lineage-22.0
2741 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
509ddbb2b8 |
Merge f976d964a6 ("Input: adp5589-keys - fix adp5589_gpio_get_value()") into android12-5.10-lts
Steps on the way to 5.10.227 Resolves merge conflicts in: fs/nfsd/nfs4xdr.c fs/nfsd/vfs.c Change-Id: I8ed4156759977aa5c53d577990f4b72e61530ebf Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
9e57ad4546 |
Merge 0ce9d89343 ("clk: ti: dra7-atl: Fix leak of of_nodes") into android12-5.10-lts
Steps on the way to 5.10.226 Resolves merge conflicts in: drivers/dma-buf/heaps/heap-helpers.c drivers/usb/dwc3/core.h fs/ext4/inline.c Change-Id: Id7ab496884e549fc85b6fff8254fb56d6785d78c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Lizhi Xu
|
61b84013e5 |
ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
commit 33b525cef4cff49e216e4133cc48452e11c0391e upstream.
When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger
NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if
bh is NULL.
Link: https://lkml.kernel.org/r/20240902023636.1843422-3-joseph.qi@linux.alibaba.com
Fixes:
|
||
Julian Sun
|
bf605ae98d |
ocfs2: fix null-ptr-deref when journal load failed.
commit 5784d9fcfd43bd853654bb80c87ef293b9e8e80a upstream.
During the mounting process, if journal_reset() fails because of too short
journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer.
Subsequently, ocfs2_journal_shutdown() calls
jbd2_journal_flush()->jbd2_cleanup_journal_tail()->
__jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail()
->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer
dereference error.
To resolve this issue, we should check the JBD2_LOADED flag to ensure the
journal was properly loaded. Additionally, use journal instead of
osb->journal directly to simplify the code.
Link: https://syzkaller.appspot.com/bug?extid=05b9b39d8bdfe1a0861f
Link: https://lkml.kernel.org/r/20240902030844.422725-1-sunjunchao2870@gmail.com
Fixes:
|
||
|
Lizhi Xu
|
3f1ca6ba54 |
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
commit c03a82b4a0c935774afa01fd6d128b444fd930a1 upstream.
Patch series "Misc fixes for ocfs2_read_blocks", v5.
This series contains 2 fixes for ocfs2_read_blocks(). The first patch fix
the issue reported by syzbot, which detects bad unlock balance in
ocfs2_read_blocks(). The second patch fixes an issue reported by Heming
Zhao when reviewing above fix.
This patch (of 2):
There was a lock release before exiting, so remove the unreasonable unlock.
Link: https://lkml.kernel.org/r/20240902023636.1843422-1-joseph.qi@linux.alibaba.com
Link: https://lkml.kernel.org/r/20240902023636.1843422-2-joseph.qi@linux.alibaba.com
Fixes:
|
||
Joseph Qi
|
14114d8148 |
ocfs2: cancel dqi_sync_work before freeing oinfo
commit 35fccce29feb3706f649726d410122dd81b92c18 upstream.
ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the
end, if error occurs after successfully reading global quota, it will
trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:
ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c
This reports that there is an active delayed work when freeing oinfo in
error handling, so cancel dqi_sync_work first. BTW, return status instead
of -1 when .read_file_info fails.
Link: https://syzkaller.appspot.com/bug?extid=f7af59df5d6b25f0febd
Link: https://lkml.kernel.org/r/20240904071004.2067695-1-joseph.qi@linux.alibaba.com
Fixes:
|
||
Gautham Ananthakrishna
|
aac31d654a |
ocfs2: reserve space for inline xattr before attaching reflink tree
commit 5ca60b86f57a4d9648f68418a725b3a7de2816b0 upstream.
One of our customers reported a crash and a corrupted ocfs2 filesystem.
The crash was due to the detection of corruption. Upon troubleshooting,
the fsck -fn output showed the below corruption
[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,
but fsck believes the largest valid value is 227. Clamp the next record value? n
The stat output from the debugfs.ocfs2 showed the following corruption
where the "Next Free Rec:" had overshot the "Count:" in the root metadata
block.
Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)
FS Generation: 904309833 (0x35e6ac49)
CRC32: 00000000 ECC: 0000
Type: Regular Attr: 0x0 Flags: Valid
Dynamic Features: (0x16) HasXattr InlineXattr Refcounted
Extended Attributes Block: 0 Extended Attributes Inline Size: 256
User: 0 (root) Group: 0 (root) Size: 281320357888
Links: 1 Clusters: 141738
ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024
atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024
mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024
dtime: 0x0 -- Wed Dec 31 17:00:00 1969
Refcount Block: 2777346
Last Extblk: 2886943 Orphan Slot: 0
Sub Alloc Slot: 0 Sub Alloc Bit: 14
Tree Depth: 1 Count: 227 Next Free Rec: 230
## Offset Clusters Block#
0 0 2310 2776351
1 2310 2139 2777375
2 4449 1221 2778399
3 5670 731 2779423
4 6401 566 2780447
....... .... .......
....... .... .......
The issue was in the reflink workfow while reserving space for inline
xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the
time this function is called the reflink tree is already recreated at the
destination inode from the source inode. At this point, this function
reserves space for inline xattrs at the destination inode without even
checking if there is space at the root metadata block. It simply reduces
the l_count from 243 to 227 thereby making space of 256 bytes for inline
xattr whereas the inode already has extents beyond this index (in this
case up to 230), thereby causing corruption.
The fix for this is to reserve space for inline metadata at the destination
inode before the reflink tree gets recreated. The customer has verified the
fix.
Link: https://lkml.kernel.org/r/20240918063844.1830332-1-gautham.ananthakrishna@oracle.com
Fixes:
|
||
|
Joseph Qi
|
8e3bf36636 |
ocfs2: fix uninit-value in ocfs2_get_block()
commit 2af148ef8549a12f8025286b8825c2833ee6bcb8 upstream.
syzbot reported an uninit-value BUG:
BUG: KMSAN: uninit-value in ocfs2_get_block+0xed2/0x2710 fs/ocfs2/aops.c:159
ocfs2_get_block+0xed2/0x2710 fs/ocfs2/aops.c:159
do_mpage_readpage+0xc45/0x2780 fs/mpage.c:225
mpage_readahead+0x43f/0x840 fs/mpage.c:374
ocfs2_readahead+0x269/0x320 fs/ocfs2/aops.c:381
read_pages+0x193/0x1110 mm/readahead.c:160
page_cache_ra_unbounded+0x901/0x9f0 mm/readahead.c:273
do_page_cache_ra mm/readahead.c:303 [inline]
force_page_cache_ra+0x3b1/0x4b0 mm/readahead.c:332
force_page_cache_readahead mm/internal.h:347 [inline]
generic_fadvise+0x6b0/0xa90 mm/fadvise.c:106
vfs_fadvise mm/fadvise.c:185 [inline]
ksys_fadvise64_64 mm/fadvise.c:199 [inline]
__do_sys_fadvise64 mm/fadvise.c:214 [inline]
__se_sys_fadvise64 mm/fadvise.c:212 [inline]
__x64_sys_fadvise64+0x1fb/0x3a0 mm/fadvise.c:212
x64_sys_call+0xe11/0x3ba0
arch/x86/include/generated/asm/syscalls_64.h:222
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
This is because when ocfs2_extent_map_get_blocks() fails, p_blkno is
uninitialized. So the error log will trigger the above uninit-value
access.
The error log is out-of-date since get_blocks() was removed long time ago.
And the error code will be logged in ocfs2_extent_map_get_blocks() once
ocfs2_get_cluster() fails, so fix this by only logging inode and block.
Link: https://syzkaller.appspot.com/bug?extid=9709e73bae885b05314b
Link: https://lkml.kernel.org/r/20240925090600.3643376-1-joseph.qi@linux.alibaba.com
Fixes:
|
||
Heming Zhao
|
ff1500fe26 |
ocfs2: fix the la space leak when unmounting an ocfs2 volume
commit dfe6c5692fb525e5e90cefe306ee0dffae13d35f upstream. This bug has existed since the initial OCFS2 code. The code logic in ocfs2_sync_local_to_main() is wrong, as it ignores the last contiguous free bits, which causes an OCFS2 volume to lose the last free clusters of LA window on each umount command. Link: https://lkml.kernel.org/r/20240719114310.14245-1-heming.zhao@suse.com Signed-off-by: Heming Zhao <heming.zhao@suse.com> Reviewed-by: Su Yue <glass.su@suse.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: Heming Zhao <heming.zhao@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ferry Meng
|
57a3d89831 |
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
[ Upstream commit af77c4fc1871847b528d58b7fdafb4aa1f6a9262 ] xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.com Signed-off-by: Ferry Meng <mengferry@linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reported-by: lei lu <llfamsec@gmail.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jun Piao <piaojun@huawei.com> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Ferry Meng
|
34759b7e44 |
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
[ Upstream commit 9e3041fecdc8f78a5900c3aa51d3d756e73264d6 ] Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images. Link: https://lkml.kernel.org/r/20240520024024.1976129-1-joseph.qi@linux.alibaba.com Signed-off-by: Ferry Meng <mengferry@linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reported-by: lei lu <llfamsec@gmail.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8c417688f0 |
This is the 5.10.223 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmaksnwACgkQONu9yGCS
aT4PcQ//fATT8wjblT5zZ2dKy/LsTD8xKD8YfNKJDYvuYIMtli1hXmpQeeY237yt
d/zepYo4pN6onVa00S0gob2TUeR+Zz1/o++blIGsHzU26wme6hkSyvrFys88dR+h
BDTscrW9Q5ApFg7pJxvqkj+kpirqskXVXS1g2b7OA/8JY1hmDX6X9vxlwXJTaam2
wjUv+xblOAptmuTmZWxvgiezqJ6nwU8085+F60TOhDdOjx5MAmDbdVqDv2hXQE/U
VIjZqhUFXxomckwjaN9B2lAFYWxT30aR9+OKUzuck3eLEe4xrcohv6NdZ88obHRM
8YWqjjubYhpkfnQ+AsCTPFFNeK3NbnhDADwLIazPdyNUnd76HhVfs/yZOuE/hWPi
mLz7o+UUBwdmR13qJzYwAgN/ddLZV4VGCmRma3XneSwOAQhEkHomlSjplOc7GafG
QgKTxM7tmbcdM/NTH6Am+Bc3y9nI2NkjgV5fafant6xj++n7HDAI07UK5L/vUMcF
QxA/jn74MB9YG71BKXRT6xfVRhUGLQ/OMXBxdyUvUOFCa7nggYm7qCI+S5KdUz50
UP7KPmBBntsd6Mr06QaH+fgXszjZSSHXhHgeL5QRFZDUVvOWK66XS5S3Z+Ll3xgc
/26iJ1qYuGFj4k34ab6lM3q2ZuHAT1jS5URY6uVwxWN2BJDvGDQ=
=7Kf2
-----END PGP SIGNATURE-----
Merge 5.10.223 into android12-5.10-lts
Changes in 5.10.223
gcc-plugins: Rename last_stmt() for GCC 14+
filelock: Remove locks reliably when fcntl/close race is detected
scsi: qedf: Set qed_slowpath_params to zero before use
ACPI: EC: Abort address space access upon error
ACPI: EC: Avoid returning AE_OK on errors in address space handler
wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata
wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan()
selftests/openat2: Fix build warnings on ppc64
Input: silead - Always support 10 fingers
net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input()
ila: block BH in ila_output()
arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process
null_blk: fix validation of block size
kconfig: gconf: give a proper initial state to the Save button
kconfig: remove wrong expr_trans_bool()
fs/file: fix the check in find_next_fd()
mei: demote client disconnect warning on suspend to debug
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
ALSA: hda/realtek: Add more codec ID to no shutup pins list
mips: fix compat_sys_lseek syscall
Input: elantech - fix touchpad state on resume for Lenovo N24
Input: i8042 - add Ayaneo Kun to i8042 quirk table
bytcr_rt5640 : inverse jack detect for Archos 101 cesium
ALSA: dmaengine: Synchronize dma channel after drop()
ASoC: ti: davinci-mcasp: Set min period size using FIFO config
ASoC: ti: omap-hdmi: Fix too long driver name
can: kvaser_usb: fix return value for hif_usb_send_regout
s390/sclp: Fix sclp_init() cleanup on failure
btrfs: qgroup: fix quota root leak after quota disable failure
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx
ALSA: dmaengine_pcm: terminate dmaengine before synchronize
net: usb: qmi_wwan: add Telit FN912 compositions
net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()
powerpc/pseries: Whitelist dtl slub object for copying to userspace
powerpc/eeh: avoid possible crash when edev->pdev changes
scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
fs: better handle deep ancestor chains in is_subdir()
spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
selftests/vDSO: fix clang build errors and warnings
hfsplus: fix uninit-value in copy_name
spi: mux: set ctlr->bits_per_word_mask
ARM: 9324/1: fix get_user() broken with veneer
ACPI: processor_idle: Fix invalid comparison with insertion sort for latency
bpf: Fix overrunning reservations in ringbuf
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
scsi: core: Fix a use-after-free
ext4: fix error code saved on super block during file system abort
ext4: Send notifications on error
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
net: relax socket state check at accept time.
ocfs2: add bounds checking to ocfs2_check_dir_entry()
jfs: don't walk off the end of ealist
ALSA: hda/realtek: Enable headset mic on Positivo SU C1400
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB
ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused
filelock: Fix fcntl/close race recovery compat path
tun: add missing verification for short frame
tap: add missing verification for short frame
Linux 5.10.223
Change-Id: I588f4e47f0b1d442e0bf6d14ac923105e2e1909c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
lei lu
|
77495e5da5 |
ocfs2: add bounds checking to ocfs2_check_dir_entry()
commit 255547c6bb8940a97eea94ef9d464ea5967763fb upstream. This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. Link: https://lkml.kernel.org/r/20240626104433.163270-1-llfamsec@gmail.com Signed-off-by: lei lu <llfamsec@gmail.com> Reviewed-by: Heming Zhao <heming.zhao@suse.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2ebd481b31 |
Merge 5.10.221 into android12-5.10-lts
Changes in 5.10.221 tracing/selftests: Fix kprobe event name test for .isra. functions null_blk: Print correct max open zones limit in null_init_zoned_dev() wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() wifi: cfg80211: pmsr: use correct nla_get_uX functions wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef wifi: iwlwifi: mvm: check n_ssids before accessing the ssids wifi: iwlwifi: mvm: don't read past the mfuart notifcation wifi: mac80211: correctly parse Spatial Reuse Parameter Set element net/ncsi: add NCSI Intel OEM command to keep PHY up net/ncsi: Simplify Kconfig/dts control flow net/ncsi: Fix the multi thread manner of NCSI driver ipv6: sr: block BH in seg6_output_core() and seg6_input_core() net: sched: sch_multiq: fix possible OOB write in multiq_tune() vxlan: Fix regression when dropping packets due to invalid src addresses tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP ptp: Fix error message on failed pin verification af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). ipv6: fix possible race in __fib6_drop_pcpu_from() usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete drm/amd/display: Handle Y carry-over in VCP X.Y calculation serial: sc16is7xx: replace hardcoded divisor value with BIT() macro serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler mmc: davinci: Don't strip remove function when driver is builtin selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: conform test to TAP format output selftests/mm: compaction_test: fix bogus test success on Aarch64 btrfs: fix leak of qgroup extent records after transaction abort nilfs2: Remove check for PageError nilfs2: return the mapped address from nilfs_get_page() nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages mei: me: release irq in mei_me_pci_resume error path jfs: xattr: fix buffer overflow for invalid xattr xhci: Set correct transferred length for cancelled bulk transfers xhci: Apply reset resume quirk to Etron EJ188 xHCI host xhci: Apply broken streams quirk to Etron EJ188 xHCI host scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory powerpc/uaccess: Fix build errors seen with GCC 13/14 Input: try trimming too long modalias strings SUNRPC: return proper error from gss_wrap_req_priv gpio: tqmx86: fix typo in Kconfig label HID: core: remove unnecessary WARN_ON() in implement() gpio: tqmx86: store IRQ trigger type and unmask status separately iommu/amd: Introduce pci segment structure iommu/amd: Fix sysfs leak in iommu init iommu: Return right value in iommu_sva_bind_device() HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() drm/vmwgfx: 3D disabled should not effect STDU memory limits net: sfp: Always call `sfp_sm_mod_remove()` on remove net: hns3: add cond_resched() to hns3 ring buffer init process liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet drm/komeda: check for error-valued pointer drm/bridge/panel: Fix runtime warning on panel bridge release tcp: fix race in tcp_v6_syn_recv_sock() net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters net/ipv6: Fix the RT cache flush via sysctl using a previous delay ionic: fix use after netif_napi_del() iio: adc: ad9467: fix scan type sign iio: dac: ad5592r: fix temperature channel scaling value iio: imu: inv_icm42600: delete unneeded update watermark call drivers: core: synchronize really_probe() and dev_uevent() drm/exynos/vidi: fix memory leak in .get_modes() drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found vmci: prevent speculation leaks by sanitizing event in event_deliver() fs/proc: fix softlockup in __read_vmcore ocfs2: use coarse time for new created files ocfs2: fix races between hole punching and AIO+DIO PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id dmaengine: axi-dmac: fix possible race in remove() remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs intel_th: pci: Add Granite Rapids support intel_th: pci: Add Granite Rapids SOC support intel_th: pci: Add Sapphire Rapids SOC support intel_th: pci: Add Meteor Lake-S support intel_th: pci: Add Lunar Lake support nilfs2: fix potential kernel bug due to lack of writeback flag waiting tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level hugetlb_encode.h: fix undefined behaviour (34 << 26) mptcp: ensure snd_una is properly initialized on connect mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID mptcp: pm: update add_addr counters after connect remoteproc: k3-r5: Jump to error handling labels in start/stop errors greybus: Fix use-after-free bug in gb_interface_release due to race condition. usb-storage: alauda: Check whether the media is initialized i2c: at91: Fix the functionality flags of the slave-only interface i2c: designware: Fix the functionality flags of the slave-only interface zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING padata: Disable BH when taking works lock on MT path rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment rcutorture: Fix invalid context warning when enable srcu barrier testing block/ioctl: prefer different overflow check selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh selftests/bpf: Fix flaky test btf_map_in_map/lookup_update batman-adv: bypass empty buckets in batadv_purge_orig_ref() wifi: ath9k: work around memset overflow warning af_packet: avoid a false positive warning in packet_setsockopt() drop_monitor: replace spin_lock by raw_spin_lock scsi: qedi: Fix crash while reading debugfs attribute kselftest: arm64: Add a null pointer check netpoll: Fix race condition in netpoll_owner_active HID: Add quirk for Logitech Casa touchpad ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl drm/amd/display: Exit idle optimizations before HDCP execution ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 drm/lima: add mask irq callback to gp and pp drm/lima: mask irqs in timeout path before hard reset powerpc/pseries: Enforce hcall result buffer validity and size powerpc/io: Avoid clang null pointer arithmetic warnings power: supply: cros_usbpd: provide ID table for avoiding fallback match iommu/arm-smmu-v3: Free MSIs in case of ENOMEM f2fs: remove clear SB_INLINECRYPT flag in default_options usb: misc: uss720: check for incompatible versions of the Belkin F5U002 udf: udftime: prevent overflow in udf_disk_stamp_to_time() PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports MIPS: Octeon: Add PCIe link status check serial: exar: adding missing CTI and Exar PCI ids MIPS: Routerboard 532: Fix vendor retry check code mips: bmips: BCM6358: make sure CBR is correctly set tracing: Build event generation tests only as modules cipso: fix total option length computation netrom: Fix a memory leak in nr_heartbeat_expiry() ipv6: prevent possible NULL deref in fib6_nh_init() ipv6: prevent possible NULL dereference in rt6_probe() xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() netns: Make get_net_ns() handle zero refcount net qca_spi: Make interrupt remembering atomic net/sched: act_api: rely on rcu in tcf_idr_check_alloc net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() tipc: force a dst refcount before doing decryption net/sched: act_ct: set 'net' pointer when creating new nf_flow_table sched: act_ct: add netns into the key of tcf_ct_flow_table net: stmmac: No need to calculate speed divider when offload is disabled virtio_net: checksum offloading handling fix netfilter: ipset: Fix suspicious rcu_dereference_protected() net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings regulator: core: Fix modpost error "regulator_get_regmap" undefined dmaengine: ioat: switch from 'pci_' to 'dma_' API dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() dmaengine: ioatdma: Fix leaking on version mismatch dmaengine: ioat: use PCI core macros for PCIe Capability dmaengine: ioatdma: Fix error path in ioat3_dma_probe() dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() dmaengine: ioatdma: Fix missing kmem_cache_destroy() ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." RDMA/mlx5: Add check for srq max_sge attribute ALSA: hda/realtek: Limit mic boost on N14AP7 drm/radeon: fix UBSAN warning in kv_dpm.c gcov: add support for GCC 14 kcov: don't lose track of remote references during softirqs i2c: ocores: set IACK bit after core is enabled dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema drm/amd/display: revert Exit idle optimizations before HDCP execution ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat rtlwifi: rtl8192de: Style clean-ups wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power pmdomain: ti-sci: Fix duplicate PD referrals knfsd: LOOKUP can return an illegal error value spmi: hisi-spmi-controller: Do not override device identifier bcache: fix variable length array abuse in btree_iter tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test x86/cpu/vfm: Add new macros to work with (vendor/family/model) values x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL r8169: remove unneeded memory barrier in rtl_tx r8169: improve rtl_tx r8169: improve rtl8169_start_xmit r8169: remove nr_frags argument from rtl_tx_slots_avail r8169: remove not needed check in rtl8169_start_xmit r8169: Fix possible ring buffer corruption on fragmented Tx packets. Revert "kheaders: substituting --sort in archive creation" kheaders: explicitly define file modes for archived headers perf/core: Fix missing wakeup when waiting for context reference PCI: Add PCI_ERROR_RESPONSE and related definitions x86/amd_nb: Check for invalid SMN reads cifs: missed ref-counting smb session in find smb: client: fix deadlock in smb2_find_smb_tcon() ACPI: Add quirks for AMD Renoir/Lucienne CPUs to force the D3 hint ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable ACPI: x86: Add another system to quirk list for forcing StorageD3Enable ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable ACPI: x86: Force StorageD3Enable on more products Input: ili210x - fix ili251x_read_touch_data() return value pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins pinctrl/rockchip: separate struct rockchip_pin_bank to a head file pinctrl: rockchip: use dedicated pinctrl type for RK3328 pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set drm/amdgpu: fix UBSAN warning in kv_dpm.c netfilter: nf_tables: validate family when identifying table via handle SUNRPC: Fix null pointer dereference in svc_rqst_free() SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation SUNRPC: Fix svcxdr_init_encode's buflen calculation nfsd: hold a lighter-weight client reference over CB_RECALL_ANY ASoC: fsl-asoc-card: set priv->pdev before using it net: dsa: microchip: fix initial port flush problem net: phy: micrel: add Microchip KSZ 9477 to the device table xdp: Move the rxq_info.mem clearing to unreg_mem_model() xdp: Allow registering memory model without rxq reference xdp: Remove WARN() from __xdp_reg_mem_model() sparc: fix old compat_sys_select() sparc: fix compat recv/recvfrom syscalls parisc: use correct compat recv/recvfrom syscalls netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep mtd: partitions: redboot: Added conversion of operands to a larger type bpf: Add a check for struct bpf_fib_lookup size net/iucv: Avoid explicit cpumask var allocation on stack net/dpaa2: Avoid explicit cpumask var allocation on stack ALSA: emux: improve patch ioctl data validation media: dvbdev: Initialize sbuf soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message drm/radeon/radeon_display: Decrease the size of allocated memory nvme: fixup comment for nvme RDMA Provider Type drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA gpio: davinci: Validate the obtained number of IRQs gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) x86: stop playing stack games in profile_pc() ocfs2: fix DIO failure due to insufficient transaction credits mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos mmc: sdhci: Do not invert write-protect twice mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() counter: ti-eqep: enable clock at probe iio: adc: ad7266: Fix variable checking bug iio: chemical: bme680: Fix pressure value output iio: chemical: bme680: Fix calibration data variable iio: chemical: bme680: Fix overflows in compensate() functions iio: chemical: bme680: Fix sensor data read operation net: usb: ax88179_178a: improve link status logs usb: gadget: printer: SS+ support usb: gadget: printer: fix races against disable usb: musb: da8xx: fix a resource leak in probe() usb: atm: cxacru: fix endpoint checking in cxacru_bind() serial: 8250_omap: Implementation of Errata i2310 tty: mcf: MCF54418 has 10 UARTS net: can: j1939: Initialize unused data in j1939_send_one() net: can: j1939: recover socket queue on CAN bus error during BAM transmission net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new kbuild: Install dtb files as 0644 in Makefile.dtbinst csky, hexagon: fix broken sys_sync_file_range hexagon: fix fadvise64_64 calling conventions drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes drm/i915/gt: Fix potential UAF by revoke of fence registers drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes batman-adv: Don't accept TT entries for out-of-spec VIDs ata: ahci: Clean up sysfs file on error ata: libata-core: Fix double free on error ftruncate: pass a signed offset syscalls: fix compat_sys_io_pgetevents_time64 usage mtd: spinand: macronix: Add support for serial NAND flash pwm: stm32: Refuse too small period requests nfs: Leave pages in the pagecache if readpage failed ipv6: annotate some data-races around sk->sk_prot ipv6: Fix data races around sk->sk_prot. tcp: Fix data races around icsk->icsk_af_ops. drivers: fix typo in firmware/efi/memmap.c efi: Correct comment on efi_memmap_alloc efi: memmap: Move manipulation routines into x86 arch tree efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures efi/x86: Free EFI memory map only when installing a new one. KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node arm64: dts: rockchip: Add sound-dai-cells for RK3368 xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). serial: 8250_omap: Fix Errata i2310 with RX FIFO level check tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() Linux 5.10.221 Change-Id: Icac1c62fcbda5102be7ea031121f28d6fee36875 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jan Kara
|
a68b896aa5 |
ocfs2: fix DIO failure due to insufficient transaction credits
commit be346c1a6eeb49d8fda827d2a9522124c2f72f36 upstream.
The code in ocfs2_dio_end_io_write() estimates number of necessary
transaction credits using ocfs2_calc_extend_credits(). This however does
not take into account that the IO could be arbitrarily large and can
contain arbitrary number of extents.
Extent tree manipulations do often extend the current transaction but not
in all of the cases. For example if we have only single block extents in
the tree, ocfs2_mark_extent_written() will end up calling
ocfs2_replace_extent_rec() all the time and we will never extend the
current transaction and eventually exhaust all the transaction credits if
the IO contains many single block extents. Once that happens a
WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in
jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to
this error. This was actually triggered by one of our customers on a
heavily fragmented OCFS2 filesystem.
To fix the issue make sure the transaction always has enough credits for
one extent insert before each call of ocfs2_mark_extent_written().
Heming Zhao said:
------
PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error"
PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA"
#0 machine_kexec at ffffffff8c069932
#1 __crash_kexec at ffffffff8c1338fa
#2 panic at ffffffff8c1d69b9
#3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]
#4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]
#5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]
#6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]
#7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]
#8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]
#9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]
#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]
#11 dio_complete at ffffffff8c2b9fa7
#12 do_blockdev_direct_IO at ffffffff8c2bc09f
#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]
#14 generic_file_direct_write at ffffffff8c1dcf14
#15 __generic_file_write_iter at ffffffff8c1dd07b
#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]
#17 aio_write at ffffffff8c2cc72e
#18 kmem_cache_alloc at ffffffff8c248dde
#19 do_io_submit at ffffffff8c2ccada
#20 do_syscall_64 at ffffffff8c004984
#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba
Link: https://lkml.kernel.org/r/20240617095543.6971-1-jack@suse.cz
Link: https://lkml.kernel.org/r/20240614145243.8837-1-jack@suse.cz
Fixes:
|
||
Su Yue
|
050ce8af68 |
ocfs2: fix races between hole punching and AIO+DIO
commit 952b023f06a24b2ad6ba67304c4c84d45bea2f18 upstream.
After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block",
fstests/generic/300 become from always failed to sometimes failed:
========================================================================
[ 473.293420 ] run fstests generic/300
[ 475.296983 ] JBD2: Ignoring recovery information on journal
[ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode.
[ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found
[ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[ 494.292018 ] OCFS2: File system is now read-only.
[ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30
[ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3
fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072
=========================================================================
In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten
extents to a list. extents are also inserted into extent tree in
ocfs2_write_begin_nolock. Then another thread call fallocate to puch a
hole at one of the unwritten extent. The extent at cpos was removed by
ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list
found there is no such extent at the cpos.
T1 T2 T3
inode lock
...
insert extents
...
inode unlock
ocfs2_fallocate
__ocfs2_change_file_space
inode lock
lock ip_alloc_sem
ocfs2_remove_inode_range inode
ocfs2_remove_btree_range
ocfs2_remove_extent
^---remove the extent at cpos 78723
...
unlock ip_alloc_sem
inode unlock
ocfs2_dio_end_io
ocfs2_dio_end_io_write
lock ip_alloc_sem
ocfs2_mark_extent_written
ocfs2_change_extent_flag
ocfs2_search_extent_list
^---failed to find extent
...
unlock ip_alloc_sem
In most filesystems, fallocate is not compatible with racing with AIO+DIO,
so fix it by adding to wait for all dio before fallocate/punch_hole like
ext4.
Link: https://lkml.kernel.org/r/20240408082041.20925-3-glass.su@suse.com
Fixes:
|
||
|
Su Yue
|
11a075a1c8 |
ocfs2: use coarse time for new created files
commit b8cb324277ee16f3eca3055b96fce4735a5a41c6 upstream.
The default atime related mount option is '-o realtime' which means file
atime should be updated if atime <= ctime or atime <= mtime. atime should
be updated in the following scenario, but it is not:
==========================================================
$ rm /mnt/testfile;
$ echo test > /mnt/testfile
$ stat -c "%X %Y %Z" /mnt/testfile
1711881646 1711881646 1711881646
$ sleep 5
$ cat /mnt/testfile > /dev/null
$ stat -c "%X %Y %Z" /mnt/testfile
1711881646 1711881646 1711881646
==========================================================
And the reason the atime in the test is not updated is that ocfs2 calls
ktime_get_real_ts64() in __ocfs2_mknod_locked during file creation. Then
inode_set_ctime_current() is called in inode_set_ctime_current() calls
ktime_get_coarse_real_ts64() to get current time.
ktime_get_real_ts64() is more accurate than ktime_get_coarse_real_ts64().
In my test box, I saw ctime set by ktime_get_coarse_real_ts64() is less
than ktime_get_real_ts64() even ctime is set later. The ctime of the new
inode is smaller than atime.
The call trace is like:
ocfs2_create
ocfs2_mknod
__ocfs2_mknod_locked
....
ktime_get_real_ts64 <------- set atime,ctime,mtime, more accurate
ocfs2_populate_inode
...
ocfs2_init_acl
ocfs2_acl_set_mode
inode_set_ctime_current
current_time
ktime_get_coarse_real_ts64 <-------less accurate
ocfs2_file_read_iter
ocfs2_inode_lock_atime
ocfs2_should_update_atime
atime <= ctime ? <-------- false, ctime < atime due to accuracy
So here call ktime_get_coarse_real_ts64 to set inode time coarser while
creating new files. It may lower the accuracy of file times. But it's
not a big deal since we already use coarse time in other places like
ocfs2_update_inode_atime and inode_set_ctime_current.
Link: https://lkml.kernel.org/r/20240408082041.20925-5-glass.su@suse.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
8026d5839b |
This is the 5.10.195 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUJdfMACgkQONu9yGCS
aT7i/w//Wbvt3F9hF/9Rmg9A4J23OWl2o07Z8Fi0a4F4B0FJjuQGSPRvpSvKtIWv
+7taCzOw9+Qi52hTR7BK+QpLpEPgMbv1IdgyPu1gtjL4WHuKk1aOeafISYuQDgeZ
XSFoV1EGjxkg3wbMZkucnmQVitGxC/iV0ojvxKleiIE9UNzceQclGmmBL0FwmEYp
c91XKEACZ5K/spSyyxocP4Fw6mbk98ISiju+74op5EDFry9qnIYa2pU/au3gZvh/
TScOYOQsBojOFTy/wuEfpOiVBK9gLFq8du0J/gHS2aUqswkp/qFcpH7wbS5Po3+l
Ja9a76o2B4btMCz6UhyhwzB+0QTQ1Gdea35FHRbF3d4ssNJDqDtwBCHqd3zeMUYo
uTDhyTsSGV40Gm9A5Sojyzjgj4X12rQ0ffL+zcXfXe60flE8SNIxR8DiIXPlAsC+
pgNQ5l/HcdJE1abRoTkvpsptaT2sNXgwZZij+VOBI3Vp4wr61U69CfP/QWWPZZF5
ECEh8ZDK1roiEyBjn6njqXmt5vbmNasgI5umgnNPBgKEB2OLXqox6rn9XK0qMJ+X
/oiCaL9RveU/QL5qNvV6Z2beXPwT51Vdy8+bQBfb5bUFRGQcTVIWaBRG0ZIHeSGm
pG10/VAnCGtNrC6M/HVGd0Wyih+ur65Jz/rNKbkMX69cvJuxPWk=
=RAs8
-----END PGP SIGNATURE-----
Merge 5.10.195 into android12-5.10-lts
Changes in 5.10.195
erofs: ensure that the post-EOF tails are all zeroed
ARM: pxa: remove use of symbol_get()
mmc: au1xmmc: force non-modular build and remove symbol_get usage
net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
USB: serial: option: add Quectel EM05G variant (0x030e)
USB: serial: option: add FOXCONN T99W368/T99W373 product
usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
HID: wacom: remove the battery when the EKR is off
staging: rtl8712: fix race condition
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
configfs: fix a race in configfs_lookup()
serial: qcom-geni: fix opp vote on shutdown
serial: sc16is7xx: fix broken port 0 uart init
serial: sc16is7xx: fix bug when first setting GPIO direction
firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
fsi: master-ast-cf: Add MODULE_FIRMWARE macro
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
pinctrl: amd: Don't show `Invalid config param` errors
ASoC: rt5682: Fix a problem with error handling in the io init function of the soundwire
ARM: dts: imx: update sdma node name format
ARM: dts: imx7s: Drop dma-apb interrupt-names
ARM: dts: imx: Adjust dma-apbh node name
ARM: dts: imx: Set default tuning step for imx7d usdhc
phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code
media: pulse8-cec: handle possible ping error
media: pci: cx23885: fix error handling for cx23885 ATSC boards
9p: virtio: make sure 'offs' is initialized in zc_request
ASoC: da7219: Flush pending AAD IRQ when suspending
ASoC: da7219: Check for failure reading AAD IRQ events
ethernet: atheros: fix return value check in atl1c_tso_csum()
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
s390/dasd: fix hanging device after request requeue
fs/nls: make load_nls() take a const parameter
ASoc: codecs: ES8316: Fix DMIC config
ASoC: atmel: Fix the 8K sample parameter in I2SC master
platform/x86: intel: hid: Always call BTNL ACPI method
platform/x86: huawei-wmi: Silence ambient light sensor
drm/amd/display: Exit idle optimizations before attempt to access PHY
ovl: Always reevaluate the file signature for IMA
ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer()
security: keys: perform capable check only on privileged operations
kprobes: Prohibit probing on CFI preamble symbol
clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM
vmbus_testing: fix wrong python syntax for integer value comparison
net: usb: qmi_wwan: add Quectel EM05GV2
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
sctp: handle invalid error codes without calling BUG()
scsi: storvsc: Always set no_report_opcodes
ALSA: seq: oss: Fix racy open/close of MIDI devices
tracing: Introduce pipe_cpumask to avoid race on trace_pipes
platform/mellanox: Fix mlxbf-tmfifo not handling all virtio CONSOLE notifications
net: Avoid address overwrite in kernel_connect
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Revert "net: macsec: preserve ingress frame ordering"
reiserfs: Check the return value from __getblk()
eventfd: Export eventfd_ctx_do_read()
eventfd: prevent underflow for eventfd semaphores
fs: Fix error checking for d_hash_and_lookup()
tmpfs: verify {g,u}id mount options correctly
selftests/harness: Actually report SKIP for signal tests
refscale: Fix uninitalized use of wait_queue_head_t
OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd()
selftests/resctrl: Don't leak buffer in fill_cache()
selftests/resctrl: Unmount resctrl FS if child fails to run benchmark
selftests/resctrl: Close perf value read fd on errors
x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved
perf/imx_ddr: don't enable counter0 if none of 4 counters are used
s390/pkey: fix/harmonize internal keyblob headers
s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs
x86/efistub: Fix PCI ROM preservation in mixed mode
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
bpftool: Use a local bpf_perf_event_value to fix accessing its fields
bpf: Clear the probe_addr for uprobe
tcp: tcp_enter_quickack_mode() should be static
hwrng: nomadik - keep clock enabled while hwrng is registered
regmap: rbtree: Use alloc_flags for memory allocations
udp: re-score reuseport groups when connected sockets are present
bpf: reject unhashed sockets in bpf_sk_assign
wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mwifiex: Fix OOB and integer underflow when rx packets
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
selftests/bpf: fix static assert compilation issue for test_cls_*.c
crypto: stm32 - Properly handle pm_runtime_get failing
crypto: api - Use work queue in crypto_destroy_instance
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
Bluetooth: Fix potential use-after-free when clear keys
net: tcp: fix unexcepted socket die when snd_wnd is 0
selftests/bpf: Clean up fmod_ret in bench_rename test script
ice: ice_aq_check_events: fix off-by-one check when filling buffer
crypto: caam - fix unchecked return value error
hwrng: iproc-rng200 - Implement suspend and resume calls
lwt: Fix return values of BPF xmit ops
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
samples/bpf: fix broken map lookup probe
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: mwifiex: avoid possible NULL skb pointer dereference
Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave()
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
net: arcnet: Do not call kfree_skb() under local_irq_disable()
mlxsw: i2c: Fix chunk size setting in output mailbox buffer
mlxsw: i2c: Limit single transaction buffer size
hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
net/sched: sch_hfsc: Ensure inner classes have fsc curve
netrom: Deny concurrent connect().
drm/bridge: tc358764: Fix debug print parameter order
quota: factor out dquot_write_dquot()
quota: rename dquot_active() to inode_quota_active()
quota: add new helper dquot_active()
quota: fix dqput() to follow the guarantees dquot_srcu should provide
ASoC: stac9766: fix build errors with REGMAP_AC97
soc: qcom: ocmem: Add OCMEM hardware version print
soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name
ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
drm/etnaviv: fix dumping of active MMU context
x86/mm: Fix PAT bit missing from page protection modify mask
ARM: dts: s3c64xx: align pinctrl with dtschema
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s5pv210: adjust node names to DT spec
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC
arm64: dts: qcom: sdm845: Fix the min frequency of "ice_core_clk"
drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl'
md/bitmap: don't set max_write_behind if there is no write mostly device
md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
drm/tegra: Remove superfluous error messages around platform_get_irq()
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
drm/armada: Fix off-by-one error in armada_overlay_get_property()
drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01
ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig
drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
drm/msm/mdp5: Don't leak some plane state
firmware: meson_sm: fix to avoid potential NULL pointer dereference
smackfs: Prevent underflow in smk_set_cipso()
drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create()
drm/msm/a2xx: Call adreno_gpu_init() earlier
audit: fix possible soft lockup in __audit_inode_child()
bus: ti-sysc: Fix build warning for 64-bit build
drm/mediatek: Fix potential memory leak if vmap() fail
bus: ti-sysc: Fix cast to enum warning
of: unittest: Fix overlay type in apply/revert check
ALSA: ac97: Fix possible error value of *rac97
ipmi:ssif: Add check for kstrdup
ipmi:ssif: Fix a memory leak when scanning for an adapter
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
clk: sunxi-ng: Modify mismatched function name
clk: qcom: gcc-sc7180: use ARRAY_SIZE instead of specifying num_parents
clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
ext4: correct grp validation in ext4_mb_good_group
clk: qcom: gcc-sm8250: use ARRAY_SIZE instead of specifying num_parents
clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src
clk: qcom: reset: Use the correct type of sleep/delay based on length
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
pinctrl: mcp23s08: check return value of devm_kasprintf()
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI/ASPM: Use RMW accessors for changing LNKCTL
clk: imx8mp: fix sai4 clock
clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op
vfio/type1: fix cap_migration information leak
powerpc/fadump: reset dump area size if fadump memory reserve fails
powerpc/perf: Convert fsl_emb notifier to state machine callbacks
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/radeon: Use RMW accessors for changing LNKCTL
net/mlx5: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
powerpc: Don't include lppaca.h in paca.h
powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT
nfs/blocklayout: Use the passed in gfp flags
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN
NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ
media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables
media: i2c: tvp5150: check return value of devm_kasprintf()
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
scsi: hisi_sas: Print SAS address for v3 hw erroneous completion print
scsi: libsas: Introduce more SAM status code aliases in enum exec_status
scsi: hisi_sas: Modify v3 HW SSP underflow error processing
scsi: hisi_sas: Modify v3 HW SATA completion error processing
scsi: hisi_sas: Fix warnings detected by sparse
scsi: hisi_sas: Fix normally completed I/O analysed as failed
media: rkvdec: increase max supported height for H.264
media: mediatek: vcodec: Return NULL if no vdec_fb is found
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: RDMA/srp: Fix residual handling
scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param()
scsi: iscsi: Add length check for nlattr payload
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
serial: sprd: Assign sprd_port after initialized to avoid wrong access
serial: sprd: Fix DMA buffer leak issue
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
coresight: tmc: Explicit type conversions to prevent integer overflow
dma-buf/sync_file: Fix docs syntax
driver core: test_async: fix an error code
IB/uverbs: Fix an potential error pointer dereference
fsi: aspeed: Reset master errors after CFAM reset
iommu/qcom: Disable and reset context bank before programming
iommu/vt-d: Fix to flush cache of PASID directory table
media: go7007: Remove redundant if statement
USB: gadget: f_mass_storage: Fix unused variable warning
media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
media: ov2680: Remove auto-gain and auto-exposure controls
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
cgroup:namespace: Remove unused cgroup_namespaces_init()
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
RDMA/siw: Balance the reference of cep->kref in the error path
RDMA/siw: Correct wrong debug message
HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode()
HID: multitouch: Correct devm device reference for hidinput input_dev name
x86/speculation: Mark all Skylake CPUs as vulnerable to GDS
tracing: Fix race issue between cpu buffer write and swap
mtd: rawnand: brcmnand: Fix mtd oobsize
phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate
phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write
rpmsg: glink: Add check for kstrdup
mtd: spi-nor: Check bus width while setting QE bit
mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume()
um: Fix hostaudio build errors
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
cpufreq: Fix the race condition while updating the transition_task of policy
virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
skbuff: skb_segment, Call zero copy functions before using skbuff frags
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
printk: ringbuffer: Fix truncating buffer size min_t cast
scsi: core: Fix the scsi_set_resid() documentation
ipmi_si: fix a memleak in try_smi_init()
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
xtensa: PMU: fix base address for the newer hardware
arm64: csum: Fix OoB access in IP checksum code for negative lengths
media: dvb: symbol fixup for dvb_attach()
Revert "scsi: qla2xxx: Fix buffer overrun"
scsi: mpt3sas: Perform additional retries if doorbell read returns 0
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
dlm: fix plock lookup when using multiple lockspaces
dccp: Fix out of bounds access in DCCP error handler
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
fsverity: skip PKCS#7 parser when keyring is empty
pstore/ram: Check start of empty przs during init
s390/ipl: add missing secure/has_secure file to ipl type 'unknown'
crypto: stm32 - fix loop iterating through scatterlist for DMA
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
usb: typec: bus: verify partner exists in typec_altmode_attention
USB: core: Unite old scheme and new scheme descriptor reads
USB: core: Change usb_get_device_descriptor() API
USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
USB: core: Fix oversight in SuperSpeed initialization
usb: typec: tcpci: clear the fault status bit
tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY
md/md-bitmap: remove unnecessary local variable in backlog_store()
udf: initialize newblock to 0
net/ipv6: SKB symmetric hash should incorporate transport ports
io_uring: always lock in io_apoll_task_func
io_uring: break out of iowq iopoll on teardown
io_uring: break iopolling on signal
scsi: qla2xxx: Fix deletion race condition
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Fix erroneous link up failure
scsi: qla2xxx: Turn off noisy message log
scsi: qla2xxx: Remove unsupported ql2xenabledif option
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
drm/ast: Fix DRAM init on AST2200
lib/test_meminit: allocate pages up to order MAX_ORDER
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
pinctrl: cherryview: fix address_space_handler() argument
dt-bindings: clock: xlnx,versal-clk: drop select:false
clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
soc: qcom: qmi_encdec: Restrict string length in decode
NFS: Fix a potential data corruption
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
kconfig: fix possible buffer overflow
backlight: gpio_backlight: Drop output GPIO direction check for initial power state
perf annotate bpf: Don't enclose non-debug code with an assert()
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
net/sched: fq_pie: avoid stalls in fq_pie_timer()
sctp: annotate data-races around sk->sk_wmem_queued
ipv4: annotate data-races around fi->fib_dead
net: read sk->sk_family once in sk_mc_loop()
drm/i915/gvt: Save/restore HW status to support GVT suspend/resume
drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
ipv4: ignore dst hint for multipath routes
igb: disable virtualization features on 82580
veth: Fixing transmit return status for dropped packets
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
s390/zcrypt: don't leak memory if dev_set_name() fails
idr: fix param name in idr_alloc_cyclic() doc
ip_tunnels: use DEV_STATS_INC()
net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload
net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
netfilter: nfnetlink_osf: avoid OOB read
net: hns3: fix the port information display when sfp is absent
sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
ext4: add correct group descriptors and reserved GDT blocks to system zone
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
fuse: nlookup missing decrement in fuse_direntplus_link
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
btrfs: use the correct superblock to compare fsid in btrfs_validate_super
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: rawnand: brcmnand: Fix potential false time out warning
drm/amd/display: prevent potential division by zero errors
perf hists browser: Fix hierarchy mode header
perf tools: Handle old data in PERF_RECORD_ATTR
perf hists browser: Fix the number of entries for 'e' key
ACPI: APEI: explicit init of HEST and GHES in apci_init()
arm64: sdei: abort running SDEI handlers during crash
scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry
scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe
scsi: qla2xxx: Fix crash in PCIe error handling
scsi: qla2xxx: Flush mailbox commands on chip reset
ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size
ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
bus: mhi: host: Skip MHI reset if device is in RDDM
net: ipv4: fix one memleak in __inet_del_ifa()
selftests/kselftest/runner/run_one(): allow running non-executable files
kselftest/runner.sh: Propagate SIGTERM to runner child
net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
hsr: Fix uninit-value access in fill_frame_info()
r8152: check budget for r8152_poll()
kcm: Fix memory leak in error path of kcm_sendmsg()
platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
ipv6: fix ip6_sock_set_addr_preferences() typo
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
drm/amd/display: Fix a bug when searching for insert_above_mpcc
parisc: Drop loops_per_jiffy from per_cpu struct
Linux 5.10.195
Change-Id: I4eef618f573b6d4201e05c9cf56088d77d712d97
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Artem Chernyshev
|
0fe11dd3fe |
fs: ocfs2: namei: check return value of ocfs2_add_entry()
[ Upstream commit 6b72e5f9e79360fce4f2be7fe81159fbdf4256a5 ]
Process result of ocfs2_add_entry() in case we have an error
value.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Link: https://lkml.kernel.org/r/20230803145417.177649-1-artem.chernyshev@red-soft.ru
Fixes:
|
||
|
Greg Kroah-Hartman
|
c6ac900e26 |
Merge 5.10.185 into android12-5.10-lts
Changes in 5.10.185 lib: cleanup kstrto*() usage kernel.h: split out kstrtox() and simple_strtox() to a separate header test_firmware: Use kstrtobool() instead of strtobool() test_firmware: prevent race conditions by a correct implementation of locking test_firmware: fix a memory leak with reqs buffer power: supply: ab8500: Fix external_power_changed race power: supply: sc27xx: Fix external_power_changed race power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() ARM: dts: vexpress: add missing cache properties tools: gpio: fix debounce_period_us output of lsgpio power: supply: Ratelimit no data debug output platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 regulator: Fix error checking for debugfs_create_dir irqchip/gic-v3: Disable pseudo NMIs on Mediatek devices w/ firmware issues power: supply: Fix logic checking if system is running from battery btrfs: scrub: try harder to mark RAID56 block groups read-only btrfs: handle memory allocation failure in btrfs_csum_one_bio ASoC: soc-pcm: test if a BE can be prepared parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu() parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory() MIPS: Alchemy: fix dbdma2 mips: Move initrd_start check after initrd address sanitisation. ASoC: dwc: move DMA init to snd_soc_dai_driver probe() xen/blkfront: Only check REQ_FUA for writes drm:amd:amdgpu: Fix missing buffer object unlock in failure path irqchip/gic: Correctly validate OF quirk descriptors io_uring: hold uring mutex around poll removal epoll: ep_autoremove_wake_function should use list_del_init_careful ocfs2: fix use-after-free when unmounting read-only filesystem ocfs2: check new file size on fallocate call nios2: dts: Fix tse_mac "max-frame-size" property nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() nilfs2: fix possible out-of-bounds segment allocation in resize ioctl kexec: support purgatories with .text.hot sections x86/purgatory: remove PGO flags powerpc/purgatory: remove PGO flags nouveau: fix client work fence deletion race RDMA/uverbs: Restrict usage of privileged QKEYs net: usb: qmi_wwan: add support for Compal RXM-G1 ALSA: hda/realtek: Add a quirk for Compaq N14JP6 Remove DECnet support from kernel USB: serial: option: add Quectel EM061KGL series serial: lantiq: add missing interrupt ack usb: dwc3: gadget: Reset num TRBs before giving back the request RDMA/rtrs: Fix the last iu->buf leak in err path spi: fsl-dspi: avoid SCK glitches with continuous transfers netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM net: enetc: correct the indexes of highest and 2nd highest TCs ping6: Fix send to link-local addresses with VRF. net/sched: cls_u32: Fix reference counter leak leading to overflow RDMA/rxe: Remove the unused variable obj RDMA/rxe: Removed unused name from rxe_task struct RDMA/rxe: Fix the use-before-initialization error of resp_pkts iavf: remove mask from iavf_irq_enable_queues() octeontx2-af: fixed resource availability check RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions RDMA/cma: Always set static rate to 0 for RoCE IB/uverbs: Fix to consider event queue closing also upon non-blocking mode IB/isert: Fix dead lock in ib_isert IB/isert: Fix possible list corruption in CMA handler IB/isert: Fix incorrect release of isert connection ipvlan: fix bound dev checking for IPv6 l3s mode sctp: fix an error code in sctp_sf_eat_auth() igb: fix nvm.ops.read() error handling drm/nouveau: don't detect DSM for non-NVIDIA device drm/nouveau/dp: check for NULL nv_connector->native_mode drm/nouveau: add nv_encoder pointer check for NULL ext4: drop the call to ext4_error() from ext4_get_group_info() net/sched: cls_api: Fix lockup on flushing explicitly created chain net: lapbether: only support ethernet devices net: tipc: resize nlattr array to correct size selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET afs: Fix vlserver probe RTT handling cgroup: always put cset in cgroup_css_set_put_fork rcu/kvfree: Avoid freeing new kfree_rcu() memory after old grace period neighbour: Remove unused inline function neigh_key_eq16() net: Remove unused inline function dst_hold_and_use() net: Remove DECnet leftovers from flow.h. neighbour: delete neigh_lookup_nodev as not used batman-adv: Switch to kstrtox.h for kstrtou64 mmc: block: ensure error propagation for non-blk mm/memory_hotplug: extend offline_and_remove_memory() to handle more than one memory block nilfs2: reject devices with insufficient block count media: dvbdev: Fix memleak in dvb_register_device media: dvbdev: fix error logic at dvb_register_device() media: dvb-core: Fix use-after-free due to race at dvb_register_device() drm/i915/dg1: Wait for pcode/uncore handshake at startup drm/i915/gen11+: Only load DRAM information from pcode um: Fix build w/o CONFIG_PM_SLEEP Linux 5.10.185 Change-Id: I05ba9c2e38c013c553c9f89e2a6b71ec9bdb0bd3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
6d62ca19a7 |
Merge 5.10.181 into android12-5.10-lts
Changes in 5.10.181
driver core: add a helper to setup both the of_node and fwnode of a device
drm/mipi-dsi: Set the fwnode for mipi_dsi_device
ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
linux/dim: Do nothing if no time delta between samples
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
netfilter: conntrack: fix possible bug_on with enable_hooks=1
netlink: annotate accesses to nlk->cb_running
net: annotate sk->sk_err write from do_recvmmsg()
net: deal with most data-races in sk_wait_event()
net: tap: check vlan with eth_type_vlan() method
net: add vlan_get_protocol_and_depth() helper
tcp: factor out __tcp_close() helper
tcp: add annotations around sk->sk_shutdown accesses
ipvlan:Fix out-of-bounds caused by unclear skb->cb
net: datagram: fix data-races in datagram_poll()
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
af_unix: Fix data races around sk->sk_shutdown.
drm/i915/dp: prevent potential div-by-zero
fbdev: arcfb: Fix error handling in arcfb_probe()
ext4: remove an unused variable warning with CONFIG_QUOTA=n
ext4: reflect error codes from ext4_multi_mount_protect() to its callers
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
ext4: fix lockdep warning when enabling MMP
ext4: remove redundant mb_regenerate_buddy()
ext4: drop s_mb_bal_lock and convert protected fields to atomic
ext4: add mballoc stats proc file
ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
ext4: allow ext4_get_group_info() to fail
refscale: Move shutdown from wait_event() to wait_event_idle()
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
arm64: dts: qcom: msm8996: Add missing DWC3 quirks
memstick: r592: Fix UAF bug in r592_remove due to race condition
firmware: arm_sdei: Fix sleep from invalid context BUG
ACPI: EC: Fix oops when removing custom query handlers
remoteproc: stm32_rproc: Add mutex protection for workqueue
drm/tegra: Avoid potential 32-bit integer overflow
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
drm/amd: Fix an out of bounds error in BIOS parser
wifi: ath: Silence memcpy run-time false positive warning
bpf: Annotate data races in bpf_local_storage
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ext2: Check block size validity during mount
scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
net: pasemi: Fix return type of pasemi_mac_start_tx()
net: Catch invalid index in XPS mapping
scsi: target: iscsit: Free cmds before session free
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
gfs2: Fix inode height consistency check
ext4: set goal start correctly in ext4_mb_normalize_request
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
f2fs: fix to drop all dirty pages during umount() if cp_error is set
samples/bpf: Fix fout leak in hbm's run_bpf_prog
wifi: iwlwifi: pcie: fix possible NULL pointer dereference
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
null_blk: Always check queue mode setting from configfs
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
wifi: ath11k: Fix SKB corruption in REO destination ring
ipvs: Update width of source for ip_vs_sync_conn_options
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
HID: logitech-hidpp: Don't use the USB serial for USB devices
HID: logitech-hidpp: Reconcile USB and Unifying serials
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: wacom: generic: Set battery quirk only when we see battery data
usb: typec: tcpm: fix multiple times discover svids error
serial: 8250: Reinit port->pm on port specific driver unbind
mcb-pci: Reallocate memory region to avoid memory overlapping
sched: Fix KCSAN noinstr violation
recordmcount: Fix memory leaks in the uwrite function
RDMA/core: Fix multiple -Warray-bounds warnings
iommu/arm-smmu-qcom: Limit the SMR groups to 128
clk: tegra20: fix gcc-7 constant overflow warning
iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any
Input: xpad - add constants for GIP interface numbers
phy: st: miphy28lp: use _poll_timeout functions for waits
mfd: dln2: Fix memory leak in dln2_probe()
btrfs: move btrfs_find_highest_objectid/btrfs_find_free_objectid to disk-io.c
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
btrfs: fix space cache inconsistency after error loading it from disk
xfrm: don't check the default policy if the policy allows the packet
Revert "Fix XFRM-I support for nested ESP tunnels"
drm/msm/dp: unregister audio driver during unbind
drm/msm/dpu: Remove duplicate register defines from INTF
cpupower: Make TSC read per CPU for Mperf monitor
af_key: Reject optional tunnel/BEET mode templates in outbound policies
net: fec: Better handle pm_runtime_get() failing in .remove()
net: phy: dp83867: add w/a for packet errors seen with short cables
ALSA: firewire-digi00x: prevent potential use after free
ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
vsock: avoid to close connected socket after the timeout
ipv4/tcp: do not use per netns ctl sockets
net: Find dst with sk's xfrm policy not ctl_sk
tcp: fix possible sk_priority leak in tcp_v4_send_reset()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
erspan: get the proto with the md version for collect_md
net: hns3: fix sending pfc frames after reset issue
net: hns3: fix reset delay time to avoid configuration timeout
media: netup_unidvb: fix use-after-free at del_timer()
SUNRPC: Fix trace_svc_register() call site
drm/exynos: fix g2d_open/close helper function definitions
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
net/tipc: fix tipc header files for kernel-doc
tipc: add tipc_bearer_min_mtu to calculate min mtu
tipc: do not update mtu if msg_max is too small in mtu negotiation
tipc: check the bearer min mtu properly when setting it by netlink
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
wifi: mac80211: fix min center freq offset tracing
wifi: iwlwifi: mvm: don't trust firmware n_channels
scsi: storvsc: Don't pass unused PFNs to Hyper-V host
cassini: Fix a memory leak in the error handling path of cas_init_one()
igb: fix bit_shift to be in [1..8] range
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
netfilter: nft_set_rbtree: fix null deref on element insertion
bridge: always declare tunnel functions
ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
USB: usbtmc: Fix direction for 0-length ioctl control messages
usb-storage: fix deadlock when a scsi command timeouts more than once
USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
usb: dwc3: debugfs: Resume dwc3 before accessing registers
usb: gadget: u_ether: Fix host MAC address case
usb: typec: altmodes/displayport: fix pin_assignment_show
ALSA: hda: Fix Oops by 9.1 surround channel names
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda/realtek: Add quirk for Clevo L140AU
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
can: kvaser_pciefd: Call request_irq() before enabling interrupts
can: kvaser_pciefd: Empty SRB buffer in probe
can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
can: kvaser_pciefd: Disable interrupts in probe error path
statfs: enforce statfs[64] structure initialization
serial: Add support for Advantech PCI-1611U card
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
ceph: force updating the msg pointer in non-split case
tpm/tpm_tis: Disable interrupts for more Lenovo devices
powerpc/64s/radix: Fix soft dirty tracking
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
HID: wacom: Force pen out of prox if no events have been received in a while
HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
HID: wacom: add three styli to wacom_intuos_get_tool_type
KVM: arm64: Link position-independent string routines into .hyp.text
serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards
serial: exar: Add support for Sealevel 7xxxC serial cards
serial: 8250_exar: Add support for USR298x PCI Modems
s390/qdio: get rid of register asm
s390/qdio: fix do_sqbs() inline assembly constraint
watchdog: sp5100_tco: Immediately trigger upon starting.
ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
writeback, cgroup: remove extra percpu_ref_exit()
net/sched: act_mirred: refactor the handle of xmit
net/sched: act_mirred: better wording on protection against excessive stack growth
act_mirred: use the backlog for nested calls to mirred ingress
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
ocfs2: Switch to security_inode_init_security()
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
ALSA: hda: Fix unhandled register update during auto-suspend period
ALSA: hda/realtek: Enable headset onLenovo M70/M90
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
m68k: Move signal frame following exception on 68020/030
parisc: Handle kgdb breakpoints only in kernel context
parisc: Allow to reboot machine after system halt
gpio: mockup: Fix mode of debugfs files
btrfs: use nofs when cleaning up aborted transactions
dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
x86/mm: Avoid incomplete Global INVLPG flushes
selftests/memfd: Fix unknown type name build failure
parisc: Fix flush_dcache_page() for usage from irq context
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
debugobjects: Don't wake up kswapd from fill_pool()
fbdev: udlfb: Fix endpoint check
net: fix stack overflow when LRO is disabled for virtual interfaces
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
USB: core: Add routines for endpoint checks in old drivers
USB: sisusbvga: Add endpoint checks
media: radio-shark: Add endpoint checks
net: fix skb leak in __skb_tstamp_tx()
selftests: fib_tests: mute cleanup error message
octeontx2-pf: Fix TSOv6 offload
bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
ipv6: Fix out-of-bounds access in ipv6_find_tlv()
power: supply: leds: Fix blink to LED on transition
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix poll_interval handling and races on remove
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
fs: fix undefined behavior in bit shift for SB_NOUSER
coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
forcedeth: Fix an error handling path in nv_probe()
net/mlx5e: do as little as possible in napi poll when budget is 0
net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs
net/mlx5: Fix error message when failing to allocate device memory
net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert delay
3c589_cs: Fix an error handling path in tc589_probe()
net: phy: mscc: add VSC8502 to MODULE_DEVICE_TABLE
Linux 5.10.181
Change-Id: Iaad0b0bb7c1ad061b28ad4ee16e03db935241177
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Luís Henriques
|
2847d9eed4 |
ocfs2: check new file size on fallocate call
commit 26a6ffff7de5dd369cdb12e38ba11db682f1dec0 upstream. When changing a file size with fallocate() the new size isn't being checked. In particular, the FSIZE ulimit isn't being checked, which makes fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes this issue. Link: https://lkml.kernel.org/r/20230529152645.32680-1-lhenriques@suse.de Signed-off-by: Luís Henriques <lhenriques@suse.de> Reviewed-by: Mark Fasheh <mark@fasheh.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Luís Henriques
|
e73b135f54 |
ocfs2: fix use-after-free when unmounting read-only filesystem
commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream. It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using fstest generic/452. After a read-only remount, quotas are suspended and ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting the filesystem, an UAF access to the oinfo will eventually cause a crash. BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0 Read of size 8 at addr ffff8880389a8208 by task umount/669 ... Call Trace: <TASK> ... timer_delete+0x54/0xc0 try_to_grab_pending+0x31/0x230 __cancel_work_timer+0x6c/0x270 ocfs2_disable_quotas.isra.0+0x3e/0xf0 [ocfs2] ocfs2_dismount_volume+0xdd/0x450 [ocfs2] generic_shutdown_super+0xaa/0x280 kill_block_super+0x46/0x70 deactivate_locked_super+0x4d/0xb0 cleanup_mnt+0x135/0x1f0 ... </TASK> Allocated by task 632: kasan_save_stack+0x1c/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x8b/0x90 ocfs2_local_read_info+0xe3/0x9a0 [ocfs2] dquot_load_quota_sb+0x34b/0x680 dquot_load_quota_inode+0xfe/0x1a0 ocfs2_enable_quotas+0x190/0x2f0 [ocfs2] ocfs2_fill_super+0x14ef/0x2120 [ocfs2] mount_bdev+0x1be/0x200 legacy_get_tree+0x6c/0xb0 vfs_get_tree+0x3e/0x110 path_mount+0xa90/0xe10 __x64_sys_mount+0x16f/0x1a0 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Freed by task 650: kasan_save_stack+0x1c/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x50 __kasan_slab_free+0xf9/0x150 __kmem_cache_free+0x89/0x180 ocfs2_local_free_info+0x2ba/0x3f0 [ocfs2] dquot_disable+0x35f/0xa70 ocfs2_susp_quotas.isra.0+0x159/0x1a0 [ocfs2] ocfs2_remount+0x150/0x580 [ocfs2] reconfigure_super+0x1a5/0x3a0 path_mount+0xc8a/0xe10 __x64_sys_mount+0x16f/0x1a0 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc Link: https://lkml.kernel.org/r/20230522102112.9031-1-lhenriques@suse.de Signed-off-by: Luís Henriques <lhenriques@suse.de> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Tested-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Roberto Sassu
|
c41324385a |
ocfs2: Switch to security_inode_init_security()
commit de3004c874e740304cc4f4a83d6200acb511bbda upstream. In preparation for removing security_old_inode_init_security(), switch to security_inode_init_security(). Extend the existing ocfs2_initxattrs() to take the ocfs2_security_xattr_info structure from fs_info, and populate the name/value/len triple with the first xattr provided by LSMs. As fs_info was not used before, ocfs2_initxattrs() can now handle the case of replicating the behavior of security_old_inode_init_security(), i.e. just obtaining the xattr, in addition to setting all xattrs provided by LSMs. Supporting multiple xattrs is not currently supported where security_old_inode_init_security() was called (mknod, symlink), as it requires non-trivial changes that can be done at a later time. Like for reiserfs, even if EVM is invoked, it will not provide an xattr (if it is not the first to set it, its xattr will be discarded; if it is the first, it does not have xattrs to calculate the HMAC on). Finally, since security_inode_init_security(), unlike security_old_inode_init_security(), returns zero instead of -EOPNOTSUPP if no xattrs were provided by LSMs or if inodes are private, additionally check in ocfs2_init_security_get() if the xattr name is set. If not, act as if security_old_inode_init_security() returned -EOPNOTSUPP, and set si->enable to zero to notify to the functions following ocfs2_init_security_get() that no xattrs are available. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2d6a4ad08c |
This is the 5.10.178 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRBD58ACgkQONu9yGCS
aT5BTxAApbYtClwFI1KGwlvnh9elm2m6NYDZcBleAT8bps1ofI50Bpca0CKgkX8f
HLzRid8WE5BW6+3tpDJxBwqEGEGG1Z8bgleaM62PxiNU3CRFKtUuDmS2DiVAK30d
PfdvjhOxlwf4f6e+WHSvGXvqxV9w1DtjqG+Lz1jA37sAAj6IithDuSkNrYcsojFF
u+zA+17M2KVG8vrTCHZVH/ij9A1w4gWOkhYVCKaC7hKafTsU613YjFTGpqelhvTS
6AfMSTI15E01Qy6FM5OjqmVM4k8UWIydA1WBV7aHLn3y2MzXeaYza8xsg90Qu2V2
49F4Yu53WLkuNV0aDOURnaQ7M1m+Sj8IL/MD7G5iLIDwjN3PDwY5IqwKyYueZ/2P
TdlNTTffCC66MiYjAy/A5gPg4bjxvs7aaQkjgahluzWnXUWSdyUvJDg1XYGdhf1l
W4E2OcWH0Al6se56255O2eKbvmeOe+IHW22oRoDaAC9+14Lp6KWP9sAh4/zrEcgf
/x0YxZekOoWVdVtoP4oS1CE3Rj9v4HmtPT2QVltE7Dag7sn3FtGWTQ+SxZ34gmwY
RYCvoCpBF5SNg3tkW/eIwl+6fRryiT/LS9OsUmz+5g0L6mkK5m6ScleIbAGYq6BZ
4mu6CwHuSBX0O/EvRgmVpZpPsKsHypVu86krtTlW/+HcKBrXSuY=
=hM8w
-----END PGP SIGNATURE-----
Merge 5.10.178 into android12-5.10-lts
Changes in 5.10.178
gpio: GPIO_REGMAP: select REGMAP instead of depending on it
Drivers: vmbus: Check for channel allocation before looking up relids
pwm: cros-ec: Explicitly set .polarity in .get_state()
pwm: sprd: Explicitly set .polarity in .get_state()
KVM: s390: pv: fix external interruption loop not always detected
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
net: qrtr: combine nameservice into main module
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
icmp: guard against too small mtu
net: don't let netpoll invoke NAPI if in xmit context
sctp: check send stream number after wait_for_sndbuf
net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
gpio: davinci: Add irq chip flag to skip set wake
net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
net: stmmac: fix up RX flow hash indirection table when setting channels
sunrpc: only free unix grouplist after RCU settles
NFSD: callback request does not use correct credential for AUTH_SYS
usb: xhci: tegra: fix sleep in atomic call
xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
usb: typec: altmodes/displayport: Fix configure initial pin assignment
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
iio: light: cm32181: Unregister second I2C client if present
tty: serial: sh-sci: Fix transmit end interrupt handler
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
ALSA: hda/realtek: Add quirk for Clevo X370SNW
iio: adc: ad7791: fix IRQ flags
scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
tracing: Free error logs of tracing instances
ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
drm/nouveau/disp: Support more modes by checking with lower bpc
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
selftests: intel_pstate: ftime() is deprecated
drm/bridge: lt9611: Fix PLL being unable to lock
Revert "media: ti: cal: fix possible memory leak in cal_ctx_create()"
ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
bpftool: Print newline before '}' for struct with padding only fields
Revert "pinctrl: amd: Disable and mask interrupts on resume"
ALSA: emu10k1: fix capture interrupt handler unlinking
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
Bluetooth: Fix race condition in hidp_session_thread
btrfs: print checksum type and implementation at mount time
btrfs: fix fast csum implementation detection
fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
mtdblock: tolerate corrected bit-flips
mtd: rawnand: meson: fix bitmask for length in command word
mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
clk: sprd: set max_register according to mapping range
IB/mlx5: Add support for NDR link speed
IB/mlx5: Add support for 400G_8X lane speed
RDMA/cma: Allow UD qp_type to join multicast only
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
niu: Fix missing unwind goto in niu_alloc_channels()
sysctl: add proc_dou8vec_minmax()
ipv4: shrink netns_ipv4 with sysctl conversions
tcp: convert elligible sysctls to u8
tcp: restrict net.ipv4.tcp_app_win
drm/armada: Fix a potential double free in an error handling path
qlcnic: check pci_reset_function result
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
sctp: fix a potential overflow in sctp_ifwdtsn_skip
RDMA/core: Fix GID entry ref leak when create_ah fails
udp6: fix potential access to stale information
net: macb: fix a memory corruption in extended buffer descriptor mode
libbpf: Fix single-line struct definition output in btf_dump
power: supply: cros_usbpd: reclassify "default case!" as debug
wifi: mwifiex: mark OF related data as maybe unused
i2c: imx-lpi2c: clean rx/tx buffers upon new message
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
verify_pefile: relax wrapper length check
asymmetric_keys: log on fatal failures in PE/pkcs7
riscv: add icache flush for nommu sigreturn trampoline
net: sfp: initialize sfp->i2c_block_size at sfp allocation
scsi: ses: Handle enclosure with just a primary component gracefully
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix deadlock caused by recursively holding work_sem
powerpc/pseries: rename min_common_depth to primary_domain_index
powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY
powerpc/pseries: Consolidate different NUMA distance update code paths
powerpc/pseries: Add a helper for form1 cpu distance
powerpc/pseries: Add support for FORM2 associativity
powerpc/papr_scm: Update the NUMA distance table for the target node
sched/fair: Move calculate of avg_load to a better location
sched/fair: Fix imbalance overflow
x86/rtc: Remove __init for runtime functions
i2c: ocores: generate stop condition after timeout in polling mode
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
kbuild: check the minimum assembler version in Kconfig
kbuild: Switch to 'f' variants of integrated assembler flag
kbuild: check CONFIG_AS_IS_LLVM instead of LLVM_IAS
riscv: Handle zicsr/zifencei issues between clang and binutils
kexec: move locking into do_kexec_load
kexec: turn all kexec_mutex acquisitions into trylocks
panic, kexec: make __crash_kexec() NMI safe
sysctl: Fix data-races in proc_dou8vec_minmax().
Linux 5.10.178
Change-Id: I34107ee680c7b081bb0c2782483cbb7ec62252ca
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Heming Zhao
|
2765aca637 |
ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
commit 550842cc60987b269e31b222283ade3e1b6c7fc8 upstream.
After commit 0737e01de9c4 ("ocfs2: ocfs2_mount_volume does cleanup job
before return error"), any procedure after ocfs2_dlm_init() fails will
trigger crash when calling ocfs2_dlm_shutdown().
ie: On local mount mode, no dlm resource is initialized. If
ocfs2_mount_volume() fails in ocfs2_find_slot(), error handling will call
ocfs2_dlm_shutdown(), then does dlm resource cleanup job, which will
trigger kernel crash.
This solution should bypass uninitialized resources in
ocfs2_dlm_shutdown().
Link: https://lkml.kernel.org/r/20220815085754.20417-1-heming.zhao@suse.com
Fixes: 0737e01de9c4 ("ocfs2: ocfs2_mount_volume does cleanup job before return error")
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
f3670bd0ff |
This is the 5.10.177 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQtPjAACgkQONu9yGCS aT4xmRAAvwO3WPc76Yo+6GQRbtKotLTPDz5njffcHeQwDnsdjMKwHnn9lH9Xt44v YdBtRtKql9MUSR9voqx+nXX25g7m5yemLEam5BNRInGZ2jyKNXXc/5VmQvQukbFc DWlM3wuzeGSJ8nWit6fWGvi4xNcQPjcVyyuhba27YMAU2qz4dgOOccnDXoVA3goz 5VqsZkw6UHKQRTzVs/ygJ2Ke4YldPB3QV4TBvpJFgJVQRm0f/vigKlaUgvOoawDc +iulDe2tvQNn2nQakP7KNzRntfY75iuJs+eexyfkxhTdAPtwRuZrztZpA5sL+c1N MYSZk3Gldz05EsAc9FKwLy+CP2L7yCNpdQso8r7cXPlO8J4MLbpuTBzCbM26CaCH IJigHCya38mgQX2VfpWxegNgft2D9WoIMdjMtQG8AqNEynG86PBBD48MHP1eNC8X CnBSVt+Ho31FMwfrzT1en2ExbEbZXsKNHdY8077iiCO+/Zc+aea7BXzEAiL0Ui1z 6Qo0zLTG9Wmhwl3Q6R2iShf7zJIM0kpGJ+5qjpE1qhihFFRIe4aYuhrDRH4F01ec XJFxBr94brfgCp9F/XnFLOQ2SqXGn5C3pJiu6UymcTF9XJUT9llNNt4v6Xbnp/8Y YsDF16Fm0mpperbG0m9LBtUP4zmA1soZtNC4EEI3YsXVe9x6uEA= =ArYR -----END PGP SIGNATURE----- Merge 5.10.177 into android12-5.10-lts Changes in 5.10.177 interconnect: qcom: osm-l3: fix icc_onecell_data allocation perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output perf: fix perf_event_context->time ipmi:ssif: make ssif_i2c_send() void ipmi:ssif: Increase the message retry time ipmi:ssif: resend_msg() cannot fail ipmi:ssif: Add a timer between request retries KVM: Clean up benign vcpu->cpu data races when kicking vCPUs KVM: KVM: Use cpumask_available() to check for NULL cpumask when kicking vCPUs KVM: Optimize kvm_make_vcpus_request_mask() a bit KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() KVM: Register /dev/kvm as the _very_ last thing during initialization serial: fsl_lpuart: Fix comment typo tty: serial: fsl_lpuart: fix race on RX DMA shutdown serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it drm/sun4i: fix missing component unbind on bind errors net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl xsk: Add missing overflow check in xdp_umem_reg iavf: fix inverted Rx hash condition leading to disabled hash iavf: fix non-tunneled IPv6 UDP packet type and hashing intel/igbvf: free irq on the error path in igbvf_request_msix() igbvf: Regard vf reset nack as success igc: fix the validation logic for taprio's gate list i2c: imx-lpi2c: check only for enabled interrupt flags scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() net: usb: smsc95xx: Limit packet length to skb->len qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info xirc2ps_cs: Fix use after free bug in xirc2ps_detach net: phy: Ensure state transitions are processed from phy_stop() net: mdio: fix owner field for mdio buses registered using device-tree net: qcom/emac: Fix use after free bug in emac_remove due to race condition net/ps3_gelic_net: Fix RX sk_buff length net/ps3_gelic_net: Use dma_mapping_error bootconfig: Fix testcase to increase max node keys: Do not cache key in task struct if key is requested from kernel thread bpf: Adjust insufficient default bpf_jit_limit net/mlx5: Fix steering rules cleanup net/mlx5: Read the TC mapping of all priorities on ETS query net/mlx5: E-Switch, Fix an Oops in error handling code atm: idt77252: fix kmemleak when rmmod idt77252 erspan: do not use skb_mac_header() in ndo_start_xmit() net/sonic: use dma_mapping_error() for error check nvme-tcp: fix nvme_tcp_term_pdu to match spec gve: Cache link_speed value from device net: mdio: thunder: Add missing fwnode_handle_put() Bluetooth: btqcomsmd: Fix command timeout after setting BD address Bluetooth: L2CAP: Fix not checking for maximum number of DCID Bluetooth: L2CAP: Fix responding with wrong PDU type Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl hwmon: fix potential sensor registration fail if of_node is missing hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs scsi: qla2xxx: Perform lockless command completion in abort path uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 thunderbolt: Use scale field when allocating USB3 bandwidth thunderbolt: Use const qualifier for `ring_interrupt_index` riscv: Bump COMMAND_LINE_SIZE value to 1024 HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded ca8210: fix mac_len negative array access m68k: Only force 030 bus error if PC not in exception table selftests/bpf: check that modifier resolves after pointer scsi: target: iscsi: Fix an error message in iscsi_check_key() scsi: hisi_sas: Check devm_add_action() return value scsi: ufs: core: Add soft dependency on governor_simpleondemand scsi: lpfc: Avoid usage of list iterator variable after loop scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 net: usb: qmi_wwan: add Telit 0x1080 composition sh: sanitize the flags on sigreturn cifs: empty interface list when server doesn't support query interfaces scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR usb: dwc2: fix a devres leak in hw_enable upon suspend resume usb: gadget: u_audio: don't let userspace block driver unbind fsverity: Remove WQ_UNBOUND from fsverity read workqueue igb: revert rtnl_lock() that causes deadlock dm thin: fix deadlock when swapping to thin device usb: cdns3: Fix issue with using incorrect PCI device function usb: chipdea: core: fix return -EINVAL if request role is the same with current role usb: chipidea: core: fix possible concurrent when switch role usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() wifi: mac80211: fix qos on mesh interfaces nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() drm/i915/active: Fix missing debug object activation drm/i915: Preserve crtc_state->inherited during state clearing tee: amdtee: fix race condition in amdtee_open_session firmware: arm_scmi: Fix device node validation for mailbox transport i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() dm stats: check for and propagate alloc_percpu failure dm crypt: add cond_resched() to dmcrypt_write() sched/fair: sanitize vruntime of entity being placed sched/fair: Sanitize vruntime of entity being migrated ocfs2: fix data corruption after failed write xfs: shut down the filesystem if we screw up quota reservation xfs: don't reuse busy extents on extent trim KVM: fix memoryleak in kvm_init() NFSD: fix use-after-free in __nfs42_ssc_open() usb: dwc3: gadget: move cmd_endtransfer to extra function usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC kernel: kcsan: kcsan_test: build without structleak plugin kcsan: avoid passing -g for test drm/meson: Fix error handling when afbcd.ops->init fails drm/meson: fix missing component unbind on bind errors bus: imx-weim: fix branch condition evaluates to a garbage value dm crypt: avoid accessing uninitialized tasklet fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY md: avoid signed overflow in slot_store() net: hsr: Don't log netdev_err message on unknown prp dst node ALSA: asihpi: check pao in control_message() ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() fbdev: tgafb: Fix potential divide by zero sched_getaffinity: don't assume 'cpumask_size()' is fully initialized fbdev: nvidia: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: au1200fb: Fix potential divide by zero tools/power turbostat: Fix /dev/cpu_dma_latency warnings tracing: Fix wrong return in kprobe_event_gen_test.c ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() mips: bmips: BCM6358: disable RAC flush for TP1 mtd: rawnand: meson: invalidate cache on polling ECC bit sfc: ef10: don't overwrite offload features at NIC reset scsi: megaraid_sas: Fix crash after a double completion ptp_qoriq: fix memory leak in probe() r8169: fix RTL8168H and RTL8107E rx crc error regulator: Handle deferred clk net/net_failover: fix txq exceeding warning net: stmmac: don't reject VLANs when IFF_PROMISC is set can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write s390/vfio-ap: fix memory leak in vfio_ap device driver ALSA: ymfpci: Fix assignment in if condition ALSA: ymfpci: Fix BUG_ON in probe function net: ipa: compute DMA pool size properly i40e: fix registers dump after run ethtool adapter self test bnxt_en: Fix typo in PCI id to device description string mapping bnxt_en: Add missing 200G link speed reporting net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only pinctrl: ocelot: Fix alt mode for ocelot Input: alps - fix compatibility with -funsigned-char Input: focaltech - use explicitly signed char type cifs: prevent infinite recursion in CIFSGetDFSRefer() cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table btrfs: fix race between quota disable and quota assign ioctls xen/netback: don't do grant copy across page boundary net: phy: dp83869: fix default value for tx-/rx-internal-delay pinctrl: amd: Disable and mask interrupts on resume pinctrl: at91-pio4: fix domain name assignment powerpc: Don't try to copy PPR for task with NULL pt_regs NFSv4: Fix hangs when recovering open state after a server reboot ALSA: hda/conexant: Partial revert of a quirk for Lenovo ALSA: usb-audio: Fix regression on detection of Roland VS-100 ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z xtensa: fix KASAN report for show_stack rcu: Fix rcu_torture_read ftrace event drm/etnaviv: fix reference leak when mmaping imported buffer drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub s390/uaccess: add missing earlyclobber annotations to __clear_user() btrfs: scan device in non-exclusive mode zonefs: Fix error message in zonefs_file_dio_append() selftests/bpf: Test btf dump for struct with padding only fields libbpf: Fix BTF-to-C converter's padding logic selftests/bpf: Add few corner cases to test padding handling of btf_dump libbpf: Fix btf_dump's packed struct determination ext4: fix kernel BUG in 'ext4_write_inline_data_end()' gfs2: Always check inode size of inline inodes hsr: ratelimit only when errors are printed Linux 5.10.177 Change-Id: Ib596b399350d080d7e94c80c1a6bb3c64e971187 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jan Kara via Ocfs2-devel
|
91d7a4bd56 |
ocfs2: fix data corruption after failed write
commit 90410bcf873cf05f54a32183afff0161f44f9715 upstream.
When buffered write fails to copy data into underlying page cache page,
ocfs2_write_end_nolock() just zeroes out and dirties the page. This can
leave dirty page beyond EOF and if page writeback tries to write this page
before write succeeds and expands i_size, page gets into inconsistent
state where page dirty bit is clear but buffer dirty bits stay set
resulting in page data never getting written and so data copied to the
page is lost. Fix the problem by invalidating page beyond EOF after
failed write.
Link: https://lkml.kernel.org/r/20230302153843.18499-1-jack@suse.cz
Fixes:
|
||
|
Greg Kroah-Hartman
|
df23049a96 |
This is the 5.10.176 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQa9NgACgkQONu9yGCS aT4Iew//X/3+Bpiu+FyaYe0NZ4I95rQvNh4fG6wXCFd/PVbCRpxVOAKQ91GnkU+D iMeuGBPqkpPhHvesRybsq0u8GmJ+fJj58+fgy1ABI7UzkWihzNDu1n2RntYmuRvl TEEsAIS+6/lhVKosDhyYcXAL5eT8F06zFOI9HspWRe+lYoRBIQyykcLgZQwt5mBX qyKAFkvhH0Z77ATiID5alRkVArgi/t3qBUANTrJ7LqOlhtY42EOS0Sp7wpZWskqI 7Mpb6pfODsOq5d+6zNvZzdrtMaKRBal0Inxj2+zLEYdSv+xbTqp4Cb6UI18gJTA7 zsvItAzTRxp+7KiZVS2HP3uMRRV4lQ5HxgMJhSsONHSSRh7ndhkW7NQq/o/dRFm2 IgVf1beHk2pE+LN0Plf2oQCOMV8h/vQRZLCejoQEbFy6oNQ6bA4btJaXZnfluqDb KXONyDqXZ3uX3DSrKO4pCNCTsm5JhinkFHhO125kjSkPp/k2YWXdnBftQT1mWPYf dbWu1z/E+3qvObedwNn+icuu/MUznZMTYwDOD31tJp+1iEBgeBQWI+IRaIaWbDyD dxSoV8cScNZz+X4M70EFlwJMYL/VcIzDljeH2EA3CImDycDH0tspo6z8Z+xFhsrg D1wshmaT9XkSEJ92xDMw82B/1noOati75HpkUW1W/PKTqvjH/uU= =/t/A -----END PGP SIGNATURE----- Merge 5.10.176 into android12-5.10-lts Changes in 5.10.176 xfrm: Allow transport-mode states with AF_UNSPEC selector drm/panfrost: Don't sync rpm suspension after mmu flushing cifs: Move the in_send statistic to __smb_send_rqst() drm/meson: fix 1px pink line on GXM when scaling video overlay clk: HI655X: select REGMAP instead of depending on it docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() netfilter: nft_nat: correct length for loading protocol registers netfilter: nft_masq: correct length for loading protocol registers netfilter: nft_redir: correct length for loading protocol registers netfilter: nft_redir: correct value of inet type `.maxattrs` scsi: core: Fix a comment in function scsi_host_dev_release() scsi: core: Fix a procfs host directory removal regression tcp: tcp_make_synack() can be called from process context nfc: pn533: initialize struct pn533_out_arg properly ipvlan: Make skb->skb_iif track skb->dev for l3s mode i40e: Fix kernel crash during reboot when adapter is in recovery mode net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() qed/qed_dev: guard against a possible division by zero net: tunnels: annotate lockless accesses to dev->needed_headroom net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition net/smc: fix deadlock triggered by cancel_delayed_work_syn() net: usb: smsc75xx: Limit packet length to skb->len drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc null_blk: Move driver into its own directory block: null_blk: Fix handling of fake timeout request nvme: fix handling single range discard request nvmet: avoid potential UAF in nvmet_req_complete() block: sunvdc: add check for mdesc_grab() returning NULL ice: xsk: disable txq irq before flushing hw net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290 ipv4: Fix incorrect table ID in IOCTL path net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull net/iucv: Fix size of interrupt data selftests: net: devlink_port_split.py: skip test if no suitable device available qed/qed_mng_tlv: correctly zero out ->min instead of ->hour ethernet: sun: add check for the mdesc_grab() hwmon: (adt7475) Display smoothing attributes in correct order hwmon: (adt7475) Fix masking of hysteresis registers hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition hwmon: (ina3221) return prober error code hwmon: (ucd90320) Add minimum delay between bus accesses hwmon: tmp512: drop of_match_ptr for ID table hwmon: (adm1266) Set `can_sleep` flag for GPIO chip media: m5mols: fix off-by-one loop termination error mmc: atmel-mci: fix race between stop command and start of next command jffs2: correct logic when creating a hole in jffs2_write_begin ext4: fail ext4_iget if special inode unallocated ext4: fix task hung in ext4_xattr_delete_inode drm/amdkfd: Fix an illegal memory access sh: intc: Avoid spurious sizeof-pointer-div warning drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes ext4: fix possible double unlock when moving a directory tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted serial: 8250_em: Fix UART port type firmware: xilinx: don't make a sleepable memory allocation from an atomic context interconnect: fix mem leak when freeing nodes tracing: Make splice_read available again tracing: Check field value in hist_field_name() tracing: Make tracepoint lockdep check actually test something cifs: Fix smb2_set_path_size() KVM: nVMX: add missing consistency checks for CR0 and CR4 ALSA: hda: intel-dsp-config: add MTL PCI id ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro drm/shmem-helper: Remove another errant put in error path mptcp: avoid setting TCP_CLOSE state twice ftrace: Fix invalid address access in lookup_rec() when index is 0 mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage mmc: sdhci_am654: lower power-on failed message severity fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks cpuidle: psci: Iterate backwards over list in psci_pd_remove() x86/mce: Make sure logged MCEs are processed after sysfs update x86/mm: Fix use of uninitialized buffer in sme_enable() drm/i915: Don't use stolen memory for ring buffers with LLC drm/i915/active: Fix misuse of non-idle barriers as fence trackers io_uring: avoid null-ptr-deref in io_arm_poll_handler s390/ipl: add missing intersection check to ipl_report handling PCI: Unify delay handling for reset and resume PCI/DPC: Await readiness of secondary bus after reset xfs: don't assert fail on perag references on teardown xfs: purge dquots after inode walk fails during quotacheck xfs: don't leak btree cursor when insrec fails after a split xfs: remove XFS_PREALLOC_SYNC xfs: fallocate() should call file_modified() xfs: set prealloc flag in xfs_alloc_file_space() xfs: use setattr_copy to set vfs inode attributes fs: add mode_strip_sgid() helper fs: move S_ISGID stripping into the vfs_*() helpers attr: add in_group_or_capable() fs: move should_remove_suid() attr: add setattr_should_drop_sgid() attr: use consistent sgid stripping checks fs: use consistent setgid checks in is_sxid() xfs: remove xfs_setattr_time() declaration HID: core: Provide new max_buffer_size attribute to over-ride the default HID: uhid: Over-ride the default maximum data buffer value with our own Linux 5.10.176 Change-Id: Icd45189f4182c749d1758c13e18705abb4ea9c5a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Amir Goldstein
|
0e9dbde96c |
attr: use consistent sgid stripping checks
commit ed5a7047d2011cb6b2bf84ceb6680124cc6a7d95 upstream.
[backported to 5.10.y, prior to idmapped mounts]
Currently setgid stripping in file_remove_privs()'s should_remove_suid()
helper is inconsistent with other parts of the vfs. Specifically, it only
raises ATTR_KILL_SGID if the inode is S_ISGID and S_IXGRP but not if the
inode isn't in the caller's groups and the caller isn't privileged over the
inode although we require this already in setattr_prepare() and
setattr_copy() and so all filesystem implement this requirement implicitly
because they have to use setattr_{prepare,copy}() anyway.
But the inconsistency shows up in setgid stripping bugs for overlayfs in
xfstests (e.g., generic/673, generic/683, generic/685, generic/686,
generic/687). For example, we test whether suid and setgid stripping works
correctly when performing various write-like operations as an unprivileged
user (fallocate, reflink, write, etc.):
echo "Test 1 - qa_user, non-exec file $verb"
setup_testfile
chmod a+rws $junk_file
commit_and_check "$qa_user" "$verb" 64k 64k
The test basically creates a file with 6666 permissions. While the file has
the S_ISUID and S_ISGID bits set it does not have the S_IXGRP set. On a
regular filesystem like xfs what will happen is:
sys_fallocate()
-> vfs_fallocate()
-> xfs_file_fallocate()
-> file_modified()
-> __file_remove_privs()
-> dentry_needs_remove_privs()
-> should_remove_suid()
-> __remove_privs()
newattrs.ia_valid = ATTR_FORCE | kill;
-> notify_change()
-> setattr_copy()
In should_remove_suid() we can see that ATTR_KILL_SUID is raised
unconditionally because the file in the test has S_ISUID set.
But we also see that ATTR_KILL_SGID won't be set because while the file
is S_ISGID it is not S_IXGRP (see above) which is a condition for
ATTR_KILL_SGID being raised.
So by the time we call notify_change() we have attr->ia_valid set to
ATTR_KILL_SUID | ATTR_FORCE. Now notify_change() sees that
ATTR_KILL_SUID is set and does:
ia_valid = attr->ia_valid |= ATTR_MODE
attr->ia_mode = (inode->i_mode & ~S_ISUID);
which means that when we call setattr_copy() later we will definitely
update inode->i_mode. Note that attr->ia_mode still contains S_ISGID.
Now we call into the filesystem's ->setattr() inode operation which will
end up calling setattr_copy(). Since ATTR_MODE is set we will hit:
if (ia_valid & ATTR_MODE) {
umode_t mode = attr->ia_mode;
vfsgid_t vfsgid = i_gid_into_vfsgid(mnt_userns, inode);
if (!vfsgid_in_group_p(vfsgid) &&
!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
mode &= ~S_ISGID;
inode->i_mode = mode;
}
and since the caller in the test is neither capable nor in the group of the
inode the S_ISGID bit is stripped.
But assume the file isn't suid then ATTR_KILL_SUID won't be raised which
has the consequence that neither the setgid nor the suid bits are stripped
even though it should be stripped because the inode isn't in the caller's
groups and the caller isn't privileged over the inode.
If overlayfs is in the mix things become a bit more complicated and the bug
shows up more clearly. When e.g., ovl_setattr() is hit from
ovl_fallocate()'s call to file_remove_privs() then ATTR_KILL_SUID and
ATTR_KILL_SGID might be raised but because the check in notify_change() is
questioning the ATTR_KILL_SGID flag again by requiring S_IXGRP for it to be
stripped the S_ISGID bit isn't removed even though it should be stripped:
sys_fallocate()
-> vfs_fallocate()
-> ovl_fallocate()
-> file_remove_privs()
-> dentry_needs_remove_privs()
-> should_remove_suid()
-> __remove_privs()
newattrs.ia_valid = ATTR_FORCE | kill;
-> notify_change()
-> ovl_setattr()
// TAKE ON MOUNTER'S CREDS
-> ovl_do_notify_change()
-> notify_change()
// GIVE UP MOUNTER'S CREDS
// TAKE ON MOUNTER'S CREDS
-> vfs_fallocate()
-> xfs_file_fallocate()
-> file_modified()
-> __file_remove_privs()
-> dentry_needs_remove_privs()
-> should_remove_suid()
-> __remove_privs()
newattrs.ia_valid = attr_force | kill;
-> notify_change()
The fix for all of this is to make file_remove_privs()'s
should_remove_suid() helper to perform the same checks as we already
require in setattr_prepare() and setattr_copy() and have notify_change()
not pointlessly requiring S_IXGRP again. It doesn't make any sense in the
first place because the caller must calculate the flags via
should_remove_suid() anyway which would raise ATTR_KILL_SGID.
While we're at it we move should_remove_suid() from inode.c to attr.c
where it belongs with the rest of the iattr helpers. Especially since it
returns ATTR_KILL_S{G,U}ID flags. We also rename it to
setattr_should_drop_suidgid() to better reflect that it indicates both
setuid and setgid bit removal and also that it returns attr flags.
Running xfstests with this doesn't report any regressions. We should really
try and use consistent checks.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Yang Xu
|
94ac142c19 |
fs: move S_ISGID stripping into the vfs_*() helpers
commit 1639a49ccdce58ea248841ed9b23babcce6dbb0b upstream.
[remove userns argument of helpers for 5.10.y backport]
Move setgid handling out of individual filesystems and into the VFS
itself to stop the proliferation of setgid inheritance bugs.
Creating files that have both the S_IXGRP and S_ISGID bit raised in
directories that themselves have the S_ISGID bit set requires additional
privileges to avoid security issues.
When a filesystem creates a new inode it needs to take care that the
caller is either in the group of the newly created inode or they have
CAP_FSETID in their current user namespace and are privileged over the
parent directory of the new inode. If any of these two conditions is
true then the S_ISGID bit can be raised for an S_IXGRP file and if not
it needs to be stripped.
However, there are several key issues with the current implementation:
* S_ISGID stripping logic is entangled with umask stripping.
If a filesystem doesn't support or enable POSIX ACLs then umask
stripping is done directly in the vfs before calling into the
filesystem.
If the filesystem does support POSIX ACLs then unmask stripping may be
done in the filesystem itself when calling posix_acl_create().
Since umask stripping has an effect on S_ISGID inheritance, e.g., by
stripping the S_IXGRP bit from the file to be created and all relevant
filesystems have to call posix_acl_create() before inode_init_owner()
where we currently take care of S_ISGID handling S_ISGID handling is
order dependent. IOW, whether or not you get a setgid bit depends on
POSIX ACLs and umask and in what order they are called.
Note that technically filesystems are free to impose their own
ordering between posix_acl_create() and inode_init_owner() meaning
that there's additional ordering issues that influence S_SIGID
inheritance.
* Filesystems that don't rely on inode_init_owner() don't get S_ISGID
stripping logic.
While that may be intentional (e.g. network filesystems might just
defer setgid stripping to a server) it is often just a security issue.
This is not just ugly it's unsustainably messy especially since we do
still have bugs in this area years after the initial round of setgid
bugfixes.
So the current state is quite messy and while we won't be able to make
it completely clean as posix_acl_create() is still a filesystem specific
call we can improve the S_SIGD stripping situation quite a bit by
hoisting it out of inode_init_owner() and into the vfs creation
operations. This means we alleviate the burden for filesystems to handle
S_ISGID stripping correctly and can standardize the ordering between
S_ISGID and umask stripping in the vfs.
We add a new helper vfs_prepare_mode() so S_ISGID handling is now done
in the VFS before umask handling. This has S_ISGID handling is
unaffected unaffected by whether umask stripping is done by the VFS
itself (if no POSIX ACLs are supported or enabled) or in the filesystem
in posix_acl_create() (if POSIX ACLs are supported).
The vfs_prepare_mode() helper is called directly in vfs_*() helpers that
create new filesystem objects. We need to move them into there to make
sure that filesystems like overlayfs hat have callchains like:
sys_mknod()
-> do_mknodat(mode)
-> .mknod = ovl_mknod(mode)
-> ovl_create(mode)
-> vfs_mknod(mode)
get S_ISGID stripping done when calling into lower filesystems via
vfs_*() creation helpers. Moving vfs_prepare_mode() into e.g.
vfs_mknod() takes care of that. This is in any case semantically cleaner
because S_ISGID stripping is VFS security requirement.
Security hooks so far have seen the mode with the umask applied but
without S_ISGID handling done. The relevant hooks are called outside of
vfs_*() creation helpers so by calling vfs_prepare_mode() from vfs_*()
helpers the security hooks would now see the mode without umask
stripping applied. For now we fix this by passing the mode with umask
settings applied to not risk any regressions for LSM hooks. IOW, nothing
changes for LSM hooks. It is worth pointing out that security hooks
never saw the mode that is seen by the filesystem when actually creating
the file. They have always been completely misplaced for that to work.
The following filesystems use inode_init_owner() and thus relied on
S_ISGID stripping: spufs, 9p, bfs, btrfs, ext2, ext4, f2fs, hfsplus,
hugetlbfs, jfs, minix, nilfs2, ntfs3, ocfs2, omfs, overlayfs, ramfs,
reiserfs, sysv, ubifs, udf, ufs, xfs, zonefs, bpf, tmpfs.
All of the above filesystems end up calling inode_init_owner() when new
filesystem objects are created through the ->mkdir(), ->mknod(),
->create(), ->tmpfile(), ->rename() inode operations.
Since directories always inherit the S_ISGID bit with the exception of
xfs when irix_sgid_inherit mode is turned on S_ISGID stripping doesn't
apply. The ->symlink() and ->link() inode operations trivially inherit
the mode from the target and the ->rename() inode operation inherits the
mode from the source inode. All other creation inode operations will get
S_ISGID handling via vfs_prepare_mode() when called from their relevant
vfs_*() helpers.
In addition to this there are filesystems which allow the creation of
filesystem objects through ioctl()s or - in the case of spufs -
circumventing the vfs in other ways. If filesystem objects are created
through ioctl()s the vfs doesn't know about it and can't apply regular
permission checking including S_ISGID logic. Therfore, a filesystem
relying on S_ISGID stripping in inode_init_owner() in their ioctl()
callpath will be affected by moving this logic into the vfs. We audited
those filesystems:
* btrfs allows the creation of filesystem objects through various
ioctls(). Snapshot creation literally takes a snapshot and so the mode
is fully preserved and S_ISGID stripping doesn't apply.
Creating a new subvolum relies on inode_init_owner() in
btrfs_new_subvol_inode() but only creates directories and doesn't
raise S_ISGID.
* ocfs2 has a peculiar implementation of reflinks. In contrast to e.g.
xfs and btrfs FICLONE/FICLONERANGE ioctl() that is only concerned with
the actual extents ocfs2 uses a separate ioctl() that also creates the
target file.
Iow, ocfs2 circumvents the vfs entirely here and did indeed rely on
inode_init_owner() to strip the S_ISGID bit. This is the only place
where a filesystem needs to call mode_strip_sgid() directly but this
is self-inflicted pain.
* spufs doesn't go through the vfs at all and doesn't use ioctl()s
either. Instead it has a dedicated system call spufs_create() which
allows the creation of filesystem objects. But spufs only creates
directories and doesn't allo S_SIGID bits, i.e. it specifically only
allows 0777 bits.
* bpf uses vfs_mkobj() but also doesn't allow S_ISGID bits to be created.
The patch will have an effect on ext2 when the EXT2_MOUNT_GRPID mount
option is used, on ext4 when the EXT4_MOUNT_GRPID mount option is used,
and on xfs when the XFS_FEAT_GRPID mount option is used. When any of
these filesystems are mounted with their respective GRPID option then
newly created files inherit the parent directories group
unconditionally. In these cases non of the filesystems call
inode_init_owner() and thus did never strip the S_ISGID bit for newly
created files. Moving this logic into the VFS means that they now get
the S_ISGID bit stripped. This is a user visible change. If this leads
to regressions we will either need to figure out a better way or we need
to revert. However, given the various setgid bugs that we found just in
the last two years this is a regression risk we should take.
Associated with this change is a new set of fstests to enforce the
semantics for all new filesystems.
Link: https://lore.kernel.org/ceph-devel/20220427092201.wvsdjbnc7b4dttaw@wittgenstein [1]
Link: e014f37db1a2 ("xfs: use setattr_copy to set vfs inode attributes") [2]
Link: 01ea173e103e ("xfs: fix up non-directory creation in SGID directories") [3]
Link: fd84bfdddd16 ("ceph: fix up non-directory creation in SGID directories") [4]
Link: https://lore.kernel.org/r/1657779088-2242-3-git-send-email-xuyang2018.jy@fujitsu.com
Suggested-by: Dave Chinner <david@fromorbit.com>
Suggested-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-and-Tested-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
[<brauner@kernel.org>: rewrote commit message]
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
0847230e9b |
This is the 5.10.173 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQMoPMACgkQONu9yGCS
aT4a1Q//WHnQOEgEykqbHMree6UQD5F6crB0kUcJTSDB5lblviYGxpOadw2j+670
AGsFg00cm8Sb8p78v3SA+X2UzScGnY5Cwhe+B/JucUSr+4rDlZ9FjOGXbKdlYFc2
sOTp9j/9KrETf0K/VVuCa48rKBPUFvrT7pZUAblZ0vVmk6cSzPW/1iBa4W6Ho6Ec
LxqNzCDtyTWX0JCzdv5DvjW7WALvPiEiw8CX8+psZTD8RHdAjtnW2DKp8ZnznzJS
YVBf2ulsD1g3zKEqDm5nMcUyN3fSEWci97bmbEzIeMTULfsj+aQF5a7JoXIkj7Yb
QIvZ1fG6RSviVplt5SoT5ucDN2cGqLt7+4b3v6DKQX1dMTDrAPdU+T1VU0LRxB6h
5M3ZZ925ktJu2YTmKi4QvgP01ZVJv0dNWytbmAnIVvJRGY3gHQt5tx0W2lnQdHE9
mJeW2MXcLKeho7d5p3wRl6yEWAJuAoioZCd95NPyNnVZMMhYRu6iTIIzY8EdNegQ
5ve9Rsda9uobvWRCWefyS0pHvuJ2HJrJONnU92MHKSojEC9oAjURvRGWpXYcQFM/
EiywE1oBRA6NrGI7BomAH6khVoTi01yBsQ0QEt30mTOuyxa6j/oR9iEsNv7bmjZC
SoApcWDPNy6RpHX7SDtch0Qj1l7YfYDNNj66Y94o5E70eHebU9Q=
=vHOd
-----END PGP SIGNATURE-----
Merge 5.10.173 into android12-5.10-lts
Changes in 5.10.173
HID: asus: Remove check for same LED brightness on set
HID: asus: use spinlock to protect concurrent accesses
HID: asus: use spinlock to safely schedule workers
powerpc/mm: Rearrange if-else block to avoid clang warning
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
arm64: dts: qcom: qcs404: use symbol names for PCIe resets
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
arm64: dts: qcom: sc7180: correct SPMI bus address cells
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes
arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
ARM: s3c: fix s3c64xx_set_timer_source prototype
arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: imx: Call ida_simple_remove() for ida_simple_get
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
ARM: dts: imx7s: correct iomuxc gpr mux controller cells
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
blk-mq: avoid sleep in blk_mq_alloc_request_hctx
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
blk-mq: correct stale comment of .get_budget
s390/dasd: Prepare for additional path event handling
s390/dasd: Fix potential memleak in dasd_eckd_init()
sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity()
sched/rt: pick_next_rt_entity(): check list_entry
x86/perf/zhaoxin: Add stepping check for ZXC
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
wifi: rsi: Fix memory leak in rsi_coex_attach()
wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
rtlwifi: fix -Wpointer-sign warning
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
libbpf: Fix btf__align_of() by taking into account field offsets
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
crypto: x86/ghash - fix unaligned access in ghash_setkey()
ACPICA: Drop port I/O validation for some regions
genirq: Fix the return type of kstat_cpu_irqs_sum()
rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
lib/mpi: Fix buffer overrun when SG is too long
crypto: ccp: Use the stack for small SEV command buffers
crypto: ccp: Use the stack and common buffer for status commands
crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak
crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
ACPICA: nsrepair: handle cases without a return value correctly
thermal/drivers/tsens: Drop msm8976-specific defines
thermal/drivers/qcom/tsens_v1: Enable sensor 3 on MSM8976
thermal/drivers/tsens: Add compat string for the qcom,msm8960
thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
wifi: orinoco: check return value of hermes_write_wordrec()
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
ath9k: hif_usb: simplify if-if to if-else
ath9k: htc: clean up statistics macros
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data()
ACPI: battery: Fix missing NUL-termination with large strings
crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
crypto: essiv - Handle EBUSY correctly
crypto: seqiv - Handle EBUSY correctly
powercap: fix possible name leak in powercap_register_zone()
x86/cpu: Init AP exception handling from cpu_init_secondary()
x86/microcode: Replace deprecated CPU-hotplug functions.
x86: Mark stop_this_cpu() __noreturn
x86/microcode: Rip out the OLD_INTERFACE
x86/microcode: Default-disable late loading
x86/microcode: Print previous version of microcode after reload
x86/microcode: Add a parameter to microcode_check() to store CPU capabilities
x86/microcode: Check CPU capabilities after late microcode update correctly
x86/microcode: Adjust late loading result reporting message
net: ethernet: ti: am65-cpsw: fix tx csum offload for multi mac mode
net: ethernet: ti: am65-cpsw: handle deferred probe with dev_err_probe()
net: ethernet: ti: add missing of_node_put before return
crypto: xts - Handle EBUSY correctly
leds: led-class: Add missing put_device() to led_put()
crypto: ccp - Refactor out sev_fw_alloc()
crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
bpftool: profile online CPUs instead of possible
net/mlx5: Enhance debug print in page allocation failure
irqchip: Fix refcount leak in platform_irqchip_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
s390/vmem: fix empty page tables cleanup under KASAN
net: add sock_init_data_uid()
tun: tun_chr_open(): correctly initialize socket uid
tap: tap_open(): correctly initialize socket uid
OPP: fix error checking in opp_migrate_dentry()
Bluetooth: L2CAP: Fix potential user-after-free
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
crypto: rsa-pkcs1pad - Use akcipher_request_complete
m68k: /proc/hardware should depend on PROC_FS
RISC-V: time: initialize hrtimer based broadcast clock event device
wifi: iwl3945: Add missing check for create_singlethread_workqueue
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
selftests/bpf: Fix out-of-srctree build
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
thermal/drivers/hisi: Drop second sensor hi3660
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
bpf: Fix global subprog context argument resolution logic
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
selftests/net: Interpret UDP_GRO cmsg data as an int value
l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
net: bcmgenet: fix MoCA LED control
selftest: fib_tests: Always cleanup before exit
sefltests: netdevsim: wait for devlink instance after netns removal
drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm/vkms: Fix null-ptr-deref in vkms_release()
drm/vc4: dpi: Add option for inverting pixel clock and output enable
drm/vc4: dpi: Fix format mapping for RGB565
drm: tidss: Fix pixel format definition
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
pinctrl: rockchip: add support for rk3568
pinctrl: rockchip: do coding style for mux route struct
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
drm/vc4: hvs: Set AXI panic modes
drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
drm/vc4: hdmi: Correct interlaced timings again
ASoC: fsl_sai: initialize is_dsp_mode flag
drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
ALSA: hda/ca0132: minor fix for allocation size
drm/msm/dpu: Disallow unallocated resources to be returned
drm/bridge: lt9611: fix sleep mode setup
drm/bridge: lt9611: fix HPD reenablement
drm/bridge: lt9611: fix polarity programming
drm/bridge: lt9611: fix programming of video modes
drm/bridge: lt9611: fix clock calculation
drm/bridge: lt9611: pass a pointer to the of node
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drm/msm: use strscpy instead of strncpy
drm/msm/dpu: Add check for cstate
drm/msm/dpu: Add check for pstates
drm/msm/mdp5: Add check for kzalloc
pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
pinctrl: mediatek: Initialize variable pullen and pullup to zero
pinctrl: mediatek: Initialize variable *buf to zero
gpu: host1x: Don't skip assigning syncpoints to channels
drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
drm/mediatek: Use NULL instead of 0 for NULL pointer
drm/mediatek: Drop unbalanced obj unref
drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
drm/mediatek: Clean dangling pointer on bind error path
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
gpio: vf610: connect GPIO label to dev name
spi: dw_bt1: fix MUX_MMIO dependencies
ASoC: mchp-spdifrx: fix controls which rely on rsr register
ASoC: atmel: fix spelling mistakes
ASoC: mchp-spdifrx: fix return value in case completion times out
ASoC: mchp-spdifrx: fix controls that works with completion mechanism
ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
ASoC: dt-bindings: meson: fix gx-card codec node regex
hwmon: (ltc2945) Handle error case in ltc2945_value_store
drm/amdgpu: fix enum odm_combine_mode mismatch
scsi: mpt3sas: Fix a memory leak
scsi: aic94xx: Add missing check for dma_map_single()
spi: bcm63xx-hsspi: fix pm_runtime
spi: bcm63xx-hsspi: Fix multi-bit mode setting
hwmon: (mlxreg-fan) Return zero speed for broken fan
ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
dm: remove flush_scheduled_work() during local_exit()
NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()
NFSv4: keep state manager thread active if swap is enabled
nfs4trace: fix state manager flag printing
NFS: fix disabling of swap
spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
HID: bigben: use spinlock to protect concurrent accesses
HID: bigben_worker() remove unneeded check on report_field
HID: bigben: use spinlock to safely schedule workers
hid: bigben_probe(): validate report count
nfsd: fix race to check ls_layouts
cifs: Fix lost destroy smbd connection when MR allocate failed
cifs: Fix warning and UAF when destroy the MR list
gfs2: jdata writepage fix
perf llvm: Fix inadvertent file creation
leds: led-core: Fix refcount leak in of_led_get()
perf tools: Fix auto-complete on aarch64
sparc: allow PM configs for sparc32 COMPILE_TEST
selftests/ftrace: Fix bash specific "==" operator
printf: fix errname.c list
objtool: add UACCESS exceptions for __tsan_volatile_read/write
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents
RISC-V: fix funct4 definition for c.jalr in parse_asm.h
mtd: rawnand: sunxi: Fix the size of the last OOB region
Input: iqs269a - drop unused device node references
Input: iqs269a - increase interrupt handler return delay
Input: iqs269a - configure device with a single block write
linux/kconfig.h: replace IF_ENABLED() with PTR_IF() in <linux/kernel.h>
clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed
clk: renesas: cpg-mssr: Remove superfluous check in resume code
clk: imx: avoid memory leak
Input: ads7846 - don't report pressure for ads7845
Input: ads7846 - convert to full duplex
Input: ads7846 - convert to one message
Input: ads7846 - always set last command to PWRDOWN
Input: ads7846 - don't check penirq immediately for 7845
clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC
clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
powerpc/perf/hv-24x7: add missing RTAS retry status handling
powerpc/pseries/lpar: add missing RTAS retry status handling
powerpc/pseries/lparcfg: add missing RTAS retry status handling
powerpc/rtas: make all exports GPL
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/eeh: Small refactor of eeh_handle_normal_event()
powerpc/eeh: Set channel state after notifying the drivers
MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set
MIPS: vpe-mt: drop physical_memsize
vdpa/mlx5: Don't clear mr struct on destroy MR
alpha/boot/tools/objstrip: fix the check for ELF header
Input: iqs269a - do not poll during suspend or resume
Input: iqs269a - do not poll during ATI
remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
media: ti: cal: fix possible memory leak in cal_ctx_create()
media: platform: ti: Add missing check for devm_regulator_get
powerpc: Remove linker flag from KBUILD_AFLAGS
builddeb: clean generated package content
media: max9286: Fix memleak in max9286_v4l2_register()
media: ov2740: Fix memleak in ov2740_init_controls()
media: ov5675: Fix memleak in ov5675_init_controls()
media: i2c: ov772x: Fix memleak in ov772x_probe()
media: i2c: imx219: remove redundant writes
media: i2c: imx219: Split common registers from mode tables
media: i2c: imx219: Fix binning for RAW8 capture
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: saa7134: Use video_unregister_device for radio_dev
rpmsg: glink: Avoid infinite loop on intent for missing channel
udf: Define EFSCORRUPTED error code
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
blk-iocost: fix divide by 0 error in calc_lcoefs()
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
wifi: ath11k: debugfs: fix to work with multiple PCI devices
thermal: intel: Fix unsigned comparison with less than zero
timers: Prevent union confusion from unexpected restart_syscall()
x86/bugs: Reset speculation control settings on init
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
wifi: mt7601u: fix an integer underflow
inet: fix fast path in __inet_hash_connect()
ice: add missing checks for PF vsi type
ACPI: Don't build ACPICA with '-Os'
clocksource: Suspend the watchdog temporarily when high read latency detected
crypto: hisilicon: Wipe entire pool on error
net: bcmgenet: Add a check for oversized packets
m68k: Check syscall_trace_enter() return code
wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
net/mlx5: fw_tracer: Fix debug print
coda: Avoid partial allocation of sig_inputArgs
uaccess: Add minimum bounds check on kernel buffer size
PM: EM: fix memory leak with using debugfs_lookup()
Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
drm/amd/display: Fix potential null-deref in dm_resume
drm/omap: dsi: Fix excessive stack usage
HID: Add Mapping for System Microphone Mute
drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
drm/radeon: free iio for atombios when driver shutdown
drm: amd: display: Fix memory leakage
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
docs/scripts/gdb: add necessary make scripts_gdb step
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
regulator: max77802: Bounds check regulator id against opmode
regulator: s5m8767: Bounds check id indexing into arrays
gfs2: Improve gfs2_make_fs_rw error handling
hwmon: (coretemp) Simplify platform device handling
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
HID: logitech-hidpp: Don't restart communication if not necessary
drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
dm thin: add cond_resched() to various workqueue loops
dm cache: add cond_resched() to various workqueue loops
nfsd: zero out pointers after putting nfsd_files on COPY setup error
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
rtc: pm8xxx: fix set-alarm race
ipmi_ssif: Rename idle state and check
s390/extmem: return correct segment type in __segment_load()
s390: discard .interp section
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
cifs: Fix uninitialized memory read in smb3_qfs_tcon()
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
fs: hfsplus: fix UAF issue in hfsplus_put_super
exfat: fix reporting fs error when reading dir beyond EOF
exfat: fix unexpected EOF while reading dir
exfat: redefine DIR_DELETED as the bad cluster number
exfat: fix inode->i_blocks for non-512 byte sector size device
f2fs: fix information leak in f2fs_move_inline_dirents()
f2fs: fix cgroup writeback accounting with fs-layer encryption
ocfs2: fix defrag path triggering jbd2 ASSERT
ocfs2: fix non-auto defrag path not working issue
udf: Truncate added extents on failed expansion
udf: Do not bother merging very long extents
udf: Do not update file length for failed writes to inline files
udf: Preserve link count of system files
udf: Detect system inodes linked into directory hierarchy
udf: Fix file corruption when appending just after end of preallocated extent
KVM: Destroy target device if coalesced MMIO unregistration fails
KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
KVM: s390: disable migration mode when dirty tracking is disabled
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/AMD: Fix mixed steppings support
x86/speculation: Allow enabling STIBP with legacy IBRS
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
brd: return 0/-error from brd_insert_page()
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
irqdomain: Fix association race
irqdomain: Fix disassociation race
irqdomain: Drop bogus fwspec-mapping error handling
io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
io_uring: mark task TASK_RUNNING before handling resume/task work
io_uring: add a conditional reschedule to the IOPOLL cancelation loop
io_uring/rsrc: disallow multi-source reg buffers
io_uring: remove MSG_NOSIGNAL from recvmsg
io_uring/poll: allow some retries for poll triggering spuriously
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
jbd2: fix data missing when reusing bh which is ready to be checkpointed
ext4: optimize ea_inode block expansion
ext4: refuse to create ea block when umounted
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
dm: add cond_resched() to dm_wq_work()
wifi: rtl8xxxu: Use a longer retry limit of 48
wifi: cfg80211: Fix use after free for wext
thermal: intel: powerclamp: Fix cur_state for multi package system
dm flakey: fix logic when corrupting a bio
dm flakey: don't corrupt the zero page
ARM: dts: exynos: correct TMU phandle in Exynos4210
ARM: dts: exynos: correct TMU phandle in Exynos4
ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
ARM: dts: exynos: correct TMU phandle in Exynos5250
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Odroid HC1
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
alpha: fix FEN fault handling
dax/kmem: Fix leak of memory-hotplug resources
mips: fix syscall_get_nr
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
remoteproc/mtk_scp: Move clk ops outside send_lock
docs: gdbmacros: print newest record
mm: memcontrol: deprecate charge moving
mm/thp: check and bail out if page in deferred queue already
ktest.pl: Give back console on Ctrt^C on monitor
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ring-buffer: Handle race between rb_move_tail and rb_check_pages
scsi: qla2xxx: Fix link failure in NPIV environment
scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
scsi: qla2xxx: Fix erroneous link down
scsi: ses: Don't attach if enclosure has no components
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
riscv: jump_label: Fixup unaligned arch_static_branch function
PCI/PM: Observe reset delay irrespective of bridge_d3
PCI: hotplug: Allow marking devices as disconnected during bind/unbind
PCI: Avoid FLR for AMD FCH AHCI adapters
vfio/type1: prevent underflow of locked_vm via exec()
drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
drm/radeon: Fix eDP for single-display iMac11,2
drm/edid: fix AVI infoframe aspect ratio handling
arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
wifi: ath9k: use proper statements in conditionals
pinctrl: rockchip: fix mux route data for rk3568
pinctrl: rockchip: fix reading pull type on rk3568
kbuild: Port silent mode detection to future gnu make.
net/sched: Retire tcindex classifier
fs/jfs: fix shift exponent db_agl2size negative
objtool: Fix memory leak in create_static_call_sections()
pwm: sifive: Reduce time the controller lock is held
pwm: sifive: Always let the first pwm_apply_state succeed
pwm: stm32-lp: fix the check on arr and cmp registers update
f2fs: use memcpy_{to,from}_page() where possible
fs: f2fs: initialize fsdata in pagecache_write()
um: vector: Fix memory leak in vector_config
ubi: ensure that VID header offset + VID header size <= alloc, size
ubifs: Fix build errors as symbol undefined
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Reserve one leb for each journal head while doing budget
ubi: Fix use-after-free when volume resizing failed
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubifs: Fix memory leak in alloc_wbufs()
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubifs: Re-statistic cleaned znode count if commit failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
watchdog: Fix kmemleak in watchdog_cdev_register
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
netfilter: ebtables: fix table blob use-after-free
ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
net: fix __dev_kfree_skb_any() vs drop monitor
9p/xen: fix version parsing
9p/xen: fix connection sequence
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
net/mlx5: Geneve, Fix handling of Geneve object id as error code
nfc: fix memory leak of se_io context in nfc_genl_se_io
net/sched: act_sample: fix action bind logic
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
tcp: tcp_check_req() can be called from process context
vc_screen: modify vcs_size() handling in vcs_read()
rtc: sun6i: Always export the internal oscillator
scsi: ipr: Work around fortify-string warning
loop: loop_set_status_from_info() check before assignment
ASoC: adau7118: don't disable regulators on device unbind
ASoC: zl38060: Remove spurious gpiolib select
ASoC: zl38060 add gpiolib dependency
thermal: intel: quark_dts: fix error pointer dereference
thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support
mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
IB/hfi1: Update RMT size calculation
media: uvcvideo: Handle cameras with invalid descriptors
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
media: uvcvideo: Silence memcpy() run-time false positive warnings
staging: emxx_udc: Add checks for dma_alloc_coherent()
tty: fix out-of-bounds access in tty_driver_lookup_tty()
tty: serial: fsl_lpuart: disable the CTS when send break signal
serial: sc16is7xx: setup GPIO controller later in probe
mei: bus-fixup:upon error print return values of send and receive
tools/iio/iio_utils:fix memory leak
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
PCI: loongson: Prevent LS7A MRRS increases
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
USB: ene_usb6250: Allocate enough memory for full object
usb: uvc: Enumerate valid values for color matching
usb: gadget: uvc: Make bSourceID read/write
PCI: Align extra resources for hotplug bridges properly
PCI: Take other bus devices into account when distributing resources
kernel/fail_function: fix memory leak with using debugfs_lookup()
PCI: loongson: Add more devices that need MRRS quirk
PCI: Add ACS quirk for Wangxun NICs
phy: rockchip-typec: Fix unsigned comparison with less than zero
soundwire: cadence: Remove wasted space in response_buf
soundwire: cadence: Drain the RX FIFO after an IO timeout
net: tls: avoid hanging tasks on the tx_lock
x86/resctrl: Apply READ_ONCE/WRITE_ONCE to task_struct.{rmid,closid}
x86/resctl: fix scheduler confusion with 'current'
drm/display/dp_mst: Fix down/up message handling after sink disconnect
drm/display/dp_mst: Fix down message handling after a packet reception error
Bluetooth: hci_sock: purge socket queues in the destruct() callback
tcp: Fix listen() regression in 5.10.163
drm/virtio: Fix error code in virtio_gpu_object_shmem_init()
media: uvcvideo: Provide sync and async uvc_ctrl_status_event
media: uvcvideo: Fix race condition with usb_kill_urb
Revert "scsi: mpt3sas: Fix return value check of dma_get_required_mask()"
scsi: mpt3sas: Don't change DMA mask while reallocating pools
scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
scsi: mpt3sas: Remove usage of dma_get_required_mask() API
malidp: Fix NULL vs IS_ERR() checking
usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
Linux 5.10.173
Change-Id: Iedcbc093feb171d48c70976d0aa99e972fac3ad1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Heming Zhao via Ocfs2-devel
|
6bf9caa585 |
ocfs2: fix non-auto defrag path not working issue
commit 236b9254f8d1edc273ad88b420aa85fbd84f492d upstream. This fixes three issues on move extents ioctl without auto defrag: a) In ocfs2_find_victim_alloc_group(), we have to convert bits to block first in case of global bitmap. b) In ocfs2_probe_alloc_group(), when finding enough bits in block group bitmap, we have to back off move_len to start pos as well, otherwise it may corrupt filesystem. c) In ocfs2_ioctl_move_extents(), set me_threshold both for non-auto and auto defrag paths. Otherwise it will set move_max_hop to 0 and finally cause unexpectedly ENOSPC error. Currently there are no tools triggering the above issues since defragfs.ocfs2 enables auto defrag by default. Tested with manually changing defragfs.ocfs2 to run non auto defrag path. Link: https://lkml.kernel.org/r/20230220050526.22020-1-heming.zhao@suse.com Signed-off-by: Heming Zhao <heming.zhao@suse.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Heming Zhao via Ocfs2-devel
|
2c559b3ba8 |
ocfs2: fix defrag path triggering jbd2 ASSERT
commit 60eed1e3d45045623e46944ebc7c42c30a4350f0 upstream.
code path:
ocfs2_ioctl_move_extents
ocfs2_move_extents
ocfs2_defrag_extent
__ocfs2_move_extent
+ ocfs2_journal_access_di
+ ocfs2_split_extent //sub-paths call jbd2_journal_restart
+ ocfs2_journal_dirty //crash by jbs2 ASSERT
crash stacks:
PID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: "defragfs.ocfs2"
#0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01
#1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d
#2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d
#3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f
#4 [ffffb25d8dad3a58] do_trap at ffffffff83833205
#5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6
#6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18
[exception RIP: jbd2_journal_dirty_metadata+0x2ba]
RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207
RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250
RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000
R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28
R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2]
#8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2]
#9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2]
Analysis
This bug has the same root cause of 'commit
|
||
|
Greg Kroah-Hartman
|
4922049993 |
This is the 5.10.163 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPCczkACgkQONu9yGCS
aT4tnRAAsW8h/ohmhP+O2lQ9Ekw6s9VB6KB4aJzLhQXqIZlrzk2DP3CiLxQ7DkFc
AcHwFYq+sERo8O7dK6pbCW0zNvLUpbK2wJhwMHujJfSUFboXX85NR6u90U67pBKS
p+yVkDSx8LNc7c676xQ7ey5rO1K2fQQ266gexjI9WOkjIFOfplVkZ7tkvt51VwAD
mNvOQsZdCE6xs+T3t9YMOtAx3wW8vl1wW3QDWCHznQwOJiMEjfNEOUY/+xELnnWz
DVONWPHTFNKQHZwIuVUFZdNuORq5WXoIaMZdaEFkhuOtRMnQ9l+wi8iMxX8zkgBn
Ji/dPu3GdAZsJU4/rXHkY2AeZV1oJc3NLYmevoRZirTqMQCqyM+blif7Rf34kBi7
6jlGPWOjyMNe58shfHmjWTl/u4pMDoYOnm5XO+1oL+2Xg8QWCucqAlfPFB3uMh6n
aL4ymzo5QRy1+tx8v7o1NOjnGWydvYn3O4fwJVkYTFaJZZr9EI7gpTmEBw/gwfuf
4TH6BC++Ai/8vgKUhpdnWuTrjomWalPTcPBgQYG4gD7ak2TM1rmgMaCl/THUe36R
zPC8m2sIXKeI4zGi8TeqTgaRvFSKJnuEmVo5OPkG98fZkjekCzWHp0q1+PG2Ecy8
Mu2/AOnwb1aSfOJh2Qajoke/Wed0U6qszop8C/jPRh8D1uTmRbI=
=sOTj
-----END PGP SIGNATURE-----
Merge 5.10.163 into android12-5.10-lts
Changes in 5.10.163
usb: musb: remove extra check in musb_gadget_vbus_draw
arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins
arm64: dts: qcom: msm8996: fix GPU OPP table
ARM: dts: qcom: apq8064: fix coresight compatible
arm64: dts: qcom: sdm630: fix UART1 pin bias
arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
arm64: dts: qcom: msm8916: Drop MSS fallback compatible
objtool, kcsan: Add volatile read/write instrumentation to whitelist
ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96
ARM: dts: stm32: Fix AV96 WLAN regulator gpio property
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
soc: qcom: llcc: make irq truly optional
soc: qcom: apr: make code more reuseable
soc: qcom: apr: Add check for idr_alloc and of_property_read_string_index
arm: dts: spear600: Fix clcd interrupt
soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync
soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()
arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node
arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: turris-omnia: Add switch port 6 node
arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC
pstore/ram: Fix error return code in ramoops_probe()
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init()
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
sched/fair: Cleanup task_util and capacity type
sched/uclamp: Fix relationship between uclamp and migration margin
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
cpufreq: qcom-hw: Fix memory leak in qcom_cpufreq_hw_read_lut()
selftests/ftrace: event_triggers: wait longer for test_event_enable
perf: Fix possible memleak in pmu_dev_alloc()
lib/debugobjects: fix stat count and optimize debug_objects_mem_init
platform/x86: huawei-wmi: fix return value calculation
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
proc: fixup uptime selftest
lib/fonts: fix undefined behavior in bit shift for get_default_font
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
selftests/efivarfs: Add checking of the test return value
PNP: fix name memory leak in pnp_alloc_dev()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()
perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box()
platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
nfsd: don't call nfsd_file_put from client states seqfile display
genirq/irqdesc: Don't try to remove non-existing sysfs files
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
docs: fault-injection: fix non-working usage of negative values
debugfs: fix error when writing negative value to atomic_t debugfs file
ocfs2: ocfs2_mount_volume does cleanup job before return error
ocfs2: rewrite error handling of ocfs2_fill_super
ocfs2: fix memory leak in ocfs2_mount_volume()
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
clocksource/drivers/sh_cmt: Access registers according to spec
futex: Move to kernel/futex/
futex: Resend potentially swallowed owner death notification
cpu/hotplug: Make target_store() a nop when target == state
clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock()
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
x86/xen: Fix memory leak in xen_init_lock_cpu()
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
PM: runtime: Improve path in rpm_idle() when no callback
PM: runtime: Do not call __rpm_callback() from rpm_idle()
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
MIPS: OCTEON: warn only once if deprecated link status is being used
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
relay: fix type mismatch when allocating memory in relay_create_buf()
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: rtl8xxxu: Fix reading the vendor of combo chips
drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge
libbpf: Fix use-after-free in btf_dump_name_dups
libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
media: coda: jpeg: Add check for kmalloc
media: i2c: ad5820: Fix error path
venus: pm_helpers: Fix error check in vcodec_domains_get()
media: exynos4-is: Use v4l2_async_notifier_add_fwnode_remote_subdev
media: exynos4-is: don't rely on the v4l2_async_subdev internals
can: kvaser_usb: do not increase tx statistics when sending error message frames
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
drm/rockchip: lvds: fix PM usage counter unbalance in poweron
clk: renesas: r9a06g032: Repair grave increment error
spi: Update reference to struct spi_controller
drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure
ima: Fix fall-through warnings for Clang
ima: Handle -ESTALE returned by ima_filter_rule_match()
drm/msm/hdmi: switch to drm_bridge_connector
drm/msm/hdmi: drop unused GPIO support
bpf: Fix slot type check in check_stack_write_var_off
media: vivid: fix compose size exceed boundary
media: platform: exynos4-is: fix return value check in fimc_md_probe()
bpf: propagate precision in ALU/ALU64 operations
bpf: Check the other end of slot_type for STACK_SPILL
bpf: propagate precision across all frames, not just the last one
clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs
mtd: Fix device name leak when register device failed in add_mtd_device()
Input: joystick - fix Kconfig warning for JOYSTICK_ADC
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
media: camss: Clean up received buffers on failed start of streaming
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
rxrpc: Fix ack.bufferSize to be 0 when generating an ack
drm/radeon: Add the missed acpi_put_table() to fix memory leak
drm/mediatek: Modify dpi power on/off sequence.
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table()
drm/fourcc: Add packed 10bit YUV 4:2:0 format
drm/fourcc: Fix vsub/hsub for Q410 and Q401
integrity: Fix memory leakage in keyring allocation error path
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: videobuf-dma-contig: use dma_mmap_coherent
inet: add READ_ONCE(sk->sk_bound_dev_if) in inet_csk_bind_conflict()
bpf: Move skb->len == 0 checks into __bpf_redirect
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
regulator: core: use kfree_const() to free space conditionally
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
drm/amdgpu: fix pci device refcount leak
bonding: fix link recovery in mode 2 when updelay is nonzero
mtd: maps: pxa2xx-flash: fix memory leak in probe
drbd: fix an invalid memory access caused by incorrect use of list iterator
ASoC: qcom: Add checks for devm_kcalloc
media: vimc: Fix wrong function called when vimc_init() fails
media: imon: fix a race condition in send_packet()
clk: imx: replace osc_hdmi with dummy
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
ASoC: dt-bindings: wcd9335: fix reset line polarity in example
ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd
NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix initialisation of struct nfs4_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFS: Fix an Oops in nfs_d_automount()
ALSA: asihpi: fix missing pci_disable_device()
wifi: iwlwifi: mvm: fix double free on tx path.
ASoC: mediatek: mt8173: Fix debugfs registration for components
ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
drm/amd/pm/smu11: BACO is supported when it's in BACO state
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
netfilter: conntrack: set icmpv6 redirects as RELATED
bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect
bonding: uninitialized variable in bond_miimon_inspect()
spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE
wifi: mac80211: fix memory leak in ieee80211_if_add()
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
wifi: mt76: fix coverity overrun-call in mt76_get_txpower()
regulator: core: fix module refcount leak in set_supply()
clk: qcom: clk-krait: fix wrong div2 functions
hsr: Add a rcu-read lock to hsr_forward_skb().
net: hsr: generate supervision frame without HSR/PRP tag
hsr: Disable netpoll.
hsr: Synchronize sending frames to have always incremented outgoing seq nr.
hsr: Synchronize sequence number updates.
configfs: fix possible memory leak in configfs_create_dir()
regulator: core: fix resource leak in regulator_register()
hwmon: (jc42) Convert register access and caching to regmap/regcache
hwmon: (jc42) Restore the min/max/critical temperatures on resume
bpf, sockmap: fix race in sock_map_free()
ALSA: pcm: Set missing stop_operating flag at undoing trigger start
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
SUNRPC: Fix missing release socket in rpc_sockname()
NFSv4.x: Fail client initialisation if state manager thread can't run
mmc: alcor: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: pxamci: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: omap_hsmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: rtl8xxxu: Fix the channel width reporting
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
clk: socfpga: clk-pll: Remove unused variable 'rc'
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: Fix memory leak in socfpga_gate_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd-xgbe: Fix logic around active and passive cables
net: amd-xgbe: Check only the minimum speed for active/passive cables
can: tcan4x5x: Remove invalid write in clear_interrupts
net: lan9303: Fix read error execution path
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
sctp: sysctl: make extra pointers netns aware
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
apparmor: fix a memleak in multi_transaction_new()
apparmor: fix lockdep warning when removing a namespace
apparmor: Fix abi check to include v8 abi
crypto: sun8i-ss - use dma_addr instead u32
crypto: nitrox - avoid double free on error path in nitrox_sriov_init()
scsi: core: Fix a race between scsi_done() and scsi_timeout()
apparmor: Use pointer to struct aa_label for lbs_cred
PCI: dwc: Fix n_fts[] array overrun
RDMA/core: Fix order of nldev_exit call
PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled
f2fs: Fix the race condition of resize flag between resizefs
crypto: rockchip - do not do custom power management
crypto: rockchip - do not store mode globally
crypto: rockchip - add fallback for cipher
crypto: rockchip - add fallback for ahash
crypto: rockchip - better handle cipher key
crypto: rockchip - remove non-aligned handling
crypto: rockchip - delete unneeded variable initialization
crypto: rockchip - rework by using crypto_engine
apparmor: Fix memleak in alloc_ns()
f2fs: fix normal discard process
RDMA/siw: Fix immediate work request flush to completion queue
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
RDMA/siw: Set defined status for work completion with undefined status
scsi: scsi_debug: Fix a warning in resp_write_scat()
crypto: ccree - Remove debugfs when platform_driver_register failed
crypto: cryptd - Use request context instead of stack for sub-request
crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set()
RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data()
RDMA/hns: Fix ext_sge num error when post send
PCI: Check for alloc failure in pci_request_irq()
RDMA/hfi: Decrease PCI device reference count in error path
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hns: fix memory leak in hns_roce_alloc_mr()
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
padata: Always leave BHs disabled when running ->parallel()
padata: Fix list iterator in padata_do_serial()
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: scsi_debug: Fix a warning in resp_verify()
scsi: scsi_debug: Fix a warning in resp_report_zones()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper()
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps()
f2fs: avoid victim selection from previous victim section
RDMA/nldev: Fix failure to send large messages
crypto: amlogic - Remove kcalloc without check
crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe()
riscv/mm: add arch hook arch_clear_hugepage_flags
RDMA/hfi1: Fix error return code in parse_platform_config()
RDMA/srp: Fix error return code in srp_parse_options()
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hns: Fix PBL page MTR find
RDMA/hns: Fix page size cap from firmware
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
serial: tegra: Read DMA status before terminating
class: fix possible memory leak in __class_register()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
usb: typec: tcpci: fix of node refcount leak in tcpci_register_port()
usb: typec: tipd: Fix spurious fwnode_handle_put in error path
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: pch: Fix PCI device refcount leak in pch_request_dma()
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
serial: altera_uart: fix locking in polling mode
serial: sunsab: Fix error handling in sunsab_init()
test_firmware: fix memory leak in test_firmware_init()
misc: ocxl: fix possible name leak in ocxl_file_register_afu()
ocxl: fix pci device refcount leak when calling get_function_0()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
iio: temperature: ltc2983: make bulk write buffer DMA-safe
genirq: Add IRQF_NO_AUTOEN for request_irq/nmi()
iio:imu:adis: Use IRQF_NO_AUTOEN instead of irq request then disable
iio: adis: handle devices that cannot unmask the drdy pin
iio: adis: stylistic changes
iio:imu:adis: Move exports into IIO_ADISLIB namespace
iio: adis: add '__adis_enable_irq()' implementation
counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update
usb: roles: fix of node refcount leak in usb_role_switch_is_parent()
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: fix refcount leak on error path
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
gpiolib: Get rid of redundant 'else'
gpiolib: cdev: fix NULL-pointer dereferences
i2c: mux: reg: check return value after calling platform_get_resource()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
tracing/hist: Fix issue of losting command info in error_log
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
thermal/drivers/imx8mm_thermal: Validate temperature range
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
perf trace: Return error if a system call doesn't exist
perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number
perf trace: Handle failure when trace point folder is missed
perf symbol: correction while adjusting symbol
HSI: omap_ssi_core: Fix error handling in ssi_init()
power: supply: fix null pointer dereferencing in power_supply_get_battery_info
RDMA/siw: Fix pointer cast warning
iommu/sun50i: Fix reset release
iommu/sun50i: Consider all fault sources for reset
iommu/sun50i: Fix R/W permission check
iommu/sun50i: Fix flush size
phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices
include/uapi/linux/swab: Fix potentially missing __always_inline
pwm: tegra: Improve required rate calculation
dmaengine: idxd: Fix crc_val field for completion record
rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0
rtc: cmos: Fix event handler registration ordering issue
rtc: cmos: Fix wake alarm breakage
rtc: cmos: fix build on non-ACPI platforms
rtc: cmos: Call cmos_wake_setup() from cmos_do_probe()
rtc: cmos: Call rtc_wake_setup() from cmos_do_probe()
rtc: cmos: Eliminate forward declarations of some functions
rtc: cmos: Rename ACPI-related functions
rtc: cmos: Disable ACPI RTC event on removal
rtc: snvs: Allow a time difference on clock register read
rtc: pcf85063: Fix reading alarm
iommu/amd: Fix pci device refcount leak in ppr_notifier()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/xmon: Enable breakpoints on 8xx
powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
kbuild: remove unneeded mkdir for external modules_install
kbuild: unify modules(_install) for in-tree and external modules
kbuild: refactor single builds of *.ko
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY
pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove
remoteproc: qcom_q6v5_pas: detach power domains on remove
remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region()
powerpc/eeh: Drop redundant spinlock initialization
powerpc/pseries/eeh: use correct API for error log size
netfilter: flowtable: really fix NAT IPv6 offload
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe()
rtc: pcf85063: fix pcf85063_clkout_control
NFSD: Remove spurious cb_setup_err tracepoint
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
net: macsec: fix net device access prior to holding a lock
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
net: switch to storing KCOV handle directly in sk_buff
net: add inline function skb_csum_is_sctp
net: igc: use skb_csum_is_sctp instead of protocol check
net: add a helper to avoid issues with HW TX timestamping and SO_TXTIME
igc: Enhance Qbv scheduling by using first flag bit
igc: Use strict cycles for Qbv scheduling
igc: Add checking for basetime less than zero
igc: recalculate Qbv end_time by considering cycle time
igc: Lift TAPRIO schedule restriction
igc: Set Qbv start_time and end_time to end_time if not being configured in GCL
rtc: mxc_v2: Add missing clk_disable_unprepare()
selftests: devlink: fix the fd redirect in dummy_reporter_test
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
mailbox: zynq-ipi: fix error handling while device_register() fails
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
arm64: make is_ttbrX_addr() noinstr-safe
video: hyperv_fb: Avoid taking busy spinlock on panic path
x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
nilfs2: fix shift-out-of-bounds due to too large exponent of block size
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
drm/etnaviv: add missing quirks for GC300
brcmfmac: return error when getting invalid max_flowrings from dongle
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
ipmi: fix memleak when unload ipmi driver
drm/amd/display: prevent memory leak
qed (gcc13): use u16 for fid to be big enough
bpf: make sure skb->len != 0 when redirecting to a tunneling device
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
drm/amdgpu: Fix type of second parameter in trans_msg() callback
drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/msm: Use drm_mode_copy()
drm/rockchip: Use drm_mode_copy()
drm/sti: Use drm_mode_copy()
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drm/amd/display: fix array index out of bound error in bios parser
net: add atomic_long_t to net_device_stats fields
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
bpf: Prevent decl_tag from being referenced in func_proto arg
ethtool: avoiding integer overflow in ethtool_phys_id()
media: dvb-frontends: fix leak of memory fw
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
libbpf: Avoid enum forward-declarations in public API in C++ mode
regulator: core: fix use_count leakage when handling boot-on
mmc: f-sdh30: Add quirks for broken timeout clock capability
mmc: renesas_sdhi: better reset from HS400 mode
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
hwmon: (jc42) Fix missing unlock on error in jc42_write()
ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c
ALSA: hda: add snd_hdac_stop_streams() helper
ASoC: Intel: Skylake: Fix driver hang during shutdown
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link()
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
LoadPin: Ignore the "contents" argument of the LSM hooks
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option()
afs: Fix lost servers_outstanding count
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
ima: Simplify ima_lsm_copy_rule
ALSA: usb-audio: add the quirk for KT0206 device
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode
usb: dwc3: core: defer probe on ulpi_read_id timeout
HID: wacom: Ensure bootloader PID is usable in hidraw mode
HID: mcp2221: don't connect hidraw
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
iio: adc128s052: add proper .data members in adc128_of_match table
regulator: core: fix deadlock on regulator enable
gcov: add support for checksum field
ovl: fix use inode directly in rcu-walk mode
media: dvbdev: fix build warning due to comments
media: dvbdev: fix refcnt bug
pwm: tegra: Fix 32 bit build
usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
cifs: fix oops during encryption
nvme-pci: fix doorbell buffer value endianness
nvme-pci: fix mempool alloc size
nvme-pci: fix page size checks
ata: ahci: Fix PCS quirk application for suspend
nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
nvmet: don't defer passthrough commands with trivial effects to the workqueue
objtool: Fix SEGFAULT
powerpc/rtas: avoid device tree lookups in rtas_os_term()
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
HID: plantronics: Additional PIDs for double volume key presses quirk
pstore/zone: Use GFP_ATOMIC to allocate zone buffer
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
binfmt: Fix error return code in load_elf_fdpic_binary()
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mm, compaction: fix fast_isolate_around() to stay within boundaries
f2fs: should put a page when checking the summary info
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
tpm: acpi: Call acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
kcsan: Instrument memcpy/memset/memmove with newer Clang
ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio
ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire
net/mlx5e: Fix nullptr in mlx5e_tc_add_fdb_flow()
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
wifi: rtlwifi: 8192de: correct checking of IQK reload
torture: Exclude "NOHZ tick-stop error" from fatal errors
rcu: Prevent lockdep-RCU splats on lock acquisition/release
net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO
net/af_packet: make sure to pull mac header
media: stv0288: use explicitly signed char
soc: qcom: Select REMAP_MMIO for LLCC driver
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl minconfig: Unset configs instead of just removing them
jbd2: use the correct print format
arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength
mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K
btrfs: fix resolving backrefs for inline extent followed by prealloc
ARM: ux500: do not directly dereference __iomem
arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength
selftests: Use optional USERCFLAGS and USERLDFLAGS
PM/devfreq: governor: Add a private governor_data for governor
cpufreq: Init completion before kobject_init_and_add()
ALSA: patch_realtek: Fix Dell Inspiron Plus 16
ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata
dm thin: Use last transaction's pmd->root when commit failed
dm thin: resume even if in FAIL mode
dm thin: Fix UAF in run_timer_softirq()
dm integrity: Fix UAF in dm_integrity_dtr()
dm clone: Fix UAF in clone_dtr()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx'
perf/core: Call LSM hook after copying perf_event_attr
KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
x86/microcode/intel: Do not retry microcode reloading on the APs
ftrace/x86: Add back ftrace_expected for ftrace bug reports
x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK
tracing/hist: Fix wrong return value in parse_action_params()
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
staging: media: tegra-video: fix chan->mipi value on error
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
media: dvb-core: Fix UAF due to refcount races at releasing
cifs: fix confusing debug message
cifs: fix missing display of three mount options
rtc: ds1347: fix value written to century register
md/bitmap: Fix bitmap chunk size overflow issues
efi: Add iMac Pro 2017 to uefi skip cert quirk
wifi: wilc1000: sdio: fix module autoloading
ASoC: jz4740-i2s: Handle independent FIFO flush bits
ipmi: fix long wait in unload when IPMI disconnect
mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix use after free in _ipmi_destroy_user()
PCI: Fix pci_device_is_present() for VFs by checking PF
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
driver core: Fix bus_type.match() error handling in __driver_attach()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
drm/i915/dsi: fix VBT send packet port selection for dual link DSI
drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init()
ext4: silence the warning when evicting inode with dioread_nolock
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
ext4: add helper to check quota inums
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: fix reserved cluster accounting in __es_remove_extent()
ext4: check and assert if marking an no_delete evicting inode dirty
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: initialize quota before expanding inode in setproject ioctl
ext4: avoid unaccounted block allocation when expanding inode
ext4: allocate extended attribute value in vmalloc area
drm/amdgpu: handle polaris10/11 overlap asics (v2)
drm/amdgpu: make display pinning more flexible (v2)
ARM: renumber bits related to _TIF_WORK_MASK
perf/x86/intel/uncore: Generalize I/O stacks to PMON mapping procedure
perf/x86/intel/uncore: Clear attr_update properly
btrfs: replace strncpy() with strscpy()
x86/mce: Get rid of msr_ops
x86/MCE/AMD: Clear DFR errors found in THR handler
media: s5p-mfc: Fix to handle reference queue during finishing
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix in register read and write for H264
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
x86/kprobes: Convert to insn_decode()
x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
staging: media: tegra-video: fix device_node use after free
ravb: Fix "failed to switch device to config mode" message during unbind
riscv/stacktrace: Fix stack output without ra on the stack top
riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument
ext4: goto right label 'failed_mount3a'
ext4: correct inconsistent error msg in nojournal mode
mm/highmem: Lift memcpy_[to|from]_page to core
ext4: use memcpy_to_page() in pagecache_write()
fs: ext4: initialize fsdata in pagecache_write()
ext4: move functions in super.c
ext4: simplify ext4 error translation
ext4: fix various seppling typos
ext4: fix leaking uninitialized memory in fast-commit journal
ext4: use kmemdup() to replace kmalloc + memcpy
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
ext4: remove EA inode entry from mbcache on inode eviction
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
mbcache: automatically delete entries from cache on freeing
ext4: fix deadlock due to mbcache entry corruption
SUNRPC: ensure the matching upcall is in-flight upon downcall
bpf: pull before calling skb_postpull_rcsum()
drm/panfrost: Fix GEM handle creation ref-counting
vmxnet3: correctly report csum_level for encapsulated packet
veth: Fix race with AF_XDP exposing old or uninitialized descriptors
nfsd: shut down the NFSv4 state objects before the filecache
net: hns3: add interrupts re-initialization while doing VF FLR
net: sched: fix memory leak in tcindex_set_parms
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
nfc: Fix potential resource leaks
vhost/vsock: Fix error handling in vhost_vsock_init()
vringh: fix range used in iotlb_translate()
vhost: fix range used in translate_desc()
net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path
net/mlx5: Avoid recovery in probe flows
net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default
net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
net: amd-xgbe: add missed tasklet_kill
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
drm/meson: Reduce the FIFO lines held when AFBC is not used
filelock: new helper: vfs_inode_has_locks
ceph: switch to vfs_inode_has_locks() to fix file lock bug
gpio: sifive: Fix refcount leak in sifive_gpio_probe
net: sched: atm: dont intepret cls results when asked to drop
net: sched: cbq: dont intepret cls results when asked to drop
netfilter: ipset: fix hash:net,port,net hang with /0 subnet
netfilter: ipset: Rework long task execution when adding/deleting entries
perf tools: Fix resources leak in perf_data__open_dir()
drivers/net/bonding/bond_3ad: return when there's no aggregator
usb: rndis_host: Secure rndis_query check against int overflow
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
caif: fix memory leak in cfctrl_linkup_request()
udf: Fix extension of the last extent in the file
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
nvme: fix multipath crash caused by flush request when blktrace is enabled
x86/bugs: Flush IBP in ib_prctl_set()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
riscv: uaccess: fix type of 0 variable on error in get_user()
drm/i915/gvt: fix gvt debugfs destroy
drm/i915/gvt: fix vgpu debugfs clean in remove
ext4: don't allow journal inode to have encrypt flag
selftests: set the BUILD variable to absolute path
hfs/hfsplus: use WARN_ON for sanity check
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
mbcache: Avoid nesting of cache->c_list_lock under bit locks
efi: random: combine bootloader provided RNG seed with RNG protocol output
io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res()
parisc: Align parisc MADV_XXX constants with all other architectures
ext4: disable fast-commit of encrypted dir operations
ext4: don't set up encryption key during jbd2 transaction
fsl_lpuart: Don't enable interrupts too early
serial: fixup backport of "serial: Deassert Transmit Enable on probe in driver-specific way"
mptcp: mark ops structures as ro_after_init
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
mptcp: dedicated request sock for subflow in v6
mptcp: use proper req destructor for IPv6
net: sched: disallow noqueue for qdisc classes
net/ulp: prevent ULP without clone op from entering the LISTEN status
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
ALSA: hda - Enable headset mic on another Dell laptop with ALC3254
Linux 5.10.163
Change-Id: I9026971760be8484f1e1fa607f9f91243cc87785
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Li Zetao
|
2b7e59ed2e |
ocfs2: fix memory leak in ocfs2_mount_volume()
[ Upstream commit ce2fcf1516d674a174d9b34d1e1024d64de9fba3 ]
There is a memory leak reported by kmemleak:
unreferenced object 0xffff88810cc65e60 (size 32):
comm "mount.ocfs2", pid 23753, jiffies 4302528942 (age 34735.105s)
hex dump (first 32 bytes):
10 00 00 00 00 00 00 00 00 01 01 01 01 01 01 01 ................
01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8170f73d>] __kmalloc+0x4d/0x150
[<ffffffffa0ac3f51>] ocfs2_compute_replay_slots+0x121/0x330 [ocfs2]
[<ffffffffa0b65165>] ocfs2_check_volume+0x485/0x900 [ocfs2]
[<ffffffffa0b68129>] ocfs2_mount_volume.isra.0+0x1e9/0x650 [ocfs2]
[<ffffffffa0b7160b>] ocfs2_fill_super+0xe0b/0x1740 [ocfs2]
[<ffffffff818e1fe2>] mount_bdev+0x312/0x400
[<ffffffff819a086d>] legacy_get_tree+0xed/0x1d0
[<ffffffff818de82d>] vfs_get_tree+0x7d/0x230
[<ffffffff81957f92>] path_mount+0xd62/0x1760
[<ffffffff81958a5a>] do_mount+0xca/0xe0
[<ffffffff81958d3c>] __x64_sys_mount+0x12c/0x1a0
[<ffffffff82f26f15>] do_syscall_64+0x35/0x80
[<ffffffff8300006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
This call stack is related to two problems. Firstly, the ocfs2 super uses
"replay_map" to trace online/offline slots, in order to recover offline
slots during recovery and mount. But when ocfs2_truncate_log_init()
returns an error in ocfs2_mount_volume(), the memory of "replay_map" will
not be freed in error handling path. Secondly, the memory of "replay_map"
will not be freed if d_make_root() returns an error in ocfs2_fill_super().
But the memory of "replay_map" will be freed normally when completing
recovery and mount in ocfs2_complete_mount_recovery().
Fix the first problem by adding error handling path to free "replay_map"
when ocfs2_truncate_log_init() fails. And fix the second problem by
calling ocfs2_free_replay_slots(osb) in the error handling path
"out_dismount". In addition, since ocfs2_free_replay_slots() is static,
it is necessary to remove its static attribute and declare it in header
file.
Link: https://lkml.kernel.org/r/20221109074627.2303950-1-lizetao1@huawei.com
Fixes:
|
||
|
Heming Zhao via Ocfs2-devel
|
45dabd8fe8 |
ocfs2: rewrite error handling of ocfs2_fill_super
[ Upstream commit f1e75d128b46e3b066e7b2e7cfca10491109d44d ] Current ocfs2_fill_super() uses one goto label "read_super_error" to handle all error cases. And with previous serial patches, the error handling should fork more branches to handle different error cases. This patch rewrite the error handling of ocfs2_fill_super. Link: https://lkml.kernel.org/r/20220424130952.2436-6-heming.zhao@suse.com Signed-off-by: Heming Zhao <heming.zhao@suse.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jun Piao <piaojun@huawei.com> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: ce2fcf1516d6 ("ocfs2: fix memory leak in ocfs2_mount_volume()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Heming Zhao via Ocfs2-devel
|
e403024c83 |
ocfs2: ocfs2_mount_volume does cleanup job before return error
[ Upstream commit 0737e01de9c411e4db87dcedf4a9789d41b1c5c1 ] After this patch, when error, ocfs2_fill_super doesn't take care to release resources which are allocated in ocfs2_mount_volume. Link: https://lkml.kernel.org/r/20220424130952.2436-5-heming.zhao@suse.com Signed-off-by: Heming Zhao <heming.zhao@suse.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jun Piao <piaojun@huawei.com> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: ce2fcf1516d6 ("ocfs2: fix memory leak in ocfs2_mount_volume()") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Shang XiaoJing
|
f5f2682d3a |
ocfs2: fix memory leak in ocfs2_stack_glue_init()
[ Upstream commit 13b6269dd022aaa69ca8d1df374ab327504121cf ]
ocfs2_table_header should be free in ocfs2_stack_glue_init() if
ocfs2_sysfs_init() failed, otherwise kmemleak will report memleak.
BUG: memory leak
unreferenced object 0xffff88810eeb5800 (size 128):
comm "modprobe", pid 4507, jiffies 4296182506 (age 55.888s)
hex dump (first 32 bytes):
c0 40 14 a0 ff ff ff ff 00 00 00 00 01 00 00 00 .@..............
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000001e59e1cd>] __register_sysctl_table+0xca/0xef0
[<00000000c04f70f7>] 0xffffffffa0050037
[<000000001bd12912>] do_one_initcall+0xdb/0x480
[<0000000064f766c9>] do_init_module+0x1cf/0x680
[<000000002ba52db0>] load_module+0x6441/0x6f20
[<000000009772580d>] __do_sys_finit_module+0x12f/0x1c0
[<00000000380c1f22>] do_syscall_64+0x3f/0x90
[<000000004cf473bc>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
Link: https://lkml.kernel.org/r/41651ca1-432a-db34-eb97-d35744559de1@linux.alibaba.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
27b36ba7c2 |
This is the 5.10.152 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmNeOLQACgkQONu9yGCS aT5iwg/9H+n2ReIVRksj51PM2scTLYY/BqBJorvOPDyJx7pmq8X7wOK2wBxdkoeN 11+SnTEanx8pO0tLx6W+ekl1vf/iOAuHRsroBzNoJxhfMrTwyvh/Nq/vaGtiLr/e PXr0d0SAR/XW0aKz8l3NMHDEmhXJv42ryOuEdGkOcKaOGp50gnPFLHpnbhZWVuWx QlA/ise0uwdUf9aK8VGnoqmvGmFYrspoEmrGdbAPXebzBDEpMM6SZO4FByy7N1+w ZyhkL1I12kXYHa1Apyqp+MTu0bYzXO1Lx0W4Hsnhwad/mA8f9A/hOYRh4h0TEudz Pla9O4qXmmx00UNyWm7nOl9T6y0Q2UbbHBzi1anv9PDeVQLtUgGIjqeaZiQ7usC5 QYbz1pSlfRxLKbKtTGito0+QHVi/u363v+WrlaOA5v2qYKGsR9JCvF24gtMEEuYI jxh13PccgIiT5C1jGiqbKDjBIxY55mBsD/NjC3Bb8lw/3cXhePU2SNECDsJk/X/8 P4OZxAMdgvGUewqB9Qd3WFMrQVIeOxJpIpZlYLVNB8V7CjHPouOh+dZQApqRd6bE alddAVmrI5UCJOTTsNiQgm5caBuhBcLIGe6ihMNCq3UOvOxxbVdYfhA+4kYgsqtV H//XSUOKEA6lRiOov6brui9BL6/hj+UszCxIHxERl1iKX+biGag= =cy7p -----END PGP SIGNATURE----- Merge 5.10.152 into android12-5.10-lts Changes in 5.10.152 ocfs2: clear dinode links count in case of error ocfs2: fix BUG when iput after ocfs2_mknod fails selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() cpufreq: qcom: fix writes in read-only memory region i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter x86/microcode/AMD: Apply the patch early on every logical thread hwmon/coretemp: Handle large core ID value ata: ahci-imx: Fix MODULE_ALIAS ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS cpufreq: qcom: fix memory leak in error path kvm: Add support for arch compat vm ioctls KVM: arm64: vgic: Fix exit condition in scan_its_table() media: mceusb: set timeout to at least timeout provided media: venus: dec: Handle the case where find_format fails block: wbt: Remove unnecessary invoking of wbt_update_limits in wbt_init blk-wbt: call rq_qos_add() after wb_normal is initialized arm64: errata: Remove AES hwcap for COMPAT tasks r8152: add PID for the Lenovo OneLink+ Dock btrfs: fix processing of delayed data refs during backref walking btrfs: fix processing of delayed tree block refs during backref walking ACPI: extlog: Handle multiple records tipc: Fix recognition of trial period tipc: fix an information leak in tipc_topsrv_kern_subscr i40e: Fix DMA mappings leak HID: magicmouse: Do not set BTN_MOUSE on double report sfc: Change VF mac via PF as first preference if available. net/atm: fix proc_mpc_write incorrect return value net: phy: dp83867: Extend RX strap quirk for SGMII mode cifs: Fix xid leak in cifs_copy_file_range() cifs: Fix xid leak in cifs_flock() cifs: Fix xid leak in cifs_ses_add_channel() net: hsr: avoid possible NULL deref in skb_clone() ionic: catch NULL pointer issue on reconfig nvme-hwmon: rework to avoid devm allocation nvme-hwmon: Return error code when registration fails nvme-hwmon: consistently ignore errors from nvme_hwmon_init nvme-hwmon: kmalloc the NVME SMART log buffer net: sched: cake: fix null pointer access issue when cake_init() fails net: sched: delete duplicate cleanup of backlog and qlen net: sched: sfb: fix null pointer access issue when sfb_init() fails sfc: include vport_id in filter spec hash and equal() net: hns: fix possible memory leak in hnae_ae_register() net: sched: fix race condition in qdisc_graft() net: phy: dp83822: disable MDI crossover status change interrupt iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() iommu/vt-d: Clean up si_domain in the init_dmars() error path drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() dmaengine: mxs-dma: Remove the unused .id_table dmaengine: mxs: use platform_driver_register tracing: Simplify conditional compilation code in tracing_set_tracer() tracing: Do not free snapshot if tracer is on cmdline xen: assume XENFEAT_gnttab_map_avail_bits being set for pv guests xen/gntdev: Accommodate VMA splitting mmc: sdhci-tegra: Use actual clock rate for SW tuning correction riscv: Add machine name to kernel boot log and stack dump output riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb perf pmu: Validate raw event with sysfs exported format bits perf: Skip and warn on unknown format 'configN' attrs fcntl: make F_GETOWN(EX) return 0 on dead owner task fcntl: fix potential deadlocks for &fown_struct.lock arm64: dts: qcom: sc7180-trogdor: Fixup modem memory region arm64: topology: move store_cpu_topology() to shared code riscv: topology: fix default topology reporting perf/x86/intel/pt: Relax address filter validation hv_netvsc: Fix race between VF offering and VF association message from host ACPI: video: Force backlight native for more TongFang devices x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB Makefile.debug: re-enable debug info for .S files mmc: core: Add SD card quirk for broken discard blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() mm: /proc/pid/smaps_rollup: fix no vma's null-deref udp: Update reuse->has_conns under reuseport_lock. Linux 5.10.152 Change-Id: I2c75b6fd3ae205968bcc3133ebf71b82ff2a19b6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Joseph Qi
|
0d65f040fd |
ocfs2: fix BUG when iput after ocfs2_mknod fails
commit 759a7c6126eef5635506453e9b9d55a6a3ac2084 upstream. Commit |
||
|
Joseph Qi
|
b838dcfda1 |
ocfs2: clear dinode links count in case of error
commit 28f4821b1b53e0649706912e810c6c232fc506f9 upstream. In ocfs2_mknod(), if error occurs after dinode successfully allocated, ocfs2 i_links_count will not be 0. So even though we clear inode i_nlink before iput in error handling, it still won't wipe inode since we'll refresh inode from dinode during inode lock. So just like clear inode i_nlink, we clear ocfs2 i_links_count as well. Also do the same change for ocfs2_symlink(). Link: https://lkml.kernel.org/r/20221017130227.234480-2-joseph.qi@linux.alibaba.com Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reported-by: Yan Wang <wangyan122@huawei.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
30abcdabf2 |
This is the 5.10.135 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLqR1oACgkQONu9yGCS aT7c0g//U5W0ZFtGtu8Q3LNObmdz1G+JIKveIPIWcBOSK0j6YVL7QgtiUw+wRtyH 53h9Bjopb6aU96ezutOxvmbcbjt7TcbSsDia7j1g3T8lkZHRxog0ym/vKPMxLdzC /LnHzHQu3a0pMiRXVTe3glQEAyZs4QsIlEc+lOIKGPkfFUbtt5s+hxjqDnKyewll jhreE+sIZuJ/z/vQDxJZwIzBAMpmSuSUv7pGOoG8zGkN69at7rzhgodhb1PDHCas o9QmvhUn3XF+QH/ish1slZhRTvpX7/VUEccvrqcw8wjzr1xfmz4v8LYC8fLtJltw 4fVfDjEDq7LZGKlEOQRuzh9IASHn6L+BuYOFevDFy+ud+2xno1DlPhFPRgaE37I3 iRABrNTFET16ow77/SJG6e6n29bSwrS8qKIUI0kBZn3W6Bdv/w5mbpuPiX9AZ7Jq A5eJO6pl+4xE6Ulv94Tdgb5Qnqq5lPKVAFnQC7eCMi8lr0+TrN5s3tWrRrNXBGqh +zC0eiYREA78BnB2PR9QVieilK6D2d9PP7C1n9VqWqHsE7tR3gq3omUu+cym/HGu T1Nv80YPtlj+1PmjCxcKVZbf0FD1hzkjI+h0SX8QqxcHWfzc86UDMK10VVXkPA70 9LGojHibU07tEdvIe0FMgWUbuHCvXDWtJjS2zvNd0V4KZ1sIBJU= =lCsB -----END PGP SIGNATURE----- Merge 5.10.135 into android12-5.10-lts Changes in 5.10.135 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put Revert "ocfs2: mount shared volume without ha stack" ntfs: fix use-after-free in ntfs_ucsncmp() s390/archrandom: prevent CPACF trng invocations in interrupt context nouveau/svm: Fix to migrate all requested pages watch_queue: Fix missing rcu annotation watch_queue: Fix missing locking in add_watch_to_object() tcp: Fix data-races around sysctl_tcp_dsack. tcp: Fix a data-race around sysctl_tcp_app_win. tcp: Fix a data-race around sysctl_tcp_adv_win_scale. tcp: Fix a data-race around sysctl_tcp_frto. tcp: Fix a data-race around sysctl_tcp_nometrics_save. tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save. ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) ice: do not setup vlan for loopback VSI scsi: ufs: host: Hold reference returned by of_parse_phandle() Revert "tcp: change pingpong threshold to 3" tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf. tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. net: ping6: Fix memleak in ipv6_renew_options(). ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr net/tls: Remove the context from the list in tls_device_down igmp: Fix data-races around sysctl_igmp_qrv. net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() tcp: Fix a data-race around sysctl_tcp_min_tso_segs. tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. tcp: Fix a data-race around sysctl_tcp_autocorking. tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. Documentation: fix sctp_wmem in ip-sysctl.rst macsec: fix NULL deref in macsec_add_rxsa macsec: fix error message in macsec_add_rxsa and _txsa macsec: limit replay window size with XPN macsec: always read MACSEC_SA_ATTR_PN as a u64 net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns. tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. tcp: Fix data-races around sysctl_tcp_reflect_tos. i40e: Fix interface init with MSI interrupts (no MSI-X) sctp: fix sleep in atomic context bug in timer handlers netfilter: nf_queue: do not allow packet truncation below transport header offset virtio-net: fix the race between refill work and close perf symbol: Correct address for bss symbols sfc: disable softirqs for ptp TX sctp: leave the err path free in sctp_stream_init to sctp_stream_free ARM: crypto: comment out gcc warning that breaks clang builds page_alloc: fix invalid watermark check on a negative value mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow EDAC/ghes: Set the DIMM label unconditionally docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed xfs: refactor xfs_file_fsync xfs: xfs_log_force_lsn isn't passed a LSN xfs: prevent UAF in xfs_log_item_in_current_chkpt xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes xfs: force the log offline when log intent item recovery fails xfs: hold buffer across unpin and potential shutdown processing xfs: remove dead stale buf unpin handling code xfs: logging the on disk inode LSN can make it go backwards xfs: Enforce attr3 buffer recovery order x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available bpf: Consolidate shared test timing code bpf: Add PROG_TEST_RUN support for sk_lookup programs selftests: bpf: Don't run sk_lookup in verifier tests Linux 5.10.135 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3bcd5c460b652174673d9911710b1904f338d8d8 |
||
|
Junxiao Bi
|
5528990512 |
Revert "ocfs2: mount shared volume without ha stack"
commit c80af0c250c8f8a3c978aa5aafbe9c39b336b813 upstream.
This reverts commit
|
||
|
Greg Kroah-Hartman
|
0e8e989142 |
This is the 5.10.121 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKhrZIACgkQONu9yGCS
aT4bxhAAsahNlwa6uWf6brIeZkHy62w0LrZAEr6+TvO2CHLWwhcKIol5ZjdaJD5y
KX7A839Vcdo5iAk0eNUV2MTigp7YK0f7XH9y/u/L3yNLc9YA4isA9PQhnnPc4R7N
mgkmGT7Oz7BbQydyDiLvSwtXJDxBMOzCDTF3/4/42PsdmRmPzLBxzoTpH8wcY4vG
jwGyiyUjUVWAF99uHo0O/Yp8sw8UvudpOX+lbKed76V+fXsbH0PYk1yMMJfWhZ60
TrFh1dmZY7j2bW0+F7rkVPXVGeQGyOlLSUVSFWlugJ8qvxVNpAItjcBUXZ+nChGe
O25/5UiaBHprTIoms05yG1jPZtBbAO2MgLhw6zBCOySBr/e0bligNfJWpjt5D6H3
17+CQ1QeaL9BlzcYr4Ug/y60o2CkfUc/vr2CEQRQBRgj1gjsFWwBI4HVdO982fKC
QClnC55h1wYDsjSJ6Z4l4TKBuEN8rV9D3RfdIaPex5C6JJMAoUNeAojCL+6iyuem
ODSIufKm1I1eHeIS49+tw0Uu4jiAtn9RJfR4+uiV8zftfrDZ1qM/RPuHZTsE9wAl
3jHx6+8mT8NYjxb9Omn4Dp3aOl7Fcx/vPxx9uoj8YjrJtQ3L0EGgCnk0djmMi0b3
sBdKw15ftoJvNNrhQaLiCo+0M3XkcUUBk37ttNuIo4lvqIY23RE=
=piEC
-----END PGP SIGNATURE-----
Merge 5.10.121 into android12-5.10-lts
Changes in 5.10.121
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
parisc/stifb: Implement fb_is_primary_device()
riscv: Initialize thread pointer before calling C functions
riscv: Fix irq_work when SMP is disabled
ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
USB: serial: option: add Quectel BG95 modem
USB: new quirk for Dell Gen 2 devices
usb: dwc3: gadget: Move null pinter check to proper place
usb: core: hcd: Add support for deferring roothub registration
cifs: when extending a file with falloc we should make files not-sparse
xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
Fonts: Make font size unsigned in font_desc
parisc/stifb: Keep track of hardware path of graphics card
x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
perf/x86/intel: Fix event constraints for ICL
ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
btrfs: add "0x" prefix for unsupported optional features
btrfs: repair super block num_devices automatically
iommu/vt-d: Add RPLS to quirk list to skip TE disabling
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
b43legacy: Fix assigning negative value to unsigned variable
b43: Fix assigning negative value to unsigned variable
ipw2x00: Fix potential NULL dereference in libipw_xmit()
ipv6: fix locking issues with loops over idev->addr_list
fbcon: Consistently protect deferred_takeover with console_lock()
x86/platform/uv: Update TSC sync state for UV5
ACPICA: Avoid cache flush inside virtual machines
drm/komeda: return early if drm_universal_plane_init() fails.
rcu-tasks: Fix race in schedule and flush work
rcu: Make TASKS_RUDE_RCU select IRQ_WORK
sfc: ef10: Fix assigning negative value to unsigned variable
ALSA: jack: Access input_dev under mutex
spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
tools/power turbostat: fix ICX DRAM power numbers
drm/amd/pm: fix double free in si_parse_power_table()
ath9k: fix QCA9561 PA bias level
media: venus: hfi: avoid null dereference in deinit
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: cx25821: Fix the warning when removing the module
md/bitmap: don't set sb values if can't pass sanity check
mmc: jz4740: Apply DMA engine limits to maximum segment size
drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
scsi: megaraid: Fix error check return value of register_chrdev()
scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
ath11k: disable spectral scan during spectral deinit
ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
drm/plane: Move range check for format_count earlier
drm/amd/pm: fix the compile warning
ath10k: skip ath10k_halt during suspend for driver state RESTARTING
arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
drm: msm: fix error check return value of irq_of_parse_and_map()
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
net/mlx5: fs, delete the FTE when there are no rules attached to it
ASoC: dapm: Don't fold register value changes into notifications
mlxsw: spectrum_dcb: Do not warn about priority changes
mlxsw: Treat LLDP packets as control
drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
HID: bigben: fix slab-out-of-bounds Write in bigben_probe
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
net: remove two BUG() from skb_checksum_help()
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
perf/amd/ibs: Cascade pmu init functions' return value
spi: stm32-qspi: Fix wait_cmd timeout in APM mode
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
ipmi:ssif: Check for NULL msg when handling events and messages
ipmi: Fix pr_fmt to avoid compilation issues
rtlwifi: Use pr_warn instead of WARN_ONCE
media: rga: fix possible memory leak in rga_probe
media: coda: limit frame interval enumeration to supported encoder frame sizes
media: imon: reorganize serialization
media: cec-adap.c: fix is_configuring state
openrisc: start CPU timer early in boot
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
ASoC: rt5645: Fix errorenous cleanup order
nbd: Fix hung on disconnect request if socket is closed before
net: phy: micrel: Allow probing without .driver_data
media: exynos4-is: Fix compile warning
ASoC: max98357a: remove dependency on GPIOLIB
ASoC: rt1015p: remove dependency on GPIOLIB
can: mcp251xfd: silence clang's -Wunaligned-access warning
x86/microcode: Add explicit CPU vendor dependency
m68k: atari: Make Atari ROM port I/O write macros return void
rxrpc: Return an error to sendmsg if call failed
rxrpc, afs: Fix selection of abort codes
eth: tg3: silence the GCC 12 array-bounds warning
selftests/bpf: fix btf_dump/btf_dump due to recent clang change
gfs2: use i_lock spin_lock for inode qadata
IB/rdmavt: add missing locks in rvt_ruc_loopback
ARM: dts: ox820: align interrupt controller node name with dtschema
ARM: dts: s5pv210: align DMA channels with dtschema
arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
PM / devfreq: rk3399_dmc: Disable edev on remove()
crypto: ccree - use fine grained DMA mapping dir
soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
powerpc/fadump: Fix fadump to work with a different endian capture kernel
fat: add ratelimit to fat*_ent_bread()
pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
ARM: versatile: Add missing of_node_put in dcscb_init
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: hisi: Add missing of_node_put after of_find_compatible_node
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
powerpc/xics: fix refcount leak in icp_opal_init()
powerpc/powernv: fix missing of_node_put in uv_init()
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
RDMA/hfi1: Prevent panic when SDMA is disabled
drm: fix EDID struct for old ARM OABI format
dt-bindings: display: sitronix, st7735r: Fix backlight in example
ath11k: acquire ab->base_lock in unassign when finding the peer by addr
ath9k: fix ar9003_get_eepmisc
drm/edid: fix invalid EDID extension block filtering
drm/bridge: adv7511: clean up CEC adapter when probe fails
spi: qcom-qspi: Add minItems to interconnect-names
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
x86/delay: Fix the wrong asm constraint in delay_loop()
drm/ingenic: Reset pixclock rate when parent clock rate changes
drm/mediatek: Fix mtk_cec_mask()
drm/vc4: hvs: Reset muxes at probe time
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/vc4: txp: Force alpha to be 0xff if it's disabled
libbpf: Don't error out on CO-RE relos for overriden weak subprogs
bpf: Fix excessive memory allocation in stack_map_alloc()
nl80211: show SSID for P2P_GO interfaces
drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
drm: mali-dp: potential dereference of null pointer
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
scftorture: Fix distribution of short handler delays
net: dsa: mt7530: 1G can also support 1000BASE-X link mode
NFC: NULL out the dev->rfkill to prevent UAF
efi: Add missing prototype for efi_capsule_setup_info
target: remove an incorrect unmap zeroes data deduction
drbd: fix duplicate array initializer
EDAC/dmc520: Don't print an error for each unconfigured interrupt line
mtd: rawnand: denali: Use managed device resources
HID: hid-led: fix maximum brightness for Dream Cheeky
HID: elan: Fix potential double free in elan_input_configured
drm/bridge: Fix error handling in analogix_dp_probe
sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
spi: img-spfi: Fix pm_runtime_get_sync() error checking
cpufreq: Fix possible race in cpufreq online error path
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
media: hantro: Empty encoder capture buffers by default
drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
inotify: show inotify mask flags in proc fdinfo
fsnotify: fix wrong lockdep annotations
of: overlay: do not break notify on NOTIFY_{OK|STOP}
drm/msm/dpu: adjust display_v_end for eDP and DP
scsi: ufs: qcom: Fix ufs_qcom_resume()
scsi: ufs: core: Exclude UECxx from SFR dump list
selftests/resctrl: Fix null pointer dereference on open failed
libbpf: Fix logic for finding matching program for CO-RE relocation
mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check()
x86/pm: Fix false positive kmemleak report in msr_build_context()
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
ASoC: rk3328: fix disabling mclk on pclk probe failure
perf tools: Add missing headers needed by util/data.h
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
drm/msm/dp: stop event kernel thread when DP unbind
drm/msm/dp: fix error check return value of irq_of_parse_and_map()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
drm/msm: add missing include to msm_drv.c
drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
perf tools: Use Python devtools for version autodetection rather than runtime
virtio_blk: fix the discard_granularity and discard_alignment queue limits
x86: Fix return value of __setup handlers
irqchip/exiu: Fix acknowledgment of edge triggered interrupts
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
arm64: fix types in copy_highpage()
regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
drm/msm/dp: fix event thread stuck in wait_event after kthread_stop()
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
media: uvcvideo: Fix missing check to determine if element is found in list
iomap: iomap_write_failed fix
spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
Revert "cpufreq: Fix possible race in cpufreq online error path"
regulator: qcom_smd: Fix up PM8950 regulator configuration
perf/amd/ibs: Use interrupt regs ip for stack unwinding
ath11k: Don't check arvif->is_started before sending management frames
ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: samsung: Use dev_err_probe() helper
ASoC: samsung: Fix refcount leak in aries_audio_probe
kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
scripts/faddr2line: Fix overlapping text section failures
media: aspeed: Fix an error handling path in aspeed_video_probe()
media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
media: st-delta: Fix PM disable depth imbalance in delta_probe
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: vsp1: Fix offset calculation for plane cropping
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
Bluetooth: Interleave with allowlist scan
Bluetooth: L2CAP: Rudimentary typo fixes
Bluetooth: LL privacy allow RPA
Bluetooth: use inclusive language in HCI role comments
Bluetooth: use inclusive language when filtering devices
Bluetooth: use hdev lock for accept_list and reject_list in conn req
nvme: set dma alignment to dword
m68k: math-emu: Fix dependencies of math emulation support
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init
ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
media: ov7670: remove ov7670_power_off from ov7670_remove
media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource()
media: rkvdec: h264: Fix dpb_valid implementation
media: rkvdec: h264: Fix bit depth wrap in pps packet
ext4: reject the 'commit' option on ext2 filesystems
drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
x86/sev: Annotate stack change in the #VC handler
drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
drm/i915: Fix CFI violation with show_dynamic_id()
thermal/drivers/bcm2711: Don't clamp temperature at zero
thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
thermal/drivers/core: Use a char pointer for the cooling device name
thermal/core: Fix memory leak in __thermal_cooling_device_register()
thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
net: stmmac: selftests: Use kcalloc() instead of kzalloc()
net: stmmac: fix out-of-bounds access in a selftest
hv_netvsc: Fix potential dereference of NULL pointer
rxrpc: Fix listen() setting the bar too high for the prealloc rings
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix overlapping ACK accounting
rxrpc: Don't let ack.previousPacket regress
rxrpc: Fix decision on when to generate an IDLE ACK
net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc()
hinic: Avoid some over memory allocation
net/smc: postpone sk_refcnt increment in connect()
arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
memory: samsung: exynos5422-dmc: Avoid some over memory allocation
ARM: dts: suniv: F1C100: fix watchdog compatible
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
PCI: cadence: Fix find_first_zero_bit() limit
PCI: rockchip: Fix find_first_zero_bit() limit
PCI: dwc: Fix setting error return on MSI DMA mapping failure
ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks
soc: qcom: llcc: Add MODULE_DEVICE_TABLE()
KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault
platform/chrome: cros_ec: fix error handling in cros_ec_register()
ARM: dts: imx6dl-colibri: Fix I2C pinmuxing
platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls
can: xilinx_can: mark bit timing constants as const
ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
misc: ocxl: fix possible double free in ocxl_file_register_afu
crypto: marvell/cesa - ECB does not IV
gpiolib: of: Introduce hook for missing gpio-ranges
pinctrl: bcm2835: implement hook for missing gpio-ranges
arm: mediatek: select arch timer for mt7629
powerpc/fadump: fix PT_LOAD segment for boot memory area
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
nvdimm: Fix firmware activation deadlock scenarios
nvdimm: Allow overwrite in the presence of disabled dimms
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
drivers/base/node.c: fix compaction sysfs file leak
dax: fix cache flush on PMD-mapped pages
drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block()
powerpc/8xx: export 'cpm_setbrg' for modules
pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
powerpc/idle: Fix return value of __setup() handler
powerpc/4xx/cpm: Fix return value of __setup() handler
ASoC: atmel-pdmic: Remove endianness flag on pdmic component
ASoC: atmel-classd: Remove endianness flag on class d component
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
PCI: imx6: Fix PERST# start-up sequence
tty: fix deadlock caused by calling printk() under tty_port->lock
crypto: sun8i-ss - rework handling of IV
crypto: sun8i-ss - handle zero sized sg
crypto: cryptd - Protect per-CPU resource by disabling BH.
Input: sparcspkr - fix refcount leak in bbc_beep_probe
PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits
hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume()
powerpc/64: Only WARN if __pa()/__va() called with bad addresses
powerpc/perf: Fix the threshold compare group constraint for power9
macintosh: via-pmu and via-cuda need RTC_LIB
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
mailbox: forward the hrtimer if not queued and under a lock
RDMA/hfi1: Prevent use of lock before it is initialized
Input: stmfts - do not leave device disabled in stmfts_input_open
OPP: call of_node_put() on error path in _bandwidth_supported()
f2fs: fix dereference of stale list iterator after loop body
iommu/mediatek: Add list_del in mtk_iommu_remove
i2c: at91: use dma safe buffers
cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init
cpufreq: mediatek: Use module_init and add module_exit
cpufreq: mediatek: Unregister platform device on exit
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon
i2c: at91: Initialize dma_buf in at91_twi_xfer()
dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
NFS: Do not report EINTR/ERESTARTSYS as mapping errors
NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS
NFS: Do not report flush errors in nfs_write_end()
NFS: Don't report errors from nfs_pageio_complete() more than once
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
dmaengine: stm32-mdma: remove GISR1 register
dmaengine: stm32-mdma: rework interrupt handler
dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler()
iommu/amd: Increase timeout waiting for GA log enablement
i2c: npcm: Fix timeout calculation
i2c: npcm: Correct register access width
i2c: npcm: Handle spurious interrupts
i2c: rcar: fix PM ref counts in probe error paths
perf c2c: Use stdio interface if slang is not supported
perf jevents: Fix event syntax error caused by ExtSel
f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
f2fs: fix to clear dirty inode in f2fs_evict_inode()
f2fs: fix deadloop in foreground GC
f2fs: don't need inode lock for system hidden quota
f2fs: fix to do sanity check on total_data_blocks
f2fs: fix fallocate to use file_modified to update permissions consistently
f2fs: fix to do sanity check for inline inode
wifi: mac80211: fix use-after-free in chanctx code
iwlwifi: mvm: fix assert 1F04 upon reconfig
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
efi: Do not import certificates from UEFI Secure Boot for T2 Macs
bfq: Split shared queues on move between cgroups
bfq: Update cgroup information before merging bio
bfq: Track whether bfq_group is still online
ext4: fix use-after-free in ext4_rename_dir_prepare
ext4: fix warning in ext4_handle_inode_extension
ext4: fix bug_on in ext4_writepages
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
ext4: fix bug_on in __es_tree_search
ext4: verify dir block before splitting it
ext4: avoid cycles in directory h-tree
ACPI: property: Release subnode properties with data nodes
tracing: Fix potential double free in create_var_ref()
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
PCI: qcom: Fix runtime PM imbalance on probe errors
PCI: qcom: Fix unbalanced PHY init on probe errors
mm, compaction: fast_find_migrateblock() should return pfn in the target zone
s390/perf: obtain sie_block from the right address
dlm: fix plock invalid read
dlm: fix missing lkb refcount handling
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
scsi: dc395x: Fix a missing check on list iterator
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/i915/dsi: fix VBT send packet port selection for ICL+
md: fix an incorrect NULL check in does_sb_need_changing
md: fix an incorrect NULL check in md_reload_sb
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
media: coda: Fix reported H264 profile
media: coda: Add more H264 levels for CODA960
ima: remove the IMA_TEMPLATE Kconfig option
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
RDMA/hfi1: Fix potential integer multiplication overflow errors
csky: patch_text: Fixup last cpu should be master
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
irqchip: irq-xtensa-mx: fix initial IRQ affinity
cfg80211: declare MODULE_FIRMWARE for regulatory.db
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
um: chan_user: Fix winch_tramp() return value
um: Fix out-of-bounds read in LDT setup
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
ftrace: Clean up hash direct_functions on register failures
iommu/msm: Fix an incorrect NULL check on list iterator
nodemask.h: fix compilation error with GCC12
hugetlb: fix huge_pmd_unshare address update
xtensa/simdisk: fix proc_read_simdisk()
rtl818x: Prevent using not initialized queues
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
carl9170: tx: fix an incorrect use of list iterator
stm: ltdc: fix two incorrect NULL checks on list iterator
bcache: improve multithreaded bch_btree_check()
bcache: improve multithreaded bch_sectors_dirty_init()
bcache: remove incremental dirty sector counting for bch_sectors_dirty_init()
bcache: avoid journal no-space deadlock by reserving 1 journal bucket
serial: pch: don't overwrite xmit->buf[0] by x_char
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
gma500: fix an incorrect NULL check on list iterator
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
phy: qcom-qmp: fix struct clk leak on probe errors
ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
ARM: pxa: maybe fix gpio lookup tables
SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
dt-bindings: gpio: altera: correct interrupt-cells
vdpasim: allow to enable a vq repeatedly
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
coresight: core: Fix coresight device probe failure issue
phy: qcom-qmp: fix reset-controller leak on probe errors
net: ipa: fix page free in ipa_endpoint_trans_release()
net: ipa: fix page free in ipa_endpoint_replenish_one()
xfs: set inode size after creating symlink
xfs: sync lazy sb accounting on quiesce of read-only mounts
xfs: fix chown leaking delalloc quota blocks when fssetxattr fails
xfs: fix incorrect root dquot corruption error when switching group/project quota types
xfs: restore shutdown check in mapped write fault path
xfs: force log and push AIL to clear pinned inodes when aborting mount
xfs: consider shutdown in bmapbt cursor delete assert
xfs: assert in xfs_btree_del_cursor should take into account error
kseltest/cgroup: Make test_stress.sh work if run interactively
thermal/core: fix a UAF bug in __thermal_cooling_device_register()
thermal/core: Fix memory leak in the error path
bfq: Avoid merging queues with different parents
bfq: Drop pointless unlock-lock pair
bfq: Remove pointless bfq_init_rq() calls
bfq: Get rid of __bio_blkcg() usage
bfq: Make sure bfqg for which we are queueing requests is online
block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
Revert "random: use static branch for crng_ready()"
RDMA/rxe: Generate a completion for unsupported/invalid opcode
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
MIPS: IP30: Remove incorrect `cpu_has_fpu' override
ext4: only allow test_dummy_encryption when supported
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
Linux 5.10.121
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I52dd11dc43acfa0ebddd2b6e277c823b96b07327
|
||
|
Junxiao Bi via Ocfs2-devel
|
337e365507 |
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
commit 863e0d81b6683c4cbc588ad831f560c90e494bef upstream. When user_dlm_destroy_lock failed, it didn't clean up the flags it set before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of lock is still in used, next time when unlink invokes this function, it will return succeed, and then unlink will remove inode and dentry if lock is not in used(file closed), but the dlm lock is still linked in dlm lock resource, then when bast come in, it will trigger a panic due to user-after-free. See the following panic call trace. To fix this, USER_LOCK_IN_TEARDOWN should be reverted if fail. And also error should be returned if USER_LOCK_IN_TEARDOWN is set to let user know that unlink fail. For the case of ocfs2_dlm_unlock failure, besides USER_LOCK_IN_TEARDOWN, USER_LOCK_BUSY is also required to be cleared. Even though spin lock is released in between, but USER_LOCK_IN_TEARDOWN is still set, for USER_LOCK_BUSY, if before every place that waits on this flag, USER_LOCK_IN_TEARDOWN is checked to bail out, that will make sure no flow waits on the busy flag set by user_dlm_destroy_lock(), then we can simplely revert USER_LOCK_BUSY when ocfs2_dlm_unlock fails. Fix user_dlm_cluster_lock() which is the only function not following this. [ 941.336392] (python,26174,16):dlmfs_unlink:562 ERROR: unlink 004fb0000060000b5a90b8c847b72e1, error -16 from destroy [ 989.757536] ------------[ cut here ]------------ [ 989.757709] kernel BUG at fs/ocfs2/dlmfs/userdlm.c:173! [ 989.757876] invalid opcode: 0000 [#1] SMP [ 989.758027] Modules linked in: ksplice_2zhuk2jr_ib_ipoib_new(O) ksplice_2zhuk2jr(O) mptctl mptbase xen_netback xen_blkback xen_gntalloc xen_gntdev xen_evtchn cdc_ether usbnet mii ocfs2 jbd2 rpcsec_gss_krb5 auth_rpcgss nfsv4 nfsv3 nfs_acl nfs fscache lockd grace ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs bnx2fc fcoe libfcoe libfc scsi_transport_fc sunrpc ipmi_devintf bridge stp llc rds_rdma rds bonding ib_sdp ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm falcon_lsm_serviceable(PE) falcon_nf_netcontain(PE) mlx4_vnic falcon_kal(E) falcon_lsm_pinned_13402(E) mlx4_ib ib_sa ib_mad ib_core ib_addr xenfs xen_privcmd dm_multipath iTCO_wdt iTCO_vendor_support pcspkr sb_edac edac_core i2c_i801 lpc_ich mfd_core ipmi_ssif i2c_core ipmi_si ipmi_msghandler [ 989.760686] ioatdma sg ext3 jbd mbcache sd_mod ahci libahci ixgbe dca ptp pps_core vxlan udp_tunnel ip6_udp_tunnel megaraid_sas mlx4_core crc32c_intel be2iscsi bnx2i cnic uio cxgb4i cxgb4 cxgb3i libcxgbi ipv6 cxgb3 mdio libiscsi_tcp qla4xxx iscsi_boot_sysfs libiscsi scsi_transport_iscsi wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ksplice_2zhuk2jr_ib_ipoib_old] [ 989.761987] CPU: 10 PID: 19102 Comm: dlm_thread Tainted: P OE 4.1.12-124.57.1.el6uek.x86_64 #2 [ 989.762290] Hardware name: Oracle Corporation ORACLE SERVER X5-2/ASM,MOTHERBOARD,1U, BIOS 30350100 06/17/2021 [ 989.762599] task: ffff880178af6200 ti: ffff88017f7c8000 task.ti: ffff88017f7c8000 [ 989.762848] RIP: e030:[<ffffffffc07d4316>] [<ffffffffc07d4316>] __user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs] [ 989.763185] RSP: e02b:ffff88017f7cbcb8 EFLAGS: 00010246 [ 989.763353] RAX: 0000000000000000 RBX: ffff880174d48008 RCX: 0000000000000003 [ 989.763565] RDX: 0000000000120012 RSI: 0000000000000003 RDI: ffff880174d48170 [ 989.763778] RBP: ffff88017f7cbcc8 R08: ffff88021f4293b0 R09: 0000000000000000 [ 989.763991] R10: ffff880179c8c000 R11: 0000000000000003 R12: ffff880174d48008 [ 989.764204] R13: 0000000000000003 R14: ffff880179c8c000 R15: ffff88021db7a000 [ 989.764422] FS: 0000000000000000(0000) GS:ffff880247480000(0000) knlGS:ffff880247480000 [ 989.764685] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 989.764865] CR2: ffff8000007f6800 CR3: 0000000001ae0000 CR4: 0000000000042660 [ 989.765081] Stack: [ 989.765167] 0000000000000003 ffff880174d48040 ffff88017f7cbd18 ffffffffc07d455f [ 989.765442] ffff88017f7cbd88 ffffffff816fb639 ffff88017f7cbd38 ffff8800361b5600 [ 989.765717] ffff88021db7a000 ffff88021f429380 0000000000000003 ffffffffc0453020 [ 989.765991] Call Trace: [ 989.766093] [<ffffffffc07d455f>] user_bast+0x5f/0xf0 [ocfs2_dlmfs] [ 989.766287] [<ffffffff816fb639>] ? schedule_timeout+0x169/0x2d0 [ 989.766475] [<ffffffffc0453020>] ? o2dlm_lock_ast_wrapper+0x20/0x20 [ocfs2_stack_o2cb] [ 989.766738] [<ffffffffc045303a>] o2dlm_blocking_ast_wrapper+0x1a/0x20 [ocfs2_stack_o2cb] [ 989.767010] [<ffffffffc0864ec6>] dlm_do_local_bast+0x46/0xe0 [ocfs2_dlm] [ 989.767217] [<ffffffffc084f5cc>] ? dlm_lockres_calc_usage+0x4c/0x60 [ocfs2_dlm] [ 989.767466] [<ffffffffc08501f1>] dlm_thread+0xa31/0x1140 [ocfs2_dlm] [ 989.767662] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.767834] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810 [ 989.768006] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.768178] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810 [ 989.768349] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.768521] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810 [ 989.768693] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.768893] [<ffffffff816f78ce>] ? __schedule+0x23e/0x810 [ 989.769067] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.769241] [<ffffffff810ce4d0>] ? wait_woken+0x90/0x90 [ 989.769411] [<ffffffffc084f7c0>] ? dlm_kick_thread+0x80/0x80 [ocfs2_dlm] [ 989.769617] [<ffffffff810a8bbb>] kthread+0xcb/0xf0 [ 989.769774] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.769945] [<ffffffff816f78da>] ? __schedule+0x24a/0x810 [ 989.770117] [<ffffffff810a8af0>] ? kthread_create_on_node+0x180/0x180 [ 989.770321] [<ffffffff816fdaa1>] ret_from_fork+0x61/0x90 [ 989.770492] [<ffffffff810a8af0>] ? kthread_create_on_node+0x180/0x180 [ 989.770689] Code: d0 00 00 00 f0 45 7d c0 bf 00 20 00 00 48 89 83 c0 00 00 00 48 89 83 c8 00 00 00 e8 55 c1 8c c0 83 4b 04 10 48 83 c4 08 5b 5d c3 <0f> 0b 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 55 41 54 53 48 83 [ 989.771892] RIP [<ffffffffc07d4316>] __user_dlm_queue_lockres.part.4+0x76/0x80 [ocfs2_dlmfs] [ 989.772174] RSP <ffff88017f7cbcb8> [ 989.772704] ---[ end trace ebd1e38cebcc93a8 ]--- [ 989.772907] Kernel panic - not syncing: Fatal exception [ 989.773173] Kernel Offset: disabled Link: https://lkml.kernel.org/r/20220518235224.87100-2-junxiao.bi@oracle.com Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Joseph Qi <jiangqi903@gmail.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
644c989f41 |
This is the 5.10.108 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmI61q4ACgkQONu9yGCS aT7sPg/+IHk8dls5SX0C1/JPhQIQP6Ui0wVwjVz7B+0PgAc7TWuJSLJ5mMIO/ksN 2t05og0USEli2tzJSf+DFJrrg6tfsnNk+Y7v6NUj2dLIdiPzLvQZaBxpWLbNdfbn xD6RMRFK5Uz2Gab3La9VDcBETZzDbnOmytsiZPnCrT8ELmcXWMc1Gt4GbFQRlUDX J0XIjnFIwNZpt7TZxjIoxxnrGZ6McN8/ehMaOJA/n7/dAtCBs/5x/9+fJ25/WAuN BwxGOn5NP8V0HA8Vg/imOfTiopYohzCZNARzcBfJTURGX2fs3eYC/JJlmZ6vsv9J MmfAicCsrdSjDFn2vrBe5M4JmKsceOzUkr4VnmWeN88+kRnC1CKdppiEo7ucnk3M vVdrEThVAWEa+1Q8zx4tp0UJeoqk5c+WM9jxt55BTXtHzCsHgB0WKbANCKQ7ciO4 7GfWLaTDCXMea4H4LwtqoTmapQYzyfHe6KFKeIRcd7zbnmQJJzbMYC61zBQ9ecoQ VXZf4bzttMo4bZXW8d5CL6DFD8bZXjQl9giV76t5Vzw/XEWHFtcrrgrr8jtNZw0F sKS7d7aC5r3WRIOkxQkM3TgNjpA2cNQoLffjV0rDc5IHaMPb1phIh8UpA3Je7brH MK4ldSF93As8qNETvnj4wTSwiadS1icLIFvarSqeNUECpHviSOg= =TV2r -----END PGP SIGNATURE----- Merge 5.10.108 into android12-5.10-lts Changes in 5.10.108 crypto: qcom-rng - ensure buffer for generate is completely filled ocfs2: fix crash when initialize filecheck kobj fails mm: swap: get rid of livelock in swapin readahead efi: fix return value of __setup handlers vsock: each transport cycles only on its own sockets esp6: fix check on ipv6_skip_exthdr's return value net: phy: marvell: Fix invalid comparison in the resume and suspend functions net/packet: fix slab-out-of-bounds access in packet_recvmsg() atm: eni: Add check for dma_map_single hv_netvsc: Add check for kvmalloc_array drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() net: dsa: Add missing of_node_put() in dsa_port_parse_of net: phy: mscc: Add MODULE_FIRMWARE macros bnx2x: fix built-in kernel driver load failure net: bcmgenet: skip invalid partial checksums net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload arm64: fix clang warning about TRAMP_VALIAS usb: gadget: rndis: prevent integer overflow in rndis_set_response() usb: gadget: Fix use-after-free bug by not setting udc->dev.driver usb: usbtmc: Fix bug in pipe direction for control transfers scsi: mpt3sas: Page fault in reply q processing Input: aiptek - properly check endpoint type perf symbols: Fix symbol size calculation condition net: usb: Correct PHY handling of smsc95xx net: usb: Correct reset handling of smsc95xx smsc95xx: Ignore -ENODEV errors when device is unplugged esp: Fix possible buffer overflow in ESP transformation Revert "selftests/bpf: Add test for bpf_timer overwriting crash" Linux 5.10.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I618f4ec34bfcb8c11821276c5105c46d3aace78c |
||
|
Joseph Qi
|
df3301dc60 |
ocfs2: fix crash when initialize filecheck kobj fails
commit 7b0b1332cfdb94489836b67d088a779699f8e47e upstream.
Once s_root is set, genric_shutdown_super() will be called if
fill_super() fails. That means, we will call ocfs2_dismount_volume()
twice in such case, which can lead to kernel crash.
Fix this issue by initializing filecheck kobj before setting s_root.
Link: https://lkml.kernel.org/r/20220310081930.86305-1-joseph.qi@linux.alibaba.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
0b4470b56e |
This is the 5.10.96 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmH5XyEACgkQONu9yGCS
aT7z0xAAmnpQ4KYDjmIJW/QjwHMk26wAZGs+w5UbtaFokqqpMuloeNj1HJdpt9gq
JG6A7Yz2tqXvd+4BzS+XKimqo8CXXbVx5zLhk5lkJE7NTAJN0hP4uvzuBjNFyE+V
p35aCsBNnMJpjimp+B2c0WuUJX++/n0olBpVzAr1/kwwkz/KODyK8D++S8E+y3Fv
gkDt3CYJ8E2XPCEQfPHd5blWav0cmyR/O3qViWPuakg1zQ2xxKVjuIAVBuwlBJfB
zRnnsM9qy3b+h/x43aX++5vucZgDF4BZXJ63kIkkAfe2quqGC683NyjTjOfGLHSW
bDaVO7IK69tDNznE3jjoLoQ66+soUgvAS5kVYL6sQ7DW8ObghYnD6xfw7J1npva3
//SZgkC8ifgucLn/ERK5R5mQNmiKYeoukUYSLLB0eG2aYvtQkaChL98t7O9Js1fH
sZOf4a9SpAnyHQKv6PMV6rsIxE0rkuAqeBVuerOjknjFLbkdPDTijk5GeER3+C+j
0Ihud+n+HrTRrw7wZOOosPrMVoXNy2LPxphFpsrpFt5QFYu3q24QefwL/EWI1Y4W
gC3VBqIQS/otZ2aCYlIiPZls38UoQxdWS2pgG5aUOKX7iHduzMkTOYZzq4aYOBws
Oo+2rl7tzWirrYeIkSLvmwW3BsluQGOvul1IwGk9m1nZ1PDdUIw=
=39jp
-----END PGP SIGNATURE-----
Merge 5.10.96 into android12-5.10-lts
Changes in 5.10.96
Bluetooth: refactor malicious adv data check
media: venus: core: Drop second v4l2 device unregister
net: sfp: ignore disabled SFP node
net: stmmac: skip only stmmac_ptp_register when resume from suspend
s390/module: fix loading modules with a lot of relocations
s390/hypfs: include z/VM guests with access control group set
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
PM: wakeup: simplify the output logic of pm_show_wakelocks()
tracing/histogram: Fix a potential memory leak for kstrdup()
tracing: Don't inc err_log entry count if entry allocation fails
ceph: properly put ceph_string reference after async create attempt
ceph: set pool_ns in new inode layout for async creates
fsnotify: fix fsnotify hooks in pseudo filesystems
Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
drm/etnaviv: relax submit size limits
KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
arm64: errata: Fix exec handling in erratum
|
||
|
Joseph Qi
|
afbde455eb |
ocfs2: fix a deadlock when commit trans
commit ddf4b773aa40790dfa936bd845c18e735a49c61c upstream. commit 6f1b228529ae introduces a regression which can deadlock as follows: Task1: Task2: jbd2_journal_commit_transaction ocfs2_test_bg_bit_allocatable spin_lock(&jh->b_state_lock) jbd_lock_bh_journal_head __jbd2_journal_remove_checkpoint spin_lock(&jh->b_state_lock) jbd2_journal_put_journal_head jbd_lock_bh_journal_head Task1 and Task2 lock bh->b_state and jh->b_state_lock in different order, which finally result in a deadlock. So use jbd2_journal_[grab|put]_journal_head instead in ocfs2_test_bg_bit_allocatable() to fix it. Link: https://lkml.kernel.org/r/20220121071205.100648-3-joseph.qi@linux.alibaba.com Fixes: 6f1b228529ae ("ocfs2: fix race between searching chunks and release journal_head from buffer_head") Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reported-by: Gautham Ananthakrishna <gautham.ananthakrishna@oracle.com> Tested-by: Gautham Ananthakrishna <gautham.ananthakrishna@oracle.com> Reported-by: Saeed Mirzamohammadi <saeed.mirzamohammadi@oracle.com> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jun Piao <piaojun@huawei.com> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |