the current handler */
|
|
HANDLER_SIG_DFL, /* Always use SIG_DFL handler semantics */
|
|
HANDLER_EXIT, /* Only visible as the process exit code */
|
|
};
|
|
|
|
/*
|
|
* Force a signal that the process can't ignore: if necessary
|
|
* we unblock the signal and change any SIG_IGN to SIG_DFL.
|
|
*
|
|
* Note: If we unblock the signal, we always reset it to SIG_DFL,
|
|
* since we do not want to have a signal handler that was blocked
|
|
* be invoked when user space had explicitly blocked it.
|
|
*
|
|
* We don't want to have recursive SIGSEGV's etc, for example,
|
|
* that is why we also clear SIGNAL_UNKILLABLE.
|
|
*/
|
|
static int
|
|
force_sig_info_to_task(struct kernel_siginfo *info, struct task_struct *t,
|
|
enum sig_handler handler)
|
|
{
|
|
unsigned long int flags;
|
|
int ret, blocked, ignored;
|
|
struct k_sigaction *action;
|
|
int sig = info->si_signo;
|
|
|
|
spin_lock_irqsave(&t->sighand->siglock, flags);
|
|
action = &t->sighand->action[sig-1];
|
|
ignored = action->sa.sa_handler == SIG_IGN;
|
|
blocked = sigismember(&t->blocked, sig);
|
|
if (blocked || ignored || (handler != HANDLER_CURRENT)) {
|
|
action->sa.sa_handler = SIG_DFL;
|
|
if (handler == HANDLER_EXIT)
|
|
action->sa.sa_flags |= SA_IMMUTABLE;
|
|
if (blocked) {
|
|
sigdelset(&t->blocked, sig);
|
|
recalc_sigpending_and_wake(t);
|
|
}
|
|
}
|
|
/*
|
|
* Don't clear SIGNAL_UNKILLABLE for traced tasks, users won't expect
|
|
* debugging to leave init killable. But HANDLER_EXIT is always fatal.
|
|
*/
|
|
if (action->sa.sa_handler == SIG_DFL &&
|
|
(!t->ptrace || (handler == HANDLER_EXIT)))
|
|
t->signal->flags &= ~SIGNAL_UNKILLABLE;
|
|
ret = send_signal_locked(sig, info, t, PIDTYPE_PID);
|
|
spin_unlock_irqrestore(&t->sighand->siglock, flags);
|
|
|
|
return ret;
|
|
}
|
|
|
|
int force_sig_info(struct kernel_siginfo *info)
|
|
{
|
|
return force_sig_info_to_task(info, current, HANDLER_CURRENT);
|
|
}
|
|
|
|
/*
|
|
* Nuke all other threads in the group.
|
|
*/
|
|
int zap_other_threads(struct task_struct *p)
|
|
{
|
|
struct task_struct *t = p;
|
|
int count = 0;
|
|
|
|
p->signal->group_stop_count = 0;
|
|
|
|
while_each_thread(p, t) {
|
|
task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK);
|
|
count++;
|
|
|
|
/* Don't bother with already dead threads */
|
|
if (t->exit_state)
|
|
continue;
|
|
sigaddset(&t->pending.signal, SIGKILL);
|
|
signal_wake_up(t, 1);
|
|
}
|
|
|
|
return count;
|
|
}
|
|
|
|
struct sighand_struct *__lock_task_sighand(struct task_struct *tsk,
|
|
unsigned long *flags)
|
|
{
|
|
struct sighand_struct *sighand;
|
|
|
|
rcu_read_lock();
|
|
for (;;) {
|
|
sighand = rcu_dereference(tsk->sighand);
|
|
if (unlikely(sighand == NULL))
|
|
break;
|
|
|
|
/*
|
|
* This sighand can be already freed and even reused, but
|
|
* we rely on SLAB_TYPESAFE_BY_RCU and sighand_ctor() which
|
|
* initializes ->siglock: this slab can't go away, it has
|
|
* the same object type, ->siglock can't be reinitialized.
|
|
*
|
|
* We need to ensure that tsk->sighand is still the same
|
|
* after we take the lock, we can race with de_thread() or
|
|
* __exit_signal(). In the latter case the next iteration
|
|
* must see ->sighand == NULL.
|
|
*/
|
|
spin_lock_irqsave(&sighand->siglock, *flags);
|
|
if (likely(sighand == rcu_access_pointer(tsk->sighand)))
|
|
break;
|
|
spin_unlock_irqrestore(&sighand->siglock, *flags);
|
|
}
|
|
rcu_read_unlock();
|
|
|
|
return sighand;
|
|
}
|
|
|
|
#ifdef CONFIG_LOCKDEP
|
|
void lockdep_assert_task_sighand_held(struct task_struct *task)
|
|
{
|
|
struct sighand_struct *sighand;
|
|
|
|
rcu_read_lock();
|
|
sighand = rcu_dereference(task->sighand);
|
|
if (sighand)
|
|
lockdep_assert_held(&sighand->siglock);
|
|
else
|
|
WARN_ON_ONCE(1);
|
|
rcu_read_unlock();
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* send signal info to all the members of a group
|
|
*/
|
|
int group_send_sig_info(int sig, struct kernel_siginfo *info,
|
|
struct task_struct *p, enum pid_type type)
|
|
{
|
|
int ret;
|
|
|
|
rcu_read_lock();
|
|
ret = check_kill_permission(sig, info, p);
|
|
rcu_read_unlock();
|
|
|
|
if (!ret && sig) {
|
|
ret = do_send_sig_info(sig, info, p, type);
|
|
if (!ret && sig == SIGKILL) {
|
|
bool reap = false;
|
|
|
|
trace_android_vh_killed_process(current, p, &reap);
|
|
if (reap)
|
|
add_to_oom_reaper(p);
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* __kill_pgrp_info() sends a signal to a process group: this is what the tty
|
|
* control characters do (^C, ^Z etc)
|
|
* - the caller must hold at least a readlock on tasklist_lock
|
|
*/
|
|
int __kill_pgrp_info(int sig, struct kernel_siginfo *info, struct pid *pgrp)
|
|
{
|
|
struct task_struct *p = NULL;
|
|
int retval, success;
|
|
|
|
success = 0;
|
|
retval = -ESRCH;
|
|
do_each_pid_task(pgrp, PIDTYPE_PGID, p) {
|
|
int err = group_send_sig_info(sig, info, p, PIDTYPE_PGID);
|
|
success |= !err;
|
|
retval = err;
|
|
} while_each_pid_task(pgrp, PIDTYPE_PGID, p);
|
|
return success ? 0 : retval;
|
|
}
|
|
|
|
int kill_pid_info(int sig, struct kernel_siginfo *info, struct pid *pid)
|
|
{
|
|
int error = -ESRCH;
|
|
struct task_struct *p;
|
|
|
|
for (;;) {
|
|
rcu_read_lock();
|
|
p = pid_task(pid, PIDTYPE_PID);
|
|
if (p)
|
|
error = group_send_sig_info(sig, info, p, PIDTYPE_TGID);
|
|
rcu_read_unlock();
|
|
if (likely(!p || error != -ESRCH))
|
|
return error;
|
|
|
|
/*
|
|
* The task was unhashed in between, try again. If it
|
|
* is dead, pid_task() will return NULL, if we race with
|
|
* de_thread() it will find the new leader.
|
|
*/
|
|
}
|
|
}
|
|
|
|
static int kill_proc_info(int sig, struct kernel_siginfo *info, pid_t pid)
|
|
{
|
|
int error;
|
|
rcu_read_lock();
|
|
error = kill_pid_info(sig, info, find_vpid(pid));
|
|
rcu_read_unlock();
|
|
return error;
|
|
}
|
|
|
|
static inline bool kill_as_cred_perm(const struct cred *cred,
|
|
struct task_struct *target)
|
|
{
|
|
const struct cred *pcred = __task_cred(target);
|
|
|
|
return uid_eq(cred->euid, pcred->suid) ||
|
|
uid_eq(cred->euid, pcred->uid) ||
|
|
uid_eq(cred->uid, pcred->suid) ||
|
|
uid_eq(cred->uid, pcred->uid);
|
|
}
|
|
|
|
/*
|
|
* The usb asyncio usage of siginfo is wrong. The glibc support
|
|
* for asyncio which uses SI_ASYNCIO assumes the layout is SIL_RT.
|
|
* AKA after the generic fields:
|
|
* kernel_pid_t si_pid;
|
|
* kernel_uid32_t si_uid;
|
|
* sigval_t si_value;
|
|
*
|
|
* Unfortunately when usb generates SI_ASYNCIO it assumes the layout
|
|
* after the generic fields is:
|
|
* void __user *si_addr;
|
|
*
|
|
* This is a practical problem when there is a 64bit big endian kernel
|
|
* and a 32bit userspace. As the 32bit address will encoded in the low
|
|
* 32bits of the pointer. Those low 32bits will be stored at higher
|
|
* address than appear in a 32 bit pointer. So userspace will not
|
|
* see the address it was expecting for it's completions.
|
|
*
|
|
* There is nothing in the encoding that can allow
|
|
* copy_siginfo_to_user32 to detect this confusion of formats, so
|
|
* handle this by requiring the caller of kill_pid_usb_asyncio to
|
|
* notice when this situration takes place and to store the 32bit
|
|
* pointer in sival_int, instead of sival_addr of the sigval_t addr
|
|
* parameter.
|
|
*/
|
|
int kill_pid_usb_asyncio(int sig, int errno, sigval_t addr,
|
|
struct pid *pid, const struct cred *cred)
|
|
{
|
|
struct kernel_siginfo info;
|
|
struct task_struct *p;
|
|
unsigned long flags;
|
|
int ret = -EINVAL;
|
|
|
|
if (!valid_signal(sig))
|
|
return ret;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = errno;
|
|
info.si_code = SI_ASYNCIO;
|
|
*((sigval_t *)&info.si_pid) = addr;
|
|
|
|
rcu_read_lock();
|
|
p = pid_task(pid, PIDTYPE_PID);
|
|
if (!p) {
|
|
ret = -ESRCH;
|
|
goto out_unlock;
|
|
}
|
|
if (!kill_as_cred_perm(cred, p)) {
|
|
ret = -EPERM;
|
|
goto out_unlock;
|
|
}
|
|
ret = security_task_kill(p, &info, sig, cred);
|
|
if (ret)
|
|
goto out_unlock;
|
|
|
|
if (sig) {
|
|
if (lock_task_sighand(p, &flags)) {
|
|
ret = __send_signal_locked(sig, &info, p, PIDTYPE_TGID, false);
|
|
unlock_task_sighand(p, &flags);
|
|
} else
|
|
ret = -ESRCH;
|
|
}
|
|
out_unlock:
|
|
rcu_read_unlock();
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(kill_pid_usb_asyncio);
|
|
|
|
/*
|
|
* kill_something_info() interprets pid in interesting ways just like kill(2).
|
|
*
|
|
* POSIX specifies that kill(-1,sig) is unspecified, but what we have
|
|
* is probably wrong. Should make it like BSD or SYSV.
|
|
*/
|
|
|
|
static int kill_something_info(int sig, struct kernel_siginfo *info, pid_t pid)
|
|
{
|
|
int ret;
|
|
|
|
if (pid > 0)
|
|
return kill_proc_info(sig, info, pid);
|
|
|
|
/* -INT_MIN is undefined. Exclude this case to avoid a UBSAN warning */
|
|
if (pid == INT_MIN)
|
|
return -ESRCH;
|
|
|
|
read_lock(&tasklist_lock);
|
|
if (pid != -1) {
|
|
ret = __kill_pgrp_info(sig, info,
|
|
pid ? find_vpid(-pid) : task_pgrp(current));
|
|
} else {
|
|
int retval = 0, count = 0;
|
|
struct task_struct * p;
|
|
|
|
for_each_process(p) {
|
|
if (task_pid_vnr(p) > 1 &&
|
|
!same_thread_group(p, current)) {
|
|
int err = group_send_sig_info(sig, info, p,
|
|
PIDTYPE_MAX);
|
|
++count;
|
|
if (err != -EPERM)
|
|
retval = err;
|
|
}
|
|
}
|
|
ret = count ? retval : -ESRCH;
|
|
}
|
|
read_unlock(&tasklist_lock);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* These are for backward compatibility with the rest of the kernel source.
|
|
*/
|
|
|
|
int send_sig_info(int sig, struct kernel_siginfo *info, struct task_struct *p)
|
|
{
|
|
/*
|
|
* Make sure legacy kernel users don't send in bad values
|
|
* (normal paths check this in check_kill_permission).
|
|
*/
|
|
if (!valid_signal(sig))
|
|
return -EINVAL;
|
|
|
|
return do_send_sig_info(sig, info, p, PIDTYPE_PID);
|
|
}
|
|
EXPORT_SYMBOL(send_sig_info);
|
|
|
|
#define __si_special(priv) \
|
|
((priv) ? SEND_SIG_PRIV : SEND_SIG_NOINFO)
|
|
|
|
int
|
|
send_sig(int sig, struct task_struct *p, int priv)
|
|
{
|
|
return send_sig_info(sig, __si_special(priv), p);
|
|
}
|
|
EXPORT_SYMBOL(send_sig);
|
|
|
|
void force_sig(int sig)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = SI_KERNEL;
|
|
info.si_pid = 0;
|
|
info.si_uid = 0;
|
|
force_sig_info(&info);
|
|
}
|
|
EXPORT_SYMBOL(force_sig);
|
|
|
|
void force_fatal_sig(int sig)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = SI_KERNEL;
|
|
info.si_pid = 0;
|
|
info.si_uid = 0;
|
|
force_sig_info_to_task(&info, current, HANDLER_SIG_DFL);
|
|
}
|
|
|
|
void force_exit_sig(int sig)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = SI_KERNEL;
|
|
info.si_pid = 0;
|
|
info.si_uid = 0;
|
|
force_sig_info_to_task(&info, current, HANDLER_EXIT);
|
|
}
|
|
|
|
/*
|
|
* When things go south during signal handling, we
|
|
* will force a SIGSEGV. And if the signal that caused
|
|
* the problem was already a SIGSEGV, we'll want to
|
|
* make sure we don't even try to deliver the signal..
|
|
*/
|
|
void force_sigsegv(int sig)
|
|
{
|
|
if (sig == SIGSEGV)
|
|
force_fatal_sig(SIGSEGV);
|
|
else
|
|
force_sig(SIGSEGV);
|
|
}
|
|
|
|
int force_sig_fault_to_task(int sig, int code, void __user *addr
|
|
___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr)
|
|
, struct task_struct *t)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = code;
|
|
info.si_addr = addr;
|
|
#ifdef __ia64__
|
|
info.si_imm = imm;
|
|
info.si_flags = flags;
|
|
info.si_isr = isr;
|
|
#endif
|
|
return force_sig_info_to_task(&info, t, HANDLER_CURRENT);
|
|
}
|
|
|
|
int force_sig_fault(int sig, int code, void __user *addr
|
|
___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr))
|
|
{
|
|
return force_sig_fault_to_task(sig, code, addr
|
|
___ARCH_SI_IA64(imm, flags, isr), current);
|
|
}
|
|
|
|
int send_sig_fault(int sig, int code, void __user *addr
|
|
___ARCH_SI_IA64(int imm, unsigned int flags, unsigned long isr)
|
|
, struct task_struct *t)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = code;
|
|
info.si_addr = addr;
|
|
#ifdef __ia64__
|
|
info.si_imm = imm;
|
|
info.si_flags = flags;
|
|
info.si_isr = isr;
|
|
#endif
|
|
return send_sig_info(info.si_signo, &info, t);
|
|
}
|
|
|
|
int force_sig_mceerr(int code, void __user *addr, short lsb)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
WARN_ON((code != BUS_MCEERR_AO) && (code != BUS_MCEERR_AR));
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGBUS;
|
|
info.si_errno = 0;
|
|
info.si_code = code;
|
|
info.si_addr = addr;
|
|
info.si_addr_lsb = lsb;
|
|
return force_sig_info(&info);
|
|
}
|
|
|
|
int send_sig_mceerr(int code, void __user *addr, short lsb, struct task_struct *t)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
WARN_ON((code != BUS_MCEERR_AO) && (code != BUS_MCEERR_AR));
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGBUS;
|
|
info.si_errno = 0;
|
|
info.si_code = code;
|
|
info.si_addr = addr;
|
|
info.si_addr_lsb = lsb;
|
|
return send_sig_info(info.si_signo, &info, t);
|
|
}
|
|
EXPORT_SYMBOL(send_sig_mceerr);
|
|
|
|
int force_sig_bnderr(void __user *addr, void __user *lower, void __user *upper)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGSEGV;
|
|
info.si_errno = 0;
|
|
info.si_code = SEGV_BNDERR;
|
|
info.si_addr = addr;
|
|
info.si_lower = lower;
|
|
info.si_upper = upper;
|
|
return force_sig_info(&info);
|
|
}
|
|
|
|
#ifdef SEGV_PKUERR
|
|
int force_sig_pkuerr(void __user *addr, u32 pkey)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGSEGV;
|
|
info.si_errno = 0;
|
|
info.si_code = SEGV_PKUERR;
|
|
info.si_addr = addr;
|
|
info.si_pkey = pkey;
|
|
return force_sig_info(&info);
|
|
}
|
|
#endif
|
|
|
|
int send_sig_perf(void __user *addr, u32 type, u64 sig_data)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGTRAP;
|
|
info.si_errno = 0;
|
|
info.si_code = TRAP_PERF;
|
|
info.si_addr = addr;
|
|
info.si_perf_data = sig_data;
|
|
info.si_perf_type = type;
|
|
|
|
/*
|
|
* Signals generated by perf events should not terminate the whole
|
|
* process if SIGTRAP is blocked, however, delivering the signal
|
|
* asynchronously is better than not delivering at all. But tell user
|
|
* space if the signal was asynchronous, so it can clearly be
|
|
* distinguished from normal synchronous ones.
|
|
*/
|
|
info.si_perf_flags = sigismember(¤t->blocked, info.si_signo) ?
|
|
TRAP_PERF_FLAG_ASYNC :
|
|
0;
|
|
|
|
return send_sig_info(info.si_signo, &info, current);
|
|
}
|
|
|
|
/**
|
|
* force_sig_seccomp - signals the task to allow in-process syscall emulation
|
|
* @syscall: syscall number to send to userland
|
|
* @reason: filter-supplied reason code to send to userland (via si_errno)
|
|
* @force_coredump: true to trigger a coredump
|
|
*
|
|
* Forces a SIGSYS with a code of SYS_SECCOMP and related sigsys info.
|
|
*/
|
|
int force_sig_seccomp(int syscall, int reason, bool force_coredump)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGSYS;
|
|
info.si_code = SYS_SECCOMP;
|
|
info.si_call_addr = (void __user *)KSTK_EIP(current);
|
|
info.si_errno = reason;
|
|
info.si_arch = syscall_get_arch(current);
|
|
info.si_syscall = syscall;
|
|
return force_sig_info_to_task(&info, current,
|
|
force_coredump ? HANDLER_EXIT : HANDLER_CURRENT);
|
|
}
|
|
|
|
/* For the crazy architectures that include trap information in
|
|
* the errno field, instead of an actual errno value.
|
|
*/
|
|
int force_sig_ptrace_errno_trap(int errno, void __user *addr)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGTRAP;
|
|
info.si_errno = errno;
|
|
info.si_code = TRAP_HWBKPT;
|
|
info.si_addr = addr;
|
|
return force_sig_info(&info);
|
|
}
|
|
|
|
/* For the rare architectures that include trap information using
|
|
* si_trapno.
|
|
*/
|
|
int force_sig_fault_trapno(int sig, int code, void __user *addr, int trapno)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = code;
|
|
info.si_addr = addr;
|
|
info.si_trapno = trapno;
|
|
return force_sig_info(&info);
|
|
}
|
|
|
|
/* For the rare architectures that include trap information using
|
|
* si_trapno.
|
|
*/
|
|
int send_sig_fault_trapno(int sig, int code, void __user *addr, int trapno,
|
|
struct task_struct *t)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = code;
|
|
info.si_addr = addr;
|
|
info.si_trapno = trapno;
|
|
return send_sig_info(info.si_signo, &info, t);
|
|
}
|
|
|
|
int kill_pgrp(struct pid *pid, int sig, int priv)
|
|
{
|
|
int ret;
|
|
|
|
read_lock(&tasklist_lock);
|
|
ret = __kill_pgrp_info(sig, __si_special(priv), pid);
|
|
read_unlock(&tasklist_lock);
|
|
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL(kill_pgrp);
|
|
|
|
int kill_pid(struct pid *pid, int sig, int priv)
|
|
{
|
|
return kill_pid_info(sig, __si_special(priv), pid);
|
|
}
|
|
EXPORT_SYMBOL(kill_pid);
|
|
|
|
/*
|
|
* These functions support sending signals using preallocated sigqueue
|
|
* structures. This is needed "because realtime applications cannot
|
|
* afford to lose notifications of asynchronous events, like timer
|
|
* expirations or I/O completions". In the case of POSIX Timers
|
|
* we allocate the sigqueue structure from the timer_create. If this
|
|
* allocation fails we are able to report the failure to the application
|
|
* with an EAGAIN error.
|
|
*/
|
|
struct sigqueue *sigqueue_alloc(void)
|
|
{
|
|
return __sigqueue_alloc(-1, current, GFP_KERNEL, 0, SIGQUEUE_PREALLOC);
|
|
}
|
|
|
|
void sigqueue_free(struct sigqueue *q)
|
|
{
|
|
unsigned long flags;
|
|
spinlock_t *lock = ¤t->sighand->siglock;
|
|
|
|
BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
|
|
/*
|
|
* We must hold ->siglock while testing q->list
|
|
* to serialize with collect_signal() or with
|
|
* __exit_signal()->flush_sigqueue().
|
|
*/
|
|
spin_lock_irqsave(lock, flags);
|
|
q->flags &= ~SIGQUEUE_PREALLOC;
|
|
/*
|
|
* If it is queued it will be freed when dequeued,
|
|
* like the "regular" sigqueue.
|
|
*/
|
|
if (!list_empty(&q->list))
|
|
q = NULL;
|
|
spin_unlock_irqrestore(lock, flags);
|
|
|
|
if (q)
|
|
__sigqueue_free(q);
|
|
}
|
|
|
|
int send_sigqueue(struct sigqueue *q, struct pid *pid, enum pid_type type)
|
|
{
|
|
int sig = q->info.si_signo;
|
|
struct sigpending *pending;
|
|
struct task_struct *t;
|
|
unsigned long flags;
|
|
int ret, result;
|
|
|
|
BUG_ON(!(q->flags & SIGQUEUE_PREALLOC));
|
|
|
|
ret = -1;
|
|
rcu_read_lock();
|
|
t = pid_task(pid, type);
|
|
if (!t || !likely(lock_task_sighand(t, &flags)))
|
|
goto ret;
|
|
|
|
ret = 1; /* the signal is ignored */
|
|
result = TRACE_SIGNAL_IGNORED;
|
|
if (!prepare_signal(sig, t, false))
|
|
goto out;
|
|
|
|
ret = 0;
|
|
if (unlikely(!list_empty(&q->list))) {
|
|
/*
|
|
* If an SI_TIMER entry is already queue just increment
|
|
* the overrun count.
|
|
*/
|
|
BUG_ON(q->info.si_code != SI_TIMER);
|
|
q->info.si_overrun++;
|
|
result = TRACE_SIGNAL_ALREADY_PENDING;
|
|
goto out;
|
|
}
|
|
q->info.si_overrun = 0;
|
|
|
|
signalfd_notify(t, sig);
|
|
pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;
|
|
list_add_tail(&q->list, &pending->list);
|
|
sigaddset(&pending->signal, sig);
|
|
complete_signal(sig, t, type);
|
|
result = TRACE_SIGNAL_DELIVERED;
|
|
out:
|
|
trace_signal_generate(sig, &q->info, t, type != PIDTYPE_PID, result);
|
|
unlock_task_sighand(t, &flags);
|
|
ret:
|
|
rcu_read_unlock();
|
|
return ret;
|
|
}
|
|
|
|
static void do_notify_pidfd(struct task_struct *task)
|
|
{
|
|
struct pid *pid;
|
|
|
|
WARN_ON(task->exit_state == 0);
|
|
pid = task_pid(task);
|
|
wake_up_all(&pid->wait_pidfd);
|
|
}
|
|
|
|
/*
|
|
* Let a parent know about the death of a child.
|
|
* For a stopped/continued status change, use do_notify_parent_cldstop instead.
|
|
*
|
|
* Returns true if our parent ignored us and so we've switched to
|
|
* self-reaping.
|
|
*/
|
|
bool do_notify_parent(struct task_struct *tsk, int sig)
|
|
{
|
|
struct kernel_siginfo info;
|
|
unsigned long flags;
|
|
struct sighand_struct *psig;
|
|
bool autoreap = false;
|
|
u64 utime, stime;
|
|
|
|
WARN_ON_ONCE(sig == -1);
|
|
|
|
/* do_notify_parent_cldstop should have been called instead. */
|
|
WARN_ON_ONCE(task_is_stopped_or_traced(tsk));
|
|
|
|
WARN_ON_ONCE(!tsk->ptrace &&
|
|
(tsk->group_leader != tsk || !thread_group_empty(tsk)));
|
|
|
|
/* Wake up all pidfd waiters */
|
|
do_notify_pidfd(tsk);
|
|
|
|
if (sig != SIGCHLD) {
|
|
/*
|
|
* This is only possible if parent == real_parent.
|
|
* Check if it has changed security domain.
|
|
*/
|
|
if (tsk->parent_exec_id != READ_ONCE(tsk->parent->self_exec_id))
|
|
sig = SIGCHLD;
|
|
}
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
/*
|
|
* We are under tasklist_lock here so our parent is tied to
|
|
* us and cannot change.
|
|
*
|
|
* task_active_pid_ns will always return the same pid namespace
|
|
* until a task passes through release_task.
|
|
*
|
|
* write_lock() currently calls preempt_disable() which is the
|
|
* same as rcu_read_lock(), but according to Oleg, this is not
|
|
* correct to rely on this
|
|
*/
|
|
rcu_read_lock();
|
|
info.si_pid = task_pid_nr_ns(tsk, task_active_pid_ns(tsk->parent));
|
|
info.si_uid = from_kuid_munged(task_cred_xxx(tsk->parent, user_ns),
|
|
task_uid(tsk));
|
|
rcu_read_unlock();
|
|
|
|
task_cputime(tsk, &utime, &stime);
|
|
info.si_utime = nsec_to_clock_t(utime + tsk->signal->utime);
|
|
info.si_stime = nsec_to_clock_t(stime + tsk->signal->stime);
|
|
|
|
info.si_status = tsk->exit_code & 0x7f;
|
|
if (tsk->exit_code & 0x80)
|
|
info.si_code = CLD_DUMPED;
|
|
else if (tsk->exit_code & 0x7f)
|
|
info.si_code = CLD_KILLED;
|
|
else {
|
|
info.si_code = CLD_EXITED;
|
|
info.si_status = tsk->exit_code >> 8;
|
|
}
|
|
|
|
psig = tsk->parent->sighand;
|
|
spin_lock_irqsave(&psig->siglock, flags);
|
|
if (!tsk->ptrace && sig == SIGCHLD &&
|
|
(psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN ||
|
|
(psig->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT))) {
|
|
/*
|
|
* We are exiting and our parent doesn't care. POSIX.1
|
|
* defines special semantics for setting SIGCHLD to SIG_IGN
|
|
* or setting the SA_NOCLDWAIT flag: we should be reaped
|
|
* automatically and not left for our parent's wait4 call.
|
|
* Rather than having the parent do it as a magic kind of
|
|
* signal handler, we just set this to tell do_exit that we
|
|
* can be cleaned up without becoming a zombie. Note that
|
|
* we still call __wake_up_parent in this case, because a
|
|
* blocked sys_wait4 might now return -ECHILD.
|
|
*
|
|
* Whether we send SIGCHLD or not for SA_NOCLDWAIT
|
|
* is implementation-defined: we do (if you don't want
|
|
* it, just use SIG_IGN instead).
|
|
*/
|
|
autoreap = true;
|
|
if (psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN)
|
|
sig = 0;
|
|
}
|
|
/*
|
|
* Send with __send_signal as si_pid and si_uid are in the
|
|
* parent's namespaces.
|
|
*/
|
|
if (valid_signal(sig) && sig)
|
|
__send_signal_locked(sig, &info, tsk->parent, PIDTYPE_TGID, false);
|
|
__wake_up_parent(tsk, tsk->parent);
|
|
spin_unlock_irqrestore(&psig->siglock, flags);
|
|
|
|
return autoreap;
|
|
}
|
|
|
|
/**
|
|
* do_notify_parent_cldstop - notify parent of stopped/continued state change
|
|
* @tsk: task reporting the state change
|
|
* @for_ptracer: the notification is for ptracer
|
|
* @why: CLD_{CONTINUED|STOPPED|TRAPPED} to report
|
|
*
|
|
* Notify @tsk's parent that the stopped/continued state has changed. If
|
|
* @for_ptracer is %false, @tsk's group leader notifies to its real parent.
|
|
* If %true, @tsk reports to @tsk->parent which should be the ptracer.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with tasklist_lock at least read locked.
|
|
*/
|
|
static void do_notify_parent_cldstop(struct task_struct *tsk,
|
|
bool for_ptracer, int why)
|
|
{
|
|
struct kernel_siginfo info;
|
|
unsigned long flags;
|
|
struct task_struct *parent;
|
|
struct sighand_struct *sighand;
|
|
u64 utime, stime;
|
|
|
|
if (for_ptracer) {
|
|
parent = tsk->parent;
|
|
} else {
|
|
tsk = tsk->group_leader;
|
|
parent = tsk->real_parent;
|
|
}
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = SIGCHLD;
|
|
info.si_errno = 0;
|
|
/*
|
|
* see comment in do_notify_parent() about the following 4 lines
|
|
*/
|
|
rcu_read_lock();
|
|
info.si_pid = task_pid_nr_ns(tsk, task_active_pid_ns(parent));
|
|
info.si_uid = from_kuid_munged(task_cred_xxx(parent, user_ns), task_uid(tsk));
|
|
rcu_read_unlock();
|
|
|
|
task_cputime(tsk, &utime, &stime);
|
|
info.si_utime = nsec_to_clock_t(utime);
|
|
info.si_stime = nsec_to_clock_t(stime);
|
|
|
|
info.si_code = why;
|
|
switch (why) {
|
|
case CLD_CONTINUED:
|
|
info.si_status = SIGCONT;
|
|
break;
|
|
case CLD_STOPPED:
|
|
info.si_status = tsk->signal->group_exit_code & 0x7f;
|
|
break;
|
|
case CLD_TRAPPED:
|
|
info.si_status = tsk->exit_code & 0x7f;
|
|
break;
|
|
default:
|
|
BUG();
|
|
}
|
|
|
|
sighand = parent->sighand;
|
|
spin_lock_irqsave(&sighand->siglock, flags);
|
|
if (sighand->action[SIGCHLD-1].sa.sa_handler != SIG_IGN &&
|
|
!(sighand->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDSTOP))
|
|
send_signal_locked(SIGCHLD, &info, parent, PIDTYPE_TGID);
|
|
/*
|
|
* Even if SIGCHLD is not generated, we must wake up wait4 calls.
|
|
*/
|
|
__wake_up_parent(tsk, parent);
|
|
spin_unlock_irqrestore(&sighand->siglock, flags);
|
|
}
|
|
|
|
/*
|
|
* This must be called with current->sighand->siglock held.
|
|
*
|
|
* This should be the path for all ptrace stops.
|
|
* We always set current->last_siginfo while stopped here.
|
|
* That makes it a way to test a stopped process for
|
|
* being ptrace-stopped vs being job-control-stopped.
|
|
*
|
|
* Returns the signal the ptracer requested the code resume
|
|
* with. If the code did not stop because the tracer is gone,
|
|
* the stop signal remains unchanged unless clear_code.
|
|
*/
|
|
static int ptrace_stop(int exit_code, int why, unsigned long message,
|
|
kernel_siginfo_t *info)
|
|
__releases(¤t->sighand->siglock)
|
|
__acquires(¤t->sighand->siglock)
|
|
{
|
|
bool gstop_done = false;
|
|
|
|
if (arch_ptrace_stop_needed()) {
|
|
/*
|
|
* The arch code has something special to do before a
|
|
* ptrace stop. This is allowed to block, e.g. for faults
|
|
* on user stack pages. We can't keep the siglock while
|
|
* calling arch_ptrace_stop, so we must release it now.
|
|
* To preserve proper semantics, we must do this before
|
|
* any signal bookkeeping like checking group_stop_count.
|
|
*/
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
arch_ptrace_stop();
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
}
|
|
|
|
/*
|
|
* After this point ptrace_signal_wake_up or signal_wake_up
|
|
* will clear TASK_TRACED if ptrace_unlink happens or a fatal
|
|
* signal comes in. Handle previous ptrace_unlinks and fatal
|
|
* signals here to prevent ptrace_stop sleeping in schedule.
|
|
*/
|
|
if (!current->ptrace || __fatal_signal_pending(current))
|
|
return exit_code;
|
|
|
|
set_special_state(TASK_TRACED);
|
|
current->jobctl |= JOBCTL_TRACED;
|
|
|
|
/*
|
|
* We're committing to trapping. TRACED should be visible before
|
|
* TRAPPING is cleared; otherwise, the tracer might fail do_wait().
|
|
* Also, transition to TRACED and updates to ->jobctl should be
|
|
* atomic with respect to siglock and should be done after the arch
|
|
* hook as siglock is released and regrabbed across it.
|
|
*
|
|
* TRACER TRACEE
|
|
*
|
|
* ptrace_attach()
|
|
* [L] wait_on_bit(JOBCTL_TRAPPING) [S] set_special_state(TRACED)
|
|
* do_wait()
|
|
* set_current_state() smp_wmb();
|
|
* ptrace_do_wait()
|
|
* wait_task_stopped()
|
|
* task_stopped_code()
|
|
* [L] task_is_traced() [S] task_clear_jobctl_trapping();
|
|
*/
|
|
smp_wmb();
|
|
|
|
current->ptrace_message = message;
|
|
current->last_siginfo = info;
|
|
current->exit_code = exit_code;
|
|
|
|
/*
|
|
* If @why is CLD_STOPPED, we're trapping to participate in a group
|
|
* stop. Do the bookkeeping. Note that if SIGCONT was delievered
|
|
* across siglock relocks since INTERRUPT was scheduled, PENDING
|
|
* could be clear now. We act as if SIGCONT is received after
|
|
* TASK_TRACED is entered - ignore it.
|
|
*/
|
|
if (why == CLD_STOPPED && (current->jobctl & JOBCTL_STOP_PENDING))
|
|
gstop_done = task_participate_group_stop(current);
|
|
|
|
/* any trap clears pending STOP trap, STOP trap clears NOTIFY */
|
|
task_clear_jobctl_pending(current, JOBCTL_TRAP_STOP);
|
|
if (info && info->si_code >> 8 == PTRACE_EVENT_STOP)
|
|
task_clear_jobctl_pending(current, JOBCTL_TRAP_NOTIFY);
|
|
|
|
/* entering a trap, clear TRAPPING */
|
|
task_clear_jobctl_trapping(current);
|
|
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
read_lock(&tasklist_lock);
|
|
/*
|
|
* Notify parents of the stop.
|
|
*
|
|
* While ptraced, there are two parents - the ptracer and
|
|
* the real_parent of the group_leader. The ptracer should
|
|
* know about every stop while the real parent is only
|
|
* interested in the completion of group stop. The states
|
|
* for the two don't interact with each other. Notify
|
|
* separately unless they're gonna be duplicates.
|
|
*/
|
|
if (current->ptrace)
|
|
do_notify_parent_cldstop(current, true, why);
|
|
if (gstop_done && (!current->ptrace || ptrace_reparented(current)))
|
|
do_notify_parent_cldstop(current, false, why);
|
|
|
|
/*
|
|
* Don't want to allow preemption here, because
|
|
* sys_ptrace() needs this task to be inactive.
|
|
*
|
|
* XXX: implement read_unlock_no_resched().
|
|
*/
|
|
preempt_disable();
|
|
read_unlock(&tasklist_lock);
|
|
cgroup_enter_frozen();
|
|
preempt_enable_no_resched();
|
|
schedule();
|
|
cgroup_leave_frozen(true);
|
|
|
|
/*
|
|
* We are back. Now reacquire the siglock before touching
|
|
* last_siginfo, so that we are sure to have synchronized with
|
|
* any signal-sending on another CPU that wants to examine it.
|
|
*/
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
exit_code = current->exit_code;
|
|
current->last_siginfo = NULL;
|
|
current->ptrace_message = 0;
|
|
current->exit_code = 0;
|
|
|
|
/* LISTENING can be set only during STOP traps, clear it */
|
|
current->jobctl &= ~(JOBCTL_LISTENING | JOBCTL_PTRACE_FROZEN);
|
|
|
|
/*
|
|
* Queued signals ignored us while we were stopped for tracing.
|
|
* So check for any that we should take before resuming user mode.
|
|
* This sets TIF_SIGPENDING, but never clears it.
|
|
*/
|
|
recalc_sigpending_tsk(current);
|
|
return exit_code;
|
|
}
|
|
|
|
static int ptrace_do_notify(int signr, int exit_code, int why, unsigned long message)
|
|
{
|
|
kernel_siginfo_t info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = signr;
|
|
info.si_code = exit_code;
|
|
info.si_pid = task_pid_vnr(current);
|
|
info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
|
|
|
|
/* Let the debugger run. */
|
|
return ptrace_stop(exit_code, why, message, &info);
|
|
}
|
|
|
|
int ptrace_notify(int exit_code, unsigned long message)
|
|
{
|
|
int signr;
|
|
|
|
BUG_ON((exit_code & (0x7f | ~0xffff)) != SIGTRAP);
|
|
if (unlikely(task_work_pending(current)))
|
|
task_work_run();
|
|
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
signr = ptrace_do_notify(SIGTRAP, exit_code, CLD_TRAPPED, message);
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
return signr;
|
|
}
|
|
|
|
/**
|
|
* do_signal_stop - handle group stop for SIGSTOP and other stop signals
|
|
* @signr: signr causing group stop if initiating
|
|
*
|
|
* If %JOBCTL_STOP_PENDING is not set yet, initiate group stop with @signr
|
|
* and participate in it. If already set, participate in the existing
|
|
* group stop. If participated in a group stop (and thus slept), %true is
|
|
* returned with siglock released.
|
|
*
|
|
* If ptraced, this function doesn't handle stop itself. Instead,
|
|
* %JOBCTL_TRAP_STOP is scheduled and %false is returned with siglock
|
|
* untouched. The caller must ensure that INTERRUPT trap handling takes
|
|
* places afterwards.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @current->sighand->siglock held, which is released
|
|
* on %true return.
|
|
*
|
|
* RETURNS:
|
|
* %false if group stop is already cancelled or ptrace trap is scheduled.
|
|
* %true if participated in group stop.
|
|
*/
|
|
static bool do_signal_stop(int signr)
|
|
__releases(¤t->sighand->siglock)
|
|
{
|
|
struct signal_struct *sig = current->signal;
|
|
|
|
if (!(current->jobctl & JOBCTL_STOP_PENDING)) {
|
|
unsigned long gstop = JOBCTL_STOP_PENDING | JOBCTL_STOP_CONSUME;
|
|
struct task_struct *t;
|
|
|
|
/* signr will be recorded in task->jobctl for retries */
|
|
WARN_ON_ONCE(signr & ~JOBCTL_STOP_SIGMASK);
|
|
|
|
if (!likely(current->jobctl & JOBCTL_STOP_DEQUEUED) ||
|
|
unlikely(sig->flags & SIGNAL_GROUP_EXIT) ||
|
|
unlikely(sig->group_exec_task))
|
|
return false;
|
|
/*
|
|
* There is no group stop already in progress. We must
|
|
* initiate one now.
|
|
*
|
|
* While ptraced, a task may be resumed while group stop is
|
|
* still in effect and then receive a stop signal and
|
|
* initiate another group stop. This deviates from the
|
|
* usual behavior as two consecutive stop signals can't
|
|
* cause two group stops when !ptraced. That is why we
|
|
* also check !task_is_stopped(t) below.
|
|
*
|
|
* The condition can be distinguished by testing whether
|
|
* SIGNAL_STOP_STOPPED is already set. Don't generate
|
|
* group_exit_code in such case.
|
|
*
|
|
* This is not necessary for SIGNAL_STOP_CONTINUED because
|
|
* an intervening stop signal is required to cause two
|
|
* continued events regardless of ptrace.
|
|
*/
|
|
if (!(sig->flags & SIGNAL_STOP_STOPPED))
|
|
sig->group_exit_code = signr;
|
|
|
|
sig->group_stop_count = 0;
|
|
|
|
if (task_set_jobctl_pending(current, signr | gstop))
|
|
sig->group_stop_count++;
|
|
|
|
t = current;
|
|
while_each_thread(current, t) {
|
|
/*
|
|
* Setting state to TASK_STOPPED for a group
|
|
* stop is always done with the siglock held,
|
|
* so this check has no races.
|
|
*/
|
|
if (!task_is_stopped(t) &&
|
|
task_set_jobctl_pending(t, signr | gstop)) {
|
|
sig->group_stop_count++;
|
|
if (likely(!(t->ptrace & PT_SEIZED)))
|
|
signal_wake_up(t, 0);
|
|
else
|
|
ptrace_trap_notify(t);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (likely(!current->ptrace)) {
|
|
int notify = 0;
|
|
|
|
/*
|
|
* If there are no other threads in the group, or if there
|
|
* is a group stop in progress and we are the last to stop,
|
|
* report to the parent.
|
|
*/
|
|
if (task_participate_group_stop(current))
|
|
notify = CLD_STOPPED;
|
|
|
|
current->jobctl |= JOBCTL_STOPPED;
|
|
set_special_state(TASK_STOPPED);
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
/*
|
|
* Notify the parent of the group stop completion. Because
|
|
* we're not holding either the siglock or tasklist_lock
|
|
* here, ptracer may attach inbetween; however, this is for
|
|
* group stop and should always be delivered to the real
|
|
* parent of the group leader. The new ptracer will get
|
|
* its notification when this task transitions into
|
|
* TASK_TRACED.
|
|
*/
|
|
if (notify) {
|
|
read_lock(&tasklist_lock);
|
|
do_notify_parent_cldstop(current, false, notify);
|
|
read_unlock(&tasklist_lock);
|
|
}
|
|
|
|
/* Now we don't run again until woken by SIGCONT or SIGKILL */
|
|
cgroup_enter_frozen();
|
|
schedule();
|
|
return true;
|
|
} else {
|
|
/*
|
|
* While ptraced, group stop is handled by STOP trap.
|
|
* Schedule it and let the caller deal with it.
|
|
*/
|
|
task_set_jobctl_pending(current, JOBCTL_TRAP_STOP);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* do_jobctl_trap - take care of ptrace jobctl traps
|
|
*
|
|
* When PT_SEIZED, it's used for both group stop and explicit
|
|
* SEIZE/INTERRUPT traps. Both generate PTRACE_EVENT_STOP trap with
|
|
* accompanying siginfo. If stopped, lower eight bits of exit_code contain
|
|
* the stop signal; otherwise, %SIGTRAP.
|
|
*
|
|
* When !PT_SEIZED, it's used only for group stop trap with stop signal
|
|
* number as exit_code and no siginfo.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @current->sighand->siglock held, which may be
|
|
* released and re-acquired before returning with intervening sleep.
|
|
*/
|
|
static void do_jobctl_trap(void)
|
|
{
|
|
struct signal_struct *signal = current->signal;
|
|
int signr = current->jobctl & JOBCTL_STOP_SIGMASK;
|
|
|
|
if (current->ptrace & PT_SEIZED) {
|
|
if (!signal->group_stop_count &&
|
|
!(signal->flags & SIGNAL_STOP_STOPPED))
|
|
signr = SIGTRAP;
|
|
WARN_ON_ONCE(!signr);
|
|
ptrace_do_notify(signr, signr | (PTRACE_EVENT_STOP << 8),
|
|
CLD_STOPPED, 0);
|
|
} else {
|
|
WARN_ON_ONCE(!signr);
|
|
ptrace_stop(signr, CLD_STOPPED, 0, NULL);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* do_freezer_trap - handle the freezer jobctl trap
|
|
*
|
|
* Puts the task into frozen state, if only the task is not about to quit.
|
|
* In this case it drops JOBCTL_TRAP_FREEZE.
|
|
*
|
|
* CONTEXT:
|
|
* Must be called with @current->sighand->siglock held,
|
|
* which is always released before returning.
|
|
*/
|
|
static void do_freezer_trap(void)
|
|
__releases(¤t->sighand->siglock)
|
|
{
|
|
/*
|
|
* If there are other trap bits pending except JOBCTL_TRAP_FREEZE,
|
|
* let's make another loop to give it a chance to be handled.
|
|
* In any case, we'll return back.
|
|
*/
|
|
if ((current->jobctl & (JOBCTL_PENDING_MASK | JOBCTL_TRAP_FREEZE)) !=
|
|
JOBCTL_TRAP_FREEZE) {
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* Now we're sure that there is no pending fatal signal and no
|
|
* pending traps. Clear TIF_SIGPENDING to not get out of schedule()
|
|
* immediately (if there is a non-fatal signal pending), and
|
|
* put the task into sleep.
|
|
*/
|
|
__set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE);
|
|
clear_thread_flag(TIF_SIGPENDING);
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
cgroup_enter_frozen();
|
|
schedule();
|
|
}
|
|
|
|
static int ptrace_signal(int signr, kernel_siginfo_t *info, enum pid_type type)
|
|
{
|
|
/*
|
|
* We do not check sig_kernel_stop(signr) but set this marker
|
|
* unconditionally because we do not know whether debugger will
|
|
* change signr. This flag has no meaning unless we are going
|
|
* to stop after return from ptrace_stop(). In this case it will
|
|
* be checked in do_signal_stop(), we should only stop if it was
|
|
* not cleared by SIGCONT while we were sleeping. See also the
|
|
* comment in dequeue_signal().
|
|
*/
|
|
current->jobctl |= JOBCTL_STOP_DEQUEUED;
|
|
signr = ptrace_stop(signr, CLD_TRAPPED, 0, info);
|
|
|
|
/* We're back. Did the debugger cancel the sig? */
|
|
if (signr == 0)
|
|
return signr;
|
|
|
|
/*
|
|
* Update the siginfo structure if the signal has
|
|
* changed. If the debugger wanted something
|
|
* specific in the siginfo structure then it should
|
|
* have updated *info via PTRACE_SETSIGINFO.
|
|
*/
|
|
if (signr != info->si_signo) {
|
|
clear_siginfo(info);
|
|
info->si_signo = signr;
|
|
info->si_errno = 0;
|
|
info->si_code = SI_USER;
|
|
rcu_read_lock();
|
|
info->si_pid = task_pid_vnr(current->parent);
|
|
info->si_uid = from_kuid_munged(current_user_ns(),
|
|
task_uid(current->parent));
|
|
rcu_read_unlock();
|
|
}
|
|
|
|
/* If the (new) signal is now blocked, requeue it. */
|
|
if (sigismember(¤t->blocked, signr) ||
|
|
fatal_signal_pending(current)) {
|
|
send_signal_locked(signr, info, current, type);
|
|
signr = 0;
|
|
}
|
|
|
|
return signr;
|
|
}
|
|
|
|
static void hide_si_addr_tag_bits(struct ksignal *ksig)
|
|
{
|
|
switch (siginfo_layout(ksig->sig, ksig->info.si_code)) {
|
|
case SIL_FAULT:
|
|
case SIL_FAULT_TRAPNO:
|
|
case SIL_FAULT_MCEERR:
|
|
case SIL_FAULT_BNDERR:
|
|
case SIL_FAULT_PKUERR:
|
|
case SIL_FAULT_PERF_EVENT:
|
|
ksig->info.si_addr = arch_untagged_si_addr(
|
|
ksig->info.si_addr, ksig->sig, ksig->info.si_code);
|
|
break;
|
|
case SIL_KILL:
|
|
case SIL_TIMER:
|
|
case SIL_POLL:
|
|
case SIL_CHLD:
|
|
case SIL_RT:
|
|
case SIL_SYS:
|
|
break;
|
|
}
|
|
}
|
|
|
|
bool get_signal(struct ksignal *ksig)
|
|
{
|
|
struct sighand_struct *sighand = current->sighand;
|
|
struct signal_struct *signal = current->signal;
|
|
int signr;
|
|
|
|
clear_notify_signal();
|
|
if (unlikely(task_work_pending(current)))
|
|
task_work_run();
|
|
|
|
if (!task_sigpending(current))
|
|
return false;
|
|
|
|
if (unlikely(uprobe_deny_signal()))
|
|
return false;
|
|
|
|
/*
|
|
* Do this once, we can't return to user-mode if freezing() == T.
|
|
* do_signal_stop() and ptrace_stop() do freezable_schedule() and
|
|
* thus do not need another check after return.
|
|
*/
|
|
try_to_freeze();
|
|
|
|
relock:
|
|
spin_lock_irq(&sighand->siglock);
|
|
|
|
/*
|
|
* Every stopped thread goes here after wakeup. Check to see if
|
|
* we should notify the parent, prepare_signal(SIGCONT) encodes
|
|
* the CLD_ si_code into SIGNAL_CLD_MASK bits.
|
|
*/
|
|
if (unlikely(signal->flags & SIGNAL_CLD_MASK)) {
|
|
int why;
|
|
|
|
if (signal->flags & SIGNAL_CLD_CONTINUED)
|
|
why = CLD_CONTINUED;
|
|
else
|
|
why = CLD_STOPPED;
|
|
|
|
signal->flags &= ~SIGNAL_CLD_MASK;
|
|
|
|
spin_unlock_irq(&sighand->siglock);
|
|
|
|
/*
|
|
* Notify the parent that we're continuing. This event is
|
|
* always per-process and doesn't make whole lot of sense
|
|
* for ptracers, who shouldn't consume the state via
|
|
* wait(2) either, but, for backward compatibility, notify
|
|
* the ptracer of the group leader too unless it's gonna be
|
|
* a duplicate.
|
|
*/
|
|
read_lock(&tasklist_lock);
|
|
do_notify_parent_cldstop(current, false, why);
|
|
|
|
if (ptrace_reparented(current->group_leader))
|
|
do_notify_parent_cldstop(current->group_leader,
|
|
true, why);
|
|
read_unlock(&tasklist_lock);
|
|
|
|
goto relock;
|
|
}
|
|
|
|
for (;;) {
|
|
struct k_sigaction *ka;
|
|
enum pid_type type;
|
|
|
|
/* Has this task already been marked for death? */
|
|
if ((signal->flags & SIGNAL_GROUP_EXIT) ||
|
|
signal->group_exec_task) {
|
|
ksig->info.si_signo = signr = SIGKILL;
|
|
sigdelset(¤t->pending.signal, SIGKILL);
|
|
trace_signal_deliver(SIGKILL, SEND_SIG_NOINFO,
|
|
&sighand->action[SIGKILL - 1]);
|
|
recalc_sigpending();
|
|
goto fatal;
|
|
}
|
|
|
|
if (unlikely(current->jobctl & JOBCTL_STOP_PENDING) &&
|
|
do_signal_stop(0))
|
|
goto relock;
|
|
|
|
if (unlikely(current->jobctl &
|
|
(JOBCTL_TRAP_MASK | JOBCTL_TRAP_FREEZE))) {
|
|
if (current->jobctl & JOBCTL_TRAP_MASK) {
|
|
do_jobctl_trap();
|
|
spin_unlock_irq(&sighand->siglock);
|
|
} else if (current->jobctl & JOBCTL_TRAP_FREEZE)
|
|
do_freezer_trap();
|
|
|
|
goto relock;
|
|
}
|
|
|
|
/*
|
|
* If the task is leaving the frozen state, let's update
|
|
* cgroup counters and reset the frozen bit.
|
|
*/
|
|
if (unlikely(cgroup_task_frozen(current))) {
|
|
spin_unlock_irq(&sighand->siglock);
|
|
cgroup_leave_frozen(false);
|
|
goto relock;
|
|
}
|
|
|
|
/*
|
|
* Signals generated by the execution of an instruction
|
|
* need to be delivered before any other pending signals
|
|
* so that the instruction pointer in the signal stack
|
|
* frame points to the faulting instruction.
|
|
*/
|
|
type = PIDTYPE_PID;
|
|
signr = dequeue_synchronous_signal(&ksig->info);
|
|
if (!signr)
|
|
signr = dequeue_signal(current, ¤t->blocked,
|
|
&ksig->info, &type);
|
|
|
|
if (!signr)
|
|
break; /* will return 0 */
|
|
|
|
if (unlikely(current->ptrace) && (signr != SIGKILL) &&
|
|
!(sighand->action[signr -1].sa.sa_flags & SA_IMMUTABLE)) {
|
|
signr = ptrace_signal(signr, &ksig->info, type);
|
|
if (!signr)
|
|
continue;
|
|
}
|
|
|
|
ka = &sighand->action[signr-1];
|
|
|
|
/* Trace actually delivered signals. */
|
|
trace_signal_deliver(signr, &ksig->info, ka);
|
|
|
|
if (ka->sa.sa_handler == SIG_IGN) /* Do nothing. */
|
|
continue;
|
|
if (ka->sa.sa_handler != SIG_DFL) {
|
|
/* Run the handler. */
|
|
ksig->ka = *ka;
|
|
|
|
if (ka->sa.sa_flags & SA_ONESHOT)
|
|
ka->sa.sa_handler = SIG_DFL;
|
|
|
|
break; /* will return non-zero "signr" value */
|
|
}
|
|
|
|
/*
|
|
* Now we are doing the default action for this signal.
|
|
*/
|
|
if (sig_kernel_ignore(signr)) /* Default is nothing. */
|
|
continue;
|
|
|
|
/*
|
|
* Global init gets no signals it doesn't want.
|
|
* Container-init gets no signals it doesn't want from same
|
|
* container.
|
|
*
|
|
* Note that if global/container-init sees a sig_kernel_only()
|
|
* signal here, the signal must have been generated internally
|
|
* or must have come from an ancestor namespace. In either
|
|
* case, the signal cannot be dropped.
|
|
*/
|
|
if (unlikely(signal->flags & SIGNAL_UNKILLABLE) &&
|
|
!sig_kernel_only(signr))
|
|
continue;
|
|
|
|
if (sig_kernel_stop(signr)) {
|
|
/*
|
|
* The default action is to stop all threads in
|
|
* the thread group. The job control signals
|
|
* do nothing in an orphaned pgrp, but SIGSTOP
|
|
* always works. Note that siglock needs to be
|
|
* dropped during the call to is_orphaned_pgrp()
|
|
* because of lock ordering with tasklist_lock.
|
|
* This allows an intervening SIGCONT to be posted.
|
|
* We need to check for that and bail out if necessary.
|
|
*/
|
|
if (signr != SIGSTOP) {
|
|
spin_unlock_irq(&sighand->siglock);
|
|
|
|
/* signals can be posted during this window */
|
|
|
|
if (is_current_pgrp_orphaned())
|
|
goto relock;
|
|
|
|
spin_lock_irq(&sighand->siglock);
|
|
}
|
|
|
|
if (likely(do_signal_stop(ksig->info.si_signo))) {
|
|
/* It released the siglock. */
|
|
goto relock;
|
|
}
|
|
|
|
/*
|
|
* We didn't actually stop, due to a race
|
|
* with SIGCONT or something like that.
|
|
*/
|
|
continue;
|
|
}
|
|
|
|
fatal:
|
|
spin_unlock_irq(&sighand->siglock);
|
|
if (unlikely(cgroup_task_frozen(current)))
|
|
cgroup_leave_frozen(true);
|
|
|
|
/*
|
|
* Anything else is fatal, maybe with a core dump.
|
|
*/
|
|
current->flags |= PF_SIGNALED;
|
|
|
|
if (sig_kernel_coredump(signr)) {
|
|
if (print_fatal_signals)
|
|
print_fatal_signal(ksig->info.si_signo);
|
|
proc_coredump_connector(current);
|
|
/*
|
|
* If it was able to dump core, this kills all
|
|
* other threads in the group and synchronizes with
|
|
* their demise. If we lost the race with another
|
|
* thread getting here, it set group_exit_code
|
|
* first and our do_group_exit call below will use
|
|
* that value and ignore the one we pass it.
|
|
*/
|
|
do_coredump(&ksig->info);
|
|
}
|
|
|
|
/*
|
|
* PF_IO_WORKER threads will catch and exit on fatal signals
|
|
* themselves. They have cleanup that must be performed, so
|
|
* we cannot call do_exit() on their behalf.
|
|
*/
|
|
if (current->flags & PF_IO_WORKER)
|
|
goto out;
|
|
|
|
/*
|
|
* Death signals, no core dump.
|
|
*/
|
|
do_group_exit(ksig->info.si_signo);
|
|
/* NOTREACHED */
|
|
}
|
|
spin_unlock_irq(&sighand->siglock);
|
|
out:
|
|
ksig->sig = signr;
|
|
|
|
if (!(ksig->ka.sa.sa_flags & SA_EXPOSE_TAGBITS))
|
|
hide_si_addr_tag_bits(ksig);
|
|
|
|
return ksig->sig > 0;
|
|
}
|
|
|
|
/**
|
|
* signal_delivered - called after signal delivery to update blocked signals
|
|
* @ksig: kernel signal struct
|
|
* @stepping: nonzero if debugger single-step or block-step in use
|
|
*
|
|
* This function should be called when a signal has successfully been
|
|
* delivered. It updates the blocked signals accordingly (@ksig->ka.sa.sa_mask
|
|
* is always blocked), and the signal itself is blocked unless %SA_NODEFER
|
|
* is set in @ksig->ka.sa.sa_flags. Tracing is notified.
|
|
*/
|
|
static void signal_delivered(struct ksignal *ksig, int stepping)
|
|
{
|
|
sigset_t blocked;
|
|
|
|
/* A signal was successfully delivered, and the
|
|
saved sigmask was stored on the signal frame,
|
|
and will be restored by sigreturn. So we can
|
|
simply clear the restore sigmask flag. */
|
|
clear_restore_sigmask();
|
|
|
|
sigorsets(&blocked, ¤t->blocked, &ksig->ka.sa.sa_mask);
|
|
if (!(ksig->ka.sa.sa_flags & SA_NODEFER))
|
|
sigaddset(&blocked, ksig->sig);
|
|
set_current_blocked(&blocked);
|
|
if (current->sas_ss_flags & SS_AUTODISARM)
|
|
sas_ss_reset(current);
|
|
if (stepping)
|
|
ptrace_notify(SIGTRAP, 0);
|
|
}
|
|
|
|
void signal_setup_done(int failed, struct ksignal *ksig, int stepping)
|
|
{
|
|
if (failed)
|
|
force_sigsegv(ksig->sig);
|
|
else
|
|
signal_delivered(ksig, stepping);
|
|
}
|
|
|
|
/*
|
|
* It could be that complete_signal() picked us to notify about the
|
|
* group-wide signal. Other threads should be notified now to take
|
|
* the shared signals in @which since we will not.
|
|
*/
|
|
static void retarget_shared_pending(struct task_struct *tsk, sigset_t *which)
|
|
{
|
|
sigset_t retarget;
|
|
struct task_struct *t;
|
|
|
|
sigandsets(&retarget, &tsk->signal->shared_pending.signal, which);
|
|
if (sigisemptyset(&retarget))
|
|
return;
|
|
|
|
t = tsk;
|
|
while_each_thread(tsk, t) {
|
|
if (t->flags & PF_EXITING)
|
|
continue;
|
|
|
|
if (!has_pending_signals(&retarget, &t->blocked))
|
|
continue;
|
|
/* Remove the signals this thread can handle. */
|
|
sigandsets(&retarget, &retarget, &t->blocked);
|
|
|
|
if (!task_sigpending(t))
|
|
signal_wake_up(t, 0);
|
|
|
|
if (sigisemptyset(&retarget))
|
|
break;
|
|
}
|
|
}
|
|
|
|
void exit_signals(struct task_struct *tsk)
|
|
{
|
|
int group_stop = 0;
|
|
sigset_t unblocked;
|
|
|
|
/*
|
|
* @tsk is about to have PF_EXITING set - lock out users which
|
|
* expect stable threadgroup.
|
|
*/
|
|
cgroup_threadgroup_change_begin(tsk);
|
|
|
|
if (thread_group_empty(tsk) || (tsk->signal->flags & SIGNAL_GROUP_EXIT)) {
|
|
tsk->flags |= PF_EXITING;
|
|
cgroup_threadgroup_change_end(tsk);
|
|
return;
|
|
}
|
|
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
|
/*
|
|
* From now this task is not visible for group-wide signals,
|
|
* see wants_signal(), do_signal_stop().
|
|
*/
|
|
tsk->flags |= PF_EXITING;
|
|
|
|
cgroup_threadgroup_change_end(tsk);
|
|
|
|
if (!task_sigpending(tsk))
|
|
goto out;
|
|
|
|
unblocked = tsk->blocked;
|
|
signotset(&unblocked);
|
|
retarget_shared_pending(tsk, &unblocked);
|
|
|
|
if (unlikely(tsk->jobctl & JOBCTL_STOP_PENDING) &&
|
|
task_participate_group_stop(tsk))
|
|
group_stop = CLD_STOPPED;
|
|
out:
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
|
|
/*
|
|
* If group stop has completed, deliver the notification. This
|
|
* should always go to the real parent of the group leader.
|
|
*/
|
|
if (unlikely(group_stop)) {
|
|
read_lock(&tasklist_lock);
|
|
do_notify_parent_cldstop(tsk, false, group_stop);
|
|
read_unlock(&tasklist_lock);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* System call entry points.
|
|
*/
|
|
|
|
/**
|
|
* sys_restart_syscall - restart a system call
|
|
*/
|
|
SYSCALL_DEFINE0(restart_syscall)
|
|
{
|
|
struct restart_block *restart = ¤t->restart_block;
|
|
return restart->fn(restart);
|
|
}
|
|
|
|
long do_no_restart_syscall(struct restart_block *param)
|
|
{
|
|
return -EINTR;
|
|
}
|
|
|
|
static void __set_task_blocked(struct task_struct *tsk, const sigset_t *newset)
|
|
{
|
|
if (task_sigpending(tsk) && !thread_group_empty(tsk)) {
|
|
sigset_t newblocked;
|
|
/* A set of now blocked but previously unblocked signals. */
|
|
sigandnsets(&newblocked, newset, ¤t->blocked);
|
|
retarget_shared_pending(tsk, &newblocked);
|
|
}
|
|
tsk->blocked = *newset;
|
|
recalc_sigpending();
|
|
}
|
|
|
|
/**
|
|
* set_current_blocked - change current->blocked mask
|
|
* @newset: new mask
|
|
*
|
|
* It is wrong to change ->blocked directly, this helper should be used
|
|
* to ensure the process can't miss a shared signal we are going to block.
|
|
*/
|
|
void set_current_blocked(sigset_t *newset)
|
|
{
|
|
sigdelsetmask(newset, sigmask(SIGKILL) | sigmask(SIGSTOP));
|
|
__set_current_blocked(newset);
|
|
}
|
|
|
|
void __set_current_blocked(const sigset_t *newset)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
|
|
/*
|
|
* In case the signal mask hasn't changed, there is nothing we need
|
|
* to do. The current->blocked shouldn't be modified by other task.
|
|
*/
|
|
if (sigequalsets(&tsk->blocked, newset))
|
|
return;
|
|
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
|
__set_task_blocked(tsk, newset);
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
}
|
|
|
|
/*
|
|
* This is also useful for kernel threads that want to temporarily
|
|
* (or permanently) block certain signals.
|
|
*
|
|
* NOTE! Unlike the user-mode sys_sigprocmask(), the kernel
|
|
* interface happily blocks "unblockable" signals like SIGKILL
|
|
* and friends.
|
|
*/
|
|
int sigprocmask(int how, sigset_t *set, sigset_t *oldset)
|
|
{
|
|
struct task_struct *tsk = current;
|
|
sigset_t newset;
|
|
|
|
/* Lockless, only current can change ->blocked, never from irq */
|
|
if (oldset)
|
|
*oldset = tsk->blocked;
|
|
|
|
switch (how) {
|
|
case SIG_BLOCK:
|
|
sigorsets(&newset, &tsk->blocked, set);
|
|
break;
|
|
case SIG_UNBLOCK:
|
|
sigandnsets(&newset, &tsk->blocked, set);
|
|
break;
|
|
case SIG_SETMASK:
|
|
newset = *set;
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
|
|
__set_current_blocked(&newset);
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL(sigprocmask);
|
|
|
|
/*
|
|
* The api helps set app-provided sigmasks.
|
|
*
|
|
* This is useful for syscalls such as ppoll, pselect, io_pgetevents and
|
|
* epoll_pwait where a new sigmask is passed from userland for the syscalls.
|
|
*
|
|
* Note that it does set_restore_sigmask() in advance, so it must be always
|
|
* paired with restore_saved_sigmask_unless() before return from syscall.
|
|
*/
|
|
int set_user_sigmask(const sigset_t __user *umask, size_t sigsetsize)
|
|
{
|
|
sigset_t kmask;
|
|
|
|
if (!umask)
|
|
return 0;
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
if (copy_from_user(&kmask, umask, sizeof(sigset_t)))
|
|
return -EFAULT;
|
|
|
|
set_restore_sigmask();
|
|
current->saved_sigmask = current->blocked;
|
|
set_current_blocked(&kmask);
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
int set_compat_user_sigmask(const compat_sigset_t __user *umask,
|
|
size_t sigsetsize)
|
|
{
|
|
sigset_t kmask;
|
|
|
|
if (!umask)
|
|
return 0;
|
|
if (sigsetsize != sizeof(compat_sigset_t))
|
|
return -EINVAL;
|
|
if (get_compat_sigset(&kmask, umask))
|
|
return -EFAULT;
|
|
|
|
set_restore_sigmask();
|
|
current->saved_sigmask = current->blocked;
|
|
set_current_blocked(&kmask);
|
|
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
/**
|
|
* sys_rt_sigprocmask - change the list of currently blocked signals
|
|
* @how: whether to add, remove, or set signals
|
|
* @nset: stores pending signals
|
|
* @oset: previous value of signal mask if non-null
|
|
* @sigsetsize: size of sigset_t type
|
|
*/
|
|
SYSCALL_DEFINE4(rt_sigprocmask, int, how, sigset_t __user *, nset,
|
|
sigset_t __user *, oset, size_t, sigsetsize)
|
|
{
|
|
sigset_t old_set, new_set;
|
|
int error;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
old_set = current->blocked;
|
|
|
|
if (nset) {
|
|
if (copy_from_user(&new_set, nset, sizeof(sigset_t)))
|
|
return -EFAULT;
|
|
sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
|
|
|
|
error = sigprocmask(how, &new_set, NULL);
|
|
if (error)
|
|
return error;
|
|
}
|
|
|
|
if (oset) {
|
|
if (copy_to_user(oset, &old_set, sizeof(sigset_t)))
|
|
return -EFAULT;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE4(rt_sigprocmask, int, how, compat_sigset_t __user *, nset,
|
|
compat_sigset_t __user *, oset, compat_size_t, sigsetsize)
|
|
{
|
|
sigset_t old_set = current->blocked;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (nset) {
|
|
sigset_t new_set;
|
|
int error;
|
|
if (get_compat_sigset(&new_set, nset))
|
|
return -EFAULT;
|
|
sigdelsetmask(&new_set, sigmask(SIGKILL)|sigmask(SIGSTOP));
|
|
|
|
error = sigprocmask(how, &new_set, NULL);
|
|
if (error)
|
|
return error;
|
|
}
|
|
return oset ? put_compat_sigset(oset, &old_set, sizeof(*oset)) : 0;
|
|
}
|
|
#endif
|
|
|
|
static void do_sigpending(sigset_t *set)
|
|
{
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
sigorsets(set, ¤t->pending.signal,
|
|
¤t->signal->shared_pending.signal);
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
|
|
/* Outside the lock because only this thread touches it. */
|
|
sigandsets(set, ¤t->blocked, set);
|
|
}
|
|
|
|
/**
|
|
* sys_rt_sigpending - examine a pending signal that has been raised
|
|
* while blocked
|
|
* @uset: stores pending signals
|
|
* @sigsetsize: size of sigset_t type or larger
|
|
*/
|
|
SYSCALL_DEFINE2(rt_sigpending, sigset_t __user *, uset, size_t, sigsetsize)
|
|
{
|
|
sigset_t set;
|
|
|
|
if (sigsetsize > sizeof(*uset))
|
|
return -EINVAL;
|
|
|
|
do_sigpending(&set);
|
|
|
|
if (copy_to_user(uset, &set, sigsetsize))
|
|
return -EFAULT;
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE2(rt_sigpending, compat_sigset_t __user *, uset,
|
|
compat_size_t, sigsetsize)
|
|
{
|
|
sigset_t set;
|
|
|
|
if (sigsetsize > sizeof(*uset))
|
|
return -EINVAL;
|
|
|
|
do_sigpending(&set);
|
|
|
|
return put_compat_sigset(uset, &set, sigsetsize);
|
|
}
|
|
#endif
|
|
|
|
static const struct {
|
|
unsigned char limit, layout;
|
|
} sig_sicodes[] = {
|
|
[SIGILL] = { NSIGILL, SIL_FAULT },
|
|
[SIGFPE] = { NSIGFPE, SIL_FAULT },
|
|
[SIGSEGV] = { NSIGSEGV, SIL_FAULT },
|
|
[SIGBUS] = { NSIGBUS, SIL_FAULT },
|
|
[SIGTRAP] = { NSIGTRAP, SIL_FAULT },
|
|
#if defined(SIGEMT)
|
|
[SIGEMT] = { NSIGEMT, SIL_FAULT },
|
|
#endif
|
|
[SIGCHLD] = { NSIGCHLD, SIL_CHLD },
|
|
[SIGPOLL] = { NSIGPOLL, SIL_POLL },
|
|
[SIGSYS] = { NSIGSYS, SIL_SYS },
|
|
};
|
|
|
|
static bool known_siginfo_layout(unsigned sig, int si_code)
|
|
{
|
|
if (si_code == SI_KERNEL)
|
|
return true;
|
|
else if ((si_code > SI_USER)) {
|
|
if (sig_specific_sicodes(sig)) {
|
|
if (si_code <= sig_sicodes[sig].limit)
|
|
return true;
|
|
}
|
|
else if (si_code <= NSIGPOLL)
|
|
return true;
|
|
}
|
|
else if (si_code >= SI_DETHREAD)
|
|
return true;
|
|
else if (si_code == SI_ASYNCNL)
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
enum siginfo_layout siginfo_layout(unsigned sig, int si_code)
|
|
{
|
|
enum siginfo_layout layout = SIL_KILL;
|
|
if ((si_code > SI_USER) && (si_code < SI_KERNEL)) {
|
|
if ((sig < ARRAY_SIZE(sig_sicodes)) &&
|
|
(si_code <= sig_sicodes[sig].limit)) {
|
|
layout = sig_sicodes[sig].layout;
|
|
/* Handle the exceptions */
|
|
if ((sig == SIGBUS) &&
|
|
(si_code >= BUS_MCEERR_AR) && (si_code <= BUS_MCEERR_AO))
|
|
layout = SIL_FAULT_MCEERR;
|
|
else if ((sig == SIGSEGV) && (si_code == SEGV_BNDERR))
|
|
layout = SIL_FAULT_BNDERR;
|
|
#ifdef SEGV_PKUERR
|
|
else if ((sig == SIGSEGV) && (si_code == SEGV_PKUERR))
|
|
layout = SIL_FAULT_PKUERR;
|
|
#endif
|
|
else if ((sig == SIGTRAP) && (si_code == TRAP_PERF))
|
|
layout = SIL_FAULT_PERF_EVENT;
|
|
else if (IS_ENABLED(CONFIG_SPARC) &&
|
|
(sig == SIGILL) && (si_code == ILL_ILLTRP))
|
|
layout = SIL_FAULT_TRAPNO;
|
|
else if (IS_ENABLED(CONFIG_ALPHA) &&
|
|
((sig == SIGFPE) ||
|
|
((sig == SIGTRAP) && (si_code == TRAP_UNK))))
|
|
layout = SIL_FAULT_TRAPNO;
|
|
}
|
|
else if (si_code <= NSIGPOLL)
|
|
layout = SIL_POLL;
|
|
} else {
|
|
if (si_code == SI_TIMER)
|
|
layout = SIL_TIMER;
|
|
else if (si_code == SI_SIGIO)
|
|
layout = SIL_POLL;
|
|
else if (si_code < 0)
|
|
layout = SIL_RT;
|
|
}
|
|
return layout;
|
|
}
|
|
|
|
static inline char __user *si_expansion(const siginfo_t __user *info)
|
|
{
|
|
return ((char __user *)info) + sizeof(struct kernel_siginfo);
|
|
}
|
|
|
|
int copy_siginfo_to_user(siginfo_t __user *to, const kernel_siginfo_t *from)
|
|
{
|
|
char __user *expansion = si_expansion(to);
|
|
if (copy_to_user(to, from , sizeof(struct kernel_siginfo)))
|
|
return -EFAULT;
|
|
if (clear_user(expansion, SI_EXPANSION_SIZE))
|
|
return -EFAULT;
|
|
return 0;
|
|
}
|
|
|
|
static int post_copy_siginfo_from_user(kernel_siginfo_t *info,
|
|
const siginfo_t __user *from)
|
|
{
|
|
if (unlikely(!known_siginfo_layout(info->si_signo, info->si_code))) {
|
|
char __user *expansion = si_expansion(from);
|
|
char buf[SI_EXPANSION_SIZE];
|
|
int i;
|
|
/*
|
|
* An unknown si_code might need more than
|
|
* sizeof(struct kernel_siginfo) bytes. Verify all of the
|
|
* extra bytes are 0. This guarantees copy_siginfo_to_user
|
|
* will return this data to userspace exactly.
|
|
*/
|
|
if (copy_from_user(&buf, expansion, SI_EXPANSION_SIZE))
|
|
return -EFAULT;
|
|
for (i = 0; i < SI_EXPANSION_SIZE; i++) {
|
|
if (buf[i] != 0)
|
|
return -E2BIG;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int __copy_siginfo_from_user(int signo, kernel_siginfo_t *to,
|
|
const siginfo_t __user *from)
|
|
{
|
|
if (copy_from_user(to, from, sizeof(struct kernel_siginfo)))
|
|
return -EFAULT;
|
|
to->si_signo = signo;
|
|
return post_copy_siginfo_from_user(to, from);
|
|
}
|
|
|
|
int copy_siginfo_from_user(kernel_siginfo_t *to, const siginfo_t __user *from)
|
|
{
|
|
if (copy_from_user(to, from, sizeof(struct kernel_siginfo)))
|
|
return -EFAULT;
|
|
return post_copy_siginfo_from_user(to, from);
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
/**
|
|
* copy_siginfo_to_external32 - copy a kernel siginfo into a compat user siginfo
|
|
* @to: compat siginfo destination
|
|
* @from: kernel siginfo source
|
|
*
|
|
* Note: This function does not work properly for the SIGCHLD on x32, but
|
|
* fortunately it doesn't have to. The only valid callers for this function are
|
|
* copy_siginfo_to_user32, which is overriden for x32 and the coredump code.
|
|
* The latter does not care because SIGCHLD will never cause a coredump.
|
|
*/
|
|
void copy_siginfo_to_external32(struct compat_siginfo *to,
|
|
const struct kernel_siginfo *from)
|
|
{
|
|
memset(to, 0, sizeof(*to));
|
|
|
|
to->si_signo = from->si_signo;
|
|
to->si_errno = from->si_errno;
|
|
to->si_code = from->si_code;
|
|
switch(siginfo_layout(from->si_signo, from->si_code)) {
|
|
case SIL_KILL:
|
|
to->si_pid = from->si_pid;
|
|
to->si_uid = from->si_uid;
|
|
break;
|
|
case SIL_TIMER:
|
|
to->si_tid = from->si_tid;
|
|
to->si_overrun = from->si_overrun;
|
|
to->si_int = from->si_int;
|
|
break;
|
|
case SIL_POLL:
|
|
to->si_band = from->si_band;
|
|
to->si_fd = from->si_fd;
|
|
break;
|
|
case SIL_FAULT:
|
|
to->si_addr = ptr_to_compat(from->si_addr);
|
|
break;
|
|
case SIL_FAULT_TRAPNO:
|
|
to->si_addr = ptr_to_compat(from->si_addr);
|
|
to->si_trapno = from->si_trapno;
|
|
break;
|
|
case SIL_FAULT_MCEERR:
|
|
to->si_addr = ptr_to_compat(from->si_addr);
|
|
to->si_addr_lsb = from->si_addr_lsb;
|
|
break;
|
|
case SIL_FAULT_BNDERR:
|
|
to->si_addr = ptr_to_compat(from->si_addr);
|
|
to->si_lower = ptr_to_compat(from->si_lower);
|
|
to->si_upper = ptr_to_compat(from->si_upper);
|
|
break;
|
|
case SIL_FAULT_PKUERR:
|
|
to->si_addr = ptr_to_compat(from->si_addr);
|
|
to->si_pkey = from->si_pkey;
|
|
break;
|
|
case SIL_FAULT_PERF_EVENT:
|
|
to->si_addr = ptr_to_compat(from->si_addr);
|
|
to->si_perf_data = from->si_perf_data;
|
|
to->si_perf_type = from->si_perf_type;
|
|
to->si_perf_flags = from->si_perf_flags;
|
|
break;
|
|
case SIL_CHLD:
|
|
to->si_pid = from->si_pid;
|
|
to->si_uid = from->si_uid;
|
|
to->si_status = from->si_status;
|
|
to->si_utime = from->si_utime;
|
|
to->si_stime = from->si_stime;
|
|
break;
|
|
case SIL_RT:
|
|
to->si_pid = from->si_pid;
|
|
to->si_uid = from->si_uid;
|
|
to->si_int = from->si_int;
|
|
break;
|
|
case SIL_SYS:
|
|
to->si_call_addr = ptr_to_compat(from->si_call_addr);
|
|
to->si_syscall = from->si_syscall;
|
|
to->si_arch = from->si_arch;
|
|
break;
|
|
}
|
|
}
|
|
|
|
int __copy_siginfo_to_user32(struct compat_siginfo __user *to,
|
|
const struct kernel_siginfo *from)
|
|
{
|
|
struct compat_siginfo new;
|
|
|
|
copy_siginfo_to_external32(&new, from);
|
|
if (copy_to_user(to, &new, sizeof(struct compat_siginfo)))
|
|
return -EFAULT;
|
|
return 0;
|
|
}
|
|
|
|
static int post_copy_siginfo_from_user32(kernel_siginfo_t *to,
|
|
const struct compat_siginfo *from)
|
|
{
|
|
clear_siginfo(to);
|
|
to->si_signo = from->si_signo;
|
|
to->si_errno = from->si_errno;
|
|
to->si_code = from->si_code;
|
|
switch(siginfo_layout(from->si_signo, from->si_code)) {
|
|
case SIL_KILL:
|
|
to->si_pid = from->si_pid;
|
|
to->si_uid = from->si_uid;
|
|
break;
|
|
case SIL_TIMER:
|
|
to->si_tid = from->si_tid;
|
|
to->si_overrun = from->si_overrun;
|
|
to->si_int = from->si_int;
|
|
break;
|
|
case SIL_POLL:
|
|
to->si_band = from->si_band;
|
|
to->si_fd = from->si_fd;
|
|
break;
|
|
case SIL_FAULT:
|
|
to->si_addr = compat_ptr(from->si_addr);
|
|
break;
|
|
case SIL_FAULT_TRAPNO:
|
|
to->si_addr = compat_ptr(from->si_addr);
|
|
to->si_trapno = from->si_trapno;
|
|
break;
|
|
case SIL_FAULT_MCEERR:
|
|
to->si_addr = compat_ptr(from->si_addr);
|
|
to->si_addr_lsb = from->si_addr_lsb;
|
|
break;
|
|
case SIL_FAULT_BNDERR:
|
|
to->si_addr = compat_ptr(from->si_addr);
|
|
to->si_lower = compat_ptr(from->si_lower);
|
|
to->si_upper = compat_ptr(from->si_upper);
|
|
break;
|
|
case SIL_FAULT_PKUERR:
|
|
to->si_addr = compat_ptr(from->si_addr);
|
|
to->si_pkey = from->si_pkey;
|
|
break;
|
|
case SIL_FAULT_PERF_EVENT:
|
|
to->si_addr = compat_ptr(from->si_addr);
|
|
to->si_perf_data = from->si_perf_data;
|
|
to->si_perf_type = from->si_perf_type;
|
|
to->si_perf_flags = from->si_perf_flags;
|
|
break;
|
|
case SIL_CHLD:
|
|
to->si_pid = from->si_pid;
|
|
to->si_uid = from->si_uid;
|
|
to->si_status = from->si_status;
|
|
#ifdef CONFIG_X86_X32_ABI
|
|
if (in_x32_syscall()) {
|
|
to->si_utime = from->_sifields._sigchld_x32._utime;
|
|
to->si_stime = from->_sifields._sigchld_x32._stime;
|
|
} else
|
|
#endif
|
|
{
|
|
to->si_utime = from->si_utime;
|
|
to->si_stime = from->si_stime;
|
|
}
|
|
break;
|
|
case SIL_RT:
|
|
to->si_pid = from->si_pid;
|
|
to->si_uid = from->si_uid;
|
|
to->si_int = from->si_int;
|
|
break;
|
|
case SIL_SYS:
|
|
to->si_call_addr = compat_ptr(from->si_call_addr);
|
|
to->si_syscall = from->si_syscall;
|
|
to->si_arch = from->si_arch;
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int __copy_siginfo_from_user32(int signo, struct kernel_siginfo *to,
|
|
const struct compat_siginfo __user *ufrom)
|
|
{
|
|
struct compat_siginfo from;
|
|
|
|
if (copy_from_user(&from, ufrom, sizeof(struct compat_siginfo)))
|
|
return -EFAULT;
|
|
|
|
from.si_signo = signo;
|
|
return post_copy_siginfo_from_user32(to, &from);
|
|
}
|
|
|
|
int copy_siginfo_from_user32(struct kernel_siginfo *to,
|
|
const struct compat_siginfo __user *ufrom)
|
|
{
|
|
struct compat_siginfo from;
|
|
|
|
if (copy_from_user(&from, ufrom, sizeof(struct compat_siginfo)))
|
|
return -EFAULT;
|
|
|
|
return post_copy_siginfo_from_user32(to, &from);
|
|
}
|
|
#endif /* CONFIG_COMPAT */
|
|
|
|
/**
|
|
* do_sigtimedwait - wait for queued signals specified in @which
|
|
* @which: queued signals to wait for
|
|
* @info: if non-null, the signal's siginfo is returned here
|
|
* @ts: upper bound on process time suspension
|
|
*/
|
|
static int do_sigtimedwait(const sigset_t *which, kernel_siginfo_t *info,
|
|
const struct timespec64 *ts)
|
|
{
|
|
ktime_t *to = NULL, timeout = KTIME_MAX;
|
|
struct task_struct *tsk = current;
|
|
sigset_t mask = *which;
|
|
enum pid_type type;
|
|
int sig, ret = 0;
|
|
|
|
if (ts) {
|
|
if (!timespec64_valid(ts))
|
|
return -EINVAL;
|
|
timeout = timespec64_to_ktime(*ts);
|
|
to = &timeout;
|
|
}
|
|
|
|
/*
|
|
* Invert the set of allowed signals to get those we want to block.
|
|
*/
|
|
sigdelsetmask(&mask, sigmask(SIGKILL) | sigmask(SIGSTOP));
|
|
signotset(&mask);
|
|
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
|
sig = dequeue_signal(tsk, &mask, info, &type);
|
|
if (!sig && timeout) {
|
|
/*
|
|
* None ready, temporarily unblock those we're interested
|
|
* while we are sleeping in so that we'll be awakened when
|
|
* they arrive. Unblocking is always fine, we can avoid
|
|
* set_current_blocked().
|
|
*/
|
|
tsk->real_blocked = tsk->blocked;
|
|
sigandsets(&tsk->blocked, &tsk->blocked, &mask);
|
|
recalc_sigpending();
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
|
|
__set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE);
|
|
ret = schedule_hrtimeout_range(to, tsk->timer_slack_ns,
|
|
HRTIMER_MODE_REL);
|
|
spin_lock_irq(&tsk->sighand->siglock);
|
|
__set_task_blocked(tsk, &tsk->real_blocked);
|
|
sigemptyset(&tsk->real_blocked);
|
|
sig = dequeue_signal(tsk, &mask, info, &type);
|
|
}
|
|
spin_unlock_irq(&tsk->sighand->siglock);
|
|
|
|
if (sig)
|
|
return sig;
|
|
return ret ? -EINTR : -EAGAIN;
|
|
}
|
|
|
|
/**
|
|
* sys_rt_sigtimedwait - synchronously wait for queued signals specified
|
|
* in @uthese
|
|
* @uthese: queued signals to wait for
|
|
* @uinfo: if non-null, the signal's siginfo is returned here
|
|
* @uts: upper bound on process time suspension
|
|
* @sigsetsize: size of sigset_t type
|
|
*/
|
|
SYSCALL_DEFINE4(rt_sigtimedwait, const sigset_t __user *, uthese,
|
|
siginfo_t __user *, uinfo,
|
|
const struct __kernel_timespec __user *, uts,
|
|
size_t, sigsetsize)
|
|
{
|
|
sigset_t these;
|
|
struct timespec64 ts;
|
|
kernel_siginfo_t info;
|
|
int ret;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (copy_from_user(&these, uthese, sizeof(these)))
|
|
return -EFAULT;
|
|
|
|
if (uts) {
|
|
if (get_timespec64(&ts, uts))
|
|
return -EFAULT;
|
|
}
|
|
|
|
ret = do_sigtimedwait(&these, &info, uts ? &ts : NULL);
|
|
|
|
if (ret > 0 && uinfo) {
|
|
if (copy_siginfo_to_user(uinfo, &info))
|
|
ret = -EFAULT;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT_32BIT_TIME
|
|
SYSCALL_DEFINE4(rt_sigtimedwait_time32, const sigset_t __user *, uthese,
|
|
siginfo_t __user *, uinfo,
|
|
const struct old_timespec32 __user *, uts,
|
|
size_t, sigsetsize)
|
|
{
|
|
sigset_t these;
|
|
struct timespec64 ts;
|
|
kernel_siginfo_t info;
|
|
int ret;
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (copy_from_user(&these, uthese, sizeof(these)))
|
|
return -EFAULT;
|
|
|
|
if (uts) {
|
|
if (get_old_timespec32(&ts, uts))
|
|
return -EFAULT;
|
|
}
|
|
|
|
ret = do_sigtimedwait(&these, &info, uts ? &ts : NULL);
|
|
|
|
if (ret > 0 && uinfo) {
|
|
if (copy_siginfo_to_user(uinfo, &info))
|
|
ret = -EFAULT;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait_time64, compat_sigset_t __user *, uthese,
|
|
struct compat_siginfo __user *, uinfo,
|
|
struct __kernel_timespec __user *, uts, compat_size_t, sigsetsize)
|
|
{
|
|
sigset_t s;
|
|
struct timespec64 t;
|
|
kernel_siginfo_t info;
|
|
long ret;
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (get_compat_sigset(&s, uthese))
|
|
return -EFAULT;
|
|
|
|
if (uts) {
|
|
if (get_timespec64(&t, uts))
|
|
return -EFAULT;
|
|
}
|
|
|
|
ret = do_sigtimedwait(&s, &info, uts ? &t : NULL);
|
|
|
|
if (ret > 0 && uinfo) {
|
|
if (copy_siginfo_to_user32(uinfo, &info))
|
|
ret = -EFAULT;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT_32BIT_TIME
|
|
COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait_time32, compat_sigset_t __user *, uthese,
|
|
struct compat_siginfo __user *, uinfo,
|
|
struct old_timespec32 __user *, uts, compat_size_t, sigsetsize)
|
|
{
|
|
sigset_t s;
|
|
struct timespec64 t;
|
|
kernel_siginfo_t info;
|
|
long ret;
|
|
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (get_compat_sigset(&s, uthese))
|
|
return -EFAULT;
|
|
|
|
if (uts) {
|
|
if (get_old_timespec32(&t, uts))
|
|
return -EFAULT;
|
|
}
|
|
|
|
ret = do_sigtimedwait(&s, &info, uts ? &t : NULL);
|
|
|
|
if (ret > 0 && uinfo) {
|
|
if (copy_siginfo_to_user32(uinfo, &info))
|
|
ret = -EFAULT;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
static inline void prepare_kill_siginfo(int sig, struct kernel_siginfo *info)
|
|
{
|
|
clear_siginfo(info);
|
|
info->si_signo = sig;
|
|
info->si_errno = 0;
|
|
info->si_code = SI_USER;
|
|
info->si_pid = task_tgid_vnr(current);
|
|
info->si_uid = from_kuid_munged(current_user_ns(), current_uid());
|
|
}
|
|
|
|
/**
|
|
* sys_kill - send a signal to a process
|
|
* @pid: the PID of the process
|
|
* @sig: signal to be sent
|
|
*/
|
|
SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
prepare_kill_siginfo(sig, &info);
|
|
|
|
return kill_something_info(sig, &info, pid);
|
|
}
|
|
|
|
/*
|
|
* Verify that the signaler and signalee either are in the same pid namespace
|
|
* or that the signaler's pid namespace is an ancestor of the signalee's pid
|
|
* namespace.
|
|
*/
|
|
static bool access_pidfd_pidns(struct pid *pid)
|
|
{
|
|
struct pid_namespace *active = task_active_pid_ns(current);
|
|
struct pid_namespace *p = ns_of_pid(pid);
|
|
|
|
for (;;) {
|
|
if (!p)
|
|
return false;
|
|
if (p == active)
|
|
break;
|
|
p = p->parent;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static int copy_siginfo_from_user_any(kernel_siginfo_t *kinfo,
|
|
siginfo_t __user *info)
|
|
{
|
|
#ifdef CONFIG_COMPAT
|
|
/*
|
|
* Avoid hooking up compat syscalls and instead handle necessary
|
|
* conversions here. Note, this is a stop-gap measure and should not be
|
|
* considered a generic solution.
|
|
*/
|
|
if (in_compat_syscall())
|
|
return copy_siginfo_from_user32(
|
|
kinfo, (struct compat_siginfo __user *)info);
|
|
#endif
|
|
return copy_siginfo_from_user(kinfo, info);
|
|
}
|
|
|
|
static struct pid *pidfd_to_pid(const struct file *file)
|
|
{
|
|
struct pid *pid;
|
|
|
|
pid = pidfd_pid(file);
|
|
if (!IS_ERR(pid))
|
|
return pid;
|
|
|
|
return tgid_pidfd_to_pid(file);
|
|
}
|
|
|
|
/**
|
|
* sys_pidfd_send_signal - Signal a process through a pidfd
|
|
* @pidfd: file descriptor of the process
|
|
* @sig: signal to send
|
|
* @info: signal info
|
|
* @flags: future flags
|
|
*
|
|
* The syscall currently only signals via PIDTYPE_PID which covers
|
|
* kill(<positive-pid>, <signal>. It does not signal threads or process
|
|
* groups.
|
|
* In order to extend the syscall to threads and process groups the @flags
|
|
* argument should be used. In essence, the @flags argument will determine
|
|
* what is signaled and not the file descriptor itself. Put in other words,
|
|
* grouping is a property of the flags argument not a property of the file
|
|
* descriptor.
|
|
*
|
|
* Return: 0 on success, negative errno on failure
|
|
*/
|
|
SYSCALL_DEFINE4(pidfd_send_signal, int, pidfd, int, sig,
|
|
siginfo_t __user *, info, unsigned int, flags)
|
|
{
|
|
int ret;
|
|
struct fd f;
|
|
struct pid *pid;
|
|
kernel_siginfo_t kinfo;
|
|
|
|
/* Enforce flags be set to 0 until we add an extension. */
|
|
if (flags)
|
|
return -EINVAL;
|
|
|
|
f = fdget(pidfd);
|
|
if (!f.file)
|
|
return -EBADF;
|
|
|
|
/* Is this a pidfd? */
|
|
pid = pidfd_to_pid(f.file);
|
|
if (IS_ERR(pid)) {
|
|
ret = PTR_ERR(pid);
|
|
goto err;
|
|
}
|
|
|
|
ret = -EINVAL;
|
|
if (!access_pidfd_pidns(pid))
|
|
goto err;
|
|
|
|
if (info) {
|
|
ret = copy_siginfo_from_user_any(&kinfo, info);
|
|
if (unlikely(ret))
|
|
goto err;
|
|
|
|
ret = -EINVAL;
|
|
if (unlikely(sig != kinfo.si_signo))
|
|
goto err;
|
|
|
|
/* Only allow sending arbitrary signals to yourself. */
|
|
ret = -EPERM;
|
|
if ((task_pid(current) != pid) &&
|
|
(kinfo.si_code >= 0 || kinfo.si_code == SI_TKILL))
|
|
goto err;
|
|
} else {
|
|
prepare_kill_siginfo(sig, &kinfo);
|
|
}
|
|
|
|
ret = kill_pid_info(sig, &kinfo, pid);
|
|
|
|
err:
|
|
fdput(f);
|
|
return ret;
|
|
}
|
|
|
|
static int
|
|
do_send_specific(pid_t tgid, pid_t pid, int sig, struct kernel_siginfo *info)
|
|
{
|
|
struct task_struct *p;
|
|
int error = -ESRCH;
|
|
|
|
rcu_read_lock();
|
|
p = find_task_by_vpid(pid);
|
|
if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
|
|
error = check_kill_permission(sig, info, p);
|
|
/*
|
|
* The null signal is a permissions and process existence
|
|
* probe. No signal is actually delivered.
|
|
*/
|
|
if (!error && sig) {
|
|
error = do_send_sig_info(sig, info, p, PIDTYPE_PID);
|
|
/*
|
|
* If lock_task_sighand() failed we pretend the task
|
|
* dies after receiving the signal. The window is tiny,
|
|
* and the signal is private anyway.
|
|
*/
|
|
if (unlikely(error == -ESRCH))
|
|
error = 0;
|
|
}
|
|
}
|
|
rcu_read_unlock();
|
|
|
|
return error;
|
|
}
|
|
|
|
static int do_tkill(pid_t tgid, pid_t pid, int sig)
|
|
{
|
|
struct kernel_siginfo info;
|
|
|
|
clear_siginfo(&info);
|
|
info.si_signo = sig;
|
|
info.si_errno = 0;
|
|
info.si_code = SI_TKILL;
|
|
info.si_pid = task_tgid_vnr(current);
|
|
info.si_uid = from_kuid_munged(current_user_ns(), current_uid());
|
|
|
|
return do_send_specific(tgid, pid, sig, &info);
|
|
}
|
|
|
|
/**
|
|
* sys_tgkill - send signal to one specific thread
|
|
* @tgid: the thread group ID of the thread
|
|
* @pid: the PID of the thread
|
|
* @sig: signal to be sent
|
|
*
|
|
* This syscall also checks the @tgid and returns -ESRCH even if the PID
|
|
* exists but it's not belonging to the target process anymore. This
|
|
* method solves the problem of threads exiting and PIDs getting reused.
|
|
*/
|
|
SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid_t, pid, int, sig)
|
|
{
|
|
/* This is only valid for single tasks */
|
|
if (pid <= 0 || tgid <= 0)
|
|
return -EINVAL;
|
|
|
|
return do_tkill(tgid, pid, sig);
|
|
}
|
|
|
|
/**
|
|
* sys_tkill - send signal to one specific task
|
|
* @pid: the PID of the task
|
|
* @sig: signal to be sent
|
|
*
|
|
* Send a signal to only one task, even if it's a CLONE_THREAD task.
|
|
*/
|
|
SYSCALL_DEFINE2(tkill, pid_t, pid, int, sig)
|
|
{
|
|
/* This is only valid for single tasks */
|
|
if (pid <= 0)
|
|
return -EINVAL;
|
|
|
|
return do_tkill(0, pid, sig);
|
|
}
|
|
|
|
static int do_rt_sigqueueinfo(pid_t pid, int sig, kernel_siginfo_t *info)
|
|
{
|
|
/* Not even root can pretend to send signals from the kernel.
|
|
* Nor can they impersonate a kill()/tgkill(), which adds source info.
|
|
*/
|
|
if ((info->si_code >= 0 || info->si_code == SI_TKILL) &&
|
|
(task_pid_vnr(current) != pid))
|
|
return -EPERM;
|
|
|
|
/* POSIX.1b doesn't mention process groups. */
|
|
return kill_proc_info(sig, info, pid);
|
|
}
|
|
|
|
/**
|
|
* sys_rt_sigqueueinfo - send signal information to a signal
|
|
* @pid: the PID of the thread
|
|
* @sig: signal to be sent
|
|
* @uinfo: signal info to be sent
|
|
*/
|
|
SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t, pid, int, sig,
|
|
siginfo_t __user *, uinfo)
|
|
{
|
|
kernel_siginfo_t info;
|
|
int ret = __copy_siginfo_from_user(sig, &info, uinfo);
|
|
if (unlikely(ret))
|
|
return ret;
|
|
return do_rt_sigqueueinfo(pid, sig, &info);
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE3(rt_sigqueueinfo,
|
|
compat_pid_t, pid,
|
|
int, sig,
|
|
struct compat_siginfo __user *, uinfo)
|
|
{
|
|
kernel_siginfo_t info;
|
|
int ret = __copy_siginfo_from_user32(sig, &info, uinfo);
|
|
if (unlikely(ret))
|
|
return ret;
|
|
return do_rt_sigqueueinfo(pid, sig, &info);
|
|
}
|
|
#endif
|
|
|
|
static int do_rt_tgsigqueueinfo(pid_t tgid, pid_t pid, int sig, kernel_siginfo_t *info)
|
|
{
|
|
/* This is only valid for single tasks */
|
|
if (pid <= 0 || tgid <= 0)
|
|
return -EINVAL;
|
|
|
|
/* Not even root can pretend to send signals from the kernel.
|
|
* Nor can they impersonate a kill()/tgkill(), which adds source info.
|
|
*/
|
|
if ((info->si_code >= 0 || info->si_code == SI_TKILL) &&
|
|
(task_pid_vnr(current) != pid))
|
|
return -EPERM;
|
|
|
|
return do_send_specific(tgid, pid, sig, info);
|
|
}
|
|
|
|
SYSCALL_DEFINE4(rt_tgsigqueueinfo, pid_t, tgid, pid_t, pid, int, sig,
|
|
siginfo_t __user *, uinfo)
|
|
{
|
|
kernel_siginfo_t info;
|
|
int ret = __copy_siginfo_from_user(sig, &info, uinfo);
|
|
if (unlikely(ret))
|
|
return ret;
|
|
return do_rt_tgsigqueueinfo(tgid, pid, sig, &info);
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE4(rt_tgsigqueueinfo,
|
|
compat_pid_t, tgid,
|
|
compat_pid_t, pid,
|
|
int, sig,
|
|
struct compat_siginfo __user *, uinfo)
|
|
{
|
|
kernel_siginfo_t info;
|
|
int ret = __copy_siginfo_from_user32(sig, &info, uinfo);
|
|
if (unlikely(ret))
|
|
return ret;
|
|
return do_rt_tgsigqueueinfo(tgid, pid, sig, &info);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* For kthreads only, must not be used if cloned with CLONE_SIGHAND
|
|
*/
|
|
void kernel_sigaction(int sig, __sighandler_t action)
|
|
{
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
current->sighand->action[sig - 1].sa.sa_handler = action;
|
|
if (action == SIG_IGN) {
|
|
sigset_t mask;
|
|
|
|
sigemptyset(&mask);
|
|
sigaddset(&mask, sig);
|
|
|
|
flush_sigqueue_mask(&mask, ¤t->signal->shared_pending);
|
|
flush_sigqueue_mask(&mask, ¤t->pending);
|
|
recalc_sigpending();
|
|
}
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
}
|
|
EXPORT_SYMBOL(kernel_sigaction);
|
|
|
|
void __weak sigaction_compat_abi(struct k_sigaction *act,
|
|
struct k_sigaction *oact)
|
|
{
|
|
}
|
|
|
|
int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact)
|
|
{
|
|
struct task_struct *p = current, *t;
|
|
struct k_sigaction *k;
|
|
sigset_t mask;
|
|
|
|
if (!valid_signal(sig) || sig < 1 || (act && sig_kernel_only(sig)))
|
|
return -EINVAL;
|
|
|
|
k = &p->sighand->action[sig-1];
|
|
|
|
spin_lock_irq(&p->sighand->siglock);
|
|
if (k->sa.sa_flags & SA_IMMUTABLE) {
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
return -EINVAL;
|
|
}
|
|
if (oact)
|
|
*oact = *k;
|
|
|
|
/*
|
|
* Make sure that we never accidentally claim to support SA_UNSUPPORTED,
|
|
* e.g. by having an architecture use the bit in their uapi.
|
|
*/
|
|
BUILD_BUG_ON(UAPI_SA_FLAGS & SA_UNSUPPORTED);
|
|
|
|
/*
|
|
* Clear unknown flag bits in order to allow userspace to detect missing
|
|
* support for flag bits and to allow the kernel to use non-uapi bits
|
|
* internally.
|
|
*/
|
|
if (act)
|
|
act->sa.sa_flags &= UAPI_SA_FLAGS;
|
|
if (oact)
|
|
oact->sa.sa_flags &= UAPI_SA_FLAGS;
|
|
|
|
sigaction_compat_abi(act, oact);
|
|
|
|
if (act) {
|
|
sigdelsetmask(&act->sa.sa_mask,
|
|
sigmask(SIGKILL) | sigmask(SIGSTOP));
|
|
*k = *act;
|
|
/*
|
|
* POSIX 3.3.1.3:
|
|
* "Setting a signal action to SIG_IGN for a signal that is
|
|
* pending shall cause the pending signal to be discarded,
|
|
* whether or not it is blocked."
|
|
*
|
|
* "Setting a signal action to SIG_DFL for a signal that is
|
|
* pending and whose default action is to ignore the signal
|
|
* (for example, SIGCHLD), shall cause the pending signal to
|
|
* be discarded, whether or not it is blocked"
|
|
*/
|
|
if (sig_handler_ignored(sig_handler(p, sig), sig)) {
|
|
sigemptyset(&mask);
|
|
sigaddset(&mask, sig);
|
|
flush_sigqueue_mask(&mask, &p->signal->shared_pending);
|
|
for_each_thread(p, t)
|
|
flush_sigqueue_mask(&mask, &t->pending);
|
|
}
|
|
}
|
|
|
|
spin_unlock_irq(&p->sighand->siglock);
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_DYNAMIC_SIGFRAME
|
|
static inline void sigaltstack_lock(void)
|
|
__acquires(¤t->sighand->siglock)
|
|
{
|
|
spin_lock_irq(¤t->sighand->siglock);
|
|
}
|
|
|
|
static inline void sigaltstack_unlock(void)
|
|
__releases(¤t->sighand->siglock)
|
|
{
|
|
spin_unlock_irq(¤t->sighand->siglock);
|
|
}
|
|
#else
|
|
static inline void sigaltstack_lock(void) { }
|
|
static inline void sigaltstack_unlock(void) { }
|
|
#endif
|
|
|
|
static int
|
|
do_sigaltstack (const stack_t *ss, stack_t *oss, unsigned long sp,
|
|
size_t min_ss_size)
|
|
{
|
|
struct task_struct *t = current;
|
|
int ret = 0;
|
|
|
|
if (oss) {
|
|
memset(oss, 0, sizeof(stack_t));
|
|
oss->ss_sp = (void __user *) t->sas_ss_sp;
|
|
oss->ss_size = t->sas_ss_size;
|
|
oss->ss_flags = sas_ss_flags(sp) |
|
|
(current->sas_ss_flags & SS_FLAG_BITS);
|
|
}
|
|
|
|
if (ss) {
|
|
void __user *ss_sp = ss->ss_sp;
|
|
size_t ss_size = ss->ss_size;
|
|
unsigned ss_flags = ss->ss_flags;
|
|
int ss_mode;
|
|
|
|
if (unlikely(on_sig_stack(sp)))
|
|
return -EPERM;
|
|
|
|
ss_mode = ss_flags & ~SS_FLAG_BITS;
|
|
if (unlikely(ss_mode != SS_DISABLE && ss_mode != SS_ONSTACK &&
|
|
ss_mode != 0))
|
|
return -EINVAL;
|
|
|
|
/*
|
|
* Return before taking any locks if no actual
|
|
* sigaltstack changes were requested.
|
|
*/
|
|
if (t->sas_ss_sp == (unsigned long)ss_sp &&
|
|
t->sas_ss_size == ss_size &&
|
|
t->sas_ss_flags == ss_flags)
|
|
return 0;
|
|
|
|
sigaltstack_lock();
|
|
if (ss_mode == SS_DISABLE) {
|
|
ss_size = 0;
|
|
ss_sp = NULL;
|
|
} else {
|
|
if (unlikely(ss_size < min_ss_size))
|
|
ret = -ENOMEM;
|
|
if (!sigaltstack_size_valid(ss_size))
|
|
ret = -ENOMEM;
|
|
}
|
|
if (!ret) {
|
|
t->sas_ss_sp = (unsigned long) ss_sp;
|
|
t->sas_ss_size = ss_size;
|
|
t->sas_ss_flags = ss_flags;
|
|
}
|
|
sigaltstack_unlock();
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
SYSCALL_DEFINE2(sigaltstack,const stack_t __user *,uss, stack_t __user *,uoss)
|
|
{
|
|
stack_t new, old;
|
|
int err;
|
|
if (uss && copy_from_user(&new, uss, sizeof(stack_t)))
|
|
return -EFAULT;
|
|
err = do_sigaltstack(uss ? &new : NULL, uoss ? &old : NULL,
|
|
current_user_stack_pointer(),
|
|
MINSIGSTKSZ);
|
|
if (!err && uoss && copy_to_user(uoss, &old, sizeof(stack_t)))
|
|
err = -EFAULT;
|
|
return err;
|
|
}
|
|
|
|
int restore_altstack(const stack_t __user *uss)
|
|
{
|
|
stack_t new;
|
|
if (copy_from_user(&new, uss, sizeof(stack_t)))
|
|
return -EFAULT;
|
|
(void)do_sigaltstack(&new, NULL, current_user_stack_pointer(),
|
|
MINSIGSTKSZ);
|
|
/* squash all but EFAULT for now */
|
|
return 0;
|
|
}
|
|
|
|
int __save_altstack(stack_t __user *uss, unsigned long sp)
|
|
{
|
|
struct task_struct *t = current;
|
|
int err = __put_user((void __user *)t->sas_ss_sp, &uss->ss_sp) |
|
|
__put_user(t->sas_ss_flags, &uss->ss_flags) |
|
|
__put_user(t->sas_ss_size, &uss->ss_size);
|
|
return err;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
static int do_compat_sigaltstack(const compat_stack_t __user *uss_ptr,
|
|
compat_stack_t __user *uoss_ptr)
|
|
{
|
|
stack_t uss, uoss;
|
|
int ret;
|
|
|
|
if (uss_ptr) {
|
|
compat_stack_t uss32;
|
|
if (copy_from_user(&uss32, uss_ptr, sizeof(compat_stack_t)))
|
|
return -EFAULT;
|
|
uss.ss_sp = compat_ptr(uss32.ss_sp);
|
|
uss.ss_flags = uss32.ss_flags;
|
|
uss.ss_size = uss32.ss_size;
|
|
}
|
|
ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss,
|
|
compat_user_stack_pointer(),
|
|
COMPAT_MINSIGSTKSZ);
|
|
if (ret >= 0 && uoss_ptr) {
|
|
compat_stack_t old;
|
|
memset(&old, 0, sizeof(old));
|
|
old.ss_sp = ptr_to_compat(uoss.ss_sp);
|
|
old.ss_flags = uoss.ss_flags;
|
|
old.ss_size = uoss.ss_size;
|
|
if (copy_to_user(uoss_ptr, &old, sizeof(compat_stack_t)))
|
|
ret = -EFAULT;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
COMPAT_SYSCALL_DEFINE2(sigaltstack,
|
|
const compat_stack_t __user *, uss_ptr,
|
|
compat_stack_t __user *, uoss_ptr)
|
|
{
|
|
return do_compat_sigaltstack(uss_ptr, uoss_ptr);
|
|
}
|
|
|
|
int compat_restore_altstack(const compat_stack_t __user *uss)
|
|
{
|
|
int err = do_compat_sigaltstack(uss, NULL);
|
|
/* squash all but -EFAULT for now */
|
|
return err == -EFAULT ? err : 0;
|
|
}
|
|
|
|
int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp)
|
|
{
|
|
int err;
|
|
struct task_struct *t = current;
|
|
err = __put_user(ptr_to_compat((void __user *)t->sas_ss_sp),
|
|
&uss->ss_sp) |
|
|
__put_user(t->sas_ss_flags, &uss->ss_flags) |
|
|
__put_user(t->sas_ss_size, &uss->ss_size);
|
|
return err;
|
|
}
|
|
#endif
|
|
|
|
#ifdef __ARCH_WANT_SYS_SIGPENDING
|
|
|
|
/**
|
|
* sys_sigpending - examine pending signals
|
|
* @uset: where mask of pending signal is returned
|
|
*/
|
|
SYSCALL_DEFINE1(sigpending, old_sigset_t __user *, uset)
|
|
{
|
|
sigset_t set;
|
|
|
|
if (sizeof(old_sigset_t) > sizeof(*uset))
|
|
return -EINVAL;
|
|
|
|
do_sigpending(&set);
|
|
|
|
if (copy_to_user(uset, &set, sizeof(old_sigset_t)))
|
|
return -EFAULT;
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE1(sigpending, compat_old_sigset_t __user *, set32)
|
|
{
|
|
sigset_t set;
|
|
|
|
do_sigpending(&set);
|
|
|
|
return put_user(set.sig[0], set32);
|
|
}
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#ifdef __ARCH_WANT_SYS_SIGPROCMASK
|
|
/**
|
|
* sys_sigprocmask - examine and change blocked signals
|
|
* @how: whether to add, remove, or set signals
|
|
* @nset: signals to add or remove (if non-null)
|
|
* @oset: previous value of signal mask if non-null
|
|
*
|
|
* Some platforms have their own version with special arguments;
|
|
* others support only sys_rt_sigprocmask.
|
|
*/
|
|
|
|
SYSCALL_DEFINE3(sigprocmask, int, how, old_sigset_t __user *, nset,
|
|
old_sigset_t __user *, oset)
|
|
{
|
|
old_sigset_t old_set, new_set;
|
|
sigset_t new_blocked;
|
|
|
|
old_set = current->blocked.sig[0];
|
|
|
|
if (nset) {
|
|
if (copy_from_user(&new_set, nset, sizeof(*nset)))
|
|
return -EFAULT;
|
|
|
|
new_blocked = current->blocked;
|
|
|
|
switch (how) {
|
|
case SIG_BLOCK:
|
|
sigaddsetmask(&new_blocked, new_set);
|
|
break;
|
|
case SIG_UNBLOCK:
|
|
sigdelsetmask(&new_blocked, new_set);
|
|
break;
|
|
case SIG_SETMASK:
|
|
new_blocked.sig[0] = new_set;
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
|
|
set_current_blocked(&new_blocked);
|
|
}
|
|
|
|
if (oset) {
|
|
if (copy_to_user(oset, &old_set, sizeof(*oset)))
|
|
return -EFAULT;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
#endif /* __ARCH_WANT_SYS_SIGPROCMASK */
|
|
|
|
#ifndef CONFIG_ODD_RT_SIGACTION
|
|
/**
|
|
* sys_rt_sigaction - alter an action taken by a process
|
|
* @sig: signal to be sent
|
|
* @act: new sigaction
|
|
* @oact: used to save the previous sigaction
|
|
* @sigsetsize: size of sigset_t type
|
|
*/
|
|
SYSCALL_DEFINE4(rt_sigaction, int, sig,
|
|
const struct sigaction __user *, act,
|
|
struct sigaction __user *, oact,
|
|
size_t, sigsetsize)
|
|
{
|
|
struct k_sigaction new_sa, old_sa;
|
|
int ret;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (act && copy_from_user(&new_sa.sa, act, sizeof(new_sa.sa)))
|
|
return -EFAULT;
|
|
|
|
ret = do_sigaction(sig, act ? &new_sa : NULL, oact ? &old_sa : NULL);
|
|
if (ret)
|
|
return ret;
|
|
|
|
if (oact && copy_to_user(oact, &old_sa.sa, sizeof(old_sa.sa)))
|
|
return -EFAULT;
|
|
|
|
return 0;
|
|
}
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE4(rt_sigaction, int, sig,
|
|
const struct compat_sigaction __user *, act,
|
|
struct compat_sigaction __user *, oact,
|
|
compat_size_t, sigsetsize)
|
|
{
|
|
struct k_sigaction new_ka, old_ka;
|
|
#ifdef __ARCH_HAS_SA_RESTORER
|
|
compat_uptr_t restorer;
|
|
#endif
|
|
int ret;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(compat_sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (act) {
|
|
compat_uptr_t handler;
|
|
ret = get_user(handler, &act->sa_handler);
|
|
new_ka.sa.sa_handler = compat_ptr(handler);
|
|
#ifdef __ARCH_HAS_SA_RESTORER
|
|
ret |= get_user(restorer, &act->sa_restorer);
|
|
new_ka.sa.sa_restorer = compat_ptr(restorer);
|
|
#endif
|
|
ret |= get_compat_sigset(&new_ka.sa.sa_mask, &act->sa_mask);
|
|
ret |= get_user(new_ka.sa.sa_flags, &act->sa_flags);
|
|
if (ret)
|
|
return -EFAULT;
|
|
}
|
|
|
|
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
|
if (!ret && oact) {
|
|
ret = put_user(ptr_to_compat(old_ka.sa.sa_handler),
|
|
&oact->sa_handler);
|
|
ret |= put_compat_sigset(&oact->sa_mask, &old_ka.sa.sa_mask,
|
|
sizeof(oact->sa_mask));
|
|
ret |= put_user(old_ka.sa.sa_flags, &oact->sa_flags);
|
|
#ifdef __ARCH_HAS_SA_RESTORER
|
|
ret |= put_user(ptr_to_compat(old_ka.sa.sa_restorer),
|
|
&oact->sa_restorer);
|
|
#endif
|
|
}
|
|
return ret;
|
|
}
|
|
#endif
|
|
#endif /* !CONFIG_ODD_RT_SIGACTION */
|
|
|
|
#ifdef CONFIG_OLD_SIGACTION
|
|
SYSCALL_DEFINE3(sigaction, int, sig,
|
|
const struct old_sigaction __user *, act,
|
|
struct old_sigaction __user *, oact)
|
|
{
|
|
struct k_sigaction new_ka, old_ka;
|
|
int ret;
|
|
|
|
if (act) {
|
|
old_sigset_t mask;
|
|
if (!access_ok(act, sizeof(*act)) ||
|
|
__get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
|
|
__get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
|
|
__get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
|
|
__get_user(mask, &act->sa_mask))
|
|
return -EFAULT;
|
|
#ifdef __ARCH_HAS_KA_RESTORER
|
|
new_ka.ka_restorer = NULL;
|
|
#endif
|
|
siginitset(&new_ka.sa.sa_mask, mask);
|
|
}
|
|
|
|
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
|
|
|
if (!ret && oact) {
|
|
if (!access_ok(oact, sizeof(*oact)) ||
|
|
__put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
|
|
__put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
|
|
__put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
|
|
__put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
|
|
return -EFAULT;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif
|
|
#ifdef CONFIG_COMPAT_OLD_SIGACTION
|
|
COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
|
|
const struct compat_old_sigaction __user *, act,
|
|
struct compat_old_sigaction __user *, oact)
|
|
{
|
|
struct k_sigaction new_ka, old_ka;
|
|
int ret;
|
|
compat_old_sigset_t mask;
|
|
compat_uptr_t handler, restorer;
|
|
|
|
if (act) {
|
|
if (!access_ok(act, sizeof(*act)) ||
|
|
__get_user(handler, &act->sa_handler) ||
|
|
__get_user(restorer, &act->sa_restorer) ||
|
|
__get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
|
|
__get_user(mask, &act->sa_mask))
|
|
return -EFAULT;
|
|
|
|
#ifdef __ARCH_HAS_KA_RESTORER
|
|
new_ka.ka_restorer = NULL;
|
|
#endif
|
|
new_ka.sa.sa_handler = compat_ptr(handler);
|
|
new_ka.sa.sa_restorer = compat_ptr(restorer);
|
|
siginitset(&new_ka.sa.sa_mask, mask);
|
|
}
|
|
|
|
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
|
|
|
if (!ret && oact) {
|
|
if (!access_ok(oact, sizeof(*oact)) ||
|
|
__put_user(ptr_to_compat(old_ka.sa.sa_handler),
|
|
&oact->sa_handler) ||
|
|
__put_user(ptr_to_compat(old_ka.sa.sa_restorer),
|
|
&oact->sa_restorer) ||
|
|
__put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
|
|
__put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
|
|
return -EFAULT;
|
|
}
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_SGETMASK_SYSCALL
|
|
|
|
/*
|
|
* For backwards compatibility. Functionality superseded by sigprocmask.
|
|
*/
|
|
SYSCALL_DEFINE0(sgetmask)
|
|
{
|
|
/* SMP safe */
|
|
return current->blocked.sig[0];
|
|
}
|
|
|
|
SYSCALL_DEFINE1(ssetmask, int, newmask)
|
|
{
|
|
int old = current->blocked.sig[0];
|
|
sigset_t newset;
|
|
|
|
siginitset(&newset, newmask);
|
|
set_current_blocked(&newset);
|
|
|
|
return old;
|
|
}
|
|
#endif /* CONFIG_SGETMASK_SYSCALL */
|
|
|
|
#ifdef __ARCH_WANT_SYS_SIGNAL
|
|
/*
|
|
* For backwards compatibility. Functionality superseded by sigaction.
|
|
*/
|
|
SYSCALL_DEFINE2(signal, int, sig, __sighandler_t, handler)
|
|
{
|
|
struct k_sigaction new_sa, old_sa;
|
|
int ret;
|
|
|
|
new_sa.sa.sa_handler = handler;
|
|
new_sa.sa.sa_flags = SA_ONESHOT | SA_NOMASK;
|
|
sigemptyset(&new_sa.sa.sa_mask);
|
|
|
|
ret = do_sigaction(sig, &new_sa, &old_sa);
|
|
|
|
return ret ? ret : (unsigned long)old_sa.sa.sa_handler;
|
|
}
|
|
#endif /* __ARCH_WANT_SYS_SIGNAL */
|
|
|
|
#ifdef __ARCH_WANT_SYS_PAUSE
|
|
|
|
SYSCALL_DEFINE0(pause)
|
|
{
|
|
while (!signal_pending(current)) {
|
|
__set_current_state(TASK_INTERRUPTIBLE);
|
|
schedule();
|
|
}
|
|
return -ERESTARTNOHAND;
|
|
}
|
|
|
|
#endif
|
|
|
|
static int sigsuspend(sigset_t *set)
|
|
{
|
|
current->saved_sigmask = current->blocked;
|
|
set_current_blocked(set);
|
|
|
|
while (!signal_pending(current)) {
|
|
__set_current_state(TASK_INTERRUPTIBLE);
|
|
schedule();
|
|
}
|
|
set_restore_sigmask();
|
|
return -ERESTARTNOHAND;
|
|
}
|
|
|
|
/**
|
|
* sys_rt_sigsuspend - replace the signal mask for a value with the
|
|
* @unewset value until a signal is received
|
|
* @unewset: new signal mask value
|
|
* @sigsetsize: size of sigset_t type
|
|
*/
|
|
SYSCALL_DEFINE2(rt_sigsuspend, sigset_t __user *, unewset, size_t, sigsetsize)
|
|
{
|
|
sigset_t newset;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (copy_from_user(&newset, unewset, sizeof(newset)))
|
|
return -EFAULT;
|
|
return sigsuspend(&newset);
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
COMPAT_SYSCALL_DEFINE2(rt_sigsuspend, compat_sigset_t __user *, unewset, compat_size_t, sigsetsize)
|
|
{
|
|
sigset_t newset;
|
|
|
|
/* XXX: Don't preclude handling different sized sigset_t's. */
|
|
if (sigsetsize != sizeof(sigset_t))
|
|
return -EINVAL;
|
|
|
|
if (get_compat_sigset(&newset, unewset))
|
|
return -EFAULT;
|
|
return sigsuspend(&newset);
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_OLD_SIGSUSPEND
|
|
SYSCALL_DEFINE1(sigsuspend, old_sigset_t, mask)
|
|
{
|
|
sigset_t blocked;
|
|
siginitset(&blocked, mask);
|
|
return sigsuspend(&blocked);
|
|
}
|
|
#endif
|
|
#ifdef CONFIG_OLD_SIGSUSPEND3
|
|
SYSCALL_DEFINE3(sigsuspend, int, unused1, int, unused2, old_sigset_t, mask)
|
|
{
|
|
sigset_t blocked;
|
|
siginitset(&blocked, mask);
|
|
return sigsuspend(&blocked);
|
|
}
|
|
#endif
|
|
|
|
__weak const char *arch_vma_name(struct vm_area_struct *vma)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline void siginfo_buildtime_checks(void)
|
|
{
|
|
BUILD_BUG_ON(sizeof(struct siginfo) != SI_MAX_SIZE);
|
|
|
|
/* Verify the offsets in the two siginfos match */
|
|
#define CHECK_OFFSET(field) \
|
|
BUILD_BUG_ON(offsetof(siginfo_t, field) != offsetof(kernel_siginfo_t, field))
|
|
|
|
/* kill */
|
|
CHECK_OFFSET(si_pid);
|
|
CHECK_OFFSET(si_uid);
|
|
|
|
/* timer */
|
|
CHECK_OFFSET(si_tid);
|
|
CHECK_OFFSET(si_overrun);
|
|
CHECK_OFFSET(si_value);
|
|
|
|
/* rt */
|
|
CHECK_OFFSET(si_pid);
|
|
CHECK_OFFSET(si_uid);
|
|
CHECK_OFFSET(si_value);
|
|
|
|
/* sigchld */
|
|
CHECK_OFFSET(si_pid);
|
|
CHECK_OFFSET(si_uid);
|
|
CHECK_OFFSET(si_status);
|
|
CHECK_OFFSET(si_utime);
|
|
CHECK_OFFSET(si_stime);
|
|
|
|
/* sigfault */
|
|
CHECK_OFFSET(si_addr);
|
|
CHECK_OFFSET(si_trapno);
|
|
CHECK_OFFSET(si_addr_lsb);
|
|
CHECK_OFFSET(si_lower);
|
|
CHECK_OFFSET(si_upper);
|
|
CHECK_OFFSET(si_pkey);
|
|
CHECK_OFFSET(si_perf_data);
|
|
CHECK_OFFSET(si_perf_type);
|
|
CHECK_OFFSET(si_perf_flags);
|
|
|
|
/* sigpoll */
|
|
CHECK_OFFSET(si_band);
|
|
CHECK_OFFSET(si_fd);
|
|
|
|
/* sigsys */
|
|
CHECK_OFFSET(si_call_addr);
|
|
CHECK_OFFSET(si_syscall);
|
|
CHECK_OFFSET(si_arch);
|
|
#undef CHECK_OFFSET
|
|
|
|
/* usb asyncio */
|
|
BUILD_BUG_ON(offsetof(struct siginfo, si_pid) !=
|
|
offsetof(struct siginfo, si_addr));
|
|
if (sizeof(int) == sizeof(void __user *)) {
|
|
BUILD_BUG_ON(sizeof_field(struct siginfo, si_pid) !=
|
|
sizeof(void __user *));
|
|
} else {
|
|
BUILD_BUG_ON((sizeof_field(struct siginfo, si_pid) +
|
|
sizeof_field(struct siginfo, si_uid)) !=
|
|
sizeof(void __user *));
|
|
BUILD_BUG_ON(offsetofend(struct siginfo, si_pid) !=
|
|
offsetof(struct siginfo, si_uid));
|
|
}
|
|
#ifdef CONFIG_COMPAT
|
|
BUILD_BUG_ON(offsetof(struct compat_siginfo, si_pid) !=
|
|
offsetof(struct compat_siginfo, si_addr));
|
|
BUILD_BUG_ON(sizeof_field(struct compat_siginfo, si_pid) !=
|
|
sizeof(compat_uptr_t));
|
|
BUILD_BUG_ON(sizeof_field(struct compat_siginfo, si_pid) !=
|
|
sizeof_field(struct siginfo, si_pid));
|
|
#endif
|
|
}
|
|
|
|
void __init signals_init(void)
|
|
{
|
|
siginfo_buildtime_checks();
|
|
|
|
sigqueue_cachep = KMEM_CACHE(sigqueue, SLAB_PANIC | SLAB_ACCOUNT);
|
|
}
|
|
|
|
#ifdef CONFIG_KGDB_KDB
|
|
#include <linux/kdb.h>
|
|
/*
|
|
* kdb_send_sig - Allows kdb to send signals without exposing
|
|
* signal internals. This function checks if the required locks are
|
|
* available before calling the main signal code, to avoid kdb
|
|
* deadlocks.
|
|
*/
|
|
void kdb_send_sig(struct task_struct *t, int sig)
|
|
{
|
|
static struct task_struct *kdb_prev_t;
|
|
int new_t, ret;
|
|
if (!spin_trylock(&t->sighand->siglock)) {
|
|
kdb_printf("Can't do kill command now.\n"
|
|
"The sigmask lock is held somewhere else in "
|
|
"kernel, try again later\n");
|
|
return;
|
|
}
|
|
new_t = kdb_prev_t != t;
|
|
kdb_prev_t = t;
|
|
if (!task_is_running(t) && new_t) {
|
|
spin_unlock(&t->sighand->siglock);
|
|
kdb_printf("Process is not RUNNING, sending a signal from "
|
|
"kdb risks deadlock\n"
|
|
"on the run queue locks. "
|
|
"The signal has _not_ been sent.\n"
|
|
"Reissue the kill command if you want to risk "
|
|
"the deadlock.\n");
|
|
return;
|
|
}
|
|
ret = send_signal_locked(sig, SEND_SIG_PRIV, t, PIDTYPE_PID);
|
|
spin_unlock(&t->sighand->siglock);
|
|
if (ret)
|
|
kdb_printf("Fail to deliver Signal %d to process %d.\n",
|
|
sig, t->pid);
|
|
else
|
|
kdb_printf("Signal %d is sent to process %d.\n", sig, t->pid);
|
|
}
|
|
#endif /* CONFIG_KGDB_KDB */
|