Export arch_vma_name, _vm_normal_page, pmd_clear_bad,
__pmd_trans_huge_lock functions. Allow vendor modules perform more
operations on memleak detect and debug. It can detect multiple types
of memleak,such as Native,ION,Slub and Vmalloc. Shows detail size of
memleak, and shows the stack.
Bug: 379962310
Bug: 365506692
Bug: 342305999
Change-Id: I118efa570e660d0696bf081d00b670760d01bec1
Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com>
(cherry picked from commit 21e76b82444db3635eacb360f0d0206a069de4a8)
(cherry picked from commit ce0653fd2cb3b91553870938edd1b854c4975c72)
These hooks are designed to set or clear OEM reserved pageflags when the
memory state may change.
Bug: 336964184
Change-Id: I9cb288ef6eef7a719d4f4748d6b71010645b7d50
Signed-off-by: Xiaofeng Yuan <yuanxiaofeng@vivo.com>
In 582c6d188ec1 ("ANDROID: userfaultfd: allow SPF for
UFFD_FEATURE_SIGBUS on private+anon"), we allowed userfaultfd
registered VMAs using SIGBUS to be handled with SPF. But during
page-fault handling, before userfaultfd_ctx is dereferenced,
another thread may call userfaultfd_release(), unlink the VMA
and then deallocate the same userfaultfd_ctx, leaving a dangling
pointer behind for dereference.
It is insufficient to do the access under rcu read-lock as the context
may have been deallocated before entering the critical section. Checking
vma has not changed in the critical section ensures we are not looking at
dangling pointer to userfaultfd_ctx.
Change-Id: I9c3ba0f1352e49f0ea387b92c18b5f1b5dcad7f1
Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>
Bug: 349936398
(cherry picked from commit c75b369e72da0283a20f794c0070c478b490f453)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmYaZdgACgkQONu9yGCS
aT4oMxAA0pATFAq8RN5f9CmYlMg5HqHgzZ8lJv8P0/reOINhUa+F5sJb1n+x+Ch4
WQbmiFeZRzfsKZ2qKhIdNR0Lg+9JOr/DtYXdSBZ6InfSWrTAIrQ9fjl5Warkmcgg
O4WbgF5BVgU3vGFATgxLvnUZwhR1D7WK93oMDunzrT7+OqyncU3f1Uj53ZAu9030
z18UNqnTxDLYH/CMGwAeRkaZqBev9gZ1HdgQWA27SVLqWQwZq0al81Cmlo+ECVmk
5dF6V2pid4qfKGJjDDfx1NS0PVnoP68iK4By1SXyoFV9VBiSwp77nUUyDr7YsHsT
u8GpZHr9jZvSO5/xtKv20NPLejTPCRKc06CbkwpikDRtGOocBL8em0GuVqlf8hMs
KwDb6ZEzYhXZGPJHbJM+aRD1tq/KHw9X7TrldOszMQPr6lubBtscPbg1FCg3OlcC
HUrtub0i275x7TH0dJeRTD8TRE9jRmF+tl7KQytEJM3JRrquFjLyhDj+/VJnZkiB
lzj3FRf4zshzgz4+CAeqXO/8Lu8b3fGYmcW1acCmk7emjDcXUKojPj/Aig6T4l7P
oCWDY3+w1E6eiyE8BazxY1KUa/41ld0VJnlW5JWGRaDFTJwrk0h6/rvf9qImSckw
IGx24UezRyp6NS1op3Qm2iwHLr41pFRfKxNm9ppgH9iBPzOhe38=
=pkLL
-----END PGP SIGNATURE-----
Merge 5.10.215 into android12-5.10-lts
Changes in 5.10.215
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
drm/vmwgfx: stop using ttm_bo_create v2
drm/vmwgfx: switch over to the new pin interface v2
drm/vmwgfx/vmwgfx_cmdbuf_res: Remove unused variable 'ret'
drm/vmwgfx: Fix some static checker warnings
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
serial: max310x: fix NULL pointer dereference in I2C instantiation
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
selftests/mqueue: Set timeout to 180 seconds
ext4: correct best extent lstart adjustment logic
block: introduce zone_write_granularity limit
block: Clear zone limits for a non-zoned stacked queue
bounds: support non-power-of-two CONFIG_NR_CPUS
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
mtd: rawnand: meson: fix scrambling mode value in command macro
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: fix root lookup with nonzero generation
fuse: don't unhash root
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
printk/console: Split out code that enables default console
serial: Lock console when calling into driver before registration
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities()
PCI: Cache PCIe Device Capabilities register
PCI: Work around Intel I210 ROM BAR overlap defect
PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
PCI/DPC: Quirk PIO log size for certain Intel Root Ports
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mac802154: fix llsec key resources release in mac802154_llsec_key_del
mm: swap: fix race between free_swap_and_cache() and swapoff()
mmc: core: Fix switch on gp3 partition
drm/etnaviv: Restore some id values
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
nvmem: meson-efuse: fix function pointer type mismatch
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
phy: tegra: xusb: Add API to retrieve the port number of phy
usb: gadget: tegra-xudc: Use dev_err_probe()
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
speakup: Fix 8bit characters from direct synth
PCI/ERR: Clear AER status only when we control AER
PCI/AER: Block runtime suspend when handling errors
nfs: fix UAF in direct writes
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
PCI: dwc: endpoint: Fix advertised resizable BAR size
vfio/platform: Disable virqfds on cleanup
ring-buffer: Fix waking up ring buffer readers
ring-buffer: Do not set shortest_full when full target is hit
ring-buffer: Fix resetting of shortest_full
ring-buffer: Fix full_waiters_pending in poll
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/panel: do not return negative error codes from drm_panel_get_modes()
drm/exynos: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: prevent kernel bug at submit_bh_wbc()
cpufreq: dt: always allocate zeroed cpumask
x86/CPU/AMD: Update the Zenbleed microcode revisions
net: hns3: tracing: fix hclgevf trace event strings
wireguard: netlink: check for dangling peer via is_dead instead of empty list
wireguard: netlink: access device through ctx instead of peer
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
drm/amd/display: Return the correct HDCP error code
drm/amd/display: Fix noise issue on HDMI AV mute
dm snapshot: fix lockup in dm_exception_table_exit
vxge: remove unnecessary cast in kfree()
x86/stackprotector/32: Make the canary into a regular percpu variable
x86/pm: Work around false positive kmemleak report in msr_build_context()
scripts: kernel-doc: Fix syntax error due to undeclared args variable
comedi: comedi_test: Prevent timers rescheduling during deletion
cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value"
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
mei: me: add arrow lake point S DID
mei: me: add arrow lake point H DID
vt: fix unicode buffer corruption when deleting characters
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
tee: optee: Fix kernel panic caused by incorrect error handling
xen/events: close evtchn after mapping cleanup
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix
x86/bugs: Add asm helpers for executing VERW
x86/entry_64: Add VERW just before userspace transition
x86/entry_32: Add VERW just before userspace transition
x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key
KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH
KVM/VMX: Move VERW closer to VMentry for MDS mitigation
x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
Documentation/hw-vuln: Add documentation for RFDS
x86/rfds: Mitigate Register File Data Sampling (RFDS)
KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
init: open /initrd.image with O_LARGEFILE
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
hexagon: vmlinux.lds.S: handle attributes section
mmc: core: Initialize mmc_blk_ioc_data
mmc: core: Avoid negative index with array access
net: ll_temac: platform_get_resource replaced by wrong function
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
scsi: core: Fix unremoved procfs host directory regression
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
USB: core: Add hub_get() and hub_put() routines
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
usb: typec: ucsi: Ack unsupported commands
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
scsi: qla2xxx: Split FCE|EFT trace control
scsi: qla2xxx: Fix command flush on cable pull
scsi: qla2xxx: Delay I/O Abort on PCI error
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
tcp: properly terminate timers for kernel sockets
ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields()
bpf: Protect against int overflow for stack access size
Octeontx2-af: fix pause frame configuration in GMP mode
dm integrity: fix out-of-range warning
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
x86/cpufeatures: Add new word for scattered features
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
vfio/pci: Disable auto-enable of exclusive INTx IRQ
vfio/pci: Lock external INTx masking ops
vfio: Introduce interface to flush virqfd inject workqueue
vfio/pci: Create persistent INTx handler
vfio/platform: Create persistent IRQ handlers
vfio/fsl-mc: Block calling interrupt handler without trigger
io_uring: ensure '0' is returned on file registration success
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
x86/srso: Add SRSO mitigation for Hygon processors
block: add check that partition length needs to be aligned with block size
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: flush pending destroy work before exit_net release
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
netfilter: validate user input for expected length
vboxsf: Avoid an spurious warning if load_nls_xxx() fails
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
erspan: make sure erspan_base_hdr is present in skb->head
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
udp: do not transition UDP GRO fraglist partial checksums to unnecessary
octeontx2-pf: check negative error code in otx2_open()
i40e: fix i40e_count_filters() to count only active/new filters
i40e: fix vf may be used uninitialized in this function warning
scsi: qla2xxx: Update manufacturer details
scsi: qla2xxx: Update manufacturer detail
Revert "usb: phy: generic: Get the vbus supply"
udp: do not accept non-tunnel GSO skbs landing in a tunnel
net: ravb: Always process TX descriptor ring
arm64: dts: qcom: sc7180: Remove clock for bluetooth on Trogdor
arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
scsi: mylex: Fix sysfs buffer lengths
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
driver core: Introduce device_link_wait_removal()
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()
s390/entry: align system call table on 8 bytes
riscv: Fix spurious errors from __get/put_kernel_nofault
x86/bugs: Fix the SRSO mitigation on Zen3/4
x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO
mptcp: don't account accept() of non-MPC client as fallback to TCP
x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word
objtool: Add asm version of STACK_FRAME_NON_STANDARD
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
panic: Flush kernel log buffer at the end
arm64: dts: rockchip: fix rk3328 hdmi ports node
arm64: dts: rockchip: fix rk3399 hdmi ports node
ionic: set adminq irq affinity
pstore/zone: Add a null pointer check to the psz_kmsg_read
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
ext4: add a hint for block bitmap corrupt state in mb_groups
ext4: forbid commit inconsistent quota data when errors=remount-ro
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default"
libperf evlist: Avoid out-of-bounds access
block: prevent division by zero in blk_rq_stat_sum()
RDMA/cm: add timeout to cm_destroy_id wait
Input: allocate keycode for Display refresh rate toggle
platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet
ktest: force $buildonly = 1 for 'make_warnings_file' test type
ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment
tools: iio: replace seekdir() in iio_generic_buffer
usb: typec: tcpci: add generic tcpci fallback compatible
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
drivers/nvme: Add quirks for device 126f:2262
fbmon: prevent division by zero in fb_videomode_from_videomode()
netfilter: nf_tables: release batch on table validation from abort path
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
netfilter: nf_tables: discard table flag update with pending basechain deletion
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
drm/i915/gt: Reset queue_priority_hint on parking
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
kbuild: dummy-tools: adjust to stricter stackprotector check
scsi: sd: Fix wrong zone_write_granularity value during revalidate
x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk
x86/head/64: Re-enable stack protection
Linux 5.10.215
Change-Id: I45a0a9c4a0683ff5ef97315690f1f884f666e1b5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
with this vendor_hook, oem can dynamically adjust fault_around_bytes to
balance memory usage and performance
Bug: 340744332
Change-Id: I24414c7ba7e77ae06ce5e8cf52377c3485185cfe
Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com>
Userspace apps often analyze memory consumption by the use of mm
rss_stat counters -- via the kmem/rss_stat trace event or from
/proc/<pid>/statm.
rss_stat counters are only updated when the PTEs are updated. What this
means is that pages can be present in the page cache from readahead but
not visible to userspace (not attributed to the app) as there is no
corresponding VMA (PTEs) for the respective page cache pages.
A side effect of the loader now extending ELF LOAD segments to be
contiguously mapped in the virtual address space, means that the VMA is
extended to cover the padding pages.
When filesystems, such as f2fs and ext4, that implement
vm_ops->map_pages() attempt to perform a do_fault_around() the extent of
the fault around is restricted by the area of the enclosing VMA. Since
the loader extends LOAD segment VMAs to be contiguously mapped, the extent
of the fault around is also increased. The result of which, is that the
PTEs corresponding to the padding pages are updated and reflected in the
rss_stat counters.
It is not common that userspace application developers be aware of this
nuance in the kernel's memory accounting. To avoid apparent regressions
in memory usage to userspace, restrict the fault around range to only
valid data pages (i.e. exclude the padding pages at the end of the VMA).
Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Change-Id: I2c7a39ec1b040be2b9fb47801f95042f5dbf869d
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
commit 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 upstream.
PAT handling won't do the right thing in COW mappings: the first PTE (or,
in fact, all PTEs) can be replaced during write faults to point at anon
folios. Reliably recovering the correct PFN and cachemode using
follow_phys() from PTEs will not work in COW mappings.
Using follow_phys(), we might just get the address+protection of the anon
folio (which is very wrong), or fail on swap/nonswap entries, failing
follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and
track_pfn_copy(), not properly calling free_pfn_range().
In free_pfn_range(), we either wouldn't call memtype_free() or would call
it with the wrong range, possibly leaking memory.
To fix that, let's update follow_phys() to refuse returning anon folios,
and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings
if we run into that.
We will now properly handle untrack_pfn() with COW mappings, where we
don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if
the first page was replaced by an anon folio, though: we'd have to store
the cachemode in the VMA to make this work, likely growing the VMA size.
For now, lets keep it simple and let track_pfn_copy() just fail in that
case: it would have failed in the past with swap/nonswap entries already,
and it would have done the wrong thing with anon folios.
Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():
<--- C reproducer --->
#include <stdio.h>
#include <sys/mman.h>
#include <unistd.h>
#include <liburing.h>
int main(void)
{
struct io_uring_params p = {};
int ring_fd;
size_t size;
char *map;
ring_fd = io_uring_setup(1, &p);
if (ring_fd < 0) {
perror("io_uring_setup");
return 1;
}
size = p.sq_off.array + p.sq_entries * sizeof(unsigned);
/* Map the submission queue ring MAP_PRIVATE */
map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,
ring_fd, IORING_OFF_SQ_RING);
if (map == MAP_FAILED) {
perror("mmap");
return 1;
}
/* We have at least one page. Let's COW it. */
*map = 0;
pause();
return 0;
}
<--- C reproducer --->
On a system with 16 GiB RAM and swap configured:
# ./iouring &
# memhog 16G
# killall iouring
[ 301.552930] ------------[ cut here ]------------
[ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100
[ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g
[ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1
[ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4
[ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100
[ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000
[ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282
[ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047
[ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200
[ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000
[ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000
[ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000
[ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000
[ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0
[ 301.565725] PKRU: 55555554
[ 301.565944] Call Trace:
[ 301.566148] <TASK>
[ 301.566325] ? untrack_pfn+0xf4/0x100
[ 301.566618] ? __warn+0x81/0x130
[ 301.566876] ? untrack_pfn+0xf4/0x100
[ 301.567163] ? report_bug+0x171/0x1a0
[ 301.567466] ? handle_bug+0x3c/0x80
[ 301.567743] ? exc_invalid_op+0x17/0x70
[ 301.568038] ? asm_exc_invalid_op+0x1a/0x20
[ 301.568363] ? untrack_pfn+0xf4/0x100
[ 301.568660] ? untrack_pfn+0x65/0x100
[ 301.568947] unmap_single_vma+0xa6/0xe0
[ 301.569247] unmap_vmas+0xb5/0x190
[ 301.569532] exit_mmap+0xec/0x340
[ 301.569801] __mmput+0x3e/0x130
[ 301.570051] do_exit+0x305/0xaf0
...
Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Reported-by: Wupeng Ma <mawupeng1@huawei.com>
Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com
Fixes: b1a86e15dc ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines")
Fixes: 5899329b19 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3")
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently we bail out of speculative page fault when we detect that the
fault address is in a userfaultfd registered vma. However, if userfaultfd
is being used with UFFD_FEATURE_SIGBUS feature, then handle_userfault()
doesn't do much and is easiest to handle with SPF. This patch lets
MISSING userfaultfs on private anonymous mappings be allowed with SPF if
UFFD_FEATURE_SIGBUS is used.
With this patch we get >99% success rate for userfaults caused during
userfaultfd GC's compaction phase. This translates into eliminating
uninterruptible sleep time in do_page_fault() due to userfaults.
Bug: 320478828
Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>
Change-Id: Ic7fde0fde03602b35179bc0cf891ddbbc434190f
(cherry picked from commit 582c6d188ec138d8ed9c6ef235bf5698d80d7d6b)
Since SPF is an out-of-tree feature, the risks of changing its behavior
are higher. Add a vendor hook to enable speculative swap pagefaults. By
default it's disabled and should not cause troubles for current users.
Bug: 322762567
Change-Id: I3df7c545aa27d2707ee51ea42368f785c5faa735
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Speculative page handling was disabled in do_swap_page() because it was
unsafe to call migration_entry_wait(). Another calls which are not safe
without taking mmap_lock are ksm_might_need_to_copy() because it relies
on the VMA being stable and readahead. However if we avoid these cases,
the rest seems to be safe. Relax the check to avoid only these unsafe
cases and allow speculation otherwise.
Bug: 322762567
Change-Id: Ic1fda0a5549088d5f37004dbacf3193116a5f868
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWlb9wACgkQONu9yGCS
aT7xVBAAxWKfeQYqCxJbBVpyriOLnbzrNeM4fi0TCyX4J/UsMrpnMP101eFZmyJN
L2W4rzWcRHoogWSdK1SvjRZuBi2bUUj0NVbfsoLZPJvJ5yj8gg4Io/ejhXStvXcH
o0aKVR9pBfLu4NWWNZ0gOJQ5xK+ndHp+naylV6kA6WYyUBr+q8BSTQJcEDM4gAkl
eRdshQIbQK1JUPmgA6Grv/FsaoPsfU+BxriWfRMEiYrFjLDCHkr9YJ3RlIwYVJDU
+7CG6AzLXk3qNczk/4/9Vx67agDpeXT0kCiAPB0Y8GPH+4bNtE6FIzRTNNfHbPOV
Q8U18dToawIvOXUZaenX84Dg8XKS9vUVD/KxBqUTvLwlaUDVZr9XNtOkdCQcnwro
qTMxFE7HttpMJSSHtZp7xLyOwn8i74vgcfYXngZlawZJzAHVqgCDk4105PylSetZ
BTBxn990H9TxDO0weaiDLKMPbXVusxxbFY4hBVxVQdmfwWrJ7yYVb2IAF4kNy7dF
dRVoPDOC5Qf840REJgwzKJysZ4l2Ejcdicxi6zG+7SJH2jKYrcCW4AloALODRVHz
uf8BOgvD2W9lOTXkJy+LziNvDvVqe5B1l2E/WAIXI6jmo/abkmSKJpPWtTcF7xYs
CU7+3dny8BMu7zAIXjgnJmVRiGGMudi/steXyE0KV5X9hOdLQJo=
=F/LV
-----END PGP SIGNATURE-----
Merge 5.10.208 into android12-5.10-lts
Changes in 5.10.208
keys, dns: Fix missing size check of V1 server-list header
block: Don't invalidate pagecache for invalid falloc modes
ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6
nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local
octeontx2-af: Fix marking couple of structure as __packed
drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern
i40e: Fix filter input checks to prevent config with invalid values
net: sched: em_text: fix possible memory leak in em_text_destroy()
ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init
sfc: fix a double-free bug in efx_probe_filters
net: bcmgenet: Fix FCS generation for fragmented skbuffs
netfilter: nftables: add loop check helper function
netfilter: nft_immediate: drop chain reference counter on error
net: Save and restore msg_namelen in sock_sendmsg
i40e: fix use-after-free in i40e_aqc_add_filters()
ASoC: meson: g12a-toacodec: Validate written enum values
ASoC: meson: g12a-tohdmitx: Validate written enum values
ASoC: meson: g12a-toacodec: Fix event generation
ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux
i40e: Restore VF MSI-X state during PCI reset
net/qla3xxx: switch from 'pci_' to 'dma_' API
net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
asix: Add check for usbnet_get_endpoints
bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
net: Implement missing SO_TIMESTAMPING_NEW cmsg support
mm/memory-failure: check the mapcount of the precise page
firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards
x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect
i2c: core: Fix atomic xfer check for non-preempt config
mm: fix unmap_mapping_range high bits shift bug
mmc: meson-mx-sdhc: Fix initialization frozen issue
mmc: rpmb: fixes pause retune on all RPMB partitions.
mmc: core: Cancel delayed work before releasing host
mmc: sdhci-sprd: Fix eMMC init failure after hw reset
powerpc: update ppc_save_regs to save current r1 in pt_regs
net: tls, update curr on splice as well
ipv6: remove max_size check inline with ipv4
drm/qxl: fix UAF on handle creation
netfilter: nf_tables: Reject tables of unsupported family
PCI: Extract ATS disabling to a helper function
PCI: Disable ATS for specific Intel IPU E2000 devices
Revert "nvme: use command_id instead of req->tag in trace_nvme_complete_rq()"
Linux 5.10.208
Change-Id: I85f7791b6a3e06127bfd2e52a23ce90abb80ed8f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 9eab0421fa94a3dde0d1f7e36ab3294fc306c99d upstream.
The bug happens when highest bit of holebegin is 1, suppose holebegin is
0x8000000111111000, after shift, hba would be 0xfff8000000111111, then
vma_interval_tree_foreach would look it up fail or leads to the wrong
result.
error call seq e.g.:
- mmap(..., offset=0x8000000111111000)
|- syscall(mmap, ... unsigned long, off):
|- ksys_mmap_pgoff( ... , off >> PAGE_SHIFT);
here pgoff is correctly shifted to 0x8000000111111,
but pass 0x8000000111111000 as holebegin to unmap
would then cause terrible result, as shown below:
- unmap_mapping_range(..., loff_t const holebegin)
|- pgoff_t hba = holebegin >> PAGE_SHIFT;
/* hba = 0xfff8000000111111 unexpectedly */
The issue happens in Heterogeneous computing, where the device(e.g.
gpu) and host share the same virtual address space.
A simple workflow pattern which hit the issue is:
/* host */
1. userspace first mmap a file backed VA range with specified offset.
e.g. (offset=0x800..., mmap return: va_a)
2. write some data to the corresponding sys page
e.g. (va_a = 0xAABB)
/* device */
3. gpu workload touches VA, triggers gpu fault and notify the host.
/* host */
4. reviced gpu fault notification, then it will:
4.1 unmap host pages and also takes care of cpu tlb
(use unmap_mapping_range with offset=0x800...)
4.2 migrate sys page to device
4.3 setup device page table and resolve device fault.
/* device */
5. gpu workload continued, it accessed va_a and got 0xAABB.
6. gpu workload continued, it wrote 0xBBCC to va_a.
/* host */
7. userspace access va_a, as expected, it will:
7.1 trigger cpu vm fault.
7.2 driver handling fault to migrate gpu local page to host.
8. userspace then could correctly get 0xBBCC from va_a
9. done
But in step 4.1, if we hit the bug this patch mentioned, then userspace
would never trigger cpu fault, and still get the old value: 0xAABB.
Making holebegin unsigned first fixes the bug.
Link: https://lkml.kernel.org/r/20231220052839.26970-1-jiajun.xie.sh@gmail.com
Signed-off-by: Jiajun Xie <jiajun.xie.sh@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We want to skip swapcache in some scenarios to reduce
swap cache
Bug: 300857016
Change-Id: I8cbc45733d861be6f56628b40a1ef936cae3b45d
Signed-off-by: Xiaojun Ji <jixj@motorola.com>
Speculative page fault walks the page tables under RCU protection and
assumes that page tables are stable after ptl lock is taken. Current
implementation has three issues:
1. While pmd can't be destroyed while in RCU read section, it can be
cleared and result in an invalid ptl lock address. Fix that by
rechecking pmd value after obtaining ptl lock.
2. In case of CONFIG_ALLOC_SPLIT_PTLOCKS, ptl lock is separate from the
pmd and is destroyed by a synchronous call to pgtable_pmd_page_dtor,
which can happen while page walker is in RCU section. Prevent this by
adding a dependency for CONFIG_SPECULATIVE_PAGE_FAULT to require
!CONIG_ALLOC_SPLIT_PTLOCKS.
3. Below sequence when do_mmap happens after the last mmap_seq check
would result in use-after-free issue.
__pte_map_lock
rcu_read_lock()
mmap_seq_read_check()
ptl = pte_lockptr(vmf->pmd)
spin_trylock(ptl)
mmap_seq_read_check()
mmap_write_lock()
do_mmap()
unmap_region()
unmap_vmas()
free_pgtables()
...
free_pte_range
pmd_clear
pte_free_tlb
...
call_rcu(tlb_remove_table_rcu)
rcu_read_unlock()
tlb_remove_table_rcu
spin_unlock(ptl) <-- UAF!
To prevent that free_pte_range needs to be blocked if ptl is locked and
is in use.
[tyler wang: This is a backport from
https://android-review.googlesource.com/c/kernel/common/+/2330194.
We have adapted the corresponding modifications from 5.15 to 5.10,
including the changes made to the function __pte_map_lock in 5.15, which have
been adapted to the functions pte_spinlock and __pte_map_lock_speculative in
5.10. Additionally, following surenb's suggestion, we have folded
https://android-review.googlesource.com/c/kernel/common/+/2368961 in this patch.]
Bug: 278602292
Change-Id: I7b353f0995fc59e92bb2069bcdc7d1ac29b521b9
Signed-off-by: Dezhi Huang <huangdezhi@hihonor.com>
This is the merge of the upstream LTS release of 5.10.160 into the
android12-5.10 branch.
It contains the following commits:
003c389455 Merge 5.10.160 into android12-5.10-lts
a2428a8dcb Linux 5.10.160
54c15f67cb ASoC: ops: Correct bounds check for second channel on SX controls
74b139c63f nvme-pci: clear the prp2 field when not used
77ebf88e00 ASoC: cs42l51: Correct PGA Volume minimum value
4db1d19b74 can: mcba_usb: Fix termination command argument
683837f2f6 can: sja1000: fix size of OCR_MODE_MASK define
434b523671 pinctrl: meditatek: Startup with the IRQs disabled
5cb4abb0ca libbpf: Use page size as max_entries when probing ring buffer map
50b5f6d4d9 ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
344739dc56 ASoC: fsl_micfil: explicitly clear CHnF flags
a49c1a7307 ASoC: fsl_micfil: explicitly clear software reset bit
75454b4bbf io_uring: add missing item types for splice request
17f386e6b7 fuse: always revalidate if exclusive create
eb6313c129 nfp: fix use-after-free in area_cache_get()
965d93fb39 vfs: fix copy_file_range() averts filesystem freeze protection
ed96733949 vfs: fix copy_file_range() regression in cross-fs copies
970862a96c x86/smpboot: Move rcu_cpu_starting() earlier
32e45c58a0 Merge "Merge 5.10.159 into android12-5.10-lts" into android12-5.10-lts
d31626cbea ANDROID: usb: gadget: uvc: remove duplicate code in unbind
01ef2d0b53 Merge 5.10.159 into android12-5.10-lts
931578be69 Linux 5.10.159
4fd6f84e0a can: esd_usb: Allow REC and TEC to return to zero
cf0e423106 macsec: add missing attribute validation for offload
6b03e41767 net: mvneta: Fix an out of bounds check
8208d7e56b ipv6: avoid use-after-free in ip6_fragment()
3d59adad12 net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
a00444e25b xen/netback: fix build warning
87277bdf2c ethernet: aeroflex: fix potential skb leak in greth_init_rings()
cc668fddde tipc: call tipc_lxc_xmit without holding node_read_lock
4be43e46c3 net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
8e3f9ac009 ipv4: Fix incorrect route flushing when table ID 0 is used
5211e5ff9d ipv4: Fix incorrect route flushing when source address is deleted
36e248269a tipc: Fix potential OOB in tipc_link_proto_rcv()
93aaa4bb72 net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
296a50aa8b net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
8d1aed7a11 net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
a5cfbc1995 ip_gre: do not report erspan version on GRE interface
696e34d54c net: stmmac: fix "snps,axi-config" node property parsing
ca26f45083 nvme initialize core quirks before calling nvme_init_subsystem
27eb2d7a1b NFC: nci: Bounds check struct nfc_target arrays
a2506b19d7 i40e: Disallow ip4 and ip6 l4_4_bytes
8329b65e34 i40e: Fix for VF MAC address 0
215f3ac53b i40e: Fix not setting default xps_cpus after reset
146ebee8fc net: mvneta: Prevent out of bounds read in mvneta_config_rss()
e6860c889f xen-netfront: Fix NULL sring after live migration
3d3b30718a net: encx24j600: Fix invalid logic in reading of MISTAT register
51ba1820e7 net: encx24j600: Add parentheses to fix precedence
42c319635c mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
4c693330ce selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
bccda3ad07 net: dsa: ksz: Check return value
e7b9504581 Bluetooth: Fix not cleanup led when bt_init fails
1717354d77 Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
80c69b31aa vmxnet3: correctly report encapsulated LRO packet
575a6266f6 af_unix: Get user_ns from in_skb in unix_diag_get_exact().
6c788c0a25 drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
de918d9738 igb: Allocate MSI-X vector when testing
6595c9208d e1000e: Fix TX dispatch condition
5ee6413d3d gpio: amd8111: Fix PCI device reference count leak
b9aca69a6c drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
b46e8c50c3 netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark
0a8e66e375 ca8210: Fix crash by zero initializing data
27c71825ff ieee802154: cc2520: Fix error return code in cc2520_hw_init()
a0418d0a6b netfilter: nft_set_pipapo: Actually validate intervals in fields after the first one
cb283cca1d rtc: mc146818-lib: fix signedness bug in mc146818_get_time()
5c432383b6 rtc: mc146818-lib: fix locking in mc146818_set_time
5e26531d81 rtc: cmos: Disable irq around direct invocation of cmos_interrupt()
fccee93eb2 mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
c42221efb1 can: af_can: fix NULL pointer dereference in can_rcv_filter
bc03f809da HID: core: fix shift-out-of-bounds in hid_report_raw_event
959a23a4d1 HID: hid-lg4ff: Add check for empty lbuf
4dde75945a HID: usbhid: Add ALWAYS_POLL quirk for some mice
11e95d85c3 drm/shmem-helper: Avoid vm_open error paths
6a4da05acd drm/shmem-helper: Remove errant put in error path
007f561f59 drm/vmwgfx: Don't use screen objects when SEV is active
3cb78c3925 KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
549b46f813 Bluetooth: Fix crash when replugging CSR fake controllers
380d183e99 Bluetooth: btusb: Add debug message for CSR controllers
f1cf856123 mm/gup: fix gup_pud_range() for dax
f1f7f36cf6 memcg: fix possible use-after-free in memcg_write_event_control()
32f01f0306 media: v4l2-dv-timings.c: fix too strict blanking sanity checks
043b2bc96c Revert "ARM: dts: imx7: Fix NAND controller size-cells"
abfb8ae69b media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
83632fc414 xen/netback: don't call kfree_skb() with interrupts disabled
3eecd2bc10 xen/netback: do some code cleanup
49e07c0768 xen/netback: Ensure protocol headers don't fall in the non-linear area
db44a9443e rtc: mc146818: Reduce spinlock section in mc146818_set_time()
17293d630f rtc: cmos: Replace spin_lock_irqsave with spin_lock in hard IRQ
acfd8ef683 rtc: cmos: avoid UIP when reading alarm time
949bae0282 rtc: cmos: avoid UIP when writing alarm time
33ac73a41a rtc: mc146818-lib: extract mc146818_avoid_UIP
8bb5fe5830 rtc: mc146818-lib: fix RTC presence check
775d4661f1 rtc: Check return value from mc146818_get_time()
b9a5c470e0 rtc: mc146818-lib: change return values of mc146818_get_time()
94eaf9966e rtc: cmos: remove stale REVISIT comments
f5b51f8550 rtc: mc146818: Dont test for bit 0-5 in Register D
3736972360 rtc: mc146818: Detect and handle broken RTCs
7c7075c88d rtc: mc146818: Prevent reading garbage
7f445ca2e0 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
4a1cdb49d0 mm/khugepaged: fix GUP-fast interaction by sending IPI
cdfd3739b2 mm/khugepaged: take the right locks for page table retraction
1c0eec6a1d net: usb: qmi_wwan: add u-blox 0x1342 composition
a8c5ffb4df 9p/xen: check logical size for buffer size
ec36ebae36 usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
d9b53caf01 fbcon: Use kzalloc() in fbcon_prepare_logo()
8b130c770d regulator: twl6030: fix get status of twl6032 regulators
f6f45e5383 ASoC: soc-pcm: Add NULL check in BE reparenting
688a45aff2 btrfs: send: avoid unaligned encoded writes when attempting to clone range
15c42ab8d4 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
d38e021416 regulator: slg51000: Wait after asserting CS pin
1331bcfcac 9p/fd: Use P9_HDRSZ for header size
96b43f36a5 ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
ddf58f5939 ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
dbd78abd69 ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
bb1866cf1e ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
b1f40a0cdf ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
5f9474d07b arm64: dts: rockchip: fix ir-receiver node names
060d58924a ARM: dts: rockchip: fix ir-receiver node names
3e0c466771 arm: dts: rockchip: fix node name for hym8563 rtc
3ada63a876 arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series
202ee06349 Revert "mmc: sdhci: Fix voltage switch delay"
0b0939466f ANDROID: gki_defconfig: add CONFIG_FUNCTION_ERROR_INJECTION
5ab4c6b843 Merge 5.10.158 into android12-5.10-lts
592346d5dc Linux 5.10.158
cc1b4718cc ipc/sem: Fix dangling sem_array access in semtimedop race
d072a10c81 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
9ba389863a proc: proc_skip_spaces() shouldn't think it is working on C strings
4aa32aaef6 proc: avoid integer type confusion in get_proc_long
5f2f775605 block: unhash blkdev part inode when the part is deleted
a82869ac52 Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
4e0d6c687c char: tpm: Protect tpm_pm_suspend with locks
5a6f935ef3 Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
f075cf139f ACPI: HMAT: Fix initiator registration for single-initiator systems
f3b76b4d38 ACPI: HMAT: remove unnecessary variable initialization
63e72417a1 i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
df76136598 i2c: npcm7xx: Fix error handling in npcm_i2c_init()
7462cd2443 x86/pm: Add enumeration check before spec MSRs save/restore setup
5e3d4a68e2 x86/tsx: Add a feature bit for TSX control MSR support
b7f7a0402e Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
481f9ed8eb ipv4: Fix route deletion when nexthop info is not specified
0b5394229e ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
4919503426 selftests: net: fix nexthop warning cleanup double ip typo
7ca14c5f24 selftests: net: add delete nexthop route warning test
f09ac62f0e Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
19d91d3798 parisc: Increase FRAME_WARN to 2048 bytes on parisc
fcf20da099 xtensa: increase size of gcc stack frame check
a1877001ed parisc: Increase size of gcc stack frame check
a5c65cd56a iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
10ed7655a1 iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
302edce1dd pinctrl: single: Fix potential division by zero
b50c964189 ASoC: ops: Fix bounds check for _sx controls
a2efc46524 io_uring: don't hold uring_lock when calling io_run_task_work*
be111ebd88 tracing: Free buffers when a used dynamic event is removed
648b92e576 drm/i915: Never return 0 if not all requests retired
8649c023c4 drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame
940b774069 mmc: sdhci: Fix voltage switch delay
ed19662453 mmc: sdhci-sprd: Fix no reset data and command after voltage switch
ef767907e7 mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
46ee041cd6 mmc: core: Fix ambiguous TRIM and DISCARD arg
b79be962b5 mmc: mmc_test: Fix removal of debugfs file
d4fc344c0d net: stmmac: Set MAC's flow control register to reflect current settings
549e24409a pinctrl: intel: Save and restore pins in "direct IRQ" mode
471fb7b735 x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
e858917ab7 nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
6ddf788400 tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
c099d12c55 error-injection: Add prompt for function error injection
26b6f927bb riscv: vdso: fix section overlapping under some conditions
2b1d8f27e2 net/mlx5: DR, Fix uninitialized var warning
c40db1e5f3 hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
f06e0cd01e hwmon: (coretemp) Check for null before removing sysfs attrs
d93522d04f net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
176ee6c673 sctp: fix memory leak in sctp_stream_outq_migrate()
1c38c88acc packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
5f442e1d40 net: tun: Fix use-after-free in tun_detach()
5fa0fc5876 afs: Fix fileserver probe RTT handling
7ca81a161e net: hsr: Fix potential use-after-free
a1ba595e35 tipc: re-fetch skb cb after tipc_msg_validate
4621bdfff5 dsa: lan9303: Correct stat name
45752af024 net: ethernet: nixge: fix NULL dereference
e01c154237 net/9p: Fix a potential socket leak in p9_socket_open
b080d4668f net: net_netdev: Fix error handling in ntb_netdev_init_module()
fe6bc99c27 net: phy: fix null-ptr-deref while probe() failed
0184ede0ec wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
e2ed90fd3a wifi: cfg80211: don't allow multi-BSSID in S1G
9e6b79a3cd wifi: cfg80211: fix buffer overflow in elem comparison
6922948c2e aquantia: Do not purge addresses when setting the number of rings
fa59d49a49 qlcnic: fix sleep-in-atomic-context bugs caused by msleep
d753f554f2 can: cc770: cc770_isa_probe(): add missing free_cc770dev()
e74746bf04 can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
0d2f9d95d9 net/mlx5e: Fix use-after-free when reverting termination table
2cb84ff349 net/mlx5: Fix uninitialized variable bug in outlen_write()
b775f37d94 e100: Fix possible use after free in e100_xmit_prepare
086f656e44 e100: switch from 'pci_' to 'dma_' API
971c55f076 iavf: Fix error handling in iavf_init_module()
d389a4c698 iavf: remove redundant ret variable
fd4960ea53 fm10k: Fix error handling in fm10k_init_module()
dd425cec79 i40e: Fix error handling in i40e_init_module()
f166c62cad ixgbevf: Fix resource leak in ixgbevf_init_module()
8f7047f418 of: property: decrement node refcount in of_fwnode_get_reference_args()
be006212bd bpf: Do not copy spin lock field from user in bpf_selem_alloc
90907cd4d1 hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
7649bba263 hwmon: (i5500_temp) fix missing pci_disable_device()
dddfc03f04 hwmon: (ina3221) Fix shunt sum critical calculation
984fcd3ec1 hwmon: (ltc2947) fix temperature scaling
8a549ab672 libbpf: Handle size overflow for ringbuf mmap
cc140c729c ARM: at91: rm9200: fix usb device clock id
592724b14d scripts/faddr2line: Fix regression in name resolution on ppc64le
353c3aaaf3 bpf, perf: Use subprog name when reporting subprog ksymbol
d48f6a5784 iio: light: rpr0521: add missing Kconfig dependencies
5eb114f55b iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
b1756af172 iio: health: afe4403: Fix oob read in afe4403_read_raw
01d7c41eac btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
d3f5be8246 drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly when the edid is read"
00570fafc2 drm/amdgpu: update drm_display_info correctly when the edid is read
44b204730b drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
1faf21bdd1 btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker
6050872f9f spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
7b020665d4 btrfs: free btrfs_path before copying inodes to userspace
d5b7a34379 btrfs: sink iterator parameter to btrfs_ioctl_logical_to_ino
f3226d86f8 Revert "xfrm: fix "disable_policy" on ipv4 early demux"
982d7f3eb8 Merge 5.10.157 into android12-5.10-lts
37d3df60cb ANDROID: CRC ABI fixups in ip.h and ipv6.h
f4245f0538 Linux 5.10.157
4801672fb0 fuse: lock inode unconditionally in fuse_fallocate()
86f0082fb9 drm/i915: fix TLB invalidation for Gen12 video and compute engines
feb97cf45e drm/amdgpu: always register an MMU notifier for userptr
596b7d55d7 drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
c86c1a7037 btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
1581830c0e btrfs: free btrfs_path before copying subvol info to userspace
0bdb8f7ef8 btrfs: free btrfs_path before copying fspath to userspace
24a37ba2cb btrfs: free btrfs_path before copying root refs to userspace
b56d6e5585 genirq: Take the proposed affinity at face value if force==true
9d90a2b98e irqchip/gic-v3: Always trust the managed affinity provided by the core code
e0d2c59ee9 genirq: Always limit the affinity to online CPUs
f8f80d532f genirq/msi: Shutdown managed interrupts with unsatifiable affinities
3eb6b89a4e wifi: wilc1000: validate number of channels
5a068535c0 wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
905f886eae wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
7c6535fb4d wifi: wilc1000: validate pairwise and authentication suite offsets
64b7f9a7dd dm integrity: clear the journal on suspend
d306f73079 dm integrity: flush the journal on suspend
79d9a11679 gpu: host1x: Avoid trying to use GART on Tegra20
a7f30b5b8d net: usb: qmi_wwan: add Telit 0x103a composition
7e8eaa939e tcp: configurable source port perturb table size
0acc008cf9 platform/x86: hp-wmi: Ignore Smart Experience App event
0964b77bab zonefs: fix zone report size in __zonefs_io_error()
a5937dae66 platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
52fb7bcea0 platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
4fa717ba2d xen/platform-pci: add missing free_irq() in error path
f45a5a6c9f xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
9bbb587472 Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
4ea4316dff Input: soc_button_array - add use_low_level_irq module parameter
c1620e996d Input: goodix - try resetting the controller when no config is set
f4db050958 serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
7c3e39ccf5 ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
36e0b97619 Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
ae9e0cc973 binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
017de84253 binder: Address corner cases in deferred copy and fixup
2e3c27f241 binder: fix pointer cast warning
c9d3f25a7f binder: defer copies of pre-patched txn data
5204296fc7 binder: read pre-translated fds from sender buffer
23e9d815fa binder: avoid potential data leakage when copying txn
22870431cd x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
3fdeacf087 KVM: x86: remove exit_int_info warning in svm_handle_exit
7e5cb13091 KVM: x86: nSVM: leave nested mode on vCPU free
d925dd3e44 mm: vmscan: fix extreme overreclaim and swap floods
a4a62a23fa gcov: clang: fix the buffer overflow issue
e7f21d10e9 nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
f06b7e6a77 usb: dwc3: gadget: Clear ep descriptor last
cff7523ab8 usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
a32635528d usb: dwc3: gadget: conditionally remove requests
ca3a08e9d9 ceph: fix NULL pointer dereference for req->r_session
00c004c070 ceph: Use kcalloc for allocating multiple elements
69263bf781 ceph: fix possible NULL pointer dereference for req->r_session
8e137ace53 ceph: put the requests/sessions when it fails to alloc memory
38993788f4 ceph: fix off by one bugs in unsafe_request_wait()
8a31ae7f77 ceph: flush the mdlog before waiting on unsafe reqs
78b2f546f7 ceph: flush mdlog before umounting
d94ba7b3b7 ceph: make iterate_sessions a global symbol
9ac038d3c2 ceph: make ceph_create_session_msg a global symbol
8382cdf0ab usb: cdns3: Add support for DRD CDNSP
57112da86b mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
b5d770977b mmc: sdhci-brcmstb: Enable Clock Gating to save power
049194538c mmc: sdhci-brcmstb: Re-organize flags
fbe955be26 nios2: add FORCE for vmlinuz.gz
c0a9c9973d init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
456e895fd0 iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
fa9efcbfbf iio: light: apds9960: fix wrong register for gesture gain
bd1b8041c2 arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
86ba9c8595 ext4: fix use-after-free in ext4_ext_shift_extents
350e98a08a usb: dwc3: exynos: Fix remove() function
d21d26e65b lib/vdso: use "grep -E" instead of "egrep"
c0cf8bc259 net: enetc: preserve TX ring priority across reconfiguration
de4dd4f9b3 net: enetc: cache accesses to &priv->si->hw
1f080b8caa net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
1d840c5d67 s390/crashdump: fix TOD programmable field size
11052f1188 net: thunderx: Fix the ACPI memory leak
b034fe2a08 nfc: st-nci: fix memory leaks in EVT_TRANSACTION
e14583073f nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
9cc863d523 arcnet: fix potential memory leak in com20020_probe()
4d2be0cf27 net: arcnet: Fix RESET flag handling
e61b00374a s390/dasd: fix no record found for raw_track_access
aeebb07499 ipv4: Fix error return code in fib_table_insert()
c0af4d005a dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
b8e494240e netfilter: flowtable_offload: add missing locking
af9de5cdcb dma-buf: fix racing conflict of dma_heap_add()
c40b76dfa7 bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
f81e9c0510 regulator: twl6030: re-add TWL6032_SUBCLASS
32b944b9c4 NFC: nci: fix memory leak in nci_rx_data_packet()
68a7aec3f4 net: sched: allow act_ct to be built without NF_NAT
8e2664e12b sfc: fix potential memleak in __ef100_hard_start_xmit()
6b638a16ea xfrm: Fix ignored return value in xfrm6_init()
c7788361a6 tipc: check skb_linearize() return value in tipc_disc_rcv()
4058e3b74a tipc: add an extra conn_get in tipc_conn_alloc
e87a077d09 tipc: set con sock in tipc_conn_alloc
891daa95b0 net/mlx5: Fix handling of entry refcount when command is not issued to FW
e06ff9f8fe net/mlx5: Fix FW tracer timestamp calculation
5689eba90a netfilter: ipset: regression in ip_set_hash_ip.c
e62e62ea91 netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
8dca384970 Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
909186cf34 Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
f42802e14a macsec: Fix invalid error code set
72be055615 nfp: add port from netdev validation for EEPROM access
ce41e03cac nfp: fill splittable of devlink_port_attrs correctly
0b553ded34 net: pch_gbe: fix pci device refcount leak while module exiting
2c59ef9ab6 net/qla3xxx: fix potential memleak in ql3xxx_send()
a24d5f6c8b net/mlx4: Check retval of mlx4_bitmap_init
da86a63479 net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
756534f7cf ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
290a71ff72 ARM: mxs: fix memory leak in mxs_machine_init()
5c97af75f5 netfilter: conntrack: Fix data-races around ct mark
459332f8db 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
26bb8f6aaa net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
398a860a44 nfc/nci: fix race with opening and closing
3535c632e6 rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975]
23c03ee0ee rxrpc: Use refcount_t rather than atomic_t
bddde342c6 rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
a2d5dba2fc net: liquidio: simplify if expression
8124a02e17 ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
b547bf71fa tee: optee: fix possible memory leak in optee_register_device()
b76c5a99f4 bus: sunxi-rsb: Support atomic transfers
0c059b7d2a regulator: core: fix UAF in destroy_regulator()
fcb2d28636 spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
0b6441abfa regulator: core: fix kobject release warning and memory leak in regulator_register()
26d3d3ffa8 scsi: storvsc: Fix handling of srb_status and capacity change events
c34db0d6b8 ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
4f6c7344ab ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
164a5b50d1 ASoC: hdac_hda: fix hda pcm buffer overflow issue
7cfb4b8579 ARM: dts: am335x-pcm-953: Define fixed regulators in root node
b7000254c1 af_key: Fix send_acquire race with pfkey_register
51969d679b xfrm: replay: Fix ESN wrap around for GSO
497653f6d2 xfrm: fix "disable_policy" on ipv4 early demux
836bbdfcf8 MIPS: pic32: treat port as signed integer
c0bb600f07 RISC-V: vdso: Do not add missing symbols to version section in linker script
81cc6d8400 arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
fa5f2c72d3 block, bfq: fix null pointer dereference in bfq_bio_bfqg()
d29bde8689 drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
f7ce6fb04e scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
2574903ee2 scsi: ibmvfc: Avoid path failures during live migration
7fc62181c1 platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
f54a11b6bf Revert "net: macsec: report real_dev features when HW offloading is enabled"
f4b8c0710a selftests/bpf: Add verifier test for release_reference()
361a165098 spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
2c1ca23555 wifi: mac80211: Fix ack frame idr leak when mesh has no route
8d39913158 wifi: airo: do not assign -1 to unsigned char
8552e6048e audit: fix undefined behavior in bit shift for AUDIT_BIT
1c9eb641d1 riscv: dts: sifive unleashed: Add PWM controlled LEDs
92ae6facd1 wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
2fcc593b50 wifi: mac80211: fix memory free error when registering wiphy fail
044bc6d3c2 ceph: avoid putting the realm twice when decoding snaps fails
d43219bb33 ceph: do not update snapshot context when there is no new snapshot
49c71b6814 iio: pressure: ms5611: fixed value compensation bug
879139bc7a iio: ms5611: Simplify IO callback parameters
80c825e1e3 nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
f4066fb910 nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
4f0cea018e drm/display: Don't assume dual mode adaptors support i2c sub-addressing
347f1793b5 bridge: switchdev: Fix memory leaks when changing VLAN protocol
89a7f155e6 bridge: switchdev: Notify about VLAN protocol changes
f5cbd86ebf ata: libata-core: do not issue non-internal commands once EH is pending
4034d06a4d ata: libata-scsi: simplify __ata_scsi_queuecmd()
03aabcb88a scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
d9b90a99f3 Merge 5.10.156 into android12-5.10-lts
25af5a11f1 Merge 5.10.155 into android12-5.10-lts
e5d2cd6ad8 ANDROID: abi preservation for fscrypt change in 5.10.154
5bc3ece380 Revert "serial: 8250: Let drivers request full 16550A feature probing"
f466ca1247 Merge 5.10.154 into android12-5.10-lts
6d46ef50b1 Linux 5.10.156
7be134eb69 Revert "net: broadcom: Fix BCMGENET Kconfig"
957732a09c ntfs: check overflow when iterating ATTR_RECORDs
6322dda483 ntfs: fix out-of-bounds read in ntfs_attr_find()
b825bfbbaa ntfs: fix use-after-free in ntfs_attr_find()
294ef12dcc mm: fs: initialize fsdata passed to write_begin/write_end interface
a8e2fc8f7b 9p/trans_fd: always use O_NONBLOCK read/write
a5da76df46 gfs2: Switch from strlcpy to strscpy
5fa30be7ba gfs2: Check sb_bsize_shift after reading superblock
f14858bc77 9p: trans_fd/p9_conn_cancel: drop client lock earlier
4154b6afa2 kcm: close race conditions on sk_receive_queue
7deb7a9d33 kcm: avoid potential race in kcm_tx_work
35309be06b tcp: cdg: allow tcp_cdg_release() to be called multiple times
e929ec98c0 macvlan: enforce a consistent minimal mtu
95ebea5a15 uapi/linux/stddef.h: Add include guards
3f25add5ec Input: i8042 - fix leaking of platform device on module removal
7d606ae1ab kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
89ece5ff7d scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
75205f1b47 scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
6e9334436d net: use struct_group to copy ip/ipv6 header addresses
9fd7bdaffe stddef: Introduce struct_group() helper macro
47c3bdd955 usbnet: smsc95xx: Fix deadlock on runtime resume
8208c266fe ring-buffer: Include dropped pages in counting dirty patches
36b5095b07 net: fix a concurrency bug in l2tp_tunnel_register()
023435a095 nvme: ensure subsystem reset is single threaded
b9a5ecf241 nvme: restrict management ioctls to admin
5e2f14d772 perf/x86/intel/pt: Fix sampling using single range output
62634b43d3 misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
c1eb46a65b docs: update mediator contact information in CoC doc
4423866d31 mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
440653a180 mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout
8e70b14131 mmc: core: properly select voltage range without power cycle
05b0f6624d firmware: coreboot: Register bus in module init
deda86a0d8 iommu/vt-d: Set SRE bit only when hardware has SRS cap
d2c7d8f58e scsi: zfcp: Fix double free of FSF request when qdio send fails
db744288af maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()
24cc679abb Input: iforce - invert valid length check when fetching device IDs
5f4611fe01 serial: 8250_lpss: Configure DMA also w/o DMA filter
8679087e93 serial: 8250: Flush DMA Rx on RLSI
a5eaad87bf serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
f59f5a269c dm ioctl: fix misbehavior if list_versions races with module loading
67a75a9480 iio: pressure: ms5611: changed hardcoded SPI speed to value limited
d95b85c508 iio: adc: mp2629: fix potential array out of bound access
46b8bc62c5 iio: adc: mp2629: fix wrong comparison of channel
8dddf2699d iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
85d2a8b287 iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
85cc1a2fd8 usb: typec: mux: Enter safe mode only when pins need to be reconfigured
efaab05520 usb: chipidea: fix deadlock in ci_otg_del_timer
143ba5c2d2 usb: add NO_LPM quirk for Realforce 87U Keyboard
249cef723f USB: serial: option: add Fibocom FM160 0x0111 composition
5c44c60358 USB: serial: option: add u-blox LARA-L6 modem
0e88a3cfa6 USB: serial: option: add u-blox LARA-R6 00B modem
de707957d9 USB: serial: option: remove old LARA-R6 PID
878227a3dd USB: serial: option: add Sierra Wireless EM9191
25c652811d USB: bcma: Make GPIO explicitly optional
eb3af3ea5b speakup: fix a segfault caused by switching consoles
8cbaf4ed53 slimbus: stream: correct presence rate frequencies
15155f7c0e Revert "usb: dwc3: disable USB core PHY management"
100d1e53bb ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
c7dcc89482 ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
a80369c8ca ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
28a54854a9 tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
bb70fcae41 tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
315b149f08 tracing: Fix wild-memory-access in register_synth_event()
65ba7e7c24 tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
5d4cc7bc1a tracing/ring-buffer: Have polling block on watermark
5fdebbeca5 ring_buffer: Do not deactivate non-existant pages
6a14828cad ftrace: Fix null pointer dereference in ftrace_add_mod()
6ed60c60ec ftrace: Optimize the allocation for mcount entries
9569eed79b ftrace: Fix the possible incorrect kernel message
5fc19c8313 cifs: add check for returning value of SMB2_set_info_init
0aeb0de528 net: thunderbolt: Fix error handling in tbnet_init()
e13ef43813 cifs: Fix wrong return value checking when GETFLAGS
9f00da9c86 net/x25: Fix skb leak in x25_lapb_receive_frame()
94822d2331 net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open()
3aeb13bc3d cifs: add check for returning value of SMB2_close_init
c24013273e platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized
9ed51414ae drbd: use after free in drbd_create_device()
6b23a4b252 net: ena: Fix error handling in ena_init()
2d5a495501 net: ionic: Fix error handling in ionic_init_module()
bb9924a6ed xen/pcpu: fix possible memory leak in register_pcpu()
d6a561bd4c bnxt_en: Remove debugfs when pci_register_driver failed
389738f5db net: caif: fix double disconnect client in chnl_net_open()
fb5ee1560b net: macvlan: Use built-in RCU list checking
709aa1f73d mISDN: fix misuse of put_device() in mISDN_register_device()
417f2d2edf net: liquidio: release resources when liquidio driver open failed
4cba73f2d6 net: hinic: Fix error handling in hinic_module_init()
083a2c9ef8 mISDN: fix possible memory leak in mISDN_dsp_element_register()
6b23993d5b net: bgmac: Drop free_netdev() from bgmac_enet_remove()
1f6a73b25d bpf: Initialize same number of free nodes for each pcpu_freelist
ef2ac07ab8 ata: libata-transport: fix error handling in ata_tdev_add()
7377a14598 ata: libata-transport: fix error handling in ata_tlink_add()
b5362dc163 ata: libata-transport: fix error handling in ata_tport_add()
ac471468f7 ata: libata-transport: fix double ata_host_put() in ata_tport_add()
ac4f404c25 arm64: dts: imx8mn: Fix NAND controller size-cells
30ece7dbee arm64: dts: imx8mm: Fix NAND controller size-cells
f68a9efd78 ARM: dts: imx7: Fix NAND controller size-cells
1d160dfb3f drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
c47a823ea1 drm/drv: Fix potential memory leak in drm_dev_init()
c776a49d09 drm/panel: simple: set bpc field for logic technologies displays
777430aa4d pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
bce3e6fe8b parport_pc: Avoid FIFO port location truncation
a4b5423f88 siox: fix possible memory leak in siox_device_add()
0679f571d3 arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
58636b5ff3 block: sed-opal: kmalloc the cmd/resp buffers
e27458b18b sctp: clear out_curr if all frag chunks of current msg are pruned
0b4c259b63 sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
7360e7c29d ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
e60f37a1d3 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
b8fe1a5aa7 tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
0a3160f4ff serial: imx: Add missing .thaw_noirq hook
7e1f908e65 serial: 8250: omap: Flush PM QOS work on remove
d833cba201 serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
b0b6ea651e serial: 8250_omap: remove wait loop from Errata i202 workaround
f14c312c21 serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
85cdbf04b4 serial: 8250: Remove serial_rs485 sanitization from em485
f5dedad405 ASoC: tas2764: Fix set_tdm_slot in case of single slot
9e82d78fbe ASoC: tas2770: Fix set_tdm_slot in case of single slot
8d21554ec7 ASoC: core: Fix use-after-free in snd_soc_exit()
38ca9bd336 spi: stm32: Print summary 'callbacks suppressed' message
a180da5564 drm/amdgpu: disable BACO on special BEIGE_GOBY card
f3adf0adf3 drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards
b0faeff69a drm/amd/pm: Read BIF STRAP also for BACO check
6958556285 drm/amd/pm: support power source switch on Sienna Cichlid
7daab001a6 mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
65ac4d1807 spi: intel: Use correct mask for flash and protected regions
23793518a7 mtd: spi-nor: intel-spi: Disable write protection only if asked
a326fffdc7 ALSA: hda/realtek: fix speakers and micmute on HP 855 G8
24839d027c ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route"
bd48793240 Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
ce75e90859 btrfs: remove pointless and double ulist frees in error paths of qgroup tests
16743c4bf3 drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
df2747f295 i2c: i801: add lis3lv02d's I2C address for Vostro 5568
959cb0fd69 i2c: tegra: Allocate DMA memory for DMA engine
6cb657722e NFSv4: Retry LOCK on OLD_STATEID during delegation return
f0187227e2 drm/amd/display: Remove wrong pipe control lock
bb3edbd092 ASoC: rt1308-sdw: add the default value of some registers
b1619f0307 selftests/intel_pstate: fix build for ARCH=x86_64
fdf6807606 selftests/futex: fix build for clang
c1f0defecb ASoC: codecs: jz4725b: fix capture selector naming
aeb7e8bc0d ASoC: codecs: jz4725b: use right control for Capture Volume
c87945c173 ASoC: codecs: jz4725b: fix reported volume for Master ctl
9aae00961a ASoC: codecs: jz4725b: add missed Line In power control bit
0b4d650f90 spi: intel: Fix the offset to get the 64K erase opcode
6910e7279f ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
c7432616f6 ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe
a47606064c ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
f8f254c8b5 ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
c73aa2cc41 ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
673a7341bd Merge 5.10.153 into android12-5.10-lts
27b36ba7c2 Merge 5.10.152 into android12-5.10-lts
bf759deb0f Merge 5.10.151 into android12-5.10-lts
6b31c548a1 ANDROID: fix up struct sk_buf ABI breakage
bd66e91ad2 ANDROID: fix up CRC issue with struct tcp_sock
3905cfd1d6 Revert "serial: 8250: Toggle IER bits on only after irq has been set up"
41217963b1 Linux 5.10.155
0f544353fe io_uring: kill goto error handling in io_sqpoll_wait_sq()
154d744fbe x86/cpu: Restore AMD's DE_CFG MSR after resume
e7294b01de mmc: sdhci-esdhc-imx: Convert the driver to DT-only
534762e261 net: tun: call napi_schedule_prep() to ensure we own a napi
367bc0fa98 dmaengine: at_hdmac: Check return code of dma_async_device_register
85f97c97ef dmaengine: at_hdmac: Fix impossible condition
f53a233eaa dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
f451285522 dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
6be4ab08c8 dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
a35dd5dd98 dmaengine: at_hdmac: Fix concurrency over the active list
0f603bf553 dmaengine: at_hdmac: Free the memset buf without holding the chan lock
7f07cecc74 dmaengine: at_hdmac: Fix concurrency over descriptor
1582cc3b48 dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
9b69060a72 dmaengine: at_hdmac: Protect atchan->status with the channel lock
ee35682261 dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
7078e935b4 dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
ad4cbe8e9c dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
24f9e93e50 dmaengine: at_hdmac: Don't start transactions at tx_submit level
4b51cce72a dmaengine: at_hdmac: Fix at_lli struct definition
d37dfb9357 cert host tools: Stop complaining about deprecated OpenSSL functions
f8e0edeaa0 can: j1939: j1939_send_one(): fix missing CAN header initialization
0b692d41ee mm/memremap.c: map FS_DAX device memory as decrypted
03f9582a6a udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
4ea3aa3b98 mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
9c0accfa5a btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
8fa0c22ef8 platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
b5ee579fcb drm/i915/dmabuf: fix sg_table handling in map_dma_buf
4feedde548 nilfs2: fix use-after-free bug of ns_writer on remount
1d4ff73062 nilfs2: fix deadlock in nilfs_count_free_blocks()
344ddbd688 ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
516f9f2300 vmlinux.lds.h: Fix placement of '.data..decrypted' section
f6896fb69d ALSA: usb-audio: Add DSD support for Accuphase DAC-60
2032c2d32b ALSA: usb-audio: Add quirk entry for M-Audio Micro
a414a6d6ef ALSA: hda/realtek: Add Positivo C6300 model quirk
3a79f9568d ALSA: hda: fix potential memleak in 'add_widget_node'
380d64168d ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
181cfff57b ALSA: hda/hdmi - enable runtime pm for more AMD display audio
ea6787e482 mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
0a8d4531a0 mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
3f558930ad mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
b55e64d0a3 mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
4631cb0406 MIPS: jump_label: Fix compat branch range check
475fd3991a arm64: efi: Fix handling of misaligned runtime regions and drop warning
94ab8f88fe riscv: fix reserved memory setup
0cf9cb0614 riscv: Separate memory init from paging init
d7716240bc riscv: Enable CMA support
ecf78af514 riscv: vdso: fix build with llvm
e56d18a976 riscv: process: fix kernel info leakage
956e0216a1 net: macvlan: fix memory leaks of macvlan_common_newlink
59ec132386 ethernet: tundra: free irq when alloc ring failed in tsi108_open()
dd7beaec8b net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
56d3b5531b ethernet: s2io: disable napi when start nic failed in s2io_card_up()
05b2228434 net: atlantic: macsec: clear encryption keys from the stack
1a4e495edf net: phy: mscc: macsec: clear encryption keys when freeing a flow
4ad684ba02 cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open()
38aa7ed8c2 net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
fd52dd2d6e net: cpsw: disable napi in cpsw_ndo_open()
3b27e20601 net/mlx5e: E-Switch, Fix comparing termination table instance
eb6fa0ac2a net/mlx5: Allow async trigger completion execution on single CPU systems
bdd282bba7 net: nixge: disable napi when enable interrupts failed in nixge_open()
5333cf1b7f net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
cf4853880e perf stat: Fix printing os->prefix in CSV metrics output
3a4a3c3b1f drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
0b7ee3d50f dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
6e2ffae69d dmaengine: pxa_dma: use platform_get_irq_optional
f31dd15858 tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
fbb4e8e6dc net: broadcom: Fix BCMGENET Kconfig
cb6d639bb1 net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
d68fa77ee3 can: af_can: fix NULL pointer dereference in can_rx_register()
a033b86c7f ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
02f8dfee75 tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
f3aa8a7d95 drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
bcb3bb1069 hamradio: fix issue of dev reference count leakage in bpq_device_event()
bc4591a86b net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
2bf8b1c111 KVM: s390: pv: don't allow userspace to set the clock under PV
a60cc64db7 KVM: s390x: fix SCK locking
fcbd2b3368 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
8aae24b0ed net: fman: Unregister ethernet device on removal
e2c5ee3b62 bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
38147073c9 bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
3401f96402 net: tun: Fix memory leaks of napi_get_frags
adaa0f180d macsec: clear encryption keys from the stack after setting up offload
9dc7503bae macsec: fix detection of RXSCs when toggling offloading
7f4456f011 macsec: fix secy->n_rx_sc accounting
3b05d9073a macsec: delete new rxsc when offload fails
50868de7dc net: gso: fix panic on frag_list with mixed head alloc types
cedd4f01f6 bpf: Fix wrong reg type conversion in release_reference()
9069db2579 bpf: Add helper macro bpf_for_each_reg_in_vstate
95b6ec7337 bpf: Support for pointers beyond pkt_end.
8597b59e3d HID: hyperv: fix possible memory leak in mousevsc_probe()
8c80b2fca4 bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE
cc21dc48a7 bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
e1e1218032 wifi: cfg80211: fix memory leak in query_regdb_file()
914cb94e73 wifi: cfg80211: silence a sparse RCU warning
72ea2fc299 phy: stm32: fix an error code in probe
925bf1ba76 hwspinlock: qcom: correct MMIO max register for newer SoCs
76eba54f0d fuse: fix readdir cache race
7bcea6c5c9 ANDROID: gki_defconfig: remove CONFIG_INIT_STACK_ALL_ZERO=y
d2bc3376cd Revert "serial: 8250: Fix restoring termios speed after suspend"
0b500f5b16 Merge 5.10.150 into android12-5.10-lts
f5b40c0eb9 Linux 5.10.154
bf506e366d ipc: remove memcg accounting for sops objects in do_semtimedop()
c6678c8f4f wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
a6c57adec5 drm/i915/sdvo: Setup DDC fully before output init
b86830cc95 drm/i915/sdvo: Filter out invalid outputs more sensibly
9f3b867808 drm/rockchip: dsi: Force synchronous probe
23f1fc7ce5 ext4,f2fs: fix readahead of verity data
e5cef906cb KVM: x86: emulator: update the emulation mode after CR0 write
ce9261accc KVM: x86: emulator: introduce emulator_recalc_and_set_mode
c8a2fd7a71 KVM: x86: emulator: em_sysexit should update ctxt->mode
e0c7410378 KVM: x86: Mask off reserved bits in CPUID.80000001H
9302ebc1c2 KVM: x86: Mask off reserved bits in CPUID.80000008H
cc40c5f3e9 KVM: x86: Mask off reserved bits in CPUID.8000001AH
bd64a88f36 KVM: x86: Mask off reserved bits in CPUID.80000006H
156451a67b ext4: fix BUG_ON() when directory entry has invalid rec_len
5370b965b7 ext4: fix warning in 'ext4_da_release_space'
c9598cf629 parisc: Avoid printing the hardware path twice
98f836e80d parisc: Export iosapic_serial_irq() symbol for serial port driver
814af9a32b parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
29d106d086 perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
98f6e7c337 perf/x86/intel: Fix pebs event constraints for ICL
3be2d66822 efi: random: Use 'ACPI reclaim' memory for random seed
83294f7c77 efi: random: reduce seed size to 32 bytes
f8e8cda869 fuse: add file_modified() to fallocate
cdf01c807e capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
ff32d8a099 tracing/histogram: Update document for KEYS_MAX size
533bfacbac tools/nolibc/string: Fix memcmp() implementation
f100a02748 kprobe: reverse kp->flags when arm_kprobe failed
bef08acbe5 tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
2bf33b5ea4 tcp/udp: Make early_demux back namespacified.
ea5f2fd464 ftrace: Fix use-after-free for dynamic ftrace_ops
06de93a47c btrfs: fix type of parameter generation in btrfs_get_dentry
e33ce54cef coresight: cti: Fix hang in cti_disable_hw()
015ac18be7 binder: fix UAF of alloc->vma in race with munmap()
836686e1a0 memcg: enable accounting of ipc resources
e4e4b24b42 mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times
818c36b988 tcp/udp: Fix memory leak in ipv6_renew_options().
29997a6fa6 fscrypt: fix keyring memory leak on mount failure
391cceee6d fscrypt: stop using keyrings subsystem for fscrypt_master_key
092401142b fscrypt: simplify master key locking
54c13d3520 ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
a0e2577cf3 block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
26ca2ac091 Bluetooth: L2CAP: Fix attempting to access uninitialized memory
6b6f94fb9a Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
bfd5e62f9a i2c: piix4: Fix adapter not be removed in piix4_remove()
fc3e2fa0a5 arm64: dts: juno: Add thermal critical trip points
b743ecf29c firmware: arm_scmi: Make Rx chan_setup fail on memory errors
29e8e9bfc2 firmware: arm_scmi: Suppress the driver's bind attributes
d7b1e2cbe0 ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
160d8904b2 efi/tpm: Pass correct address to memblock_reserve
c40b4d604b i2c: xiic: Add platform module alias
5bf8c7798b drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case
496eb203d0 HID: saitek: add madcatz variant of MMO7 mouse device ID
ff06067b70 scsi: core: Restrict legal sdev_state transitions via sysfs
9edf20e5a1 ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
be6e22f546 media: meson: vdec: fix possible refcount leak in vdec_probe()
c5fd54a65c media: dvb-frontends/drxk: initialize err to 0
7fdc58d8c2 media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
1609231f86 media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
c46759e370 media: rkisp1: Zero v4l2_subdev_format fields in when validating links
3144ce5574 media: rkisp1: Initialize color space on resizer sink and source pads
6b24d9c2ac s390/boot: add secure boot trailer
efc6420d65 xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
37bb57908d mtd: parsers: bcm47xxpart: Fix halfblock reads
85e458369c mtd: parsers: bcm47xxpart: print correct offset on read error
ec54104feb fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
f8c86d7829 video/fbdev/stifb: Implement the stifb_fillrect() function
e975d7aeca mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
afeae13b8a mmc: sdhci-pci: Avoid comma separated statements
a06721767c mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
59400c9b0d drm/msm/hdmi: fix IRQ lifetime
8225bdaec5 drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag
5dbb47ee89 ipv6: fix WARNING in ip6_route_net_exit_late()
1c89642e7f net, neigh: Fix null-ptr-deref in neigh_table_clear()
634f066d02 net: mdio: fix undefined behavior in bit shift for __mdiobus_register
d9ec6e2fbd Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
cb1c012099 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
0a0dead4ad btrfs: fix ulist leaks in error paths of qgroup self tests
61e0612811 btrfs: fix inode list leak during backref walking at find_parent_nodes()
a52e24c7fc btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
81204283ea isdn: mISDN: netjet: fix wrong check of device registration
e77d213843 mISDN: fix possible memory leak in mISDN_register_device()
f06186e527 rose: Fix NULL pointer dereference in rose_send_frame()
2c8d81bdb2 ipvs: fix WARNING in ip_vs_app_net_cleanup()
931f56d59c ipvs: fix WARNING in __ip_vs_cleanup_batch()
d69328cdb9 ipvs: use explicitly signed chars
b2d7a92aff netfilter: nf_tables: release flow rule object from commit path
3583826b44 net: tun: fix bugs for oversize packet when napi frags enabled
5960b9081b net: sched: Fix use after free in red_enqueue()
24f9c41435 ata: pata_legacy: fix pdc20230_set_piomode()
c85ee1c3cb net: fec: fix improper use of NETDEV_TX_BUSY
52438e734c nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
0acfcd2aed nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
9ae2c9a91f nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
eecea068bf NFC: nxp-nci: remove unnecessary labels
e8c11ee2d0 nfc: fdp: Fix potential memory leak in fdp_nci_send()
31b83d6990 nfc: fdp: drop ftrace-like debugging messages
4e1e4485b2 RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
d360e875c0 RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
37a098fc9b net: dsa: Fix possible memory leaks in dsa_loop_init()
45aea4fbf6 nfs4: Fix kmemleak when allocate slot failed
f0f1c74fa6 NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
10c554d722 NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
4813dd737d NFSv4: Fix a potential state reclaim deadlock
7c4260f8f1 IB/hfi1: Correctly move list in sc_disable()
87ac93c8dd RDMA/cma: Use output interface for net_dev check
4dbb739eb2 KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
bb584caee8 KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
9faacf442d KVM: x86: Protect the unused bits in MSR exiting flags
5bdbccc79c x86/topology: Fix duplicated core ID within a package
6c31fc028a x86/topology: Fix multiple packages shown on a single-package system
f5ad52da14 x86/topology: Set cpu_die_id only if DIE_TYPE found
570fa3bcd2 KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
e5d7c6786b KVM: x86: Trace re-injected exceptions
8364786152 KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
523e1dd9f8 KVM: nVMX: Pull KVM L0's desired controls directly from vmcs01
028fcabd8a serial: ar933x: Deassert Transmit Enable on ->rs485_config()
e6da7808c9 serial: 8250: Let drivers request full 16550A feature probing
95aa34f721 Linux 5.10.153
26a2b9c468 serial: Deassert Transmit Enable on probe in driver-specific way
4a230f65d6 serial: core: move RS485 configuration tasks from drivers into core
eb69c07eca can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
d5924531dd arm64/kexec: Test page size support with new TGRAN range values
c911f03f8d arm64/mm: Fix __enable_mmu() for new TGRAN range values
d523384766 scsi: sd: Revert "scsi: sd: Remove a local variable"
52a43b8200 arm64: Add AMPERE1 to the Spectre-BHB affected list
9889ca7efa net: enetc: survive memory pressure without crashing
fdba224ab0 net/mlx5: Fix crash during sync firmware reset
bbcc06933f net/mlx5: Fix possible use-after-free in async command interface
16376ba5cf net/mlx5e: Do not increment ESN when updating IPsec ESN state
0d88359092 nh: fix scope used to find saddr when adding non gw nh
3519b5ddac net: ehea: fix possible memory leak in ehea_register_port()
79631daa5a openvswitch: switch from WARN to pr_warn
00d6f33f67 ALSA: aoa: Fix I2S device accounting
ce6fd1c382 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
97262705c0 net: fec: limit register access on i.MX6UL
df67a8e625 PM: domains: Fix handling of unavailable/disabled idle states
1f262d8088 net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
6170b4579f i40e: Fix flow-type by setting GL_HASH_INSET registers
9abae363af i40e: Fix VF hang when reset is triggered on another VF
23d5599058 i40e: Fix ethtool rx-flow-hash setting for X722
44affe7ede ipv6: ensure sane device mtu in tunnels
905f05c0ab media: vivid: set num_in/outputs to 0 if not supported
b6c7446d0a media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
683015ae16 media: v4l2-dv-timings: add sanity checks for blanking values
147b8f1892 media: vivid: dev->bitmap_cap wasn't freed in all cases
1cf51d5158 media: vivid: s_fbuf: add more sanity checks
3221c2701d PM: hibernate: Allow hybrid sleep to work with s2idle
0eb19ecbd0 can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path
6b2d07fc0b can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
1634d5d39c tcp: fix indefinite deferral of RTO with SACK reneging
4f23cb2be5 tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
49713d7c38 tcp: minor optimization in tcp_add_backlog()
aab883bd60 net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
c3edc6e808 net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
e2a28807b1 kcm: annotate data-races around kcm->rx_wait
c325f92d8d kcm: annotate data-races around kcm->rx_psock
af7879529e atlantic: fix deadlock at aq_nic_stop
d7ccd49c4d amd-xgbe: add the bit rate quirk for Molex cables
17350734fd amd-xgbe: fix the SFP compliance codes check for DAC cables
b55d6ea965 x86/unwind/orc: Fix unreliable stack dump with gcov
0ce1ef3353 net: hinic: fix the issue of double release MBOX callback of VF
6603843c80 net: hinic: fix the issue of CMDQ memory leaks
bb01910763 net: hinic: fix memory leak when reading function table
ce605b68db net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
62f0a08e82 net: netsec: fix error handling in netsec_register_mdio()
32a3d4660b tipc: fix a null-ptr-deref in tipc_topsrv_accept
fb94152aae perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
bfce730886 ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
2663b16c76 ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
a527557299 arc: iounmap() arg is volatile
648ac633e7 ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
6571f6ca8a drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
4953a989b7 media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
9d00384270 net: ieee802154: fix error return code in dgram_bind()
568e3812b1 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
935a8b6202 mm/memory: add non-anonymous page check in the copy_present_page()
49db6cb814 xen/gntdev: Prevent leaking grants
a3f2cc11d6 Xen/gntdev: don't ignore kernel unmapping error
467230b9ef s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
fe187c801a s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
449070996c perf auxtrace: Fix address filter symbol name match for modules
6f72a3977b kernfs: fix use-after-free in __kernfs_remove
0bcd1ab3e8 counter: microchip-tcb-capture: Handle Signal1 read and Synapse
8bf037279b mmc: core: Fix kernel panic when remove non-standard SDIO card
5684808b26 mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
b686ffc0ac drm/msm/dp: fix IRQ lifetime
08c7375fa2 drm/msm/hdmi: fix memory corruption with too many bridges
21c4679af0 drm/msm/dsi: fix memory corruption with too many bridges
44a86d96fa scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
c368f751da mac802154: Fix LQI recording
9ba2990f4e exec: Copy oldsighand->action under spin-lock
7062153004 fs/binfmt_elf: Fix memory leak in load_elf_binary()
d9ddfeb01f fbdev: smscufx: Fix several use-after-free bugs
f19f1a75d3 iio: temperature: ltc2983: allocate iio channels once
af236da855 iio: light: tsl2583: Fix module unloading
90ff5bef2b tools: iio: iio_utils: fix digit calculation
678d2cc204 xhci: Remove device endpoints from bandwidth list when freeing the device
3b250824b6 xhci: Add quirk to reset host back to default state at shutdown
63c7df3c81 mtd: rawnand: marvell: Use correct logic for nand-keep-config
228101fc83 usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
2bc4f99ee2 usb: bdc: change state when port disconnected
e440957f9c usb: dwc3: gadget: Don't set IMI for no_interrupt
fb074d622c usb: dwc3: gadget: Stop processing more requests on IMI
c29fcef579 USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
4cc7a360ec ALSA: rme9652: use explicitly signed char
8959092300 ALSA: au88x0: use explicitly signed char
2bf5b16315 ALSA: Use del_timer_sync() before freeing timer
ca1034bff8 can: kvaser_usb: Fix possible completions during init_completion
370be31cde can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
7d51b4c67c Linux 5.10.152
43d5109296 udp: Update reuse->has_conns under reuseport_lock.
a50ed2d287 mm: /proc/pid/smaps_rollup: fix no vma's null-deref
31b1570677 blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
e2f9b62ead mmc: core: Add SD card quirk for broken discard
3a260e9844 Makefile.debug: re-enable debug info for .S files
6ab2287b26 x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
67dafece56 ACPI: video: Force backlight native for more TongFang devices
dcaf631320 hv_netvsc: Fix race between VF offering and VF association message from host
da54c5f4b5 perf/x86/intel/pt: Relax address filter validation
79c3482fbe riscv: topology: fix default topology reporting
a6e770733d arm64: topology: move store_cpu_topology() to shared code
cb1024d8a4 arm64: dts: qcom: sc7180-trogdor: Fixup modem memory region
f687e2111b fcntl: fix potential deadlocks for &fown_struct.lock
b1efc19644 fcntl: make F_GETOWN(EX) return 0 on dead owner task
ca4c498382 perf: Skip and warn on unknown format 'configN' attrs
dea47fefa6 perf pmu: Validate raw event with sysfs exported format bits
86e995f964 riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
0e4c06ae7c riscv: Add machine name to kernel boot log and stack dump output
7fba4a389d mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
3c6a888e35 xen/gntdev: Accommodate VMA splitting
5232411f37 xen: assume XENFEAT_gnttab_map_avail_bits being set for pv guests
ea82edad0a tracing: Do not free snapshot if tracer is on cmdline
bd6af07e79 tracing: Simplify conditional compilation code in tracing_set_tracer()
4e3a15ca24 dmaengine: mxs: use platform_driver_register
1da5d24970 dmaengine: mxs-dma: Remove the unused .id_table
1414e9bf3c drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
d74196bb27 iommu/vt-d: Clean up si_domain in the init_dmars() error path
ef11e8ec00 iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
35c92435be net: phy: dp83822: disable MDI crossover status change interrupt
7aa3d623c1 net: sched: fix race condition in qdisc_graft()
2974f3b330 net: hns: fix possible memory leak in hnae_ae_register()
3032e316e0 sfc: include vport_id in filter spec hash and equal()
ded86c4191 net: sched: sfb: fix null pointer access issue when sfb_init() fails
305aa36b62 net: sched: delete duplicate cleanup of backlog and qlen
ae48bee283 net: sched: cake: fix null pointer access issue when cake_init() fails
2008ad08a2 nvme-hwmon: kmalloc the NVME SMART log buffer
770b7e3a2c nvme-hwmon: consistently ignore errors from nvme_hwmon_init
67106ac272 nvme-hwmon: Return error code when registration fails
bc17f727b0 nvme-hwmon: rework to avoid devm allocation
191d71c635 ionic: catch NULL pointer issue on reconfig
ff7ba76675 net: hsr: avoid possible NULL deref in skb_clone()
7286f87551 cifs: Fix xid leak in cifs_ses_add_channel()
2d08311aa3 cifs: Fix xid leak in cifs_flock()
bf49d4fe4a cifs: Fix xid leak in cifs_copy_file_range()
05cc22c008 net: phy: dp83867: Extend RX strap quirk for SGMII mode
118f412bed net/atm: fix proc_mpc_write incorrect return value
c8310a99e7 sfc: Change VF mac via PF as first preference if available.
39d10f0dfb HID: magicmouse: Do not set BTN_MOUSE on double report
ed5baf3d0a i40e: Fix DMA mappings leak
e558e14893 tipc: fix an information leak in tipc_topsrv_kern_subscr
1f4ed95ce6 tipc: Fix recognition of trial period
fc8c6b8bb2 ACPI: extlog: Handle multiple records
57e157749a btrfs: fix processing of delayed tree block refs during backref walking
590929ef69 btrfs: fix processing of delayed data refs during backref walking
cc841a8a70 r8152: add PID for the Lenovo OneLink+ Dock
51b96ecaed arm64: errata: Remove AES hwcap for COMPAT tasks
910ba49b33 blk-wbt: call rq_qos_add() after wb_normal is initialized
392536023d block: wbt: Remove unnecessary invoking of wbt_update_limits in wbt_init
ab6aaa8210 media: venus: dec: Handle the case where find_format fails
bce5808fc9 media: mceusb: set timeout to at least timeout provided
6d725672ce KVM: arm64: vgic: Fix exit condition in scan_its_table()
34db701dc6 kvm: Add support for arch compat vm ioctls
e55feb31df cpufreq: qcom: fix memory leak in error path
303d0f7614 ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
6a2aadcb01 ata: ahci-imx: Fix MODULE_ALIAS
d9f0159da0 hwmon/coretemp: Handle large core ID value
0fb04676c4 x86/microcode/AMD: Apply the patch early on every logical thread
6dcf1f0802 i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
794ded0bc4 cpufreq: qcom: fix writes in read-only memory region
2723875e9d selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
0d65f040fd ocfs2: fix BUG when iput after ocfs2_mknod fails
b838dcfda1 ocfs2: clear dinode links count in case of error
c34d1b22fe Linux 5.10.151
ecad331211 kbuild: Add skip_encoding_btf_enum64 option to pahole
c5006abb80 kbuild: Unify options for BTF generation for vmlinux and modules
f5f413cb3e kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
06481cd9f7 kbuild: Quote OBJCOPY var to avoid a pahole call break the build
bbaea0f1cd bpf: Generate BTF_KIND_FLOAT when linking vmlinux
a10a57a224 Linux 5.10.150
243c8f42ba Revert "drm/amdgpu: make sure to init common IP before gmc"
8026d58b49 gcov: support GCC 12.1 and newer compilers
cbf2c43b36 f2fs: fix wrong condition to trigger background checkpoint correctly
7b19858803 thermal: intel_powerclamp: Use first online CPU as control_cpu
f039b43cba inet: fully convert sk->sk_rx_dst to RCU rules
67de22cb0b ext4: continue to expand file system when the target size doesn't reach
357db159e9 Revert "drm/amdgpu: use dirty framebuffer helper"
98ab15bfdc Revert "drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega"
791489a5c5 net/ieee802154: don't warn zero-sized raw_sendmsg()
a96336a5f2 Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
dc54ff9fc4 net: ieee802154: return -EINVAL for unknown addr type
45c3396675 mm: hugetlb: fix UAF in hugetlb_handle_userfault
c378c479c5 io_uring/af_unix: defer registered files gc to io_uring release
67cbc8865a io_uring: correct pinned_vm accounting
904f881b57 arm64: topology: fix possible overflow in amu_fie_setup()
b5dc2f2578 perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
9b4e849777 clk: bcm2835: Make peripheral PLLC critical
b8bbae3236 usb: idmouse: fix an uninit-value in idmouse_open
d5bb45f47b nvmet-tcp: add bounds check on Transfer Tag
b79da0080d nvme: copy firmware_rev on each init
e6cc39db24 staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
3a5a34ed9d Revert "usb: storage: Add quirk for Samsung Fit flash"
acf0006f2b usb: musb: Fix musb_gadget.c rxstate overflow bug
91271a3e77 usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
782b3e71c9 md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
dbcca76435 HID: roccat: Fix use-after-free in roccat_read()
f00c049ede soundwire: intel: fix error handling on dai registration issues
f04a673d4a soundwire: cadence: Don't overwrite msg->buf during write commands
c263516c2c bcache: fix set_at_max_writeback_rate() for multiple attached devices
fcad2ac863 ata: libahci_platform: Sanity check the DT child nodes number
19c010ae44 blk-throttle: prevent overflow while calculating wait time
1b3cebeca9 staging: vt6655: fix potential memory leak
89f305a714 power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
b2700f98b3 nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
5942e5c63d scsi: 3w-9xxx: Avoid disabling device if failing to enable it
48727117bd usb: host: xhci-plat: suspend/resume clks for brcm
c13d0d2f5a usb: host: xhci-plat: suspend and resume clocks
12d31182de clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
c2257c8a50 media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
d9e2585c3b clk: zynqmp: Fix stack-out-of-bounds in strncpy`
70f8b48d0b btrfs: scrub: try to fix super block errors
8f554dd23c arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
451ce2521c kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
017cabfb3f ARM: dts: imx6sx: add missing properties for sram
9d3ca48722 ARM: dts: imx6sll: add missing properties for sram
9735f2b62b ARM: dts: imx6sl: add missing properties for sram
2829b6ad30 ARM: dts: imx6qp: add missing properties for sram
0c3a0b3d5e ARM: dts: imx6dl: add missing properties for sram
2763a3b43a ARM: dts: imx6q: add missing properties for sram
82e0d91484 ARM: dts: imx7d-sdb: config the max pressure for tsc2046
166feb964f drm/amd/display: Remove interface for periodic interrupt 1
1bb6f4a8db drm/dp: Don't rewrite link config when setting phy test pattern
bb91c06b0b mmc: sdhci-msm: add compatible string check for sdm670
8a427a2283 drm/meson: explicitly remove aggregate driver at module unload time
1c7d957c5d drm/amdgpu: fix initial connector audio value
69130888b2 ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
54f2585e2d platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
a9d6a7c9b6 platform/chrome: cros_ec: Notify the PM of wake events during resume
e29d20deaf drm: panel-orientation-quirks: Add quirk for Anbernic Win600
bfdb391d57 drm/vc4: vec: Fix timings for VEC modes
b70f8abc1a drm: bridge: dw_hdmi: only trigger hotplug event on link change
bbe2f6f903 udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
0a4fddc95c drm/amd/display: fix overflow on MIN_I64 definition
3959e8faf8 gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
c28a8082b2 drm: Prevent drm_copy_field() to attempt copying a NULL pointer
e7d7018003 drm: Use size_t type for len variable in drm_copy_field()
3339a51bcd drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
484400d433 r8152: Rate limit overflow messages
0c108cf3ad Bluetooth: L2CAP: Fix user-after-free
65029aaedd net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
4851303c85 wifi: rt2x00: correctly set BBP register 86 for MT7620
a016144479 wifi: rt2x00: set SoC wmac clock register
5aa0461d11 wifi: rt2x00: set VGC gain for both chains of MT7620
8d9c00979a wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
27ed98e8a9 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
3d67986e72 can: bcm: check the result of can_send() in bcm_can_tx()
7b674dce41 Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
e25ca9af8a Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
b051d9bf98 regulator: core: Prevent integer underflow
e01d96494a wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
be81c44242 xfrm: Update ipcomp_scratches with NULL when freed
9661724f62 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
0958e487e8 tcp: annotate data-race around tcp_md5sig_pool_populated
129ca0db95 openvswitch: Fix overreporting of drops in dropwatch
4398e8a7fd openvswitch: Fix double reporting of drops in dropwatch
e3c9b94734 bpftool: Clear errno after libcap's checks
50e45034c5 wifi: brcmfmac: fix invalid address access when enabling SCAN log level
bbacfcde5f NFSD: fix use-after-free on source server when doing inter-server copy
3de402a524 NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
1f730d4ae6 x86/entry: Work around Clang __bdos() bug
513943bf87 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
708b9abe1b powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
b434edb0e9 MIPS: BCM47XX: Cast memcmp() of function to (void *)
6c61a37ea7 ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
0dd025483f rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
36d4ffbedf rcu: Back off upon fill_page_cache_func() allocation failure
278d8ba2b2 selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
b60aa21e2f f2fs: fix to account FS_CP_DATA_IO correctly
0b8230d44c f2fs: fix to avoid REQ_TIME and CP_TIME collision
ecbd95958c f2fs: fix race condition on setting FI_NO_EXTENT flag
110146ce8f ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
dce07e87ee thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
3a720eb890 crypto: cavium - prevent integer overflow loading firmware
7bfa7d6773 crypto: marvell/octeontx - prevent integer overflows
cdd42eb468 kbuild: rpm-pkg: fix breakage when V=1 is used
6d1aef17e7 kbuild: remove the target in signal traps when interrupted
8d76dd5080 tracing: kprobe: Make gen test module work in arm and riscv
c6512a6f0c tracing: kprobe: Fix kprobe event gen test module on exit
9e6ba62d41 iommu/iova: Fix module config properly
426d5bc089 crypto: qat - fix DMA transfer direction
a43babc059 crypto: qat - use pre-allocated buffers in datapath
a91af50850 crypto: qat - fix use of 'dma_map_single'
8a4ed09ed8 crypto: inside-secure - Change swab to swab32
d33935e666 crypto: ccp - Release dma channels before dmaengine unrgister
a1354bdd19 crypto: akcipher - default implementation for setting a private key
2fee0dbfae iommu/omap: Fix buffer overflow in debugfs
cfde58a8e4 cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
ab2485eb5d hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear()
d88b88514e crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
25f1342473 crypto: sahara - don't sleep when in softirq
2d285164fb powerpc: Fix SPE Power ISA properties for e500v1 platforms
2bde4e1e4f powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
7ae8bed908 x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
6315998170 powerpc/powernv: add missing of_node_put() in opal_export_attrs()
434db6d17b powerpc/pci_dn: Add missing of_node_put()
718e2d8023 powerpc/sysdev/fsl_msi: Add missing of_node_put()
592d283a65 powerpc/math_emu/efp: Include module.h
44c26ceffa mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
b1616599c9 clk: ast2600: BCLK comes from EPLL
6d01017247 clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
9b65fd6513 clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
9a6087a438 clk: baikal-t1: Add SATA internal ref clock buffer
5f143f3bc2 clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
823fd52391 clk: baikal-t1: Fix invalid xGMAC PTP clock divider
2f19a1050e clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
92f52770a7 spmi: pmic-arb: correct duplicate APID to PPID mapping logic
a01c0c1600 dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
1dd5148445 clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
6e58f2469e mfd: sm501: Add check for platform_driver_register()
3469dd8e22 mfd: fsl-imx25: Fix check for platform_get_irq() errors
b425e03c96 mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
f7b4388636 mfd: lp8788: Fix an error handling path in lp8788_probe()
08d4051803 mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
28868b940b mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
382a5fc49e fsi: core: Check error number after calling ida_simple_get
ed8e6011b9 clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
884a788f06 scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
a9e5176ead scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
8f740c11d8 serial: 8250: Fix restoring termios speed after suspend
ab5a3e7144 firmware: google: Test spinlock on panic path to avoid lockups
95ac62e854 staging: vt6655: fix some erroneous memory clean-up loops
878f987166 phy: qualcomm: call clk_disable_unprepare in the error handling
9a56ade124 tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
572fb97fce serial: 8250: Toggle IER bits on only after irq has been set up
3fbfa5e3cc serial: 8250: Add an empty line and remove some useless {}
71ffe5111f drivers: serial: jsm: fix some leaks in probe
7efdd91d54 usb: gadget: function: fix dangling pnp_string in f_printer.c
cc952e3bf6 xhci: Don't show warning for reinit on known broken suspend
dac769dd7d IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
360386e11c RDMA/cm: Use SLID in the work completion as the DLID in responder side
a1263294b5 md/raid5: Ensure stripe_fill happens on non-read IO with journal
76694e9ce0 md: Replace snprintf with scnprintf
7bd5f3b4a8 mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
f5325f3202 ata: fix ata_id_has_dipm()
f5a6fa1877 ata: fix ata_id_has_ncq_autosense()
3c34a91c8a ata: fix ata_id_has_devslp()
fc61a0c820 ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
e3917c85f4 RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
3a9d7d8dcf mtd: rawnand: fsl_elbc: Fix none ECC mode
f87f720811 mtd: devices: docg3: check the return value of devm_ioremap() in the probe
d06cc0e11d dyndbg: drop EXPORTed dynamic_debug_exec_queries
1d65985589 dyndbg: let query-modname override actual module name
c0e206da44 dyndbg: fix module.dyndbg handling
5047bd3bd7 dyndbg: fix static_branch manipulation
af12e209a9 dmaengine: hisilicon: Add multi-thread support for a DMA channel
d3fd838536 dmaengine: hisilicon: Fix CQ head update
d5065ca461 dmaengine: hisilicon: Disable channels when unregister hisi_dma
f59861946f fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
7ba19a60c7 misc: ocxl: fix possible refcount leak in afu_ioctl()
cf3bb86edd RDMA/rxe: Fix the error caused by qp->sk
cdce36a88d RDMA/rxe: Fix "kernel NULL pointer dereference" error
2630cc8832 media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
40aa0999a3 media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start()
551b87976a tty: xilinx_uartps: Fix the ignore_status
28cdf6c6fb media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
1f683bff1a HSI: omap_ssi_port: Fix dma_map_sg error check
962f22e7f7 HSI: omap_ssi: Fix refcount leak in ssi_probe
70f0a0a27d clk: tegra20: Fix refcount leak in tegra20_clock_init
c01bfd23cc clk: tegra: Fix refcount leak in tegra114_clock_init
f487137a53 clk: tegra: Fix refcount leak in tegra210_clock_init
59e90c4d98 clk: sprd: Hold reference returned by of_get_parent()
57141b1dd6 clk: berlin: Add of_node_put() for of_get_parent()
dc190b46c6 clk: qoriq: Hold reference returned by of_get_parent()
baadc6f58f clk: oxnas: Hold reference returned by of_get_parent()
b95f4f9054 clk: meson: Hold reference returned by of_get_parent()
beec2f0255 usb: common: debug: Check non-standard control requests
9d965a22f6 usb: common: move function's kerneldoc next to its definition
20b63631a3 usb: common: add function to get interval expressed in us unit
c1ef8c66a3 usb: common: Parse for USB SSP genXxY
ffffb159e1 usb: ch9: Add USB 3.2 SSP attributes
aa7aada4b7 iio: ABI: Fix wrong format of differential capacitance channel ABI.
b9a0526cd0 iio: inkern: only release the device node when done with it
44ec4b04fc iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
513c72d76d iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
d259b90f0c iio: adc: at91-sama5d2_adc: check return status for pressure and touch
bc2b97e177 iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
5b9bb0cbd9 ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
657de36c72 arm64: ftrace: fix module PLTs with mcount
40e966a404 ARM: Drop CMDLINE_* dependency on ATAGS
477dbf9d1b ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
5bbd3dd7f9 soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
09c35f1520 ia64: export memory_add_physaddr_to_nid to fix cxl build error
e31c0e14cf ARM: dts: kirkwood: lsxl: remove first ethernet port
df4f05b356 ARM: dts: kirkwood: lsxl: fix serial line
43faaedf3a ARM: dts: turris-omnia: Fix mpp26 pin name and comment
d5c2051898 soc: qcom: smem_state: Add refcounting for the 'state->of_node'
39781c98ad soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
1d312c12c9 memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
daaec4b3fe memory: of: Fix refcount leak bug in of_get_ddr_timings()
fde46754d5 memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
2c442b0c06 ALSA: hda/hdmi: Don't skip notification handling during PM operation
f182de42d7 ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
37e3e01c9a ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
fb23569699 ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
c1b269dda1 ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
71704c2e1b mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
c940636d9c ALSA: dmaengine: increment buffer pointer atomically
4993c1511d ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
ef59819976 drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
598d8f7d86 drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
a9a60d6405 ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
ad0b8ed172 mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
1f340e1c1c drm/omap: dss: Fix refcount leak bugs
cbe37857dd ALSA: hda: beep: Simplify keep-power-at-enable behavior
f0fb0817eb ASoC: rsnd: Add check for rsnd_mod_power_on
877e92e9b1 drm/bridge: megachips: Fix a null pointer dereference bug
c577b4e972 drm: fix drm_mipi_dbi build errors
804d8e59f3 platform/x86: msi-laptop: Fix resource cleanup
c21c08fab7 platform/x86: msi-laptop: Fix old-ec check for backlight registering
b77755f58e ASoC: tas2764: Fix mute/unmute
2e6b64df54 ASoC: tas2764: Drop conflicting set_bias_level power setting
c2c6022e10 ASoC: tas2764: Allow mono streams
868fc93b61 platform/chrome: fix memory corruption in ioctl
84da5cdf43 platform/chrome: fix double-free in chromeos_laptop_prepare()
5e25bfcd12 drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node()
ad06d6bed5 drm/dp_mst: fix drm_dp_dpcd_read return value checks
3f5889fd65 drm/bridge: parade-ps8640: Fix regulator supply order
45120fa5e5 drm/mipi-dsi: Detach devices when removing the host
050b650507 drm/bridge: Avoid uninitialized variable warning
7839f2b349 drm: bridge: adv7511: fix CEC power down control register offset
29f50bcf0f net: mvpp2: fix mvpp2 debugfs leak
6cb54f2162 once: add DO_ONCE_SLOW() for sleepable contexts
67cb80a9d2 net/ieee802154: reject zero-sized raw_sendmsg()
6cc0e2afc6 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
da349221c4 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
d9e25dc053 spi: Ensure that sg_table won't be used after being freed
96a3ddb870 tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
f65955340e sctp: handle the error returned from sctp_auth_asoc_init_active_key
2a1d036320 mISDN: fix use-after-free bugs in l1oip timer handlers
b4a5905fd2 vhost/vsock: Use kvmalloc/kvfree for larger packets.
d2b5dc3a53 wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
17196f2f98 spi: s3c64xx: Fix large transfers with DMA
b284e1fe15 netfilter: nft_fib: Fix for rpath check with VRF devices
b384e8fb16 Bluetooth: hci_core: Fix not handling link timeouts propertly
129f01116b i2c: mlxbf: support lock mechanism
534909fe3c spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
9da61e7b59 spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
1ef5798638 x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
6ed7b05a35 x86/microcode/AMD: Track patch allocation size explicitly
07299e52e5 wifi: ath11k: fix number of VHT beamformee spatial streams
d7cc0d51ff Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
ed403bcd97 bpf: Ensure correct locking around vulnerable function find_vpid()
2a1c29dc9b net: fs_enet: Fix wrong check in do_pd_setup
795954d751 wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
226e6f2412 wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
0a60ac7a0d bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
8398a45d3d spi: meson-spicc: do not rely on busy flag in pow2 clk ops
351cf55595 wifi: rtl8xxxu: Fix skb misuse in TX queue selection
1e91179057 spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
7b83d11d48 spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
5576008305 selftests/xsk: Avoid use-after-free on ctx
c823df0679 wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
ea1b6b5409 Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
07194ccbb1 Bluetooth: btusb: fix excessive stack usage
cdadf95435 Bluetooth: btusb: Fine-tune mt7663 mechanism.
294395caac x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register
029a1de92c spi: mt7621: Fix an error message in mt7621_spi_probe()
2afb93e4e4 bpftool: Fix a wrong type cast in btf_dumper_int
61905bbb61 wifi: mac80211: allow bw change during channel switch in mesh
7565207066 leds: lm3601x: Don't use mutex after it was destroyed
08faf07717 wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
e060c4b9f3 nfsd: Fix a memory leak in an error handling path
730191a098 objtool: Preserve special st_shndx indexes in elf_update_symbol
84837738d4 ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
f1d6edeaa8 ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
da2aecef86 MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
0c667858c0 MIPS: SGI-IP27: Free some unused memory
3598445698 sh: machvec: Use char[] for section boundaries
6e4be747f1 userfaultfd: open userfaultfds with O_RDONLY
28d9b39733 selinux: use "grep -E" instead of "egrep"
d11e09953c smb3: must initialize two ACL struct fields to zero
abd13b2100 drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
fd37286f39 drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
5d6093c49c drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
57f1a89a8e drm/nouveau/kms/nv140-: Disable interlacing
d0febad83e staging: greybus: audio_helper: remove unused and wrong debugfs usage
ceeb8d4a43 KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
83fe0b009b KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
085ca1d33b KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
bda8120e5b media: cedrus: Set the platform driver data earlier
dbdd3b1448 efi: libstub: drop pointless get_memory_map() call
68158654b5 thunderbolt: Explicitly enable lane adapter hotplug events at startup
fc08f84381 tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
0cf6c09daf ring-buffer: Fix race between reset page and reading page
588f02f8b9 ring-buffer: Add ring_buffer_wake_waiters()
586f02c500 ring-buffer: Check pending waiters when doing wake ups as well
6617e5132c ring-buffer: Have the shortest_full queue be the shortest not longest
4a3bbd40e4 ring-buffer: Allow splice to read previous partially read pages
f2ca4609d0 ftrace: Properly unset FTRACE_HASH_FL_MOD
846f041203 livepatch: fix race between fork and KLP transition
2189756eab ext4: update 'state->fc_regions_size' after successful memory allocation
2cfb769d60 ext4: fix potential memory leak in ext4_fc_record_regions()
c9ce7766dc ext4: fix potential memory leak in ext4_fc_record_modified_inode()
d575fb52c4 ext4: fix miss release buffer head in ext4_fc_write_inode
74d2a398d2 ext4: place buffer head allocation before handle start
fbb0e601bd ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
0e1764ad71 ext4: don't increase iversion counter for ea_inodes
483831ad04 ext4: fix check for block being out of directory size
ac66db1a43 ext4: make ext4_lazyinit_thread freezable
f34ab95162 ext4: fix null-ptr-deref in ext4_write_info
fb98cb61ef ext4: avoid crash when inline data creation follows DIO write
e65506ff18 jbd2: add miss release buffer head in fc_do_one_pass()
1d4d16daec jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
7a33dde572 jbd2: fix potential buffer head reference count leak
eea3e455a3 jbd2: wake up journal waiters in FIFO order, not LIFO
ba52e685d2 hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
bdcb1d7cf2 hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
d621a87064 hardening: Clarify Kconfig text for auto-var-init
4a8e8bf280 f2fs: fix to do sanity check on summary info
73fb4bd2c0 f2fs: fix to do sanity check on destination blkaddr during recovery
12014eaf1b f2fs: increase the limit for reserve_root
47b5ffe863 btrfs: fix race between quota enable and quota rescan ioctl
e504729496 fbdev: smscufx: Fix use-after-free in ufx_ops_open()
9931bd05bb scsi: qedf: Populate sysfs attributes for vport
102c4b6e8c powerpc/boot: Explicitly disable usage of SPE instructions
7db60fd46e powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
9119a92ad9 PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
a3c08c0217 mm/mmap: undo ->mmap() when arch_validate_flags() fails
7d551b7d61 block: fix inflight statistics of part0
0a12979089 drm/udl: Restore display mode on resume
f134f261d7 drm/virtio: Check whether transferred 2D BO is shmem
303436e301 nvme-pci: set min_align_mask before calculating max_hw_sectors
6a73e6edcb UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
1a053f597f riscv: Pass -mno-relax only on lld < 15.0.0
d15dca1d46 riscv: Make VM_WRITE imply VM_READ
d8c6f9b2e1 riscv: Allow PROT_WRITE-only mmap()
a6dcc6cfa2 parisc: fbdev/stifb: Align graphics memory size to 4MB
2ce9fab94b RISC-V: Make port I/O string accessors actually work
ffb571e123 regulator: qcom_rpm: Fix circular deferral regression
85909424a1 hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
8ef0e1c0ae ASoC: wcd934x: fix order of Slimbus unprepare/disable
9b2c82af65 ASoC: wcd9335: fix order of Slimbus unprepare/disable
1c20d672e3 platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
6b7ae4a904 quota: Check next/prev free block number after reading from quota file
5b1a56beb6 HID: multitouch: Add memory barriers
bfe60d7641 fs: dlm: handle -EBUSY first in lock arg validation
0b2d8e4db4 fs: dlm: fix race between test_bit() and queue_work()
057d5838c7 mmc: sdhci-sprd: Fix minimum clock limit
448fffc1ae can: kvaser_usb_leaf: Fix CAN state after restart
a3776e09b3 can: kvaser_usb_leaf: Fix TX queue out of sync after restart
0f8c88978d can: kvaser_usb_leaf: Fix overread with an invalid command
5d1cb7bfad can: kvaser_usb: Fix use of uninitialized completion
b239a0993a usb: add quirks for Lenovo OneLink+ Dock
afbbf305db iio: pressure: dps310: Reset chip after timeout
9daadd1d10 iio: pressure: dps310: Refactor startup procedure
ae49d80400 iio: adc: ad7923: fix channel readings for some variants
ea4dcd3d6a iio: ltc2497: Fix reading conversion results
30e1bd0d3e iio: dac: ad5593r: Fix i2c read protocol requirements
9312e04b6c cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
64f23e5430 cifs: destage dirty pages before re-reading them for cache=none
50d3d89537 mtd: rawnand: atmel: Unmap streaming DMA mappings
e8eb44eeee ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
4491fbd0a7 ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
4285d06d12 ALSA: hda/realtek: Correct pin configs for ASUS G533Z
768cd2cd1a ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
3e29645fba ALSA: usb-audio: Fix NULL dererence at error path
bc1d16d282 ALSA: usb-audio: Fix potential memory leaks
ef1658bc48 ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
026fcb6336 ALSA: oss: Fix potential deadlock at unregistration
Also update the .xml file to handle the few ABI changes in this merge
that required an update due to private pointers changing types and ABI
padding structures being used to preserve the ABI:
Leaf changes summary: 4 artifacts changed (1 filtered out)
Changed leaf types summary: 4 (1 filtered out) leaf types changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'struct fscrypt_info at fscrypt_private.h:195:1' changed:
type size hasn't changed
there are data member changes:
type 'key*' of 'fscrypt_info::ci_master_key' changed:
pointer type changed from: 'key*' to: 'fscrypt_master_key*'
5197 impacted interfaces
'struct sk_buff at skbuff.h:717:1' changed:
type size hasn't changed
there are data member changes:
data member u64 android_kabi_reserved1 at offset 1472 (in bits) became anonymous data member 'union {struct {__u8 scm_io_uring; __u8 android_kabi_reserved1_padding1; __u16 android_kabi_reserved1_padding2; __u32 android_kabi_reserved1_padding3;}; struct {u64 android_kabi_reserved1;}; union {};}'
5197 impacted interfaces
'struct super_block at fs.h:1450:1' changed:
type size hasn't changed
there are data member changes:
type 'key*' of 'super_block::s_master_keys' changed:
pointer type changed from: 'key*' to: 'fscrypt_keyring*'
5197 impacted interfaces
'struct tcp_sock at tcp.h:146:1' changed:
type size hasn't changed
one impacted interface
Change-Id: I6f2a7b91e1df96bede8aafa944a04b3e08ed33a1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
When CONFIG_USERFAULTFD=n __VM_UFFD_FLAGS mask is undefined and produces
build error. Fix it by making the check conditional on CONFIG_USERFAULTFD.
Fixes: ("ANDROID: mm: prevent speculative page fault handling for userfaults")
Bug: 257443051
Change-Id: Ie9ff98b840032eb18183b49e3566cf178359948f
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Invalid condition was introduced when porting the original SPF patch
which would affect NUMA mode.
Fixes: 736ae8bde8 ("FROMLIST: mm: adding speculative page fault failure trace events")
Bug: 257443051
Change-Id: Ib20c625615b279dc467588933a1f598dc179861b
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
In a number of cases vm_write_{begin|end} is called while mmap_lock is
not owned exclusively. This is unnecessary and can affect correctness of
the sequence counting protecting speculative page fault handlers. Remove
extra calls.
Bug: 257443051
Change-Id: I1278638a0794448e22fbdab5601212b3b2eaebdc
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Checks of pmd during speculative page fault handling are racy because
pmd is unprotected and might be modified or cleared. This might cause
use-after-free reads from speculative path, therefore prevent such
checks. At the beginning of speculation pmd is checked to be valid and
if it's changed before page fault is handled, the change will be detected
and page fault will be retried under mmap_lock protection.
Bug: 257443051
Change-Id: I0cbd3b0b44e8296cf0d6cb298fae48c696580068
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
handle_userfault() should be protected against a concurrent
userfaultfd_release(), therefore handling a userfaults speculatively
without mmap_lock protection should be disallowed.
Bug: 257443051
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ic6ae39329c73e8849048ea15b5351a49346404d3
Speculative page fault checks pmd to be valid before starting to handle
the page fault and pte_alloc() should do nothing if pmd stays valid.
If pmd gets changed during speculative page fault, we will detect the
change later and retry with mmap_lock. Therefore pte_alloc() can be
safely skipped and this prevents the racy pmd_lock() call which can
access pmd->ptl after pmd was cleared.
Bug: 257443051
Change-Id: Iec57df5530dba6e0e0bdf9f7500f910851c3d3fd
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmNj1woACgkQONu9yGCS
aT5mQw/+IG2zLoH79zTzQDZF+DYZ+J5WRGVLfx+5mM2j1fGgXWmxADdlzMZTSSAc
XP1hDxHBYQSnQi/kRPuJOKJbV9TysdOV2SSvwzblq6UE4B7tw3q4YE9calfYPaiF
AhvMMAEaXGVHAVSgliRqcgnlq5Yj6nrxjr73O3kuyCWvfv6XToCd6LKFJyHdVniw
kJ7gbkgiOVH/caKyzJxW3uSZ11t4uZ10nu4q+rd3JOLDecPLcPLM28pDTL/znqS0
ECiPypmIrd10UL+V4aiHsBR9wHEJdZULb/SLLwy85EuUeEhmx4i1ylu5JosY77cQ
2CkxHIt8nCKxJ3BziMUbutY40VBs/MP74t1kB5Th/3JK8gsw2+JdUJ7b9RXzb60k
vbFjc3lJugmNsAXqOnibAu/PdoWYi4IC7A2D/gJcWzsEKgVWQptZizJpn5Se3F3+
OCWdqgOiTZiegK55W3w2xbNqSLkuvAfbx18UEWltHhzS1UT7cqGVxx7qcsFhWGfV
rG1yzzF1Skx2BcnBf+6yTczOUcOyLrMyyek3tRD00EWn8o1ik9lKARNKd+b7IUW4
57NUvaGsBp/BRrJobrdx5r7AkTg5AfEWQAM69+vbDUxjKRM02FQlfEycGxcTT2GD
nUUzJMgobd0GW4HU/2rpmMk67QCnJ9guJxRCpcp7ocGkX0x2WYs=
=n9Bi
-----END PGP SIGNATURE-----
Merge 5.10.153 into android12-5.10-lts
Changes in 5.10.153
can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
can: kvaser_usb: Fix possible completions during init_completion
ALSA: Use del_timer_sync() before freeing timer
ALSA: au88x0: use explicitly signed char
ALSA: rme9652: use explicitly signed char
USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
usb: dwc3: gadget: Stop processing more requests on IMI
usb: dwc3: gadget: Don't set IMI for no_interrupt
usb: bdc: change state when port disconnected
usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
mtd: rawnand: marvell: Use correct logic for nand-keep-config
xhci: Add quirk to reset host back to default state at shutdown
xhci: Remove device endpoints from bandwidth list when freeing the device
tools: iio: iio_utils: fix digit calculation
iio: light: tsl2583: Fix module unloading
iio: temperature: ltc2983: allocate iio channels once
fbdev: smscufx: Fix several use-after-free bugs
fs/binfmt_elf: Fix memory leak in load_elf_binary()
exec: Copy oldsighand->action under spin-lock
mac802154: Fix LQI recording
scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
drm/msm/dsi: fix memory corruption with too many bridges
drm/msm/hdmi: fix memory corruption with too many bridges
drm/msm/dp: fix IRQ lifetime
mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
mmc: core: Fix kernel panic when remove non-standard SDIO card
counter: microchip-tcb-capture: Handle Signal1 read and Synapse
kernfs: fix use-after-free in __kernfs_remove
perf auxtrace: Fix address filter symbol name match for modules
s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
Xen/gntdev: don't ignore kernel unmapping error
xen/gntdev: Prevent leaking grants
mm/memory: add non-anonymous page check in the copy_present_page()
mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
net: ieee802154: fix error return code in dgram_bind()
media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
arc: iounmap() arg is volatile
ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
tipc: fix a null-ptr-deref in tipc_topsrv_accept
net: netsec: fix error handling in netsec_register_mdio()
net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
net: hinic: fix memory leak when reading function table
net: hinic: fix the issue of CMDQ memory leaks
net: hinic: fix the issue of double release MBOX callback of VF
x86/unwind/orc: Fix unreliable stack dump with gcov
amd-xgbe: fix the SFP compliance codes check for DAC cables
amd-xgbe: add the bit rate quirk for Molex cables
atlantic: fix deadlock at aq_nic_stop
kcm: annotate data-races around kcm->rx_psock
kcm: annotate data-races around kcm->rx_wait
net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
tcp: minor optimization in tcp_add_backlog()
tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
tcp: fix indefinite deferral of RTO with SACK reneging
can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path
PM: hibernate: Allow hybrid sleep to work with s2idle
media: vivid: s_fbuf: add more sanity checks
media: vivid: dev->bitmap_cap wasn't freed in all cases
media: v4l2-dv-timings: add sanity checks for blanking values
media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
media: vivid: set num_in/outputs to 0 if not supported
ipv6: ensure sane device mtu in tunnels
i40e: Fix ethtool rx-flow-hash setting for X722
i40e: Fix VF hang when reset is triggered on another VF
i40e: Fix flow-type by setting GL_HASH_INSET registers
net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
PM: domains: Fix handling of unavailable/disabled idle states
net: fec: limit register access on i.MX6UL
ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
ALSA: aoa: Fix I2S device accounting
openvswitch: switch from WARN to pr_warn
net: ehea: fix possible memory leak in ehea_register_port()
nh: fix scope used to find saddr when adding non gw nh
net/mlx5e: Do not increment ESN when updating IPsec ESN state
net/mlx5: Fix possible use-after-free in async command interface
net/mlx5: Fix crash during sync firmware reset
net: enetc: survive memory pressure without crashing
arm64: Add AMPERE1 to the Spectre-BHB affected list
scsi: sd: Revert "scsi: sd: Remove a local variable"
arm64/mm: Fix __enable_mmu() for new TGRAN range values
arm64/kexec: Test page size support with new TGRAN range values
can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
serial: core: move RS485 configuration tasks from drivers into core
serial: Deassert Transmit Enable on probe in driver-specific way
Linux 5.10.153
Change-Id: I1cbca2c5cbaaab34ccd6e055f13c35d900d4ce25
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
We have an application with a lot of threads that use a shared mmap backed
by tmpfs mounted with -o huge=within_size. This application started
leaking loads of huge pages when we upgraded to a recent kernel.
Using the page ref tracepoints and a BPF program written by Tejun Heo we
were able to determine that these pages would have multiple refcounts from
the page fault path, but when it came to unmap time we wouldn't drop the
number of refs we had added from the faults.
I wrote a reproducer that mmap'ed a file backed by tmpfs with -o
huge=always, and then spawned 20 threads all looping faulting random
offsets in this map, while using madvise(MADV_DONTNEED) randomly for huge
page aligned ranges. This very quickly reproduced the problem.
The problem here is that we check for the case that we have multiple
threads faulting in a range that was previously unmapped. One thread maps
the PMD, the other thread loses the race and then returns 0. However at
this point we already have the page, and we are no longer putting this
page into the processes address space, and so we leak the page. We
actually did the correct thing prior to f9ce0be71d1f, however it looks
like Kirill copied what we do in the anonymous page case. In the
anonymous page case we don't yet have a page, so we don't have to drop a
reference on anything. Previously we did the correct thing for file based
faults by returning VM_FAULT_NOPAGE so we correctly drop the reference on
the page we faulted in.
Fix this by returning VM_FAULT_NOPAGE in the pmd_devmap_trans_unstable()
case, this makes us drop the ref on the page properly, and now my
reproducer no longer leaks the huge pages.
Bug: 254441685
[josef@toxicpanda.com: v2]
Link: https://lkml.kernel.org/r/e90c8f0dbae836632b669c2afc434006a00d4a67.1657721478.git.josef@toxicpanda.com
Link: https://lkml.kernel.org/r/2b798acfd95c9ab9395fe85e8d5a835e2e10a920.1657051137.git.josef@toxicpanda.com
Fixes: f9ce0be71d1f ("mm: Cleanup faultaround and finish_fault() codepaths")
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Rik van Riel <riel@surriel.com>
Signed-off-by: Chris Mason <clm@fb.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 3fe2895cfecd03ac74977f32102b966b6589f481)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I982509aab4bcbf22d66aff5e1d3dfce927426f51
The vma->anon_vma of the child process may be NULL because
the entire vma does not contain anonymous pages. In this
case, a BUG will occur when the copy_present_page() passes
a copy of a non-anonymous page of that vma to the
page_add_new_anon_rmap() to set up new anonymous rmap.
------------[ cut here ]------------
kernel BUG at mm/rmap.c:1044!
Internal error: Oops - BUG: 0 [#1] SMP
Modules linked in:
CPU: 2 PID: 3617 Comm: test Not tainted 5.10.149 #1
Hardware name: linux,dummy-virt (DT)
pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)
pc : __page_set_anon_rmap+0xbc/0xf8
lr : __page_set_anon_rmap+0xbc/0xf8
sp : ffff800014c1b870
x29: ffff800014c1b870 x28: 0000000000000001
x27: 0000000010100073 x26: ffff1d65c517baa8
x25: ffff1d65cab0f000 x24: ffff1d65c416d800
x23: ffff1d65cab5f248 x22: 0000000020000000
x21: 0000000000000001 x20: 0000000000000000
x19: fffffe75970023c0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: 0000000000000000
x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000
x9 : ffffc3096d5fb858 x8 : 0000000000000000
x7 : 0000000000000011 x6 : ffff5a5c9089c000
x5 : 0000000000020000 x4 : ffff5a5c9089c000
x3 : ffffc3096d200000 x2 : ffffc3096e8d0000
x1 : ffff1d65ca3da740 x0 : 0000000000000000
Call trace:
__page_set_anon_rmap+0xbc/0xf8
page_add_new_anon_rmap+0x1e0/0x390
copy_pte_range+0xd00/0x1248
copy_page_range+0x39c/0x620
dup_mmap+0x2e0/0x5a8
dup_mm+0x78/0x140
copy_process+0x918/0x1a20
kernel_clone+0xac/0x638
__do_sys_clone+0x78/0xb0
__arm64_sys_clone+0x30/0x40
el0_svc_common.constprop.0+0xb0/0x308
do_el0_svc+0x48/0xb8
el0_svc+0x24/0x38
el0_sync_handler+0x160/0x168
el0_sync+0x180/0x1c0
Code: 97f8ff85 f9400294 17ffffeb 97f8ff82 (d4210000)
---[ end trace a972347688dc9bd4 ]---
Kernel panic - not syncing: Oops - BUG: Fatal exception
SMP: stopping secondary CPUs
Kernel Offset: 0x43095d200000 from 0xffff800010000000
PHYS_OFFSET: 0xffffe29a80000000
CPU features: 0x08200022,61806082
Memory Limit: none
---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]---
This problem has been fixed by the commit <fb3d824d1a46>
("mm/rmap: split page_dup_rmap() into page_dup_file_rmap()
and page_try_dup_anon_rmap()"), but still exists in the
linux-5.10.y branch.
This patch is not applicable to this version because
of the large version differences. Therefore, fix it by
adding non-anonymous page check in the copy_present_page().
Cc: stable@vger.kernel.org
Fixes: 70e806e4e6 ("mm: Do early cow for pinned pages during fork() for ptes")
Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix Bug: scheduling while atomic
In these vendor hooks, we will perform schedule due to competion. This will
lead to kernel exception.
To solve this problem, we need to add these restrcted hooks to replace the
former regular vendor hooks.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I151125a7119a91d1339d4790a68a6a4796d673e3
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLZpvwACgkQONu9yGCS
aT43nBAAhxJzkIcRI/641//eBLQrmbeNsS4TerYlpPIJAXwfXlF6KX6Ixl0rYcp/
GUid3QlXyDG4TTUB519M1FpaknDGq5vUCzNik82AogzMFLf/KWP6urx4FSeZCt1D
xAdYQHHWKFiyNUlqjT22dPM3/QR1D0BtUKE6QLUdWWhyc1W+gvYx1m10GG6O1z55
eljZScRYvaacvVZ4LiN0ClU9J0n16SqfTg8/jEASr+3yqe4ZKdzFdngGlJrWUCZa
SrR5ijscqoIQ5yTSA5DUZ/N4aAeTgSSXcMfXeZh1CoD4Ak87e2kwBHZAUWQWJrEe
0nfILwU0okZmEOKtwCtYz0iwfFEfB/wKwrZjJ0jV03dL3Ncm7ddj2bQDk0+fLDYZ
AEjflhLZfusQEprM+jr0Qx9UlJo1TA4KssRn1A+cfocKvhfTrVneWO5LcR1Jf6Gq
9z7lgh8iRs4ncEfqh2cCRcSpIJLlPOmACmtA4eD2tk7heGRhfBpL9Hv2KBCHss5o
iMaqRsvVXFZn2KCxZFOR4l0cQvkKkxHWBjiVxrYTV5SrELJ4d2DBc7r93a5vM7W/
tKKGi0IG+0V7fgHvKrRDVZnYWV05NEbit0xd0lgY5YZsOuJIVy024YayuWDFxT5S
xulwcoSzAQiWnhqtrsD9eqWotA1E8i9wCuWHEAPMRmnzTBdENTA=
=cxaP
-----END PGP SIGNATURE-----
Merge 5.10.132 into android12-5.10-lts
Changes in 5.10.132
ALSA: hda - Add fixup for Dell Latitidue E5430
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
ALSA: hda/realtek: Fix headset mic for Acer SF313-51
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
fix race between exit_itimers() and /proc/pid/timers
mm: split huge PUD on wp_huge_pud fallback
tracing/histograms: Fix memory leak problem
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
ip: fix dflt addr selection for connected nexthop
ARM: 9213/1: Print message about disabled Spectre workarounds only once
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
wifi: mac80211: fix queue selection for mesh/OCB interfaces
cgroup: Use separate src/dst nodes when preloading css_sets for migration
btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents
drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error
drm/panfrost: Fix shrinker list corruption by madvise IOCTL
fs/remap: constrain dedupe of EOF blocks
nilfs2: fix incorrect masking of permission flags for symlinks
sh: convert nommu io{re,un}map() to static inline functions
Revert "evm: Fix memleak in init_desc"
ext4: fix race condition between ext4_write and ext4_convert_inline_data
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
spi: amd: Limit max transfer and message size
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
ARM: 9210/1: Mark the FDT_FIXED sections as shareable
net/mlx5e: kTLS, Fix build time constant test in TX
net/mlx5e: kTLS, Fix build time constant test in RX
net/mlx5e: Fix capability check for updating vnic env counters
drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
ima: Fix a potential integer overflow in ima_appraise_measurement
ASoC: sgtl5000: Fix noise on shutdown/remove
ASoC: tas2764: Add post reset delays
ASoC: tas2764: Fix and extend FSYNC polarity handling
ASoC: tas2764: Correct playback volume range
ASoC: tas2764: Fix amp gain register offset & default
ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
net: stmmac: dwc-qos: Disable split header for Tegra194
sysctl: Fix data races in proc_dointvec().
sysctl: Fix data races in proc_douintvec().
sysctl: Fix data races in proc_dointvec_minmax().
sysctl: Fix data races in proc_douintvec_minmax().
sysctl: Fix data races in proc_doulongvec_minmax().
sysctl: Fix data races in proc_dointvec_jiffies().
tcp: Fix a data-race around sysctl_tcp_max_orphans.
inetpeer: Fix data-races around sysctl.
net: Fix data-races around sysctl_mem.
cipso: Fix data-races around sysctl.
icmp: Fix data-races around sysctl.
ipv4: Fix a data-race around sysctl_fib_sync_mem.
ARM: dts: at91: sama5d2: Fix typo in i2s1 node
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
drm/i915/gt: Serialize TLB invalidates with GT resets
sysctl: Fix data-races in proc_dointvec_ms_jiffies().
icmp: Fix a data-race around sysctl_icmp_ratelimit.
icmp: Fix a data-race around sysctl_icmp_ratemask.
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
ipv4: Fix data-races around sysctl_ip_dynaddr.
nexthop: Fix data-races around nexthop_compat_mode.
net: ftgmac100: Hold reference returned by of_get_child_by_name()
ima: force signature verification when CONFIG_KEXEC_SIG is configured
ima: Fix potential memory leak in ima_init_crypto()
sfc: fix use after free when disabling sriov
seg6: fix skb checksum evaluation in SRH encapsulation/insertion
seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
sfc: fix kernel panic when creating VF
net: atlantic: remove deep parameter on suspend/resume functions
net: atlantic: remove aq_nic_deinit() when resume
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
net/tls: Check for errors in tls_device_init
mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
virtio_mmio: Add missing PM calls to freeze/restore
virtio_mmio: Restore guest page size on resume
netfilter: br_netfilter: do not skip all hooks with 0 priority
scsi: hisi_sas: Limit max hw sectors for v3 HW
cpufreq: pmac32-cpufreq: Fix refcount leak bug
platform/x86: hp-wmi: Ignore Sanitization Mode event
net: tipc: fix possible refcount leak in tipc_sk_create()
NFC: nxp-nci: don't print header length mismatch on i2c error
nvme-tcp: always fail a request when sending it failed
nvme: fix regression when disconnect a recovering ctrl
net: sfp: fix memory leak in sfp_probe()
ASoC: ops: Fix off by one in range control validation
pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
ASoC: wm5110: Fix DRE control
ASoC: dapm: Initialise kcontrol data for mux/demux controls
ASoC: cs47l15: Fix event generation for low power mux control
ASoC: madera: Fix event generation for OUT1 demux
ASoC: madera: Fix event generation for rate controls
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
x86: Clear .brk area at early boot
soc: ixp4xx/npe: Fix unused match warning
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
Revert "can: xilinx_can: Limit CANFD brp to 2"
nvme-pci: phison e16 has bogus namespace ids
signal handling: don't use BUG_ON() for debugging
USB: serial: ftdi_sio: add Belimo device ids
usb: typec: add missing uevent when partner support PD
usb: dwc3: gadget: Fix event pending check
tty: serial: samsung_tty: set dma burst_size to 1
vt: fix memory overlapping when deleting chars in the buffer
serial: 8250: fix return error code in serial8250_request_std_resource()
serial: stm32: Clear prev values before setting RTS delays
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
serial: 8250: Fix PM usage_count for console handover
x86/pat: Fix x86_has_pat_wp()
Linux 5.10.132
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I450f357105f90b1b9549dea5de62dc9a160d4ba9
commit 14c99d65941538aa33edd8dc7b1bbbb593c324a2 upstream.
Currently the implementation will split the PUD when a fallback is taken
inside the create_huge_pud function. This isn't where it should be done:
the splitting should be done in wp_huge_pud, just like it's done for PMDs.
Reason being that if a callback is taken during create, there is no PUD
yet so nothing to split, whereas if a fallback is taken when encountering
a write protection fault there is something to split.
It looks like this was the original intention with the commit where the
splitting was introduced, but somehow it got moved to the wrong place
between v1 and v2 of the patch series. Rebase mistake perhaps.
Link: https://lkml.kernel.org/r/6f48d622eb8bce1ae5dd75327b0b73894a2ec407.camel@amazon.com
Fixes: 327e9fd489 ("mm: Split huge pages on write-notify or COW")
Signed-off-by: James Gowans <jgowans@amazon.com>
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Christian König <christian.koenig@amd.com>
Cc: Jan H. Schönherr <jschoenh@amazon.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
android_vh_handle_pte_fault_end: after handle_pte_fault, update
the information that whether this page need to be reclaimed to
a swap location.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I0ceb02422fc858ed96fbb47e220bf96bdc8fa68c
android_vh_swapin_add_anon_rmap: after add pte mapping to an anonymous
page durning do_swap_page, update the status that whether this page
need to be reclaimed to a swap location, according to the information
of vm_fault.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: I8a2d603102c315323817e6c9366db9b0da878344
android_vh_cow_user_page: when copy a page to a new page, set the
status that whether the new page should be reclaimed to a specified
swap location, according to the information of vm_fault.
Bug: 234214858
Signed-off-by: Bing Han <bing.han@transsion.com>
Change-Id: Ie445c7b034ca176ec1e8fd1cd67c88581bf9ddf4
commit e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 upstream.
userfaultfd calls copy_huge_page_from_user() which does not do any cache
flushing for the target page. Then the target page will be mapped to
the user space with a different address (user address), which might have
an alias issue with the kernel address used to copy the data from the
user to.
Fix this issue by flushing dcache in copy_huge_page_from_user().
Link: https://lkml.kernel.org/r/20220210123058.79206-4-songmuchun@bytedance.com
Fixes: fa4d75c1de ("userfaultfd: hugetlbfs: add copy_huge_page_from_user for hugetlb userfaultfd support")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Fam Zheng <fam.zheng@bytedance.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Lars Persson <lars.persson@axis.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Xiongchun Duan <duanxiongchun@bytedance.com>
Cc: Zi Yan <ziy@nvidia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJXHgUACgkQONu9yGCS
aT7BohAAx7alIKg1d4gbIHhO6eimWLWLj95ncyeq6xtNT+qKqdYgp+w8xKAJ8QLG
sG9sbGcoWYkgOLcSy4rztgh9HBQuGvY6vLFqygRw5HXN1iAirYlr7DJCCKRc1pPZ
E5ASOzbkfmBw9HI/w41up5vosSkNAf1qqbL9lJxfx11ms5t7s/11gYg+xSH61NUI
gBE4GyJSq91p161F4ql+dJqYrU+gAIY9zKVSAqB97z9D3d01tZkr4LGNjbqtu7Kb
3d+vjiKfMda09X16US3nx9PaxikfQn5IB8JA9mpWgI+Q7H6R9Ri+rQxnv/ghpEPc
U9BvK9p7+zYu6dyNUZYbGCsHAQ3WFoatJPO+JTxXllJ99ORrN85WfvFMWZq49f3k
XxYMbECcLJfsYUJycKcPJJfGFLfxw2cDfJmzNJEvzX9KK6ObZxSeYeVHjrdC8XwA
WZlt1zNObE2IyH3pkqSyxKubnpu4Z0UdxDdIeowsdI9iD7oGlhtfzhTVa+JbxnuY
HHtHIKweeyYeUTRIKe1w/ZE24LQjF0fpy9M2ZGxzy6YQTqFsjGNzsfcPBWWFOXqp
XGTgaKoIqA+1ov2nVGk8j1BOTHKqYx4gwhb5Y58kX8hvHQGr6d3eoyMKui7wPT5f
9RjU/9+eZ1DT8LLnUZFNJHIrhwIUCR/wEY1Y9gPi58RE8Wj9TlY=
=3r9Y
-----END PGP SIGNATURE-----
Merge 5.10.111 into android12-5.10-lts
Changes in 5.10.111
ubifs: Rectify space amount budget for mkdir/tmpfile operations
gfs2: Check for active reservation in gfs2_release
gfs2: Fix gfs2_release for non-writers regression
gfs2: gfs2_setattr_size error path fix
rtc: wm8350: Handle error for wm8350_register_irq
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
drm: Add orientation quirk for GPD Win Max
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
drm/amd/display: Add signal type check when verify stream backends same
drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
usb: gadget: tegra-xudc: Do not program SPARAM
usb: gadget: tegra-xudc: Fix control endpoint's definitions
ptp: replace snprintf with sysfs_emit
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ath11k: fix kernel panic during unload/load ath11k modules
ath11k: mhi: use mhi_sync_power_up()
bpf: Make dst_port field in struct bpf_sock 16-bit wide
scsi: mvsas: Replace snprintf() with sysfs_emit()
scsi: bfa: Replace snprintf() with sysfs_emit()
power: supply: axp20x_battery: properly report current when discharging
mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
cfg80211: don't add non transmitted BSS to 6GHz scanned channels
libbpf: Fix build issue with llvm-readelf
ipv6: make mc_forwarding atomic
powerpc: Set crashkernel offset to mid of RMA region
drm/amdgpu: Fix recursive locking warning
PCI: aardvark: Fix support for MSI interrupts
iommu/arm-smmu-v3: fix event handling soft lockup
usb: ehci: add pci device support for Aspeed platforms
PCI: endpoint: Fix alignment fault error in copy tests
tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH.
PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
power: supply: axp288-charger: Set Vhold to 4.4V
iwlwifi: mvm: Correctly set fragmented EBS
ipv4: Invalidate neighbour for broadcast address upon address addition
dm ioctl: prevent potential spectre v1 gadget
dm: requeue IO if mapping table not yet available
drm/amdkfd: make CRAT table missing message informational only
scsi: pm8001: Fix pm80xx_pci_mem_copy() interface
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
scsi: pm8001: Fix task leak in pm8001_send_abort_all()
scsi: pm8001: Fix tag leaks on error
scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req()
mt76: mt7615: Fix assigning negative values to unsigned variable
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: hisi_sas: Free irq vectors in order for v3 HW
net/smc: correct settings of RMB window update limit
mips: ralink: fix a refcount leak in ill_acc_of_setup()
macvtap: advertise link netns via netlink
tuntap: add sanity checks about msg_controllen in sendmsg
Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg}
Bluetooth: use memset avoid memory leaks
bnxt_en: Eliminate unintended link toggle during FW reset
PCI: endpoint: Fix misused goto label
MIPS: fix fortify panic when copying asm exception handlers
powerpc/secvar: fix refcount leak in format_show()
scsi: libfc: Fix use after free in fc_exch_abts_resp()
can: isotp: set default value for N_As to 50 micro seconds
net: account alternate interface name memory
net: limit altnames to 64k total
net: sfp: add 2500base-X quirk for Lantech SFP module
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
xtensa: fix DTC warning unit_address_format
MIPS: ingenic: correct unit node address
Bluetooth: Fix use after free in hci_send_acl
netlabel: fix out-of-bounds memory accesses
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
init/main.c: return 1 from handled __setup() functions
minix: fix bug when opening a file with O_DIRECT
clk: si5341: fix reported clk_rate when output divider is 2
staging: vchiq_core: handle NULL result of find_service_by_handle
phy: amlogic: meson8b-usb2: Use dev_err_probe()
staging: wfx: fix an error handling in wfx_init_common()
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
NFSv4: Protect the state recovery thread against direct reclaim
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
clk: ti: Preserve node in ti_dt_clocks_register()
clk: Enforce that disjoints limits are invalid
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
SUNRPC/xprt: async tasks mustn't block waiting for memory
SUNRPC: remove scheduling boost for "SWAPPER" tasks.
NFS: swap IO handling is slightly different for O_DIRECT IO
NFS: swap-out must always use STABLE writes.
x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
virtio_console: eliminate anonymous module_init & module_exit
jfs: prevent NULL deref in diFree
SUNRPC: Fix socket waits for write buffer space
NFS: nfsiod should not block forever in mempool_alloc()
NFS: Avoid writeback threads getting stuck in mempool_alloc()
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
parisc: Fix patch code locking and flushing
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
Revert "hv: utils: add PTP_1588_CLOCK to Kconfig to fix build"
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
Drivers: hv: vmbus: Fix potential crash on module unload
Revert "NFSv4: Handle the special Linux file open access mode"
NFSv4: fix open failure with O_ACCMODE flag
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
net/tls: fix slab-out-of-bounds bug in decrypt_internal
ice: Clear default forwarding VSI during VSI release
net: ipv4: fix route with nexthop object delete warning
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
drm/imx: imx-ldb: Check for null pointer after calling kmemdup
drm/imx: Fix memory leak in imx_pd_connector_get_modes
bnxt_en: reserve space inside receive page for skb_shared_info
sfc: Do not free an empty page_ring
RDMA/mlx5: Don't remove cache MRs when a delay is needed
IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition
dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe
ice: Set txq_teid to ICE_INVAL_TEID on ring creation
ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
ipv6: Fix stats accounting in ip6_pkt_drop
ice: synchronize_rcu() when terminating rings
net: openvswitch: don't send internal clone attribute to the userspace.
net: openvswitch: fix leak of nested actions
rxrpc: fix a race in rxrpc_exit_net()
net: phy: mscc-miim: reject clause 45 register accesses
qede: confirm skb is allocated before using
spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
drbd: Fix five use after free bugs in get_initial_state
io_uring: don't touch scm_fp_list after queueing skb
SUNRPC: Handle ENOMEM in call_transmit_status()
SUNRPC: Handle low memory situations in call_status()
SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec()
iommu/omap: Fix regression in probe for NULL pointer dereference
perf: arm-spe: Fix perf report --mem-mode
perf tools: Fix perf's libperf_print callback
perf session: Remap buf if there is no space for event
arm64: Add part number for Arm Cortex-A78AE
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
mmc: mmci: stm32: correctly check all elements of sg list
mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete
lz4: fix LZ4_decompress_safe_partial read out of bound
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
mm/mempolicy: fix mpol_new leak in shared_policy_replace
io_uring: fix race between timeout flush and removal
x86/pm: Save the MSR validity status at context setup
x86/speculation: Restore speculation related MSRs during S3 resume
btrfs: fix qgroup reserve overflow the qgroup limit
btrfs: prevent subvol with swapfile from being deleted
arm64: patch_text: Fixup last cpu should be master
RDMA/hfi1: Fix use-after-free bug for mm struct
gpio: Restrict usage of GPIO chip irq members before initialization
ata: sata_dwc_460ex: Fix crash due to OOB write
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
irqchip/gic-v3: Fix GICR_CTLR.RWP polling
drm/amdgpu/smu10: fix SoC/fclk units in auto mode
drm/nouveau/pmu: Add missing callbacks for Tegra devices
drm/amdkfd: Create file descriptor after client is added to smi_clients list
perf build: Don't use -ffat-lto-objects in the python feature test when building with clang-13
perf python: Fix probing for some clang command line options
tools build: Filter out options and warnings not supported by clang
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
ubsan: remove CONFIG_UBSAN_OBJECT_SIZE
mm: don't skip swap entry even if zap_details specified
cgroup: Use open-time credentials for process migraton perm checks
selftests/cgroup: Fix build on older distros
selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
selftests: cgroup: Test open-time credential usage for migration checks
selftests: cgroup: Test open-time cgroup namespace usage for migration checks
arm64: module: remove (NOLOAD) from linker script
Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
irqchip/gic, gic-v3: Prevent GSI to SGI translations
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
Linux 5.10.111
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9b4c1d30ae226b865494df03d871db2a2b9281c7
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJQLWwACgkQONu9yGCS
aT4R2BAAr/cGnf2/BQ6+zNPW+LlfGn75803yd+oWNL8WzjNiQGrTsQavE1jL0LXP
45iPxvY6eOlP9oEoJGYyNYhzQfUM92Unysa/KemB/xUBsb2If0ZdWk1WB9Lnw0xq
m65kACXovbcg4LsZGpgCv7ln1ykogo+bNMES9P6CLxwKR/DMKUeJxbRNKE/AkD5l
DxF7IJEP+YRbKAtoLM2Xj4KdjVSfRIfs+Pf0A1t43GqAw6tt3beqmzeCwDzuzz5a
DHpXS6PeJjTZOjz4LkuBSbyK5cKGFv1C6o7JVjWSZhDyI5E4OLdNDpNKqcjsXAN+
wMqS1eh4gYUBXmPE44BGwkkugPyaR0/KHUebfkFZG2/H/8DfvrGqlbvsGSFNXxsV
jH2/AV/rOxAFeM/U0c1I4Ve42MU18kdf1MRBo0Dq5xSoN9HFQhNp+HE5jpppgsvi
FYpMqZoQzH31GIjOq7g0zLdj4NTBrkO9dh7kbpH0Xay1yBmigvD2PA4qpsL1+VMI
v73Iq/RJVGUJFAeiYFjn9IGs9EsiKNG08v9uoKS+1m1VLrpVdgwtzo+RjJ/E51Mt
Nk4WK94MyoivkRFKulDasv9yBWdcZCfljc91271UCKCERlyO/bmsTqhffeATGGRh
N/7oxa71BHvxp0VYqvKD6xFUs+jFt9DQmIX7Pl1/yLpaz+sN0no=
=31mv
-----END PGP SIGNATURE-----
Merge 5.10.110 into android12-5.10-lts
Changes in 5.10.110
swiotlb: fix info leak with DMA_FROM_DEVICE
USB: serial: pl2303: add IBM device IDs
USB: serial: simple: add Nokia phone driver
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
netdevice: add the case if dev is NULL
HID: logitech-dj: add new lightspeed receiver id
xfrm: fix tunnel model fragmentation behavior
ARM: mstar: Select HAVE_ARM_ARCH_TIMER
virtio_console: break out of buf poll on remove
vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
tools/virtio: fix virtio_test execution
ethernet: sun: Free the coherent when failing in probing
gpio: Revert regression in sysfs-gpio (gpiolib.c)
spi: Fix invalid sgs value
net:mcf8390: Use platform_get_irq() to get the interrupt
Revert "gpio: Revert regression in sysfs-gpio (gpiolib.c)"
spi: Fix erroneous sgs value with min_t()
Input: zinitix - do not report shadow fingers
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
net: dsa: microchip: add spi_device_id tables
locking/lockdep: Avoid potential access of invalid memory in lock_class
iommu/iova: Improve 32-bit free space estimate
tpm: fix reference counting for struct tpm_chip
virtio-blk: Use blk_validate_block_size() to validate block size
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
xhci: fix garbage USBSTS being logged in some cases
xhci: fix runtime PM imbalance in USB2 resume
xhci: make xhci_handshake timeout for xhci_reset() adjustable
xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()
mei: me: add Alder Lake N device id.
mei: avoid iterator usage outside of list_for_each_entry
coresight: Fix TRCCONFIGR.QE sysfs interface
iio: afe: rescale: use s64 for temporary scale calculations
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: make a best effort on offset calculation
greybus: svc: fix an error handling bug in gb_svc_hello()
clk: uniphier: Fix fixed-rate initialization
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
KEYS: fix length validation in keyctl_pkey_params_get_2()
Documentation: add link to stable release candidate tree
Documentation: update stable tree link
firmware: stratix10-svc: add missing callback parameter on RSU
HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
SUNRPC: avoid race between mod_timer() and del_timer_sync()
NFSD: prevent underflow in nfssvc_decode_writeargs()
NFSD: prevent integer overflow on 32 bit systems
f2fs: fix to unlock page correctly in error path of is_alive()
f2fs: quota: fix loop condition at f2fs_quota_sync()
f2fs: fix to do sanity check on .cp_pack_total_block_count
remoteproc: Fix count check in rproc_coredump_write()
pinctrl: samsung: drop pin banks references on error paths
spi: mxic: Fix the transmit path
mtd: rawnand: protect access to rawnand devices while in suspend
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix memory leak in jffs2_scan_medium
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
mm: invalidate hwpoison page cache page in fault path
mempolicy: mbind_range() set_policy() after vma_merge()
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
qed: display VF trust config
qed: validate and restrict untrusted VFs vlan promisc mode
riscv: Fix fill_callchain return value
riscv: Increase stack size under KASAN
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
cifs: prevent bad output lengths in smb2_ioctl_query_info()
cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
ALSA: cs4236: fix an incorrect NULL check on list iterator
ALSA: hda: Avoid unsol event during RPM suspending
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
mm: madvise: skip unmapped vma holes passed to process_madvise
mm: madvise: return correct bytes advised with process_madvise
Revert "mm: madvise: skip unmapped vma holes passed to process_madvise"
mm,hwpoison: unmap poisoned page before invalidation
mm/kmemleak: reset tag when compare object pointer
dm integrity: set journal entry unused when shrinking device
drbd: fix potential silent data corruption
can: isotp: sanitize CAN ID checks in isotp_bind()
powerpc/kvm: Fix kvm_use_magic_page
udp: call udp_encap_enable for v6 sockets when enabling encap
arm64: signal: nofpsimd: Do not allocate fp/simd context when not available
arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs
arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs
arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs
ACPI: properties: Consistently return -ENOENT if there are no more references
coredump: Also dump first pages of non-executable ELF libraries
ext4: fix ext4_fc_stats trace point
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
mailbox: tegra-hsp: Flush whole channel
block: limit request dispatch loop duration
block: don't merge across cgroup boundaries if blkcg is enabled
drm/edid: check basic audio support on CEA extension block
video: fbdev: sm712fb: Fix crash in smtcfb_read()
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
mgag200 fix memmapsl configuration in GCTL6 register
carl9170: fix missing bit-wise or operator for tx_params
pstore: Don't use semaphores in always-atomic-context code
thermal: int340x: Increase bitmap size
lib/raid6/test: fix multiple definition linking error
exec: Force single empty string when argv is empty
crypto: rsa-pkcs1pad - only allow with rsa
crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
crypto: rsa-pkcs1pad - restore signature length check
crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
bcache: fixup multiple threads crash
DEC: Limit PMAX memory probing to R3k systems
media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC
media: davinci: vpif: fix unbalanced runtime PM get
media: davinci: vpif: fix unbalanced runtime PM enable
xtensa: fix stop_machine_cpuslocked call in patch_text
xtensa: fix xtensa_wsr always writing 0
brcmfmac: firmware: Allocate space for default boardrev in nvram
brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: pcie: Fix crashes due to early IRQs
drm/i915/opregion: check port number bounds for SWSCI display power state
drm/i915/gem: add missing boundary check in vm_access
PCI: pciehp: Clear cmd_busy bit in polling mode
PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
regulator: qcom_smd: fix for_each_child.cocci warnings
selinux: check return value of sel_make_avc_files
hwrng: cavium - Check health status while reading random data
hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
crypto: sun8i-ss - really disable hash on A80
crypto: authenc - Fix sleep in atomic context in decrypt_tail
crypto: mxs-dcp - Fix scatterlist processing
thermal: int340x: Check for NULL after calling kmemdup()
spi: tegra114: Add missing IRQ check in tegra_spi_probe
arm64/mm: avoid fixmap race condition when create pud mapping
selftests/x86: Add validity check and allow field splitting
crypto: rockchip - ECB does not need IV
audit: log AUDIT_TIME_* records only from rules
EVM: fix the evm= __setup handler return value
crypto: ccree - don't attempt 0 len DMA mappings
spi: pxa2xx-pci: Balance reference count for PCI DMA device
hwmon: (pmbus) Add mutex to regulator ops
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
nvme: cleanup __nvme_check_ids
block: don't delete queue kobject before its children
PM: hibernate: fix __setup handler error handling
PM: suspend: fix return value of __setup handler
spi: spi-zynqmp-gqspi: Handle error for dma_set_mask
hwrng: atmel - disable trng on failure path
crypto: sun8i-ss - call finalize with bh disabled
crypto: sun8i-ce - call finalize with bh disabled
crypto: amlogic - call finalize with bh disabled
crypto: vmx - add missing dependencies
clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix
clocksource/drivers/exynos_mct: Refactor resources allocation
clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts
clocksource/drivers/timer-microchip-pit64b: Use notrace
clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init()
ACPI: APEI: fix return value of __setup handlers
crypto: ccp - ccp_dmaengine_unregister release dma channels
crypto: ccree - Fix use after free in cc_cipher_exit()
vfio: platform: simplify device removal
amba: Make the remove callback return void
hwrng: nomadik - Change clk_disable to clk_disable_unprepare
hwmon: (pmbus) Add Vin unit off handling
clocksource: acpi_pm: fix return value of __setup handler
io_uring: terminate manual loop iterator loop correctly for non-vecs
watch_queue: Fix NULL dereference in error cleanup
watch_queue: Actually free the watch
f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
sched/core: Export pelt_thermal_tp
rseq: Optimise rseq_get_rseq_cs() and clear_rseq_cs()
rseq: Remove broken uapi field layout on 32-bit little endian
perf/core: Fix address filter parser for multiple filters
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
f2fs: fix missing free nid in f2fs_handle_failed_inode
nfsd: more robust allocation failure handling in nfsd_file_cache_init
f2fs: fix to avoid potential deadlock
btrfs: fix unexpected error path when reflinking an inline extent
f2fs: compress: remove unneeded read when rewrite whole cluster
f2fs: fix compressed file start atomic write may cause data corruption
selftests, x86: fix how check_cc.sh is being invoked
kunit: make kunit_test_timeout compatible with comment
media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size
media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
media: mtk-vcodec: potential dereference of null pointer
media: bttv: fix WARNING regression on tunerless devices
ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
ASoC: generic: simple-card-utils: remove useless assignment
media: coda: Fix missing put_device() call in coda_get_vdoa_data
media: meson: vdec: potential dereference of null pointer
media: hantro: Fix overfill bottom register field name
media: aspeed: Correct value for h-total-pixels
video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen
video: fbdev: controlfb: Fix set but not used warnings
video: fbdev: controlfb: Fix COMPILE_TEST build
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
firmware: qcom: scm: Remove reassignment to desc following initializer
ARM: dts: qcom: ipq4019: fix sleep clock
soc: qcom: rpmpd: Check for null return of devm_kcalloc
soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem
soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
arm64: dts: qcom: sdm845: fix microphone bias properties and values
arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc
firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: sun8i: v3s: Move the csi1 block to follow address order
ARM: dts: imx: Add missing LVDS decoder on M53Menlo
media: video/hdmi: handle short reads of hdmi info frame.
media: em28xx: initialize refcount before kref_get
media: usb: go7007: s2250-board: fix leak in probe()
media: cedrus: H265: Fix neighbour info buffer size
media: cedrus: h264: Fix neighbour info buffer size
ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
uaccess: fix nios2 and microblaze get_user_8()
ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp()
ASoC: ti: davinci-i2s: Add check for clk_enable()
ALSA: spi: Add check for clk_enable()
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
arm64: dts: broadcom: Fix sata nodename
printk: fix return value of printk.devkmsg __setup handler
ASoC: mxs-saif: Handle errors for clk_enable
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: dwc-i2s: Handle errors for clk_enable
ASoC: soc-compress: prevent the potentially use of null pointer
memory: emif: Add check for setup_interrupts
memory: emif: check the pointer temp in get_device_details()
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly
m68k: coldfire/device.c: only build for MCF_EDMA when h/w macros are defined
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
media: vidtv: Check for null return of vzalloc
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: fsi: Add check for clk_enable
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
media: saa7134: convert list_for_each to entry variant
media: saa7134: fix incorrect use to determine if list is empty
ivtv: fix incorrect device_caps for ivtvfb
ASoC: rockchip: i2s: Use devm_platform_get_and_ioremap_resource()
ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe
ASoC: SOF: Add missing of_node_put() in imx8m_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: fsl_spdif: Disable TX clock when stop
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
mmc: davinci_mmc: Handle error for clk_enable
ASoC: atmel: sam9x5_wm8731: use devm_snd_soc_register_card()
ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe
ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data
ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS
drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe
drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
drm: bridge: adv7511: Fix ADV7535 HPD enablement
ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
drm/panfrost: Check for error num after setting mask
libbpf: Fix possible NULL pointer dereference when destroying skeleton
udmabuf: validate ubuf->pagecount
Bluetooth: hci_serdev: call init_rwsem() before p->open()
mtd: onenand: Check for error irq
mtd: rawnand: gpmi: fix controller timings setting
drm/edid: Don't clear formats if using deep color
ionic: fix type complaint in ionic_dev_cmd_clean()
drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes()
drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function
ath9k_htc: fix uninit value bugs
RDMA/core: Set MR type in ib_reg_user_mr
KVM: PPC: Fix vmx/vsx mixup in mmio emulation
i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb
i40e: respect metadata on XSK Rx to skb
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
ray_cs: Check ioremap return value
powerpc: dts: t1040rdb: fix ports names for Seville Ethernet switch
KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
powerpc/perf: Don't use perf_hw_context for trace IMC PMU
mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode
mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update
mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update
net: dsa: mv88e6xxx: Enable port policy support on 6097
scripts/dtc: Call pkg-config POSIXly correct
livepatch: Fix build failure on 32 bits processors
PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge
drm/bridge: dw-hdmi: use safe format when first in bridge chain
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
iommu/ipmmu-vmsa: Check for error num after setting mask
drm/amd/pm: enable pm sysfs write for one VF mode
drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
IB/cma: Allow XRC INI QPs to set their local ACK timeout
dax: make sure inodes are flushed before destroy cache
iwlwifi: Fix -EIO error code that is never returned
iwlwifi: mvm: Fix an error code in iwl_mvm_up()
drm/msm/dp: populate connector of struct dp_panel
drm/msm/dpu: add DSPP blocks teardown
drm/msm/dpu: fix dp audio condition
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config()
scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
scsi: pm8001: Fix NCQ NON DATA command task initialization
scsi: pm8001: Fix NCQ NON DATA command completion handling
scsi: pm8001: Fix abort all task initialization
RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR
drm/amd/display: Remove vupdate_int_entry definition
TOMOYO: fix __setup handlers return values
ext2: correct max file size computing
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
scsi: hisi_sas: Change permission of parameter prot_mask
drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt
bpf, arm64: Call build_prologue() first in first JIT pass
bpf, arm64: Feed byte-offset into bpf line info
gpu: host1x: Fix a memory leak in 'host1x_remove()'
libbpf: Skip forward declaration when counting duplicated type names
powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit
KVM: x86: Fix emulation in writing cr8
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
hv_balloon: rate-limit "Unhandled message" warning
i2c: xiic: Make bus names unique
power: supply: wm8350-power: Handle error for wm8350_register_irq
power: supply: wm8350-power: Add missing free in free_charger_irq
IB/hfi1: Allow larger MTU without AIP
PCI: Reduce warnings on possible RW1C corruption
net: axienet: fix RX ring refill allocation failure handling
mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n
powerpc/sysdev: fix incorrect use to determine if list is empty
mfd: mc13xxx: Add check for mc13xxx_irq_request
libbpf: Unmap rings when umem deleted
selftests/bpf: Make test_lwt_ip_encap more stable and faster
platform/x86: huawei-wmi: check the return value of device_create_file()
powerpc: 8xx: fix a return value error in mpc8xx_pic_init
vxcan: enable local echo for sent CAN frames
ath10k: Fix error handling in ath10k_setup_msa_resources
mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
MIPS: RB532: fix return value of __setup handler
MIPS: pgalloc: fix memory leak caused by pgd_free()
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix more uncharged while msg has more_data
bpf, sockmap: Fix double uncharge the mem of sk_msg
samples/bpf, xdpsock: Fix race when running for fix duration of time
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
can: isotp: return -EADDRNOTAVAIL when reading from unbound socket
can: isotp: support MSG_TRUNC flag when reading from socket
bareudp: use ipv6_mod_enabled to check if IPv6 enabled
selftests/bpf: Fix error reporting from sock_fields programs
Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed
Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
ipv4: Fix route lookups when handling ICMP redirects and PMTU updates
af_netlink: Fix shift out of bounds in group mask calculation
i2c: meson: Fix wrong speed use from probe
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
selftests/bpf/test_lirc_mode2.sh: Exit with proper code
PCI: Avoid broken MSI on SB600 USB devices
net: bcmgenet: Use stronger register read/writes to assure ordering
tcp: ensure PMTU updates are processed during fastopen
openvswitch: always update flow key after nat
tipc: fix the timer expires after interval 100ms
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
mxser: fix xmit_buf leak in activate when LSR == 0xff
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
fsi: aspeed: convert to devm_platform_ioremap_resource
fsi: Aspeed: Fix a potential double free
misc: alcor_pci: Fix an error handling path
cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse
soundwire: intel: fix wrong register name in intel_shim_wake
clk: qcom: ipq8074: fix PCI-E clock oops
iio: mma8452: Fix probe failing when an i2c_device_id is used
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
pinctrl: renesas: checker: Fix miscalculation of number of states
clk: qcom: ipq8074: Use floor ops for SDCC1 clock
phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure})
serial: 8250_mid: Balance reference count for PCI DMA device
serial: 8250_lpss: Balance reference count for PCI DMA device
NFS: Use of mapping_set_error() results in spurious errors
serial: 8250: Fix race condition in RTS-after-send handling
iio: adc: Add check for devm_request_threaded_irq
habanalabs: Add check for pci_enable_device
NFS: Return valid errors from nfs2/3_decode_dirent()
dma-debug: fix return value of __setup handlers
clk: imx7d: Remove audio_mclk_root_clk
clk: at91: sama7g5: fix parents of PDMCs' GCLK
clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
clk: qcom: clk-rcg2: Update the frac table for pixel clock
dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma
remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region
nvdimm/region: Fix default alignment for small regions
clk: actions: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
clk: clps711x: Terminate clk_div_table with sentinel element
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
NFS: remove unneeded check in decode_devicenotify_args()
staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
staging: mt7621-dts: fix formatting
staging: mt7621-dts: fix pinctrl properties for ethernet
staging: mt7621-dts: fix GB-PC2 devicetree
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get()
pinctrl: mediatek: paris: Fix pingroup pin config state readback
pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
tty: hvc: fix return value of __setup handler
kgdboc: fix return value of __setup handler
serial: 8250: fix XOFF/XON sending when DMA is used
kgdbts: fix return value of __setup handler
firmware: google: Properly state IOMEM dependency
driver core: dd: fix return value of __setup handler
jfs: fix divide error in dbNextAG
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
kdb: Fix the putarea helper function
clk: qcom: gcc-msm8994: Fix gpll4 width
clk: Initialize orphan req_rate
xen: fix is_xen_pmu()
net: enetc: report software timestamping via SO_TIMESTAMPING
net: hns3: fix bug when PF set the duplicate MAC address for VFs
net: phy: broadcom: Fix brcm_fet_config_init()
selftests: test_vxlan_under_vrf: Fix broken test case
qlcnic: dcb: default to returning -EOPNOTSUPP
net/x25: Fix null-ptr-deref caused by x25_disconnect
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
fs: fd tables have to be multiples of BITS_PER_LONG
lib/test: use after free in register_test_dev_kmod()
fs: fix fd table size alignment properly
LSM: general protection fault in legacy_parse_param
regulator: rpi-panel: Handle I2C errors/timing to the Atmel
gcc-plugins/stackleak: Exactly match strings instead of prefixes
pinctrl: npcm: Fix broken references to chip->parent_device
block, bfq: don't move oom_bfqq
selinux: use correct type for context length
selinux: allow FIOCLEX and FIONCLEX with policy capability
loop: use sysfs_emit() in the sysfs xxx show()
Fix incorrect type in assignment of ipv6 port for audit
irqchip/qcom-pdc: Fix broken locking
irqchip/nvic: Release nvic_base upon failure
fs/binfmt_elf: Fix AT_PHDR for unusual ELF files
bfq: fix use-after-free in bfq_dispatch_request
ACPICA: Avoid walking the ACPI Namespace if it is not there
lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3
Revert "Revert "block, bfq: honor already-setup queue merges""
ACPI/APEI: Limit printable size of BERT table data
PM: core: keep irq flags in device_pm_check_callbacks()
parisc: Fix handling off probe non-access faults
nvme-tcp: lockdep: annotate in-kernel sockets
spi: tegra20: Use of_device_get_match_data()
locking/lockdep: Iterate lock_classes directly when reading lockdep files
ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb
ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
ext4: don't BUG if someone dirty pages without asking ext4 first
f2fs: fix to do sanity check on curseg->alloc_type
NFSD: Fix nfsd_breaker_owns_lease() return values
f2fs: compress: fix to print raw data size in error path of lz4 decompression
ntfs: add sanity check on allocation size
media: staging: media: zoran: move videodev alloc
media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
media: staging: media: zoran: fix various V4L2 compliance errors
media: ir_toy: free before error exiting
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
video: fbdev: w100fb: Reset global state
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ASoC: madera: Add dependencies on MFD
media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards
media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
ARM: ftrace: avoid redundant loads or clobbering IP
ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk
arm64: defconfig: build imx-sdma as a module
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit
ARM: dts: bcm2711: Add the missing L1/L2 cache information
ASoC: soc-core: skip zero num_dai component in searching dai name
media: cx88-mpeg: clear interrupt status register before streaming video
uaccess: fix type mismatch warnings from access_ok()
lib/test_lockup: fix kernel pointer check for separate address spaces
ARM: tegra: tamonten: Fix I2C3 pad setting
ARM: mmp: Fix failure to remove sram device
video: fbdev: sm712fb: Fix crash in smtcfb_write()
media: Revert "media: em28xx: add missing em28xx_close_extension"
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: atomisp: fix bad usage at error handling logic
ALSA: hda/realtek: Add alc256-samsung-headphone fixup
KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU
powerpc/kasan: Fix early region not updated correctly
powerpc/lib/sstep: Fix 'sthcx' instruction
powerpc/lib/sstep: Fix build errors with newer binutils
powerpc: Fix build errors with newer binutils
scsi: qla2xxx: Fix stuck session in gpdb
scsi: qla2xxx: Fix scheduling while atomic
scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Fix device reconnect in loop topology
scsi: qla2xxx: Add devids and conditionals for 28xx
scsi: qla2xxx: Check for firmware dump already collected
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
scsi: qla2xxx: Fix disk failure to rediscover
scsi: qla2xxx: Fix incorrect reporting of task management failure
scsi: qla2xxx: Fix hang due to session stuck
scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
scsi: qla2xxx: Fix N2N inconsistent PLOGI
scsi: qla2xxx: Reduce false trigger to login
scsi: qla2xxx: Use correct feature type field during RFF_ID processing
platform: chrome: Split trace include file
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
KVM: Prevent module exit until all VMs are freed
KVM: x86: fix sending PV IPI
KVM: SVM: fix panic on out-of-bounds guest IRQ
ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: Fix to add refcount once page is set private
ubifs: rename_whiteout: correct old_dir size computing
wireguard: queueing: use CFI-safe ptr_ring cleanup function
wireguard: socket: free skb in send6 when ipv6 is disabled
wireguard: socket: ignore v6 endpoints when ipv6 is disabled
XArray: Fix xas_create_range() when multi-order entry present
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
can: mcba_usb: properly check endpoint type
can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value
XArray: Update the LRU list in xas_split()
rtc: check if __rtc_read_time was successful
gfs2: Make sure FITRIM minlen is rounded up to fs block size
net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware
rxrpc: Fix call timer start racing with call destruction
mailbox: imx: fix wakeup failure from freeze mode
crypto: arm/aes-neonbs-cbc - Select generic cbc and aes
watch_queue: Free the page array when watch_queue is dismantled
pinctrl: pinconf-generic: Print arguments for bias-pull-*
watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function
pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ARM: iop32x: offset IRQ numbers by 1
io_uring: fix memory leak of uid in files registration
riscv module: remove (NOLOAD)
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
platform/chrome: cros_ec_typec: Check for EC device
can: isotp: restore accidentally removed MSG_PEEK feature
proc: bootconfig: Add null pointer check
staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet
ASoC: soc-compress: Change the check for codec_dai
batman-adv: Check ptr for NULL before reducing its refcnt
mm/mmap: return 1 from stack_guard_gap __setup() handler
ARM: 9187/1: JIVE: fix return value of __setup handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/usercopy: return 1 from hardened_usercopy __setup() handler
bpf: Adjust BPF stack helper functions to accommodate skip > 0
bpf: Fix comment for helper bpf_current_task_under_cgroup()
dt-bindings: mtd: nand-controller: Fix the reg property description
dt-bindings: mtd: nand-controller: Fix a comment in the examples
dt-bindings: spi: mxic: The interrupt property is not mandatory
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ASoC: topology: Allow TLV control to be either read or write
ARM: dts: spear1340: Update serial node properties
ARM: dts: spear13xx: Update SPI dma properties
um: Fix uml_mconsole stop/go
docs: sysctl/kernel: add missing bit to panic_print
openvswitch: Fixed nd target mask field in the flow dump.
KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
can: m_can: m_can_tx_handler(): fix use after free of skb
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
coredump: Snapshot the vmas in do_coredump
coredump: Remove the WARN_ON in dump_vma_snapshot
coredump/elf: Pass coredump_params into fill_note_info
coredump: Use the vma snapshot in fill_files_note
arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones
PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
Linux 5.10.110
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I12fbe227793dd40c0582588e1700cf88cafd0ac6
commit 5abfd71d936a8aefd9f9ccd299dea7a164a5d455 upstream.
Patch series "mm: Rework zap ptes on swap entries", v5.
Patch 1 should fix a long standing bug for zap_pte_range() on
zap_details usage. The risk is we could have some swap entries skipped
while we should have zapped them.
Migration entries are not the major concern because file backed memory
always zap in the pattern that "first time without page lock, then
re-zap with page lock" hence the 2nd zap will always make sure all
migration entries are already recovered.
However there can be issues with real swap entries got skipped
errornoously. There's a reproducer provided in commit message of patch
1 for that.
Patch 2-4 are cleanups that are based on patch 1. After the whole
patchset applied, we should have a very clean view of zap_pte_range().
Only patch 1 needs to be backported to stable if necessary.
This patch (of 4):
The "details" pointer shouldn't be the token to decide whether we should
skip swap entries.
For example, when the callers specified details->zap_mapping==NULL, it
means the user wants to zap all the pages (including COWed pages), then
we need to look into swap entries because there can be private COWed
pages that was swapped out.
Skipping some swap entries when details is non-NULL may lead to wrongly
leaving some of the swap entries while we should have zapped them.
A reproducer of the problem:
===8<===
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
int page_size;
int shmem_fd;
char *buffer;
void main(void)
{
int ret;
char val;
page_size = getpagesize();
shmem_fd = memfd_create("test", 0);
assert(shmem_fd >= 0);
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
buffer = mmap(NULL, page_size * 2, PROT_READ | PROT_WRITE,
MAP_PRIVATE, shmem_fd, 0);
assert(buffer != MAP_FAILED);
/* Write private page, swap it out */
buffer[page_size] = 1;
madvise(buffer, page_size * 2, MADV_PAGEOUT);
/* This should drop private buffer[page_size] already */
ret = ftruncate(shmem_fd, page_size);
assert(ret == 0);
/* Recover the size */
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
/* Re-read the data, it should be all zero */
val = buffer[page_size];
if (val == 0)
printf("Good\n");
else
printf("BUG\n");
}
===8<===
We don't need to touch up the pmd path, because pmd never had a issue with
swap entries. For example, shmem pmd migration will always be split into
pte level, and same to swapping on anonymous.
Add another helper should_zap_cows() so that we can also check whether we
should zap private mappings when there's no page pointer specified.
This patch drops that trick, so we handle swap ptes coherently. Meanwhile
we should do the same check upon migration entry, hwpoison entry and
genuine swap entries too.
To be explicit, we should still remember to keep the private entries if
even_cows==false, and always zap them when even_cows==true.
The issue seems to exist starting from the initial commit of git.
[peterx@redhat.com: comment tweaks]
Link: https://lkml.kernel.org/r/20220217060746.71256-2-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220217060746.71256-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-2-peterx@redhat.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: "Kirill A . Shutemov" <kirill@shutemov.name>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Yang Shi <shy828301@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3149c79f3cb0e2e3bafb7cfadacec090cbd250d3 upstream.
In some cases it appears the invalidation of a hwpoisoned page fails
because the page is still mapped in another process. This can cause a
program to be continuously restarted and die when it page faults on the
page that was not invalidated. Avoid that problem by unmapping the
hwpoisoned page when we find it.
Another issue is that sometimes we end up oopsing in finish_fault, if
the code tries to do something with the now-NULL vmf->page. I did not
hit this error when submitting the previous patch because there are
several opportunities for alloc_set_pte to bail out before accessing
vmf->page, and that apparently happened on those systems, and most of
the time on other systems, too.
However, across several million systems that error does occur a handful
of times a day. It can be avoided by returning VM_FAULT_NOPAGE which
will cause do_read_fault to return before calling finish_fault.
Link: https://lkml.kernel.org/r/20220325161428.5068d97e@imladris.surriel.com
Fixes: e53ac7374e64 ("mm: invalidate hwpoison page cache page in fault path")
Signed-off-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Tested-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e53ac7374e64dede04d745ff0e70ff5048378d1f upstream.
Sometimes the page offlining code can leave behind a hwpoisoned clean
page cache page. This can lead to programs being killed over and over
and over again as they fault in the hwpoisoned page, get killed, and
then get re-spawned by whatever wanted to run them.
This is particularly embarrassing when the page was offlined due to
having too many corrected memory errors. Now we are killing tasks due
to them trying to access memory that probably isn't even corrupted.
This problem can be avoided by invalidating the page from the page fault
handler, which already has a branch for dealing with these kinds of
pages. With this patch we simply pretend the page fault was successful
if the page was invalidated, return to userspace, incur another page
fault, read in the file from disk (to a new memory page), and then
everything works again.
Link: https://lkml.kernel.org/r/20220212213740.423efcea@imladris.surriel.com
Signed-off-by: Rik van Riel <riel@surriel.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In speculative fault path, while doing page table lookup, offset
is obtained at each level and value at that offset is read and
checks are perfomed on it, later to get next level offset we read
from previous level offset again. A concurrent page table reclaimation
operation could result in change in value at this offset, and we go
ahead and access it, this would result in reading an invalid entry.
Fix this by reading from previous level offset again and comparing
before performing next level access.
Bug: 221005439
Change-Id: I66b3d24ae79c7ee5ccce4ba7a94f028f4cf3fda0
Signed-off-by: Vijayanand Jitta <quic_vjitta@quicinc.com>
When pagefaults are handled speculatively,the pair of
mmu_notifier_invalidate_range_start/mmu_notifier_invalidate_range_end
calls happen without mmap_lock being taken. This enables the following
race:
mmu_notifier_invalidate_range_start
mmap_write_lock
mmu_notifier_register
mmap_write_unlock
mmu_notifier_invalidate_range_end
In this case mmu_notifier_invalidate_range_end will see a new
subscriber not seen at the time of mmu_notifier_invalidate_range_start
and will call ops->invalidate_range_end for that subscriber without
the matching ops->invalidate_range_start, creating imbalance.
Fix this by introducing a new mm->mmu_notifier_lock percpu_rw_semaphore
to synchronize mmu_notifier_invalidate_range_start/
mmu_notifier_invalidate_range_end with mmu_notifier_register when
handling pagefaults speculatively without holding mmap_lock.
percpu_rw_semaphore is used instead of rw_semaphore to prevent cache
line bouncing in the pagefault path.
Fixes: 86ee4a531e ("FROMLIST: x86/mm: add speculative pagefault handling")
Bug: 161210518
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9c363b2348efcad19818f93b010abf956870ab55
SPF patchset introduced an mmu_notifier imbalance by adding a new exit
path that skips mmu_notifier_invalidate_range_only_end after calling
mmu_notifier_invalidate_range_start. This triggers a BUG in KVM driver
checking for mmu_notifier_count to remain balanced
Fixes: afeec97a8d ("FROMLIST: mm: prepare for FAULT_FLAG_SPECULATIVE")
Bug: 161210518
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ibe9d1f0903a23b48c9d733b81249b190e5321c2f
Sync up with android12-5.10 for the following commits:
b781144f8a ANDROID: GKI: update xiaomi symbol list
7ed18b3da9 ANDROID: GKI: Update symbols to symbol list
70fb50176e UPSTREAM: kasan, slub: reset tag when printing address
bd5c75ce7b UPSTREAM: kasan, kmemleak: reset tags when scanning block
b683931b2a ANDROID: gki_defconfig: set DEFAULT_MMAP_MIN_ADDR=32768
c0cce1da8b UPSTREAM: kasan, slub: reset tag when printing address
3b6f980a85 UPSTREAM: KVM: arm64: Fix off-by-one in range_is_memory
3649d38887 UPSTREAM: mm: fix the deadlock in finish_fault()
09ec66de84 UPSTREAM: arm64: mte: fix restoration of GCR_EL1 from suspend
1e8a0d84dc UPSTREAM: firmware: arm_scmi: Avoid padding in sensor message structure
ea6f697c3d UPSTREAM: media: s5p-mfc: Fix display delay control creation
2f13bd8f39 UPSTREAM: software node: Handle software node injection to an existing device properly
2f34733fae UPSTREAM: usb: dwc3: Fix debugfs creation flow
d42ca898a6 UPSTREAM: usb: dwc3: core: fix kernel panic when do reboot
71710d40d9 UPSTREAM: kfence: use TASK_IDLE when awaiting allocation
1ea718cd9e UPSTREAM: regulator: scmi: Fix off-by-one for linear regulators .n_voltages setting
be7c2833df UPSTREAM: clk: Skip clk provider registration when np is NULL
f20cbf56db FROMGIT: usb: typec: tcpm: Raise vdm_sm_running flag only when VDM SM is running
b58b8007b1 FROMGIT: usb: typec: tcpm: Fix VDMs sometimes not being forwarded to alt-mode drivers
Note, takes the .xml file from the `android12-5.10` branch, will need to
be updated again in a follow-on commit to pick up the missing symbol.
Change-Id: Ic579951cb27d50feb2987cc91a3f58170562eed1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Commit 63f3655f95 ("mm, memcg: fix reclaim deadlock with writeback")
fix the following ABBA deadlock by pre-allocating the pte page table
without holding the page lock.
lock_page(A)
SetPageWriteback(A)
unlock_page(A)
lock_page(B)
lock_page(B)
pte_alloc_one
shrink_page_list
wait_on_page_writeback(A)
SetPageWriteback(B)
unlock_page(B)
# flush A, B to clear the writeback
Commit f9ce0be71d1f ("mm: Cleanup faultaround and finish_fault()
codepaths") reworked the relevant code but ignored this race. This will
cause the deadlock above to appear again, so fix it.
Link: https://lkml.kernel.org/r/20210721074849.57004-1-zhengqi.arch@bytedance.com
Fixes: f9ce0be71d1f ("mm: Cleanup faultaround and finish_fault() codepaths")
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit e4dc3489143f84f7ed30be58b886bb6772f229b9)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I80977e6cf60c938e98f17130233e776a2d097870
commit 8f34f1eac3820fc2722e5159acceb22545b30b0d upstream.
We tried to do something similar in b569a17607 ("userfaultfd: wp: drop
_PAGE_UFFD_WP properly when fork") previously, but it's not doing it all
right.. A few fixes around the code path:
1. We were referencing VM_UFFD_WP vm_flags on the _old_ vma rather
than the new vma. That's overlooked in b569a17607, so it won't work
as expected. Thanks to the recent rework on fork code
(7a4830c380), we can easily get the new vma now, so switch the
checks to that.
2. Dropping the uffd-wp bit in copy_huge_pmd() could be wrong if the
huge pmd is a migration huge pmd. When it happens, instead of using
pmd_uffd_wp(), we should use pmd_swp_uffd_wp(). The fix is simply to
handle them separately.
3. Forget to carry over uffd-wp bit for a write migration huge pmd
entry. This also happens in copy_huge_pmd(), where we converted a
write huge migration entry into a read one.
4. In copy_nonpresent_pte(), drop uffd-wp if necessary for swap ptes.
5. In copy_present_page() when COW is enforced when fork(), we also
need to pass over the uffd-wp bit if VM_UFFD_WP is armed on the new
vma, and when the pte to be copied has uffd-wp bit set.
Remove the comment in copy_present_pte() about this. It won't help a huge
lot to only comment there, but comment everywhere would be an overkill.
Let's assume the commit messages would help.
[peterx@redhat.com: fix a few thp pmd missing uffd-wp bit]
Link: https://lkml.kernel.org/r/20210428225030.9708-4-peterx@redhat.com
Link: https://lkml.kernel.org/r/20210428225030.9708-3-peterx@redhat.com
Fixes: b569a17607 ("userfaultfd: wp: drop _PAGE_UFFD_WP properly when fork")
Signed-off-by: Peter Xu <peterx@redhat.com>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Brian Geffon <bgeffon@google.com>
Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Joe Perches <joe@perches.com>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Lokesh Gidra <lokeshgidra@google.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Mina Almasry <almasrymina@google.com>
Cc: Oliver Upton <oupton@google.com>
Cc: Shaohua Li <shli@fb.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Wang Qing <wangqing@vivo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 8e4af3917b which is
commit 2799e77529c2a25492a4395db93996e3dacd762d upstream.
It should not have been added to the stable trees, sorry about that.
Link: https://lore.kernel.org/r/YPVgaY6uw59Fqg5x@casper.infradead.org
Reported-by: From: Matthew Wilcox <willy@infradead.org>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Ying Huang <ying.huang@intel.com>
Cc: Alex Shi <alexs@kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: Dennis Zhou <dennis@kernel.org>
Cc: Hugh Dickins <hughd@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Wei Yang <richard.weiyang@gmail.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: Yu Zhao <yuzhao@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dezhi Huang
Xiaofeng Yuan
Greg Kroah-Hartman
Lokesh Gidra
Kalesh Singh
David Hildenbrand
Suren Baghdasaryan
Jiajun Xie
Xiaojun Ji
Josef Bacik
Yuanzheng Song
Bing Han
Gowans, James
Muchun Song
Peter Xu
Rik van Riel
Vijayanand Jitta
Qi Zheng
Greg Kroah-Hartman