lineage-22.0
3560 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
6725684c74
|
Merge tag 'ASB-2024-12-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-12-01 * tag 'ASB-2024-12-05_12-5.10' of https://android.googlesource.com/kernel/common: (649 commits) ANDROID: ABI: update symbol list for honor ANDROID: fs: add vendor hook to collect IO statistics ANDROID: tools/objtool: Pass CFLAGS to libsubcmd build via EXTRA_CFLAGS UPSTREAM: HID: core: zero-initialize the report buffer ANDROID: libsubcmd: Hoist iterator variable declarations in parse_options_subcommand() ANDROID: mm: Fix SPF-aware fast-mremap UPSTREAM: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT UPSTREAM: f2fs: support SEEK_DATA and SEEK_HOLE for compression files Revert "genetlink: hold RCU in genlmsg_mcast()" ANDROID: add file for recording allowed ABI breaks ANDROID: GKI: update symbol list for honor ANDROID: Allow vendor modules perform more operations on memleak detect UPSTREAM: drm/omap: fix misleading indentation in pixinc() UPSTREAM: bitfield: build kunit tests without structleak plugin BACKPORT: FROMGIT: binder: add delivered_freeze to debugfs output BACKPORT: FROMGIT: binder: fix memleak of proc->delivered_freeze FROMGIT: binder: allow freeze notification for dead nodes FROMGIT: binder: fix BINDER_WORK_CLEAR_FREEZE_NOTIFICATION debug logs FROMGIT: binder: fix BINDER_WORK_FROZEN_BINDER debug logs BACKPORT: FROMGIT: binder: fix freeze UAF in binder_release_work() ... Conflicts: android/abi_gki_aarch64.xml net/qrtr/af_qrtr.c Change-Id: I4f416cf6c90e71fbdc0bea2c76a620842a2a2288 |
||
Greg Kroah-Hartman
|
b0e9b554c3 |
Merge tag 'android12-5.10.228_r00' into android12-5.10
This merges up to the 5.10.228 LTS release into the android12-5.10 branch. Changes included in here are: * |
||
Daeho Jeong
|
a8339e7fd0 |
UPSTREAM: f2fs: support SEEK_DATA and SEEK_HOLE for compression files
Fix to support SEEK_DATA and SEEK_HOLE for compression files Bug: 325092012 Signed-off-by: Daeho Jeong <daehojeong@google.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit a94c7fded76bfd1a061deae7be80fedbfa26774e) (cherry picked from https://android-review.googlesource.com/q/commit:268f1fed504a7bc9cfba291fe994ad767eda7a70) Merged-In: Iba62c53e634682205f84c8dc3566ab8df9079158 Change-Id: Iba62c53e634682205f84c8dc3566ab8df9079158 |
||
|
Greg Kroah-Hartman
|
baa474b078 |
Merge 74c63fd016 ("ACPICA: Fix memory leak if acpi_ps_get_next_field() fails") into android12-5.10-lts
Steps on the way to 5.10.227 Change-Id: Ie190b64ce17dea26ec0ac8910bbcb5fb144aede0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
6136b834d6 |
Merge cdd86fb75f ("net/mlx5: Added cond_resched() to crdump collection") into android12-5.10-lts
Steps on the way to 5.10.227 Change-Id: I780b041f7c72ac3204110981ba8c0ce36764d971 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
0407f5e40e |
Merge 1429a9260f ("Revert "dm: requeue IO if mapping table not yet available"") into android12-5.10-lts
Steps on the way to 5.10.226 Resolves merge conflicts in: fs/f2fs/xattr.c fs/nfsd/filecache.c Change-Id: I09ff012f62cfc2cd08550684766f05eac93951fb Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Chao Yu
|
ee2e0e624b |
BACKPORT: f2fs: compress: fix to update i_compr_blocks correctly
Previously, we account reserved blocks and compressed blocks into
@compr_blocks, then, f2fs_i_compr_blocks_update(,compr_blocks) will
update i_compr_blocks incorrectly, fix it.
Meanwhile, for the case all blocks in cluster were reserved, fix to
update dn->ofs_in_node correctly.
Bug: 378001005
Fixes: eb8fbaa53374 ("f2fs: compress: fix to check unreleased compressed cluster")
Change-Id: Ie195fc57a1d55ff9f42fe4855edd21da1c88bb90
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
(cherry picked from commit 186e7d71534df4589405925caca5597af7626c12)
|
||
|
Michael Bestas
|
529ffa5672
|
Merge tag 'ASB-2024-11-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-11-01
CVE-2024-36978
CVE-2024-46740
* tag 'ASB-2024-11-05_12-5.10' of https://android.googlesource.com/kernel/common: (702 commits)
UPSTREAM: dma-buf: heaps: Fix off-by-one in CMA heap fault handler
BACKPORT: firmware: arm_scmi: Queue in scmi layer for mailbox implementation
BACKPORT: gso: fix udp gso fraglist segmentation after pull from frag_list
ANDROID: usb: Optimization the transfer rate of accessory mode in USB3.2 mode
UPSTREAM: unicode: Don't special case ignorable code points
ANDROID: 16K: Fixup padding vm_flags bits on VMA splits
ANDROID: 16K: Introduce pgsize_migration_inline.h
Revert "udf: Avoid excessive partition lengths"
Revert "bareudp: Fix device stats updates."
ANDROID: fix up change to pti_clone_pgtable()
Revert "perf/aux: Fix AUX buffer serialization"
Revert "clocksource/drivers/timer-of: Remove percpu irq related code"
Revert "Merge
|
||
Jann Horn
|
000bab8753 |
f2fs: Require FMODE_WRITE for atomic write ioctls
commit 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e upstream.
The F2FS ioctls for starting and committing atomic writes check for
inode_owner_or_capable(), but this does not give LSMs like SELinux or
Landlock an opportunity to deny the write access - if the caller's FSUID
matches the inode's UID, inode_owner_or_capable() immediately returns true.
There are scenarios where LSMs want to deny a process the ability to write
particular files, even files that the FSUID of the process owns; but this
can currently partially be bypassed using atomic write ioctls in two ways:
- F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can
truncate an inode to size 0
- F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert
changes another process concurrently made to a file
Fix it by requiring FMODE_WRITE for these operations, just like for
F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these
ioctls when intending to write into the file, that seems unlikely to break
anything.
Fixes:
|
||
Nikita Zhandarovich
|
cef1056ee6 |
f2fs: avoid potential int overflow in sanity_check_area_boundary()
commit 50438dbc483ca6a133d2bce9d5d6747bcee38371 upstream.
While calculating the end addresses of main area and segment 0, u32
may be not enough to hold the result without the danger of int
overflow.
Just in case, play it safe and cast one of the operands to a
wider type (u64).
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes:
|
||
|
Nikita Zhandarovich
|
85c2f7bd57 |
f2fs: prevent possible int overflow in dir_block_index()
commit 47f268f33dff4a5e31541a990dc09f116f80e61c upstream.
The result of multiplication between values derived from functions
dir_buckets() and bucket_blocks() *could* technically reach
2^30 * 2^2 = 2^32.
While unlikely to happen, it is prudent to ensure that it will not
lead to integer overflow. Thus, use mul_u32_u32() as it's more
appropriate to mitigate the issue.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes:
|
||
|
Chao Yu
|
6f2eeba7c3 |
f2fs: reduce expensive checkpoint trigger frequency
[ Upstream commit aaf8c0b9ae042494cb4585883b15c1332de77840 ] We may trigger high frequent checkpoint for below case: 1. mkdir /mnt/dir1; set dir1 encrypted 2. touch /mnt/file1; fsync /mnt/file1 3. mkdir /mnt/dir2; set dir2 encrypted 4. touch /mnt/file2; fsync /mnt/file2 ... Although, newly created dir and file are not related, due to commit |
||
|
Chao Yu
|
3dc483f0e6 |
f2fs: remove unneeded check condition in __f2fs_setxattr()
[ Upstream commit bc3994ffa4cf23f55171943c713366132c3ff45d ]
It has checked return value of write_all_xattrs(), remove unneeded
following check condition.
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: aaf8c0b9ae04 ("f2fs: reduce expensive checkpoint trigger frequency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
87aceb1ce6 |
f2fs: fix to update i_ctime in __f2fs_setxattr()
[ Upstream commit 8874ad7dae8d91d24cc87c545c0073b3b2da5688 ]
generic/728 - output mismatch (see /media/fstests/results//generic/728.out.bad)
--- tests/generic/728.out 2023-07-19 07:10:48.362711407 +0000
+++ /media/fstests/results//generic/728.out.bad 2023-07-19 08:39:57.000000000 +0000
QA output created by 728
+Expected ctime to change after setxattr.
+Expected ctime to change after removexattr.
Silence is golden
...
(Run 'diff -u /media/fstests/tests/generic/728.out /media/fstests/results//generic/728.out.bad' to see the entire diff)
generic/729 1s
It needs to update i_ctime after {set,remove}xattr, fix it.
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: aaf8c0b9ae04 ("f2fs: reduce expensive checkpoint trigger frequency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Yonggil Song
|
db930da947 |
f2fs: fix typo
[ Upstream commit d382e36970ecf8242921400db2afde15fb6ed49e ]
Fix typo in f2fs.h
Detected by Jaeyoon Choi
Signed-off-by: Yonggil Song <yonggil.song@samsung.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: aaf8c0b9ae04 ("f2fs: reduce expensive checkpoint trigger frequency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Chao Yu
|
7b5476f061 |
f2fs: enhance to update i_mode and acl atomically in f2fs_setattr()
[ Upstream commit 17232e830afb800acdcc22ae8980bf9d330393ef ]
Previously, in f2fs_setattr(), we don't update S_ISUID|S_ISGID|S_ISVTX
bits with S_IRWXUGO bits and acl entries atomically, so in error path,
chmod() may partially success, this patch enhances to make chmod() flow
being atomical.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: aaf8c0b9ae04 ("f2fs: reduce expensive checkpoint trigger frequency")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Michael Bestas
|
deec4e9c07
|
Merge tag 'ASB-2024-09-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-09-01 CVE-2024-36972 * tag 'ASB-2024-09-05_12-5.10' of https://android.googlesource.com/kernel/common: (1565 commits) ANDROID: delete tool added by mistake ANDROID: GKI: Add initialization for rwsem's oem_data and vendor_data. ANDROID: GKI: Add initialization for mutex oem_data. ANDROID: fix ENOMEM check of binder_proc_ext ANDROID: binder: fix KMI issues due to frozen notification BACKPORT: FROMGIT: binder: frozen notification binder_features flag BACKPORT: FROMGIT: binder: frozen notification UPSTREAM: selftests/binderfs: add test for feature files UPSTREAM: docs: binderfs: add section about feature files UPSTREAM: binderfs: add support for feature files ANDROID: GKI: Add symbol to symbol list for vivo. ANDROID: vendor_hooks: add hooks to modify pageflags ANDROID: GKI: Add pageflags for OEM ANDROID: GKI: Update symbol list for vivo ANDROID: vendor_hooks: add vendor hooks for fuse request UPSTREAM: net: sched: sch_multiq: fix possible OOB write in multiq_tune() ANDROID: Update the GKI symbol list and ABI XML ANDROID: irqchip/irq-gic-v3: Add vendor hook for gic suspend FROMLIST: binder: fix UAF caused by offsets overwrite ANDROID: gki - set CONFIG_USB_NET_AX88179_178A=y (usb gbit ethernet dongle) ... Conflicts: Documentation/devicetree/bindings/i2c/google,cros-ec-i2c-tunnel.yaml Documentation/devicetree/bindings/sound/rt5645.txt Documentation/devicetree/bindings~HEAD drivers/scsi/ufs/ufs-qcom.c net/qrtr/af_qrtr.c net/qrtr/ns.c net/qrtr/qrtr.h Change-Id: I50a93cfc0ff67778b19609e93cb577f63a517baa |
||
|
Greg Kroah-Hartman
|
4951c68022 |
Merge 5.10.225 into android12-5.10-lts
Changes in 5.10.225 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration thunderbolt: Mark XDomain as unplugged when router is removed s390/dasd: fix error recovery leading to data corruption on ESE devices arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure vfs: Don't evict inode under the inode lru traversing context bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() btrfs: tree-checker: add dev extent item checks drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops drm/amdgpu/jpeg2: properly set atomics vmid field s390/cio: rename bitmap_size() -> idset_bitmap_size() btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() s390/uv: Panic for set and remove shared access UVC errors net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: axienet: Fix register defines comment description net: dsa: vsc73xx: pass value in phy_write operation net: dsa: vsc73xx: use read_poll_timeout instead delay loop net: dsa: vsc73xx: check busy flag in MDIO operations mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size netfilter: flowtable: initialise extack before use net: hns3: fix wrong use of semaphore up net: hns3: fix a deadlock problem when config TC during resetting ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: mac80211: fix BA session teardown race wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero RDMA/rtrs: Fix the problem of variable not initialized fully s390/smp,mcck: fix early IPI handling media: radio-isa: use dev_name to fill in bus_info staging: iio: resolver: ad2s1210: fix use before initialization drm/amd/display: Validate hw_points_num before using it staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount media: qcom: venus: fix incorrect return value scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu nvmet-trace: avoid dereferencing pointer too early ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output drm/lima: set gp bus_stop bit before hard reset virtiofs: forbid newlines in tags netlink: hold nlk->cb_mutex longer in __netlink_dump_start() md: clean up invalid BUG_ON in md_ioctl x86: Increase brk randomness entropy for 64-bit systems memory: stm32-fmc2-ebi: check regmap_read return value parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access net: hns3: add checking for vf id of mailbox nvmet-tcp: do not continue for invalid icreq NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) dm suspend: return -ERESTARTSYS instead of -EINTR Bluetooth: hci_core: Fix LE quote calculation Bluetooth: SMP: Fix assumption of Central always being Initiator tc-testing: don't access non-existent variable on exception kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ip6_tunnel: Fix broken GRO bonding: fix bond_ipsec_offload_ok return type bonding: fix null pointer deref in bond_ipsec_offload_ok bonding: fix xfrm real_dev null pointer dereference bonding: fix xfrm state handling when clearing active slave ice: fix ICE_LAST_OFFSET formula net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: Fix out-of-bound access netem: fix return value if duplicate enqueue fails ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode net: xilinx: axienet: Fix dangling multicast addresses drm/msm/dpu: don't play tricks with debug macros drm/msm/dp: reset the link phy params before link training mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() binfmt_misc: pass binfmt_misc flags to the interpreter MIPS: Loongson64: Set timer mode in cpu-probe HID: wacom: Defer calculation of resolution until resolution_code is known HID: microsoft: Add rumble support to latest xbox controllers cxgb4: add forgotten u64 ivlan cast before shift KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 mmc: dw_mmc: allow biu and ciu clocks to defer Revert "drm/amd/display: Validate hw_points_num before using it" ALSA: timer: Relax start tick time check for slave timer elements nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg(). Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc KVM: arm64: Don't use cbz/adr with external symbols pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances mptcp: sched: check both backup in retrans ipc: replace costly bailout check in sysvipc_find_ipc() drm/amdkfd: don't allow mapping the MMIO HDP page with large pages media: uvcvideo: Fix integer overflow calculating timestamp Revert "Input: ioc3kbd - convert to platform remove callback returning void" ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() net:rds: Fix possible deadlock in rds_message_put ovl: do not fail because of O_NOATIME soundwire: stream: fix programming slave ports for non-continous port maps dmaengine: dw: Add peripheral bus width verification dmaengine: dw: Add memory bus width verification ethtool: check device is present when getting link settings gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() nfc: pn533: Add poll mod list filling check soc: qcom: cmd-db: Map shared memory as WC, not WB cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: st: add missing depopulate in probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure apparmor: fix policy_unpack_test on big endian systems Linux 5.10.225 Change-Id: I5028ef07db680262d45fba4096094fe8b19dd052 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Zhiguo Niu
|
bf0c603ab4 |
f2fs: fix to do sanity check in update_sit_entry
[ Upstream commit 36959d18c3cf09b3c12157c6950e18652067de77 ] If GET_SEGNO return NULL_SEGNO for some unecpected case, update_sit_entry will access invalid memory address, cause system crash. It is better to do sanity check about GET_SEGNO just like update_segment_mtime & locate_dirty_segment. Also remove some redundant judgment code. Signed-off-by: Zhiguo Niu <zhiguo.niu@unisoc.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
b84ad15be5 |
This is the 5.10.224 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmbCv24ACgkQONu9yGCS
aT7lNRAAzP2lSCUHROaMTldoQdahqoWqwFSiMI9p32HYLTerpg1GHVsi1IUvD+pv
zhmUG9w+ACbSbZ9337G61FeEDCIBzgqaIXLCtbK2Be9nWMa9I1ZtMSFUKoSmVJBw
YbrI/UOscJmAf44G6DeMp+N+/S2o7INK463u51SYjufo/zhFF8KsYElm23p06kgn
lTkkUAoo9mSVvEr64zbjwLrWyBWTlcvYH/xrkWeJWXl+hBv0K5Ig9IBm0sc0DSQR
fErADzDLFkmD9pduZbMwbzUUzC8ST41KKjTgClaHQhSMeoLoWT8CJM5Swwds4XVE
JkoClkqnj3+stYFpLFm9UUgZ12wu/9slzgRCN6fTraSNT8gE9F9BRJXFGL+3S5OO
oHKZYEEPTZDsD3PihgufJ4Ft27+KpMUzAgQUmVH/y47wrVJ2pf4fCK8LKT0MbjBi
pjZaDRCxwo1aORL3+jYJBVRecrNqQ0DhacYOKznhb2KKeaHojIwLaE6k/W/0Q8U5
1uMYv+NJ3LWDNzGcNUTCfNtuDELOpkp24Xc8RN0MK2iMMMyfjMpgKssjSBZtz0QW
NH0UVpfiWKECKH+m03NeFnYdMuK8/VyM8vatkcemz0FfgJP2UazeiVwSujfS2r2S
0TtsCMPP3kgKa9mAnni7lQs4wkG+OTNDNZqbuDqFZ1rHUS2Usrg=
=8i2e
-----END PGP SIGNATURE-----
Merge 5.10.224 into android12-5.10-lts
Changes in 5.10.224
EDAC/skx_common: Add new ADXL components for 2-level memory
EDAC, i10nm: make skx_common.o a separate module
platform/chrome: cros_ec_debugfs: fix wrong EC message version
hfsplus: fix to avoid false alarm of circular locking
x86/of: Return consistent error type from x86_of_pci_irq_enable()
x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
x86/pci/xen: Fix PCIBIOS_* return code handling
x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
hwmon: (adt7475) Fix default duty on fan is disabled
pwm: stm32: Always do lazy disabling
hwmon: (max6697) Fix underflow when writing limit attributes
hwmon: (max6697) Fix swapped temp{1,8} critical alarms
arm64: dts: qcom: sdm845: add power-domain to UFS PHY
soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers
arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
soc: qcom: pdr: protect locator_addr with the main mutex
soc: qcom: pdr: fix parsing of domains lists
arm64: dts: rockchip: Increase VOP clk rate on RK3328
ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node
ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
ARM: dts: imx6qdl-kontron-samx6i: fix board reset
ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
arm64: dts: amlogic: gx: correct hdmi clocks
m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
x86/xen: Convert comma to semicolon
m68k: cmpxchg: Fix return value for default case in __arch_xchg()
ARM: pxa: spitz: use gpio descriptors for audio
ARM: spitz: fix GPIO assignment for backlight
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout()
firmware: turris-mox-rwtm: Initialize completion before mailbox
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
selftests/bpf: Fix prog numbers in test_sockmap
net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
net/smc: Allow SMC-D 1MB DMB allocations
net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
selftests/bpf: Check length of recv in test_sockmap
lib: objagg: Fix general protection fault
mlxsw: spectrum_acl_erp: Fix object nesting warning
mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible
mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
ath11k: dp: stop rx pktlog before suspend
wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
net: fec: Refactor: #define magic constants
net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
ipvs: Avoid unnecessary calls to skb_is_gso_sctp
netfilter: nf_tables: rise cap on SELinux secmark context
perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
perf: Fix perf_aux_size() for greater-than 32-bit size
perf: Prevent passing zero nr_pages to rb_alloc_aux()
qed: Improve the stack space of filter_config()
wifi: virt_wifi: avoid reporting connection success with wrong SSID
gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
wifi: virt_wifi: don't use strlen() in const context
selftests/bpf: Close fd in error path in drop_on_reuseport
bpf: annotate BTF show functions with __printf
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
selftests: forwarding: devlink_lib: Wait for udev events after reloading
xdp: fix invalid wait context of page_pool_destroy()
drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators
drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()
media: imon: Fix race getting ictx->lock
saa7134: Unchecked i2c_transfer function result fixed
media: uvcvideo: Allow entity-defined get_info and get_cur
media: uvcvideo: Override default flags
media: renesas: vsp1: Fix _irqsave and _irq mix
media: renesas: vsp1: Store RPF partition configuration per RPF instance
leds: trigger: Unregister sysfs attributes before calling deactivate()
perf report: Fix condition in sort__sym_cmp()
drm/etnaviv: fix DMA direction handling for cached RW buffers
drm/qxl: Add check for drm_cvt_mode
Revert "leds: led-core: Fix refcount leak in of_led_get()"
ext4: fix infinite loop when replaying fast_commit
media: venus: flush all buffers in output plane streamoff
mfd: omap-usb-tll: Use struct_size to allocate tll
xprtrdma: Rename frwr_release_mr()
xprtrdma: Fix rpcrdma_reqs_reset()
SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
ext4: avoid writing unitialized memory to disk in EA inodes
sparc64: Fix incorrect function signature and add prototype for prom_cif_init
SUNRPC: Fixup gss_status tracepoint error output
PCI: Fix resource double counting on remove & rescan
coresight: Fix ref leak when of_coresight_parse_endpoint() fails
Input: qt1050 - handle CHIP_ID reading error
RDMA/mlx4: Fix truncated output warning in mad.c
RDMA/mlx4: Fix truncated output warning in alias_GUID.c
RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
ASoC: max98088: Check for clk_prepare_enable() error
mtd: make mtd_test.c a separate module
RDMA/device: Return error earlier if port in not valid
Input: elan_i2c - do not leave interrupt disabled on suspend failure
MIPS: Octeron: remove source file executable bit
powerpc/xmon: Fix disassembly CPU feature checks
macintosh/therm_windtunnel: fix module unload.
RDMA/hns: Fix missing pagesize and alignment check in FRMR
bnxt_re: Fix imm_data endianness
netfilter: ctnetlink: use helper function to calculate expect ID
net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
pinctrl: rockchip: update rk3308 iomux routes
pinctrl: core: fix possible memory leak when pinctrl_enable() fails
pinctrl: single: fix possible memory leak when pinctrl_enable() fails
pinctrl: ti: ti-iodelay: Drop if block with always false condition
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
pinctrl: freescale: mxs: Fix refcount of child
fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
fs/nilfs2: remove some unused macros to tame gcc
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
rtc: interface: Add RTC offset to alarm after fix-up
dt-bindings: thermal: correct thermal zone node name limit
tick/broadcast: Make takeover of broadcast hrtimer reliable
net: netconsole: Disable target before netpoll cleanup
af_packet: Handle outgoing VLAN packets without hardware offloading
ipv6: take care of scope when choosing the src addr
sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks
char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
media: venus: fix use after free in vdec_close
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
ext2: Verify bitmap and itable block numbers before using them
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
scsi: qla2xxx: Fix optrom version displayed in FDMI
drm/amd/display: Check for NULL pointer
sched/fair: Use all little CPUs for CPU-bound workloads
apparmor: use kvfree_sensitive to free data->data
task_work: s/task_work_cancel()/task_work_cancel_func()/
task_work: Introduce task_work_cancel() again
udf: Avoid using corrupted block bitmap buffer
m68k: amiga: Turn off Warp1260 interrupts during boot
ext4: check dot and dotdot of dx_root before making dir indexed
ext4: make sure the first directory block is not a hole
wifi: mwifiex: Fix interface type change
leds: ss4200: Convert PCIBIOS_* return codes to errnos
jbd2: make jbd2_journal_get_max_txn_bufs() internal
KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
tools/memory-model: Fix bug in lock.cat
hwrng: amd - Convert PCIBIOS_* return codes to errnos
PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
binder: fix hang of unregistered readers
dev/parport: fix the array out-of-bounds risk
scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
f2fs: fix to don't dirty inode for readonly filesystem
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
ubi: eba: properly rollback inside self_check_eba
decompress_bunzip2: fix rare decompression failure
kbuild: Fix '-S -c' in x86 stack protector scripts
kobject_uevent: Fix OOB access within zap_modalias_env()
devres: Fix devm_krealloc() wasting memory
rtc: cmos: Fix return value of nvmem callbacks
scsi: qla2xxx: During vport delete send async logout explicitly
scsi: qla2xxx: Fix for possible memory corruption
scsi: qla2xxx: Fix flash read failure
scsi: qla2xxx: Complete command early within lock
scsi: qla2xxx: validate nvme_local_port correctly
perf/x86/intel/pt: Fix topa_entry base length
perf/x86/intel/pt: Fix a topa_entry base address calculation
rtc: isl1208: Fix return value of nvmem callbacks
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
platform: mips: cpu_hwmon: Disable driver on unsupported hardware
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
selftests/sigaltstack: Fix ppc64 GCC build
rbd: don't assume rbd_is_lock_owner() for exclusive mappings
MIPS: ip30: ip30-console: Add missing include
MIPS: Loongson64: env: Hook up Loongsson-2K
drm/panfrost: Mark simple_ondemand governor as softdep
rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
io_uring/io-wq: limit retrying worker initialisation
kernel: rerun task_work while freezing in get_signal()
kdb: address -Wformat-security warnings
kdb: Use the passed prompt in kdb_position_cursor()
jfs: Fix array-index-out-of-bounds in diFree
um: time-travel: fix time-travel-start option
f2fs: fix start segno of large section
libbpf: Fix no-args func prototype BTF dumping syntax
dma: fix call order in dmam_free_coherent
MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
ipv4: Fix incorrect source address in Record Route option
net: bonding: correctly annotate RCU in bond_should_notify_peers()
netfilter: nft_set_pipapo_avx2: disable softinterrupts
tipc: Return non-zero value from tipc_udp_addr2str() on error
net: stmmac: Correct byte order of perfect_match
net: nexthop: Initialize all fields in dumped nexthops
bpf: Fix a segment issue when downgrading gso_size
mISDN: Fix a use after free in hfcmulti_tx()
apparmor: Fix null pointer deref when receiving skb during sock creation
powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
lirc: rc_dev_get_from_fd(): fix file leak
ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
ceph: fix incorrect kmalloc size of pagevec mempool
nvme: split command copy into a helper
nvme-pci: add missing condition check for existence of mapped data
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
fuse: name fs_context consistently
fuse: verify {g,u}id mount options correctly
sysctl: always initialize i_uid/i_gid
ext4: factor out a common helper to query extent map
ext4: check the extent status again before inserting delalloc block
soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver
drivers: soc: xilinx: check return status of get_api_version()
driver core: Cast to (void *) with __force for __percpu pointer
devres: Fix memory leakage caused by driver API devm_free_percpu()
genirq: Allow the PM device to originate from irq domain
irqchip/imx-irqsteer: Constify irq_chip struct
irqchip/imx-irqsteer: Add runtime PM support
irqchip/imx-irqsteer: Handle runtime power management correctly
remoteproc: imx_rproc: ignore mapping vdev regions
remoteproc: imx_rproc: Fix ignoring mapping vdev regions
remoteproc: imx_rproc: Skip over memory region when node value is NULL
drm/nouveau: prime: fix refcount underflow
drm/vmwgfx: Fix overlay when using Screen Targets
sched: act_ct: take care of padding in struct zones_ht_key
net/iucv: fix use after free in iucv_sock_close()
net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
ipv6: fix ndisc_is_useropt() handling for PIO
riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
platform/chrome: cros_ec_proto: Lock device when updating MKBP version
HID: wacom: Modify pen IDs
protect the fetch of ->fd[fd] in do_dup2() from mispredictions
ALSA: usb-audio: Correct surround channels in UAC1 channel map
ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
mptcp: fix duplicate data handling
netfilter: ipset: Add list flush to cancel_gc
genirq: Allow irq_chip registration functions to take a const irq_chip
irqchip/mbigen: Fix mbigen node address layout
x86/mm: Fix pti_clone_pgtable() alignment assumption
x86/mm: Fix pti_clone_entry_text() for i386
sctp: move hlist_node and hashent out of sctp_ep_common
sctp: Fix null-ptr-deref in reuseport_add_sock().
net: usb: qmi_wwan: fix memory leak for not ip packets
net: linkwatch: use system_unbound_wq
Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
l2tp: fix lockdep splat
net: fec: Stop PPS on driver remove
rcutorture: Fix rcu_torture_fwd_cb_cr() data race
md: do not delete safemode_timer in mddev_suspend
md/raid5: avoid BUG_ON() while continue reshape after reassembling
clocksource/drivers/sh_cmt: Address race condition for clock events
ACPI: battery: create alarm sysfs attribute atomically
ACPI: SBS: manage alarm sysfs attribute through psy core
selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT
PCI: Add Edimax Vendor ID to pci_ids.h
udf: prevent integer overflow in udf_bitmap_free_blocks()
wifi: nl80211: don't give key data to userspace
btrfs: fix bitmap leak when loading free space cache on duplicate entry
drm/amdgpu: Fix the null pointer dereference to ras_manager
drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
media: uvcvideo: Ignore empty TS packets
media: uvcvideo: Fix the bandwdith quirk on USB 3.x
jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
s390/sclp: Prevent release of buffer in I/O
SUNRPC: Fix a race to wake a sync task
sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
ext4: fix wrong unit use in ext4_mb_find_by_goal
arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
arm64: Add Neoverse-V2 part
arm64: cputype: Add Cortex-X4 definitions
arm64: cputype: Add Neoverse-V3 definitions
arm64: errata: Add workaround for Arm errata 3194386 and 3312417
arm64: cputype: Add Cortex-X3 definitions
arm64: cputype: Add Cortex-A720 definitions
arm64: cputype: Add Cortex-X925 definitions
arm64: errata: Unify speculative SSBS errata logic
arm64: errata: Expand speculative SSBS workaround
arm64: cputype: Add Cortex-X1C definitions
arm64: cputype: Add Cortex-A725 definitions
arm64: errata: Expand speculative SSBS workaround (again)
i2c: smbus: Improve handling of stuck alerts
ASoC: codecs: wsa881x: Correct Soundwire ports mask
i2c: smbus: Send alert notifications to all devices if source not found
bpf: kprobe: remove unused declaring of bpf_kprobe_override
kprobes: Fix to check symbol prefixes correctly
spi: spi-fsl-lpspi: Fix scldiv calculation
ALSA: usb-audio: Re-add ScratchAmp quirk entries
drm/client: fix null pointer dereference in drm_client_modeset_probe
ALSA: line6: Fix racy access to midibuf
ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
usb: vhci-hcd: Do not drop references before new references are gained
USB: serial: debug: do not echo input by default
usb: gadget: core: Check for unset descriptor
usb: gadget: u_serial: Set start_delayed during suspend
scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
tick/broadcast: Move per CPU pointer access into the atomic section
ntp: Clamp maxerror and esterror to operating range
driver core: Fix uevent_show() vs driver detach race
ntp: Safeguard against time_constant overflow
scsi: mpt3sas: Remove scsi_dma_map() error messages
scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
irqchip/meson-gpio: support more than 8 channels gpio irq
irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t'
serial: core: check uartclk for zero to avoid divide by zero
irqchip/xilinx: Fix shift out of bounds
genirq/irqdesc: Honor caller provided affinity in alloc_desc()
power: supply: axp288_charger: Fix constant_charge_voltage writes
power: supply: axp288_charger: Round constant_charge_voltage writes down
tracing: Fix overflow in get_free_elt()
padata: Fix possible divide-by-0 panic in padata_mt_helper()
x86/mtrr: Check if fixed MTRRs exist before saving them
drm/bridge: analogix_dp: properly handle zero sized AUX transactions
drm/mgag200: Set DDC timeout in milliseconds
mptcp: sched: check both directions for backup
mptcp: distinguish rcv vs sent backup flag in requests
mptcp: fix NL PM announced address accounting
mptcp: mib: count MPJ with backup flag
mptcp: export local_address
mptcp: pm: fix backup support in signal endpoints
samples: Add fs error monitoring example
samples: Make fs-monitor depend on libc and headers
Add gitignore file for samples/fanotify/ subdirectory
Fix gcc 4.9 build issue in 5.10.y
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
netfilter: nf_tables: set element extended ACK reporting support
netfilter: nf_tables: use timestamp to check for set element timeout
netfilter: nf_tables: allow clone callbacks to sleep
netfilter: nf_tables: prefer nft_chain_validate
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
arm64: cpufeature: Fix the visibility of compat hwcaps
media: uvcvideo: Use entity get_cur in uvc_ctrl_set
exec: Fix ToCToU between perm check and set-uid/gid usage
nvme/pci: Add APST quirk for Lenovo N60z laptop
vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()"
Linux 5.10.224
Change-Id: I7cd19d506c4c86df918a280598946060a494a161
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Sheng Yong
|
ff2387553f |
f2fs: fix start segno of large section
[ Upstream commit 8c409989678e92e4a737e7cd2bb04f3efb81071a ]
get_ckpt_valid_blocks() checks valid ckpt blocks in current section.
It counts all vblocks from the first to the last segment in the
large section. However, START_SEGNO() is used to get the first segno
in an SIT block. This patch fixes that to get the correct start segno.
Fixes: 61461fc921b7 ("f2fs: fix to avoid touching checkpointed data in get_victim()")
Signed-off-by: Sheng Yong <shengyong@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
54bc4e8844 |
f2fs: fix to don't dirty inode for readonly filesystem
commit 192b8fb8d1c8ca3c87366ebbef599fa80bb626b8 upstream.
syzbot reports f2fs bug as below:
kernel BUG at fs/f2fs/inode.c:933!
RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933
Call Trace:
evict+0x2a4/0x620 fs/inode.c:664
dispose_list fs/inode.c:697 [inline]
evict_inodes+0x5f8/0x690 fs/inode.c:747
generic_shutdown_super+0x9d/0x2c0 fs/super.c:675
kill_block_super+0x44/0x90 fs/super.c:1667
kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4894
deactivate_locked_super+0xc1/0x130 fs/super.c:484
cleanup_mnt+0x426/0x4c0 fs/namespace.c:1256
task_work_run+0x24a/0x300 kernel/task_work.c:180
ptrace_notify+0x2cd/0x380 kernel/signal.c:2399
ptrace_report_syscall include/linux/ptrace.h:411 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
syscall_exit_work kernel/entry/common.c:251 [inline]
syscall_exit_to_user_mode_prepare kernel/entry/common.c:278 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0x15c/0x280 kernel/entry/common.c:296
do_syscall_64+0x50/0x110 arch/x86/entry/common.c:88
entry_SYSCALL_64_after_hwframe+0x63/0x6b
The root cause is:
- do_sys_open
- f2fs_lookup
- __f2fs_find_entry
- f2fs_i_depth_write
- f2fs_mark_inode_dirty_sync
- f2fs_dirty_inode
- set_inode_flag(inode, FI_DIRTY_INODE)
- umount
- kill_f2fs_super
- kill_block_super
- generic_shutdown_super
- sync_filesystem
: sb is readonly, skip sync_filesystem()
- evict_inodes
- iput
- f2fs_evict_inode
- f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE))
: trigger kernel panic
When we try to repair i_current_depth in readonly filesystem, let's
skip dirty inode to avoid panic in later f2fs_evict_inode().
Cc: stable@vger.kernel.org
Reported-by: syzbot+31e4659a3fe953aec2f4@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-f2fs-devel/000000000000e890bc0609a55cff@google.com
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Michael Bestas
|
d613c46b79
|
Merge tag 'ASB-2024-08-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-08-01 CVE-2024-36971 * tag 'ASB-2024-08-05_12-5.10' of https://android.googlesource.com/kernel/common: ANDROID: GKI: remove export of tracing control functions ANDROID: Incremental fs: Retry page faults on non-fatal errors ANDROID: update ABI XML due to struct clk_core change UPSTREAM: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() UPSTREAM: f2fs: avoid false alarm of circular locking UPSTREAM: f2fs: fix deadlock in i_xattr_sem and inode page lock ANDROID: userfaultfd: Fix use-after-free in userfaultfd_using_sigbus() ANDROID: 16K: Don't set padding vm_flags on 32-bit archs ANDROID: update .xml file due to struct clk_core abi change ANDROID: mark DRM_VMWGFX as BROKEN Revert "ANDROID: Setting up GS before calling __restore_processor_state." Revert "block: introduce zone_write_granularity limit" Revert "block: Clear zone limits for a non-zoned stacked queue" Revert "scsi: sd: Fix wrong zone_write_granularity value during revalidate" Revert "PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()" Revert "PCI: Cache PCIe Device Capabilities register" Revert "PCI: Work around Intel I210 ROM BAR overlap defect" Revert "PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited" Revert "PCI/DPC: Quirk PIO log size for certain Intel Root Ports" Revert "PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports" Revert "PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports" Revert "timers: Rename del_timer_sync() to timer_delete_sync()" Linux 5.10.218 docs: kernel_include.py: Cope with docutils 0.21 serial: kgdboc: Fix NMI-safety problems from keyboard reset code usb: typec: ucsi: displayport: Fix potential deadlock drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() mptcp: ensure snd_nxt is properly initialized on connect firmware: arm_scmi: Harden accesses to the reset domains KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection netlink: annotate lockless accesses to nlk->max_recvmsg_len ima: fix deadlock when traversing "ima_default_rules". net: bcmgenet: synchronize UMAC_CMD access net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" x86/xen: Drop USERGS_SYSRET64 paravirt call pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() Linux 5.10.217 md: fix kmemleak of rdev->serial keys: Fix overwrite of key expiration on instantiation regulator: core: fix debugfs creation regression hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us net: fix out-of-bounds access in ops_init drm/vmwgfx: Fix invalid reads in fence signaled events mei: me: add lunar lake point M DID dyndbg: fix old BUG_ON in >control parser ASoC: tegra: Fix DSPK 16-bit playback net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() tipc: fix UAF in error path iio: accel: mxc4005: Interrupt handling fixes iio:imu: adis16475: Fix sync mode setting ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU usb: dwc3: core: Prevent phy suspend during init usb: xhci-plat: Don't include xhci.h usb: gadget: f_fs: Fix a race condition when processing setup packets. usb: gadget: composite: fix OS descriptors w_value logic usb: ohci: Prevent missed ohci interrupts usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device usb: typec: ucsi: Fix connector check on init usb: typec: ucsi: Check for notifications after init arm64: dts: qcom: Fix 'interrupt-map' parent address cells firewire: nosy: ensure user_length is taken into account when fetching packet contents btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() net: hns3: use appropriate barrier function after setting a bit value ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net: bridge: fix corrupted ethernet header on multicast-to-unicast kcov: Remove kcov include from sched.h and move it to its users. phonet: fix rtm_phonet_notify() skb allocation hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Use a separate buffer for sending commands rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets xfrm: Preserve vlan tags for transport mode software GRO net:usb:qmi_wwan: support Rolling modules drm/nouveau/dp: Don't probe eDP ports twice harder fs/9p: drop inodes immediately on non-.L too clk: Don't hold prepare_lock when calling kref_put() gpio: crystalcove: Use -ENOTSUPP consistently gpio: wcove: Use -ENOTSUPP consistently 9p: explicitly deny setlease attempts fs/9p: translate O_TRUNC into OTRUNC fs/9p: only translate RWX permissions for plain 9P2000 selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior MIPS: scall: Save thread_info.syscall unconditionally on entry gpu: host1x: Do not setup DMA for virtual devices blk-iocost: avoid out of bounds shift scsi: target: Fix SELinux error when systemd-modules loads the target module btrfs: always clear PERTRANS metadata during commit btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve tools/power turbostat: Fix Bzy_MHz documentation typo tools/power turbostat: Fix added raw MSR output firewire: ohci: mask bus reset interrupts between ISR and bottom half ata: sata_gemini: Check clk_enable() result net: bcmgenet: Reset RBUF on first open ALSA: line6: Zero-initialize message buffers btrfs: return accurate error code on open failure in open_fs_devices() scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload net: mark racy access on sk->sk_rcvbuf wifi: cfg80211: fix rdev_dump_mpp() arguments order wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc gfs2: Fix invalid metadata access in punch_hole scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change net: gro: add flush check in udp_gro_receive_segment tipc: fix a possible memleak in tipc_buf_append net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix multicast-to-unicast with fraglist GSO net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 cxgb4: Properly lock TX queue for the selftest. ASoC: meson: cards: select SND_DYNAMIC_MINORS ASoC: Fix 7/8 spaces indentation in Kconfig net: qede: use return from qede_parse_actions() net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_flow_attr() for flower net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() s390/vdso: Add CFI for RA register to asm macro vdso_func net l2tp: drop flow hash on forward nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). octeontx2-af: avoid off-by-one read from userspace bna: ensure the copied buf is NUL terminated s390/mm: Fix clearing storage keys for huge pages s390/mm: Fix storage key clearing for guest huge pages regulator: mt6360: De-capitalize devicetree regulator subnodes pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() power: rt9455: hide unused rt9455_boost_voltage_values nfs: Handle error of rpc_proc_register() in nfs_net_init(). nfs: make the rpc_stat per net namespace nfs: expose /proc/net/sunrpc/nfs in net namespaces sunrpc: add a struct rpc_stats arg to rpc_create_args pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: core: delete incorrect free in pinctrl_enable() pinctrl/meson: fix typo in PDM's pin name pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T eeprom: at24: fix memory corruption race condition eeprom: at24: Probe for DDR3 thermal sensor in the SPD case eeprom: at24: Use dev_err_probe for nvmem register failure wifi: nl80211: don't free NULL coalescing rule dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" dmaengine: pl330: issue_pending waits until WFP state Linux 5.10.216 riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT is enabled serial: core: fix kernel-doc for uart_port_unlock_irqrestore() udp: preserve the connected status if only UDP cmsg bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up i2c: smbus: fix NULL function pointer dereference riscv: Fix TASK_SIZE on 64-bit NOMMU riscv: fix VMALLOC_START definition dma: xilinx_dpdma: Fix locking idma64: Don't try to serve interrupts when device is powered off dmaengine: owl: fix register access functions tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() tcp: Clean up kernel listener's reqsk in inet_twsk_purge() mtd: diskonchip: work around ubsan link failure stackdepot: respect __GFP_NOLOCKDEP allocation flag net: b44: set pause params only when interface is up ethernet: Add helper for assigning packet type when dest address does not match device address irqchip/gic-v3-its: Prevent double free on error drm/amdgpu: Fix leak when GPU memory allocation fails drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma cpu: Re-enable CPU mitigations by default for !X86 architectures btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() PM / devfreq: Fix buffer overflow in trans_stat_show tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together tracing: Show size of requested perf buffer net/mlx5e: Fix a race in command alloc flow Revert "crypto: api - Disallow identical driver names" serial: mxs-auart: add spinlock around changing cts state serial: core: Provide port lock wrappers af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets iavf: Fix TC config comparison with existing adapter TC config i40e: Report MFS in decimal base instead of hex i40e: Do not use WQ_MEM_RECLAIM flag for workqueue netfilter: nf_tables: honor table dormant flag from netdev release event path mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work mlxsw: spectrum_acl_tcam: Fix incorrect list API usage mlxsw: spectrum_acl_tcam: Fix warning during rehash mlxsw: spectrum_acl_tcam: Fix memory leak during rehash mlxsw: spectrum_acl_tcam: Rate limit error message mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work net: openvswitch: Fix Use-After-Free in ovs_ct_exit ipvs: Fix checksumming on GSO of SCTP packets net: gtp: Fix Use-After-Free in gtp_dellink net: usb: ax88179_178a: stop lying about skb->truesize ipv4: check for NULL idev in ip_route_use_hint() NFC: trf7970a: disable all regulators on removal mlxsw: core: Unregister EMAD trap using FORWARD action vxlan: drop packets from invalid src-address wifi: iwlwifi: mvm: remove old PASN station when adding a new one ARC: [plat-hsdk]: Remove misplaced interrupt-cells property arm64: dts: mediatek: mt2712: fix validation errors arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: mediatek: mt7622: fix clock controllers arm64: dts: mediatek: mt7622: introduce nodes for Wireless Ethernet Dispatch arm64: dts: mediatek: mt7622: add support for coherent DMA arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma arm64: dts: rockchip: fix alphabetical ordering RK3399 puma nilfs2: fix OOB in nilfs_set_de_type nouveau: fix instmem race condition around ptr stores drm/amdgpu: validate the parameters of bo mapping operations more clearly init/main.c: Fix potential static_command_line memory overflow fs: sysfs: Fix reference leak in sysfs_break_active_protection() speakup: Avoid crash on very long word mei: me: disable RPL-S on SPS and IGN firmwares usb: Disable USB3 LPM at shutdown usb: dwc2: host: Fix dereference issue in DDMA completion flow. Revert "usb: cdc-wdm: close race between read and workqueue" USB: serial: option: add Telit FN920C04 rmnet compositions USB: serial: option: add Rolling RW101-GL and RW135-GL support USB: serial: option: support Quectel EM060K sub-models USB: serial: option: add Lonsung U8300/U9300 product USB: serial: option: add support for Fibocom FM650/FG650 USB: serial: option: add Fibocom FM135-GL variants serial/pmac_zilog: Remove flawed mitigation for rx irq flood comedi: vmk80xx: fix incomplete endpoint checking thunderbolt: Fix wake configurations after device unplug thunderbolt: Avoid notify PM core about runtime PM resume binder: check offset alignment in binder_get_object() x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ clk: Get runtime PM before walking tree during disable_unused clk: Initialize struct clk_core kref earlier clk: Print an info line before disabling unused clocks clk: remove extra empty line clk: Mark 'all_lists' as const clk: Remove prepare_lock hold assertion in __clk_release() drm/panel: visionox-rm69299: don't unregister DSI device drm: nv04: Fix out of bounds access RDMA/mlx5: Fix port number for counter query in multi-port configuration RDMA/cm: Print the old state when cm_destroy_id gets timeout RDMA/rxe: Fix the problem "mutex_destroy missing" tun: limit printing rate when illegal packet received by tun dev netfilter: nft_set_pipapo: do not free live element netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" kprobes: Fix possible use-after-free issue on kprobe registration selftests/ftrace: Limit length in subsystem-enable tests riscv: process: Fix kernel gp leakage riscv: Enable per-task stack canaries btrfs: record delayed inode root in transaction irqflags: Explicitly ignore lockdep_hrtimer_exit() argument x86/apic: Force native_apic_mem_read() to use the MOV instruction selftests: timers: Fix abs() warning in posix_timers test x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n vhost: Add smp_rmb() in vhost_vq_avail_empty() drm/client: Fully protect modes[] with dev->mode_config.mutex btrfs: qgroup: correctly model root qgroup rsv in convert mailbox: imx: fix suspend failue iommu/vt-d: Allocate local memory for page request queue net: ena: Fix incorrect descriptor free behavior net: ena: Wrong missing IO completions check order net: ena: Fix potential sign extension issue af_unix: Fix garbage collector racing against connect() af_unix: Do not use atomic ops for unix_sk(sk)->inflight. net/mlx5: Properly link new fs rules into the tree netfilter: complete validation of user input Bluetooth: SCO: Fix not validating setsockopt user input ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr ipv4/route: avoid unused-but-set-variable warning ipv6: fib: hide unused 'pn' variable octeontx2-af: Fix NIX SQ mode and BP config geneve: fix header validation in geneve[6]_xmit_skb xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file net: openvswitch: fix unwanted error log on timeout policy probing nouveau: fix function cast warning media: cec: core: remove length check of Timer Status Bluetooth: Fix memory leak in hci_req_sync_complete() batman-adv: Avoid infinite loop trying to resize local TT Linux 5.10.215 x86/head/64: Re-enable stack protection x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk scsi: sd: Fix wrong zone_write_granularity value during revalidate kbuild: dummy-tools: adjust to stricter stackprotector check VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Bluetooth: btintel: Fixe build regression drm/i915/gt: Reset queue_priority_hint on parking x86/mm/pat: fix VM_PAT handling in COW mappings virtio: reenable config if freezing device failed tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc netfilter: nf_tables: discard table flag update with pending basechain deletion netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: release batch on table validation from abort path fbmon: prevent division by zero in fb_videomode_from_videomode() drivers/nvme: Add quirks for device 126f:2262 fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined usb: typec: tcpci: add generic tcpci fallback compatible tools: iio: replace seekdir() in iio_generic_buffer ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment ktest: force $buildonly = 1 for 'make_warnings_file' test type platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet Input: allocate keycode for Display refresh rate toggle RDMA/cm: add timeout to cm_destroy_id wait block: prevent division by zero in blk_rq_stat_sum() libperf evlist: Avoid out-of-bounds access Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int drm/amd/display: Fix nanosec stat overflow ext4: forbid commit inconsistent quota data when errors=remount-ro ext4: add a hint for block bitmap corrupt state in mb_groups media: sta2x11: fix irq handler cast isofs: handle CDs with bad root inode but good Joliet root directory scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() sysv: don't call sb_bread() with pointers_lock held pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Bluetooth: btintel: Fix null ptr deref in btintel_read_version net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() btrfs: send: handle path ref underflow in header iterate_inode_ref() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() pstore/zone: Add a null pointer check to the psz_kmsg_read ionic: set adminq irq affinity arm64: dts: rockchip: fix rk3399 hdmi ports node arm64: dts: rockchip: fix rk3328 hdmi ports node panic: Flush kernel log buffer at the end VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() wifi: ath9k: fix LNA selection in ath_ant_try_scan() objtool: Add asm version of STACK_FRAME_NON_STANDARD x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word mptcp: don't account accept() of non-MPC client as fallback to TCP x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/bugs: Fix the SRSO mitigation on Zen3/4 riscv: Fix spurious errors from __get/put_kernel_nofault s390/entry: align system call table on 8 bytes x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals driver core: Introduce device_link_wait_removal() ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone ata: sata_mv: Fix PCI device ID table declaration compilation warning scsi: mylex: Fix sysfs buffer lengths ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor net: ravb: Always process TX descriptor ring udp: do not accept non-tunnel GSO skbs landing in a tunnel Revert "usb: phy: generic: Get the vbus supply" scsi: qla2xxx: Update manufacturer detail scsi: qla2xxx: Update manufacturer details i40e: fix vf may be used uninitialized in this function warning i40e: fix i40e_count_filters() to count only active/new filters octeontx2-pf: check negative error code in otx2_open() udp: do not transition UDP GRO fraglist partial checksums to unnecessary ipv6: Fix infinite recursion in fib6_dump_done(). selftests: reuseaddr_conflict: add missing new line at the end of the output erspan: make sure erspan_base_hdr is present in skb->head net: stmmac: fix rx queue priority assignment net/sched: act_skbmod: prevent kernel-infoleak bpf, sockmap: Prevent lock inversion deadlock in map delete elem vboxsf: Avoid an spurious warning if load_nls_xxx() fails netfilter: validate user input for expected length netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: reject new basechain after table flag update block: add check that partition length needs to be aligned with block size x86/srso: Add SRSO mitigation for Hygon processors mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." io_uring: ensure '0' is returned on file registration success vfio/fsl-mc: Block calling interrupt handler without trigger vfio/platform: Create persistent IRQ handlers vfio/pci: Create persistent INTx handler vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Lock external INTx masking ops vfio/pci: Disable auto-enable of exclusive INTx IRQ net/rds: fix possible cp null dereference netfilter: nf_tables: disallow timeout for anonymous sets Bluetooth: Fix TOCTOU in HCI debugfs implementation Bluetooth: hci_event: set the conn encrypted before conn establishes x86/cpufeatures: Add new word for scattered features r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d dm integrity: fix out-of-range warning Octeontx2-af: fix pause frame configuration in GMP mode bpf: Protect against int overflow for stack access size ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() tcp: properly terminate timers for kernel sockets ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet USB: core: Fix deadlock in usb_deauthorize_interface() scsi: lpfc: Correct size for wqe for memset() PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled scsi: qla2xxx: Delay I/O Abort on PCI error scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Split FCE|EFT trace control usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset usb: typec: ucsi: Ack unsupported commands usb: udc: remove warning when queue disabled ep usb: dwc2: gadget: LPM flow fix usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix remote wakeup from hibernation USB: core: Add hub_get() and hub_put() routines staging: vc04_services: fix information leak in create_component() staging: vc04_services: changen strncpy() to strscpy_pad() scsi: core: Fix unremoved procfs host directory regression ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs usb: cdc-wdm: close race between read and workqueue net: ll_temac: platform_get_resource replaced by wrong function mmc: core: Avoid negative index with array access mmc: core: Initialize mmc_blk_ioc_data hexagon: vmlinux.lds.S: handle attributes section exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes init: open /initrd.image with O_LARGEFILE mm/migrate: set swap entry values of THP tail pages properly. mm/memory-failure: fix an incorrect use of tail pages serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO powerpc: xor_vmx: Add '-mhard-float' to CFLAGS efivarfs: Request at most 512 bytes for variable names perf/core: Fix reentry problem in perf_output_read_group() KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests x86/rfds: Mitigate Register File Data Sampling (RFDS) Documentation/hw-vuln: Add documentation for RFDS x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set KVM/VMX: Move VERW closer to VMentry for MDS mitigation KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key x86/entry_32: Add VERW just before userspace transition x86/entry_64: Add VERW just before userspace transition x86/bugs: Add asm helpers for executing VERW x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix btrfs: allocate btrfs_ioctl_defrag_range_args on stack printk: Update @console_may_schedule in console_trylock_spinning() xen/events: close evtchn after mapping cleanup tee: optee: Fix kernel panic caused by incorrect error handling fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion vt: fix unicode buffer corruption when deleting characters mei: me: add arrow lake point H DID mei: me: add arrow lake point S DID tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled usb: port: Don't try to peer unused USB ports based on location usb: gadget: ncm: Fix handling of zero block length packets USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" comedi: comedi_test: Prevent timers rescheduling during deletion scripts: kernel-doc: Fix syntax error due to undeclared args variable x86/pm: Work around false positive kmemleak report in msr_build_context() x86/stackprotector/32: Make the canary into a regular percpu variable vxge: remove unnecessary cast in kfree() dm snapshot: fix lockup in dm_exception_table_exit drm/amd/display: Fix noise issue on HDMI AV mute drm/amd/display: Return the correct HDCP error code ahci: asm1064: asm1166: don't limit reported ports ahci: asm1064: correct count of reported ports wireguard: netlink: access device through ctx instead of peer wireguard: netlink: check for dangling peer via is_dead instead of empty list net: hns3: tracing: fix hclgevf trace event strings x86/CPU/AMD: Update the Zenbleed microcode revisions cpufreq: dt: always allocate zeroed cpumask nilfs2: prevent kernel bug at submit_bh_wbc() nilfs2: fix failure to detect DAT corruption in btree and direct mappings memtest: use {READ,WRITE}_ONCE in memory scanning drm/vc4: hdmi: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/exynos: do not return negative values from .get_modes() drm/panel: do not return negative error codes from drm_panel_get_modes() s390/zcrypt: fix reference counting on zcrypt card objects soc: fsl: qbman: Use raw spinlock for cgr_lock soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Always disable interrupts when taking cgr_lock ring-buffer: Fix full_waiters_pending in poll ring-buffer: Fix resetting of shortest_full ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix waking up ring buffer readers vfio/platform: Disable virqfds on cleanup PCI: dwc: endpoint: Fix advertised resizable BAR size kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 nfs: fix UAF in direct writes PCI/AER: Block runtime suspend when handling errors PCI/ERR: Clear AER status only when we control AER speakup: Fix 8bit characters from direct synth usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic usb: gadget: tegra-xudc: Use dev_err_probe() phy: tegra: xusb: Add API to retrieve the port number of phy slimbus: core: Remove usage of the deprecated ida_simple_xx() API nvmem: meson-efuse: fix function pointer type mismatch ext4: fix corruption during on-line resize hwmon: (amc6821) add of_match table drm/etnaviv: Restore some id values mmc: core: Fix switch on gp3 partition mm: swap: fix race between free_swap_and_cache() and swapoff() mac802154: fix llsec key resources release in mac802154_llsec_key_del dm-raid: fix lockdep waring in "pers->hot_add_disk" Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI: Work around Intel I210 ROM BAR overlap defect PCI: Cache PCIe Device Capabilities register PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() PCI/PM: Drain runtime-idle callbacks before driver removal PCI: Drop pci_device_remove() test of pci_dev->driver btrfs: fix off-by-one chunk length calculation at contains_pending_extent() serial: Lock console when calling into driver before registration printk/console: Split out code that enables default console usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros fuse: don't unhash root fuse: fix root lookup with nonzero generation mmc: tmio: avoid concurrent runs of mmc_request_done() PM: sleep: wakeirq: fix wake irq warning in system suspend USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: add device ID for VeriFone adapter USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB powerpc/fsl: Fix mfpmr build errors with newer binutils clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays PM: suspend: Set mem_sleep_current during kernel command line setup parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix ip_fast_csum parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros mtd: rawnand: meson: fix scrambling mode value in command macro ubi: correct the calculation of fastmap size ubi: Check for too small LEB size in VTBL code ubifs: Set page uptodate in the correct place fat: fix uninitialized field in nostale filehandles bounds: support non-power-of-two CONFIG_NR_CPUS block: Clear zone limits for a non-zoned stacked queue block: introduce zone_write_granularity limit ext4: correct best extent lstart adjustment logic selftests/mqueue: Set timeout to 180 seconds crypto: qat - resolve race condition during AER recovery crypto: qat - fix double free during reset sparc: vDSO: fix return value of __setup handler sparc64: NMI watchdog: fix return value of __setup handler KVM: Always flush async #PF workqueue when vCPU is being destroyed media: xc4000: Fix atomicity violation in xc4000_get_frequency serial: max310x: fix NULL pointer dereference in I2C instantiation drm/vmwgfx: Fix possible null pointer derefence with invalid contexts drm/vmwgfx: Fix some static checker warnings drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret' drm/vmwgfx: switch over to the new pin interface v2 drm/vmwgfx: stop using ttm_bo_create v2 arm: dts: marvell: Fix maxium->maxim typo in brownstone dts smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd media: staging: ipu3-imgu: Set fields before media_entity_pads_init() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach timers: Rename del_timer_sync() to timer_delete_sync() timers: Use del_timer_sync() even on UP timers: Update kernel-doc for various functions x86/bugs: Use sysfs_emit() x86/cpu: Support AMD Automatic IBRS Documentation/hw-vuln: Update spectre doc amdkfd: use calloc instead of kzalloc to avoid integer overflow Change-Id: I7279a2f07527db00e298b47f8f8f44c457fa2ef6 |
||
Jens Reidel
|
3d6f8a6ec1
|
Merge tag 'ASB-2024-07-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-07-01 CVE-2024-26923 * tag 'ASB-2024-07-05_12-5.10' of https://android.googlesource.com/kernel/common: FROMLIST: binder_alloc: Replace kcalloc with kvcalloc to mitigate OOM issues ANDROID: fix kernelci build breaks due to hid/uhid cyclic dependency UPSTREAM: af_unix: Fix garbage collector racing against connect() ANDROID: uid_sys_stats: Use llist for deferred work ANDROID: uid_sys_stats: Use a single work for deferred updates ANDROID: GKI: Add new ABI symbol list ANDROID: 16K: Only check basename of linker context UPSTREAM: af_unix: Do not use atomic ops for unix_sk(sk)->inflight. ANDROID: cpufreq: brcmstb-avs-cpufreq: fix build error Revert "remoteproc: Add new get_loaded_rsc_table() to rproc_ops" Revert "remoteproc: stm32: Move resource table setup to rproc_ops" Revert "remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef" Revert "remoteproc: stm32: fix phys_addr_t format string" Revert "remoteproc: stm32: use correct format strings on 64-bit" Revert "remoteproc: stm32: Fix incorrect type in assignment for va" Revert "block: add a new set_read_only method" Revert "md: implement ->set_read_only to hook into BLKROSET processing" Revert "md: Don't clear MD_CLOSING when the raid is about to stop" Revert "bpf: Defer the free of inner map when necessary" Revert "net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()" Revert "regmap: allow to define reg_update_bits for no bus configuration" Revert "regmap: Add bulk read/write callbacks into regmap_config" Revert "serial: max310x: make accessing revision id interface-agnostic" Revert "serial: max310x: implement I2C support" Revert "serial: max310x: fix IO data corruption in batched operations" Revert "geneve: make sure to pull inner header in geneve_rx()" Revert "mptcp: fix lockless access in subflow ULP diag" Revert "net: dev: Convert sa_data to flexible array in struct sockaddr" Revert "arp: Prevent overflow in arp_req_get()." Revert "usb: roles: fix NULL pointer issue when put module's reference" Revert "usb: roles: don't get/set_role() when usb_role_switch is unregistered" Linux 5.10.214 remoteproc: stm32: fix phys_addr_t format string regmap: Add missing map->bus check spi: spi-mt65xx: Fix NULL pointer access in interrupt handler bpf: report RCU QS in cpumap kthread rcu: add a helper to report consolidated flavor QS netfilter: nf_tables: do not compare internal table flags on updates ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 scsi: fc: Update formal FPIN descriptor definitions netfilter: nft_set_pipapo: release elements in clone only from destroy path octeontx2-af: Use separate handlers for interrupts net/bnx2x: Prevent access to a freed page in page_pool hsr: Handle failures in module init rds: introduce acquire/release ordering in acquire/release_in_xmit() wireguard: receive: annotate data-race around receiving_counter.counter net: dsa: mt7530: prevent possible incorrect XTAL frequency selection packet: annotate data-races around ignore_outgoing hsr: Fix uninit-value access in hsr_get_node() soc: fsl: dpio: fix kcalloc() argument order s390/vtime: fix average steal time calculation octeontx2-af: Use matching wake_up API variant in CGX command interface io_uring: don't save/restore iowait state usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin staging: greybus: fix get_channel_from_mode() failure path serial: 8250_exar: Don't remove GPIO device on suspend rtc: mt6397: select IRQ_DOMAIN instead of depending on it kconfig: fix infinite loop when expanding a macro at the end of file tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT serial: max310x: fix syntax error in IRQ error message tty: vt: fix 20 vs 0x20 typo in EScsiignore remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: use correct format strings on 64-bit remoteproc: stm32: Move resource table setup to rproc_ops remoteproc: Add new get_loaded_rsc_table() to rproc_ops remoteproc: stm32: Constify st_rproc_ops afs: Revert "afs: Hide silly-rename files from userspace" NFS: Fix an off by one in root_nfs_cat() watchdog: stm32_iwdg: initialize default timeout NFSv4.2: fix listxattr maximum XDR buffer size NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn RDMA/device: Fix a race between mad_client and cm_client init scsi: csiostor: Avoid function pointer casts f2fs: compress: fix to check unreleased compressed cluster RDMA/srpt: Do not register event handler until srpt device is fully setup ALSA: usb-audio: Stop parsing channels bits when all channels are found. ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops clk: Fix clk_core_get NULL dereference sparc32: Fix section mismatch in leon_pci_grpci backlight: lp8788: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3630a: Don't set bl->props.brightness in get_brightness backlight: lm3630a: Initialize backlight_properties on init leds: sgm3140: Add missing timer cleanup and flash gpio control leds: aw2013: Unlock mutex before destroying it powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. drm/msm/dpu: add division of drm_display_mode's hskew parameter powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip media: mediatek: vcodec: avoid -Wcast-function-type-strict warning media: ttpci: fix two memleaks in budget_av_attach media: go7007: fix a memleak in go7007_load_encoder media: dvb-frontends: avoid stack overflow warnings with clang media: pvrusb2: fix uaf in pvr2_context_set_notify drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() ASoC: meson: axg-tdm-interface: add frame rate constraint ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs mtd: rawnand: lpc32xx_mlc: fix irq handler prototype mtd: maps: physmap-core: fix flash size larger than 32-bit drm/tidss: Fix initial plane zpos values crypto: arm/sha - fix function cast warnings mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref drm/tegra: put drm_gem_object ref on error in tegra_fb_create clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() PCI: Mark 3ware-9650SE Root Port Extended Tags as broken drm/mediatek: dsi: Fix DSI RGB666 formats and definitions clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times media: pvrusb2: fix pvr2_stream_callback casts media: pvrusb2: remove redundant NULL check media: go7007: add check of return value of go7007_read_addr() media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak media: sun8i-di: Fix chroma difference threshold media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix coefficient writes ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: Use dev_err_probe() helper perf stat: Avoid metric-only segv ALSA: seq: fix function cast warnings drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() crypto: xilinx - call finalize with bh disabled PCI: switchtec: Fix an error handling path in switchtec_pci_probe() quota: Fix rcu annotations of inode dquot pointers quota: Fix potential NULL pointer dereference quota: simplify drop_dquot_ref() clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: reset: Commonize the de/assert functions pinctrl: mediatek: Drop bogus slew rate register range for MT8192 media: edia: dvbdev: fix a use-after-free media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: v4l2-tpg: fix some memleaks in tpg_alloc media: em28xx: annotate unchecked call to media_device_register() perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd perf record: Fix possible incorrect free in record__switch_output() PCI/DPC: Print all TLP Prefixes, not just the first media: tc358743: register v4l2 async device only after successful setup dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA drm/lima: fix a memleak in lima_heap_alloc drm/rockchip: lvds: do not print scary message when probing defer drm/rockchip: lvds: do not overwrite error code drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/rockchip: inno_hdmi: Fix video timing drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Make use of the helper function dev_err_probe() drm/tegra: dsi: Add missing check for of_find_device_by_node dm: call the resume method on internal suspend dm raid: fix false positive for requeue needed during reshape nfp: flower: handle acti_netdevs allocation failure net/x25: fix incorrect parameter validation in the x25_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument net/ipv4/ipv6: Replace one-element arraya with flexible-array members net/ipv4: Revert use of struct_size() helper net/ipv4: Replace one-element array with flexible-array member tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function OPP: debugfs: Fix warning around icc_get_name() net: phy: dp83822: Fix RGMII TX delay configuration net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii net: hns3: fix port duplex configure error in IMP reset net: phy: fix phy_get_internal_delay accessing an empty array net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() ipv6: fib6_rules: flush route cache when rule is changed bpf: Fix stackmap overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Eliminate rlimit-based memory accounting for devmap maps sr9800: Add check for usbnet_get_endpoints Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: Remove superfluous call to hci_conn_check_pending() igb: Fix missing time sync events igb: move PEROUT and EXTTS isr logic to separate functions iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected PCI: Make pci_dev_is_disconnected() helper public for other drivers wifi: rtw88: 8821c: Fix false alarm count mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function SUNRPC: fix some memleaks in gssx_dec_option_array x86, relocs: Ignore relocations in .notes section ACPI: scan: Fix device check notification handling arm64: dts: marvell: reorder crypto interrupts on Armada SoCs ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move phy reset into switch node ARM: dts: arm: realview: Fix development chip ROM compatible value net: ena: Remove ena_select_queue wifi: brcmsmac: avoid function pointer casts iommu/amd: Mark interrupt as managed bus: tegra-aconnect: Update dependency to ARCH_TEGRA ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wireless: Remove redundant 'flush_workqueue()' calls bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly bpf: Factor out bpf_spin_lock into helpers. arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() net: blackhole_dev: fix build warning for ethh set but not used wifi: iwlwifi: fix EWRD table validity check wifi: iwlwifi: dbg-tlv: ensure NUL termination wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). bpftool: Silence build warning about calloc() inet_diag: annotate data-races around inet_diag_table[] sock_diag: annotate data-races around sock_diag_handlers[family] cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() wifi: wilc1000: fix multi-vif management when deleting a vif wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: fix declarations ordering wifi: b43: Disable QoS for bcm4331 wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() timekeeping: Fix cross-timestamp interpolation for non-x86 timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation on counter wrap aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts md: Don't clear MD_CLOSING when the raid is about to stop md: implement ->set_read_only to hook into BLKROSET processing block: add a new set_read_only method fs/select: rework stack allocation hack for clang nbd: null check for nla_nest_start do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak x86/paravirt: Fix build due to __text_gen_insn() backport ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC Input: gpio_keys_polled - suppress deferred probe error for gpio ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet firewire: core: use long bus reset on gap count error Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security scsi: mpt3sas: Prevent sending diag_reset when the controller is ready dm-verity, dm-crypt: align "struct bvec_iter" correctly block: sed-opal: handle empty atoms when parsing response parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check net/iucv: fix the allocation size of iucv_path_table array x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h RDMA/mlx5: Relax DEVX access upon modify commands RDMA/mlx5: Fix fortify source warning while accessing Eth segment gen_compile_commands: fix invalid escape sequence warning HID: multitouch: Add required quirk for Synaptics 0xcddc device MIPS: Clear Cause.BD in instruction_pointer_set x86/xen: Add some null pointer checking to smp.c ASoC: rt5645: Make LattePanda board DMI match more precise selftests: tls: use exact comparison in recv_partial bpf: Defer the free of inner map when necessary rcu-tasks: Provide rcu_trace_implies_rcu_gp() io_uring: drop any code related to SCM_RIGHTS io_uring/unix: drop usage of io_uring socket Linux 5.10.213 serial: max310x: fix IO data corruption in batched operations serial: max310x: implement I2C support serial: max310x: make accessing revision id interface-agnostic regmap: Add bulk read/write callbacks into regmap_config regmap: allow to define reg_update_bits for no bus configuration Drivers: hv: vmbus: Drop error message when 'No request id available' serial: max310x: Unprepare and disable clock in error path getrusage: use sig->stats_lock rather than lock_task_sighand() getrusage: use __for_each_thread() getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: add the "signal_struct *sig" local variable mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE mm/hugetlb: change hugetlb_reserve_pages() to type bool hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed hv_netvsc: use netif_is_bond_master() instead of open code hv_netvsc: Make netvsc/VF binding check both MAC and serial number hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove hv_netvsc: Wait for completion on request SWITCH_DATA_PATH hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening ext4: convert to exclusive lock while inserting delalloc extents ext4: refactor ext4_da_map_blocks() ext4: make ext4_es_insert_extent() return void lsm: fix default return value of the socket_getpeersec_*() hooks lsm: make security_socket_getpeersec_stream() sockptr_t safe bpf: net: Change sk_getsockopt() to take the sockptr_t argument net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr serial: max310x: prevent infinite while() loop in port startup serial: max310x: use a separate regmap for each port serial: max310x: use regmap methods for SPI batch operations serial: max310x: Make use of device properties serial: max310x: fail probe if clock crystal is unstable serial: max310x: Try to get crystal clock rate from property serial: max310x: Use devm_clk_get_optional() to get the input clock xhci: handle isoc Babble and Buffer Overrun events properly xhci: process isoc TD properly when there was a transaction error mid TD. xhci: prevent double-fetch of transfer and transfer event TRBs xhci: remove extra loop in interrupt context um: allow not setting extra rpaths in the linux binary selftests: mm: fix map_hugetlb failure on 64K page size systems selftests/mm: switch to bash from sh netrom: Fix data-races around sysctl_net_busy_read netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix a data-race around sysctl_netrom_default_path_quality netfilter: nf_conntrack_h323: Add protection for bmp length out of range netfilter: nft_ct: fix l3num expectations with inet pseudo family net/rds: fix WARNING in rds_conn_connect_if_down cpumap: Zero-initialise xdp_rxq_info struct before running XDP program net/ipv6: avoid possible UAF in ip6_route_mpath_notify() net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() geneve: make sure to pull inner header in geneve_rx() tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string i40e: disable NAPI right after disabling irqs when handling xsk_pool ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able net: lan78xx: fix runtime PM count underflow on link stop lan78xx: Fix race conditions in suspend/resume handling lan78xx: Fix partial packet errors on suspend/resume lan78xx: Add missing return code checks lan78xx: Fix white space and style issues mmc: mmci: stm32: fix DMA API overlapping mappings warning mmc: mmci: stm32: use a buffer for unaligned DMA requests Linux 5.10.212 mptcp: fix double-free on socket dismantle mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG gpio: fix resource unwinding order in error path gpiolib: Fix the error path order in gpiochip_add_data_with_key() gpio: 74x164: Enable output pins after registers are reset fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super cachefiles: fix memory leak in cachefiles_add_cache() ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() mptcp: fix possible deadlock in subflow diag x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation mmc: sdhci-xenon: fix PHY init clock stability mmc: sdhci-xenon: add timeout for PHY init complete mmc: core: Fix eMMC initialization with 1-bit bus connection dmaengine: fsl-qdma: init irq after reg initialization dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read btrfs: dev-replace: properly validate device names wifi: nl80211: reject iftype change with mesh ID change gtp: fix use-after-free and null-ptr-deref in gtp_newlink() tomoyo: fix UAF write bug in tomoyo_write_control() riscv: Sparse-Memory/vmemmap out-of-bounds fix afs: Fix endless loop in directory parsing ALSA: Drop leftover snd-rtctimer stuff from Makefile power: supply: bq27xxx-i2c: Do not free non existing IRQ efi/capsule-loader: fix incorrect allocation size rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Bluetooth: Enforce validation on max value of connection interval Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR Bluetooth: Avoid potential use-after-free in hci_error_reset net: usb: dm9601: fix wrong return value in dm9601_mdio_read lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() tun: Fix xdp_rxq_info's queue_index when detaching net: ip_tunnel: prevent perpetual headroom growth netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter mtd: spinand: gigadevice: Fix the get ecc status issue mtd: spinand: gigadevice: Support GD5F1GQ5UExxG crypto: virtio/akcipher - Fix stack overflow on memcpy platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names Linux 5.10.211 ext4: regenerate buddy after block freeing failed if under fc replay arp: Prevent overflow in arp_req_get(). fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio block: ataflop: more blk-mq refactoring fixes drm/amd/display: Fix memory leak in dm_sw_fini() drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 netfilter: nf_tables: set dormant flag on hook register failure tls: stop recv() if initial process_rx_list gave us non-DATA tls: rx: drop pointless else after goto tls: rx: jump to a more appropriate label s390: use the correct count for __iowrite64_copy() net: dev: Convert sa_data to flexible array in struct sockaddr packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref afs: Increase buffer size in afs_update_volume_status() ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin bpf, scripts: Correct GPL license name RDMA/srpt: fix function pointer cast warnings arm64: dts: rockchip: set num-cs property for spi on px30 RDMA/qedr: Fix qedr_create_user_qp error flow RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/bnxt_re: Return error for SRQ resize IB/hfi1: Fix a memleak in init_credit_return mptcp: fix lockless access in subflow ULP diag usb: roles: don't get/set_role() when usb_role_switch is unregistered usb: roles: fix NULL pointer issue when put module's reference usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs usb: cdns3: fix memory double free when handle zero packet usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() x86/alternative: Make custom return thunk unconditional Revert "x86/alternative: Make custom return thunk unconditional" x86/returnthunk: Allow different return thunks x86/ftrace: Use alternative RET encoding x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR Revert "x86/ftrace: Use alternative RET encoding" ARM: ep93xx: Add terminator to gpiod_lookup_table l2tp: pass correct message length to ip6_append_data PCI/MSI: Prevent MSI hardware interrupt number truncation gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler dm-crypt: don't modify the data when using authenticated encryption s390/cio: fix invalid -EBUSY on ccw_device_start IB/hfi1: Fix sdma.h tx->num_descs off-by-one error erofs: fix lz4 inplace decompression x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint jbd2: recheck chechpointing non-dirty buffer jbd2: remove redundant buffer io error checks iwlwifi: mvm: write queue_sync_state only for sync iwlwifi: mvm: do more useful queue sync accounting platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC lan743x: fix for potential NULL pointer dereference with bare card btrfs: do not pin logs too early during renames btrfs: unify lookup return value when dir entry is missing btrfs: introduce btrfs_lookup_match_dir btrfs: tree-checker: check for overlapping extent items task_stack, x86/cea: Force-inline stack helpers ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use ASoC: Intel: boards: get codec device with ACPI instead of bus search ASoC: Intel: boards: harden codec property handling mtd: spinand: macronix: Add support for MX35LFxGE4AD cifs: add a warning when the in-flight count goes negative powerpc/watchpoints: Annotate atomic context in more places powerpc/watchpoint: Workaround P10 DD1 issue with VSX-32 byte instructions block: ataflop: fix breakage introduced at blk-mq refactoring seccomp: Invalidate seccomp mode to catch death failures x86/uaccess: Implement macros for CMPXCHG on user addresses hsr: Avoid double remove of a node. hvc/xen: prevent concurrent accesses to the shared ring media: av7110: prevent underflow in write_ts_to_decoder() ASoC: fsl_micfil: register platform component before registering cpu dai ARM: dts: imx: Set default tuning step for imx6sx usdhc irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable ARM: dts: BCM53573: Drop nonexistent "default-off" LED trigger pmdomain: renesas: r8a77980-sysc: CR7 must be always on virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error scsi: lpfc: Use unsigned type for num_sge hwmon: (coretemp) Enlarge per package core count limit efi: Don't add memblocks for soft-reserved memory efi: runtime: Fix potential overflow of soft-reserved region size Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table ext4: correct the hole length returned by ext4_map_blocks() nvmet-fc: abort command when there is no binding nvmet-fc: release reference on target port nvmet-fcloop: swap the list_add_tail arguments nvme-fc: do not wait in vain when unloading module netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new spi: sh-msiof: avoid integer overflow in constants ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 nvmet-tcp: fix nvme tcp ida memory leak regulator: pwm-regulator: Add validity checks in continuous .get_voltage dmaengine: ti: edma: Add some null pointer checks to the edma_probe ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers ahci: asm1166: correct count of reported ports spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected fbdev: sis: Error out if pixclock equals zero fbdev: savage: Error out if pixclock equals zero wifi: mac80211: fix race condition on enabling fast-xmit wifi: cfg80211: fix missing interfaces when dumping dmaengine: fsl-qdma: increase size of 'irq_name' dmaengine: shdma: increase size of 'dev_id' scsi: target: core: Add TMF to tmr_list handling sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: Fix sysctl_sched_rr_timeslice intial value zonefs: Improve error handling userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset smb: client: fix parsing of SMB3.1.1 POSIX create context smb: client: fix potential OOBs in smb2_parse_contexts() smb: client: fix OOB in receive_encrypted_standard() net/sched: Retire dsmark qdisc net/sched: Retire ATM qdisc net/sched: Retire CBQ qdisc Change-Id: I27b365859804c2c84cb821e94fb84a971429c6d0 |
||
|
Greg Kroah-Hartman
|
b7647fb740 |
Merge branch 'android12-5.10' into branch 'android12-5.10-lts'
Do a backmerge to catch the android12-5.10-lts branch up with recent changes done in android12-5.10. Included in here are the following commits: * |
||
Jaegeuk Kim
|
e0ab5345d6 |
UPSTREAM: f2fs: avoid false alarm of circular locking
====================================================== WARNING: possible circular locking dependency detected 6.5.0-rc5-syzkaller-00353-gae545c3283dc #0 Not tainted ------------------------------------------------------ syz-executor273/5027 is trying to acquire lock: ffff888077fe1fb0 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2133 [inline] ffff888077fe1fb0 (&fi->i_sem){+.+.}-{3:3}, at: f2fs_add_inline_entry+0x300/0x6f0 fs/f2fs/inline.c:644 but task is already holding lock: ffff888077fe07c8 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_down_read fs/f2fs/f2fs.h:2108 [inline] ffff888077fe07c8 (&fi->i_xattr_sem){.+.+}-{3:3}, at: f2fs_add_dentry+0x92/0x230 fs/f2fs/dir.c:783 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&fi->i_xattr_sem){.+.+}-{3:3}: down_read+0x9c/0x470 kernel/locking/rwsem.c:1520 f2fs_down_read fs/f2fs/f2fs.h:2108 [inline] f2fs_getxattr+0xb1e/0x12c0 fs/f2fs/xattr.c:532 __f2fs_get_acl+0x5a/0x900 fs/f2fs/acl.c:179 f2fs_acl_create fs/f2fs/acl.c:377 [inline] f2fs_init_acl+0x15c/0xb30 fs/f2fs/acl.c:420 f2fs_init_inode_metadata+0x159/0x1290 fs/f2fs/dir.c:558 f2fs_add_regular_entry+0x79e/0xb90 fs/f2fs/dir.c:740 f2fs_add_dentry+0x1de/0x230 fs/f2fs/dir.c:788 f2fs_do_add_link+0x190/0x280 fs/f2fs/dir.c:827 f2fs_add_link fs/f2fs/f2fs.h:3554 [inline] f2fs_mkdir+0x377/0x620 fs/f2fs/namei.c:781 vfs_mkdir+0x532/0x7e0 fs/namei.c:4117 do_mkdirat+0x2a9/0x330 fs/namei.c:4140 __do_sys_mkdir fs/namei.c:4160 [inline] __se_sys_mkdir fs/namei.c:4158 [inline] __x64_sys_mkdir+0xf2/0x140 fs/namei.c:4158 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #0 (&fi->i_sem){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3142 [inline] check_prevs_add kernel/locking/lockdep.c:3261 [inline] validate_chain kernel/locking/lockdep.c:3876 [inline] __lock_acquire+0x2e3d/0x5de0 kernel/locking/lockdep.c:5144 lock_acquire kernel/locking/lockdep.c:5761 [inline] lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5726 down_write+0x93/0x200 kernel/locking/rwsem.c:1573 f2fs_down_write fs/f2fs/f2fs.h:2133 [inline] f2fs_add_inline_entry+0x300/0x6f0 fs/f2fs/inline.c:644 f2fs_add_dentry+0xa6/0x230 fs/f2fs/dir.c:784 f2fs_do_add_link+0x190/0x280 fs/f2fs/dir.c:827 f2fs_add_link fs/f2fs/f2fs.h:3554 [inline] f2fs_mkdir+0x377/0x620 fs/f2fs/namei.c:781 vfs_mkdir+0x532/0x7e0 fs/namei.c:4117 ovl_do_mkdir fs/overlayfs/overlayfs.h:196 [inline] ovl_mkdir_real+0xb5/0x370 fs/overlayfs/dir.c:146 ovl_workdir_create+0x3de/0x820 fs/overlayfs/super.c:309 ovl_make_workdir fs/overlayfs/super.c:711 [inline] ovl_get_workdir fs/overlayfs/super.c:864 [inline] ovl_fill_super+0xdab/0x6180 fs/overlayfs/super.c:1400 vfs_get_super+0xf9/0x290 fs/super.c:1152 vfs_get_tree+0x88/0x350 fs/super.c:1519 do_new_mount fs/namespace.c:3335 [inline] path_mount+0x1492/0x1ed0 fs/namespace.c:3662 do_mount fs/namespace.c:3675 [inline] __do_sys_mount fs/namespace.c:3884 [inline] __se_sys_mount fs/namespace.c:3861 [inline] __x64_sys_mount+0x293/0x310 fs/namespace.c:3861 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- rlock(&fi->i_xattr_sem); lock(&fi->i_sem); lock(&fi->i_xattr_sem); lock(&fi->i_sem); Bug: 349265158 Change-Id: I4d9a7107b45eb81ea4d9b0cdc65333ec0aeb26b1 Cc: <stable@vger.kernel.org> Reported-and-tested-by: syzbot+e5600587fa9cbf8e3826@syzkaller.appspotmail.com Fixes: 5eda1ad1aaff "f2fs: fix deadlock in i_xattr_sem and inode page lock" Tested-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sayali Lokhande <quic_sayalil@quicinc.com> (cherry picked from commit 5c13e2388bf3426fd69a89eb46e50469e9624e56) |
||
|
Jaegeuk Kim
|
758dd4cd50 |
UPSTREAM: f2fs: fix deadlock in i_xattr_sem and inode page lock
Thread #1:
[122554.641906][ T92] f2fs_getxattr+0xd4/0x5fc
-> waiting for f2fs_down_read(&F2FS_I(inode)->i_xattr_sem);
[122554.641927][ T92] __f2fs_get_acl+0x50/0x284
[122554.641948][ T92] f2fs_init_acl+0x84/0x54c
[122554.641969][ T92] f2fs_init_inode_metadata+0x460/0x5f0
[122554.641990][ T92] f2fs_add_inline_entry+0x11c/0x350
-> Locked dir->inode_page by f2fs_get_node_page()
[122554.642009][ T92] f2fs_do_add_link+0x100/0x1e4
[122554.642025][ T92] f2fs_create+0xf4/0x22c
[122554.642047][ T92] vfs_create+0x130/0x1f4
Thread #2:
[123996.386358][ T92] __get_node_page+0x8c/0x504
-> waiting for dir->inode_page lock
[123996.386383][ T92] read_all_xattrs+0x11c/0x1f4
[123996.386405][ T92] __f2fs_setxattr+0xcc/0x528
[123996.386424][ T92] f2fs_setxattr+0x158/0x1f4
-> f2fs_down_write(&F2FS_I(inode)->i_xattr_sem);
[123996.386443][ T92] __f2fs_set_acl+0x328/0x430
[123996.386618][ T92] f2fs_set_acl+0x38/0x50
[123996.386642][ T92] posix_acl_chmod+0xc8/0x1c8
[123996.386669][ T92] f2fs_setattr+0x5e0/0x6bc
[123996.386689][ T92] notify_change+0x4d8/0x580
[123996.386717][ T92] chmod_common+0xd8/0x184
[123996.386748][ T92] do_fchmodat+0x60/0x124
[123996.386766][ T92] __arm64_sys_fchmodat+0x28/0x3c
Bug: 349265158
Change-Id: Idea03a410190499375e0dbdc848cdb20cd9a0cab
Cc: <stable@vger.kernel.org>
Fixes:
|
||
|
Greg Kroah-Hartman
|
2ebd481b31 |
Merge 5.10.221 into android12-5.10-lts
Changes in 5.10.221 tracing/selftests: Fix kprobe event name test for .isra. functions null_blk: Print correct max open zones limit in null_init_zoned_dev() wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: pmsr: use correct nla_get_uX functions wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef wifi: iwlwifi: mvm: check n_ssids before accessing the ssids wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: mac80211: correctly parse Spatial Reuse Parameter Set element net/ncsi: add NCSI Intel OEM command to keep PHY up net/ncsi: Simplify Kconfig/dts control flow net/ncsi: Fix the multi thread manner of NCSI driver ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net: sched: sch_multiq: fix possible OOB write in multiq_tune() vxlan: Fix regression when dropping packets due to invalid src addresses tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ptp: Fix error message on failed pin verification af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: fix possible race in __fib6_drop_pcpu_from() usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete drm/amd/display: Handle Y carry-over in VCP X.Y calculation serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler mmc: davinci: Don't strip remove function when driver is builtin selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: conform test to TAP format output selftests/mm: compaction_test: fix bogus test success on Aarch64 btrfs: fix leak of qgroup extent records after transaction abort nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages mei: me: release irq in mei_me_pci_resume error path jfs: xattr: fix buffer overflow for invalid xattr xhci: Set correct transferred length for cancelled bulk transfers xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory powerpc/uaccess: Fix build errors seen with GCC 13/14 Input: try trimming too long modalias strings SUNRPC: return proper error from gss_wrap_req_priv gpio: tqmx86: fix typo in Kconfig label HID: core: remove unnecessary WARN_ON() in implement() gpio: tqmx86: store IRQ trigger type and unmask status separately iommu/amd: Introduce pci segment structure iommu/amd: Fix sysfs leak in iommu init iommu: Return right value in iommu_sva_bind_device() HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() drm/vmwgfx: 3D disabled should not effect STDU memory limits net: sfp: Always call `sfp_sm_mod_remove()` on remove net: hns3: add cond_resched() to hns3 ring buffer init process liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet drm/komeda: check for error-valued pointer drm/bridge/panel: Fix runtime warning on panel bridge release tcp: fix race in tcp_v6_syn_recv_sock() net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters net/ipv6: Fix the RT cache flush via sysctl using a previous delay ionic: fix use after netif_napi_del() iio: adc: ad9467: fix scan type sign iio: dac: ad5592r: fix temperature channel scaling value iio: imu: inv_icm42600: delete unneeded update watermark call drivers: core: synchronize really_probe() and dev_uevent() drm/exynos/vidi: fix memory leak in .get_modes() drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found vmci: prevent speculation leaks by sanitizing event in event_deliver() fs/proc: fix softlockup in __read_vmcore ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id dmaengine: axi-dmac: fix possible race in remove() remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support nilfs2: fix potential kernel bug due to lack of writeback flag waiting tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level hugetlb_encode.h: fix undefined behaviour (34 << 26) mptcp: ensure snd_una is properly initialized on connect mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect remoteproc: k3-r5: Jump to error handling labels in start/stop errors greybus: Fix use-after-free bug in gb_interface_release due to race condition. usb-storage: alauda: Check whether the media is initialized i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING padata: Disable BH when taking works lock on MT path rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment rcutorture: Fix invalid context warning when enable srcu barrier testing block/ioctl: prefer different overflow check selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh selftests/bpf: Fix flaky test btf_map_in_map/lookup_update batman-adv: bypass empty buckets in batadv_purge_orig_ref() wifi: ath9k: work around memset overflow warning af_packet: avoid a false positive warning in packet_setsockopt() drop_monitor: replace spin_lock by raw_spin_lock scsi: qedi: Fix crash while reading debugfs attribute kselftest: arm64: Add a null pointer check netpoll: Fix race condition in netpoll_owner_active HID: Add quirk for Logitech Casa touchpad ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl drm/amd/display: Exit idle optimizations before HDCP execution ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 drm/lima: add mask irq callback to gp and pp drm/lima: mask irqs in timeout path before hard reset powerpc/pseries: Enforce hcall result buffer validity and size powerpc/io: Avoid clang null pointer arithmetic warnings power: supply: cros_usbpd: provide ID table for avoiding fallback match iommu/arm-smmu-v3: Free MSIs in case of ENOMEM f2fs: remove clear SB_INLINECRYPT flag in default_options usb: misc: uss720: check for incompatible versions of the Belkin F5U002 udf: udftime: prevent overflow in udf_disk_stamp_to_time() PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports MIPS: Octeon: Add PCIe link status check serial: exar: adding missing CTI and Exar PCI ids MIPS: Routerboard 532: Fix vendor retry check code mips: bmips: BCM6358: make sure CBR is correctly set tracing: Build event generation tests only as modules cipso: fix total option length computation netrom: Fix a memory leak in nr_heartbeat_expiry() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() netns: Make get_net_ns() handle zero refcount net qca_spi: Make interrupt remembering atomic net/sched: act_api: rely on rcu in tcf_idr_check_alloc net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() tipc: force a dst refcount before doing decryption net/sched: act_ct: set 'net' pointer when creating new nf_flow_table sched: act_ct: add netns into the key of tcf_ct_flow_table net: stmmac: No need to calculate speed divider when offload is disabled virtio_net: checksum offloading handling fix netfilter: ipset: Fix suspicious rcu_dereference_protected() net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings regulator: core: Fix modpost error "regulator_get_regmap" undefined dmaengine: ioat: switch from 'pci_' to 'dma_' API dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() dmaengine: ioatdma: Fix leaking on version mismatch dmaengine: ioat: use PCI core macros for PCIe Capability dmaengine: ioatdma: Fix error path in ioat3_dma_probe() dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() dmaengine: ioatdma: Fix missing kmem_cache_destroy() ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." RDMA/mlx5: Add check for srq max_sge attribute ALSA: hda/realtek: Limit mic boost on N14AP7 drm/radeon: fix UBSAN warning in kv_dpm.c gcov: add support for GCC 14 kcov: don't lose track of remote references during softirqs i2c: ocores: set IACK bit after core is enabled dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema drm/amd/display: revert Exit idle optimizations before HDCP execution ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat rtlwifi: rtl8192de: Style clean-ups wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power pmdomain: ti-sci: Fix duplicate PD referrals knfsd: LOOKUP can return an illegal error value spmi: hisi-spmi-controller: Do not override device identifier bcache: fix variable length array abuse in btree_iter tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test x86/cpu/vfm: Add new macros to work with (vendor/family/model) values x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL r8169: remove unneeded memory barrier in rtl_tx r8169: improve rtl_tx r8169: improve rtl8169_start_xmit r8169: remove nr_frags argument from rtl_tx_slots_avail r8169: remove not needed check in rtl8169_start_xmit r8169: Fix possible ring buffer corruption on fragmented Tx packets. Revert "kheaders: substituting --sort in archive creation" kheaders: explicitly define file modes for archived headers perf/core: Fix missing wakeup when waiting for context reference PCI: Add PCI_ERROR_RESPONSE and related definitions x86/amd_nb: Check for invalid SMN reads cifs: missed ref-counting smb session in find smb: client: fix deadlock in smb2_find_smb_tcon() ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable ACPI: x86: Add another system to quirk list for forcing StorageD3Enable ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Input: ili210x - fix ili251x_read_touch_data() return value pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl/rockchip: separate struct rockchip_pin_bank to a head file pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set drm/amdgpu: fix UBSAN warning in kv_dpm.c netfilter: nf_tables: validate family when identifying table via handle SUNRPC: Fix null pointer dereference in svc_rqst_free() SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation SUNRPC: Fix svcxdr_init_encode's buflen calculation nfsd: hold a lighter-weight client reference over CB_RECALL_ANY ASoC: fsl-asoc-card: set priv->pdev before using it net: dsa: microchip: fix initial port flush problem net: phy: micrel: add Microchip KSZ 9477 to the device table xdp: Move the rxq_info.mem clearing to unreg_mem_model() xdp: Allow registering memory model without rxq reference xdp: Remove WARN() from __xdp_reg_mem_model() sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep mtd: partitions: redboot: Added conversion of operands to a larger type bpf: Add a check for struct bpf_fib_lookup size net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack ALSA: emux: improve patch ioctl data validation media: dvbdev: Initialize sbuf soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message drm/radeon/radeon_display: Decrease the size of allocated memory nvme: fixup comment for nvme RDMA Provider Type drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA gpio: davinci: Validate the obtained number of IRQs gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) x86: stop playing stack games in profile_pc() ocfs2: fix DIO failure due to insufficient transaction credits mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() counter: ti-eqep: enable clock at probe iio: adc: ad7266: Fix variable checking bug iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation net: usb: ax88179_178a: improve link status logs usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable usb: musb: da8xx: fix a resource leak in probe() usb: atm: cxacru: fix endpoint checking in cxacru_bind() serial: 8250_omap: Implementation of Errata i2310 tty: mcf: MCF54418 has 10 UARTS net: can: j1939: Initialize unused data in j1939_send_one() net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new kbuild: Install dtb files as 0644 in Makefile.dtbinst csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/i915/gt: Fix potential UAF by revoke of fence registers drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes batman-adv: Don't accept TT entries for out-of-spec VIDs ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage mtd: spinand: macronix: Add support for serial NAND flash pwm: stm32: Refuse too small period requests nfs: Leave pages in the pagecache if readpage failed ipv6: annotate some data-races around sk->sk_prot ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. drivers: fix typo in firmware/efi/memmap.c efi: Correct comment on efi_memmap_alloc efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node arm64: dts: rockchip: Add sound-dai-cells for RK3368 xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). serial: 8250_omap: Fix Errata i2310 with RX FIFO level check tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Linux 5.10.221 Change-Id: Icac1c62fcbda5102be7ea031121f28d6fee36875 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
fedef46c69 |
This is the 5.10.219 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmZuzl4ACgkQONu9yGCS
aT7+ohAAyRkTis6xeME1FWIJthCJl8FzUq9nfN+OccK3TwCbXyZKXlZK8lVz0T5U
DvG1Tg+rR76+hIJghMIy2FEPRBA19WMq9a+Ms2ZyyggPrlgksFivO8N8YgnIxabb
EJPN7pAzO+GA+vd8YeGeK1ldq8QUISlN35s+hkur1jeBctWRcpHeOTjIej/Qytmj
ny1o7hCp179+SPygSEYEYtguACaQflhfBjOgAQ9DwWjP6vO2W9Vb16X4tiT0udHm
ExPjOwxbEMN/7m9gKrnl6WcIROSOy55FnfcYZP+NRY4jBlANUgXF1ca9hAhcIKSv
oOyeRN5S3FZAdxIHG9SFU9b6MPwJSeO5ETQyfiRGNFRkXOa2tKknNSsuACu8kSwx
SKJIpcuW1DkortwsYFbilXdl6TrK6oCcEczV5qtludcRoDznfUGejb5e81v3yYkO
no6ORvBJSBnEObY+gpexvxQp2Ae1+YkSLJaDzYWMC+JHBIgWTz2F2qJJkP6bRAUV
QduFTdTenDnL7zW3DseZGJKotU95cUoKNAwa7wfboZeygHc2+KaUOchKcqI0P9dZ
pS27RzcAJJ2uufujofyxOOhzFKw98WFurfNsMZTDBwHuqReoiRAS7pi0PeTMuqUv
GC8V1eIKgeWdI+pdTZLXylziiM41IylLjU/hxCrsykb+EwFa5NY=
=B1lK
-----END PGP SIGNATURE-----
Merge 5.10.219 into android12-5.10-lts
Changes in 5.10.219
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
speakup: Fix sizeof() vs ARRAY_SIZE() bug
ring-buffer: Fix a race between readers and resize checks
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
nilfs2: fix potential hang in nilfs_detach_log_writer()
ALSA: core: Fix NULL module pointer assignment at card init
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
net: usb: qmi_wwan: add Telit FN920C04 compositions
drm/amd/display: Set color_mgmt_changed to true on unsuspend
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
regulator: vqmmc-ipq4019: fix module autoloading
ASoC: rt715: add vendor clear control register
ASoC: da7219-aad: fix usage of device_get_named_child_node()
drm/amdkfd: Flush the process wq before creating a kfd_process
nvme: find numa distance only if controller has valid numa id
openpromfs: finish conversion to the new mount API
crypto: bcm - Fix pointer arithmetic
firmware: raspberrypi: Use correct device for DMA mappings
ecryptfs: Fix buffer size for tag 66 packet
nilfs2: fix out-of-range warning
parisc: add missing export of __cmpxchg_u8()
crypto: ccp - drop platform ifdef checks
crypto: x86/nh-avx2 - add missing vzeroupper
crypto: x86/sha256-avx2 - add missing vzeroupper
s390/cio: fix tracepoint subchannel type field
jffs2: prevent xattr node from overflowing the eraseblock
soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE
null_blk: Fix missing mutex_destroy() at module removal
md: fix resync softlockup when bitmap size is less than array size
wifi: ath10k: poll service ready message before failing
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
qed: avoid truncating work queue length
scsi: ufs: qcom: Perform read back after writing reset bit
scsi: ufs-qcom: Fix ufs RST_n spec violation
scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US
scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5
scsi: ufs: qcom: Perform read back after writing unipro mode
scsi: ufs: qcom: Perform read back after writing CGC enable
scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
irqchip/alpine-msi: Fix off-by-one in allocation error path
irqchip/loongson-pch-msi: Fix off-by-one on allocation error path
ACPI: disable -Wstringop-truncation
gfs2: Fix "ignore unlock failures after withdraw"
selftests/bpf: Fix umount cgroup2 error in test_sockmap
cpufreq: Reorganize checks in cpufreq_offline()
cpufreq: Split cpufreq_offline()
cpufreq: Rearrange locking in cpufreq_remove_dev()
cpufreq: exit() callback is optional
net: export inet_lookup_reuseport and inet6_lookup_reuseport
net: remove duplicate reuseport_lookup functions
udp: Avoid call to compute_score on multiple sites
scsi: libsas: Fix the failure of adding phy with zero-address to port
scsi: hpsa: Fix allocation size for Scsi_Host private data
x86/purgatory: Switch to the position-independent small code model
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
wifi: ath10k: populate board data for WCN3990
tcp: avoid premature drops in tcp_add_backlog()
net: give more chances to rcu in netdev_wait_allrefs_any()
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
wifi: carl9170: add a proper sanity check for endpoints
wifi: ar5523: enable proper endpoint verification
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
Revert "sh: Handle calling csum_partial with misaligned data"
selftests/binderfs: use the Makefile's rules, not Make's implicit rules
HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors
scsi: bfa: Ensure the copied buf is NUL terminated
scsi: qedf: Ensure the copied buf is NUL terminated
wifi: mwl8k: initialize cmd->addr[] properly
usb: aqc111: stop lying about skb->truesize
net: usb: sr9700: stop lying about skb->truesize
m68k: Fix spinlock race in kernel thread creation
m68k: mac: Fix reboot hang on Mac IIci
net: ipv6: fix wrong start position when receive hop-by-hop fragment
eth: sungem: remove .ndo_poll_controller to avoid deadlocks
net: ethernet: cortina: Locking fixes
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: usb: smsc95xx: stop lying about skb->truesize
net: openvswitch: fix overwriting ct original tuple for ICMPv6
ipv6: sr: add missing seg6_local_exit
ipv6: sr: fix incorrect unregister order
ipv6: sr: fix invalid unregister error path
net/mlx5: Discard command completions in internal error
drm/amd/display: Fix potential index out of bounds in color transformation function
ASoC: soc-acpi: add helper to identify parent driver.
ASoC: Intel: Disable route checks for Skylake boards
mtd: rawnand: hynix: fixed typo
fbdev: shmobile: fix snprintf truncation
drm/meson: vclk: fix calculation of 59.94 fractional rates
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
powerpc/fsl-soc: hide unused const variable
fbdev: sisfb: hide unused variables
media: ngene: Add dvb_ca_en50221_init return value check
media: radio-shark2: Avoid led_names truncations
drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
fbdev: sh7760fb: allow modular build
media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
drm/arm/malidp: fix a possible null pointer dereference
drm: vc4: Fix possible null pointer dereference
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/bridge: lt9611: Don't log an error when DSI host can't be found
drm/bridge: tc358775: Don't log an error when DSI host can't be found
drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector
drm/mipi-dsi: use correct return type for the DSC functions
RDMA/hns: Refactor the hns_roce_buf allocation flow
RDMA/hns: Create QP with selected QPN for bank load balance
RDMA/hns: Fix incorrect symbol types
RDMA/hns: Fix return value in hns_roce_map_mr_sg
RDMA/hns: Use complete parentheses in macros
RDMA/hns: Modify the print level of CQE error
clk: qcom: mmcc-msm8998: fix venus clock issue
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
ext4: avoid excessive credit estimate in ext4_tmpfile()
sunrpc: removed redundant procp check
ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple
ext4: fix unit mismatch in ext4_mb_new_blocks_simple
ext4: try all groups in ext4_mb_new_blocks_simple
ext4: remove unused parameter from ext4_mb_new_blocks_simple()
ext4: fix potential unnitialized variable
SUNRPC: Fix gss_free_in_token_pages()
selftests/kcmp: Make the test output consistent and clear
selftests/kcmp: remove unused open mode
RDMA/IPoIB: Fix format truncation compilation errors
net: qrtr: fix null-ptr-deref in qrtr_ns_remove
net: qrtr: ns: Fix module refcnt
netrom: fix possible dead-lock in nr_rt_ioctl()
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
greybus: lights: check return of get_channel_from_mode
f2fs: fix to wait on page writeback in __clone_blkaddrs()
soundwire: cadence: fix invalid PDI offset
dmaengine: idma64: Add check for dma_set_max_seg_size
firmware: dmi-id: add a release callback function
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Fix bitwise types
greybus: arche-ctrl: move device table to its right location
serial: sc16is7xx: add proper sched.h include for sched_set_fifo()
f2fs: compress: support chksum
f2fs: add compress_mode mount option
f2fs: compress: clean up parameter of __f2fs_cluster_blocks()
f2fs: compress: remove unneeded preallocation
f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
f2fs: add cp_error check in f2fs_write_compressed_pages
f2fs: fix to force keeping write barrier for strict fsync mode
f2fs: do not allow partial truncation on pinned file
f2fs: fix typos in comments
f2fs: fix to relocate check condition in f2fs_fallocate()
f2fs: fix to check pinfile flag in f2fs_move_file_range()
iio: pressure: dps310: support negative temperature values
fpga: region: change FPGA indirect article to an
fpga: region: Rename dev to parent for parent device
docs: driver-api: fpga: avoid using UTF-8 chars
fpga: region: Use standard dev_release for class driver
fpga: region: add owner module and take its refcount
microblaze: Remove gcc flag for non existing early_printk.c file
microblaze: Remove early printk call from cpuinfo-static.c
usb: gadget: u_audio: Clear uac pointer when freed.
stm class: Fix a double free in stm_register_device()
ppdev: Remove usage of the deprecated ida_simple_xx() API
ppdev: Add an error check in register_device
extcon: max8997: select IRQ_DOMAIN instead of depending on it
PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3
PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: compress: don't allow unaligned truncation on released compress inode
serial: sh-sci: protect invalidating RXDMA on shutdown
libsubcmd: Fix parse-options memory leak
s390/ipl: Fix incorrect initialization of len fields in nvme reipl block
s390/ipl: Fix incorrect initialization of nvme dump block
Input: ims-pcu - fix printf string overflow
Input: ioc3kbd - convert to platform remove callback returning void
Input: ioc3kbd - add device table
mmc: sdhci_am654: Add tuning algorithm for delay chain
mmc: sdhci_am654: Write ITAPDLY for DDR52 timing
mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel
mmc: sdhci_am654: Add OTAP/ITAP delay enable
mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock
mmc: sdhci_am654: Fix ITAPDLY for HS400 timing
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
drm/msm/dpu: Always flush the slave INTF on the CTL
um: Fix return value in ubd_init()
um: Add winch to winch_handlers before registering winch IRQ
um: vector: fix bpfflash parameter evaluation
drm/bridge: tc358775: fix support for jeida-18 and jeida-24
media: stk1160: fix bounds checking in stk1160_copy_video()
scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy()
media: flexcop-usb: clean up endpoint sanity checks
media: flexcop-usb: fix sanity check of bNumEndpoints
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
um: Fix the -Wmissing-prototypes warning for __switch_mm
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
media: cec: cec-api: add locking in cec_release()
media: core headers: fix kernel-doc warnings
media: cec: fix a deadlock situation
media: cec: call enable_adap on s_log_addrs
media: cec: abort if the current transmit was canceled
media: cec: correctly pass on reply results
media: cec: use call_op and check for !unregistered
media: cec-adap.c: drop activate_cnt, use state info instead
media: cec: core: avoid recursive cec_claim_log_addrs
media: cec: core: avoid confusing "transmit timed out" message
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
regulator: bd71828: Don't overwrite runtime voltages
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
nfc: nci: Fix uninit-value in nci_rx_work
ASoC: tas2552: Add TX path for capturing AUDIO-OUT data
sunrpc: fix NFSACL RPC retry on soft mount
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL
ipv6: sr: fix memleak in seg6_hmac_init_algo
params: lift param_set_uint_minmax to common code
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
openvswitch: Set the skbuff pkt_type for proper pmtud support.
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
net: fec: avoid lock evasion when reading pps_enable
tls: fix missing memory barrier in tls_init
nfc: nci: Fix kcov check in nci_rx_work()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
netfilter: nft_payload: restore vlan q-in-q match support
spi: Don't mark message DMA mapped when no transfer in it is
nvmet: fix ns enable/disable possible hang
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
bpf: Fix potential integer overflow in resolve_btfids
enic: Validate length of nl attributes in enic_set_vf_port
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
bpf: Allow delete from sockmap/sockhash only if update is allowed
net:fec: Add fec_enet_deinit()
netfilter: tproxy: bail out if IP has been disabled on the device
kconfig: fix comparison to constant symbols, 'm', 'n'
spi: stm32: Don't warn about spurious interrupts
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
hwmon: (shtc1) Fix property misspelling
ALSA: timer: Set lower bound of start tick time
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
media: cec: core: add adap_nb_transmit_canceled() callback
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
binder: fix max_thread type inconsistency
mmc: core: Do not force a retune before RPMB switch
io_uring: fail NOP if non-zero op flags is passed in
afs: Don't cross .backup mountpoint from backup volume
nilfs2: fix use-after-free of timer for log writer thread
vxlan: Fix regression when dropping packets due to invalid src addresses
x86/mm: Remove broken vsyscall emulation code from the page fault code
netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
media: lgdt3306a: Add a check against null-pointer-def
drm/amdgpu: add error handle to avoid out-of-bounds
ata: pata_legacy: make legacy_exit() work again
ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx
arm64: tegra: Correct Tegra132 I2C alias
arm64: dts: qcom: qcs404: fix bluetooth device address
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE
wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path
arm64: dts: hi3798cv200: fix the size of GICR
media: mc: mark the media devnode as registered from the, start
media: mxl5xx: Move xpt structures off stack
media: v4l2-core: hold videodev_lock until dev reg, finishes
mmc: core: Add mmc_gpiod_set_cd_config() function
mmc: sdhci-acpi: Sort DMI quirks alphabetically
mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working
mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A
fbdev: savage: Handle err return when savagefb_check_var failed
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
crypto: ecrdsa - Fix module auto-load on add_key
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
net/ipv6: Fix route deleting failure when metric equals 0
net/9p: fix uninit-value in p9_client_rpc()
intel_th: pci: Add Meteor Lake-S CPU support
sparc64: Fix number of online CPUs
watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin
kdb: Fix buffer overflow during tab-complete
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Merge identical case statements in kdb_read()
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
net: fix __dst_negative_advice() race
sparc: move struct termio to asm/termios.h
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
s390/ap: Fix crash in AP internal function modify_bitmap()
nfs: fix undefined behavior in nfs_block_bits()
NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS
scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5
f2fs: compress: fix compression chksum
RDMA/hns: Use mutex instead of spinlock for ida allocation
RDMA/hns: Fix CQ and QP cache affinity
Linux 5.10.219
Change-Id: I0e21ff44d28df2a2802a9fb35f0959bb5ab528fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Yunlei He
|
38a82c8d00 |
f2fs: remove clear SB_INLINECRYPT flag in default_options
[ Upstream commit ac5eecf481c29942eb9a862e758c0c8b68090c33 ]
In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set.
If create new file or open file during this gap, these files
will not use inlinecrypt. Worse case, it may lead to data
corruption if wrappedkey_v0 is enable.
Thread A: Thread B:
-f2fs_remount -f2fs_file_open or f2fs_new_inode
-default_options
<- clear SB_INLINECRYPT flag
-fscrypt_select_encryption_impl
-parse_options
<- set SB_INLINECRYPT again
Signed-off-by: Yunlei He <heyunlei@oppo.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Michael Bestas
|
768f49ccbc
|
Merge tag 'ASB-2024-06-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-06-01 CVE-2024-26926 * tag 'ASB-2024-06-05_12-5.10' of https://android.googlesource.com/kernel/common: ANDROID: GKI: Update symbols to symbol list ANDROID: ABI fixup for abi break in struct dst_ops BACKPORT: net: fix __dst_negative_advice() race ANDROID: Add __nocfi return for swsusp_arch_resume BACKPORT: arm64: mm: Make hibernation aware of KFENCE UPSTREAM: selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior ANDROID: kbuild: Search external devicetree path when running clean target ANDROID: kbuild: add support for compiling external device trees ANDROID: usb: gadget: ncm: Introduce vendor opts to deal with ABI breakage UPSTREAM: usb: gadget: ncm: Fix endianness of wMaxSegmentSize variable in ecm_desc UPSTREAM: usb: gadget: ncm: Add support to update wMaxSegmentSize via configfs ANDROID: usb: Optimize the problem of slow transfer rate in USB accessory mode ANDROID: ABI: Update honor symbol list ANDROID: add vendor hook in do_read_fault to tune fault_around_bytes FROMGIT: usb: dwc3: Wait unconditionally after issuing EndXfer command ANDROID: irq: put irq_resolve_mapping under protection of __irq_enter_raw ANDROID: abi_gki_aarch64_qcom: Add clk_restore_context and clk_save_context UPSTREAM: usb: gadget: ncm: Fix handling of zero block length packets UPSTREAM: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Revert "hrtimer: Report offline hrtimer enqueue" Revert "scsi: core: Introduce enum scsi_disposition" Revert "scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler" Revert "scsi: core: Move scsi_host_busy() out of host lock if it is for per-command" Revert "bpf: Add map and need_defer parameters to .map_fd_put_ptr()" Revert "drm/mipi-dsi: Fix detach call without attach" Revert "serial: Add rs485_supported to uart_port" Revert "serial: 8250_exar: Fill in rs485_supported" Revert "serial: 8250_exar: Set missing rs485_supported flag" Revert "ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()" Linux 5.10.210 PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() net: bcmgenet: Fix EEE implementation netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() drm/msm/dsi: Enable runtime PM PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() PM: runtime: add devm_pm_runtime_enable helper dm: limit the number of targets and parameter size area nilfs2: replace WARN_ONs for invalid DAT metadata block requests nilfs2: fix potential bug in end_buffer_async_write sched/membarrier: reduce the ability to hammer on sys_membarrier net: prevent mss overflow in skb_segment() Revert "arm64: Stash shadow stack pointer in the task struct on interrupt" hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() netfilter: ipset: Missing gc cancellations fixed netfilter: ipset: fix performance regression in swap operation scripts/decode_stacktrace.sh: optionally use LLVM utilities scripts: decode_stacktrace: demangle Rust symbols scripts/decode_stacktrace.sh: support old bash version scripts/decode_stacktrace.sh: silence stderr messages from addr2line/nm serial: 8250_exar: Set missing rs485_supported flag serial: 8250_exar: Fill in rs485_supported serial: Add rs485_supported to uart_port crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init mips: Fix max_mapnr being uninitialized on early stages PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support bus: moxtet: Add spi device table Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" tracing: Inform kmemleak of saved_cmdlines allocation pmdomain: core: Move the unused cleanup to a _sync initcall can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) of: property: fix typo in io-channels ceph: prevent use-after-free in encode_cap_msg() s390/qeth: Fix potential loss of L3-IP@ in case of network issues irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update irqchip/irq-brcmstb-l2: Add write memory barrier before exit wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() nfp: flower: prevent re-adding mac index for bonded port nfp: use correct macro for LengthSelect in BAR config crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() nilfs2: fix data corruption in dsync block recovery for small block sizes ALSA: hda/conexant: Add quirk for SWS JS201D mmc: slot-gpio: Allow non-sleeping GPIO ro x86/mm/ident_map: Use gbpages only where full GB page should be mapped. x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 serial: max310x: improve crystal stable clock detection serial: max310x: set default value when reading clock ready bit ring-buffer: Clean ring_buffer_poll_wait() error return hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove media: rc: bpf attach/detach requires write permission iio: accel: bma400: Fix a compilation problem iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC staging: iio: ad5933: fix type mismatch regression tracing: Fix wasted memory in saved_cmdlines logic ext4: fix double-free of blocks due to wrong extents moved_len misc: fastrpc: Mark all sessions as invalid in cb_remove binder: signal epoll threads of self-work ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL xen-netback: properly sync TX responses net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() nfc: nci: free rx_data_reassembly skb on NCI device cleanup kbuild: Fix changing ELF file type for output of gen_btf for big endian firewire: core: correct documentation of fw_csr_string() kernel API lsm: fix the logic in security_inode_getsecctx() scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" modpost: trim leading spaces when processing source files list i2c: i801: Fix block process call transactions i2c: i801: Remove i801_set_block_buffer_mode powerpc/kasan: Fix addr error caused by page alignment media: ir_toy: fix a memleak in irtoy_tx usb: f_mass_storage: forbid async queue when shutdown happen USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT usb: ucsi_acpi: Fix command completion handling HID: wacom: Do not register input devices until after hid_hw_start HID: wacom: generic: Avoid reporting a serial of '0' to userspace ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again tracing/trigger: Fix to return error if failed to alloc snapshot i40e: Fix waiting for queues of all VSIs to be disabled MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler net: sysfs: Fix /sys/class/net/<iface> path for statistics ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() spi: ppc4xx: Drop write-only variable net: openvswitch: limit the number of recursions from action sets of: unittest: Fix compile in the non-dynamic case btrfs: send: return EOPNOTSUPP on unknown flags btrfs: forbid deleting live subvol qgroup btrfs: do not ASSERT() if the newly created subvolume already got read btrfs: forbid creating subvol qgroups netfilter: nft_set_rbtree: skip end interval element from gc net: stmmac: xgmac: fix a typo of register name in DPP safety handling net: stmmac: xgmac: use #define for string constants clocksource: Skip watchdog check for large watchdog intervals vhost: use kzalloc() instead of kmalloc() followed by memset() Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU hrtimer: Report offline hrtimer enqueue usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK USB: serial: cp210x: add ID for IMST iM871A-USB USB: serial: option: add Fibocom FM101-GL variant USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e net/af_iucv: clean up a try_then_request_module() blk-iocost: Fix an UBSAN shift-out-of-bounds warning scsi: core: Move scsi_host_busy() out of host lock if it is for per-command netfilter: nft_set_pipapo: remove scratch_aligned pointer netfilter: nft_set_pipapo: add helper to release pcpu scratch area netfilter: nft_set_pipapo: store index in scratch maps netfilter: nft_ct: reject direction for ct id netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_compat: reject unused compat flag ppp_async: limit MRU to 64K tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() rxrpc: Fix response to PING RESPONSE ACKs to a dead call inet: read sk->sk_family once in inet_recv_error() hwmon: (coretemp) Fix bogus core_id to attr name mapping hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (aspeed-pwm-tacho) mutex for tach reading atm: idt77252: fix a memleak in open_card_ubr0 tunnels: fix out of bounds access when building IPv6 PMTU error selftests: net: avoid just another constant wait net: stmmac: xgmac: fix handling of DPP safety error for DMA channels drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV phy: renesas: rcar-gen3-usb2: Fix returning wrong error code dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA dmaengine: ti: k3-udma: Report short packet errors dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools PM: sleep: Fix error handling in dpm_prepare() uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ bonding: remove print in bond_verify_device_path HID: apple: Add 2021 magic keyboard FN key mapping HID: apple: Add support for the 2021 Magic Keyboard net: sysfs: Fix /sys/class/net/<iface> path af_unix: fix lockdep positive in sk_diag_dump_icons() net: ipv4: fix a memleak in ip_setup_cork netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger llc: call sock_orphan() at release time ipv6: Ensure natural alignment of const ipv6 loopback and router addresses ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ixgbe: Refactor overtemp event handling ixgbe: Refactor returning internal error codes ixgbe: Remove non-inclusive language tcp: add sanity checks to rx zerocopy net-zerocopy: Refactor frag-is-remappable test. ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() ip6_tunnel: use dev_sw_netstats_rx_add() scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler scsi: core: Introduce enum scsi_disposition scsi: isci: Fix an error code problem in isci_io_request_build() drm: using mul_u32_u32() requires linux/math64.h wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update perf: Fix the nr_addr_filters fix drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' ceph: fix deadlock or deadcode of misusing dget() blk-mq: fix IO hang from sbitmap wakeup race virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings libsubcmd: Fix memory leak in uniq() PCI/AER: Decode Requester ID when no error info found fs/kernfs/dir: obey S_ISGID tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE usb: hub: Replace hardcoded quirk value with BIT() macro PCI: switchtec: Fix stdev_release() crash after surprise hot remove PCI: Only override AMD USB controller if required mfd: ti_am335x_tscadc: Fix TI SoC dependencies xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import i3c: master: cdns: Update maximum prescaler value for i2c clock um: net: Fix return type of uml_net_start_xmit() um: Don't use vfprintf() for os_info() um: Fix naming clash between UML and scheduler leds: trigger: panic: Don't register panic notifier if creating the trigger failed drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdgpu: Let KFD sync with VM fences watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() drm/msm/dpu: Ratelimit framedone timeout msgs media: ddbridge: fix an error code problem in ddb_probe IB/ipoib: Fix mcast list locking drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL ALSA: hda: Intel: add HDA_ARL PCI ID support PCI: add INTEL_HDA_ARL to pci_ids.h media: rockchip: rga: fix swizzling for RGB formats media: stk1160: Fixed high volume of stk1160_dbg messages drm/mipi-dsi: Fix detach call without attach drm/framebuffer: Fix use of uninitialized variable drm/drm_file: fix use of uninitialized variable f2fs: fix write pointers on zoned device after roll forward drm/amd/display: Fix tiled display misalignment RDMA/IPoIB: Fix error code return in ipoib_mcast_join fast_dput(): handle underflows gracefully ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument ALSA: hda: Refer to correct stream index at loops f2fs: fix to check return value of f2fs_reserve_new_block() i40e: Fix VF disable behavior to block all traffic Bluetooth: L2CAP: Fix possible multiple reject send Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 wifi: cfg80211: free beacon_ies when overridden from hidden BSS wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property md: Whenassemble the array, consult the superblock of the freshest device block: prevent an integer overflow in bvec_try_merge_hw_page net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path ARM: dts: imx23/28: Fix the DMA controller node name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx25/27: Pass timing0 ARM: dts: imx25: Fix the iim compatible string block/rnbd-srv: Check for unlikely string overflow ionic: pass opcode to devcmd_wait ARM: dts: imx1: Fix sram node ARM: dts: imx27: Fix sram node ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: rockchip: fix rk3036 hdmi ports node bpf: Set uattr->batch.count as zero before batched update or deletion scsi: libfc: Fix up timeout error in fc_fcp_rec_error() scsi: libfc: Don't schedule abort twice bpf: Add map and need_defer parameters to .map_fd_put_ptr() wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() ARM: dts: imx7s: Fix nand-controller #size-cells ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7d: Fix coresight funnel ports scsi: arcmsr: Support new PCI device IDs 1883 and 1886 bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk PCI: Add no PM reset quirk for NVIDIA Spectrum devices scsi: lpfc: Fix possible file string name overflow when updating firmware selftests/bpf: Fix pyperf180 compilation failure with clang18 selftests/bpf: satisfy compiler by having explicit return in btf test wifi: rt2x00: restart beacon queue when hardware reset ext4: avoid online resizing failures due to oversized flex bg ext4: remove unnecessary check from alloc_flex_gd() ext4: unify the type of flexbg_size to unsigned int ext4: fix inconsistent between segment fstrim and full fstrim ecryptfs: Reject casefold directory inodes SUNRPC: Fix a suspicious RCU usage warning KVM: s390: fix setting of fpc register s390/ptrace: handle setting of fpc register correctly jfs: fix array-index-out-of-bounds in diNewExt rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() crypto: stm32/crc32 - fix parsing list of devices pstore/ram: Fix crash when setting number of cpus to an odd number jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix slab-out-of-bounds Read in dtSearch UBSAN: array-index-out-of-bounds in dtSplitRoot FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events PM / devfreq: Synchronize devfreq_monitor_[start/stop] ACPI: extlog: fix NULL pointer dereference check PNP: ACPI: fix fortify warning ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop audit: Send netlink ACK before setting connection in auditd_set regulator: core: Only increment use_count when enable_count changes debugobjects: Stop accessing objects after releasing hash bucket lock perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel powerpc/lib: Validate size for vector operations powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE x86/boot: Ignore NMIs during very early boot powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc: Fix build error due to is_valid_bugaddr() drivers/perf: pmuv3: don't expose SW_INCR event in sysfs powerpc/mm: Fix null-pointer dereference in pgtable_cache_add x86/entry/ia32: Ensure s32 is sign extended to s64 tick/sched: Preserve number of idle sleeps across CPU hotplug events mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan spi: bcm-qspi: fix SFDP BFPT read by usig mspi read gpio: eic-sprd: Clear interrupt after set the interrupt type drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume drm/exynos: fix accidental on-stack copy of exynos_drm_plane drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted btrfs: remove err variable from btrfs_delete_subvolume mm/sparsemem: fix race in accessing memory_section->usage mm: use __pfn_to_section() instead of open coding it media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run arm64: dts: qcom: sc7180: fix USB wakeup interrupt types arm64: dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 pipe: wakeup wr_wait after setting max_usage fs/pipe: move check to pipe_has_watch_queue() PM: sleep: Fix possible deadlocks in core system-wide PM code PM: core: Remove unnecessary (void *) conversions PM: sleep: Avoid calling put_device() under dpm_list_mtx PM: sleep: Use dev_printk() when possible drm/bridge: nxp-ptn3460: simplify some error checking drm/tidss: Fix atomic_flush check drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm: Don't unref the same fb many times by mistake due to deadlock handling gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 netfilter: nf_tables: reject QUEUE/DROP verdict parameters netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain wifi: iwlwifi: fix a memory corruption exec: Fix error handling in begin_new_exec() rbd: don't move requests to the running list on errors btrfs: don't abort filesystem when attempting to snapshot deleted subvolume btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't warn if discard range is not aligned to sector btrfs: tree-checker: fix inline ref size in error messages btrfs: ref-verify: free ref cache before clearing mount opt net: fec: fix the unhandled context fault from smmu fjes: fix memleaks in fjes_hw_setup selftests: netdevsim: fix the udp_tunnel_nic test net: mvpp2: clear BM pool before initialization netfilter: nf_tables: validate NFPROTO_* family netfilter: nf_tables: restrict anonymous set and map names to 16 bytes net/mlx5e: fix a double-free in arfs_create_groups net/mlx5: DR, Use the right GVMI number for drop action ipv6: init the accept_queue's spinlocks in inet6_create netlink: fix potential sleeping issue in mqueue_flush_file tcp: Add memory barrier to tcp_push() afs: Hide silly-rename files from userspace tracing: Ensure visibility when inserting an element into tracing_map net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv llc: Drop support for ETH_P_TR_802_2. llc: make llc_ui_sendmsg() more robust against bonding changes vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING bnxt_en: Wait for FLR to complete during probe tcp: make sure init the accept_queue's spinlocks once net/smc: fix illegal rmb_desc access in SMC-D connection dump KVM: use __vcalloc for very large allocations mm: vmalloc: introduce array allocation functions smb3: Replace smb2pdu 1-element arrays with flex-arrays stddef: Introduce DECLARE_FLEX_ARRAY() helper block: Remove special-casing of compound pages rename(): fix the locking of subdirectories ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path nouveau/vmm: don't set addr on the fail path to avoid warning rtc: Adjust failure return code for cmos_set_alarm() mmc: mmc_spi: remove custom DMA mapped buffers mmc: core: Use mrq.sbc in close-ended ffu scripts/get_abi: fix source path leak lsm: new security_file_ioctl_compat() hook arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts arm64: dts: qcom: sdm845: fix USB wakeup interrupt types async: Introduce async_schedule_dev_nocall() async: Split async_schedule_node_domain() parisc/firmware: Fix F-extend for PDC addresses bus: mhi: host: Drop chan lock before queuing buffers rpmsg: virtio: Free driver_override when rpmsg_remove() crypto: s390/aes - Fix buffer overread in CTR mode hwrng: core - Fix page fault dead lock on mmap-ed hwrng PM: hibernate: Enforce ordering during image compression/decompression crypto: api - Disallow identical driver names ext4: allow for the last group to be marked as trimmed iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. dmaengine: fix NULL pointer in channel unregistration function iio: adc: ad7091r: Enable internal vref if external vref is not supplied iio: adc: ad7091r: Allow users to configure device events iio: adc: ad7091r: Set alert bit in config register serial: sc16is7xx: add check for unsupported SPI modes during probe spi: introduce SPI_MODE_X_MASK macro serial: sc16is7xx: set safe default SPI clock frequency units: add the HZ macros units: change from 'L' to 'UL' PCI: mediatek: Clear interrupt status before dispatching handler usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled usb: cdns3: fix iso transfer error when mult is not zero usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config usb: cdns3: fix uvc failure work since sg support enabled usb: cdns3: Fixes for sparse warnings Conflicts: Makefile scripts/Makefile.lib scripts/decode_stacktrace.sh Change-Id: I843d5be296c4237694a7ff1c21600b0ee1d57b5f |
||
|
Chao Yu
|
5fe764c781 |
f2fs: compress: fix compression chksum
commit 75e91c888989cf2df5c78b251b07de1f5052e30e upstream.
This patch addresses minor issues in compression chksum.
Fixes: b28f047b28c5 ("f2fs: compress: support chksum")
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Chao Yu
|
75c87e2ac6 |
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
commit 20faaf30e55522bba2b56d9c46689233205d7717 upstream. syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ================================================================== BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 Read of size 1 at addr ffff88807a58c76c by task syz-executor280/5076 CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] current_nat_addr fs/f2fs/node.h:213 [inline] f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline] f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838 __do_sys_ioctl fs/ioctl.c:902 [inline] __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is we missed to do sanity check on i_xattr_nid during f2fs_iget(), so that in fiemap() path, current_nat_addr() will access nat_bitmap w/ offset from invalid i_xattr_nid, result in triggering kasan bug report, fix it. Reported-and-tested-by: syzbot+3694e283cf5c40df6d14@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-f2fs-devel/00000000000094036c0616e72a1d@google.com Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Chao Yu
|
b8962cf985 |
f2fs: compress: don't allow unaligned truncation on released compress inode
[ Upstream commit 29ed2b5dd521ce7c5d8466cd70bf0cc9d07afeee ]
f2fs image may be corrupted after below testcase:
- mkfs.f2fs -O extra_attr,compression -f /dev/vdb
- mount /dev/vdb /mnt/f2fs
- touch /mnt/f2fs/file
- f2fs_io setflags compression /mnt/f2fs/file
- dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=4
- f2fs_io release_cblocks /mnt/f2fs/file
- truncate -s 8192 /mnt/f2fs/file
- umount /mnt/f2fs
- fsck.f2fs /dev/vdb
[ASSERT] (fsck_chk_inode_blk:1256) --> ino: 0x5 has i_blocks: 0x00000002, but has 0x3 blocks
[FSCK] valid_block_count matching with CP [Fail] [0x4, 0x5]
[FSCK] other corrupted bugs [Fail]
The reason is: partial truncation assume compressed inode has reserved
blocks, after partial truncation, valid block count may change w/o
.i_blocks and .total_valid_block_count update, result in corruption.
This patch only allow cluster size aligned truncation on released
compress inode for fixing.
Fixes: c61404153eb6 ("f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
c1958b978d |
f2fs: fix to release node block count in error path of f2fs_new_node_page()
[ Upstream commit 0fa4e57c1db263effd72d2149d4e21da0055c316 ]
It missed to call dec_valid_node_count() to release node block count
in error path, fix it.
Fixes: 141170b759e0 ("f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
a6e1f7744e |
f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
[ Upstream commit 0a4ed2d97cb6d044196cc3e726b6699222b41019 ]
It needs to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
to avoid racing with checkpoint, otherwise, filesystem metadata including
blkaddr in dnode, inode fields and .total_valid_block_count may be
corrupted after SPO case.
Fixes:
|
||
|
Chao Yu
|
cdbe0477a0 |
f2fs: fix to check pinfile flag in f2fs_move_file_range()
[ Upstream commit e07230da0500e0919a765037c5e81583b519be2c ]
ioctl(F2FS_IOC_MOVE_RANGE) can truncate or punch hole on pinned file,
fix to disallow it.
Fixes: 5fed0be8583f ("f2fs: do not allow partial truncation on pinned file")
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
2b16554fb2 |
f2fs: fix to relocate check condition in f2fs_fallocate()
[ Upstream commit 278a6253a673611dbc8ab72a3b34b151a8e75822 ]
compress and pinfile flag should be checked after inode lock held to
avoid race condition, fix it.
Fixes:
|
||
Jinyoung CHOI
|
f1169d2b2a |
f2fs: fix typos in comments
[ Upstream commit 146949defda868378992171b9e42318b06fcd482 ]
This patch is to fix typos in f2fs files.
Signed-off-by: Jinyoung Choi <j-young.choi@samsung.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 278a6253a673 ("f2fs: fix to relocate check condition in f2fs_fallocate()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Jaegeuk Kim
|
bdca4b6786 |
f2fs: do not allow partial truncation on pinned file
[ Upstream commit 5fed0be8583f08c1548b4dcd9e5ee0d1133d0730 ]
If the pinned file has a hole by partial truncation, application that has
the block map will be broken.
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 278a6253a673 ("f2fs: fix to relocate check condition in f2fs_fallocate()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
d992b78026 |
f2fs: fix to force keeping write barrier for strict fsync mode
[ Upstream commit 2787991516468bfafafb9bf2b45a848e6b202e7c ] [1] https://www.mail-archive.com/linux-f2fs-devel@lists.sourceforge.net/msg15126.html As [1] reported, if lower device doesn't support write barrier, in below case: - write page #0; persist - overwrite page #0 - fsync - write data page #0 OPU into device's cache - write inode page into device's cache - issue flush If SPO is triggered during flush command, inode page can be persisted before data page #0, so that after recovery, inode page can be recovered with new physical block address of data page #0, however there may contains dummy data in new physical block address. Then what user will see is: after overwrite & fsync + SPO, old data in file was corrupted, if any user do care about such case, we can suggest user to use STRICT fsync mode, in this mode, we will force to use atomic write sematics to keep write order in between data/node and last node, so that it avoids potential data corruption during fsync(). Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Stable-dep-of: 278a6253a673 ("f2fs: fix to relocate check condition in f2fs_fallocate()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Chao Yu
|
eebbc4eb7e |
f2fs: add cp_error check in f2fs_write_compressed_pages
[ Upstream commit ee68d27181f060fab29e60d1d31aab6a42703dd4 ]
This patch adds cp_error check in f2fs_write_compressed_pages() like we did
in f2fs_write_single_data_page()
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 278a6253a673 ("f2fs: fix to relocate check condition in f2fs_fallocate()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
431ecafbff |
f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()
[ Upstream commit 7c5dffb3d90c5921b91981cc663e02757d90526e ]
Compress flag should be checked after inode lock held to avoid
racing w/ f2fs_setflags_common(), fix it.
Fixes:
|
||
|
Jaegeuk Kim
|
8e1651cd66 |
f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit
[ Upstream commit c61404153eb683da9c35aad133131554861ed561 ]
Once we release compressed blocks, we used to set IMMUTABLE bit. But it turned
out it disallows every fs operations which we don't need for compression.
Let's just prevent writing data only.
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 7c5dffb3d90c ("f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
486009bc2f |
f2fs: compress: remove unneeded preallocation
[ Upstream commit 8f1d49832636d514e949b29ce64370ebebf6d6d2 ]
We will reserve iblocks for compression saved, so during compressed
cluster overwrite, we don't need to preallocate blocks for later
write.
In addition, it adds a bug_on to detect wrong reserved iblock number
in __f2fs_cluster_blocks().
Bug fix in the original patch by Jaegeuk:
If we released compressed blocks having an immutable bit, we can see less
number of compressed block addresses. Let's fix wrong BUG_ON.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 7c5dffb3d90c ("f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
df4978d968 |
f2fs: compress: clean up parameter of __f2fs_cluster_blocks()
[ Upstream commit 91f0fb6903ed30370135381f10c02a10c7872cdc ]
Previously, in order to reuse __f2fs_cluster_blocks(),
f2fs_is_compressed_cluster() assigned a compress_ctx type variable,
which is used to pass few parameters (cc.inode, cc.cluster_size,
cc.cluster_idx), it's wasteful to allocate such large space in stack.
Let's clean up parameters of __f2fs_cluster_blocks() to avoid that.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 7c5dffb3d90c ("f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Daeho Jeong
|
5b09d2e790 |
f2fs: add compress_mode mount option
[ Upstream commit 602a16d58e9aab3c423bcf051033ea6c9e8a6d37 ]
We will add a new "compress_mode" mount option to control file
compression mode. This supports "fs" and "user". In "fs" mode (default),
f2fs does automatic compression on the compression enabled files.
In "user" mode, f2fs disables the automaic compression and gives the
user discretion of choosing the target file and the timing. It means
the user can do manual compression/decompression on the compression
enabled files using ioctls.
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 7c5dffb3d90c ("f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
70fb69e05a |
f2fs: compress: support chksum
[ Upstream commit b28f047b28c51d0b9864c34b097bb0b221ea7247 ]
This patch supports to store chksum value with compressed
data, and verify the integrality of compressed data while
reading the data.
The feature can be enabled through specifying mount option
'compress_chksum'.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Stable-dep-of: 7c5dffb3d90c ("f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chao Yu
|
7b98f1493a |
f2fs: fix to wait on page writeback in __clone_blkaddrs()
[ Upstream commit d3876e34e7e789e2cbdd782360fef2a777391082 ]
In below race condition, dst page may become writeback status
in __clone_blkaddrs(), it needs to wait writeback before update,
fix it.
Thread A GC Thread
- f2fs_move_file_range
- filemap_write_and_wait_range(dst)
- gc_data_segment
- f2fs_down_write(dst)
- move_data_page
- set_page_writeback(dst_page)
- f2fs_submit_page_write
- f2fs_up_write(dst)
- f2fs_down_write(dst)
- __exchange_data_block
- __clone_blkaddrs
- f2fs_get_new_data_page
- memcpy_page
Fixes:
|
||
|
Michael Bestas
|
42fc85e576
|
Merge tag 'ASB-2024-04-05_12-5.10' of https://android.googlesource.com/kernel/common into android13-5.10-waipio
https://source.android.com/docs/security/bulletin/2024-04-01 * tag 'ASB-2024-04-05_12-5.10' of https://android.googlesource.com/kernel/common: (442 commits) FROMLIST: binder: check offset alignment in binder_get_object() ANDROID: enable CONFIG_USB_XHCI_PCI_RENESAS in gki_defconfig UPSTREAM: usb: dwc3: core: set force_gen1 bit in USB31 devices if max speed is SS ANDROID: userfaultfd: abort uffdio ops if mmap_lock is contended ANDROID: userfaultfd: add MMAP_TRYLOCK mode for COPY/ZEROPAGE UPSTREAM: coresight: etm4x: Remove bogous __exit annotation for some functions UPSTREAM: ASoC: hdmi-codec: register hpd callback on component probe UPSTREAM: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() UPSTREAM: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() UPSTREAM: task_work: add kerneldoc annotation for 'data' argument UPSTREAM: x86/purgatory: Remove LTO flags UPSTREAM: tcpm: Avoid soft reset when partner does not support get_status UPSTREAM: block/mq-deadline: use correct way to throttling write requests UPSTREAM: usb: typec: tcpm: Fix response to vsafe0V event UPSTREAM: clk: Fix memory leak in devm_clk_notifier_register() UPSTREAM: selftests: damon: add config file ANDROID: abi_gki_aarch64_qcom: Export trace_android_vh_try_fixup_sea ANDROID: arm64: Call fixup_exception() within do_sea() ANDROID: userfaultfd: allow SPF for UFFD_FEATURE_SIGBUS on private+anon ANDROID: GKI: db845c: Update symbols list and ABI ... Conflicts: Documentation/devicetree/bindings/nvmem/mxs-ocotp.yaml Documentation/devicetree/bindings~HEAD arch/powerpc/lib/Makefile Change-Id: I6524da89cb855824fa28a95396d3683af4a10046 |